1NAMED.CONF(5) BIND 9 NAMED.CONF(5)
2
6 named.conf - configuration file for **named**
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are sup‐
15 ported:
16 C style: /* */
18 C++ style: // to end of line
19 Unix style: # to end of line
21 ACL
23 acl string { address_match_element; ... };
24 CONTROLS
26 controls {
27 inet ( ipv4_address | ipv6_address |
28 * ) [ port ( integer | * ) ] allow
29 { address_match_element; ... } [
30 keys { string; ... } ] [ read-only
31 boolean ];
32 unix quoted_string perm integer
33 owner integer group integer [
34 keys { string; ... } ] [ read-only
35 boolean ];
36 };
37 DLZ
39 dlz string {
40 database string;
41 search boolean;
42 };
43 DNSSEC-POLICY
45 dnssec-policy string {
46 dnskey-ttl duration;
47 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
48 duration_or_unlimited algorithm string [ integer ]; ... };
49 max-zone-ttl duration;
50 nsec3param [ iterations integer ] [ optout boolean ] [
51 salt-length integer ];
52 parent-ds-ttl duration;
53 parent-propagation-delay duration;
54 publish-safety duration;
55 purge-keys duration;
56 retire-safety duration;
57 signatures-refresh duration;
58 signatures-validity duration;
59 signatures-validity-dnskey duration;
60 zone-propagation-delay duration;
61 };
62 DYNDB
64 dyndb string quoted_string {
65 unspecified-text };
66 KEY
68 key string {
69 algorithm string;
70 secret string;
71 };
72 LOGGING
74 logging {
75 category string { string; ... };
76 channel string {
77 buffered boolean;
78 file quoted_string [ versions ( unlimited | integer ) ]
79 [ size size ] [ suffix ( increment | timestamp ) ];
80 null;
81 print-category boolean;
82 print-severity boolean;
83 print-time ( iso8601 | iso8601-utc | local | boolean );
84 severity log_severity;
85 stderr;
86 syslog [ syslog_facility ];
87 };
88 };
89 MANAGED-KEYS
91 See DNSSEC-KEYS.
92 managed-keys { string ( static-key
94 | initial-key | static-ds |
95 initial-ds ) integer integer
96 integer quoted_string; ... };, deprecated
97 MASTERS
99 masters string [ port integer ] [ dscp
100 integer ] { ( primaries | ipv4_address
101 [ port integer ] | ipv6_address [ port
102 integer ] ) [ key string ]; ... };
103 OPTIONS
105 options {
106 allow-new-zones boolean;
107 allow-notify { address_match_element; ... };
108 allow-query { address_match_element; ... };
109 allow-query-cache { address_match_element; ... };
110 allow-query-cache-on { address_match_element; ... };
111 allow-query-on { address_match_element; ... };
112 allow-recursion { address_match_element; ... };
113 allow-recursion-on { address_match_element; ... };
114 allow-transfer { address_match_element; ... };
115 allow-update { address_match_element; ... };
116 allow-update-forwarding { address_match_element; ... };
117 also-notify [ port integer ] [ dscp integer ] { ( primaries |
118 ipv4_address [ port integer ] | ipv6_address [ port
119 integer ] ) [ key string ]; ... };
120 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
121 ] [ dscp integer ];
122 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
123 * ) ] [ dscp integer ];
124 answer-cookie boolean;
125 attach-cache string;
126 auth-nxdomain boolean; // default changed
127 auto-dnssec ( allow | maintain | off );
128 automatic-interface-scan boolean;
129 avoid-v4-udp-ports { portrange; ... };
130 avoid-v6-udp-ports { portrange; ... };
131 bindkeys-file quoted_string;
132 blackhole { address_match_element; ... };
133 cache-file quoted_string;
134 catalog-zones { zone string [ default-masters [ port integer ]
135 [ dscp integer ] { ( primaries | ipv4_address [ port
136 integer ] | ipv6_address [ port integer ] ) [ key
137 string ]; ... } ] [ zone-directory quoted_string ] [
138 in-memory boolean ] [ min-update-interval duration ]; ... };
139 check-dup-records ( fail | warn | ignore );
140 check-integrity boolean;
141 check-mx ( fail | warn | ignore );
142 check-mx-cname ( fail | warn | ignore );
143 check-names ( primary | master |
144 secondary | slave | response ) (
145 fail | warn | ignore );
146 check-sibling boolean;
147 check-spf ( warn | ignore );
148 check-srv-cname ( fail | warn | ignore );
149 check-wildcard boolean;
150 clients-per-query integer;
151 cookie-algorithm ( aes | siphash24 );
152 cookie-secret string;
153 coresize ( default | unlimited | sizeval );
154 datasize ( default | unlimited | sizeval );
155 deny-answer-addresses { address_match_element; ... } [
156 except-from { string; ... } ];
157 deny-answer-aliases { string; ... } [ except-from { string; ...
158 } ];
159 dialup ( notify | notify-passive | passive | refresh | boolean );
160 directory quoted_string;
161 disable-algorithms string { string;
162 ... };
163 disable-ds-digests string { string;
164 ... };
165 disable-empty-zone string;
166 dns64 netprefix {
167 break-dnssec boolean;
168 clients { address_match_element; ... };
169 exclude { address_match_element; ... };
170 mapped { address_match_element; ... };
171 recursive-only boolean;
172 suffix ipv6_address;
173 };
174 dns64-contact string;
175 dns64-server string;
176 dnskey-sig-validity integer;
177 dnsrps-enable boolean;
178 dnsrps-options { unspecified-text };
179 dnssec-accept-expired boolean;
180 dnssec-dnskey-kskonly boolean;
181 dnssec-loadkeys-interval integer;
182 dnssec-must-be-secure string boolean;
183 dnssec-policy string;
184 dnssec-secure-to-insecure boolean;
185 dnssec-update-mode ( maintain | no-resign );
186 dnssec-validation ( yes | no | auto );
187 dnstap { ( all | auth | client | forwarder |
188 resolver | update ) [ ( query | response ) ];
189 ... };
190 dnstap-identity ( quoted_string | none |
191 hostname );
192 dnstap-output ( file | unix ) quoted_string [
193 size ( unlimited | size ) ] [ versions (
194 unlimited | integer ) ] [ suffix ( increment
195 | timestamp ) ];
196 dnstap-version ( quoted_string | none );
197 dscp integer;
198 dual-stack-servers [ port integer ] { ( quoted_string [ port
199 integer ] [ dscp integer ] | ipv4_address [ port
200 integer ] [ dscp integer ] | ipv6_address [ port
201 integer ] [ dscp integer ] ); ... };
202 dump-file quoted_string;
203 edns-udp-size integer;
204 empty-contact string;
205 empty-server string;
206 empty-zones-enable boolean;
207 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
208 fetches-per-server integer [ ( drop | fail ) ];
209 fetches-per-zone integer [ ( drop | fail ) ];
210 files ( default | unlimited | sizeval );
211 flush-zones-on-shutdown boolean;
212 forward ( first | only );
213 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
214 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
215 fstrm-set-buffer-hint integer;
216 fstrm-set-flush-timeout integer;
217 fstrm-set-input-queue-size integer;
218 fstrm-set-output-notify-threshold integer;
219 fstrm-set-output-queue-model ( mpsc | spsc );
220 fstrm-set-output-queue-size integer;
221 fstrm-set-reopen-interval duration;
222 geoip-directory ( quoted_string | none );
223 glue-cache boolean;
224 heartbeat-interval integer;
225 hostname ( quoted_string | none );
226 inline-signing boolean;
227 interface-interval duration;
228 ixfr-from-differences ( primary | master | secondary | slave |
229 boolean );
230 keep-response-order { address_match_element; ... };
231 key-directory quoted_string;
232 lame-ttl duration;
233 listen-on [ port integer ] [ dscp
234 integer ] {
235 address_match_element; ... };
236 listen-on-v6 [ port integer ] [ dscp
237 integer ] {
238 address_match_element; ... };
239 lmdb-mapsize sizeval;
240 lock-file ( quoted_string | none );
241 managed-keys-directory quoted_string;
242 masterfile-format ( map | raw | text );
243 masterfile-style ( full | relative );
244 match-mapped-addresses boolean;
245 max-cache-size ( default | unlimited | sizeval | percentage );
246 max-cache-ttl duration;
247 max-clients-per-query integer;
248 max-journal-size ( default | unlimited | sizeval );
249 max-ncache-ttl duration;
250 max-records integer;
251 max-recursion-depth integer;
252 max-recursion-queries integer;
253 max-refresh-time integer;
254 max-retry-time integer;
255 max-rsa-exponent-size integer;
256 max-stale-ttl duration;
257 max-transfer-idle-in integer;
258 max-transfer-idle-out integer;
259 max-transfer-time-in integer;
260 max-transfer-time-out integer;
261 max-udp-size integer;
262 max-zone-ttl ( unlimited | duration );
263 memstatistics boolean;
264 memstatistics-file quoted_string;
265 message-compression boolean;
266 min-cache-ttl duration;
267 min-ncache-ttl duration;
268 min-refresh-time integer;
269 min-retry-time integer;
270 minimal-any boolean;
271 minimal-responses ( no-auth | no-auth-recursive | boolean );
272 multi-master boolean;
273 new-zones-directory quoted_string;
274 no-case-compress { address_match_element; ... };
275 nocookie-udp-size integer;
276 notify ( explicit | master-only | primary-only | boolean );
277 notify-delay integer;
278 notify-rate integer;
279 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
280 dscp integer ];
281 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
282 [ dscp integer ];
283 notify-to-soa boolean;
284 nta-lifetime duration;
285 nta-recheck duration;
286 nxdomain-redirect string;
287 pid-file ( quoted_string | none );
288 port integer;
289 preferred-glue string;
290 prefetch integer [ integer ];
291 provide-ixfr boolean;
292 qname-minimization ( strict | relaxed | disabled | off );
293 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
294 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
295 port ( integer | * ) ) ) [ dscp integer ];
296 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
297 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
298 port ( integer | * ) ) ) [ dscp integer ];
299 querylog boolean;
300 random-device ( quoted_string | none );
301 rate-limit {
302 all-per-second integer;
303 errors-per-second integer;
304 exempt-clients { address_match_element; ... };
305 ipv4-prefix-length integer;
306 ipv6-prefix-length integer;
307 log-only boolean;
308 max-table-size integer;
309 min-table-size integer;
310 nodata-per-second integer;
311 nxdomains-per-second integer;
312 qps-scale integer;
313 referrals-per-second integer;
314 responses-per-second integer;
315 slip integer;
316 window integer;
317 };
318 recursing-file quoted_string;
319 recursion boolean;
320 recursive-clients integer;
321 request-expire boolean;
322 request-ixfr boolean;
323 request-nsid boolean;
324 require-server-cookie boolean;
325 reserved-sockets integer;
326 resolver-nonbackoff-tries integer;
327 resolver-query-timeout integer;
328 resolver-retry-interval integer;
329 response-padding { address_match_element; ... } block-size
330 integer;
331 response-policy { zone string [ add-soa boolean ] [ log
332 boolean ] [ max-policy-ttl duration ] [ min-update-interval
333 duration ] [ policy ( cname | disabled | drop | given | no-op
334 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
335 recursive-only boolean ] [ nsip-enable boolean ] [
336 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
337 break-dnssec boolean ] [ max-policy-ttl duration ] [
338 min-update-interval duration ] [ min-ns-dots integer ] [
339 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
340 [ recursive-only boolean ] [ nsip-enable boolean ] [
341 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
342 dnsrps-options { unspecified-text } ];
343 root-delegation-only [ exclude { string; ... } ];
344 root-key-sentinel boolean;
345 rrset-order { [ class string ] [ type string ] [ name
346 quoted_string ] string string; ... };
347 secroots-file quoted_string;
348 send-cookie boolean;
349 serial-query-rate integer;
350 serial-update-method ( date | increment | unixtime );
351 server-id ( quoted_string | none | hostname );
352 servfail-ttl duration;
353 session-keyalg string;
354 session-keyfile ( quoted_string | none );
355 session-keyname string;
356 sig-signing-nodes integer;
357 sig-signing-signatures integer;
358 sig-signing-type integer;
359 sig-validity-interval integer [ integer ];
360 sortlist { address_match_element; ... };
361 stacksize ( default | unlimited | sizeval );
362 stale-answer-client-timeout ( disabled | off | integer );
363 stale-answer-enable boolean;
364 stale-answer-ttl duration;
365 stale-cache-enable boolean;
366 stale-refresh-time duration;
367 startup-notify-rate integer;
368 statistics-file quoted_string;
369 synth-from-dnssec boolean;
370 tcp-advertised-timeout integer;
371 tcp-clients integer;
372 tcp-idle-timeout integer;
373 tcp-initial-timeout integer;
374 tcp-keepalive-timeout integer;
375 tcp-listen-queue integer;
376 tkey-dhkey quoted_string integer;
377 tkey-domain quoted_string;
378 tkey-gssapi-credential quoted_string;
379 tkey-gssapi-keytab quoted_string;
380 transfer-format ( many-answers | one-answer );
381 transfer-message-size integer;
382 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
383 dscp integer ];
384 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
385 ] [ dscp integer ];
386 transfers-in integer;
387 transfers-out integer;
388 transfers-per-ns integer;
389 trust-anchor-telemetry boolean; // experimental
390 try-tcp-refresh boolean;
391 update-check-ksk boolean;
392 use-alt-transfer-source boolean;
393 use-v4-udp-ports { portrange; ... };
394 use-v6-udp-ports { portrange; ... };
395 v6-bias integer;
396 validate-except { string; ... };
397 version ( quoted_string | none );
398 zero-no-soa-ttl boolean;
399 zero-no-soa-ttl-cache boolean;
400 zone-statistics ( full | terse | none | boolean );
401 };
402 PLUGIN
404 plugin ( query ) string [ { unspecified-text
405 } ];
406 PRIMARIES
408 primaries string [ port integer ] [ dscp
409 integer ] { ( primaries | ipv4_address
410 [ port integer ] | ipv6_address [ port
411 integer ] ) [ key string ]; ... };
412 SERVER
414 server netprefix {
415 bogus boolean;
416 edns boolean;
417 edns-udp-size integer;
418 edns-version integer;
419 keys server_key;
420 max-udp-size integer;
421 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
422 dscp integer ];
423 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
424 [ dscp integer ];
425 padding integer;
426 provide-ixfr boolean;
427 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
428 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
429 port ( integer | * ) ) ) [ dscp integer ];
430 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
431 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
432 port ( integer | * ) ) ) [ dscp integer ];
433 request-expire boolean;
434 request-ixfr boolean;
435 request-nsid boolean;
436 send-cookie boolean;
437 tcp-keepalive boolean;
438 tcp-only boolean;
439 transfer-format ( many-answers | one-answer );
440 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
441 dscp integer ];
442 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
443 ] [ dscp integer ];
444 transfers integer;
445 };
446 STATISTICS-CHANNELS
448 statistics-channels {
449 inet ( ipv4_address | ipv6_address |
450 * ) [ port ( integer | * ) ] [
451 allow { address_match_element; ...
452 } ];
453 };
454 TRUST-ANCHORS
456 trust-anchors { string ( static-key |
457 initial-key | static-ds | initial-ds )
458 integer integer integer
459 quoted_string; ... };
460 TRUSTED-KEYS
462 Deprecated - see DNSSEC-KEYS.
463 trusted-keys { string integer
465 integer integer
466 quoted_string; ... };, deprecated
467 VIEW
469 view string [ class ] {
470 allow-new-zones boolean;
471 allow-notify { address_match_element; ... };
472 allow-query { address_match_element; ... };
473 allow-query-cache { address_match_element; ... };
474 allow-query-cache-on { address_match_element; ... };
475 allow-query-on { address_match_element; ... };
476 allow-recursion { address_match_element; ... };
477 allow-recursion-on { address_match_element; ... };
478 allow-transfer { address_match_element; ... };
479 allow-update { address_match_element; ... };
480 allow-update-forwarding { address_match_element; ... };
481 also-notify [ port integer ] [ dscp integer ] { ( primaries |
482 ipv4_address [ port integer ] | ipv6_address [ port
483 integer ] ) [ key string ]; ... };
484 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
485 ] [ dscp integer ];
486 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
487 * ) ] [ dscp integer ];
488 attach-cache string;
489 auth-nxdomain boolean; // default changed
490 auto-dnssec ( allow | maintain | off );
491 cache-file quoted_string;
492 catalog-zones { zone string [ default-masters [ port integer ]
493 [ dscp integer ] { ( primaries | ipv4_address [ port
494 integer ] | ipv6_address [ port integer ] ) [ key
495 string ]; ... } ] [ zone-directory quoted_string ] [
496 in-memory boolean ] [ min-update-interval duration ]; ... };
497 check-dup-records ( fail | warn | ignore );
498 check-integrity boolean;
499 check-mx ( fail | warn | ignore );
500 check-mx-cname ( fail | warn | ignore );
501 check-names ( primary | master |
502 secondary | slave | response ) (
503 fail | warn | ignore );
504 check-sibling boolean;
505 check-spf ( warn | ignore );
506 check-srv-cname ( fail | warn | ignore );
507 check-wildcard boolean;
508 clients-per-query integer;
509 deny-answer-addresses { address_match_element; ... } [
510 except-from { string; ... } ];
511 deny-answer-aliases { string; ... } [ except-from { string; ...
512 } ];
513 dialup ( notify | notify-passive | passive | refresh | boolean );
514 disable-algorithms string { string;
515 ... };
516 disable-ds-digests string { string;
517 ... };
518 disable-empty-zone string;
519 dlz string {
520 database string;
521 search boolean;
522 };
523 dns64 netprefix {
524 break-dnssec boolean;
525 clients { address_match_element; ... };
526 exclude { address_match_element; ... };
527 mapped { address_match_element; ... };
528 recursive-only boolean;
529 suffix ipv6_address;
530 };
531 dns64-contact string;
532 dns64-server string;
533 dnskey-sig-validity integer;
534 dnsrps-enable boolean;
535 dnsrps-options { unspecified-text };
536 dnssec-accept-expired boolean;
537 dnssec-dnskey-kskonly boolean;
538 dnssec-loadkeys-interval integer;
539 dnssec-must-be-secure string boolean;
540 dnssec-policy string;
541 dnssec-secure-to-insecure boolean;
542 dnssec-update-mode ( maintain | no-resign );
543 dnssec-validation ( yes | no | auto );
544 dnstap { ( all | auth | client | forwarder |
545 resolver | update ) [ ( query | response ) ];
546 ... };
547 dual-stack-servers [ port integer ] { ( quoted_string [ port
548 integer ] [ dscp integer ] | ipv4_address [ port
549 integer ] [ dscp integer ] | ipv6_address [ port
550 integer ] [ dscp integer ] ); ... };
551 dyndb string quoted_string {
552 unspecified-text };
553 edns-udp-size integer;
554 empty-contact string;
555 empty-server string;
556 empty-zones-enable boolean;
557 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
558 fetches-per-server integer [ ( drop | fail ) ];
559 fetches-per-zone integer [ ( drop | fail ) ];
560 forward ( first | only );
561 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
562 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
563 glue-cache boolean;
564 inline-signing boolean;
565 ixfr-from-differences ( primary | master | secondary | slave |
566 boolean );
567 key string {
568 algorithm string;
569 secret string;
570 };
571 key-directory quoted_string;
572 lame-ttl duration;
573 lmdb-mapsize sizeval;
574 managed-keys { string (
575 static-key | initial-key
576 | static-ds | initial-ds
577 ) integer integer
578 integer
579 quoted_string; ... };, deprecated
580 masterfile-format ( map | raw | text );
581 masterfile-style ( full | relative );
582 match-clients { address_match_element; ... };
583 match-destinations { address_match_element; ... };
584 match-recursive-only boolean;
585 max-cache-size ( default | unlimited | sizeval | percentage );
586 max-cache-ttl duration;
587 max-clients-per-query integer;
588 max-journal-size ( default | unlimited | sizeval );
589 max-ncache-ttl duration;
590 max-records integer;
591 max-recursion-depth integer;
592 max-recursion-queries integer;
593 max-refresh-time integer;
594 max-retry-time integer;
595 max-stale-ttl duration;
596 max-transfer-idle-in integer;
597 max-transfer-idle-out integer;
598 max-transfer-time-in integer;
599 max-transfer-time-out integer;
600 max-udp-size integer;
601 max-zone-ttl ( unlimited | duration );
602 message-compression boolean;
603 min-cache-ttl duration;
604 min-ncache-ttl duration;
605 min-refresh-time integer;
606 min-retry-time integer;
607 minimal-any boolean;
608 minimal-responses ( no-auth | no-auth-recursive | boolean );
609 multi-master boolean;
610 new-zones-directory quoted_string;
611 no-case-compress { address_match_element; ... };
612 nocookie-udp-size integer;
613 notify ( explicit | master-only | primary-only | boolean );
614 notify-delay integer;
615 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
616 dscp integer ];
617 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
618 [ dscp integer ];
619 notify-to-soa boolean;
620 nta-lifetime duration;
621 nta-recheck duration;
622 nxdomain-redirect string;
623 plugin ( query ) string [ {
624 unspecified-text } ];
625 preferred-glue string;
626 prefetch integer [ integer ];
627 provide-ixfr boolean;
628 qname-minimization ( strict | relaxed | disabled | off );
629 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
630 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
631 port ( integer | * ) ) ) [ dscp integer ];
632 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
633 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
634 port ( integer | * ) ) ) [ dscp integer ];
635 rate-limit {
636 all-per-second integer;
637 errors-per-second integer;
638 exempt-clients { address_match_element; ... };
639 ipv4-prefix-length integer;
640 ipv6-prefix-length integer;
641 log-only boolean;
642 max-table-size integer;
643 min-table-size integer;
644 nodata-per-second integer;
645 nxdomains-per-second integer;
646 qps-scale integer;
647 referrals-per-second integer;
648 responses-per-second integer;
649 slip integer;
650 window integer;
651 };
652 recursion boolean;
653 request-expire boolean;
654 request-ixfr boolean;
655 request-nsid boolean;
656 require-server-cookie boolean;
657 resolver-nonbackoff-tries integer;
658 resolver-query-timeout integer;
659 resolver-retry-interval integer;
660 response-padding { address_match_element; ... } block-size
661 integer;
662 response-policy { zone string [ add-soa boolean ] [ log
663 boolean ] [ max-policy-ttl duration ] [ min-update-interval
664 duration ] [ policy ( cname | disabled | drop | given | no-op
665 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
666 recursive-only boolean ] [ nsip-enable boolean ] [
667 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
668 break-dnssec boolean ] [ max-policy-ttl duration ] [
669 min-update-interval duration ] [ min-ns-dots integer ] [
670 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
671 [ recursive-only boolean ] [ nsip-enable boolean ] [
672 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
673 dnsrps-options { unspecified-text } ];
674 root-delegation-only [ exclude { string; ... } ];
675 root-key-sentinel boolean;
676 rrset-order { [ class string ] [ type string ] [ name
677 quoted_string ] string string; ... };
678 send-cookie boolean;
679 serial-update-method ( date | increment | unixtime );
680 server netprefix {
681 bogus boolean;
682 edns boolean;
683 edns-udp-size integer;
684 edns-version integer;
685 keys server_key;
686 max-udp-size integer;
687 notify-source ( ipv4_address | * ) [ port ( integer | *
688 ) ] [ dscp integer ];
689 notify-source-v6 ( ipv6_address | * ) [ port ( integer
690 | * ) ] [ dscp integer ];
691 padding integer;
692 provide-ixfr boolean;
693 query-source ( ( [ address ] ( ipv4_address | * ) [ port
694 ( integer | * ) ] ) | ( [ [ address ] (
695 ipv4_address | * ) ] port ( integer | * ) ) ) [
696 dscp integer ];
697 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
698 port ( integer | * ) ] ) | ( [ [ address ] (
699 ipv6_address | * ) ] port ( integer | * ) ) ) [
700 dscp integer ];
701 request-expire boolean;
702 request-ixfr boolean;
703 request-nsid boolean;
704 send-cookie boolean;
705 tcp-keepalive boolean;
706 tcp-only boolean;
707 transfer-format ( many-answers | one-answer );
708 transfer-source ( ipv4_address | * ) [ port ( integer |
709 * ) ] [ dscp integer ];
710 transfer-source-v6 ( ipv6_address | * ) [ port (
711 integer | * ) ] [ dscp integer ];
712 transfers integer;
713 };
714 servfail-ttl duration;
715 sig-signing-nodes integer;
716 sig-signing-signatures integer;
717 sig-signing-type integer;
718 sig-validity-interval integer [ integer ];
719 sortlist { address_match_element; ... };
720 stale-answer-client-timeout ( disabled | off | integer );
721 stale-answer-enable boolean;
722 stale-answer-ttl duration;
723 stale-cache-enable boolean;
724 stale-refresh-time duration;
725 synth-from-dnssec boolean;
726 transfer-format ( many-answers | one-answer );
727 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
728 dscp integer ];
729 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
730 ] [ dscp integer ];
731 trust-anchor-telemetry boolean; // experimental
732 trust-anchors { string ( static-key |
733 initial-key | static-ds | initial-ds
734 ) integer integer integer
735 quoted_string; ... };
736 trusted-keys { string
737 integer integer
738 integer
739 quoted_string; ... };, deprecated
740 try-tcp-refresh boolean;
741 update-check-ksk boolean;
742 use-alt-transfer-source boolean;
743 v6-bias integer;
744 validate-except { string; ... };
745 zero-no-soa-ttl boolean;
746 zero-no-soa-ttl-cache boolean;
747 zone string [ class ] {
748 allow-notify { address_match_element; ... };
749 allow-query { address_match_element; ... };
750 allow-query-on { address_match_element; ... };
751 allow-transfer { address_match_element; ... };
752 allow-update { address_match_element; ... };
753 allow-update-forwarding { address_match_element; ... };
754 also-notify [ port integer ] [ dscp integer ] { (
755 primaries | ipv4_address [ port integer ] |
756 ipv6_address [ port integer ] ) [ key string ];
757 ... };
758 alt-transfer-source ( ipv4_address | * ) [ port (
759 integer | * ) ] [ dscp integer ];
760 alt-transfer-source-v6 ( ipv6_address | * ) [ port (
761 integer | * ) ] [ dscp integer ];
762 auto-dnssec ( allow | maintain | off );
763 check-dup-records ( fail | warn | ignore );
764 check-integrity boolean;
765 check-mx ( fail | warn | ignore );
766 check-mx-cname ( fail | warn | ignore );
767 check-names ( fail | warn | ignore );
768 check-sibling boolean;
769 check-spf ( warn | ignore );
770 check-srv-cname ( fail | warn | ignore );
771 check-wildcard boolean;
772 database string;
773 delegation-only boolean;
774 dialup ( notify | notify-passive | passive | refresh |
775 boolean );
776 dlz string;
777 dnskey-sig-validity integer;
778 dnssec-dnskey-kskonly boolean;
779 dnssec-loadkeys-interval integer;
780 dnssec-policy string;
781 dnssec-secure-to-insecure boolean;
782 dnssec-update-mode ( maintain | no-resign );
783 file quoted_string;
784 forward ( first | only );
785 forwarders [ port integer ] [ dscp integer ] { (
786 ipv4_address | ipv6_address ) [ port integer ] [
787 dscp integer ]; ... };
788 in-view string;
789 inline-signing boolean;
790 ixfr-from-differences boolean;
791 journal quoted_string;
792 key-directory quoted_string;
793 masterfile-format ( map | raw | text );
794 masterfile-style ( full | relative );
795 masters [ port integer ] [ dscp integer ] { ( primaries
796 | ipv4_address [ port integer ] | ipv6_address [
797 port integer ] ) [ key string ]; ... };
798 max-journal-size ( default | unlimited | sizeval );
799 max-records integer;
800 max-refresh-time integer;
801 max-retry-time integer;
802 max-transfer-idle-in integer;
803 max-transfer-idle-out integer;
804 max-transfer-time-in integer;
805 max-transfer-time-out integer;
806 max-zone-ttl ( unlimited | duration );
807 min-refresh-time integer;
808 min-retry-time integer;
809 multi-master boolean;
810 notify ( explicit | master-only | primary-only | boolean );
811 notify-delay integer;
812 notify-source ( ipv4_address | * ) [ port ( integer | *
813 ) ] [ dscp integer ];
814 notify-source-v6 ( ipv6_address | * ) [ port ( integer
815 | * ) ] [ dscp integer ];
816 notify-to-soa boolean;
817 primaries [ port integer ] [ dscp integer ] { (
818 primaries | ipv4_address [ port integer ] |
819 ipv6_address [ port integer ] ) [ key string ];
820 ... };
821 request-expire boolean;
822 request-ixfr boolean;
823 serial-update-method ( date | increment | unixtime );
824 server-addresses { ( ipv4_address | ipv6_address ); ... };
825 server-names { string; ... };
826 sig-signing-nodes integer;
827 sig-signing-signatures integer;
828 sig-signing-type integer;
829 sig-validity-interval integer [ integer ];
830 transfer-source ( ipv4_address | * ) [ port ( integer |
831 * ) ] [ dscp integer ];
832 transfer-source-v6 ( ipv6_address | * ) [ port (
833 integer | * ) ] [ dscp integer ];
834 try-tcp-refresh boolean;
835 type ( primary | master | secondary | slave | mirror |
836 delegation-only | forward | hint | redirect |
837 static-stub | stub );
838 update-check-ksk boolean;
839 update-policy ( local | { ( deny | grant ) string (
840 6to4-self | external | krb5-self | krb5-selfsub |
841 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
842 name | self | selfsub | selfwild | subdomain | tcp-self
843 | wildcard | zonesub ) [ string ] rrtypelist; ... };
844 use-alt-transfer-source boolean;
845 zero-no-soa-ttl boolean;
846 zone-statistics ( full | terse | none | boolean );
847 };
848 zone-statistics ( full | terse | none | boolean );
849 };
850 ZONE
852 zone string [ class ] {
853 allow-notify { address_match_element; ... };
854 allow-query { address_match_element; ... };
855 allow-query-on { address_match_element; ... };
856 allow-transfer { address_match_element; ... };
857 allow-update { address_match_element; ... };
858 allow-update-forwarding { address_match_element; ... };
859 also-notify [ port integer ] [ dscp integer ] { ( primaries |
860 ipv4_address [ port integer ] | ipv6_address [ port
861 integer ] ) [ key string ]; ... };
862 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
863 ] [ dscp integer ];
864 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
865 * ) ] [ dscp integer ];
866 auto-dnssec ( allow | maintain | off );
867 check-dup-records ( fail | warn | ignore );
868 check-integrity boolean;
869 check-mx ( fail | warn | ignore );
870 check-mx-cname ( fail | warn | ignore );
871 check-names ( fail | warn | ignore );
872 check-sibling boolean;
873 check-spf ( warn | ignore );
874 check-srv-cname ( fail | warn | ignore );
875 check-wildcard boolean;
876 database string;
877 delegation-only boolean;
878 dialup ( notify | notify-passive | passive | refresh | boolean );
879 dlz string;
880 dnskey-sig-validity integer;
881 dnssec-dnskey-kskonly boolean;
882 dnssec-loadkeys-interval integer;
883 dnssec-policy string;
884 dnssec-secure-to-insecure boolean;
885 dnssec-update-mode ( maintain | no-resign );
886 file quoted_string;
887 forward ( first | only );
888 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
889 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
890 in-view string;
891 inline-signing boolean;
892 ixfr-from-differences boolean;
893 journal quoted_string;
894 key-directory quoted_string;
895 masterfile-format ( map | raw | text );
896 masterfile-style ( full | relative );
897 masters [ port integer ] [ dscp integer ] { ( primaries |
898 ipv4_address [ port integer ] | ipv6_address [ port
899 integer ] ) [ key string ]; ... };
900 max-journal-size ( default | unlimited | sizeval );
901 max-records integer;
902 max-refresh-time integer;
903 max-retry-time integer;
904 max-transfer-idle-in integer;
905 max-transfer-idle-out integer;
906 max-transfer-time-in integer;
907 max-transfer-time-out integer;
908 max-zone-ttl ( unlimited | duration );
909 min-refresh-time integer;
910 min-retry-time integer;
911 multi-master boolean;
912 notify ( explicit | master-only | primary-only | boolean );
913 notify-delay integer;
914 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
915 dscp integer ];
916 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
917 [ dscp integer ];
918 notify-to-soa boolean;
919 primaries [ port integer ] [ dscp integer ] { ( primaries |
920 ipv4_address [ port integer ] | ipv6_address [ port
921 integer ] ) [ key string ]; ... };
922 request-expire boolean;
923 request-ixfr boolean;
924 serial-update-method ( date | increment | unixtime );
925 server-addresses { ( ipv4_address | ipv6_address ); ... };
926 server-names { string; ... };
927 sig-signing-nodes integer;
928 sig-signing-signatures integer;
929 sig-signing-type integer;
930 sig-validity-interval integer [ integer ];
931 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
932 dscp integer ];
933 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
934 ] [ dscp integer ];
935 try-tcp-refresh boolean;
936 type ( primary | master | secondary | slave | mirror |
937 delegation-only | forward | hint | redirect | static-stub |
938 stub );
939 update-check-ksk boolean;
940 update-policy ( local | { ( deny | grant ) string ( 6to4-self |
941 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
942 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
943 | subdomain | tcp-self | wildcard | zonesub ) [ string ]
944 rrtypelist; ... };
945 use-alt-transfer-source boolean;
946 zero-no-soa-ttl boolean;
947 zone-statistics ( full | terse | none | boolean );
948 };
949
951 /etc/named.conf
952
954 ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-conf‐
955 gen(8), BIND 9 Administrator Reference Manual.
956
958 Internet Systems Consortium
959
961 2021, Internet Systems Consortium
9629.16.16-RH NAMED.CONF(5)