996 lines
41 KiB
Text
996 lines
41 KiB
Text
.\" Man page generated from reStructuredText.
|
|
.
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.TH "NAMED.CONF" "5" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
named.conf \- configuration file for **named**
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBnamed.conf\fP
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBnamed.conf\fP is the configuration file for \fI\%named\fP\&.
|
|
.sp
|
|
For complete documentation about the configuration statements, please refer to
|
|
the Configuration Reference section in the BIND 9 Administrator Reference
|
|
Manual.
|
|
.sp
|
|
Statements are enclosed in braces and terminated with a semi\-colon.
|
|
Clauses in the statements are also semi\-colon terminated. The usual
|
|
comment styles are supported:
|
|
.sp
|
|
C style: /* */
|
|
.sp
|
|
C++ style: // to end of line
|
|
.sp
|
|
Unix style: # to end of line
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
acl <string> { <address_match_element>; ... }; // may occur multiple times
|
|
|
|
controls {
|
|
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read\-only <boolean> ]; // may occur multiple times
|
|
unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read\-only <boolean> ]; // may occur multiple times
|
|
}; // may occur multiple times
|
|
|
|
dlz <string> {
|
|
database <string>;
|
|
search <boolean>;
|
|
}; // may occur multiple times
|
|
|
|
dnssec\-policy <string> {
|
|
cdnskey <boolean>;
|
|
cds\-digest\-types { <string>; ... };
|
|
dnskey\-ttl <duration>;
|
|
inline\-signing <boolean>;
|
|
keys { ( csk | ksk | zsk ) [ key\-directory | key\-store <string> ] lifetime <duration_or_unlimited> algorithm <string> [ tag\-range <integer> <integer> ] [ <integer> ]; ... };
|
|
max\-zone\-ttl <duration>;
|
|
nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt\-length <integer> ];
|
|
offline\-ksk <boolean>;
|
|
parent\-ds\-ttl <duration>;
|
|
parent\-propagation\-delay <duration>;
|
|
publish\-safety <duration>;
|
|
purge\-keys <duration>;
|
|
retire\-safety <duration>;
|
|
signatures\-jitter <duration>;
|
|
signatures\-refresh <duration>;
|
|
signatures\-validity <duration>;
|
|
signatures\-validity\-dnskey <duration>;
|
|
zone\-propagation\-delay <duration>;
|
|
}; // may occur multiple times
|
|
|
|
dyndb <string> <quoted_string> { <unspecified\-text> }; // may occur multiple times
|
|
|
|
http <string> {
|
|
endpoints { <quoted_string>; ... };
|
|
listener\-clients <integer>;
|
|
streams\-per\-connection <integer>;
|
|
}; // may occur multiple times
|
|
|
|
key <string> {
|
|
algorithm <string>;
|
|
secret <string>;
|
|
}; // may occur multiple times
|
|
|
|
key\-store <string> {
|
|
directory <string>;
|
|
pkcs11\-uri <quoted_string>;
|
|
}; // may occur multiple times
|
|
|
|
logging {
|
|
category <string> { <string>; ... }; // may occur multiple times
|
|
channel <string> {
|
|
buffered <boolean>;
|
|
file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
|
|
null;
|
|
print\-category <boolean>;
|
|
print\-severity <boolean>;
|
|
print\-time ( iso8601 | iso8601\-utc | local | <boolean> );
|
|
severity <log_severity>;
|
|
stderr;
|
|
syslog [ <syslog_facility> ];
|
|
}; // may occur multiple times
|
|
};
|
|
|
|
managed\-keys { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
|
|
|
options {
|
|
allow\-new\-zones <boolean>;
|
|
allow\-notify { <address_match_element>; ... };
|
|
allow\-proxy { <address_match_element>; ... }; // experimental
|
|
allow\-proxy\-on { <address_match_element>; ... }; // experimental
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-cache { <address_match_element>; ... };
|
|
allow\-query\-cache\-on { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
allow\-recursion { <address_match_element>; ... };
|
|
allow\-recursion\-on { <address_match_element>; ... };
|
|
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
|
allow\-update { <address_match_element>; ... };
|
|
allow\-update\-forwarding { <address_match_element>; ... };
|
|
also\-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
answer\-cookie <boolean>;
|
|
attach\-cache <string>;
|
|
auth\-nxdomain <boolean>;
|
|
automatic\-interface\-scan <boolean>;
|
|
avoid\-v4\-udp\-ports { <portrange>; ... }; // deprecated
|
|
avoid\-v6\-udp\-ports { <portrange>; ... }; // deprecated
|
|
bindkeys\-file <quoted_string>; // test only
|
|
blackhole { <address_match_element>; ... };
|
|
catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
|
|
check\-dup\-records ( fail | warn | ignore );
|
|
check\-integrity <boolean>;
|
|
check\-mx ( fail | warn | ignore );
|
|
check\-mx\-cname ( fail | warn | ignore );
|
|
check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
|
|
check\-sibling <boolean>;
|
|
check\-spf ( warn | ignore );
|
|
check\-srv\-cname ( fail | warn | ignore );
|
|
check\-svcb <boolean>;
|
|
check\-wildcard <boolean>;
|
|
clients\-per\-query <integer>;
|
|
cookie\-algorithm ( siphash24 );
|
|
cookie\-secret <string>; // may occur multiple times
|
|
deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
|
|
deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
|
|
dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
|
|
directory <quoted_string>;
|
|
disable\-algorithms <string> { <string>; ... }; // may occur multiple times
|
|
disable\-ds\-digests <string> { <string>; ... }; // may occur multiple times
|
|
disable\-empty\-zone <string>; // may occur multiple times
|
|
dns64 <netprefix> {
|
|
break\-dnssec <boolean>;
|
|
clients { <address_match_element>; ... };
|
|
exclude { <address_match_element>; ... };
|
|
mapped { <address_match_element>; ... };
|
|
recursive\-only <boolean>;
|
|
suffix <ipv6_address>;
|
|
}; // may occur multiple times
|
|
dns64\-contact <string>;
|
|
dns64\-server <string>;
|
|
dnskey\-sig\-validity <integer>; // obsolete
|
|
dnsrps\-enable <boolean>; // not configured
|
|
dnsrps\-library <quoted_string>; // not configured
|
|
dnsrps\-options { <unspecified\-text> }; // not configured
|
|
dnssec\-accept\-expired <boolean>;
|
|
dnssec\-dnskey\-kskonly <boolean>; // obsolete
|
|
dnssec\-loadkeys\-interval <integer>;
|
|
dnssec\-must\-be\-secure <string> <boolean>; // may occur multiple times, deprecated
|
|
dnssec\-policy <string>;
|
|
dnssec\-secure\-to\-insecure <boolean>; // obsolete
|
|
dnssec\-update\-mode ( maintain | no\-resign ); // obsolete
|
|
dnssec\-validation ( yes | no | auto );
|
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
|
|
dnstap\-identity ( <quoted_string> | none | hostname ); // not configured
|
|
dnstap\-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
|
|
dnstap\-version ( <quoted_string> | none ); // not configured
|
|
dual\-stack\-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
|
dump\-file <quoted_string>;
|
|
edns\-udp\-size <integer>;
|
|
empty\-contact <string>;
|
|
empty\-server <string>;
|
|
empty\-zones\-enable <boolean>;
|
|
fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
|
fetches\-per\-server <integer> [ ( drop | fail ) ];
|
|
fetches\-per\-zone <integer> [ ( drop | fail ) ];
|
|
flush\-zones\-on\-shutdown <boolean>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
fstrm\-set\-buffer\-hint <integer>; // not configured
|
|
fstrm\-set\-flush\-timeout <integer>; // not configured
|
|
fstrm\-set\-input\-queue\-size <integer>; // not configured
|
|
fstrm\-set\-output\-notify\-threshold <integer>; // not configured
|
|
fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured
|
|
fstrm\-set\-output\-queue\-size <integer>; // not configured
|
|
fstrm\-set\-reopen\-interval <duration>; // not configured
|
|
geoip\-directory ( <quoted_string> | none );
|
|
heartbeat\-interval <integer>; // deprecated
|
|
hostname ( <quoted_string> | none );
|
|
http\-listener\-clients <integer>;
|
|
http\-port <integer>;
|
|
http\-streams\-per\-connection <integer>;
|
|
https\-port <integer>;
|
|
interface\-interval <duration>;
|
|
ipv4only\-contact <string>;
|
|
ipv4only\-enable <boolean>;
|
|
ipv4only\-server <string>;
|
|
ixfr\-from\-differences ( primary | master | secondary | slave | <boolean> );
|
|
keep\-response\-order { <address_match_element>; ... }; // obsolete
|
|
key\-directory <quoted_string>;
|
|
lame\-ttl <duration>;
|
|
listen\-on [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
|
|
listen\-on\-v6 [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
|
|
lmdb\-mapsize <sizeval>;
|
|
managed\-keys\-directory <quoted_string>;
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
match\-mapped\-addresses <boolean>;
|
|
max\-cache\-size ( default | unlimited | <sizeval> | <percentage> );
|
|
max\-cache\-ttl <duration>;
|
|
max\-clients\-per\-query <integer>;
|
|
max\-ixfr\-ratio ( unlimited | <percentage> );
|
|
max\-journal\-size ( default | unlimited | <sizeval> );
|
|
max\-ncache\-ttl <duration>;
|
|
max\-query\-count <integer>;
|
|
max\-query\-restarts <integer>;
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-recursion\-depth <integer>;
|
|
max\-recursion\-queries <integer>;
|
|
max\-refresh\-time <integer>;
|
|
max\-retry\-time <integer>;
|
|
max\-rsa\-exponent\-size <integer>;
|
|
max\-stale\-ttl <duration>;
|
|
max\-transfer\-idle\-in <integer>;
|
|
max\-transfer\-idle\-out <integer>;
|
|
max\-transfer\-time\-in <integer>;
|
|
max\-transfer\-time\-out <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
max\-udp\-size <integer>;
|
|
max\-validation\-failures\-per\-fetch <integer>; // experimental
|
|
max\-validations\-per\-fetch <integer>; // experimental
|
|
max\-zone\-ttl ( unlimited | <duration> ); // deprecated
|
|
memstatistics <boolean>;
|
|
memstatistics\-file <quoted_string>;
|
|
message\-compression <boolean>;
|
|
min\-cache\-ttl <duration>;
|
|
min\-ncache\-ttl <duration>;
|
|
min\-refresh\-time <integer>;
|
|
min\-retry\-time <integer>;
|
|
min\-transfer\-rate\-in <integer> <integer>;
|
|
minimal\-any <boolean>;
|
|
minimal\-responses ( no\-auth | no\-auth\-recursive | <boolean> );
|
|
multi\-master <boolean>;
|
|
new\-zones\-directory <quoted_string>;
|
|
no\-case\-compress { <address_match_element>; ... };
|
|
nocookie\-udp\-size <integer>;
|
|
notify ( explicit | master\-only | primary\-only | <boolean> );
|
|
notify\-delay <integer>;
|
|
notify\-rate <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
notify\-to\-soa <boolean>;
|
|
nsec3\-test\-zone <boolean>; // test only
|
|
nta\-lifetime <duration>;
|
|
nta\-recheck <duration>;
|
|
nxdomain\-redirect <string>;
|
|
parental\-source ( <ipv4_address> | * );
|
|
parental\-source\-v6 ( <ipv6_address> | * );
|
|
pid\-file ( <quoted_string> | none );
|
|
port <integer>;
|
|
preferred\-glue <string>;
|
|
prefetch <integer> [ <integer> ];
|
|
provide\-ixfr <boolean>;
|
|
qname\-minimization ( strict | relaxed | disabled | off );
|
|
query\-source [ address ] ( <ipv4_address> | * | none );
|
|
query\-source\-v6 [ address ] ( <ipv6_address> | * | none );
|
|
querylog <boolean>;
|
|
rate\-limit {
|
|
all\-per\-second <integer>;
|
|
errors\-per\-second <integer>;
|
|
exempt\-clients { <address_match_element>; ... };
|
|
ipv4\-prefix\-length <integer>;
|
|
ipv6\-prefix\-length <integer>;
|
|
log\-only <boolean>;
|
|
max\-table\-size <integer>;
|
|
min\-table\-size <integer>;
|
|
nodata\-per\-second <integer>;
|
|
nxdomains\-per\-second <integer>;
|
|
qps\-scale <integer>;
|
|
referrals\-per\-second <integer>;
|
|
responses\-per\-second <integer>;
|
|
slip <integer>;
|
|
window <integer>;
|
|
};
|
|
recursing\-file <quoted_string>;
|
|
recursion <boolean>;
|
|
recursive\-clients <integer>;
|
|
request\-expire <boolean>;
|
|
request\-ixfr <boolean>;
|
|
request\-nsid <boolean>;
|
|
require\-server\-cookie <boolean>;
|
|
resolver\-query\-timeout <integer>;
|
|
resolver\-use\-dns64 <boolean>;
|
|
response\-padding { <address_match_element>; ... } block\-size <integer>;
|
|
response\-policy { zone <string> [ add\-soa <boolean> ] [ log <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only <quoted_string> ) ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ ede <string> ]; ... } [ add\-soa <boolean> ] [ break\-dnssec <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ min\-ns\-dots <integer> ] [ nsip\-wait\-recurse <boolean> ] [ nsdname\-wait\-recurse <boolean> ] [ qname\-wait\-recurse <boolean> ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ dnsrps\-enable <boolean> ] [ dnsrps\-options { <unspecified\-text> } ];
|
|
responselog <boolean>;
|
|
reuseport <boolean>;
|
|
root\-key\-sentinel <boolean>;
|
|
rrset\-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
|
|
secroots\-file <quoted_string>;
|
|
send\-cookie <boolean>;
|
|
serial\-query\-rate <integer>;
|
|
serial\-update\-method ( date | increment | unixtime );
|
|
server\-id ( <quoted_string> | none | hostname );
|
|
servfail\-ttl <duration>;
|
|
session\-keyalg <string>;
|
|
session\-keyfile ( <quoted_string> | none );
|
|
session\-keyname <string>;
|
|
sig\-signing\-nodes <integer>;
|
|
sig\-signing\-signatures <integer>;
|
|
sig\-signing\-type <integer>;
|
|
sig\-validity\-interval <integer> [ <integer> ]; // obsolete
|
|
sig0checks\-quota <integer>; // experimental
|
|
sig0checks\-quota\-exempt { <address_match_element>; ... }; // experimental
|
|
sig0key\-checks\-limit <integer>;
|
|
sig0message\-checks\-limit <integer>;
|
|
sortlist { <address_match_element>; ... }; // deprecated
|
|
stale\-answer\-client\-timeout ( disabled | off | <integer> );
|
|
stale\-answer\-enable <boolean>;
|
|
stale\-answer\-ttl <duration>;
|
|
stale\-cache\-enable <boolean>;
|
|
stale\-refresh\-time <duration>;
|
|
startup\-notify\-rate <integer>;
|
|
statistics\-file <quoted_string>;
|
|
synth\-from\-dnssec <boolean>;
|
|
tcp\-advertised\-timeout <integer>;
|
|
tcp\-clients <integer>;
|
|
tcp\-idle\-timeout <integer>;
|
|
tcp\-initial\-timeout <integer>;
|
|
tcp\-keepalive\-timeout <integer>;
|
|
tcp\-listen\-queue <integer>;
|
|
tcp\-receive\-buffer <integer>;
|
|
tcp\-send\-buffer <integer>;
|
|
tkey\-domain <quoted_string>;
|
|
tkey\-gssapi\-credential <quoted_string>;
|
|
tkey\-gssapi\-keytab <quoted_string>;
|
|
tls\-port <integer>;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
transfer\-message\-size <integer>;
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
transfers\-in <integer>;
|
|
transfers\-out <integer>;
|
|
transfers\-per\-ns <integer>;
|
|
trust\-anchor\-telemetry <boolean>;
|
|
try\-tcp\-refresh <boolean>;
|
|
udp\-receive\-buffer <integer>;
|
|
udp\-send\-buffer <integer>;
|
|
update\-check\-ksk <boolean>; // obsolete
|
|
update\-quota <integer>;
|
|
use\-v4\-udp\-ports { <portrange>; ... }; // deprecated
|
|
use\-v6\-udp\-ports { <portrange>; ... }; // deprecated
|
|
v6\-bias <integer>;
|
|
validate\-except { <string>; ... };
|
|
version ( <quoted_string> | none );
|
|
zero\-no\-soa\-ttl <boolean>;
|
|
zero\-no\-soa\-ttl\-cache <boolean>;
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
|
|
|
|
remote\-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
|
|
|
|
server <netprefix> {
|
|
bogus <boolean>;
|
|
edns <boolean>;
|
|
edns\-udp\-size <integer>;
|
|
edns\-version <integer>;
|
|
keys <server_key>;
|
|
max\-udp\-size <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
padding <integer>;
|
|
provide\-ixfr <boolean>;
|
|
query\-source [ address ] ( <ipv4_address> | * );
|
|
query\-source\-v6 [ address ] ( <ipv6_address> | * );
|
|
request\-expire <boolean>;
|
|
request\-ixfr <boolean>;
|
|
request\-nsid <boolean>;
|
|
require\-cookie <boolean>;
|
|
send\-cookie <boolean>;
|
|
tcp\-keepalive <boolean>;
|
|
tcp\-only <boolean>;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
transfers <integer>;
|
|
}; // may occur multiple times
|
|
|
|
statistics\-channels {
|
|
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
|
|
}; // may occur multiple times
|
|
|
|
tls <string> {
|
|
ca\-file <quoted_string>;
|
|
cert\-file <quoted_string>;
|
|
cipher\-suites <string>;
|
|
ciphers <string>;
|
|
dhparam\-file <quoted_string>;
|
|
key\-file <quoted_string>;
|
|
prefer\-server\-ciphers <boolean>;
|
|
protocols { <string>; ... };
|
|
remote\-hostname <quoted_string>;
|
|
session\-tickets <boolean>;
|
|
}; // may occur multiple times
|
|
|
|
trust\-anchors { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
|
|
|
|
trusted\-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
|
|
|
view <string> [ <class> ] {
|
|
allow\-new\-zones <boolean>;
|
|
allow\-notify { <address_match_element>; ... };
|
|
allow\-proxy { <address_match_element>; ... }; // experimental
|
|
allow\-proxy\-on { <address_match_element>; ... }; // experimental
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-cache { <address_match_element>; ... };
|
|
allow\-query\-cache\-on { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
allow\-recursion { <address_match_element>; ... };
|
|
allow\-recursion\-on { <address_match_element>; ... };
|
|
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
|
allow\-update { <address_match_element>; ... };
|
|
allow\-update\-forwarding { <address_match_element>; ... };
|
|
also\-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
attach\-cache <string>;
|
|
auth\-nxdomain <boolean>;
|
|
catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
|
|
check\-dup\-records ( fail | warn | ignore );
|
|
check\-integrity <boolean>;
|
|
check\-mx ( fail | warn | ignore );
|
|
check\-mx\-cname ( fail | warn | ignore );
|
|
check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
|
|
check\-sibling <boolean>;
|
|
check\-spf ( warn | ignore );
|
|
check\-srv\-cname ( fail | warn | ignore );
|
|
check\-svcb <boolean>;
|
|
check\-wildcard <boolean>;
|
|
clients\-per\-query <integer>;
|
|
deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
|
|
deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
|
|
dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
|
|
disable\-algorithms <string> { <string>; ... }; // may occur multiple times
|
|
disable\-ds\-digests <string> { <string>; ... }; // may occur multiple times
|
|
disable\-empty\-zone <string>; // may occur multiple times
|
|
dlz <string> {
|
|
database <string>;
|
|
search <boolean>;
|
|
}; // may occur multiple times
|
|
dns64 <netprefix> {
|
|
break\-dnssec <boolean>;
|
|
clients { <address_match_element>; ... };
|
|
exclude { <address_match_element>; ... };
|
|
mapped { <address_match_element>; ... };
|
|
recursive\-only <boolean>;
|
|
suffix <ipv6_address>;
|
|
}; // may occur multiple times
|
|
dns64\-contact <string>;
|
|
dns64\-server <string>;
|
|
dnskey\-sig\-validity <integer>; // obsolete
|
|
dnsrps\-enable <boolean>; // not configured
|
|
dnsrps\-options { <unspecified\-text> }; // not configured
|
|
dnssec\-accept\-expired <boolean>;
|
|
dnssec\-dnskey\-kskonly <boolean>; // obsolete
|
|
dnssec\-loadkeys\-interval <integer>;
|
|
dnssec\-must\-be\-secure <string> <boolean>; // may occur multiple times, deprecated
|
|
dnssec\-policy <string>;
|
|
dnssec\-secure\-to\-insecure <boolean>; // obsolete
|
|
dnssec\-update\-mode ( maintain | no\-resign ); // obsolete
|
|
dnssec\-validation ( yes | no | auto );
|
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
|
|
dual\-stack\-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
|
dyndb <string> <quoted_string> { <unspecified\-text> }; // may occur multiple times
|
|
edns\-udp\-size <integer>;
|
|
empty\-contact <string>;
|
|
empty\-server <string>;
|
|
empty\-zones\-enable <boolean>;
|
|
fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
|
fetches\-per\-server <integer> [ ( drop | fail ) ];
|
|
fetches\-per\-zone <integer> [ ( drop | fail ) ];
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
ipv4only\-contact <string>;
|
|
ipv4only\-enable <boolean>;
|
|
ipv4only\-server <string>;
|
|
ixfr\-from\-differences ( primary | master | secondary | slave | <boolean> );
|
|
key <string> {
|
|
algorithm <string>;
|
|
secret <string>;
|
|
}; // may occur multiple times
|
|
key\-directory <quoted_string>;
|
|
lame\-ttl <duration>;
|
|
lmdb\-mapsize <sizeval>;
|
|
managed\-keys { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
match\-clients { <address_match_element>; ... };
|
|
match\-destinations { <address_match_element>; ... };
|
|
match\-recursive\-only <boolean>;
|
|
max\-cache\-size ( default | unlimited | <sizeval> | <percentage> );
|
|
max\-cache\-ttl <duration>;
|
|
max\-clients\-per\-query <integer>;
|
|
max\-ixfr\-ratio ( unlimited | <percentage> );
|
|
max\-journal\-size ( default | unlimited | <sizeval> );
|
|
max\-ncache\-ttl <duration>;
|
|
max\-query\-count <integer>;
|
|
max\-query\-restarts <integer>;
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-recursion\-depth <integer>;
|
|
max\-recursion\-queries <integer>;
|
|
max\-refresh\-time <integer>;
|
|
max\-retry\-time <integer>;
|
|
max\-stale\-ttl <duration>;
|
|
max\-transfer\-idle\-in <integer>;
|
|
max\-transfer\-idle\-out <integer>;
|
|
max\-transfer\-time\-in <integer>;
|
|
max\-transfer\-time\-out <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
max\-udp\-size <integer>;
|
|
max\-validation\-failures\-per\-fetch <integer>; // experimental
|
|
max\-validations\-per\-fetch <integer>; // experimental
|
|
max\-zone\-ttl ( unlimited | <duration> ); // deprecated
|
|
message\-compression <boolean>;
|
|
min\-cache\-ttl <duration>;
|
|
min\-ncache\-ttl <duration>;
|
|
min\-refresh\-time <integer>;
|
|
min\-retry\-time <integer>;
|
|
min\-transfer\-rate\-in <integer> <integer>;
|
|
minimal\-any <boolean>;
|
|
minimal\-responses ( no\-auth | no\-auth\-recursive | <boolean> );
|
|
multi\-master <boolean>;
|
|
new\-zones\-directory <quoted_string>;
|
|
no\-case\-compress { <address_match_element>; ... };
|
|
nocookie\-udp\-size <integer>;
|
|
notify ( explicit | master\-only | primary\-only | <boolean> );
|
|
notify\-delay <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
notify\-to\-soa <boolean>;
|
|
nsec3\-test\-zone <boolean>; // test only
|
|
nta\-lifetime <duration>;
|
|
nta\-recheck <duration>;
|
|
nxdomain\-redirect <string>;
|
|
parental\-source ( <ipv4_address> | * );
|
|
parental\-source\-v6 ( <ipv6_address> | * );
|
|
plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
|
|
preferred\-glue <string>;
|
|
prefetch <integer> [ <integer> ];
|
|
provide\-ixfr <boolean>;
|
|
qname\-minimization ( strict | relaxed | disabled | off );
|
|
query\-source [ address ] ( <ipv4_address> | * | none );
|
|
query\-source\-v6 [ address ] ( <ipv6_address> | * | none );
|
|
rate\-limit {
|
|
all\-per\-second <integer>;
|
|
errors\-per\-second <integer>;
|
|
exempt\-clients { <address_match_element>; ... };
|
|
ipv4\-prefix\-length <integer>;
|
|
ipv6\-prefix\-length <integer>;
|
|
log\-only <boolean>;
|
|
max\-table\-size <integer>;
|
|
min\-table\-size <integer>;
|
|
nodata\-per\-second <integer>;
|
|
nxdomains\-per\-second <integer>;
|
|
qps\-scale <integer>;
|
|
referrals\-per\-second <integer>;
|
|
responses\-per\-second <integer>;
|
|
slip <integer>;
|
|
window <integer>;
|
|
};
|
|
recursion <boolean>;
|
|
request\-expire <boolean>;
|
|
request\-ixfr <boolean>;
|
|
request\-nsid <boolean>;
|
|
require\-server\-cookie <boolean>;
|
|
resolver\-query\-timeout <integer>;
|
|
resolver\-use\-dns64 <boolean>;
|
|
response\-padding { <address_match_element>; ... } block\-size <integer>;
|
|
response\-policy { zone <string> [ add\-soa <boolean> ] [ log <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only <quoted_string> ) ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ ede <string> ]; ... } [ add\-soa <boolean> ] [ break\-dnssec <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ min\-ns\-dots <integer> ] [ nsip\-wait\-recurse <boolean> ] [ nsdname\-wait\-recurse <boolean> ] [ qname\-wait\-recurse <boolean> ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ dnsrps\-enable <boolean> ] [ dnsrps\-options { <unspecified\-text> } ];
|
|
root\-key\-sentinel <boolean>;
|
|
rrset\-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
|
|
send\-cookie <boolean>;
|
|
serial\-update\-method ( date | increment | unixtime );
|
|
server <netprefix> {
|
|
bogus <boolean>;
|
|
edns <boolean>;
|
|
edns\-udp\-size <integer>;
|
|
edns\-version <integer>;
|
|
keys <server_key>;
|
|
max\-udp\-size <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
padding <integer>;
|
|
provide\-ixfr <boolean>;
|
|
query\-source [ address ] ( <ipv4_address> | * );
|
|
query\-source\-v6 [ address ] ( <ipv6_address> | * );
|
|
request\-expire <boolean>;
|
|
request\-ixfr <boolean>;
|
|
request\-nsid <boolean>;
|
|
require\-cookie <boolean>;
|
|
send\-cookie <boolean>;
|
|
tcp\-keepalive <boolean>;
|
|
tcp\-only <boolean>;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
transfers <integer>;
|
|
}; // may occur multiple times
|
|
servfail\-ttl <duration>;
|
|
sig\-signing\-nodes <integer>;
|
|
sig\-signing\-signatures <integer>;
|
|
sig\-signing\-type <integer>;
|
|
sig\-validity\-interval <integer> [ <integer> ]; // obsolete
|
|
sig0key\-checks\-limit <integer>;
|
|
sig0message\-checks\-limit <integer>;
|
|
sortlist { <address_match_element>; ... }; // deprecated
|
|
stale\-answer\-client\-timeout ( disabled | off | <integer> );
|
|
stale\-answer\-enable <boolean>;
|
|
stale\-answer\-ttl <duration>;
|
|
stale\-cache\-enable <boolean>;
|
|
stale\-refresh\-time <duration>;
|
|
synth\-from\-dnssec <boolean>;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
trust\-anchor\-telemetry <boolean>;
|
|
trust\-anchors { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
|
|
trusted\-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
|
try\-tcp\-refresh <boolean>;
|
|
update\-check\-ksk <boolean>; // obsolete
|
|
v6\-bias <integer>;
|
|
validate\-except { <string>; ... };
|
|
zero\-no\-soa\-ttl <boolean>;
|
|
zero\-no\-soa\-ttl\-cache <boolean>;
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
}; // may occur multiple times
|
|
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
Any of these zone statements can also be set inside the view statement.
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type primary;
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
|
allow\-update { <address_match_element>; ... };
|
|
also\-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
check\-dup\-records ( fail | warn | ignore );
|
|
check\-integrity <boolean>;
|
|
check\-mx ( fail | warn | ignore );
|
|
check\-mx\-cname ( fail | warn | ignore );
|
|
check\-names ( fail | warn | ignore );
|
|
check\-sibling <boolean>;
|
|
check\-spf ( warn | ignore );
|
|
check\-srv\-cname ( fail | warn | ignore );
|
|
check\-svcb <boolean>;
|
|
check\-wildcard <boolean>;
|
|
checkds ( explicit | <boolean> );
|
|
database <string>;
|
|
dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
|
|
dlz <string>;
|
|
dnskey\-sig\-validity <integer>; // obsolete
|
|
dnssec\-dnskey\-kskonly <boolean>; // obsolete
|
|
dnssec\-loadkeys\-interval <integer>;
|
|
dnssec\-policy <string>;
|
|
dnssec\-secure\-to\-insecure <boolean>; // obsolete
|
|
dnssec\-update\-mode ( maintain | no\-resign ); // obsolete
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
inline\-signing <boolean>;
|
|
ixfr\-from\-differences <boolean>;
|
|
journal <quoted_string>;
|
|
key\-directory <quoted_string>;
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
max\-ixfr\-ratio ( unlimited | <percentage> );
|
|
max\-journal\-size ( default | unlimited | <sizeval> );
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-transfer\-idle\-out <integer>;
|
|
max\-transfer\-time\-out <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
max\-zone\-ttl ( unlimited | <duration> ); // deprecated
|
|
notify ( explicit | master\-only | primary\-only | <boolean> );
|
|
notify\-delay <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
notify\-to\-soa <boolean>;
|
|
nsec3\-test\-zone <boolean>; // test only
|
|
parental\-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
parental\-source ( <ipv4_address> | * );
|
|
parental\-source\-v6 ( <ipv6_address> | * );
|
|
serial\-update\-method ( date | increment | unixtime );
|
|
sig\-signing\-nodes <integer>;
|
|
sig\-signing\-signatures <integer>;
|
|
sig\-signing\-type <integer>;
|
|
sig\-validity\-interval <integer> [ <integer> ]; // obsolete
|
|
update\-check\-ksk <boolean>; // obsolete
|
|
update\-policy ( local | { ( deny | grant ) <string> ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
|
|
zero\-no\-soa\-ttl <boolean>;
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type secondary;
|
|
allow\-notify { <address_match_element>; ... };
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
|
allow\-update\-forwarding { <address_match_element>; ... };
|
|
also\-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
check\-names ( fail | warn | ignore );
|
|
checkds ( explicit | <boolean> );
|
|
database <string>;
|
|
dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
|
|
dlz <string>;
|
|
dnskey\-sig\-validity <integer>; // obsolete
|
|
dnssec\-dnskey\-kskonly <boolean>; // obsolete
|
|
dnssec\-loadkeys\-interval <integer>;
|
|
dnssec\-policy <string>;
|
|
dnssec\-update\-mode ( maintain | no\-resign ); // obsolete
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
inline\-signing <boolean>;
|
|
ixfr\-from\-differences <boolean>;
|
|
journal <quoted_string>;
|
|
key\-directory <quoted_string>;
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
max\-ixfr\-ratio ( unlimited | <percentage> );
|
|
max\-journal\-size ( default | unlimited | <sizeval> );
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-refresh\-time <integer>;
|
|
max\-retry\-time <integer>;
|
|
max\-transfer\-idle\-in <integer>;
|
|
max\-transfer\-idle\-out <integer>;
|
|
max\-transfer\-time\-in <integer>;
|
|
max\-transfer\-time\-out <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
min\-refresh\-time <integer>;
|
|
min\-retry\-time <integer>;
|
|
min\-transfer\-rate\-in <integer> <integer>;
|
|
multi\-master <boolean>;
|
|
notify ( explicit | master\-only | primary\-only | <boolean> );
|
|
notify\-delay <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
notify\-to\-soa <boolean>;
|
|
nsec3\-test\-zone <boolean>; // test only
|
|
parental\-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
parental\-source ( <ipv4_address> | * );
|
|
parental\-source\-v6 ( <ipv6_address> | * );
|
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
request\-expire <boolean>;
|
|
request\-ixfr <boolean>;
|
|
sig\-signing\-nodes <integer>;
|
|
sig\-signing\-signatures <integer>;
|
|
sig\-signing\-type <integer>;
|
|
sig\-validity\-interval <integer> [ <integer> ]; // obsolete
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
try\-tcp\-refresh <boolean>;
|
|
update\-check\-ksk <boolean>; // obsolete
|
|
zero\-no\-soa\-ttl <boolean>;
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type mirror;
|
|
allow\-notify { <address_match_element>; ... };
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
|
allow\-update\-forwarding { <address_match_element>; ... };
|
|
also\-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
check\-names ( fail | warn | ignore );
|
|
database <string>;
|
|
file <quoted_string>;
|
|
ixfr\-from\-differences <boolean>;
|
|
journal <quoted_string>;
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
max\-ixfr\-ratio ( unlimited | <percentage> );
|
|
max\-journal\-size ( default | unlimited | <sizeval> );
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-refresh\-time <integer>;
|
|
max\-retry\-time <integer>;
|
|
max\-transfer\-idle\-in <integer>;
|
|
max\-transfer\-idle\-out <integer>;
|
|
max\-transfer\-time\-in <integer>;
|
|
max\-transfer\-time\-out <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
min\-refresh\-time <integer>;
|
|
min\-retry\-time <integer>;
|
|
min\-transfer\-rate\-in <integer> <integer>;
|
|
multi\-master <boolean>;
|
|
notify ( explicit | master\-only | primary\-only | <boolean> );
|
|
notify\-delay <integer>;
|
|
notify\-source ( <ipv4_address> | * );
|
|
notify\-source\-v6 ( <ipv6_address> | * );
|
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
request\-expire <boolean>;
|
|
request\-ixfr <boolean>;
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
try\-tcp\-refresh <boolean>;
|
|
zero\-no\-soa\-ttl <boolean>;
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type forward;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type hint;
|
|
check\-names ( fail | warn | ignore );
|
|
file <quoted_string>;
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type redirect;
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
dlz <string>;
|
|
file <quoted_string>;
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
max\-zone\-ttl ( unlimited | <duration> ); // deprecated
|
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type static\-stub;
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
server\-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
|
|
server\-names { <string>; ... };
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
type stub;
|
|
allow\-query { <address_match_element>; ... };
|
|
allow\-query\-on { <address_match_element>; ... };
|
|
check\-names ( fail | warn | ignore );
|
|
database <string>;
|
|
dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
|
masterfile\-format ( raw | text );
|
|
masterfile\-style ( full | relative );
|
|
max\-records <integer>;
|
|
max\-records\-per\-type <integer>;
|
|
max\-refresh\-time <integer>;
|
|
max\-retry\-time <integer>;
|
|
max\-transfer\-idle\-in <integer>;
|
|
max\-transfer\-time\-in <integer>;
|
|
max\-types\-per\-name <integer>;
|
|
min\-refresh\-time <integer>;
|
|
min\-retry\-time <integer>;
|
|
min\-transfer\-rate\-in <integer> <integer>;
|
|
multi\-master <boolean>;
|
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source\-v6 ( <ipv6_address> | * ) ] { ( <server\-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
|
transfer\-source ( <ipv4_address> | * );
|
|
transfer\-source\-v6 ( <ipv6_address> | * );
|
|
zone\-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.EX
|
|
zone <string> [ <class> ] {
|
|
in\-view <string>;
|
|
};
|
|
|
|
.EE
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH FILES
|
|
.sp
|
|
\fB@sysconfdir@/named.conf\fP
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fI\%tsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2025, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|