2018-06-21
ISC
Internet Systems Consortium, Inc.
named.conf
5
BIND9
named.conf
configuration file for named
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
Internet Systems Consortium, Inc. ("ISC")
named.conf
DESCRIPTION
named.conf is the configuration file
for
named. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
ACL
acl string { address_match_element; ... };
CONTROLS
controls {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] allow
{ address_match_element; ... } [
keys { string; ... } ] [ read-only
boolean ];
unix quoted_string perm integer
owner integer group integer [
keys { string; ... } ] [ read-only
boolean ];
};
DLZ
dlz string {
database string;
search boolean;
};
DYNDB
dyndb string quoted_string {
unspecified-text };
KEY
key string {
algorithm string;
secret string;
};
LOGGING
logging {
category string { string; ... };
channel string {
buffered boolean;
file quoted_string [ versions ( "unlimited" | integer )
] [ size size ];
null;
print-category boolean;
print-severity boolean;
print-time boolean;
severity log_severity;
stderr;
syslog [ syslog_facility ];
};
};
LWRES
lwres {
listen-on [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
lwres-clients integer;
lwres-tasks integer;
ndots integer;
search { string; ... };
view string [ class ];
};
MANAGED-KEYS
managed-keys { string string integer
integer integer quoted_string; ... };
MASTERS
masters string [ port integer ] [ dscp
integer ] { ( masters | ipv4_address [
port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
OPTIONS
options {
acache-cleaning-interval integer;
acache-enable boolean;
additional-from-auth boolean;
additional-from-cache boolean;
allow-new-zones boolean;
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-cache { address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
automatic-interface-scan boolean;
avoid-v4-udp-ports { portrange; ... };
avoid-v6-udp-ports { portrange; ... };
bindkeys-file quoted_string;
blackhole { address_match_element; ... };
cache-file quoted_string;
catalog-zones { zone quoted_string [ default-masters [ port
integer ] [ dscp integer ] { ( masters | ipv4_address [
port integer ] | ipv6_address [ port integer ] ) [ key
string ]; ... } ] [ zone-directory quoted_string ] [
in-memory boolean ] [ min-update-interval integer ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
cleaning-interval integer;
clients-per-query integer;
cookie-algorithm ( aes | sha1 | sha256 );
cookie-secret string;
coresize ( default | unlimited | sizeval );
datasize ( default | unlimited | sizeval );
deny-answer-addresses { address_match_element; ... } [
except-from { quoted_string; ... } ];
deny-answer-aliases { quoted_string; ... } [ except-from {
quoted_string; ... } ];
dialup ( notify | notify-passive | passive | refresh | boolean );
directory quoted_string;
disable-algorithms string { string;
... };
disable-ds-digests string { string;
... };
disable-empty-zone string;
dns64 netprefix {
break-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive-only boolean;
suffix ipv6_address;
};
dns64-contact string;
dns64-server string;
dnssec-accept-expired boolean;
dnssec-dnskey-kskonly boolean;
dnssec-enable boolean;
dnssec-loadkeys-interval integer;
dnssec-lookaside ( string trust-anchor
string | auto | no );
dnssec-must-be-secure string boolean;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... };
dnstap-identity ( quoted_string | none |
hostname );
dnstap-output ( file | unix ) quoted_string;
dnstap-version ( quoted_string | none );
dscp integer;
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dump-file quoted_string;
edns-udp-size integer;
empty-contact string;
empty-server string;
empty-zones-enable boolean;
fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
fetches-per-server integer [ ( drop | fail ) ];
fetches-per-zone integer [ ( drop | fail ) ];
files ( default | unlimited | sizeval );
filter-aaaa { address_match_element; ... };
filter-aaaa-on-v4 ( break-dnssec | boolean );
filter-aaaa-on-v6 ( break-dnssec | boolean );
flush-zones-on-shutdown boolean;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
fstrm-set-buffer-hint integer;
fstrm-set-flush-timeout integer;
fstrm-set-input-queue-size integer;
fstrm-set-output-notify-threshold integer;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size integer;
fstrm-set-reopen-interval integer;
geoip-directory ( quoted_string | none );
geoip-use-ecs boolean;
heartbeat-interval integer;
hostname ( quoted_string | none );
inline-signing boolean;
interface-interval integer;
ixfr-from-differences ( master | slave | boolean );
keep-response-order { address_match_element; ... };
key-directory quoted_string;
lame-ttl ttlval;
listen-on [ port integer ] [ dscp
integer ] {
address_match_element; ... };
listen-on-v6 [ port integer ] [ dscp
integer ] {
address_match_element; ... };
lmdb-mapsize sizeval;
lock-file ( quoted_string | none );
managed-keys-directory quoted_string;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses boolean;
max-acache-size ( unlimited | sizeval );
max-cache-size ( default | unlimited | sizeval | percentage );
max-cache-ttl integer;
max-clients-per-query integer;
max-journal-size ( unlimited | sizeval );
max-ncache-ttl integer;
max-records integer;
max-recursion-depth integer;
max-recursion-queries integer;
max-refresh-time integer;
max-retry-time integer;
max-rsa-exponent-size integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-udp-size integer;
max-zone-ttl ( unlimited | ttlval );
memstatistics boolean;
memstatistics-file quoted_string;
message-compression boolean;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
multi-master boolean;
no-case-compress { address_match_element; ... };
nocookie-udp-size integer;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-rate integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
nta-lifetime ttlval;
nta-recheck ttlval;
nxdomain-redirect string;
pid-file ( quoted_string | none );
port integer;
preferred-glue string;
prefetch integer [ integer ];
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
querylog boolean;
random-device quoted_string;
rate-limit {
all-per-second integer;
errors-per-second integer;
exempt-clients { address_match_element; ... };
ipv4-prefix-length integer;
ipv6-prefix-length integer;
log-only boolean;
max-table-size integer;
min-table-size integer;
nodata-per-second integer;
nxdomains-per-second integer;
qps-scale integer;
referrals-per-second integer;
responses-per-second integer;
slip integer;
window integer;
};
recursing-file quoted_string;
recursion boolean;
recursive-clients integer;
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
require-server-cookie boolean;
reserved-sockets integer;
resolver-query-timeout integer;
response-policy { zone quoted_string [ log boolean ] [
max-policy-ttl integer ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
quoted_string ) ] [ recursive-only boolean ]; ... } [
break-dnssec boolean ] [ max-policy-ttl integer ] [
min-ns-dots integer ] [ nsip-wait-recurse boolean ] [
qname-wait-recurse boolean ] [ recursive-only boolean ];
root-delegation-only [ exclude { quoted_string; ... } ];
root-key-sentinel boolean;
rrset-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
secroots-file quoted_string;
send-cookie boolean;
serial-query-rate integer;
serial-update-method ( date | increment | unixtime );
server-id ( quoted_string | none | hostname );
servfail-ttl ttlval;
session-keyalg string;
session-keyfile ( quoted_string | none );
session-keyname string;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
sortlist { address_match_element; ... };
stacksize ( default | unlimited | sizeval );
startup-notify-rate integer;
statistics-file quoted_string;
tcp-clients integer;
tcp-listen-queue integer;
tkey-dhkey quoted_string integer;
tkey-domain quoted_string;
tkey-gssapi-credential quoted_string;
tkey-gssapi-keytab quoted_string;
transfer-format ( many-answers | one-answer );
transfer-message-size integer;
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers-in integer;
transfers-out integer;
transfers-per-ns integer;
trust-anchor-telemetry boolean; // experimental
try-tcp-refresh boolean;
update-check-ksk boolean;
use-alt-transfer-source boolean;
use-v4-udp-ports { portrange; ... };
use-v6-udp-ports { portrange; ... };
v6-bias integer;
version ( quoted_string | none );
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
zone-statistics ( full | terse | none | boolean );
};
SERVER
server netprefix {
bogus boolean;
edns boolean;
edns-udp-size integer;
edns-version integer;
keys server_key;
max-udp-size integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
send-cookie boolean;
tcp-only boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers integer;
};
STATISTICS-CHANNELS
statistics-channels {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] [
allow { address_match_element; ...
} ];
};
TRUSTED-KEYS
trusted-keys { string integer integer
integer quoted_string; ... };
VIEW
view string [ class ] {
acache-cleaning-interval integer;
acache-enable boolean;
additional-from-auth boolean;
additional-from-cache boolean;
allow-new-zones boolean;
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-cache { address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
cache-file quoted_string;
catalog-zones { zone quoted_string [ default-masters [ port
integer ] [ dscp integer ] { ( masters | ipv4_address [
port integer ] | ipv6_address [ port integer ] ) [ key
string ]; ... } ] [ zone-directory quoted_string ] [
in-memory boolean ] [ min-update-interval integer ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
cleaning-interval integer;
clients-per-query integer;
deny-answer-addresses { address_match_element; ... } [
except-from { quoted_string; ... } ];
deny-answer-aliases { quoted_string; ... } [ except-from {
quoted_string; ... } ];
dialup ( notify | notify-passive | passive | refresh | boolean );
disable-algorithms string { string;
... };
disable-ds-digests string { string;
... };
disable-empty-zone string;
dlz string {
database string;
search boolean;
};
dns64 netprefix {
break-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive-only boolean;
suffix ipv6_address;
};
dns64-contact string;
dns64-server string;
dnssec-accept-expired boolean;
dnssec-dnskey-kskonly boolean;
dnssec-enable boolean;
dnssec-loadkeys-interval integer;
dnssec-lookaside ( string trust-anchor
string | auto | no );
dnssec-must-be-secure string boolean;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... };
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dyndb string quoted_string {
unspecified-text };
edns-udp-size integer;
empty-contact string;
empty-server string;
empty-zones-enable boolean;
fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
fetches-per-server integer [ ( drop | fail ) ];
fetches-per-zone integer [ ( drop | fail ) ];
filter-aaaa { address_match_element; ... };
filter-aaaa-on-v4 ( break-dnssec | boolean );
filter-aaaa-on-v6 ( break-dnssec | boolean );
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
inline-signing boolean;
ixfr-from-differences ( master | slave | boolean );
key string {
algorithm string;
secret string;
};
key-directory quoted_string;
lame-ttl ttlval;
lmdb-mapsize sizeval;
managed-keys { string string
integer integer integer
quoted_string; ... };
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-clients { address_match_element; ... };
match-destinations { address_match_element; ... };
match-recursive-only boolean;
max-acache-size ( unlimited | sizeval );
max-cache-size ( default | unlimited | sizeval | percentage );
max-cache-ttl integer;
max-clients-per-query integer;
max-journal-size ( unlimited | sizeval );
max-ncache-ttl integer;
max-records integer;
max-recursion-depth integer;
max-recursion-queries integer;
max-refresh-time integer;
max-retry-time integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-udp-size integer;
max-zone-ttl ( unlimited | ttlval );
message-compression boolean;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
multi-master boolean;
no-case-compress { address_match_element; ... };
nocookie-udp-size integer;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
nta-lifetime ttlval;
nta-recheck ttlval;
nxdomain-redirect string;
preferred-glue string;
prefetch integer [ integer ];
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
rate-limit {
all-per-second integer;
errors-per-second integer;
exempt-clients { address_match_element; ... };
ipv4-prefix-length integer;
ipv6-prefix-length integer;
log-only boolean;
max-table-size integer;
min-table-size integer;
nodata-per-second integer;
nxdomains-per-second integer;
qps-scale integer;
referrals-per-second integer;
responses-per-second integer;
slip integer;
window integer;
};
recursion boolean;
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
require-server-cookie boolean;
resolver-query-timeout integer;
response-policy { zone quoted_string [ log boolean ] [
max-policy-ttl integer ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
quoted_string ) ] [ recursive-only boolean ]; ... } [
break-dnssec boolean ] [ max-policy-ttl integer ] [
min-ns-dots integer ] [ nsip-wait-recurse boolean ] [
qname-wait-recurse boolean ] [ recursive-only boolean ];
root-delegation-only [ exclude { quoted_string; ... } ];
root-key-sentinel boolean;
rrset-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
send-cookie boolean;
serial-update-method ( date | increment | unixtime );
server netprefix {
bogus boolean;
edns boolean;
edns-udp-size integer;
edns-version integer;
keys server_key;
max-udp-size integer;
notify-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port
( integer | * ) ] ) | ( [ [ address ] (
ipv4_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
port ( integer | * ) ] ) | ( [ [ address ] (
ipv6_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
send-cookie boolean;
tcp-only boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
transfers integer;
};
servfail-ttl ttlval;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
sortlist { address_match_element; ... };
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
trust-anchor-telemetry boolean; // experimental
trusted-keys { string integer
integer integer quoted_string;
... };
try-tcp-refresh boolean;
update-check-ksk boolean;
use-alt-transfer-source boolean;
v6-bias integer;
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
zone string [ class ] {
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { (
masters | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ];
... };
alt-transfer-source ( ipv4_address | * ) [ port (
integer | * ) ] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
database string;
delegation-only boolean;
dialup ( notify | notify-passive | passive | refresh |
boolean );
dlz string;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
file quoted_string;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { (
ipv4_address | ipv6_address ) [ port integer ] [
dscp integer ]; ... };
in-view string;
inline-signing boolean;
ixfr-from-differences boolean;
journal quoted_string;
key-directory quoted_string;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port integer ] [ dscp integer ] { ( masters
| ipv4_address [ port integer ] | ipv6_address [
port integer ] ) [ key string ]; ... };
max-ixfr-log-size ( default | unlimited |
max-journal-size ( unlimited | sizeval );
max-records integer;
max-refresh-time integer;
max-retry-time integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
notify-to-soa boolean;
pubkey integer
integer
integer
request-expire boolean;
request-ixfr boolean;
serial-update-method ( date | increment | unixtime );
server-addresses { ( ipv4_address | ipv6_address ) [
port integer ]; ... };
server-names { quoted_string; ... };
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
transfer-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
try-tcp-refresh boolean;
type ( delegation-only | forward | hint | master | redirect
| slave | static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string (
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ string ] rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
};
zone-statistics ( full | terse | none | boolean );
};
ZONE
zone string [ class ] {
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
database string;
delegation-only boolean;
dialup ( notify | notify-passive | passive | refresh | boolean );
dlz string;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
file quoted_string;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
in-view string;
inline-signing boolean;
ixfr-from-differences boolean;
journal quoted_string;
key-directory quoted_string;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
max-journal-size ( unlimited | sizeval );
max-records integer;
max-refresh-time integer;
max-retry-time integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
pubkey integer integer
request-expire boolean;
request-ixfr boolean;
serial-update-method ( date | increment | unixtime );
server-addresses { ( ipv4_address | ipv6_address ) [ port
integer ]; ... };
server-names { quoted_string; ... };
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
try-tcp-refresh boolean;
type ( delegation-only | forward | hint | master | redirect | slave
| static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ string ]
rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
};
FILES
/etc/named.conf
SEE ALSO
ddns-confgen8
,
named8
,
named-checkconf8
,
rndc8
,
rndc-confgen8
,
BIND 9 Administrator Reference Manual.