blob: 113b990b21ba1315baa021a9a9378d87b43c56ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
|
<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<!-- Generated by doc/misc/docbook-options.pl -->
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
<date>2018-06-21</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
<corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
<refentrytitle><filename>named.conf</filename></refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
<refnamediv>
<refname><filename>named.conf</filename></refname>
<refpurpose>configuration file for <command>named</command></refpurpose>
</refnamediv>
<docinfo>
<copyright>
<year>2004</year>
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<year>2013</year>
<year>2014</year>
<year>2015</year>
<year>2016</year>
<year>2017</year>
<year>2018</year>
<year>2019</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
<cmdsynopsis sepchar=" ">
<command>named.conf</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><filename>named.conf</filename> is the configuration file
for
<command>named</command>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
</para>
<para>
C style: /* */
</para>
<para>
C++ style: // to end of line
</para>
<para>
Unix style: # to end of line
</para>
</refsection>
<refsection><info><title>ACL</title></info>
<literallayout class="normal">
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
</literallayout>
</refsection>
<refsection><info><title>CONTROLS</title></info>
<literallayout class="normal">
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
* ) [ port ( <replaceable>integer</replaceable> | * ) ] allow
{ <replaceable>address_match_element</replaceable>; ... } [
keys { <replaceable>string</replaceable>; ... } ] [ read-only
<replaceable>boolean</replaceable> ];
unix <replaceable>quoted_string</replaceable> perm <replaceable>integer</replaceable>
owner <replaceable>integer</replaceable> group <replaceable>integer</replaceable> [
keys { <replaceable>string</replaceable>; ... } ] [ read-only
<replaceable>boolean</replaceable> ];
};
</literallayout>
</refsection>
<refsection><info><title>DLZ</title></info>
<literallayout class="normal">
dlz <replaceable>string</replaceable> {
database <replaceable>string</replaceable>;
search <replaceable>boolean</replaceable>;
};
</literallayout>
</refsection>
<refsection><info><title>DYNDB</title></info>
<literallayout class="normal">
dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
<replaceable>unspecified-text</replaceable> };
</literallayout>
</refsection>
<refsection><info><title>KEY</title></info>
<literallayout class="normal">
key <replaceable>string</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
</literallayout>
</refsection>
<refsection><info><title>LOGGING</title></info>
<literallayout class="normal">
logging {
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
channel <replaceable>string</replaceable> {
buffered <replaceable>boolean</replaceable>;
file <replaceable>quoted_string</replaceable> [ versions ( "unlimited" | <replaceable>integer</replaceable> )
] [ size <replaceable>size</replaceable> ];
null;
print-category <replaceable>boolean</replaceable>;
print-severity <replaceable>boolean</replaceable>;
print-time <replaceable>boolean</replaceable>;
severity <replaceable>log_severity</replaceable>;
stderr;
syslog [ <replaceable>syslog_facility</replaceable> ];
};
};
</literallayout>
</refsection>
<refsection><info><title>LWRES</title></info>
<literallayout class="normal">
lwres {
listen-on [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
lwres-clients <replaceable>integer</replaceable>;
lwres-tasks <replaceable>integer</replaceable>;
ndots <replaceable>integer</replaceable>;
search { <replaceable>string</replaceable>; ... };
view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ];
};
</literallayout>
</refsection>
<refsection><info><title>MANAGED-KEYS</title></info>
<literallayout class="normal">
managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable> <replaceable>integer</replaceable>
<replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
</literallayout>
</refsection>
<refsection><info><title>MASTERS</title></info>
<literallayout class="normal">
masters <replaceable>string</replaceable> [ port <replaceable>integer</replaceable> ] [ dscp
<replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
</literallayout>
</refsection>
<refsection><info><title>OPTIONS</title></info>
<literallayout class="normal">
options {
acache-cleaning-interval <replaceable>integer</replaceable>;
acache-enable <replaceable>boolean</replaceable>;
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
allow-new-zones <replaceable>boolean</replaceable>;
allow-notify { <replaceable>address_match_element</replaceable>; ... };
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
<replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
answer-cookie <replaceable>boolean</replaceable>;
attach-cache <replaceable>string</replaceable>;
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <replaceable>boolean</replaceable>;
avoid-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
avoid-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
bindkeys-file <replaceable>quoted_string</replaceable>;
blackhole { <replaceable>address_match_element</replaceable>; ... };
cache-file <replaceable>quoted_string</replaceable>;
catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <replaceable>boolean</replaceable>;
cleaning-interval <replaceable>integer</replaceable>;
clients-per-query <replaceable>integer</replaceable>;
cookie-algorithm ( aes | sha1 | sha256 );
cookie-secret <replaceable>string</replaceable>;
coresize ( default | unlimited | <replaceable>sizeval</replaceable> );
datasize ( default | unlimited | <replaceable>sizeval</replaceable> );
deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } [
except-from { <replaceable>quoted_string</replaceable>; ... } ];
deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } [ except-from {
<replaceable>quoted_string</replaceable>; ... } ];
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
directory <replaceable>quoted_string</replaceable>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
disable-empty-zone <replaceable>string</replaceable>;
dns64 <replaceable>netprefix</replaceable> {
break-dnssec <replaceable>boolean</replaceable>;
clients { <replaceable>address_match_element</replaceable>; ... };
exclude { <replaceable>address_match_element</replaceable>; ... };
mapped { <replaceable>address_match_element</replaceable>; ... };
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
dns64-contact <replaceable>string</replaceable>;
dns64-server <replaceable>string</replaceable>;
dnssec-accept-expired <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-enable <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
<replaceable>string</replaceable> | auto | no );
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... };
dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
hostname );
dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable>;
dnstap-version ( <replaceable>quoted_string</replaceable> | none );
dscp <replaceable>integer</replaceable>;
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] ); ... };
dump-file <replaceable>quoted_string</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
empty-contact <replaceable>string</replaceable>;
empty-server <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
files ( default | unlimited | <replaceable>sizeval</replaceable> );
filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
flush-zones-on-shutdown <replaceable>boolean</replaceable>;
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
fstrm-set-buffer-hint <replaceable>integer</replaceable>;
fstrm-set-flush-timeout <replaceable>integer</replaceable>;
fstrm-set-input-queue-size <replaceable>integer</replaceable>;
fstrm-set-output-notify-threshold <replaceable>integer</replaceable>;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size <replaceable>integer</replaceable>;
fstrm-set-reopen-interval <replaceable>integer</replaceable>;
geoip-directory ( <replaceable>quoted_string</replaceable> | none );
geoip-use-ecs <replaceable>boolean</replaceable>;
heartbeat-interval <replaceable>integer</replaceable>;
hostname ( <replaceable>quoted_string</replaceable> | none );
inline-signing <replaceable>boolean</replaceable>;
interface-interval <replaceable>integer</replaceable>;
ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
keep-response-order { <replaceable>address_match_element</replaceable>; ... };
key-directory <replaceable>quoted_string</replaceable>;
lame-ttl <replaceable>ttlval</replaceable>;
listen-on [ port <replaceable>integer</replaceable> ] [ dscp
<replaceable>integer</replaceable> ] {
<replaceable>address_match_element</replaceable>; ... };
listen-on-v6 [ port <replaceable>integer</replaceable> ] [ dscp
<replaceable>integer</replaceable> ] {
<replaceable>address_match_element</replaceable>; ... };
lmdb-mapsize <replaceable>sizeval</replaceable>;
lock-file ( <replaceable>quoted_string</replaceable> | none );
managed-keys-directory <replaceable>quoted_string</replaceable>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <replaceable>boolean</replaceable>;
max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
max-cache-ttl <replaceable>integer</replaceable>;
max-clients-per-query <replaceable>integer</replaceable>;
max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
max-ncache-ttl <replaceable>integer</replaceable>;
max-records <replaceable>integer</replaceable>;
max-recursion-depth <replaceable>integer</replaceable>;
max-recursion-queries <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
max-rsa-exponent-size <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
memstatistics <replaceable>boolean</replaceable>;
memstatistics-file <replaceable>quoted_string</replaceable>;
message-compression <replaceable>boolean</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
multi-master <replaceable>boolean</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
nocookie-udp-size <replaceable>integer</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
notify-rate <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
[ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
nta-lifetime <replaceable>ttlval</replaceable>;
nta-recheck <replaceable>ttlval</replaceable>;
nxdomain-redirect <replaceable>string</replaceable>;
pid-file ( <replaceable>quoted_string</replaceable> | none );
port <replaceable>integer</replaceable>;
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv6_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
querylog <replaceable>boolean</replaceable>;
random-device <replaceable>quoted_string</replaceable>;
rate-limit {
all-per-second <replaceable>integer</replaceable>;
errors-per-second <replaceable>integer</replaceable>;
exempt-clients { <replaceable>address_match_element</replaceable>; ... };
ipv4-prefix-length <replaceable>integer</replaceable>;
ipv6-prefix-length <replaceable>integer</replaceable>;
log-only <replaceable>boolean</replaceable>;
max-table-size <replaceable>integer</replaceable>;
min-table-size <replaceable>integer</replaceable>;
nodata-per-second <replaceable>integer</replaceable>;
nxdomains-per-second <replaceable>integer</replaceable>;
qps-scale <replaceable>integer</replaceable>;
referrals-per-second <replaceable>integer</replaceable>;
responses-per-second <replaceable>integer</replaceable>;
slip <replaceable>integer</replaceable>;
window <replaceable>integer</replaceable>;
};
recursing-file <replaceable>quoted_string</replaceable>;
recursion <replaceable>boolean</replaceable>;
recursive-clients <replaceable>integer</replaceable>;
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
request-nsid <replaceable>boolean</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
reserved-sockets <replaceable>integer</replaceable>;
resolver-query-timeout <replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>integer</replaceable> ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
<replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ]; ... } [
break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>integer</replaceable> ] [
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
secroots-file <replaceable>quoted_string</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
serial-query-rate <replaceable>integer</replaceable>;
serial-update-method ( date | increment | unixtime );
server-id ( <replaceable>quoted_string</replaceable> | none | hostname );
servfail-ttl <replaceable>ttlval</replaceable>;
session-keyalg <replaceable>string</replaceable>;
session-keyfile ( <replaceable>quoted_string</replaceable> | none );
session-keyname <replaceable>string</replaceable>;
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
sortlist { <replaceable>address_match_element</replaceable>; ... };
stacksize ( default | unlimited | <replaceable>sizeval</replaceable> );
startup-notify-rate <replaceable>integer</replaceable>;
statistics-file <replaceable>quoted_string</replaceable>;
tcp-clients <replaceable>integer</replaceable>;
tcp-listen-queue <replaceable>integer</replaceable>;
tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
tkey-domain <replaceable>quoted_string</replaceable>;
tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
transfer-format ( many-answers | one-answer );
transfer-message-size <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
transfers-in <replaceable>integer</replaceable>;
transfers-out <replaceable>integer</replaceable>;
transfers-per-ns <replaceable>integer</replaceable>;
trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
try-tcp-refresh <replaceable>boolean</replaceable>;
update-check-ksk <replaceable>boolean</replaceable>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
use-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
use-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
v6-bias <replaceable>integer</replaceable>;
version ( <replaceable>quoted_string</replaceable> | none );
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
</literallayout>
</refsection>
<refsection><info><title>SERVER</title></info>
<literallayout class="normal">
server <replaceable>netprefix</replaceable> {
bogus <replaceable>boolean</replaceable>;
edns <replaceable>boolean</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
edns-version <replaceable>integer</replaceable>;
keys <replaceable>server_key</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
[ dscp <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv6_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
request-nsid <replaceable>boolean</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
tcp-only <replaceable>boolean</replaceable>;
transfer-format ( many-answers | one-answer );
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
transfers <replaceable>integer</replaceable>;
};
</literallayout>
</refsection>
<refsection><info><title>STATISTICS-CHANNELS</title></info>
<literallayout class="normal">
statistics-channels {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
* ) [ port ( <replaceable>integer</replaceable> | * ) ] [
allow { <replaceable>address_match_element</replaceable>; ...
} ];
};
</literallayout>
</refsection>
<refsection><info><title>TRUSTED-KEYS</title></info>
<literallayout class="normal">
trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
<replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
</literallayout>
</refsection>
<refsection><info><title>VIEW</title></info>
<literallayout class="normal">
view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
acache-cleaning-interval <replaceable>integer</replaceable>;
acache-enable <replaceable>boolean</replaceable>;
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
allow-new-zones <replaceable>boolean</replaceable>;
allow-notify { <replaceable>address_match_element</replaceable>; ... };
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
<replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
attach-cache <replaceable>string</replaceable>;
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
cache-file <replaceable>quoted_string</replaceable>;
catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <replaceable>boolean</replaceable>;
cleaning-interval <replaceable>integer</replaceable>;
clients-per-query <replaceable>integer</replaceable>;
deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } [
except-from { <replaceable>quoted_string</replaceable>; ... } ];
deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } [ except-from {
<replaceable>quoted_string</replaceable>; ... } ];
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
disable-empty-zone <replaceable>string</replaceable>;
dlz <replaceable>string</replaceable> {
database <replaceable>string</replaceable>;
search <replaceable>boolean</replaceable>;
};
dns64 <replaceable>netprefix</replaceable> {
break-dnssec <replaceable>boolean</replaceable>;
clients { <replaceable>address_match_element</replaceable>; ... };
exclude { <replaceable>address_match_element</replaceable>; ... };
mapped { <replaceable>address_match_element</replaceable>; ... };
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
dns64-contact <replaceable>string</replaceable>;
dns64-server <replaceable>string</replaceable>;
dnssec-accept-expired <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-enable <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
<replaceable>string</replaceable> | auto | no );
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... };
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] ); ... };
dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
<replaceable>unspecified-text</replaceable> };
edns-udp-size <replaceable>integer</replaceable>;
empty-contact <replaceable>string</replaceable>;
empty-server <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
inline-signing <replaceable>boolean</replaceable>;
ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
key <replaceable>string</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
key-directory <replaceable>quoted_string</replaceable>;
lame-ttl <replaceable>ttlval</replaceable>;
lmdb-mapsize <replaceable>sizeval</replaceable>;
managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable>
<replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
<replaceable>quoted_string</replaceable>; ... };
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-clients { <replaceable>address_match_element</replaceable>; ... };
match-destinations { <replaceable>address_match_element</replaceable>; ... };
match-recursive-only <replaceable>boolean</replaceable>;
max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
max-cache-ttl <replaceable>integer</replaceable>;
max-clients-per-query <replaceable>integer</replaceable>;
max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
max-ncache-ttl <replaceable>integer</replaceable>;
max-records <replaceable>integer</replaceable>;
max-recursion-depth <replaceable>integer</replaceable>;
max-recursion-queries <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
message-compression <replaceable>boolean</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
multi-master <replaceable>boolean</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
nocookie-udp-size <replaceable>integer</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
[ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
nta-lifetime <replaceable>ttlval</replaceable>;
nta-recheck <replaceable>ttlval</replaceable>;
nxdomain-redirect <replaceable>string</replaceable>;
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv6_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
rate-limit {
all-per-second <replaceable>integer</replaceable>;
errors-per-second <replaceable>integer</replaceable>;
exempt-clients { <replaceable>address_match_element</replaceable>; ... };
ipv4-prefix-length <replaceable>integer</replaceable>;
ipv6-prefix-length <replaceable>integer</replaceable>;
log-only <replaceable>boolean</replaceable>;
max-table-size <replaceable>integer</replaceable>;
min-table-size <replaceable>integer</replaceable>;
nodata-per-second <replaceable>integer</replaceable>;
nxdomains-per-second <replaceable>integer</replaceable>;
qps-scale <replaceable>integer</replaceable>;
referrals-per-second <replaceable>integer</replaceable>;
responses-per-second <replaceable>integer</replaceable>;
slip <replaceable>integer</replaceable>;
window <replaceable>integer</replaceable>;
};
recursion <replaceable>boolean</replaceable>;
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
request-nsid <replaceable>boolean</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
resolver-query-timeout <replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>integer</replaceable> ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
<replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ]; ... } [
break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>integer</replaceable> ] [
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
send-cookie <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
server <replaceable>netprefix</replaceable> {
bogus <replaceable>boolean</replaceable>;
edns <replaceable>boolean</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
edns-version <replaceable>integer</replaceable>;
keys <replaceable>server_key</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | *
) ] [ dscp <replaceable>integer</replaceable> ];
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable>
| * ) ] [ dscp <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port
( <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] (
<replaceable>ipv4_address</replaceable> | * ) ] port ( <replaceable>integer</replaceable> | * ) ) ) [
dscp <replaceable>integer</replaceable> ];
query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [
port ( <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] (
<replaceable>ipv6_address</replaceable> | * ) ] port ( <replaceable>integer</replaceable> | * ) ) ) [
dscp <replaceable>integer</replaceable> ];
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
request-nsid <replaceable>boolean</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
tcp-only <replaceable>boolean</replaceable>;
transfer-format ( many-answers | one-answer );
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
transfers <replaceable>integer</replaceable>;
};
servfail-ttl <replaceable>ttlval</replaceable>;
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
sortlist { <replaceable>address_match_element</replaceable>; ... };
transfer-format ( many-answers | one-answer );
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable>
<replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
... };
try-tcp-refresh <replaceable>boolean</replaceable>;
update-check-ksk <replaceable>boolean</replaceable>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
v6-bias <replaceable>integer</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
allow-notify { <replaceable>address_match_element</replaceable>; ... };
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { (
<replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] |
<replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ];
... };
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <replaceable>boolean</replaceable>;
database <replaceable>string</replaceable>;
delegation-only <replaceable>boolean</replaceable>;
dialup ( notify | notify-passive | passive | refresh |
<replaceable>boolean</replaceable> );
dlz <replaceable>string</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
file <replaceable>quoted_string</replaceable>;
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { (
<replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [
dscp <replaceable>integer</replaceable> ]; ... };
in-view <replaceable>string</replaceable>;
inline-signing <replaceable>boolean</replaceable>;
ixfr-from-differences <replaceable>boolean</replaceable>;
journal <replaceable>quoted_string</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable>
| <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [
port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
max-ixfr-log-size ( default | unlimited |
max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
max-records <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | *
) ] [ dscp <replaceable>integer</replaceable> ];
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable>
| * ) ] [ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
pubkey <replaceable>integer</replaceable>
<replaceable>integer</replaceable>
<replaceable>integer</replaceable>
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [
port <replaceable>integer</replaceable> ]; ... };
server-names { <replaceable>quoted_string</replaceable>; ... };
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( delegation-only | forward | hint | master | redirect
| slave | static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
</literallayout>
</refsection>
<refsection><info><title>ZONE</title></info>
<literallayout class="normal">
zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
allow-notify { <replaceable>address_match_element</replaceable>; ... };
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
<replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
* ) ] [ dscp <replaceable>integer</replaceable> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <replaceable>boolean</replaceable>;
database <replaceable>string</replaceable>;
delegation-only <replaceable>boolean</replaceable>;
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
dlz <replaceable>string</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
file <replaceable>quoted_string</replaceable>;
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
in-view <replaceable>string</replaceable>;
inline-signing <replaceable>boolean</replaceable>;
ixfr-from-differences <replaceable>boolean</replaceable>;
journal <replaceable>quoted_string</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
<replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
<replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
max-records <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
[ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable>
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [ port
<replaceable>integer</replaceable> ]; ... };
server-names { <replaceable>quoted_string</replaceable>; ... };
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
dscp <replaceable>integer</replaceable> ];
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( delegation-only | forward | hint | master | redirect | slave
| static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ]
<replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
</literallayout>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/named.conf</filename>
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>ddns-confgen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsection>
</refentry>
|
