summaryrefslogtreecommitdiffstats
path: root/bin/named/named.conf.rst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/named/named.conf.rst1082
1 files changed, 1082 insertions, 0 deletions
diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst
new file mode 100644
index 0000000..4c9f9a7
--- /dev/null
+++ b/bin/named/named.conf.rst
@@ -0,0 +1,1082 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+named.conf - configuration file for **named**
+---------------------------------------------
+
+Synopsis
+~~~~~~~~
+
+:program:`named.conf`
+
+Description
+~~~~~~~~~~~
+
+``named.conf`` is the configuration file for ``named``. Statements are
+enclosed in braces and terminated with a semi-colon. Clauses in the
+statements are also semi-colon terminated. The usual comment styles are
+supported:
+
+C style: /\* \*/
+
+ C++ style: // to end of line
+
+Unix style: # to end of line
+
+ACL
+^^^
+
+::
+
+ acl string { address_match_element; ... };
+
+CONTROLS
+^^^^^^^^
+
+::
+
+ controls {
+ inet ( ipv4_address | ipv6_address |
+ * ) [ port ( integer | * ) ] allow
+ { address_match_element; ... } [
+ keys { string; ... } ] [ read-only
+ boolean ];
+ unix quoted_string perm integer
+ owner integer group integer [
+ keys { string; ... } ] [ read-only
+ boolean ];
+ };
+
+DLZ
+^^^
+
+::
+
+ dlz string {
+ database string;
+ search boolean;
+ };
+
+DNSSEC-POLICY
+^^^^^^^^^^^^^
+
+::
+
+ dnssec-policy string {
+ dnskey-ttl duration;
+ keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
+ duration_or_unlimited algorithm string [ integer ]; ... };
+ max-zone-ttl duration;
+ nsec3param [ iterations integer ] [ optout boolean ] [
+ salt-length integer ];
+ parent-ds-ttl duration;
+ parent-propagation-delay duration;
+ publish-safety duration;
+ purge-keys duration;
+ retire-safety duration;
+ signatures-refresh duration;
+ signatures-validity duration;
+ signatures-validity-dnskey duration;
+ zone-propagation-delay duration;
+ };
+
+DYNDB
+^^^^^
+
+::
+
+ dyndb string quoted_string {
+ unspecified-text };
+
+KEY
+^^^
+
+::
+
+ key string {
+ algorithm string;
+ secret string;
+ };
+
+LOGGING
+^^^^^^^
+
+::
+
+ logging {
+ category string { string; ... };
+ channel string {
+ buffered boolean;
+ file quoted_string [ versions ( unlimited | integer ) ]
+ [ size size ] [ suffix ( increment | timestamp ) ];
+ null;
+ print-category boolean;
+ print-severity boolean;
+ print-time ( iso8601 | iso8601-utc | local | boolean );
+ severity log_severity;
+ stderr;
+ syslog [ syslog_facility ];
+ };
+ };
+
+MANAGED-KEYS
+^^^^^^^^^^^^
+
+See DNSSEC-KEYS.
+
+::
+
+ managed-keys { string ( static-key
+ | initial-key | static-ds |
+ initial-ds ) integer integer
+ integer quoted_string; ... };, deprecated
+
+MASTERS
+^^^^^^^
+
+::
+
+ masters string [ port integer ] [ dscp
+ integer ] { ( remote-servers |
+ ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key
+ string ]; ... };
+
+OPTIONS
+^^^^^^^
+
+::
+
+ options {
+ allow-new-zones boolean;
+ allow-notify { address_match_element; ... };
+ allow-query { address_match_element; ... };
+ allow-query-cache { address_match_element; ... };
+ allow-query-cache-on { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
+ allow-recursion { address_match_element; ... };
+ allow-recursion-on { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ also-notify [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ answer-cookie boolean;
+ attach-cache string;
+ auth-nxdomain boolean; // default changed
+ auto-dnssec ( allow | maintain | off );// deprecated
+ automatic-interface-scan boolean;
+ avoid-v4-udp-ports { portrange; ... };
+ avoid-v6-udp-ports { portrange; ... };
+ bindkeys-file quoted_string;
+ blackhole { address_match_element; ... };
+ cache-file quoted_string;// deprecated
+ catalog-zones { zone string [ default-masters [ port integer ]
+ [ dscp integer ] { ( remote-servers | ipv4_address [ port
+ integer ] | ipv6_address [ port integer ] ) [ key
+ string ]; ... } ] [ zone-directory quoted_string ] [
+ in-memory boolean ] [ min-update-interval duration ]; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( primary | master |
+ secondary | slave | response ) (
+ fail | warn | ignore );
+ check-sibling boolean;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard boolean;
+ clients-per-query integer;
+ cookie-algorithm ( aes | siphash24 );
+ cookie-secret string;
+ coresize ( default | unlimited | sizeval );
+ datasize ( default | unlimited | sizeval );
+ deny-answer-addresses { address_match_element; ... } [
+ except-from { string; ... } ];
+ deny-answer-aliases { string; ... } [ except-from { string; ...
+ } ];
+ dialup ( notify | notify-passive | passive | refresh | boolean );
+ directory quoted_string;
+ disable-algorithms string { string;
+ ... };
+ disable-ds-digests string { string;
+ ... };
+ disable-empty-zone string;
+ dns64 netprefix {
+ break-dnssec boolean;
+ clients { address_match_element; ... };
+ exclude { address_match_element; ... };
+ mapped { address_match_element; ... };
+ recursive-only boolean;
+ suffix ipv6_address;
+ };
+ dns64-contact string;
+ dns64-server string;
+ dnskey-sig-validity integer;
+ dnsrps-enable boolean;
+ dnsrps-options { unspecified-text };
+ dnssec-accept-expired boolean;
+ dnssec-dnskey-kskonly boolean;
+ dnssec-loadkeys-interval integer;
+ dnssec-must-be-secure string boolean;
+ dnssec-policy string;
+ dnssec-secure-to-insecure boolean;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [
+ ( query | response ) ]; ... };
+ dnstap-identity ( quoted_string | none | hostname );
+ dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
+ size ) ] [ versions ( unlimited | integer ) ] [ suffix (
+ increment | timestamp ) ];
+ dnstap-version ( quoted_string | none );
+ dscp integer;
+ dual-stack-servers [ port integer ] { ( quoted_string [ port
+ integer ] [ dscp integer ] | ipv4_address [ port
+ integer ] [ dscp integer ] | ipv6_address [ port
+ integer ] [ dscp integer ] ); ... };
+ dump-file quoted_string;
+ edns-udp-size integer;
+ empty-contact string;
+ empty-server string;
+ empty-zones-enable boolean;
+ fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
+ fetches-per-server integer [ ( drop | fail ) ];
+ fetches-per-zone integer [ ( drop | fail ) ];
+ files ( default | unlimited | sizeval );
+ flush-zones-on-shutdown boolean;
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
+ | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
+ fstrm-set-buffer-hint integer;
+ fstrm-set-flush-timeout integer;
+ fstrm-set-input-queue-size integer;
+ fstrm-set-output-notify-threshold integer;
+ fstrm-set-output-queue-model ( mpsc | spsc );
+ fstrm-set-output-queue-size integer;
+ fstrm-set-reopen-interval duration;
+ geoip-directory ( quoted_string | none );
+ glue-cache boolean;
+ heartbeat-interval integer;
+ hostname ( quoted_string | none );
+ interface-interval duration;
+ ixfr-from-differences ( primary | master | secondary | slave |
+ boolean );
+ keep-response-order { address_match_element; ... };
+ key-directory quoted_string;
+ lame-ttl duration;
+ listen-on [ port integer ] [ dscp
+ integer ] {
+ address_match_element; ... };
+ listen-on-v6 [ port integer ] [ dscp
+ integer ] {
+ address_match_element; ... };
+ lmdb-mapsize sizeval;
+ lock-file ( quoted_string | none );
+ managed-keys-directory quoted_string;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-mapped-addresses boolean;
+ max-cache-size ( default | unlimited | sizeval | percentage );
+ max-cache-ttl duration;
+ max-clients-per-query integer;
+ max-ixfr-ratio ( unlimited | percentage );
+ max-journal-size ( default | unlimited | sizeval );
+ max-ncache-ttl duration;
+ max-records integer;
+ max-recursion-depth integer;
+ max-recursion-queries integer;
+ max-refresh-time integer;
+ max-retry-time integer;
+ max-rsa-exponent-size integer;
+ max-stale-ttl duration;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-udp-size integer;
+ max-zone-ttl ( unlimited | duration );
+ memstatistics boolean;
+ memstatistics-file quoted_string;
+ message-compression boolean;
+ min-cache-ttl duration;
+ min-ncache-ttl duration;
+ min-refresh-time integer;
+ min-retry-time integer;
+ minimal-any boolean;
+ minimal-responses ( no-auth | no-auth-recursive | boolean );
+ multi-master boolean;
+ new-zones-directory quoted_string;
+ no-case-compress { address_match_element; ... };
+ nocookie-udp-size integer;
+ notify ( explicit | master-only | primary-only | boolean );
+ notify-delay integer;
+ notify-rate integer;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ notify-to-soa boolean;
+ nta-lifetime duration;
+ nta-recheck duration;
+ nxdomain-redirect string;
+ parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ pid-file ( quoted_string | none );
+ port integer;
+ preferred-glue string;
+ prefetch integer [ integer ];
+ provide-ixfr boolean;
+ qname-minimization ( strict | relaxed | disabled | off );
+ query-source ( ( [ address ] ( ipv4_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ querylog boolean;
+ random-device ( quoted_string | none );
+ rate-limit {
+ all-per-second integer;
+ errors-per-second integer;
+ exempt-clients { address_match_element; ... };
+ ipv4-prefix-length integer;
+ ipv6-prefix-length integer;
+ log-only boolean;
+ max-table-size integer;
+ min-table-size integer;
+ nodata-per-second integer;
+ nxdomains-per-second integer;
+ qps-scale integer;
+ referrals-per-second integer;
+ responses-per-second integer;
+ slip integer;
+ window integer;
+ };
+ recursing-file quoted_string;
+ recursion boolean;
+ recursive-clients integer;
+ request-expire boolean;
+ request-ixfr boolean;
+ request-nsid boolean;
+ require-server-cookie boolean;
+ reserved-sockets integer;
+ resolver-nonbackoff-tries integer;
+ resolver-query-timeout integer;
+ resolver-retry-interval integer;
+ response-padding { address_match_element; ... } block-size
+ integer;
+ response-policy { zone string [ add-soa boolean ] [ log
+ boolean ] [ max-policy-ttl duration ] [ min-update-interval
+ duration ] [ policy ( cname | disabled | drop | given | no-op
+ | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
+ recursive-only boolean ] [ nsip-enable boolean ] [
+ nsdname-enable boolean ]; ... } [ add-soa boolean ] [
+ break-dnssec boolean ] [ max-policy-ttl duration ] [
+ min-update-interval duration ] [ min-ns-dots integer ] [
+ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
+ [ recursive-only boolean ] [ nsip-enable boolean ] [
+ nsdname-enable boolean ] [ dnsrps-enable boolean ] [
+ dnsrps-options { unspecified-text } ];
+ reuseport boolean;
+ root-delegation-only [ exclude { string; ... } ];
+ root-key-sentinel boolean;
+ rrset-order { [ class string ] [ type string ] [ name
+ quoted_string ] string string; ... };
+ secroots-file quoted_string;
+ send-cookie boolean;
+ serial-query-rate integer;
+ serial-update-method ( date | increment | unixtime );
+ server-id ( quoted_string | none | hostname );
+ servfail-ttl duration;
+ session-keyalg string;
+ session-keyfile ( quoted_string | none );
+ session-keyname string;
+ sig-signing-nodes integer;
+ sig-signing-signatures integer;
+ sig-signing-type integer;
+ sig-validity-interval integer [ integer ];
+ sortlist { address_match_element; ... };
+ stacksize ( default | unlimited | sizeval );
+ stale-answer-client-timeout ( disabled | off | integer );
+ stale-answer-enable boolean;
+ stale-answer-ttl duration;
+ stale-cache-enable boolean;
+ stale-refresh-time duration;
+ startup-notify-rate integer;
+ statistics-file quoted_string;
+ synth-from-dnssec boolean;
+ tcp-advertised-timeout integer;
+ tcp-clients integer;
+ tcp-idle-timeout integer;
+ tcp-initial-timeout integer;
+ tcp-keepalive-timeout integer;
+ tcp-listen-queue integer;
+ tkey-dhkey quoted_string integer;
+ tkey-domain quoted_string;
+ tkey-gssapi-credential quoted_string;
+ tkey-gssapi-keytab quoted_string;
+ transfer-format ( many-answers | one-answer );
+ transfer-message-size integer;
+ transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ transfers-in integer;
+ transfers-out integer;
+ transfers-per-ns integer;
+ trust-anchor-telemetry boolean; // experimental
+ try-tcp-refresh boolean;
+ update-check-ksk boolean;
+ update-quota integer;
+ use-alt-transfer-source boolean;
+ use-v4-udp-ports { portrange; ... };
+ use-v6-udp-ports { portrange; ... };
+ v6-bias integer;
+ validate-except { string; ... };
+ version ( quoted_string | none );
+ zero-no-soa-ttl boolean;
+ zero-no-soa-ttl-cache boolean;
+ zone-statistics ( full | terse | none | boolean );
+ };
+
+PARENTAL-AGENTS
+^^^^^^^^^^^^^^^
+
+::
+
+ parental-agents string [ port integer ] [
+ dscp integer ] { ( remote-servers |
+ ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key
+ string ]; ... };
+
+PLUGIN
+^^^^^^
+
+::
+
+ plugin ( query ) string [ { unspecified-text
+ } ];
+
+PRIMARIES
+^^^^^^^^^
+
+::
+
+ primaries string [ port integer ] [ dscp
+ integer ] { ( remote-servers |
+ ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key
+ string ]; ... };
+
+SERVER
+^^^^^^
+
+::
+
+ server netprefix {
+ bogus boolean;
+ edns boolean;
+ edns-udp-size integer;
+ edns-version integer;
+ keys server_key;
+ max-udp-size integer;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ padding integer;
+ provide-ixfr boolean;
+ query-source ( ( [ address ] ( ipv4_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ request-expire boolean;
+ request-ixfr boolean;
+ request-nsid boolean;
+ send-cookie boolean;
+ tcp-keepalive boolean;
+ tcp-only boolean;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ transfers integer;
+ };
+
+STATISTICS-CHANNELS
+^^^^^^^^^^^^^^^^^^^
+
+::
+
+ statistics-channels {
+ inet ( ipv4_address | ipv6_address |
+ * ) [ port ( integer | * ) ] [
+ allow { address_match_element; ...
+ } ];
+ };
+
+TRUST-ANCHORS
+^^^^^^^^^^^^^
+
+::
+
+ trust-anchors { string ( static-key |
+ initial-key | static-ds | initial-ds )
+ integer integer integer
+ quoted_string; ... };
+
+TRUSTED-KEYS
+^^^^^^^^^^^^
+
+Deprecated - see DNSSEC-KEYS.
+
+::
+
+ trusted-keys { string integer
+ integer integer
+ quoted_string; ... };, deprecated
+
+VIEW
+^^^^
+
+::
+
+ view string [ class ] {
+ allow-new-zones boolean;
+ allow-notify { address_match_element; ... };
+ allow-query { address_match_element; ... };
+ allow-query-cache { address_match_element; ... };
+ allow-query-cache-on { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
+ allow-recursion { address_match_element; ... };
+ allow-recursion-on { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ also-notify [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ attach-cache string;
+ auth-nxdomain boolean; // default changed
+ auto-dnssec ( allow | maintain | off );// deprecated
+ cache-file quoted_string;// deprecated
+ catalog-zones { zone string [ default-masters [ port integer ]
+ [ dscp integer ] { ( remote-servers | ipv4_address [ port
+ integer ] | ipv6_address [ port integer ] ) [ key
+ string ]; ... } ] [ zone-directory quoted_string ] [
+ in-memory boolean ] [ min-update-interval duration ]; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( primary | master |
+ secondary | slave | response ) (
+ fail | warn | ignore );
+ check-sibling boolean;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard boolean;
+ clients-per-query integer;
+ deny-answer-addresses { address_match_element; ... } [
+ except-from { string; ... } ];
+ deny-answer-aliases { string; ... } [ except-from { string; ...
+ } ];
+ dialup ( notify | notify-passive | passive | refresh | boolean );
+ disable-algorithms string { string;
+ ... };
+ disable-ds-digests string { string;
+ ... };
+ disable-empty-zone string;
+ dlz string {
+ database string;
+ search boolean;
+ };
+ dns64 netprefix {
+ break-dnssec boolean;
+ clients { address_match_element; ... };
+ exclude { address_match_element; ... };
+ mapped { address_match_element; ... };
+ recursive-only boolean;
+ suffix ipv6_address;
+ };
+ dns64-contact string;
+ dns64-server string;
+ dnskey-sig-validity integer;
+ dnsrps-enable boolean;
+ dnsrps-options { unspecified-text };
+ dnssec-accept-expired boolean;
+ dnssec-dnskey-kskonly boolean;
+ dnssec-loadkeys-interval integer;
+ dnssec-must-be-secure string boolean;
+ dnssec-policy string;
+ dnssec-secure-to-insecure boolean;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [
+ ( query | response ) ]; ... };
+ dual-stack-servers [ port integer ] { ( quoted_string [ port
+ integer ] [ dscp integer ] | ipv4_address [ port
+ integer ] [ dscp integer ] | ipv6_address [ port
+ integer ] [ dscp integer ] ); ... };
+ dyndb string quoted_string {
+ unspecified-text };
+ edns-udp-size integer;
+ empty-contact string;
+ empty-server string;
+ empty-zones-enable boolean;
+ fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
+ fetches-per-server integer [ ( drop | fail ) ];
+ fetches-per-zone integer [ ( drop | fail ) ];
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
+ | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
+ glue-cache boolean;
+ ixfr-from-differences ( primary | master | secondary | slave |
+ boolean );
+ key string {
+ algorithm string;
+ secret string;
+ };
+ key-directory quoted_string;
+ lame-ttl duration;
+ lmdb-mapsize sizeval;
+ managed-keys { string (
+ static-key | initial-key
+ | static-ds | initial-ds
+ ) integer integer
+ integer
+ quoted_string; ... };, deprecated
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-clients { address_match_element; ... };
+ match-destinations { address_match_element; ... };
+ match-recursive-only boolean;
+ max-cache-size ( default | unlimited | sizeval | percentage );
+ max-cache-ttl duration;
+ max-clients-per-query integer;
+ max-ixfr-ratio ( unlimited | percentage );
+ max-journal-size ( default | unlimited | sizeval );
+ max-ncache-ttl duration;
+ max-records integer;
+ max-recursion-depth integer;
+ max-recursion-queries integer;
+ max-refresh-time integer;
+ max-retry-time integer;
+ max-stale-ttl duration;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-udp-size integer;
+ max-zone-ttl ( unlimited | duration );
+ message-compression boolean;
+ min-cache-ttl duration;
+ min-ncache-ttl duration;
+ min-refresh-time integer;
+ min-retry-time integer;
+ minimal-any boolean;
+ minimal-responses ( no-auth | no-auth-recursive | boolean );
+ multi-master boolean;
+ new-zones-directory quoted_string;
+ no-case-compress { address_match_element; ... };
+ nocookie-udp-size integer;
+ notify ( explicit | master-only | primary-only | boolean );
+ notify-delay integer;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ notify-to-soa boolean;
+ nta-lifetime duration;
+ nta-recheck duration;
+ nxdomain-redirect string;
+ parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ plugin ( query ) string [ {
+ unspecified-text } ];
+ preferred-glue string;
+ prefetch integer [ integer ];
+ provide-ixfr boolean;
+ qname-minimization ( strict | relaxed | disabled | off );
+ query-source ( ( [ address ] ( ipv4_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ rate-limit {
+ all-per-second integer;
+ errors-per-second integer;
+ exempt-clients { address_match_element; ... };
+ ipv4-prefix-length integer;
+ ipv6-prefix-length integer;
+ log-only boolean;
+ max-table-size integer;
+ min-table-size integer;
+ nodata-per-second integer;
+ nxdomains-per-second integer;
+ qps-scale integer;
+ referrals-per-second integer;
+ responses-per-second integer;
+ slip integer;
+ window integer;
+ };
+ recursion boolean;
+ request-expire boolean;
+ request-ixfr boolean;
+ request-nsid boolean;
+ require-server-cookie boolean;
+ resolver-nonbackoff-tries integer;
+ resolver-query-timeout integer;
+ resolver-retry-interval integer;
+ response-padding { address_match_element; ... } block-size
+ integer;
+ response-policy { zone string [ add-soa boolean ] [ log
+ boolean ] [ max-policy-ttl duration ] [ min-update-interval
+ duration ] [ policy ( cname | disabled | drop | given | no-op
+ | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
+ recursive-only boolean ] [ nsip-enable boolean ] [
+ nsdname-enable boolean ]; ... } [ add-soa boolean ] [
+ break-dnssec boolean ] [ max-policy-ttl duration ] [
+ min-update-interval duration ] [ min-ns-dots integer ] [
+ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
+ [ recursive-only boolean ] [ nsip-enable boolean ] [
+ nsdname-enable boolean ] [ dnsrps-enable boolean ] [
+ dnsrps-options { unspecified-text } ];
+ root-delegation-only [ exclude { string; ... } ];
+ root-key-sentinel boolean;
+ rrset-order { [ class string ] [ type string ] [ name
+ quoted_string ] string string; ... };
+ send-cookie boolean;
+ serial-update-method ( date | increment | unixtime );
+ server netprefix {
+ bogus boolean;
+ edns boolean;
+ edns-udp-size integer;
+ edns-version integer;
+ keys server_key;
+ max-udp-size integer;
+ notify-source ( ipv4_address | * ) [ port ( integer | *
+ ) ] [ dscp integer ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer
+ | * ) ] [ dscp integer ];
+ padding integer;
+ provide-ixfr boolean;
+ query-source ( ( [ address ] ( ipv4_address | * ) [ port
+ ( integer | * ) ] ) | ( [ [ address ] (
+ ipv4_address | * ) ] port ( integer | * ) ) ) [
+ dscp integer ];
+ query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
+ port ( integer | * ) ] ) | ( [ [ address ] (
+ ipv6_address | * ) ] port ( integer | * ) ) ) [
+ dscp integer ];
+ request-expire boolean;
+ request-ixfr boolean;
+ request-nsid boolean;
+ send-cookie boolean;
+ tcp-keepalive boolean;
+ tcp-only boolean;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( ipv4_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ transfer-source-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ transfers integer;
+ };
+ servfail-ttl duration;
+ sig-signing-nodes integer;
+ sig-signing-signatures integer;
+ sig-signing-type integer;
+ sig-validity-interval integer [ integer ];
+ sortlist { address_match_element; ... };
+ stale-answer-client-timeout ( disabled | off | integer );
+ stale-answer-enable boolean;
+ stale-answer-ttl duration;
+ stale-cache-enable boolean;
+ stale-refresh-time duration;
+ synth-from-dnssec boolean;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ trust-anchor-telemetry boolean; // experimental
+ trust-anchors { string ( static-key |
+ initial-key | static-ds | initial-ds
+ ) integer integer integer
+ quoted_string; ... };
+ trusted-keys { string
+ integer integer
+ integer
+ quoted_string; ... };, deprecated
+ try-tcp-refresh boolean;
+ update-check-ksk boolean;
+ use-alt-transfer-source boolean;
+ v6-bias integer;
+ validate-except { string; ... };
+ zero-no-soa-ttl boolean;
+ zero-no-soa-ttl-cache boolean;
+ zone string [ class ] {
+ allow-notify { address_match_element; ... };
+ allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ also-notify [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ alt-transfer-source ( ipv4_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ alt-transfer-source-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ auto-dnssec ( allow | maintain | off );// deprecated
+ check-dup-records ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling boolean;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard boolean;
+ database string;
+ delegation-only boolean;
+ dialup ( notify | notify-passive | passive | refresh |
+ boolean );
+ dlz string;
+ dnskey-sig-validity integer;
+ dnssec-dnskey-kskonly boolean;
+ dnssec-loadkeys-interval integer;
+ dnssec-policy string;
+ dnssec-secure-to-insecure boolean;
+ dnssec-update-mode ( maintain | no-resign );
+ file quoted_string;
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { (
+ ipv4_address | ipv6_address ) [ port integer ] [
+ dscp integer ]; ... };
+ in-view string;
+ inline-signing boolean;
+ ixfr-from-differences boolean;
+ journal quoted_string;
+ key-directory quoted_string;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ max-ixfr-ratio ( unlimited | percentage );
+ max-journal-size ( default | unlimited | sizeval );
+ max-records integer;
+ max-refresh-time integer;
+ max-retry-time integer;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-zone-ttl ( unlimited | duration );
+ min-refresh-time integer;
+ min-retry-time integer;
+ multi-master boolean;
+ notify ( explicit | master-only | primary-only | boolean );
+ notify-delay integer;
+ notify-source ( ipv4_address | * ) [ port ( integer | *
+ ) ] [ dscp integer ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer
+ | * ) ] [ dscp integer ];
+ notify-to-soa boolean;
+ parental-agents [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ parental-source ( ipv4_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ parental-source-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ primaries [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ request-expire boolean;
+ request-ixfr boolean;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( ipv4_address | ipv6_address ); ... };
+ server-names { string; ... };
+ sig-signing-nodes integer;
+ sig-signing-signatures integer;
+ sig-signing-type integer;
+ sig-validity-interval integer [ integer ];
+ transfer-source ( ipv4_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ transfer-source-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ try-tcp-refresh boolean;
+ type ( primary | master | secondary | slave | mirror |
+ delegation-only | forward | hint | redirect |
+ static-stub | stub );
+ update-check-ksk boolean;
+ update-policy ( local | { ( deny | grant ) string (
+ 6to4-self | external | krb5-self | krb5-selfsub |
+ krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp-self
+ | wildcard | zonesub ) [ string ] rrtypelist; ... } );
+ use-alt-transfer-source boolean;
+ zero-no-soa-ttl boolean;
+ zone-statistics ( full | terse | none | boolean );
+ };
+ zone-statistics ( full | terse | none | boolean );
+ };
+
+ZONE
+^^^^
+
+::
+
+ zone string [ class ] {
+ allow-notify { address_match_element; ... };
+ allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ also-notify [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ auto-dnssec ( allow | maintain | off );// deprecated
+ check-dup-records ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling boolean;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard boolean;
+ database string;
+ delegation-only boolean;
+ dialup ( notify | notify-passive | passive | refresh | boolean );
+ dlz string;
+ dnskey-sig-validity integer;
+ dnssec-dnskey-kskonly boolean;
+ dnssec-loadkeys-interval integer;
+ dnssec-policy string;
+ dnssec-secure-to-insecure boolean;
+ dnssec-update-mode ( maintain | no-resign );
+ file quoted_string;
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
+ | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
+ in-view string;
+ inline-signing boolean;
+ ixfr-from-differences boolean;
+ journal quoted_string;
+ key-directory quoted_string;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters [ port integer ] [ dscp integer ] { ( remote-servers
+ | ipv4_address [ port integer ] | ipv6_address [ port
+ integer ] ) [ key string ]; ... };
+ max-ixfr-ratio ( unlimited | percentage );
+ max-journal-size ( default | unlimited | sizeval );
+ max-records integer;
+ max-refresh-time integer;
+ max-retry-time integer;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-zone-ttl ( unlimited | duration );
+ min-refresh-time integer;
+ min-retry-time integer;
+ multi-master boolean;
+ notify ( explicit | master-only | primary-only | boolean );
+ notify-delay integer;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ notify-to-soa boolean;
+ parental-agents [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ primaries [ port integer ] [ dscp integer ] { (
+ remote-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ request-expire boolean;
+ request-ixfr boolean;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( ipv4_address | ipv6_address ); ... };
+ server-names { string; ... };
+ sig-signing-nodes integer;
+ sig-signing-signatures integer;
+ sig-signing-type integer;
+ sig-validity-interval integer [ integer ];
+ transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ try-tcp-refresh boolean;
+ type ( primary | master | secondary | slave | mirror |
+ delegation-only | forward | hint | redirect | static-stub |
+ stub );
+ update-check-ksk boolean;
+ update-policy ( local | { ( deny | grant ) string ( 6to4-self |
+ external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+ | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp-self | wildcard | zonesub ) [ string ]
+ rrtypelist; ... } );
+ use-alt-transfer-source boolean;
+ zero-no-soa-ttl boolean;
+ zone-statistics ( full | terse | none | boolean );
+ };
+
+Files
+~~~~~
+
+``/etc/named.conf``
+
+See Also
+~~~~~~~~
+
+:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual.
+