summaryrefslogtreecommitdiffstats
path: root/doc/man/named.conf.5in
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/man/named.conf.5in1175
1 files changed, 1175 insertions, 0 deletions
diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in
new file mode 100644
index 0000000..c87afa2
--- /dev/null
+++ b/doc/man/named.conf.5in
@@ -0,0 +1,1175 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "NAMED.CONF" "5" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+named.conf \- configuration file for **named**
+.SH SYNOPSIS
+.sp
+\fBnamed.conf\fP
+.SH DESCRIPTION
+.sp
+\fBnamed.conf\fP is the configuration file for \fBnamed\fP\&. Statements are
+enclosed in braces and terminated with a semi\-colon. Clauses in the
+statements are also semi\-colon terminated. The usual comment styles are
+supported:
+.sp
+C style: /* */
+.INDENT 0.0
+.INDENT 3.5
+C++ style: // to end of line
+.UNINDENT
+.UNINDENT
+.sp
+Unix style: # to end of line
+.SS ACL
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+acl string { address_match_element; ... };
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS CONTROLS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+controls {
+ inet ( ipv4_address | ipv6_address |
+ * ) [ port ( integer | * ) ] allow
+ { address_match_element; ... } [
+ keys { string; ... } ] [ read\-only
+ boolean ];
+ unix quoted_string perm integer
+ owner integer group integer [
+ keys { string; ... } ] [ read\-only
+ boolean ];
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS DLZ
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dlz string {
+ database string;
+ search boolean;
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS DNSSEC\-POLICY
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dnssec\-policy string {
+ dnskey\-ttl duration;
+ keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime
+ duration_or_unlimited algorithm string [ integer ]; ... };
+ max\-zone\-ttl duration;
+ nsec3param [ iterations integer ] [ optout boolean ] [
+ salt\-length integer ];
+ parent\-ds\-ttl duration;
+ parent\-propagation\-delay duration;
+ publish\-safety duration;
+ purge\-keys duration;
+ retire\-safety duration;
+ signatures\-refresh duration;
+ signatures\-validity duration;
+ signatures\-validity\-dnskey duration;
+ zone\-propagation\-delay duration;
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS DYNDB
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dyndb string quoted_string {
+ unspecified\-text };
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS KEY
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+key string {
+ algorithm string;
+ secret string;
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS LOGGING
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+logging {
+ category string { string; ... };
+ channel string {
+ buffered boolean;
+ file quoted_string [ versions ( unlimited | integer ) ]
+ [ size size ] [ suffix ( increment | timestamp ) ];
+ null;
+ print\-category boolean;
+ print\-severity boolean;
+ print\-time ( iso8601 | iso8601\-utc | local | boolean );
+ severity log_severity;
+ stderr;
+ syslog [ syslog_facility ];
+ };
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS MANAGED\-KEYS
+.sp
+See DNSSEC\-KEYS.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+managed\-keys { string ( static\-key
+ | initial\-key | static\-ds |
+ initial\-ds ) integer integer
+ integer quoted_string; ... };, deprecated
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS MASTERS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+masters string [ port integer ] [ dscp
+ integer ] { ( remote\-servers |
+ ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key
+ string ]; ... };
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS OPTIONS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+options {
+ allow\-new\-zones boolean;
+ allow\-notify { address_match_element; ... };
+ allow\-query { address_match_element; ... };
+ allow\-query\-cache { address_match_element; ... };
+ allow\-query\-cache\-on { address_match_element; ... };
+ allow\-query\-on { address_match_element; ... };
+ allow\-recursion { address_match_element; ... };
+ allow\-recursion\-on { address_match_element; ... };
+ allow\-transfer { address_match_element; ... };
+ allow\-update { address_match_element; ... };
+ allow\-update\-forwarding { address_match_element; ... };
+ also\-notify [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ answer\-cookie boolean;
+ attach\-cache string;
+ auth\-nxdomain boolean; // default changed
+ auto\-dnssec ( allow | maintain | off );// deprecated
+ automatic\-interface\-scan boolean;
+ avoid\-v4\-udp\-ports { portrange; ... };
+ avoid\-v6\-udp\-ports { portrange; ... };
+ bindkeys\-file quoted_string;
+ blackhole { address_match_element; ... };
+ cache\-file quoted_string;// deprecated
+ catalog\-zones { zone string [ default\-masters [ port integer ]
+ [ dscp integer ] { ( remote\-servers | ipv4_address [ port
+ integer ] | ipv6_address [ port integer ] ) [ key
+ string ]; ... } ] [ zone\-directory quoted_string ] [
+ in\-memory boolean ] [ min\-update\-interval duration ]; ... };
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity boolean;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( primary | master |
+ secondary | slave | response ) (
+ fail | warn | ignore );
+ check\-sibling boolean;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard boolean;
+ clients\-per\-query integer;
+ cookie\-algorithm ( aes | siphash24 );
+ cookie\-secret string;
+ coresize ( default | unlimited | sizeval );
+ datasize ( default | unlimited | sizeval );
+ deny\-answer\-addresses { address_match_element; ... } [
+ except\-from { string; ... } ];
+ deny\-answer\-aliases { string; ... } [ except\-from { string; ...
+ } ];
+ dialup ( notify | notify\-passive | passive | refresh | boolean );
+ directory quoted_string;
+ disable\-algorithms string { string;
+ ... };
+ disable\-ds\-digests string { string;
+ ... };
+ disable\-empty\-zone string;
+ dns64 netprefix {
+ break\-dnssec boolean;
+ clients { address_match_element; ... };
+ exclude { address_match_element; ... };
+ mapped { address_match_element; ... };
+ recursive\-only boolean;
+ suffix ipv6_address;
+ };
+ dns64\-contact string;
+ dns64\-server string;
+ dnskey\-sig\-validity integer;
+ dnsrps\-enable boolean;
+ dnsrps\-options { unspecified\-text };
+ dnssec\-accept\-expired boolean;
+ dnssec\-dnskey\-kskonly boolean;
+ dnssec\-loadkeys\-interval integer;
+ dnssec\-must\-be\-secure string boolean;
+ dnssec\-policy string;
+ dnssec\-secure\-to\-insecure boolean;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [
+ ( query | response ) ]; ... };
+ dnstap\-identity ( quoted_string | none | hostname );
+ dnstap\-output ( file | unix ) quoted_string [ size ( unlimited |
+ size ) ] [ versions ( unlimited | integer ) ] [ suffix (
+ increment | timestamp ) ];
+ dnstap\-version ( quoted_string | none );
+ dscp integer;
+ dual\-stack\-servers [ port integer ] { ( quoted_string [ port
+ integer ] [ dscp integer ] | ipv4_address [ port
+ integer ] [ dscp integer ] | ipv6_address [ port
+ integer ] [ dscp integer ] ); ... };
+ dump\-file quoted_string;
+ edns\-udp\-size integer;
+ empty\-contact string;
+ empty\-server string;
+ empty\-zones\-enable boolean;
+ fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint;
+ fetches\-per\-server integer [ ( drop | fail ) ];
+ fetches\-per\-zone integer [ ( drop | fail ) ];
+ files ( default | unlimited | sizeval );
+ flush\-zones\-on\-shutdown boolean;
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
+ | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
+ fstrm\-set\-buffer\-hint integer;
+ fstrm\-set\-flush\-timeout integer;
+ fstrm\-set\-input\-queue\-size integer;
+ fstrm\-set\-output\-notify\-threshold integer;
+ fstrm\-set\-output\-queue\-model ( mpsc | spsc );
+ fstrm\-set\-output\-queue\-size integer;
+ fstrm\-set\-reopen\-interval duration;
+ geoip\-directory ( quoted_string | none );
+ glue\-cache boolean;
+ heartbeat\-interval integer;
+ hostname ( quoted_string | none );
+ interface\-interval duration;
+ ixfr\-from\-differences ( primary | master | secondary | slave |
+ boolean );
+ keep\-response\-order { address_match_element; ... };
+ key\-directory quoted_string;
+ lame\-ttl duration;
+ listen\-on [ port integer ] [ dscp
+ integer ] {
+ address_match_element; ... };
+ listen\-on\-v6 [ port integer ] [ dscp
+ integer ] {
+ address_match_element; ... };
+ lmdb\-mapsize sizeval;
+ lock\-file ( quoted_string | none );
+ managed\-keys\-directory quoted_string;
+ masterfile\-format ( map | raw | text );
+ masterfile\-style ( full | relative );
+ match\-mapped\-addresses boolean;
+ max\-cache\-size ( default | unlimited | sizeval | percentage );
+ max\-cache\-ttl duration;
+ max\-clients\-per\-query integer;
+ max\-ixfr\-ratio ( unlimited | percentage );
+ max\-journal\-size ( default | unlimited | sizeval );
+ max\-ncache\-ttl duration;
+ max\-records integer;
+ max\-recursion\-depth integer;
+ max\-recursion\-queries integer;
+ max\-refresh\-time integer;
+ max\-retry\-time integer;
+ max\-rsa\-exponent\-size integer;
+ max\-stale\-ttl duration;
+ max\-transfer\-idle\-in integer;
+ max\-transfer\-idle\-out integer;
+ max\-transfer\-time\-in integer;
+ max\-transfer\-time\-out integer;
+ max\-udp\-size integer;
+ max\-zone\-ttl ( unlimited | duration );
+ memstatistics boolean;
+ memstatistics\-file quoted_string;
+ message\-compression boolean;
+ min\-cache\-ttl duration;
+ min\-ncache\-ttl duration;
+ min\-refresh\-time integer;
+ min\-retry\-time integer;
+ minimal\-any boolean;
+ minimal\-responses ( no\-auth | no\-auth\-recursive | boolean );
+ multi\-master boolean;
+ new\-zones\-directory quoted_string;
+ no\-case\-compress { address_match_element; ... };
+ nocookie\-udp\-size integer;
+ notify ( explicit | master\-only | primary\-only | boolean );
+ notify\-delay integer;
+ notify\-rate integer;
+ notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ notify\-to\-soa boolean;
+ nta\-lifetime duration;
+ nta\-recheck duration;
+ nxdomain\-redirect string;
+ parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ pid\-file ( quoted_string | none );
+ port integer;
+ preferred\-glue string;
+ prefetch integer [ integer ];
+ provide\-ixfr boolean;
+ qname\-minimization ( strict | relaxed | disabled | off );
+ query\-source ( ( [ address ] ( ipv4_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ querylog boolean;
+ random\-device ( quoted_string | none );
+ rate\-limit {
+ all\-per\-second integer;
+ errors\-per\-second integer;
+ exempt\-clients { address_match_element; ... };
+ ipv4\-prefix\-length integer;
+ ipv6\-prefix\-length integer;
+ log\-only boolean;
+ max\-table\-size integer;
+ min\-table\-size integer;
+ nodata\-per\-second integer;
+ nxdomains\-per\-second integer;
+ qps\-scale integer;
+ referrals\-per\-second integer;
+ responses\-per\-second integer;
+ slip integer;
+ window integer;
+ };
+ recursing\-file quoted_string;
+ recursion boolean;
+ recursive\-clients integer;
+ request\-expire boolean;
+ request\-ixfr boolean;
+ request\-nsid boolean;
+ require\-server\-cookie boolean;
+ reserved\-sockets integer;
+ resolver\-nonbackoff\-tries integer;
+ resolver\-query\-timeout integer;
+ resolver\-retry\-interval integer;
+ response\-padding { address_match_element; ... } block\-size
+ integer;
+ response\-policy { zone string [ add\-soa boolean ] [ log
+ boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval
+ duration ] [ policy ( cname | disabled | drop | given | no\-op
+ | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [
+ recursive\-only boolean ] [ nsip\-enable boolean ] [
+ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [
+ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [
+ min\-update\-interval duration ] [ min\-ns\-dots integer ] [
+ nsip\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ]
+ [ recursive\-only boolean ] [ nsip\-enable boolean ] [
+ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [
+ dnsrps\-options { unspecified\-text } ];
+ reuseport boolean;
+ root\-delegation\-only [ exclude { string; ... } ];
+ root\-key\-sentinel boolean;
+ rrset\-order { [ class string ] [ type string ] [ name
+ quoted_string ] string string; ... };
+ secroots\-file quoted_string;
+ send\-cookie boolean;
+ serial\-query\-rate integer;
+ serial\-update\-method ( date | increment | unixtime );
+ server\-id ( quoted_string | none | hostname );
+ servfail\-ttl duration;
+ session\-keyalg string;
+ session\-keyfile ( quoted_string | none );
+ session\-keyname string;
+ sig\-signing\-nodes integer;
+ sig\-signing\-signatures integer;
+ sig\-signing\-type integer;
+ sig\-validity\-interval integer [ integer ];
+ sortlist { address_match_element; ... };
+ stacksize ( default | unlimited | sizeval );
+ stale\-answer\-client\-timeout ( disabled | off | integer );
+ stale\-answer\-enable boolean;
+ stale\-answer\-ttl duration;
+ stale\-cache\-enable boolean;
+ stale\-refresh\-time duration;
+ startup\-notify\-rate integer;
+ statistics\-file quoted_string;
+ synth\-from\-dnssec boolean;
+ tcp\-advertised\-timeout integer;
+ tcp\-clients integer;
+ tcp\-idle\-timeout integer;
+ tcp\-initial\-timeout integer;
+ tcp\-keepalive\-timeout integer;
+ tcp\-listen\-queue integer;
+ tkey\-dhkey quoted_string integer;
+ tkey\-domain quoted_string;
+ tkey\-gssapi\-credential quoted_string;
+ tkey\-gssapi\-keytab quoted_string;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-message\-size integer;
+ transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ transfers\-in integer;
+ transfers\-out integer;
+ transfers\-per\-ns integer;
+ trust\-anchor\-telemetry boolean; // experimental
+ try\-tcp\-refresh boolean;
+ update\-check\-ksk boolean;
+ update\-quota integer;
+ use\-alt\-transfer\-source boolean;
+ use\-v4\-udp\-ports { portrange; ... };
+ use\-v6\-udp\-ports { portrange; ... };
+ v6\-bias integer;
+ validate\-except { string; ... };
+ version ( quoted_string | none );
+ zero\-no\-soa\-ttl boolean;
+ zero\-no\-soa\-ttl\-cache boolean;
+ zone\-statistics ( full | terse | none | boolean );
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS PARENTAL\-AGENTS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+parental\-agents string [ port integer ] [
+ dscp integer ] { ( remote\-servers |
+ ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key
+ string ]; ... };
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS PLUGIN
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+plugin ( query ) string [ { unspecified\-text
+ } ];
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS PRIMARIES
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+primaries string [ port integer ] [ dscp
+ integer ] { ( remote\-servers |
+ ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key
+ string ]; ... };
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS SERVER
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+server netprefix {
+ bogus boolean;
+ edns boolean;
+ edns\-udp\-size integer;
+ edns\-version integer;
+ keys server_key;
+ max\-udp\-size integer;
+ notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ padding integer;
+ provide\-ixfr boolean;
+ query\-source ( ( [ address ] ( ipv4_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ request\-expire boolean;
+ request\-ixfr boolean;
+ request\-nsid boolean;
+ send\-cookie boolean;
+ tcp\-keepalive boolean;
+ tcp\-only boolean;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ transfers integer;
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS STATISTICS\-CHANNELS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+statistics\-channels {
+ inet ( ipv4_address | ipv6_address |
+ * ) [ port ( integer | * ) ] [
+ allow { address_match_element; ...
+ } ];
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS TRUST\-ANCHORS
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+trust\-anchors { string ( static\-key |
+ initial\-key | static\-ds | initial\-ds )
+ integer integer integer
+ quoted_string; ... };
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS TRUSTED\-KEYS
+.sp
+Deprecated \- see DNSSEC\-KEYS.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+trusted\-keys { string integer
+ integer integer
+ quoted_string; ... };, deprecated
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS VIEW
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+view string [ class ] {
+ allow\-new\-zones boolean;
+ allow\-notify { address_match_element; ... };
+ allow\-query { address_match_element; ... };
+ allow\-query\-cache { address_match_element; ... };
+ allow\-query\-cache\-on { address_match_element; ... };
+ allow\-query\-on { address_match_element; ... };
+ allow\-recursion { address_match_element; ... };
+ allow\-recursion\-on { address_match_element; ... };
+ allow\-transfer { address_match_element; ... };
+ allow\-update { address_match_element; ... };
+ allow\-update\-forwarding { address_match_element; ... };
+ also\-notify [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ attach\-cache string;
+ auth\-nxdomain boolean; // default changed
+ auto\-dnssec ( allow | maintain | off );// deprecated
+ cache\-file quoted_string;// deprecated
+ catalog\-zones { zone string [ default\-masters [ port integer ]
+ [ dscp integer ] { ( remote\-servers | ipv4_address [ port
+ integer ] | ipv6_address [ port integer ] ) [ key
+ string ]; ... } ] [ zone\-directory quoted_string ] [
+ in\-memory boolean ] [ min\-update\-interval duration ]; ... };
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity boolean;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( primary | master |
+ secondary | slave | response ) (
+ fail | warn | ignore );
+ check\-sibling boolean;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard boolean;
+ clients\-per\-query integer;
+ deny\-answer\-addresses { address_match_element; ... } [
+ except\-from { string; ... } ];
+ deny\-answer\-aliases { string; ... } [ except\-from { string; ...
+ } ];
+ dialup ( notify | notify\-passive | passive | refresh | boolean );
+ disable\-algorithms string { string;
+ ... };
+ disable\-ds\-digests string { string;
+ ... };
+ disable\-empty\-zone string;
+ dlz string {
+ database string;
+ search boolean;
+ };
+ dns64 netprefix {
+ break\-dnssec boolean;
+ clients { address_match_element; ... };
+ exclude { address_match_element; ... };
+ mapped { address_match_element; ... };
+ recursive\-only boolean;
+ suffix ipv6_address;
+ };
+ dns64\-contact string;
+ dns64\-server string;
+ dnskey\-sig\-validity integer;
+ dnsrps\-enable boolean;
+ dnsrps\-options { unspecified\-text };
+ dnssec\-accept\-expired boolean;
+ dnssec\-dnskey\-kskonly boolean;
+ dnssec\-loadkeys\-interval integer;
+ dnssec\-must\-be\-secure string boolean;
+ dnssec\-policy string;
+ dnssec\-secure\-to\-insecure boolean;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [
+ ( query | response ) ]; ... };
+ dual\-stack\-servers [ port integer ] { ( quoted_string [ port
+ integer ] [ dscp integer ] | ipv4_address [ port
+ integer ] [ dscp integer ] | ipv6_address [ port
+ integer ] [ dscp integer ] ); ... };
+ dyndb string quoted_string {
+ unspecified\-text };
+ edns\-udp\-size integer;
+ empty\-contact string;
+ empty\-server string;
+ empty\-zones\-enable boolean;
+ fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint;
+ fetches\-per\-server integer [ ( drop | fail ) ];
+ fetches\-per\-zone integer [ ( drop | fail ) ];
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
+ | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
+ glue\-cache boolean;
+ ixfr\-from\-differences ( primary | master | secondary | slave |
+ boolean );
+ key string {
+ algorithm string;
+ secret string;
+ };
+ key\-directory quoted_string;
+ lame\-ttl duration;
+ lmdb\-mapsize sizeval;
+ managed\-keys { string (
+ static\-key | initial\-key
+ | static\-ds | initial\-ds
+ ) integer integer
+ integer
+ quoted_string; ... };, deprecated
+ masterfile\-format ( map | raw | text );
+ masterfile\-style ( full | relative );
+ match\-clients { address_match_element; ... };
+ match\-destinations { address_match_element; ... };
+ match\-recursive\-only boolean;
+ max\-cache\-size ( default | unlimited | sizeval | percentage );
+ max\-cache\-ttl duration;
+ max\-clients\-per\-query integer;
+ max\-ixfr\-ratio ( unlimited | percentage );
+ max\-journal\-size ( default | unlimited | sizeval );
+ max\-ncache\-ttl duration;
+ max\-records integer;
+ max\-recursion\-depth integer;
+ max\-recursion\-queries integer;
+ max\-refresh\-time integer;
+ max\-retry\-time integer;
+ max\-stale\-ttl duration;
+ max\-transfer\-idle\-in integer;
+ max\-transfer\-idle\-out integer;
+ max\-transfer\-time\-in integer;
+ max\-transfer\-time\-out integer;
+ max\-udp\-size integer;
+ max\-zone\-ttl ( unlimited | duration );
+ message\-compression boolean;
+ min\-cache\-ttl duration;
+ min\-ncache\-ttl duration;
+ min\-refresh\-time integer;
+ min\-retry\-time integer;
+ minimal\-any boolean;
+ minimal\-responses ( no\-auth | no\-auth\-recursive | boolean );
+ multi\-master boolean;
+ new\-zones\-directory quoted_string;
+ no\-case\-compress { address_match_element; ... };
+ nocookie\-udp\-size integer;
+ notify ( explicit | master\-only | primary\-only | boolean );
+ notify\-delay integer;
+ notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ notify\-to\-soa boolean;
+ nta\-lifetime duration;
+ nta\-recheck duration;
+ nxdomain\-redirect string;
+ parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ plugin ( query ) string [ {
+ unspecified\-text } ];
+ preferred\-glue string;
+ prefetch integer [ integer ];
+ provide\-ixfr boolean;
+ qname\-minimization ( strict | relaxed | disabled | off );
+ query\-source ( ( [ address ] ( ipv4_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
+ integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
+ port ( integer | * ) ) ) [ dscp integer ];
+ rate\-limit {
+ all\-per\-second integer;
+ errors\-per\-second integer;
+ exempt\-clients { address_match_element; ... };
+ ipv4\-prefix\-length integer;
+ ipv6\-prefix\-length integer;
+ log\-only boolean;
+ max\-table\-size integer;
+ min\-table\-size integer;
+ nodata\-per\-second integer;
+ nxdomains\-per\-second integer;
+ qps\-scale integer;
+ referrals\-per\-second integer;
+ responses\-per\-second integer;
+ slip integer;
+ window integer;
+ };
+ recursion boolean;
+ request\-expire boolean;
+ request\-ixfr boolean;
+ request\-nsid boolean;
+ require\-server\-cookie boolean;
+ resolver\-nonbackoff\-tries integer;
+ resolver\-query\-timeout integer;
+ resolver\-retry\-interval integer;
+ response\-padding { address_match_element; ... } block\-size
+ integer;
+ response\-policy { zone string [ add\-soa boolean ] [ log
+ boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval
+ duration ] [ policy ( cname | disabled | drop | given | no\-op
+ | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [
+ recursive\-only boolean ] [ nsip\-enable boolean ] [
+ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [
+ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [
+ min\-update\-interval duration ] [ min\-ns\-dots integer ] [
+ nsip\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ]
+ [ recursive\-only boolean ] [ nsip\-enable boolean ] [
+ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [
+ dnsrps\-options { unspecified\-text } ];
+ root\-delegation\-only [ exclude { string; ... } ];
+ root\-key\-sentinel boolean;
+ rrset\-order { [ class string ] [ type string ] [ name
+ quoted_string ] string string; ... };
+ send\-cookie boolean;
+ serial\-update\-method ( date | increment | unixtime );
+ server netprefix {
+ bogus boolean;
+ edns boolean;
+ edns\-udp\-size integer;
+ edns\-version integer;
+ keys server_key;
+ max\-udp\-size integer;
+ notify\-source ( ipv4_address | * ) [ port ( integer | *
+ ) ] [ dscp integer ];
+ notify\-source\-v6 ( ipv6_address | * ) [ port ( integer
+ | * ) ] [ dscp integer ];
+ padding integer;
+ provide\-ixfr boolean;
+ query\-source ( ( [ address ] ( ipv4_address | * ) [ port
+ ( integer | * ) ] ) | ( [ [ address ] (
+ ipv4_address | * ) ] port ( integer | * ) ) ) [
+ dscp integer ];
+ query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [
+ port ( integer | * ) ] ) | ( [ [ address ] (
+ ipv6_address | * ) ] port ( integer | * ) ) ) [
+ dscp integer ];
+ request\-expire boolean;
+ request\-ixfr boolean;
+ request\-nsid boolean;
+ send\-cookie boolean;
+ tcp\-keepalive boolean;
+ tcp\-only boolean;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( ipv4_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ transfer\-source\-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ transfers integer;
+ };
+ servfail\-ttl duration;
+ sig\-signing\-nodes integer;
+ sig\-signing\-signatures integer;
+ sig\-signing\-type integer;
+ sig\-validity\-interval integer [ integer ];
+ sortlist { address_match_element; ... };
+ stale\-answer\-client\-timeout ( disabled | off | integer );
+ stale\-answer\-enable boolean;
+ stale\-answer\-ttl duration;
+ stale\-cache\-enable boolean;
+ stale\-refresh\-time duration;
+ synth\-from\-dnssec boolean;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ trust\-anchor\-telemetry boolean; // experimental
+ trust\-anchors { string ( static\-key |
+ initial\-key | static\-ds | initial\-ds
+ ) integer integer integer
+ quoted_string; ... };
+ trusted\-keys { string
+ integer integer
+ integer
+ quoted_string; ... };, deprecated
+ try\-tcp\-refresh boolean;
+ update\-check\-ksk boolean;
+ use\-alt\-transfer\-source boolean;
+ v6\-bias integer;
+ validate\-except { string; ... };
+ zero\-no\-soa\-ttl boolean;
+ zero\-no\-soa\-ttl\-cache boolean;
+ zone string [ class ] {
+ allow\-notify { address_match_element; ... };
+ allow\-query { address_match_element; ... };
+ allow\-query\-on { address_match_element; ... };
+ allow\-transfer { address_match_element; ... };
+ allow\-update { address_match_element; ... };
+ allow\-update\-forwarding { address_match_element; ... };
+ also\-notify [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ alt\-transfer\-source ( ipv4_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ auto\-dnssec ( allow | maintain | off );// deprecated
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity boolean;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( fail | warn | ignore );
+ check\-sibling boolean;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard boolean;
+ database string;
+ delegation\-only boolean;
+ dialup ( notify | notify\-passive | passive | refresh |
+ boolean );
+ dlz string;
+ dnskey\-sig\-validity integer;
+ dnssec\-dnskey\-kskonly boolean;
+ dnssec\-loadkeys\-interval integer;
+ dnssec\-policy string;
+ dnssec\-secure\-to\-insecure boolean;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file quoted_string;
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { (
+ ipv4_address | ipv6_address ) [ port integer ] [
+ dscp integer ]; ... };
+ in\-view string;
+ inline\-signing boolean;
+ ixfr\-from\-differences boolean;
+ journal quoted_string;
+ key\-directory quoted_string;
+ masterfile\-format ( map | raw | text );
+ masterfile\-style ( full | relative );
+ masters [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ max\-ixfr\-ratio ( unlimited | percentage );
+ max\-journal\-size ( default | unlimited | sizeval );
+ max\-records integer;
+ max\-refresh\-time integer;
+ max\-retry\-time integer;
+ max\-transfer\-idle\-in integer;
+ max\-transfer\-idle\-out integer;
+ max\-transfer\-time\-in integer;
+ max\-transfer\-time\-out integer;
+ max\-zone\-ttl ( unlimited | duration );
+ min\-refresh\-time integer;
+ min\-retry\-time integer;
+ multi\-master boolean;
+ notify ( explicit | master\-only | primary\-only | boolean );
+ notify\-delay integer;
+ notify\-source ( ipv4_address | * ) [ port ( integer | *
+ ) ] [ dscp integer ];
+ notify\-source\-v6 ( ipv6_address | * ) [ port ( integer
+ | * ) ] [ dscp integer ];
+ notify\-to\-soa boolean;
+ parental\-agents [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ parental\-source ( ipv4_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ parental\-source\-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ primaries [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ];
+ ... };
+ request\-expire boolean;
+ request\-ixfr boolean;
+ serial\-update\-method ( date | increment | unixtime );
+ server\-addresses { ( ipv4_address | ipv6_address ); ... };
+ server\-names { string; ... };
+ sig\-signing\-nodes integer;
+ sig\-signing\-signatures integer;
+ sig\-signing\-type integer;
+ sig\-validity\-interval integer [ integer ];
+ transfer\-source ( ipv4_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ transfer\-source\-v6 ( ipv6_address | * ) [ port (
+ integer | * ) ] [ dscp integer ];
+ try\-tcp\-refresh boolean;
+ type ( primary | master | secondary | slave | mirror |
+ delegation\-only | forward | hint | redirect |
+ static\-stub | stub );
+ update\-check\-ksk boolean;
+ update\-policy ( local | { ( deny | grant ) string (
+ 6to4\-self | external | krb5\-self | krb5\-selfsub |
+ krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp\-self
+ | wildcard | zonesub ) [ string ] rrtypelist; ... } );
+ use\-alt\-transfer\-source boolean;
+ zero\-no\-soa\-ttl boolean;
+ zone\-statistics ( full | terse | none | boolean );
+ };
+ zone\-statistics ( full | terse | none | boolean );
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS ZONE
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone string [ class ] {
+ allow\-notify { address_match_element; ... };
+ allow\-query { address_match_element; ... };
+ allow\-query\-on { address_match_element; ... };
+ allow\-transfer { address_match_element; ... };
+ allow\-update { address_match_element; ... };
+ allow\-update\-forwarding { address_match_element; ... };
+ also\-notify [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
+ * ) ] [ dscp integer ];
+ auto\-dnssec ( allow | maintain | off );// deprecated
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity boolean;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( fail | warn | ignore );
+ check\-sibling boolean;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard boolean;
+ database string;
+ delegation\-only boolean;
+ dialup ( notify | notify\-passive | passive | refresh | boolean );
+ dlz string;
+ dnskey\-sig\-validity integer;
+ dnssec\-dnskey\-kskonly boolean;
+ dnssec\-loadkeys\-interval integer;
+ dnssec\-policy string;
+ dnssec\-secure\-to\-insecure boolean;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file quoted_string;
+ forward ( first | only );
+ forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
+ | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
+ in\-view string;
+ inline\-signing boolean;
+ ixfr\-from\-differences boolean;
+ journal quoted_string;
+ key\-directory quoted_string;
+ masterfile\-format ( map | raw | text );
+ masterfile\-style ( full | relative );
+ masters [ port integer ] [ dscp integer ] { ( remote\-servers
+ | ipv4_address [ port integer ] | ipv6_address [ port
+ integer ] ) [ key string ]; ... };
+ max\-ixfr\-ratio ( unlimited | percentage );
+ max\-journal\-size ( default | unlimited | sizeval );
+ max\-records integer;
+ max\-refresh\-time integer;
+ max\-retry\-time integer;
+ max\-transfer\-idle\-in integer;
+ max\-transfer\-idle\-out integer;
+ max\-transfer\-time\-in integer;
+ max\-transfer\-time\-out integer;
+ max\-zone\-ttl ( unlimited | duration );
+ min\-refresh\-time integer;
+ min\-retry\-time integer;
+ multi\-master boolean;
+ notify ( explicit | master\-only | primary\-only | boolean );
+ notify\-delay integer;
+ notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
+ [ dscp integer ];
+ notify\-to\-soa boolean;
+ parental\-agents [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ primaries [ port integer ] [ dscp integer ] { (
+ remote\-servers | ipv4_address [ port integer ] |
+ ipv6_address [ port integer ] ) [ key string ]; ... };
+ request\-expire boolean;
+ request\-ixfr boolean;
+ serial\-update\-method ( date | increment | unixtime );
+ server\-addresses { ( ipv4_address | ipv6_address ); ... };
+ server\-names { string; ... };
+ sig\-signing\-nodes integer;
+ sig\-signing\-signatures integer;
+ sig\-signing\-type integer;
+ sig\-validity\-interval integer [ integer ];
+ transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
+ dscp integer ];
+ transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
+ ] [ dscp integer ];
+ try\-tcp\-refresh boolean;
+ type ( primary | master | secondary | slave | mirror |
+ delegation\-only | forward | hint | redirect | static\-stub |
+ stub );
+ update\-check\-ksk boolean;
+ update\-policy ( local | { ( deny | grant ) string ( 6to4\-self |
+ external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self
+ | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp\-self | wildcard | zonesub ) [ string ]
+ rrtypelist; ... } );
+ use\-alt\-transfer\-source boolean;
+ zero\-no\-soa\-ttl boolean;
+ zone\-statistics ( full | terse | none | boolean );
+};
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH FILES
+.sp
+\fB/etc/named.conf\fP
+.SH SEE ALSO
+.sp
+\fBddns\-confgen(8)\fP, \fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.