1.. 2 Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 4 This Source Code Form is subject to the terms of the Mozilla Public 5 License, v. 2.0. If a copy of the MPL was not distributed with this 6 file, you can obtain one at https://mozilla.org/MPL/2.0/. 7 8 See the COPYRIGHT file distributed with this work for additional 9 information regarding copyright ownership. 10 11.. highlight: console 12 13named.conf - configuration file for **named** 14--------------------------------------------- 15 16Synopsis 17~~~~~~~~ 18 19:program:`named.conf` 20 21Description 22~~~~~~~~~~~ 23 24``named.conf`` is the configuration file for ``named``. Statements are 25enclosed in braces and terminated with a semi-colon. Clauses in the 26statements are also semi-colon terminated. The usual comment styles are 27supported: 28 29C style: /\* \*/ 30 31 C++ style: // to end of line 32 33Unix style: # to end of line 34 35ACL 36^^^ 37 38:: 39 40 acl string { address_match_element; ... }; 41 42CONTROLS 43^^^^^^^^ 44 45:: 46 47 controls { 48 inet ( ipv4_address | ipv6_address | 49 * ) [ port ( integer | * ) ] allow 50 { address_match_element; ... } [ 51 keys { string; ... } ] [ read-only 52 boolean ]; 53 unix quoted_string perm integer 54 owner integer group integer [ 55 keys { string; ... } ] [ read-only 56 boolean ]; 57 }; 58 59DLZ 60^^^ 61 62:: 63 64 dlz string { 65 database string; 66 search boolean; 67 }; 68 69DNSSEC-POLICY 70^^^^^^^^^^^^^ 71 72:: 73 74 dnssec-policy string { 75 dnskey-ttl duration; 76 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 77 duration_or_unlimited algorithm string [ integer ]; ... }; 78 max-zone-ttl duration; 79 nsec3param [ iterations integer ] [ optout boolean ] [ 80 salt-length integer ]; 81 parent-ds-ttl duration; 82 parent-propagation-delay duration; 83 publish-safety duration; 84 purge-keys duration; 85 retire-safety duration; 86 signatures-refresh duration; 87 signatures-validity duration; 88 signatures-validity-dnskey duration; 89 zone-propagation-delay duration; 90 }; 91 92DYNDB 93^^^^^ 94 95:: 96 97 dyndb string quoted_string { 98 unspecified-text }; 99 100KEY 101^^^ 102 103:: 104 105 key string { 106 algorithm string; 107 secret string; 108 }; 109 110LOGGING 111^^^^^^^ 112 113:: 114 115 logging { 116 category string { string; ... }; 117 channel string { 118 buffered boolean; 119 file quoted_string [ versions ( unlimited | integer ) ] 120 [ size size ] [ suffix ( increment | timestamp ) ]; 121 null; 122 print-category boolean; 123 print-severity boolean; 124 print-time ( iso8601 | iso8601-utc | local | boolean ); 125 severity log_severity; 126 stderr; 127 syslog [ syslog_facility ]; 128 }; 129 }; 130 131MANAGED-KEYS 132^^^^^^^^^^^^ 133 134See DNSSEC-KEYS. 135 136:: 137 138 managed-keys { string ( static-key 139 | initial-key | static-ds | 140 initial-ds ) integer integer 141 integer quoted_string; ... };, deprecated 142 143MASTERS 144^^^^^^^ 145 146:: 147 148 masters string [ port integer ] [ dscp 149 integer ] { ( remote-servers | 150 ipv4_address [ port integer ] | 151 ipv6_address [ port integer ] ) [ key 152 string ]; ... }; 153 154OPTIONS 155^^^^^^^ 156 157:: 158 159 options { 160 allow-new-zones boolean; 161 allow-notify { address_match_element; ... }; 162 allow-query { address_match_element; ... }; 163 allow-query-cache { address_match_element; ... }; 164 allow-query-cache-on { address_match_element; ... }; 165 allow-query-on { address_match_element; ... }; 166 allow-recursion { address_match_element; ... }; 167 allow-recursion-on { address_match_element; ... }; 168 allow-transfer { address_match_element; ... }; 169 allow-update { address_match_element; ... }; 170 allow-update-forwarding { address_match_element; ... }; 171 also-notify [ port integer ] [ dscp integer ] { ( 172 remote-servers | ipv4_address [ port integer ] | 173 ipv6_address [ port integer ] ) [ key string ]; ... }; 174 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 175 ] [ dscp integer ]; 176 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 177 * ) ] [ dscp integer ]; 178 answer-cookie boolean; 179 attach-cache string; 180 auth-nxdomain boolean; // default changed 181 auto-dnssec ( allow | maintain | off ); 182 automatic-interface-scan boolean; 183 avoid-v4-udp-ports { portrange; ... }; 184 avoid-v6-udp-ports { portrange; ... }; 185 bindkeys-file quoted_string; 186 blackhole { address_match_element; ... }; 187 cache-file quoted_string; 188 catalog-zones { zone string [ default-masters [ port integer ] 189 [ dscp integer ] { ( remote-servers | ipv4_address [ port 190 integer ] | ipv6_address [ port integer ] ) [ key 191 string ]; ... } ] [ zone-directory quoted_string ] [ 192 in-memory boolean ] [ min-update-interval duration ]; ... }; 193 check-dup-records ( fail | warn | ignore ); 194 check-integrity boolean; 195 check-mx ( fail | warn | ignore ); 196 check-mx-cname ( fail | warn | ignore ); 197 check-names ( primary | master | 198 secondary | slave | response ) ( 199 fail | warn | ignore ); 200 check-sibling boolean; 201 check-spf ( warn | ignore ); 202 check-srv-cname ( fail | warn | ignore ); 203 check-wildcard boolean; 204 clients-per-query integer; 205 cookie-algorithm ( aes | siphash24 ); 206 cookie-secret string; 207 coresize ( default | unlimited | sizeval ); 208 datasize ( default | unlimited | sizeval ); 209 deny-answer-addresses { address_match_element; ... } [ 210 except-from { string; ... } ]; 211 deny-answer-aliases { string; ... } [ except-from { string; ... 212 } ]; 213 dialup ( notify | notify-passive | passive | refresh | boolean ); 214 directory quoted_string; 215 disable-algorithms string { string; 216 ... }; 217 disable-ds-digests string { string; 218 ... }; 219 disable-empty-zone string; 220 dns64 netprefix { 221 break-dnssec boolean; 222 clients { address_match_element; ... }; 223 exclude { address_match_element; ... }; 224 mapped { address_match_element; ... }; 225 recursive-only boolean; 226 suffix ipv6_address; 227 }; 228 dns64-contact string; 229 dns64-server string; 230 dnskey-sig-validity integer; 231 dnsrps-enable boolean; 232 dnsrps-options { unspecified-text }; 233 dnssec-accept-expired boolean; 234 dnssec-dnskey-kskonly boolean; 235 dnssec-loadkeys-interval integer; 236 dnssec-must-be-secure string boolean; 237 dnssec-policy string; 238 dnssec-secure-to-insecure boolean; 239 dnssec-update-mode ( maintain | no-resign ); 240 dnssec-validation ( yes | no | auto ); 241 dnstap { ( all | auth | client | forwarder | resolver | update ) [ 242 ( query | response ) ]; ... }; 243 dnstap-identity ( quoted_string | none | hostname ); 244 dnstap-output ( file | unix ) quoted_string [ size ( unlimited | 245 size ) ] [ versions ( unlimited | integer ) ] [ suffix ( 246 increment | timestamp ) ]; 247 dnstap-version ( quoted_string | none ); 248 dscp integer; 249 dual-stack-servers [ port integer ] { ( quoted_string [ port 250 integer ] [ dscp integer ] | ipv4_address [ port 251 integer ] [ dscp integer ] | ipv6_address [ port 252 integer ] [ dscp integer ] ); ... }; 253 dump-file quoted_string; 254 edns-udp-size integer; 255 empty-contact string; 256 empty-server string; 257 empty-zones-enable boolean; 258 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 259 fetches-per-server integer [ ( drop | fail ) ]; 260 fetches-per-zone integer [ ( drop | fail ) ]; 261 files ( default | unlimited | sizeval ); 262 flush-zones-on-shutdown boolean; 263 forward ( first | only ); 264 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 265 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 266 fstrm-set-buffer-hint integer; 267 fstrm-set-flush-timeout integer; 268 fstrm-set-input-queue-size integer; 269 fstrm-set-output-notify-threshold integer; 270 fstrm-set-output-queue-model ( mpsc | spsc ); 271 fstrm-set-output-queue-size integer; 272 fstrm-set-reopen-interval duration; 273 geoip-directory ( quoted_string | none ); 274 glue-cache boolean; 275 heartbeat-interval integer; 276 hostname ( quoted_string | none ); 277 interface-interval duration; 278 ixfr-from-differences ( primary | master | secondary | slave | 279 boolean ); 280 keep-response-order { address_match_element; ... }; 281 key-directory quoted_string; 282 lame-ttl duration; 283 listen-on [ port integer ] [ dscp 284 integer ] { 285 address_match_element; ... }; 286 listen-on-v6 [ port integer ] [ dscp 287 integer ] { 288 address_match_element; ... }; 289 lmdb-mapsize sizeval; 290 lock-file ( quoted_string | none ); 291 managed-keys-directory quoted_string; 292 masterfile-format ( map | raw | text ); 293 masterfile-style ( full | relative ); 294 match-mapped-addresses boolean; 295 max-cache-size ( default | unlimited | sizeval | percentage ); 296 max-cache-ttl duration; 297 max-clients-per-query integer; 298 max-ixfr-ratio ( unlimited | percentage ); 299 max-journal-size ( default | unlimited | sizeval ); 300 max-ncache-ttl duration; 301 max-records integer; 302 max-recursion-depth integer; 303 max-recursion-queries integer; 304 max-refresh-time integer; 305 max-retry-time integer; 306 max-rsa-exponent-size integer; 307 max-stale-ttl duration; 308 max-transfer-idle-in integer; 309 max-transfer-idle-out integer; 310 max-transfer-time-in integer; 311 max-transfer-time-out integer; 312 max-udp-size integer; 313 max-zone-ttl ( unlimited | duration ); 314 memstatistics boolean; 315 memstatistics-file quoted_string; 316 message-compression boolean; 317 min-cache-ttl duration; 318 min-ncache-ttl duration; 319 min-refresh-time integer; 320 min-retry-time integer; 321 minimal-any boolean; 322 minimal-responses ( no-auth | no-auth-recursive | boolean ); 323 multi-master boolean; 324 new-zones-directory quoted_string; 325 no-case-compress { address_match_element; ... }; 326 nocookie-udp-size integer; 327 notify ( explicit | master-only | primary-only | boolean ); 328 notify-delay integer; 329 notify-rate integer; 330 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 331 dscp integer ]; 332 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 333 [ dscp integer ]; 334 notify-to-soa boolean; 335 nta-lifetime duration; 336 nta-recheck duration; 337 nxdomain-redirect string; 338 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 339 dscp integer ]; 340 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 341 ] [ dscp integer ]; 342 pid-file ( quoted_string | none ); 343 port integer; 344 preferred-glue string; 345 prefetch integer [ integer ]; 346 provide-ixfr boolean; 347 qname-minimization ( strict | relaxed | disabled | off ); 348 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 349 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 350 port ( integer | * ) ) ) [ dscp integer ]; 351 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 352 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 353 port ( integer | * ) ) ) [ dscp integer ]; 354 querylog boolean; 355 random-device ( quoted_string | none ); 356 rate-limit { 357 all-per-second integer; 358 errors-per-second integer; 359 exempt-clients { address_match_element; ... }; 360 ipv4-prefix-length integer; 361 ipv6-prefix-length integer; 362 log-only boolean; 363 max-table-size integer; 364 min-table-size integer; 365 nodata-per-second integer; 366 nxdomains-per-second integer; 367 qps-scale integer; 368 referrals-per-second integer; 369 responses-per-second integer; 370 slip integer; 371 window integer; 372 }; 373 recursing-file quoted_string; 374 recursion boolean; 375 recursive-clients integer; 376 request-expire boolean; 377 request-ixfr boolean; 378 request-nsid boolean; 379 require-server-cookie boolean; 380 reserved-sockets integer; 381 resolver-nonbackoff-tries integer; 382 resolver-query-timeout integer; 383 resolver-retry-interval integer; 384 response-padding { address_match_element; ... } block-size 385 integer; 386 response-policy { zone string [ add-soa boolean ] [ log 387 boolean ] [ max-policy-ttl duration ] [ min-update-interval 388 duration ] [ policy ( cname | disabled | drop | given | no-op 389 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 390 recursive-only boolean ] [ nsip-enable boolean ] [ 391 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 392 break-dnssec boolean ] [ max-policy-ttl duration ] [ 393 min-update-interval duration ] [ min-ns-dots integer ] [ 394 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] 395 [ recursive-only boolean ] [ nsip-enable boolean ] [ 396 nsdname-enable boolean ] [ dnsrps-enable boolean ] [ 397 dnsrps-options { unspecified-text } ]; 398 root-delegation-only [ exclude { string; ... } ]; 399 root-key-sentinel boolean; 400 rrset-order { [ class string ] [ type string ] [ name 401 quoted_string ] string string; ... }; 402 secroots-file quoted_string; 403 send-cookie boolean; 404 serial-query-rate integer; 405 serial-update-method ( date | increment | unixtime ); 406 server-id ( quoted_string | none | hostname ); 407 servfail-ttl duration; 408 session-keyalg string; 409 session-keyfile ( quoted_string | none ); 410 session-keyname string; 411 sig-signing-nodes integer; 412 sig-signing-signatures integer; 413 sig-signing-type integer; 414 sig-validity-interval integer [ integer ]; 415 sortlist { address_match_element; ... }; 416 stacksize ( default | unlimited | sizeval ); 417 stale-answer-client-timeout ( disabled | off | integer ); 418 stale-answer-enable boolean; 419 stale-answer-ttl duration; 420 stale-cache-enable boolean; 421 stale-refresh-time duration; 422 startup-notify-rate integer; 423 statistics-file quoted_string; 424 synth-from-dnssec boolean; 425 tcp-advertised-timeout integer; 426 tcp-clients integer; 427 tcp-idle-timeout integer; 428 tcp-initial-timeout integer; 429 tcp-keepalive-timeout integer; 430 tcp-listen-queue integer; 431 tkey-dhkey quoted_string integer; 432 tkey-domain quoted_string; 433 tkey-gssapi-credential quoted_string; 434 tkey-gssapi-keytab quoted_string; 435 transfer-format ( many-answers | one-answer ); 436 transfer-message-size integer; 437 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 438 dscp integer ]; 439 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 440 ] [ dscp integer ]; 441 transfers-in integer; 442 transfers-out integer; 443 transfers-per-ns integer; 444 trust-anchor-telemetry boolean; // experimental 445 try-tcp-refresh boolean; 446 update-check-ksk boolean; 447 use-alt-transfer-source boolean; 448 use-v4-udp-ports { portrange; ... }; 449 use-v6-udp-ports { portrange; ... }; 450 v6-bias integer; 451 validate-except { string; ... }; 452 version ( quoted_string | none ); 453 zero-no-soa-ttl boolean; 454 zero-no-soa-ttl-cache boolean; 455 zone-statistics ( full | terse | none | boolean ); 456 }; 457 458PARENTAL-AGENTS 459^^^^^^^^^^^^^^^ 460 461:: 462 463 parental-agents string [ port integer ] [ 464 dscp integer ] { ( remote-servers | 465 ipv4_address [ port integer ] | 466 ipv6_address [ port integer ] ) [ key 467 string ]; ... }; 468 469PLUGIN 470^^^^^^ 471 472:: 473 474 plugin ( query ) string [ { unspecified-text 475 } ]; 476 477PRIMARIES 478^^^^^^^^^ 479 480:: 481 482 primaries string [ port integer ] [ dscp 483 integer ] { ( remote-servers | 484 ipv4_address [ port integer ] | 485 ipv6_address [ port integer ] ) [ key 486 string ]; ... }; 487 488SERVER 489^^^^^^ 490 491:: 492 493 server netprefix { 494 bogus boolean; 495 edns boolean; 496 edns-udp-size integer; 497 edns-version integer; 498 keys server_key; 499 max-udp-size integer; 500 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 501 dscp integer ]; 502 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 503 [ dscp integer ]; 504 padding integer; 505 provide-ixfr boolean; 506 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 507 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 508 port ( integer | * ) ) ) [ dscp integer ]; 509 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 510 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 511 port ( integer | * ) ) ) [ dscp integer ]; 512 request-expire boolean; 513 request-ixfr boolean; 514 request-nsid boolean; 515 send-cookie boolean; 516 tcp-keepalive boolean; 517 tcp-only boolean; 518 transfer-format ( many-answers | one-answer ); 519 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 520 dscp integer ]; 521 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 522 ] [ dscp integer ]; 523 transfers integer; 524 }; 525 526STATISTICS-CHANNELS 527^^^^^^^^^^^^^^^^^^^ 528 529:: 530 531 statistics-channels { 532 inet ( ipv4_address | ipv6_address | 533 * ) [ port ( integer | * ) ] [ 534 allow { address_match_element; ... 535 } ]; 536 }; 537 538TRUST-ANCHORS 539^^^^^^^^^^^^^ 540 541:: 542 543 trust-anchors { string ( static-key | 544 initial-key | static-ds | initial-ds ) 545 integer integer integer 546 quoted_string; ... }; 547 548TRUSTED-KEYS 549^^^^^^^^^^^^ 550 551Deprecated - see DNSSEC-KEYS. 552 553:: 554 555 trusted-keys { string integer 556 integer integer 557 quoted_string; ... };, deprecated 558 559VIEW 560^^^^ 561 562:: 563 564 view string [ class ] { 565 allow-new-zones boolean; 566 allow-notify { address_match_element; ... }; 567 allow-query { address_match_element; ... }; 568 allow-query-cache { address_match_element; ... }; 569 allow-query-cache-on { address_match_element; ... }; 570 allow-query-on { address_match_element; ... }; 571 allow-recursion { address_match_element; ... }; 572 allow-recursion-on { address_match_element; ... }; 573 allow-transfer { address_match_element; ... }; 574 allow-update { address_match_element; ... }; 575 allow-update-forwarding { address_match_element; ... }; 576 also-notify [ port integer ] [ dscp integer ] { ( 577 remote-servers | ipv4_address [ port integer ] | 578 ipv6_address [ port integer ] ) [ key string ]; ... }; 579 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 580 ] [ dscp integer ]; 581 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 582 * ) ] [ dscp integer ]; 583 attach-cache string; 584 auth-nxdomain boolean; // default changed 585 auto-dnssec ( allow | maintain | off ); 586 cache-file quoted_string; 587 catalog-zones { zone string [ default-masters [ port integer ] 588 [ dscp integer ] { ( remote-servers | ipv4_address [ port 589 integer ] | ipv6_address [ port integer ] ) [ key 590 string ]; ... } ] [ zone-directory quoted_string ] [ 591 in-memory boolean ] [ min-update-interval duration ]; ... }; 592 check-dup-records ( fail | warn | ignore ); 593 check-integrity boolean; 594 check-mx ( fail | warn | ignore ); 595 check-mx-cname ( fail | warn | ignore ); 596 check-names ( primary | master | 597 secondary | slave | response ) ( 598 fail | warn | ignore ); 599 check-sibling boolean; 600 check-spf ( warn | ignore ); 601 check-srv-cname ( fail | warn | ignore ); 602 check-wildcard boolean; 603 clients-per-query integer; 604 deny-answer-addresses { address_match_element; ... } [ 605 except-from { string; ... } ]; 606 deny-answer-aliases { string; ... } [ except-from { string; ... 607 } ]; 608 dialup ( notify | notify-passive | passive | refresh | boolean ); 609 disable-algorithms string { string; 610 ... }; 611 disable-ds-digests string { string; 612 ... }; 613 disable-empty-zone string; 614 dlz string { 615 database string; 616 search boolean; 617 }; 618 dns64 netprefix { 619 break-dnssec boolean; 620 clients { address_match_element; ... }; 621 exclude { address_match_element; ... }; 622 mapped { address_match_element; ... }; 623 recursive-only boolean; 624 suffix ipv6_address; 625 }; 626 dns64-contact string; 627 dns64-server string; 628 dnskey-sig-validity integer; 629 dnsrps-enable boolean; 630 dnsrps-options { unspecified-text }; 631 dnssec-accept-expired boolean; 632 dnssec-dnskey-kskonly boolean; 633 dnssec-loadkeys-interval integer; 634 dnssec-must-be-secure string boolean; 635 dnssec-policy string; 636 dnssec-secure-to-insecure boolean; 637 dnssec-update-mode ( maintain | no-resign ); 638 dnssec-validation ( yes | no | auto ); 639 dnstap { ( all | auth | client | forwarder | resolver | update ) [ 640 ( query | response ) ]; ... }; 641 dual-stack-servers [ port integer ] { ( quoted_string [ port 642 integer ] [ dscp integer ] | ipv4_address [ port 643 integer ] [ dscp integer ] | ipv6_address [ port 644 integer ] [ dscp integer ] ); ... }; 645 dyndb string quoted_string { 646 unspecified-text }; 647 edns-udp-size integer; 648 empty-contact string; 649 empty-server string; 650 empty-zones-enable boolean; 651 fetch-quota-params integer fixedpoint fixedpoint fixedpoint; 652 fetches-per-server integer [ ( drop | fail ) ]; 653 fetches-per-zone integer [ ( drop | fail ) ]; 654 forward ( first | only ); 655 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 656 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 657 glue-cache boolean; 658 ixfr-from-differences ( primary | master | secondary | slave | 659 boolean ); 660 key string { 661 algorithm string; 662 secret string; 663 }; 664 key-directory quoted_string; 665 lame-ttl duration; 666 lmdb-mapsize sizeval; 667 managed-keys { string ( 668 static-key | initial-key 669 | static-ds | initial-ds 670 ) integer integer 671 integer 672 quoted_string; ... };, deprecated 673 masterfile-format ( map | raw | text ); 674 masterfile-style ( full | relative ); 675 match-clients { address_match_element; ... }; 676 match-destinations { address_match_element; ... }; 677 match-recursive-only boolean; 678 max-cache-size ( default | unlimited | sizeval | percentage ); 679 max-cache-ttl duration; 680 max-clients-per-query integer; 681 max-ixfr-ratio ( unlimited | percentage ); 682 max-journal-size ( default | unlimited | sizeval ); 683 max-ncache-ttl duration; 684 max-records integer; 685 max-recursion-depth integer; 686 max-recursion-queries integer; 687 max-refresh-time integer; 688 max-retry-time integer; 689 max-stale-ttl duration; 690 max-transfer-idle-in integer; 691 max-transfer-idle-out integer; 692 max-transfer-time-in integer; 693 max-transfer-time-out integer; 694 max-udp-size integer; 695 max-zone-ttl ( unlimited | duration ); 696 message-compression boolean; 697 min-cache-ttl duration; 698 min-ncache-ttl duration; 699 min-refresh-time integer; 700 min-retry-time integer; 701 minimal-any boolean; 702 minimal-responses ( no-auth | no-auth-recursive | boolean ); 703 multi-master boolean; 704 new-zones-directory quoted_string; 705 no-case-compress { address_match_element; ... }; 706 nocookie-udp-size integer; 707 notify ( explicit | master-only | primary-only | boolean ); 708 notify-delay integer; 709 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 710 dscp integer ]; 711 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 712 [ dscp integer ]; 713 notify-to-soa boolean; 714 nta-lifetime duration; 715 nta-recheck duration; 716 nxdomain-redirect string; 717 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 718 dscp integer ]; 719 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 720 ] [ dscp integer ]; 721 plugin ( query ) string [ { 722 unspecified-text } ]; 723 preferred-glue string; 724 prefetch integer [ integer ]; 725 provide-ixfr boolean; 726 qname-minimization ( strict | relaxed | disabled | off ); 727 query-source ( ( [ address ] ( ipv4_address | * ) [ port ( 728 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] 729 port ( integer | * ) ) ) [ dscp integer ]; 730 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( 731 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] 732 port ( integer | * ) ) ) [ dscp integer ]; 733 rate-limit { 734 all-per-second integer; 735 errors-per-second integer; 736 exempt-clients { address_match_element; ... }; 737 ipv4-prefix-length integer; 738 ipv6-prefix-length integer; 739 log-only boolean; 740 max-table-size integer; 741 min-table-size integer; 742 nodata-per-second integer; 743 nxdomains-per-second integer; 744 qps-scale integer; 745 referrals-per-second integer; 746 responses-per-second integer; 747 slip integer; 748 window integer; 749 }; 750 recursion boolean; 751 request-expire boolean; 752 request-ixfr boolean; 753 request-nsid boolean; 754 require-server-cookie boolean; 755 resolver-nonbackoff-tries integer; 756 resolver-query-timeout integer; 757 resolver-retry-interval integer; 758 response-padding { address_match_element; ... } block-size 759 integer; 760 response-policy { zone string [ add-soa boolean ] [ log 761 boolean ] [ max-policy-ttl duration ] [ min-update-interval 762 duration ] [ policy ( cname | disabled | drop | given | no-op 763 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ 764 recursive-only boolean ] [ nsip-enable boolean ] [ 765 nsdname-enable boolean ]; ... } [ add-soa boolean ] [ 766 break-dnssec boolean ] [ max-policy-ttl duration ] [ 767 min-update-interval duration ] [ min-ns-dots integer ] [ 768 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] 769 [ recursive-only boolean ] [ nsip-enable boolean ] [ 770 nsdname-enable boolean ] [ dnsrps-enable boolean ] [ 771 dnsrps-options { unspecified-text } ]; 772 root-delegation-only [ exclude { string; ... } ]; 773 root-key-sentinel boolean; 774 rrset-order { [ class string ] [ type string ] [ name 775 quoted_string ] string string; ... }; 776 send-cookie boolean; 777 serial-update-method ( date | increment | unixtime ); 778 server netprefix { 779 bogus boolean; 780 edns boolean; 781 edns-udp-size integer; 782 edns-version integer; 783 keys server_key; 784 max-udp-size integer; 785 notify-source ( ipv4_address | * ) [ port ( integer | * 786 ) ] [ dscp integer ]; 787 notify-source-v6 ( ipv6_address | * ) [ port ( integer 788 | * ) ] [ dscp integer ]; 789 padding integer; 790 provide-ixfr boolean; 791 query-source ( ( [ address ] ( ipv4_address | * ) [ port 792 ( integer | * ) ] ) | ( [ [ address ] ( 793 ipv4_address | * ) ] port ( integer | * ) ) ) [ 794 dscp integer ]; 795 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ 796 port ( integer | * ) ] ) | ( [ [ address ] ( 797 ipv6_address | * ) ] port ( integer | * ) ) ) [ 798 dscp integer ]; 799 request-expire boolean; 800 request-ixfr boolean; 801 request-nsid boolean; 802 send-cookie boolean; 803 tcp-keepalive boolean; 804 tcp-only boolean; 805 transfer-format ( many-answers | one-answer ); 806 transfer-source ( ipv4_address | * ) [ port ( integer | 807 * ) ] [ dscp integer ]; 808 transfer-source-v6 ( ipv6_address | * ) [ port ( 809 integer | * ) ] [ dscp integer ]; 810 transfers integer; 811 }; 812 servfail-ttl duration; 813 sig-signing-nodes integer; 814 sig-signing-signatures integer; 815 sig-signing-type integer; 816 sig-validity-interval integer [ integer ]; 817 sortlist { address_match_element; ... }; 818 stale-answer-client-timeout ( disabled | off | integer ); 819 stale-answer-enable boolean; 820 stale-answer-ttl duration; 821 stale-cache-enable boolean; 822 stale-refresh-time duration; 823 synth-from-dnssec boolean; 824 transfer-format ( many-answers | one-answer ); 825 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 826 dscp integer ]; 827 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 828 ] [ dscp integer ]; 829 trust-anchor-telemetry boolean; // experimental 830 trust-anchors { string ( static-key | 831 initial-key | static-ds | initial-ds 832 ) integer integer integer 833 quoted_string; ... }; 834 trusted-keys { string 835 integer integer 836 integer 837 quoted_string; ... };, deprecated 838 try-tcp-refresh boolean; 839 update-check-ksk boolean; 840 use-alt-transfer-source boolean; 841 v6-bias integer; 842 validate-except { string; ... }; 843 zero-no-soa-ttl boolean; 844 zero-no-soa-ttl-cache boolean; 845 zone string [ class ] { 846 allow-notify { address_match_element; ... }; 847 allow-query { address_match_element; ... }; 848 allow-query-on { address_match_element; ... }; 849 allow-transfer { address_match_element; ... }; 850 allow-update { address_match_element; ... }; 851 allow-update-forwarding { address_match_element; ... }; 852 also-notify [ port integer ] [ dscp integer ] { ( 853 remote-servers | ipv4_address [ port integer ] | 854 ipv6_address [ port integer ] ) [ key string ]; 855 ... }; 856 alt-transfer-source ( ipv4_address | * ) [ port ( 857 integer | * ) ] [ dscp integer ]; 858 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( 859 integer | * ) ] [ dscp integer ]; 860 auto-dnssec ( allow | maintain | off ); 861 check-dup-records ( fail | warn | ignore ); 862 check-integrity boolean; 863 check-mx ( fail | warn | ignore ); 864 check-mx-cname ( fail | warn | ignore ); 865 check-names ( fail | warn | ignore ); 866 check-sibling boolean; 867 check-spf ( warn | ignore ); 868 check-srv-cname ( fail | warn | ignore ); 869 check-wildcard boolean; 870 database string; 871 delegation-only boolean; 872 dialup ( notify | notify-passive | passive | refresh | 873 boolean ); 874 dlz string; 875 dnskey-sig-validity integer; 876 dnssec-dnskey-kskonly boolean; 877 dnssec-loadkeys-interval integer; 878 dnssec-policy string; 879 dnssec-secure-to-insecure boolean; 880 dnssec-update-mode ( maintain | no-resign ); 881 file quoted_string; 882 forward ( first | only ); 883 forwarders [ port integer ] [ dscp integer ] { ( 884 ipv4_address | ipv6_address ) [ port integer ] [ 885 dscp integer ]; ... }; 886 in-view string; 887 inline-signing boolean; 888 ixfr-from-differences boolean; 889 journal quoted_string; 890 key-directory quoted_string; 891 masterfile-format ( map | raw | text ); 892 masterfile-style ( full | relative ); 893 masters [ port integer ] [ dscp integer ] { ( 894 remote-servers | ipv4_address [ port integer ] | 895 ipv6_address [ port integer ] ) [ key string ]; 896 ... }; 897 max-ixfr-ratio ( unlimited | percentage ); 898 max-journal-size ( default | unlimited | sizeval ); 899 max-records integer; 900 max-refresh-time integer; 901 max-retry-time integer; 902 max-transfer-idle-in integer; 903 max-transfer-idle-out integer; 904 max-transfer-time-in integer; 905 max-transfer-time-out integer; 906 max-zone-ttl ( unlimited | duration ); 907 min-refresh-time integer; 908 min-retry-time integer; 909 multi-master boolean; 910 notify ( explicit | master-only | primary-only | boolean ); 911 notify-delay integer; 912 notify-source ( ipv4_address | * ) [ port ( integer | * 913 ) ] [ dscp integer ]; 914 notify-source-v6 ( ipv6_address | * ) [ port ( integer 915 | * ) ] [ dscp integer ]; 916 notify-to-soa boolean; 917 parental-agents [ port integer ] [ dscp integer ] { ( 918 remote-servers | ipv4_address [ port integer ] | 919 ipv6_address [ port integer ] ) [ key string ]; 920 ... }; 921 parental-source ( ipv4_address | * ) [ port ( integer | 922 * ) ] [ dscp integer ]; 923 parental-source-v6 ( ipv6_address | * ) [ port ( 924 integer | * ) ] [ dscp integer ]; 925 primaries [ port integer ] [ dscp integer ] { ( 926 remote-servers | ipv4_address [ port integer ] | 927 ipv6_address [ port integer ] ) [ key string ]; 928 ... }; 929 request-expire boolean; 930 request-ixfr boolean; 931 serial-update-method ( date | increment | unixtime ); 932 server-addresses { ( ipv4_address | ipv6_address ); ... }; 933 server-names { string; ... }; 934 sig-signing-nodes integer; 935 sig-signing-signatures integer; 936 sig-signing-type integer; 937 sig-validity-interval integer [ integer ]; 938 transfer-source ( ipv4_address | * ) [ port ( integer | 939 * ) ] [ dscp integer ]; 940 transfer-source-v6 ( ipv6_address | * ) [ port ( 941 integer | * ) ] [ dscp integer ]; 942 try-tcp-refresh boolean; 943 type ( primary | master | secondary | slave | mirror | 944 delegation-only | forward | hint | redirect | 945 static-stub | stub ); 946 update-check-ksk boolean; 947 update-policy ( local | { ( deny | grant ) string ( 948 6to4-self | external | krb5-self | krb5-selfsub | 949 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 950 name | self | selfsub | selfwild | subdomain | tcp-self 951 | wildcard | zonesub ) [ string ] rrtypelist; ... }; 952 use-alt-transfer-source boolean; 953 zero-no-soa-ttl boolean; 954 zone-statistics ( full | terse | none | boolean ); 955 }; 956 zone-statistics ( full | terse | none | boolean ); 957 }; 958 959ZONE 960^^^^ 961 962:: 963 964 zone string [ class ] { 965 allow-notify { address_match_element; ... }; 966 allow-query { address_match_element; ... }; 967 allow-query-on { address_match_element; ... }; 968 allow-transfer { address_match_element; ... }; 969 allow-update { address_match_element; ... }; 970 allow-update-forwarding { address_match_element; ... }; 971 also-notify [ port integer ] [ dscp integer ] { ( 972 remote-servers | ipv4_address [ port integer ] | 973 ipv6_address [ port integer ] ) [ key string ]; ... }; 974 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) 975 ] [ dscp integer ]; 976 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | 977 * ) ] [ dscp integer ]; 978 auto-dnssec ( allow | maintain | off ); 979 check-dup-records ( fail | warn | ignore ); 980 check-integrity boolean; 981 check-mx ( fail | warn | ignore ); 982 check-mx-cname ( fail | warn | ignore ); 983 check-names ( fail | warn | ignore ); 984 check-sibling boolean; 985 check-spf ( warn | ignore ); 986 check-srv-cname ( fail | warn | ignore ); 987 check-wildcard boolean; 988 database string; 989 delegation-only boolean; 990 dialup ( notify | notify-passive | passive | refresh | boolean ); 991 dlz string; 992 dnskey-sig-validity integer; 993 dnssec-dnskey-kskonly boolean; 994 dnssec-loadkeys-interval integer; 995 dnssec-policy string; 996 dnssec-secure-to-insecure boolean; 997 dnssec-update-mode ( maintain | no-resign ); 998 file quoted_string; 999 forward ( first | only ); 1000 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address 1001 | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; 1002 in-view string; 1003 inline-signing boolean; 1004 ixfr-from-differences boolean; 1005 journal quoted_string; 1006 key-directory quoted_string; 1007 masterfile-format ( map | raw | text ); 1008 masterfile-style ( full | relative ); 1009 masters [ port integer ] [ dscp integer ] { ( remote-servers 1010 | ipv4_address [ port integer ] | ipv6_address [ port 1011 integer ] ) [ key string ]; ... }; 1012 max-ixfr-ratio ( unlimited | percentage ); 1013 max-journal-size ( default | unlimited | sizeval ); 1014 max-records integer; 1015 max-refresh-time integer; 1016 max-retry-time integer; 1017 max-transfer-idle-in integer; 1018 max-transfer-idle-out integer; 1019 max-transfer-time-in integer; 1020 max-transfer-time-out integer; 1021 max-zone-ttl ( unlimited | duration ); 1022 min-refresh-time integer; 1023 min-retry-time integer; 1024 multi-master boolean; 1025 notify ( explicit | master-only | primary-only | boolean ); 1026 notify-delay integer; 1027 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1028 dscp integer ]; 1029 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] 1030 [ dscp integer ]; 1031 notify-to-soa boolean; 1032 parental-agents [ port integer ] [ dscp integer ] { ( 1033 remote-servers | ipv4_address [ port integer ] | 1034 ipv6_address [ port integer ] ) [ key string ]; ... }; 1035 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1036 dscp integer ]; 1037 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 1038 ] [ dscp integer ]; 1039 primaries [ port integer ] [ dscp integer ] { ( 1040 remote-servers | ipv4_address [ port integer ] | 1041 ipv6_address [ port integer ] ) [ key string ]; ... }; 1042 request-expire boolean; 1043 request-ixfr boolean; 1044 serial-update-method ( date | increment | unixtime ); 1045 server-addresses { ( ipv4_address | ipv6_address ); ... }; 1046 server-names { string; ... }; 1047 sig-signing-nodes integer; 1048 sig-signing-signatures integer; 1049 sig-signing-type integer; 1050 sig-validity-interval integer [ integer ]; 1051 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ 1052 dscp integer ]; 1053 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) 1054 ] [ dscp integer ]; 1055 try-tcp-refresh boolean; 1056 type ( primary | master | secondary | slave | mirror | 1057 delegation-only | forward | hint | redirect | static-stub | 1058 stub ); 1059 update-check-ksk boolean; 1060 update-policy ( local | { ( deny | grant ) string ( 6to4-self | 1061 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 1062 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 1063 | subdomain | tcp-self | wildcard | zonesub ) [ string ] 1064 rrtypelist; ... }; 1065 use-alt-transfer-source boolean; 1066 zero-no-soa-ttl boolean; 1067 zone-statistics ( full | terse | none | boolean ); 1068 }; 1069 1070Files 1071~~~~~ 1072 1073``/etc/named.conf`` 1074 1075See Also 1076~~~~~~~~ 1077 1078:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. 1079 1080