xref: /netbsd-src/external/mpl/bind/dist/doc/man/named.conf.5in (revision 154bfe8e089c1a0a4e9ed8414f08d3da90949162)
Man page generated from reStructuredText.
.
"NAMED.CONF" "5" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
NAME
named.conf - configuration file for **named** . .nr rst2man-indent-level 0 . \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .rstReportMargin pre:
. RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .rstReportMargin post:
.. . RE indent \\n[an-margin]
old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1 new: \\n[rst2man-indent\\n[rst2man-indent-level]]
..
SYNOPSIS
named.conf
DESCRIPTION
named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported: C style: /* */ NDENT 0.0 NDENT 3.5 C++ style: // to end of line NINDENT NINDENT Unix style: # to end of line
ACL
NDENT 0.0 NDENT 3.5
acl string { address_match_element; ... };
NINDENT NINDENT
CONTROLS
NDENT 0.0 NDENT 3.5
controls {
 inet ( ipv4_address | ipv6_address |
 * ) [ port ( integer | * ) ] allow
 { address_match_element; ... } [
 keys { string; ... } ] [ read-only
 boolean ];
 unix quoted_string perm integer
 owner integer group integer [
 keys { string; ... } ] [ read-only
 boolean ];
};
NINDENT NINDENT
DLZ
NDENT 0.0 NDENT 3.5
dlz string {
 database string;
 search boolean;
};
NINDENT NINDENT
DNSSEC-POLICY
NDENT 0.0 NDENT 3.5
dnssec-policy string {
 dnskey-ttl duration;
 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
 duration_or_unlimited algorithm string [ integer ]; ... };
 max-zone-ttl duration;
 parent-ds-ttl duration;
 parent-propagation-delay duration;
 parent-registration-delay duration;
 publish-safety duration;
 retire-safety duration;
 signatures-refresh duration;
 signatures-validity duration;
 signatures-validity-dnskey duration;
 zone-propagation-delay duration;
};
NINDENT NINDENT
DYNDB
NDENT 0.0 NDENT 3.5
dyndb string quoted_string {
 unspecified-text };
NINDENT NINDENT
KEY
NDENT 0.0 NDENT 3.5
key string {
 algorithm string;
 secret string;
};
NINDENT NINDENT
LOGGING
NDENT 0.0 NDENT 3.5
logging {
 category string { string; ... };
 channel string {
 buffered boolean;
 file quoted_string [ versions ( unlimited | integer ) ]
 [ size size ] [ suffix ( increment | timestamp ) ];
 null;
 print-category boolean;
 print-severity boolean;
 print-time ( iso8601 | iso8601-utc | local | boolean );
 severity log_severity;
 stderr;
 syslog [ syslog_facility ];
 };
};
NINDENT NINDENT
MANAGED-KEYS
See DNSSEC-KEYS. NDENT 0.0 NDENT 3.5
managed-keys { string ( static-key
 | initial-key | static-ds |
 initial-ds ) integer integer
 integer quoted_string; ... };, deprecated
NINDENT NINDENT
MASTERS
NDENT 0.0 NDENT 3.5
masters string [ port integer ] [ dscp
 integer ] { ( masters | ipv4_address [
 port integer ] | ipv6_address [ port
 integer ] ) [ key string ]; ... };
NINDENT NINDENT
OPTIONS
NDENT 0.0 NDENT 3.5
options {
 allow-new-zones boolean;
 allow-notify { address_match_element; ... };
 allow-query { address_match_element; ... };
 allow-query-cache { address_match_element; ... };
 allow-query-cache-on { address_match_element; ... };
 allow-query-on { address_match_element; ... };
 allow-recursion { address_match_element; ... };
 allow-recursion-on { address_match_element; ... };
 allow-transfer { address_match_element; ... };
 allow-update { address_match_element; ... };
 allow-update-forwarding { address_match_element; ... };
 also-notify [ port integer ] [ dscp integer ] { ( masters |
 ipv4_address [ port integer ] | ipv6_address [ port
 integer ] ) [ key string ]; ... };
 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
 * ) ] [ dscp integer ];
 answer-cookie boolean;
 attach-cache string;
 auth-nxdomain boolean; // default changed
 auto-dnssec ( allow | maintain | off );
 automatic-interface-scan boolean;
 avoid-v4-udp-ports { portrange; ... };
 avoid-v6-udp-ports { portrange; ... };
 bindkeys-file quoted_string;
 blackhole { address_match_element; ... };
 cache-file quoted_string;
 catalog-zones { zone string [ default-masters [ port integer ]
 [ dscp integer ] { ( masters | ipv4_address [ port
 integer ] | ipv6_address [ port integer ] ) [ key
 string ]; ... } ] [ zone-directory quoted_string ] [
 in-memory boolean ] [ min-update-interval duration ]; ... };
 check-dup-records ( fail | warn | ignore );
 check-integrity boolean;
 check-mx ( fail | warn | ignore );
 check-mx-cname ( fail | warn | ignore );
 check-names ( primary | master |
 secondary | slave | response ) (
 fail | warn | ignore );
 check-sibling boolean;
 check-spf ( warn | ignore );
 check-srv-cname ( fail | warn | ignore );
 check-wildcard boolean;
 clients-per-query integer;
 cookie-algorithm ( aes | siphash24 );
 cookie-secret string;
 coresize ( default | unlimited | sizeval );
 datasize ( default | unlimited | sizeval );
 deny-answer-addresses { address_match_element; ... } [
 except-from { string; ... } ];
 deny-answer-aliases { string; ... } [ except-from { string; ...
 } ];
 dialup ( notify | notify-passive | passive | refresh | boolean );
 directory quoted_string;
 disable-algorithms string { string;
 ... };
 disable-ds-digests string { string;
 ... };
 disable-empty-zone string;
 dns64 netprefix {
 break-dnssec boolean;
 clients { address_match_element; ... };
 exclude { address_match_element; ... };
 mapped { address_match_element; ... };
 recursive-only boolean;
 suffix ipv6_address;
 };
 dns64-contact string;
 dns64-server string;
 dnskey-sig-validity integer;
 dnsrps-enable boolean;
 dnsrps-options { unspecified-text };
 dnssec-accept-expired boolean;
 dnssec-dnskey-kskonly boolean;
 dnssec-loadkeys-interval integer;
 dnssec-must-be-secure string boolean;
 dnssec-policy string;
 dnssec-secure-to-insecure boolean;
 dnssec-update-mode ( maintain | no-resign );
 dnssec-validation ( yes | no | auto );
 dnstap { ( all | auth | client | forwarder |
 resolver | update ) [ ( query | response ) ];
 ... };
 dnstap-identity ( quoted_string | none |
 hostname );
 dnstap-output ( file | unix ) quoted_string [
 size ( unlimited | size ) ] [ versions (
 unlimited | integer ) ] [ suffix ( increment
 | timestamp ) ];
 dnstap-version ( quoted_string | none );
 dscp integer;
 dual-stack-servers [ port integer ] { ( quoted_string [ port
 integer ] [ dscp integer ] | ipv4_address [ port
 integer ] [ dscp integer ] | ipv6_address [ port
 integer ] [ dscp integer ] ); ... };
 dump-file quoted_string;
 edns-udp-size integer;
 empty-contact string;
 empty-server string;
 empty-zones-enable boolean;
 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
 fetches-per-server integer [ ( drop | fail ) ];
 fetches-per-zone integer [ ( drop | fail ) ];
 files ( default | unlimited | sizeval );
 flush-zones-on-shutdown boolean;
 forward ( first | only );
 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
 fstrm-set-buffer-hint integer;
 fstrm-set-flush-timeout integer;
 fstrm-set-input-queue-size integer;
 fstrm-set-output-notify-threshold integer;
 fstrm-set-output-queue-model ( mpsc | spsc );
 fstrm-set-output-queue-size integer;
 fstrm-set-reopen-interval duration;
 geoip-directory ( quoted_string | none );
 glue-cache boolean;
 heartbeat-interval integer;
 hostname ( quoted_string | none );
 inline-signing boolean;
 interface-interval duration;
 ixfr-from-differences ( primary | master | secondary | slave |
 boolean );
 keep-response-order { address_match_element; ... };
 key-directory quoted_string;
 lame-ttl duration;
 listen-on [ port integer ] [ dscp
 integer ] {
 address_match_element; ... };
 listen-on-v6 [ port integer ] [ dscp
 integer ] {
 address_match_element; ... };
 lmdb-mapsize sizeval;
 lock-file ( quoted_string | none );
 managed-keys-directory quoted_string;
 masterfile-format ( map | raw | text );
 masterfile-style ( full | relative );
 match-mapped-addresses boolean;
 max-cache-size ( default | unlimited | sizeval | percentage );
 max-cache-ttl duration;
 max-clients-per-query integer;
 max-journal-size ( default | unlimited | sizeval );
 max-ncache-ttl duration;
 max-records integer;
 max-recursion-depth integer;
 max-recursion-queries integer;
 max-refresh-time integer;
 max-retry-time integer;
 max-rsa-exponent-size integer;
 max-stale-ttl duration;
 max-transfer-idle-in integer;
 max-transfer-idle-out integer;
 max-transfer-time-in integer;
 max-transfer-time-out integer;
 max-udp-size integer;
 max-zone-ttl ( unlimited | duration );
 memstatistics boolean;
 memstatistics-file quoted_string;
 message-compression boolean;
 min-cache-ttl duration;
 min-ncache-ttl duration;
 min-refresh-time integer;
 min-retry-time integer;
 minimal-any boolean;
 minimal-responses ( no-auth | no-auth-recursive | boolean );
 multi-master boolean;
 new-zones-directory quoted_string;
 no-case-compress { address_match_element; ... };
 nocookie-udp-size integer;
 notify ( explicit | master-only | boolean );
 notify-delay integer;
 notify-rate integer;
 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
 [ dscp integer ];
 notify-to-soa boolean;
 nta-lifetime duration;
 nta-recheck duration;
 nxdomain-redirect string;
 pid-file ( quoted_string | none );
 port integer;
 preferred-glue string;
 prefetch integer [ integer ];
 provide-ixfr boolean;
 qname-minimization ( strict | relaxed | disabled | off );
 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
 port ( integer | * ) ) ) [ dscp integer ];
 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
 port ( integer | * ) ) ) [ dscp integer ];
 querylog boolean;
 random-device ( quoted_string | none );
 rate-limit {
 all-per-second integer;
 errors-per-second integer;
 exempt-clients { address_match_element; ... };
 ipv4-prefix-length integer;
 ipv6-prefix-length integer;
 log-only boolean;
 max-table-size integer;
 min-table-size integer;
 nodata-per-second integer;
 nxdomains-per-second integer;
 qps-scale integer;
 referrals-per-second integer;
 responses-per-second integer;
 slip integer;
 window integer;
 };
 recursing-file quoted_string;
 recursion boolean;
 recursive-clients integer;
 request-expire boolean;
 request-ixfr boolean;
 request-nsid boolean;
 require-server-cookie boolean;
 reserved-sockets integer;
 resolver-nonbackoff-tries integer;
 resolver-query-timeout integer;
 resolver-retry-interval integer;
 response-padding { address_match_element; ... } block-size
 integer;
 response-policy { zone string [ add-soa boolean ] [ log
 boolean ] [ max-policy-ttl duration ] [ min-update-interval
 duration ] [ policy ( cname | disabled | drop | given | no-op
 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
 recursive-only boolean ] [ nsip-enable boolean ] [
 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
 break-dnssec boolean ] [ max-policy-ttl duration ] [
 min-update-interval duration ] [ min-ns-dots integer ] [
 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
 [ recursive-only boolean ] [ nsip-enable boolean ] [
 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
 dnsrps-options { unspecified-text } ];
 root-delegation-only [ exclude { string; ... } ];
 root-key-sentinel boolean;
 rrset-order { [ class string ] [ type string ] [ name
 quoted_string ] string string; ... };
 secroots-file quoted_string;
 send-cookie boolean;
 serial-query-rate integer;
 serial-update-method ( date | increment | unixtime );
 server-id ( quoted_string | none | hostname );
 servfail-ttl duration;
 session-keyalg string;
 session-keyfile ( quoted_string | none );
 session-keyname string;
 sig-signing-nodes integer;
 sig-signing-signatures integer;
 sig-signing-type integer;
 sig-validity-interval integer [ integer ];
 sortlist { address_match_element; ... };
 stacksize ( default | unlimited | sizeval );
 stale-answer-enable boolean;
 stale-answer-ttl duration;
 startup-notify-rate integer;
 statistics-file quoted_string;
 synth-from-dnssec boolean;
 tcp-advertised-timeout integer;
 tcp-clients integer;
 tcp-idle-timeout integer;
 tcp-initial-timeout integer;
 tcp-keepalive-timeout integer;
 tcp-listen-queue integer;
 tkey-dhkey quoted_string integer;
 tkey-domain quoted_string;
 tkey-gssapi-credential quoted_string;
 tkey-gssapi-keytab quoted_string;
 transfer-format ( many-answers | one-answer );
 transfer-message-size integer;
 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 transfers-in integer;
 transfers-out integer;
 transfers-per-ns integer;
 trust-anchor-telemetry boolean; // experimental
 try-tcp-refresh boolean;
 update-check-ksk boolean;
 use-alt-transfer-source boolean;
 use-v4-udp-ports { portrange; ... };
 use-v6-udp-ports { portrange; ... };
 v6-bias integer;
 validate-except { string; ... };
 version ( quoted_string | none );
 zero-no-soa-ttl boolean;
 zero-no-soa-ttl-cache boolean;
 zone-statistics ( full | terse | none | boolean );
};
NINDENT NINDENT
PLUGIN
NDENT 0.0 NDENT 3.5
plugin ( query ) string [ { unspecified-text
 } ];
NINDENT NINDENT
SERVER
NDENT 0.0 NDENT 3.5
server netprefix {
 bogus boolean;
 edns boolean;
 edns-udp-size integer;
 edns-version integer;
 keys server_key;
 max-udp-size integer;
 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
 [ dscp integer ];
 padding integer;
 provide-ixfr boolean;
 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
 port ( integer | * ) ) ) [ dscp integer ];
 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
 port ( integer | * ) ) ) [ dscp integer ];
 request-expire boolean;
 request-ixfr boolean;
 request-nsid boolean;
 send-cookie boolean;
 tcp-keepalive boolean;
 tcp-only boolean;
 transfer-format ( many-answers | one-answer );
 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 transfers integer;
};
NINDENT NINDENT
STATISTICS-CHANNELS
NDENT 0.0 NDENT 3.5
statistics-channels {
 inet ( ipv4_address | ipv6_address |
 * ) [ port ( integer | * ) ] [
 allow { address_match_element; ...
 } ];
};
NINDENT NINDENT
TRUST-ANCHORS
NDENT 0.0 NDENT 3.5
trust-anchors { string ( static-key |
 initial-key | static-ds | initial-ds )
 integer integer integer
 quoted_string; ... };
NINDENT NINDENT
TRUSTED-KEYS
Deprecated - see DNSSEC-KEYS. NDENT 0.0 NDENT 3.5
trusted-keys { string integer
 integer integer
 quoted_string; ... };, deprecated
NINDENT NINDENT
VIEW
NDENT 0.0 NDENT 3.5
view string [ class ] {
 allow-new-zones boolean;
 allow-notify { address_match_element; ... };
 allow-query { address_match_element; ... };
 allow-query-cache { address_match_element; ... };
 allow-query-cache-on { address_match_element; ... };
 allow-query-on { address_match_element; ... };
 allow-recursion { address_match_element; ... };
 allow-recursion-on { address_match_element; ... };
 allow-transfer { address_match_element; ... };
 allow-update { address_match_element; ... };
 allow-update-forwarding { address_match_element; ... };
 also-notify [ port integer ] [ dscp integer ] { ( masters |
 ipv4_address [ port integer ] | ipv6_address [ port
 integer ] ) [ key string ]; ... };
 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
 * ) ] [ dscp integer ];
 attach-cache string;
 auth-nxdomain boolean; // default changed
 auto-dnssec ( allow | maintain | off );
 cache-file quoted_string;
 catalog-zones { zone string [ default-masters [ port integer ]
 [ dscp integer ] { ( masters | ipv4_address [ port
 integer ] | ipv6_address [ port integer ] ) [ key
 string ]; ... } ] [ zone-directory quoted_string ] [
 in-memory boolean ] [ min-update-interval duration ]; ... };
 check-dup-records ( fail | warn | ignore );
 check-integrity boolean;
 check-mx ( fail | warn | ignore );
 check-mx-cname ( fail | warn | ignore );
 check-names ( primary | master |
 secondary | slave | response ) (
 fail | warn | ignore );
 check-sibling boolean;
 check-spf ( warn | ignore );
 check-srv-cname ( fail | warn | ignore );
 check-wildcard boolean;
 clients-per-query integer;
 deny-answer-addresses { address_match_element; ... } [
 except-from { string; ... } ];
 deny-answer-aliases { string; ... } [ except-from { string; ...
 } ];
 dialup ( notify | notify-passive | passive | refresh | boolean );
 disable-algorithms string { string;
 ... };
 disable-ds-digests string { string;
 ... };
 disable-empty-zone string;
 dlz string {
 database string;
 search boolean;
 };
 dns64 netprefix {
 break-dnssec boolean;
 clients { address_match_element; ... };
 exclude { address_match_element; ... };
 mapped { address_match_element; ... };
 recursive-only boolean;
 suffix ipv6_address;
 };
 dns64-contact string;
 dns64-server string;
 dnskey-sig-validity integer;
 dnsrps-enable boolean;
 dnsrps-options { unspecified-text };
 dnssec-accept-expired boolean;
 dnssec-dnskey-kskonly boolean;
 dnssec-loadkeys-interval integer;
 dnssec-must-be-secure string boolean;
 dnssec-policy string;
 dnssec-secure-to-insecure boolean;
 dnssec-update-mode ( maintain | no-resign );
 dnssec-validation ( yes | no | auto );
 dnstap { ( all | auth | client | forwarder |
 resolver | update ) [ ( query | response ) ];
 ... };
 dual-stack-servers [ port integer ] { ( quoted_string [ port
 integer ] [ dscp integer ] | ipv4_address [ port
 integer ] [ dscp integer ] | ipv6_address [ port
 integer ] [ dscp integer ] ); ... };
 dyndb string quoted_string {
 unspecified-text };
 edns-udp-size integer;
 empty-contact string;
 empty-server string;
 empty-zones-enable boolean;
 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
 fetches-per-server integer [ ( drop | fail ) ];
 fetches-per-zone integer [ ( drop | fail ) ];
 forward ( first | only );
 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
 glue-cache boolean;
 inline-signing boolean;
 ixfr-from-differences ( primary | master | secondary | slave |
 boolean );
 key string {
 algorithm string;
 secret string;
 };
 key-directory quoted_string;
 lame-ttl duration;
 lmdb-mapsize sizeval;
 managed-keys { string (
 static-key | initial-key
 | static-ds | initial-ds
 ) integer integer
 integer
 quoted_string; ... };, deprecated
 masterfile-format ( map | raw | text );
 masterfile-style ( full | relative );
 match-clients { address_match_element; ... };
 match-destinations { address_match_element; ... };
 match-recursive-only boolean;
 max-cache-size ( default | unlimited | sizeval | percentage );
 max-cache-ttl duration;
 max-clients-per-query integer;
 max-journal-size ( default | unlimited | sizeval );
 max-ncache-ttl duration;
 max-records integer;
 max-recursion-depth integer;
 max-recursion-queries integer;
 max-refresh-time integer;
 max-retry-time integer;
 max-stale-ttl duration;
 max-transfer-idle-in integer;
 max-transfer-idle-out integer;
 max-transfer-time-in integer;
 max-transfer-time-out integer;
 max-udp-size integer;
 max-zone-ttl ( unlimited | duration );
 message-compression boolean;
 min-cache-ttl duration;
 min-ncache-ttl duration;
 min-refresh-time integer;
 min-retry-time integer;
 minimal-any boolean;
 minimal-responses ( no-auth | no-auth-recursive | boolean );
 multi-master boolean;
 new-zones-directory quoted_string;
 no-case-compress { address_match_element; ... };
 nocookie-udp-size integer;
 notify ( explicit | master-only | boolean );
 notify-delay integer;
 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
 [ dscp integer ];
 notify-to-soa boolean;
 nta-lifetime duration;
 nta-recheck duration;
 nxdomain-redirect string;
 plugin ( query ) string [ {
 unspecified-text } ];
 preferred-glue string;
 prefetch integer [ integer ];
 provide-ixfr boolean;
 qname-minimization ( strict | relaxed | disabled | off );
 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
 port ( integer | * ) ) ) [ dscp integer ];
 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
 port ( integer | * ) ) ) [ dscp integer ];
 rate-limit {
 all-per-second integer;
 errors-per-second integer;
 exempt-clients { address_match_element; ... };
 ipv4-prefix-length integer;
 ipv6-prefix-length integer;
 log-only boolean;
 max-table-size integer;
 min-table-size integer;
 nodata-per-second integer;
 nxdomains-per-second integer;
 qps-scale integer;
 referrals-per-second integer;
 responses-per-second integer;
 slip integer;
 window integer;
 };
 recursion boolean;
 request-expire boolean;
 request-ixfr boolean;
 request-nsid boolean;
 require-server-cookie boolean;
 resolver-nonbackoff-tries integer;
 resolver-query-timeout integer;
 resolver-retry-interval integer;
 response-padding { address_match_element; ... } block-size
 integer;
 response-policy { zone string [ add-soa boolean ] [ log
 boolean ] [ max-policy-ttl duration ] [ min-update-interval
 duration ] [ policy ( cname | disabled | drop | given | no-op
 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
 recursive-only boolean ] [ nsip-enable boolean ] [
 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
 break-dnssec boolean ] [ max-policy-ttl duration ] [
 min-update-interval duration ] [ min-ns-dots integer ] [
 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
 [ recursive-only boolean ] [ nsip-enable boolean ] [
 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
 dnsrps-options { unspecified-text } ];
 root-delegation-only [ exclude { string; ... } ];
 root-key-sentinel boolean;
 rrset-order { [ class string ] [ type string ] [ name
 quoted_string ] string string; ... };
 send-cookie boolean;
 serial-update-method ( date | increment | unixtime );
 server netprefix {
 bogus boolean;
 edns boolean;
 edns-udp-size integer;
 edns-version integer;
 keys server_key;
 max-udp-size integer;
 notify-source ( ipv4_address | * ) [ port ( integer | *
 ) ] [ dscp integer ];
 notify-source-v6 ( ipv6_address | * ) [ port ( integer
 | * ) ] [ dscp integer ];
 padding integer;
 provide-ixfr boolean;
 query-source ( ( [ address ] ( ipv4_address | * ) [ port
 ( integer | * ) ] ) | ( [ [ address ] (
 ipv4_address | * ) ] port ( integer | * ) ) ) [
 dscp integer ];
 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
 port ( integer | * ) ] ) | ( [ [ address ] (
 ipv6_address | * ) ] port ( integer | * ) ) ) [
 dscp integer ];
 request-expire boolean;
 request-ixfr boolean;
 request-nsid boolean;
 send-cookie boolean;
 tcp-keepalive boolean;
 tcp-only boolean;
 transfer-format ( many-answers | one-answer );
 transfer-source ( ipv4_address | * ) [ port ( integer |
 * ) ] [ dscp integer ];
 transfer-source-v6 ( ipv6_address | * ) [ port (
 integer | * ) ] [ dscp integer ];
 transfers integer;
 };
 servfail-ttl duration;
 sig-signing-nodes integer;
 sig-signing-signatures integer;
 sig-signing-type integer;
 sig-validity-interval integer [ integer ];
 sortlist { address_match_element; ... };
 stale-answer-enable boolean;
 stale-answer-ttl duration;
 synth-from-dnssec boolean;
 transfer-format ( many-answers | one-answer );
 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 trust-anchor-telemetry boolean; // experimental
 trust-anchors { string ( static-key |
 initial-key | static-ds | initial-ds
 ) integer integer integer
 quoted_string; ... };
 trusted-keys { string
 integer integer
 integer
 quoted_string; ... };, deprecated
 try-tcp-refresh boolean;
 update-check-ksk boolean;
 use-alt-transfer-source boolean;
 v6-bias integer;
 validate-except { string; ... };
 zero-no-soa-ttl boolean;
 zero-no-soa-ttl-cache boolean;
 zone string [ class ] {
 allow-notify { address_match_element; ... };
 allow-query { address_match_element; ... };
 allow-query-on { address_match_element; ... };
 allow-transfer { address_match_element; ... };
 allow-update { address_match_element; ... };
 allow-update-forwarding { address_match_element; ... };
 also-notify [ port integer ] [ dscp integer ] { (
 masters | ipv4_address [ port integer ] |
 ipv6_address [ port integer ] ) [ key string ];
 ... };
 alt-transfer-source ( ipv4_address | * ) [ port (
 integer | * ) ] [ dscp integer ];
 alt-transfer-source-v6 ( ipv6_address | * ) [ port (
 integer | * ) ] [ dscp integer ];
 auto-dnssec ( allow | maintain | off );
 check-dup-records ( fail | warn | ignore );
 check-integrity boolean;
 check-mx ( fail | warn | ignore );
 check-mx-cname ( fail | warn | ignore );
 check-names ( fail | warn | ignore );
 check-sibling boolean;
 check-spf ( warn | ignore );
 check-srv-cname ( fail | warn | ignore );
 check-wildcard boolean;
 database string;
 delegation-only boolean;
 dialup ( notify | notify-passive | passive | refresh |
 boolean );
 dlz string;
 dnskey-sig-validity integer;
 dnssec-dnskey-kskonly boolean;
 dnssec-loadkeys-interval integer;
 dnssec-policy string;
 dnssec-secure-to-insecure boolean;
 dnssec-update-mode ( maintain | no-resign );
 file quoted_string;
 forward ( first | only );
 forwarders [ port integer ] [ dscp integer ] { (
 ipv4_address | ipv6_address ) [ port integer ] [
 dscp integer ]; ... };
 in-view string;
 inline-signing boolean;
 ixfr-from-differences boolean;
 journal quoted_string;
 key-directory quoted_string;
 masterfile-format ( map | raw | text );
 masterfile-style ( full | relative );
 masters [ port integer ] [ dscp integer ] { ( masters
 | ipv4_address [ port integer ] | ipv6_address [
 port integer ] ) [ key string ]; ... };
 max-journal-size ( default | unlimited | sizeval );
 max-records integer;
 max-refresh-time integer;
 max-retry-time integer;
 max-transfer-idle-in integer;
 max-transfer-idle-out integer;
 max-transfer-time-in integer;
 max-transfer-time-out integer;
 max-zone-ttl ( unlimited | duration );
 min-refresh-time integer;
 min-retry-time integer;
 multi-master boolean;
 notify ( explicit | master-only | boolean );
 notify-delay integer;
 notify-source ( ipv4_address | * ) [ port ( integer | *
 ) ] [ dscp integer ];
 notify-source-v6 ( ipv6_address | * ) [ port ( integer
 | * ) ] [ dscp integer ];
 notify-to-soa boolean;
 request-expire boolean;
 request-ixfr boolean;
 serial-update-method ( date | increment | unixtime );
 server-addresses { ( ipv4_address | ipv6_address ); ... };
 server-names { string; ... };
 sig-signing-nodes integer;
 sig-signing-signatures integer;
 sig-signing-type integer;
 sig-validity-interval integer [ integer ];
 transfer-source ( ipv4_address | * ) [ port ( integer |
 * ) ] [ dscp integer ];
 transfer-source-v6 ( ipv6_address | * ) [ port (
 integer | * ) ] [ dscp integer ];
 try-tcp-refresh boolean;
 type ( primary | master | secondary | slave | mirror |
 delegation-only | forward | hint | redirect |
 static-stub | stub );
 update-check-ksk boolean;
 update-policy ( local | { ( deny | grant ) string (
 6to4-self | external | krb5-self | krb5-selfsub |
 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
 name | self | selfsub | selfwild | subdomain | tcp-self
 | wildcard | zonesub ) [ string ] rrtypelist; ... };
 use-alt-transfer-source boolean;
 zero-no-soa-ttl boolean;
 zone-statistics ( full | terse | none | boolean );
 };
 zone-statistics ( full | terse | none | boolean );
};
NINDENT NINDENT
ZONE
NDENT 0.0 NDENT 3.5
zone string [ class ] {
 allow-notify { address_match_element; ... };
 allow-query { address_match_element; ... };
 allow-query-on { address_match_element; ... };
 allow-transfer { address_match_element; ... };
 allow-update { address_match_element; ... };
 allow-update-forwarding { address_match_element; ... };
 also-notify [ port integer ] [ dscp integer ] { ( masters |
 ipv4_address [ port integer ] | ipv6_address [ port
 integer ] ) [ key string ]; ... };
 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
 * ) ] [ dscp integer ];
 auto-dnssec ( allow | maintain | off );
 check-dup-records ( fail | warn | ignore );
 check-integrity boolean;
 check-mx ( fail | warn | ignore );
 check-mx-cname ( fail | warn | ignore );
 check-names ( fail | warn | ignore );
 check-sibling boolean;
 check-spf ( warn | ignore );
 check-srv-cname ( fail | warn | ignore );
 check-wildcard boolean;
 database string;
 delegation-only boolean;
 dialup ( notify | notify-passive | passive | refresh | boolean );
 dlz string;
 dnskey-sig-validity integer;
 dnssec-dnskey-kskonly boolean;
 dnssec-loadkeys-interval integer;
 dnssec-policy string;
 dnssec-secure-to-insecure boolean;
 dnssec-update-mode ( maintain | no-resign );
 file quoted_string;
 forward ( first | only );
 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
 in-view string;
 inline-signing boolean;
 ixfr-from-differences boolean;
 journal quoted_string;
 key-directory quoted_string;
 masterfile-format ( map | raw | text );
 masterfile-style ( full | relative );
 masters [ port integer ] [ dscp integer ] { ( masters |
 ipv4_address [ port integer ] | ipv6_address [ port
 integer ] ) [ key string ]; ... };
 max-journal-size ( default | unlimited | sizeval );
 max-records integer;
 max-refresh-time integer;
 max-retry-time integer;
 max-transfer-idle-in integer;
 max-transfer-idle-out integer;
 max-transfer-time-in integer;
 max-transfer-time-out integer;
 max-zone-ttl ( unlimited | duration );
 min-refresh-time integer;
 min-retry-time integer;
 multi-master boolean;
 notify ( explicit | master-only | boolean );
 notify-delay integer;
 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
 [ dscp integer ];
 notify-to-soa boolean;
 request-expire boolean;
 request-ixfr boolean;
 serial-update-method ( date | increment | unixtime );
 server-addresses { ( ipv4_address | ipv6_address ); ... };
 server-names { string; ... };
 sig-signing-nodes integer;
 sig-signing-signatures integer;
 sig-signing-type integer;
 sig-validity-interval integer [ integer ];
 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
 dscp integer ];
 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
 ] [ dscp integer ];
 try-tcp-refresh boolean;
 type ( primary | master | secondary | slave | mirror |
 delegation-only | forward | hint | redirect | static-stub |
 stub );
 update-check-ksk boolean;
 update-policy ( local | { ( deny | grant ) string ( 6to4-self |
 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
 | subdomain | tcp-self | wildcard | zonesub ) [ string ]
 rrtypelist; ... };
 use-alt-transfer-source boolean;
 zero-no-soa-ttl boolean;
 zone-statistics ( full | terse | none | boolean );
};
NINDENT NINDENT
FILES
/etc/named.conf
SEE ALSO
ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-confgen(8), BIND 9 Administrator Reference Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2020, Internet Systems Consortium Generated by docutils manpage writer.
.