Manpages

NAME

named.conf - configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL

acl string { address_match_element; ... };

CONTROLS

controls {

inet ( ipv4_address | ipv6_address |

* ) [ port ( integer | * ) ] allow

{ address_match_element; ... } [

keys { string; ... } ] [ read-only

boolean ];

unix quoted_string perm integer

owner integer group integer [

keys { string; ... } ] [ read-only

boolean ];

};

DLZ

dlz string {

database string;

search boolean;

};

DYNDB

dyndb string quoted_string {
unspecified-text
};

KEY

key string {

algorithm string;

secret string;

};

LOGGING

logging {

category string { string; ... };

channel string {

buffered boolean;

file quoted_string [ versions ( "unlimited" | integer )

] [ size size ];

null;

print-category boolean;

print-severity boolean;

print-time boolean;

severity log_severity;

stderr;

syslog [ syslog_facility ];

};

};

LWRES

lwres {

listen-on [ port integer ] [ dscp integer ] { ( ipv4_address

| ipv6_address ) [ port integer ] [ dscp integer ]; ... };

lwres-clients integer;

lwres-tasks integer;

ndots integer;

search { string; ... };

view string [ class ];

};

MANAGED-KEYS

managed-keys { string string integer
integer integer quoted_string
; ... };

MASTERS

masters string [ port integer ] [ dscp
integer
] { ( masters | ipv4_address [
port integer ] | ipv6_address [ port
integer
] ) [ key string ]; ... };

OPTIONS

options {

acache-cleaning-interval integer;

acache-enable boolean;

additional-from-auth boolean;

additional-from-cache boolean;

allow-new-zones boolean;

allow-notify { address_match_element; ... };

allow-query { address_match_element; ... };

allow-query-cache { address_match_element; ... };

allow-query-cache-on { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-recursion { address_match_element; ... };

allow-recursion-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

also-notify [ port integer ] [ dscp integer ] { ( masters |

ipv4_address [ port integer ] | ipv6_address [ port

integer ] ) [ key string ]; ... };

alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )

] [ dscp integer ];

alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |

* ) ] [ dscp integer ];

answer-cookie boolean;

attach-cache string;

auth-nxdomain boolean; // default changed

auto-dnssec ( allow | maintain | off );

automatic-interface-scan boolean;

avoid-v4-udp-ports { portrange; ... };

avoid-v6-udp-ports { portrange; ... };

bindkeys-file quoted_string;

blackhole { address_match_element; ... };

cache-file quoted_string;

catalog-zones { zone string [ default-masters [ port integer ]

[ dscp integer ] { ( masters | ipv4_address [ port

integer ] | ipv6_address [ port integer ] ) [ key

string ]; ... } ] [ zone-directory quoted_string ] [

in-memory boolean ] [ min-update-interval integer ]; ... };

check-dup-records ( fail | warn | ignore );

check-integrity boolean;

check-mx ( fail | warn | ignore );

check-mx-cname ( fail | warn | ignore );

check-names ( master | slave | response

) ( fail | warn | ignore );

check-sibling boolean;

check-spf ( warn | ignore );

check-srv-cname ( fail | warn | ignore );

check-wildcard boolean;

cleaning-interval integer;

clients-per-query integer;

cookie-algorithm ( aes | sha1 | sha256 | siphash24 );

cookie-secret string;

coresize ( default | unlimited | sizeval );

datasize ( default | unlimited | sizeval );

deny-answer-addresses { address_match_element; ... } [

except-from { quoted_string; ... } ];

deny-answer-aliases { quoted_string; ... } [ except-from {

quoted_string; ... } ];

dialup ( notify | notify-passive | passive | refresh | boolean );

directory quoted_string;

disable-algorithms string { string;

... };

disable-ds-digests string { string;

... };

disable-empty-zone string;

dns64 netprefix {

break-dnssec boolean;

clients { address_match_element; ... };

exclude { address_match_element; ... };

mapped { address_match_element; ... };

recursive-only boolean;

suffix ipv6_address;

};

dns64-contact string;

dns64-server string;

dnssec-accept-expired boolean;

dnssec-dnskey-kskonly boolean;

dnssec-enable boolean;

dnssec-loadkeys-interval integer;

dnssec-lookaside ( string trust-anchor

string | auto | no );

dnssec-must-be-secure string boolean;

dnssec-secure-to-insecure boolean;

dnssec-update-mode ( maintain | no-resign );

dnssec-validation ( yes | no | auto );

dnstap { ( all | auth | client | forwarder |

resolver ) [ ( query | response ) ]; ... };

dnstap-identity ( quoted_string | none |

hostname );

dnstap-output ( file | unix ) quoted_string;

dnstap-version ( quoted_string | none );

dscp integer;

dual-stack-servers [ port integer ] { ( quoted_string [ port

integer ] [ dscp integer ] | ipv4_address [ port

integer ] [ dscp integer ] | ipv6_address [ port

integer ] [ dscp integer ] ); ... };

dump-file quoted_string;

edns-udp-size integer;

empty-contact string;

empty-server string;

empty-zones-enable boolean;

fetch-quota-params integer fixedpoint fixedpoint fixedpoint;

fetches-per-server integer [ ( drop | fail ) ];

fetches-per-zone integer [ ( drop | fail ) ];

files ( default | unlimited | sizeval );

filter-aaaa { address_match_element; ... };

filter-aaaa-on-v4 ( break-dnssec | boolean );

filter-aaaa-on-v6 ( break-dnssec | boolean );

flush-zones-on-shutdown boolean;

forward ( first | only );

forwarders [ port integer ] [ dscp integer ] { ( ipv4_address

| ipv6_address ) [ port integer ] [ dscp integer ]; ... };

fstrm-set-buffer-hint integer;

fstrm-set-flush-timeout integer;

fstrm-set-input-queue-size integer;

fstrm-set-output-notify-threshold integer;

fstrm-set-output-queue-model ( mpsc | spsc );

fstrm-set-output-queue-size integer;

fstrm-set-reopen-interval integer;

geoip-directory ( quoted_string | none );

geoip-use-ecs boolean;

heartbeat-interval integer;

hostname ( quoted_string | none );

inline-signing boolean;

interface-interval integer;

ixfr-from-differences ( master | slave | boolean );

keep-response-order { address_match_element; ... };

key-directory quoted_string;

lame-ttl ttlval;

listen-on [ port integer ] [ dscp

integer ] {

address_match_element; ... };

listen-on-v6 [ port integer ] [ dscp

integer ] {

address_match_element; ... };

lmdb-mapsize sizeval;

lock-file ( quoted_string | none );

managed-keys-directory quoted_string;

masterfile-format ( map | raw | text );

masterfile-style ( full | relative );

match-mapped-addresses boolean;

max-acache-size ( unlimited | sizeval );

max-cache-size ( default | unlimited | sizeval | percentage );

max-cache-ttl integer;

max-clients-per-query integer;

max-journal-size ( unlimited | sizeval );

max-ncache-ttl integer;

max-records integer;

max-recursion-depth integer;

max-recursion-queries integer;

max-refresh-time integer;

max-retry-time integer;

max-rsa-exponent-size integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-udp-size integer;

max-zone-ttl ( unlimited | ttlval );

memstatistics boolean;

memstatistics-file quoted_string;

message-compression boolean;

min-refresh-time integer;

min-retry-time integer;

minimal-any boolean;

minimal-responses ( no-auth | no-auth-recursive | boolean );

multi-master boolean;

no-case-compress { address_match_element; ... };

nocookie-udp-size integer;

notify ( explicit | master-only | boolean );

notify-delay integer;

notify-rate integer;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]

[ dscp integer ];

notify-to-soa boolean;

nta-lifetime ttlval;

nta-recheck ttlval;

nxdomain-redirect string;

pid-file ( quoted_string | none );

port integer;

preferred-glue string;

prefetch integer [ integer ];

provide-ixfr boolean;

query-source ( ( [ address ] ( ipv4_address | * ) [ port (

integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]

port ( integer | * ) ) ) [ dscp integer ];

query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (

integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]

port ( integer | * ) ) ) [ dscp integer ];

querylog boolean;

random-device quoted_string;

rate-limit {

all-per-second integer;

errors-per-second integer;

exempt-clients { address_match_element; ... };

ipv4-prefix-length integer;

ipv6-prefix-length integer;

log-only boolean;

max-table-size integer;

min-table-size integer;

nodata-per-second integer;

nxdomains-per-second integer;

qps-scale integer;

referrals-per-second integer;

responses-per-second integer;

slip integer;

window integer;

};

recursing-file quoted_string;

recursion boolean;

recursive-clients integer;

request-expire boolean;

request-ixfr boolean;

request-nsid boolean;

require-server-cookie boolean;

reserved-sockets integer;

resolver-query-timeout integer;

response-policy { zone string [ log boolean ] [ max-policy-ttl

integer ] [ policy ( cname | disabled | drop | given | no-op

| nodata | nxdomain | passthru | tcp-only quoted_string ) ] [

recursive-only boolean ]; ... } [ break-dnssec boolean ] [

max-policy-ttl integer ] [ min-ns-dots integer ] [

nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]

[ recursive-only boolean ];

root-delegation-only [ exclude { quoted_string; ... } ];

root-key-sentinel boolean;

rrset-order { [ class string ] [ type string ] [ name

quoted_string ] string string; ... };

secroots-file quoted_string;

send-cookie boolean;

serial-query-rate integer;

serial-update-method ( date | increment | unixtime );

server-id ( quoted_string | none | hostname );

servfail-ttl ttlval;

session-keyalg string;

session-keyfile ( quoted_string | none );

session-keyname string;

sig-signing-nodes integer;

sig-signing-signatures integer;

sig-signing-type integer;

sig-validity-interval integer [ integer ];

sortlist { address_match_element; ... };

stacksize ( default | unlimited | sizeval );

startup-notify-rate integer;

statistics-file quoted_string;

tcp-clients integer;

tcp-listen-queue integer;

tkey-dhkey quoted_string integer;

tkey-domain quoted_string;

tkey-gssapi-credential quoted_string;

tkey-gssapi-keytab quoted_string;

transfer-format ( many-answers | one-answer );

transfer-message-size integer;

transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )

] [ dscp integer ];

transfers-in integer;

transfers-out integer;

transfers-per-ns integer;

trust-anchor-telemetry boolean; // experimental

try-tcp-refresh boolean;

update-check-ksk boolean;

use-alt-transfer-source boolean;

use-v4-udp-ports { portrange; ... };

use-v6-udp-ports { portrange; ... };

v6-bias integer;

version ( quoted_string | none );

zero-no-soa-ttl boolean;

zero-no-soa-ttl-cache boolean;

zone-statistics ( full | terse | none | boolean );

};

SERVER

server netprefix {

bogus boolean;

edns boolean;

edns-udp-size integer;

edns-version integer;

keys server_key;

max-udp-size integer;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]

[ dscp integer ];

provide-ixfr boolean;

query-source ( ( [ address ] ( ipv4_address | * ) [ port (

integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]

port ( integer | * ) ) ) [ dscp integer ];

query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (

integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]

port ( integer | * ) ) ) [ dscp integer ];

request-expire boolean;

request-ixfr boolean;

request-nsid boolean;

send-cookie boolean;

tcp-only boolean;

transfer-format ( many-answers | one-answer );

transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )

] [ dscp integer ];

transfers integer;

};

STATISTICS-CHANNELS

statistics-channels {

inet ( ipv4_address | ipv6_address |

* ) [ port ( integer | * ) ] [

allow { address_match_element; ...

} ];

};

TRUSTED-KEYS

trusted-keys { string integer integer
integer quoted_string
; ... };

VIEW

view string [ class ] {

acache-cleaning-interval integer;

acache-enable boolean;

additional-from-auth boolean;

additional-from-cache boolean;

allow-new-zones boolean;

allow-notify { address_match_element; ... };

allow-query { address_match_element; ... };

allow-query-cache { address_match_element; ... };

allow-query-cache-on { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-recursion { address_match_element; ... };

allow-recursion-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

also-notify [ port integer ] [ dscp integer ] { ( masters |

ipv4_address [ port integer ] | ipv6_address [ port

integer ] ) [ key string ]; ... };

alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )

] [ dscp integer ];

alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |

* ) ] [ dscp integer ];

attach-cache string;

auth-nxdomain boolean; // default changed

auto-dnssec ( allow | maintain | off );

cache-file quoted_string;

catalog-zones { zone string [ default-masters [ port integer ]

[ dscp integer ] { ( masters | ipv4_address [ port

integer ] | ipv6_address [ port integer ] ) [ key

string ]; ... } ] [ zone-directory quoted_string ] [

in-memory boolean ] [ min-update-interval integer ]; ... };

check-dup-records ( fail | warn | ignore );

check-integrity boolean;

check-mx ( fail | warn | ignore );

check-mx-cname ( fail | warn | ignore );

check-names ( master | slave | response

) ( fail | warn | ignore );

check-sibling boolean;

check-spf ( warn | ignore );

check-srv-cname ( fail | warn | ignore );

check-wildcard boolean;

cleaning-interval integer;

clients-per-query integer;

deny-answer-addresses { address_match_element; ... } [

except-from { quoted_string; ... } ];

deny-answer-aliases { quoted_string; ... } [ except-from {

quoted_string; ... } ];

dialup ( notify | notify-passive | passive | refresh | boolean );

disable-algorithms string { string;

... };

disable-ds-digests string { string;

... };

disable-empty-zone string;

dlz string {

database string;

search boolean;

};

dns64 netprefix {

break-dnssec boolean;

clients { address_match_element; ... };

exclude { address_match_element; ... };

mapped { address_match_element; ... };

recursive-only boolean;

suffix ipv6_address;

};

dns64-contact string;

dns64-server string;

dnssec-accept-expired boolean;

dnssec-dnskey-kskonly boolean;

dnssec-enable boolean;

dnssec-loadkeys-interval integer;

dnssec-lookaside ( string trust-anchor

string | auto | no );

dnssec-must-be-secure string boolean;

dnssec-secure-to-insecure boolean;

dnssec-update-mode ( maintain | no-resign );

dnssec-validation ( yes | no | auto );

dnstap { ( all | auth | client | forwarder |

resolver ) [ ( query | response ) ]; ... };

dual-stack-servers [ port integer ] { ( quoted_string [ port

integer ] [ dscp integer ] | ipv4_address [ port

integer ] [ dscp integer ] | ipv6_address [ port

integer ] [ dscp integer ] ); ... };

dyndb string quoted_string {

unspecified-text };

edns-udp-size integer;

empty-contact string;

empty-server string;

empty-zones-enable boolean;

fetch-quota-params integer fixedpoint fixedpoint fixedpoint;

fetches-per-server integer [ ( drop | fail ) ];

fetches-per-zone integer [ ( drop | fail ) ];

filter-aaaa { address_match_element; ... };

filter-aaaa-on-v4 ( break-dnssec | boolean );

filter-aaaa-on-v6 ( break-dnssec | boolean );

forward ( first | only );

forwarders [ port integer ] [ dscp integer ] { ( ipv4_address

| ipv6_address ) [ port integer ] [ dscp integer ]; ... };

inline-signing boolean;

ixfr-from-differences ( master | slave | boolean );

key string {

algorithm string;

secret string;

};

key-directory quoted_string;

lame-ttl ttlval;

lmdb-mapsize sizeval;

managed-keys { string string

integer integer integer

quoted_string; ... };

masterfile-format ( map | raw | text );

masterfile-style ( full | relative );

match-clients { address_match_element; ... };

match-destinations { address_match_element; ... };

match-recursive-only boolean;

max-acache-size ( unlimited | sizeval );

max-cache-size ( default | unlimited | sizeval | percentage );

max-cache-ttl integer;

max-clients-per-query integer;

max-journal-size ( unlimited | sizeval );

max-ncache-ttl integer;

max-records integer;

max-recursion-depth integer;

max-recursion-queries integer;

max-refresh-time integer;

max-retry-time integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-udp-size integer;

max-zone-ttl ( unlimited | ttlval );

message-compression boolean;

min-refresh-time integer;

min-retry-time integer;

minimal-any boolean;

minimal-responses ( no-auth | no-auth-recursive | boolean );

multi-master boolean;

no-case-compress { address_match_element; ... };

nocookie-udp-size integer;

notify ( explicit | master-only | boolean );

notify-delay integer;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]

[ dscp integer ];

notify-to-soa boolean;

nta-lifetime ttlval;

nta-recheck ttlval;

nxdomain-redirect string;

preferred-glue string;

prefetch integer [ integer ];

provide-ixfr boolean;

query-source ( ( [ address ] ( ipv4_address | * ) [ port (

integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]

port ( integer | * ) ) ) [ dscp integer ];

query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (

integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]

port ( integer | * ) ) ) [ dscp integer ];

rate-limit {

all-per-second integer;

errors-per-second integer;

exempt-clients { address_match_element; ... };

ipv4-prefix-length integer;

ipv6-prefix-length integer;

log-only boolean;

max-table-size integer;

min-table-size integer;

nodata-per-second integer;

nxdomains-per-second integer;

qps-scale integer;

referrals-per-second integer;

responses-per-second integer;

slip integer;

window integer;

};

recursion boolean;

request-expire boolean;

request-ixfr boolean;

request-nsid boolean;

require-server-cookie boolean;

resolver-query-timeout integer;

response-policy { zone string [ log boolean ] [ max-policy-ttl

integer ] [ policy ( cname | disabled | drop | given | no-op

| nodata | nxdomain | passthru | tcp-only quoted_string ) ] [

recursive-only boolean ]; ... } [ break-dnssec boolean ] [

max-policy-ttl integer ] [ min-ns-dots integer ] [

nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]

[ recursive-only boolean ];

root-delegation-only [ exclude { quoted_string; ... } ];

root-key-sentinel boolean;

rrset-order { [ class string ] [ type string ] [ name

quoted_string ] string string; ... };

send-cookie boolean;

serial-update-method ( date | increment | unixtime );

server netprefix {

bogus boolean;

edns boolean;

edns-udp-size integer;

edns-version integer;

keys server_key;

max-udp-size integer;

notify-source ( ipv4_address | * ) [ port ( integer | *

) ] [ dscp integer ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer

| * ) ] [ dscp integer ];

provide-ixfr boolean;

query-source ( ( [ address ] ( ipv4_address | * ) [ port

( integer | * ) ] ) | ( [ [ address ] (

ipv4_address | * ) ] port ( integer | * ) ) ) [

dscp integer ];

query-source-v6 ( ( [ address ] ( ipv6_address | * ) [

port ( integer | * ) ] ) | ( [ [ address ] (

ipv6_address | * ) ] port ( integer | * ) ) ) [

dscp integer ];

request-expire boolean;

request-ixfr boolean;

request-nsid boolean;

send-cookie boolean;

tcp-only boolean;

transfer-format ( many-answers | one-answer );

transfer-source ( ipv4_address | * ) [ port ( integer |

* ) ] [ dscp integer ];

transfer-source-v6 ( ipv6_address | * ) [ port (

integer | * ) ] [ dscp integer ];

transfers integer;

};

servfail-ttl ttlval;

sig-signing-nodes integer;

sig-signing-signatures integer;

sig-signing-type integer;

sig-validity-interval integer [ integer ];

sortlist { address_match_element; ... };

transfer-format ( many-answers | one-answer );

transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )

] [ dscp integer ];

trust-anchor-telemetry boolean; // experimental

trusted-keys { string integer

integer integer quoted_string;

... };

try-tcp-refresh boolean;

update-check-ksk boolean;

use-alt-transfer-source boolean;

v6-bias integer;

zero-no-soa-ttl boolean;

zero-no-soa-ttl-cache boolean;

zone string [ class ] {

allow-notify { address_match_element; ... };

allow-query { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

also-notify [ port integer ] [ dscp integer ] { (

masters | ipv4_address [ port integer ] |

ipv6_address [ port integer ] ) [ key string ];

... };

alt-transfer-source ( ipv4_address | * ) [ port (

integer | * ) ] [ dscp integer ];

alt-transfer-source-v6 ( ipv6_address | * ) [ port (

integer | * ) ] [ dscp integer ];

auto-dnssec ( allow | maintain | off );

check-dup-records ( fail | warn | ignore );

check-integrity boolean;

check-mx ( fail | warn | ignore );

check-mx-cname ( fail | warn | ignore );

check-names ( fail | warn | ignore );

check-sibling boolean;

check-spf ( warn | ignore );

check-srv-cname ( fail | warn | ignore );

check-wildcard boolean;

database string;

delegation-only boolean;

dialup ( notify | notify-passive | passive | refresh |

boolean );

dlz string;

dnssec-dnskey-kskonly boolean;

dnssec-loadkeys-interval integer;

dnssec-secure-to-insecure boolean;

dnssec-update-mode ( maintain | no-resign );

file quoted_string;

forward ( first | only );

forwarders [ port integer ] [ dscp integer ] { (

ipv4_address | ipv6_address ) [ port integer ] [

dscp integer ]; ... };

in-view string;

inline-signing boolean;

ixfr-from-differences boolean;

journal quoted_string;

key-directory quoted_string;

masterfile-format ( map | raw | text );

masterfile-style ( full | relative );

masters [ port integer ] [ dscp integer ] { ( masters

| ipv4_address [ port integer ] | ipv6_address [

port integer ] ) [ key string ]; ... };

max-ixfr-log-size ( default | unlimited |

max-journal-size ( unlimited | sizeval );

max-records integer;

max-refresh-time integer;

max-retry-time integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-zone-ttl ( unlimited | ttlval );

min-refresh-time integer;

min-retry-time integer;

multi-master boolean;

notify ( explicit | master-only | boolean );

notify-delay integer;

notify-source ( ipv4_address | * ) [ port ( integer | *

) ] [ dscp integer ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer

| * ) ] [ dscp integer ];

notify-to-soa boolean;

pubkey integer

integer

integer

request-expire boolean;

request-ixfr boolean;

serial-update-method ( date | increment | unixtime );

server-addresses { ( ipv4_address | ipv6_address ); ... };

server-names { quoted_string; ... };

sig-signing-nodes integer;

sig-signing-signatures integer;

sig-signing-type integer;

sig-validity-interval integer [ integer ];

transfer-source ( ipv4_address | * ) [ port ( integer |

* ) ] [ dscp integer ];

transfer-source-v6 ( ipv6_address | * ) [ port (

integer | * ) ] [ dscp integer ];

try-tcp-refresh boolean;

type ( delegation-only | forward | hint | master | redirect

| slave | static-stub | stub );

update-check-ksk boolean;

update-policy ( local | { ( deny | grant ) string (

6to4-self | external | krb5-self | krb5-selfsub |

krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |

name | self | selfsub | selfwild | subdomain | tcp-self

| wildcard | zonesub ) [ string ] rrtypelist; ... };

use-alt-transfer-source boolean;

zero-no-soa-ttl boolean;

zone-statistics ( full | terse | none | boolean );

};

zone-statistics ( full | terse | none | boolean );

};

ZONE

zone string [ class ] {

allow-notify { address_match_element; ... };

allow-query { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

also-notify [ port integer ] [ dscp integer ] { ( masters |

ipv4_address [ port integer ] | ipv6_address [ port

integer ] ) [ key string ]; ... };

alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )

] [ dscp integer ];

alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |

* ) ] [ dscp integer ];

auto-dnssec ( allow | maintain | off );

check-dup-records ( fail | warn | ignore );

check-integrity boolean;

check-mx ( fail | warn | ignore );

check-mx-cname ( fail | warn | ignore );

check-names ( fail | warn | ignore );

check-sibling boolean;

check-spf ( warn | ignore );

check-srv-cname ( fail | warn | ignore );

check-wildcard boolean;

database string;

delegation-only boolean;

dialup ( notify | notify-passive | passive | refresh | boolean );

dlz string;

dnssec-dnskey-kskonly boolean;

dnssec-loadkeys-interval integer;

dnssec-secure-to-insecure boolean;

dnssec-update-mode ( maintain | no-resign );

file quoted_string;

forward ( first | only );

forwarders [ port integer ] [ dscp integer ] { ( ipv4_address

| ipv6_address ) [ port integer ] [ dscp integer ]; ... };

in-view string;

inline-signing boolean;

ixfr-from-differences boolean;

journal quoted_string;

key-directory quoted_string;

masterfile-format ( map | raw | text );

masterfile-style ( full | relative );

masters [ port integer ] [ dscp integer ] { ( masters |

ipv4_address [ port integer ] | ipv6_address [ port

integer ] ) [ key string ]; ... };

max-journal-size ( unlimited | sizeval );

max-records integer;

max-refresh-time integer;

max-retry-time integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-zone-ttl ( unlimited | ttlval );

min-refresh-time integer;

min-retry-time integer;

multi-master boolean;

notify ( explicit | master-only | boolean );

notify-delay integer;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]

[ dscp integer ];

notify-to-soa boolean;

pubkey integer integer

request-expire boolean;

request-ixfr boolean;

serial-update-method ( date | increment | unixtime );

server-addresses { ( ipv4_address | ipv6_address ); ... };

server-names { quoted_string; ... };

sig-signing-nodes integer;

sig-signing-signatures integer;

sig-signing-type integer;

sig-validity-interval integer [ integer ];

transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [

dscp integer ];

transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )

] [ dscp integer ];

try-tcp-refresh boolean;

type ( delegation-only | forward | hint | master | redirect | slave

| static-stub | stub );

update-check-ksk boolean;

update-policy ( local | { ( deny | grant ) string ( 6to4-self |

external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self

| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild

| subdomain | tcp-self | wildcard | zonesub ) [ string ]

rrtypelist; ... };

use-alt-transfer-source boolean;

zero-no-soa-ttl boolean;

zone-statistics ( full | terse | none | boolean );

};

FILES

/etc/named.conf

SEE ALSO

ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-confgen(8), BIND 9 Administrator Reference Manual.

AUTHOR

Internet Systems Consortium, Inc.

COPYRIGHT

Copyright © 2004-2019 Internet Systems Consortium, Inc. ("ISC")

COMMENTS