Manpages

NAME

named.conf − configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL

acl string { address_match_element; ... };

KEY

key domain_name {

algorithm string;

secret string;

};

SERVER

server ( ipv4_address | ipv6_address ) {

bogus boolean;

edns boolean;

provide-ixfr boolean;

request-ixfr boolean;

keys server_key;

transfers integer;

transfer-format ( many-answers | one-answer );

transfer-source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer-source-v6 ( ipv6_address | * )

[ port ( integer | * ) ];

support-ixfr boolean; // obsolete

};

TRUSTED-KEYS

trusted-keys {

domain_name flags protocol algorithm key; ...

};

CONTROLS

controls {

inet ( ipv4_address | ipv6_address | * )

[ port ( integer | * ) ]

allow { address_match_element; ... }

[ keys { string; ... } ];

unix unsupported; // not implemented

};

LOGGING

logging {

channel string {

file log_file;

syslog optional_facility;

null;

stderr;

severity log_severity;

print-time boolean;

print-severity boolean;

print-category boolean;

};

category string { string; ... };

};

LWRES

lwres {

listen-on [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

view string optional_class;

search { string; ... };

ndots integer;

};

OPTIONS

options {

blackhole { address_match_element; ... };

coresize size;

datasize size;

directory quoted_string;

dump-file quoted_string;

files size;

heartbeat-interval integer;

host-statistics boolean; // not implemented

interface-interval integer;

listen-on [ port integer ] { address_match_element; ... };

listen-on-v6 [ port integer ] { address_match_element; ... };

match-mapped-addresses boolean;

memstatistics-file quoted_string; // not implemented

pid-file quoted_string;

port integer;

random-device quoted_string;

recursive-clients integer;

serial-query-rate integer;

stacksize size;

statistics-file quoted_string;

statistics-interval integer; // not yet implemented

tcp-clients integer;

tkey-dhkey quoted_string integer;

tkey-gssapi-credential quoted_string;

tkey-domain quoted_string;

transfers-per-ns integer;

transfers-in integer;

transfers-out integer;

use-ixfr boolean;

version quoted_string;

allow-recursion { address_match_element; ... };

sortlist { address_match_element; ... };

topology { address_match_element; ... }; // not implemented

auth-nxdomain boolean; // default changed

minimal-responses boolean;

recursion boolean;

rrset-order {

[ class string ] [ type string ]

[ name quoted_string ] string string; ...

}; // not implemented

provide-ixfr boolean;

request-ixfr boolean;

rfc2308-type1 boolean; // not yet implemented

additional-from-auth boolean;

additional-from-cache boolean;

query-source querysource4;

query-source-v6 querysource6;

cleaning-interval integer;

min-roots integer; // not implemented

lame-ttl integer;

max-ncache-ttl integer;

max-cache-ttl integer;

transfer-format ( many-answers | one-answer );

max-cache-size size_no_default;

check-names ( master | slave | response )

( fail | warn | ignore ); // not implemented

cache-file quoted_string;

root-delegation-only [ exclude { quoted_string; ... } ];

dialup dialuptype;

allow-query { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

notify notifytype;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];

also-notify [ port integer ] { ( ipv4_address | ipv6_address )

[ port integer ]; ... };

allow-notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

max-transfer-time-in integer;

max-transfer-time-out integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-retry-time integer;

min-retry-time integer;

max-refresh-time integer;

min-refresh-time integer;

sig-validity-interval integer;

transfer-source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer-source-v6 ( ipv6_address | * )

[ port ( integer | * ) ];

zone-statistics boolean;

allow-v6-synthesis { address_match_element; ... };

deallocate-on-exit boolean; // obsolete

fake-iquery boolean; // obsolete

fetch-glue boolean; // obsolete

has-old-clients boolean; // obsolete

maintain-ixfr-base boolean; // obsolete

max-ixfr-log-size size; // obsolete

multiple-cnames boolean; // obsolete

named-xfer quoted_string; // obsolete

serial-queries integer; // obsolete

treat-cr-as-space boolean; // obsolete

use-id-pool boolean; // obsolete

};

VIEW

view string optional_class {

match-clients { address_match_element; ... };

match-destinations { address_match_element; ... };

match-recursive-only boolean;

key string {

algorithm string;

secret string;

};

zone string optional_class {

...

};

server ( ipv4_address | ipv6_address ) {

...

};

trusted-keys {

string integer integer integer quoted_string; ...

};

allow-recursion { address_match_element; ... };

sortlist { address_match_element; ... };

topology { address_match_element; ... }; // not implemented

auth-nxdomain boolean; // default changed

minimal-responses boolean;

recursion boolean;

rrset-order {

[ class string ] [ type string ]

[ name quoted_string ] string string; ...

}; // not implemented

provide-ixfr boolean;

request-ixfr boolean;

rfc2308-type1 boolean; // not yet implemented

additional-from-auth boolean;

additional-from-cache boolean;

query-source querysource4;

query-source-v6 querysource6;

cleaning-interval integer;

min-roots integer; // not implemented

lame-ttl integer;

max-ncache-ttl integer;

max-cache-ttl integer;

transfer-format ( many-answers | one-answer );

max-cache-size size_no_default;

check-names ( master | slave | response )

( fail | warn | ignore );

cache-file quoted_string;

suppress-initial-notify boolean; // not yet implemented

root-delegation-only [ exclude { quoted_string; ... } ];

dialup dialuptype;

allow-query { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

notify notifytype;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];

also-notify [ port integer ] { ( ipv4_address | ipv6_address )

[ port integer ]; ... };

allow-notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

max-transfer-time-in integer;

max-transfer-time-out integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-retry-time integer;

min-retry-time integer;

max-refresh-time integer;

min-refresh-time integer;

sig-validity-interval integer;

transfer-source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer-source-v6 ( ipv6_address | * )

[ port ( integer | * ) ];

zone-statistics boolean;

allow-v6-synthesis { address_match_element; ... }; // obsolete

fetch-glue boolean; // obsolete

maintain-ixfr-base boolean; // obsolete

max-ixfr-log-size size; // obsolete

};

ZONE

zone string optional_class {

type ( master | slave | stub | hint |

forward | delegation-only );

file quoted_string;

masters [ port integer ] {

( ipv4_address [port integer] |

ipv6_address [ port integer ] ) [ key string ]; ...

};

database string;

delegation-only boolean;

check-names ( fail | warn | ignore );

dialup dialuptype;

allow-query { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

update-policy {

( grant | deny ) string

( name | subdomain | wildcard | self ) string

rrtypelist; ...

};

notify notifytype;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];

also-notify [ port integer ] { ( ipv4_address | ipv6_address )

[ port integer ]; ... };

allow-notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

max-transfer-time-in integer;

max-transfer-time-out integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-retry-time integer;

min-retry-time integer;

max-refresh-time integer;

min-refresh-time integer;

sig-validity-interval integer;

transfer-source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer-source-v6 ( ipv6_address | * )

[ port ( integer | * ) ];

zone-statistics boolean;

ixfr-base quoted_string; // obsolete

ixfr-tmp-file quoted_string; // obsolete

maintain-ixfr-base boolean; // obsolete

max-ixfr-log-size size; // obsolete

pubkey integer integer integer quoted_string; // obsolete

};

FILES

/etc/named.conf

SEE ALSO

named(8), rndc(8), BIND 9 Adminstrators Reference Manual.