named.conf
— configuration file for named
named.conf
named.conf
is the configuration file
for
named. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
masters�string
�[�port�integer
�]�{
(�masters
�|�ipv4_address
�[port�integer
]�|
ipv6_address
�[port�integer
]�)�[�key�string
�];�...
};
server�(�ipv4_address[/prefixlen]
�|�ipv6_address[/prefixlen]
�)�{
bogus�boolean
;
edns�boolean
;
edns-udp-size�integer
;
max-udp-size�integer
;
provide-ixfr�boolean
;
request-ixfr�boolean
;
keys�server_key
;
transfers�integer
;
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
support-ixfr�boolean
;�//�obsolete
};
controls�{
inet�(�ipv4_address
�|�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�]
allow�{�address_match_element
;�...�}
[�keys�{�string
;�...�}�];
unix�unsupported
;�//�not�implemented
};
logging�{
channel�string
�{
file�log_file
;
syslog�optional_facility
;
null;
stderr;
severity�log_severity
;
print-time�boolean
;
print-severity�boolean
;
print-category�boolean
;
};
category�string
�{�string
;�...�};
};
lwres�{
listen-on�[�port�integer
�]�{
(�ipv4_address
�|�ipv6_address
�)�[�port�integer
�];�...
};
view�string
�optional_class
;
search�{�string
;�...�};
ndots�integer
;
};
options�{
avoid-v4-udp-ports�{�port
;�...�};
avoid-v6-udp-ports�{�port
;�...�};
blackhole�{�address_match_element
;�...�};
coresize�size
;
datasize�size
;
directory�quoted_string
;
dump-file�quoted_string
;
files�size
;
heartbeat-interval�integer
;
host-statistics�boolean
;�//�not�implemented
host-statistics-max�number
;�//�not�implemented
hostname�(�quoted_string
�|�none�);
interface-interval�integer
;
listen-on�[�port�integer
�]�{�address_match_element
;�...�};
listen-on-v6�[�port�integer
�]�{�address_match_element
;�...�};
match-mapped-addresses�boolean
;
memstatistics-file�quoted_string
;
pid-file�(�quoted_string
�|�none�);
port�integer
;
querylog�boolean
;
recursing-file�quoted_string
;
reserved-sockets�integer
;
random-device�quoted_string
;
recursive-clients�integer
;
serial-query-rate�integer
;
server-id�(�quoted_string
�|�hostname�|�none�);
stacksize�size
;
statistics-file�quoted_string
;
statistics-interval�integer
;�//�not�yet�implemented
tcp-clients�integer
;
tcp-listen-queue�integer
;
tkey-dhkey�quoted_string
�integer
;
tkey-gssapi-credential�quoted_string
;
tkey-gssapi-keytab�quoted_string
;
tkey-domain�quoted_string
;
transfers-per-ns�integer
;
transfers-in�integer
;
transfers-out�integer
;
version�(�quoted_string
�|�none�);
allow-recursion�{�address_match_element
;�...�};
allow-recursion-on�{�address_match_element
;�...�};
sortlist�{�address_match_element
;�...�};
topology�{�address_match_element
;�...�};�//�not�implemented
auth-nxdomain�boolean
;�//�default�changed
minimal-responses�boolean
;
recursion�boolean
;
rrset-order�{
[�class�string
�]�[�type�string
�]
[�name�quoted_string
�]�string
�string
;�...
};
provide-ixfr�boolean
;
request-ixfr�boolean
;
rfc2308-type1�boolean
;�//�not�yet�implemented
additional-from-auth�boolean
;
additional-from-cache�boolean
;
query-source�(�(�ipv4_address
�|�*�)�|�[�address�(�ipv4_address
�|�*�)�]�)�[�port�(�integer
�|�*�)�];
query-source-v6�(�(�ipv6_address
�|�*�)�|�[�address�(�ipv6_address
�|�*�)�]�)�[�port�(�integer
�|�*�)�];
use-queryport-pool�boolean
;
queryport-pool-ports�integer
;
queryport-pool-updateinterval�integer
;
cleaning-interval�integer
;
resolver-query-timeout�integer
;
min-roots�integer
;�//�not�implemented
lame-ttl�integer
;
max-ncache-ttl�integer
;
max-cache-ttl�integer
;
transfer-format�(�many-answers�|�one-answer�);
max-cache-size�size
;
max-acache-size�size
;
clients-per-query�number
;
max-clients-per-query�number
;
check-names�(�master�|�slave�|�response�)
(�fail�|�warn�|�ignore�);
check-mx�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx-cname�(�fail�|�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
cache-file�quoted_string
;�//�test�option
suppress-initial-notify�boolean
;�//�not�yet�implemented
preferred-glue�string
;
dual-stack-servers�[�port�integer
�]�{
(�quoted_string
�[port�integer
]�|
ipv4_address
�[port�integer
]�|
ipv6_address
�[port�integer
]�);�...
};
edns-udp-size�integer
;
max-udp-size�integer
;
root-delegation-only�[�exclude�{�quoted_string
;�...�}�];
disable-algorithms�string
�{�string
;�...�};
disable-ds-digests�string
�{�string
;�...�};
dnssec-enable�boolean
;
dnssec-validation�boolean
;
dnssec-lookaside�(�auto
�|�no
�|�domain
�trust-anchor�domain
�);
dnssec-must-be-secure�string
�boolean
;
dnssec-accept-expired�boolean
;
dns64-server�string
;
dns64-contact�string
;
dns64�prefix
�{
clients�{�<replacable>acl</replacable>;�};
exclude�{�<replacable>acl</replacable>;�};
mapped�{�<replacable>acl</replacable>;�};
break-dnssec�boolean
;
recursive-only�boolean
;
suffix�ipv6_address
;
};
empty-server�string
;
empty-contact�string
;
empty-zones-enable�boolean
;
disable-empty-zone�string
;
dialup�dialuptype
;
ixfr-from-differences�ixfrdiff
;
allow-query�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-query-cache�{�address_match_element
;�...�};
allow-query-cache-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
update-check-ksk�boolean
;
dnssec-dnskey-kskonly�boolean
;
masterfile-format�(�text�|�raw�|�map�);
notify�notifytype
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�];
notify-delay�seconds
;
notify-to-soa�boolean
;
also-notify�[�port�integer
�]�{�(�ipv4_address
�|�ipv6_address
�)
[�port�integer
�];�...
[�key�keyname
�]�...�};
allow-notify�{�address_match_element
;�...�};
forward�(�first�|�only�);
forwarders�[�port�integer
�]�{
(�ipv4_address
�|�ipv6_address
�)�[�port�integer
�];�...
};
max-journal-size�size_no_default
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-retry-time�integer
;
min-retry-time�integer
;
max-refresh-time�integer
;
min-refresh-time�integer
;
multi-master�boolean
;
sig-validity-interval�integer
;
sig-re-signing-interval�integer
;
sig-signing-nodes�integer
;
sig-signing-signatures�integer
;
sig-signing-type�integer
;
transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
alt-transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
use-alt-transfer-source�boolean
;
zone-statistics�boolean
;
key-directory�quoted_string
;
managed-keys-directory�quoted_string
;
auto-dnssec�allow
|maintain
|off
;
try-tcp-refresh�boolean
;
zero-no-soa-ttl�boolean
;
zero-no-soa-ttl-cache�boolean
;
dnssec-secure-to-insecure�boolean
;
automatic-interface-scan�boolean
;
deny-answer-addresses�{
address_match_list
}�[�except-from�{�namelist
�}�];
deny-answer-aliases�{
namelist
}�[�except-from�{�namelist
�}�];
nsec3-test-zone�boolean
;��//�testing�only
allow-v6-synthesis�{�address_match_element
;�...�};�//�obsolete
deallocate-on-exit�boolean
;�//�obsolete
fake-iquery�boolean
;�//�obsolete
fetch-glue�boolean
;�//�obsolete
has-old-clients�boolean
;�//�obsolete
maintain-ixfr-base�boolean
;�//�obsolete
max-ixfr-log-size�size
;�//�obsolete
multiple-cnames�boolean
;�//�obsolete
named-xfer�quoted_string
;�//�obsolete
serial-queries�integer
;�//�obsolete
treat-cr-as-space�boolean
;�//�obsolete
use-id-pool�boolean
;�//�obsolete
use-ixfr�boolean
;�//�obsolete
};
view�string
�optional_class
�{
match-clients�{�address_match_element
;�...�};
match-destinations�{�address_match_element
;�...�};
match-recursive-only�boolean
;
key�string
�{
algorithm�string
;
secret�string
;
};
zone�string
�optional_class
�{
...
};
server�(�ipv4_address[/prefixlen]
�|�ipv6_address[/prefixlen]
�)�{
...
};
trusted-keys�{
string
�integer
�integer
�integer
�quoted_string
;
[...]
};
allow-recursion�{�address_match_element
;�...�};
allow-recursion-on�{�address_match_element
;�...�};
sortlist�{�address_match_element
;�...�};
topology�{�address_match_element
;�...�};�//�not�implemented
auth-nxdomain�boolean
;�//�default�changed
minimal-responses�boolean
;
recursion�boolean
;
rrset-order�{
[�class�string
�]�[�type�string
�]
[�name�quoted_string
�]�string
�string
;�...
};
provide-ixfr�boolean
;
request-ixfr�boolean
;
rfc2308-type1�boolean
;�//�not�yet�implemented
additional-from-auth�boolean
;
additional-from-cache�boolean
;
query-source�(�(�ipv4_address
�|�*�)�|�[�address�(�ipv4_address
�|�*�)�]�)�[�port�(�integer
�|�*�)�];
query-source-v6�(�(�ipv6_address
�|�*�)�|�[�address�(�ipv6_address
�|�*�)�]�)�[�port�(�integer
�|�*�)�];
use-queryport-pool�boolean
;
queryport-pool-ports�integer
;
queryport-pool-updateinterval�integer
;
cleaning-interval�integer
;
resolver-query-timeout�integer
;
min-roots�integer
;�//�not�implemented
lame-ttl�integer
;
max-ncache-ttl�integer
;
max-cache-ttl�integer
;
transfer-format�(�many-answers�|�one-answer�);
max-cache-size�size
;
max-acache-size�size
;
clients-per-query�number
;
max-clients-per-query�number
;
check-names�(�master�|�slave�|�response�)
(�fail�|�warn�|�ignore�);
check-mx�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx-cname�(�fail�|�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
cache-file�quoted_string
;�//�test�option
suppress-initial-notify�boolean
;�//�not�yet�implemented
preferred-glue�string
;
dual-stack-servers�[�port�integer
�]�{
(�quoted_string
�[port�integer
]�|
ipv4_address
�[port�integer
]�|
ipv6_address
�[port�integer
]�);�...
};
edns-udp-size�integer
;
max-udp-size�integer
;
root-delegation-only�[�exclude�{�quoted_string
;�...�}�];
disable-algorithms�string
�{�string
;�...�};
disable-ds-digests�string
�{�string
;�...�};
dnssec-enable�boolean
;
dnssec-validation�boolean
;
dnssec-lookaside�(�auto
�|�no
�|�domain
�trust-anchor�domain
�);
dnssec-must-be-secure�string
�boolean
;
dnssec-accept-expired�boolean
;
dns64-server�string
;
dns64-contact�string
;
dns64�prefix
�{
clients�{�<replacable>acl</replacable>;�};
exclude�{�<replacable>acl</replacable>;�};
mapped�{�<replacable>acl</replacable>;�};
break-dnssec�boolean
;
recursive-only�boolean
;
suffix�ipv6_address
;
};
empty-server�string
;
empty-contact�string
;
empty-zones-enable�boolean
;
disable-empty-zone�string
;
dialup�dialuptype
;
ixfr-from-differences�ixfrdiff
;
allow-query�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-query-cache�{�address_match_element
;�...�};
allow-query-cache-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
update-check-ksk�boolean
;
dnssec-dnskey-kskonly�boolean
;
masterfile-format�(�text�|�raw�|�map�);
notify�notifytype
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�];
notify-delay�seconds
;
notify-to-soa�boolean
;
also-notify�[�port�integer
�]�{�(�ipv4_address
�|�ipv6_address
�)
[�port�integer
�];�...
[�key�keyname
�]�...�};
allow-notify�{�address_match_element
;�...�};
forward�(�first�|�only�);
forwarders�[�port�integer
�]�{
(�ipv4_address
�|�ipv6_address
�)�[�port�integer
�];�...
};
max-journal-size�size_no_default
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-retry-time�integer
;
min-retry-time�integer
;
max-refresh-time�integer
;
min-refresh-time�integer
;
multi-master�boolean
;
sig-validity-interval�integer
;
transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
alt-transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
use-alt-transfer-source�boolean
;
zone-statistics�boolean
;
try-tcp-refresh�boolean
;
key-directory�quoted_string
;
zero-no-soa-ttl�boolean
;
zero-no-soa-ttl-cache�boolean
;
dnssec-secure-to-insecure�boolean
;
allow-v6-synthesis�{�address_match_element
;�...�};�//�obsolete
fetch-glue�boolean
;�//�obsolete
maintain-ixfr-base�boolean
;�//�obsolete
max-ixfr-log-size�size
;�//�obsolete
};
zone�string
�optional_class
�{
type�(�master�|�slave�|�stub�|�hint�|�redirect�|
forward�|�delegation-only�);
file�quoted_string
;
masters�[�port�integer
�]�{
(�masters
�|
ipv4_address
�[port�integer
]�|
ipv6_address
�[�port�integer
�]�)�[�key�string
�];�...
};
database�string
;
delegation-only�boolean
;
check-names�(�fail�|�warn�|�ignore�);
check-mx�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx-cname�(�fail�|�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
dialup�dialuptype
;
ixfr-from-differences�boolean
;
journal�quoted_string
;
zero-no-soa-ttl�boolean
;
dnssec-secure-to-insecure�boolean
;
allow-query�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
update-policy�local
�|��{
;
(�grant�|�deny�)�string
(�name�|�subdomain�|�wildcard�|�self�|�selfsub�|�selfwild�|
������������������krb5-self�|�ms-self�|�krb5-subdomain�|�ms-subdomain�|
��tcp-self�|�zonesub�|�6to4-self�)�string
rrtypelist
;
[...]
}
update-check-ksk�boolean
;
dnssec-dnskey-kskonly�boolean
;
masterfile-format�(�text�|�raw�|�map�);
notify�notifytype
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�];
notify-delay�seconds
;
notify-to-soa�boolean
;
also-notify�[�port�integer
�]�{�(�ipv4_address
�|�ipv6_address
�)
[�port�integer
�];�...
[�key�keyname
�]�...�};
allow-notify�{�address_match_element
;�...�};
forward�(�first�|�only�);
forwarders�[�port�integer
�]�{
(�ipv4_address
�|�ipv6_address
�)�[�port�integer
�];�...
};
max-journal-size�size_no_default
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-retry-time�integer
;
min-retry-time�integer
;
max-refresh-time�integer
;
min-refresh-time�integer
;
multi-master�boolean
;
request-ixfr�boolean
;
sig-validity-interval�integer
;
transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
alt-transfer-source�(�ipv4_address
�|�*�)
[�port�(�integer
�|�*�)�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)
[�port�(�integer
�|�*�)�];
use-alt-transfer-source�boolean
;
zone-statistics�boolean
;
try-tcp-refresh�boolean
;
key-directory�quoted_string
;
nsec3-test-zone�boolean
;��//�testing�only
ixfr-base�quoted_string
;�//�obsolete
ixfr-tmp-file�quoted_string
;�//�obsolete
maintain-ixfr-base�boolean
;�//�obsolete
max-ixfr-log-size�size
;�//�obsolete
pubkey�integer
�integer
�integer
�quoted_string
;�//�obsolete
};
BIND 9.10.4b3