NAMED.CONF(5)

NAME

named.conf - configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements

are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL

acl string { address_match_element; ... };

KEY

key domain_name {

algorithm string;

secret string;
};

MASTERS

masters string [ port integer ] {

( masters | ipv4_address [port integer] | ipv6_address [port integer] ) [ key string ]; ...
};

SERVER

server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
bogus boolean;

edns boolean;

edns-udp-size integer;

max-udp-size integer;

provide-ixfr boolean;

request-ixfr boolean;

keys server_key;

transfers integer;

transfer-format ( many-answers | one-answer );

transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
support-ixfr boolean; // obsolete
};

TRUSTED-KEYS

trusted-keys {

domain_name flags protocol algorithm key; ...
};

MANAGED-KEYS

managed-keys {

domain_name initial-key flags protocol algorithm key; ...
};

CONTROLS

controls {

inet ( ipv4_address | ipv6_address | * )
[ port ( integer | * ) ]

allow { address_match_element; ... } [ keys { string; ... } ];
unix unsupported; // not implemented
};

LOGGING

logging {

channel string {
file log_file;

syslog optional_facility;

null;

stderr;

severity log_severity;

print-time boolean;

print-severity boolean;

print-category boolean;
};

category string { string; ... };
};

LWRES

lwres {

listen-on [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};

view string optional_class;

search { string; ... };

ndots integer;
};

OPTIONS

options {

avoid-v4-udp-ports { port; ... };

avoid-v6-udp-ports { port; ... };

blackhole { address_match_element; ... };

coresize size;

datasize size;

directory quoted_string;

dump-file quoted_string;

files size;

heartbeat-interval integer;

host-statistics boolean; // not implemented

host-statistics-max number; // not implemented

hostname ( quoted_string | none );

interface-interval integer;

listen-on [ port integer ] { address_match_element; ... };

listen-on-v6 [ port integer ] { address_match_element; ... };

match-mapped-addresses boolean;

memstatistics-file quoted_string;

pid-file ( quoted_string | none );

port integer;

querylog boolean;

recursing-file quoted_string;

reserved-sockets integer;

random-device quoted_string;

recursive-clients integer;

serial-query-rate integer;

server-id ( quoted_string | none |;

stacksize size;

statistics-file quoted_string;

statistics-interval integer; // not yet implemented tcp-clients integer;

tcp-listen-queue integer;

tkey-dhkey quoted_string integer;

tkey-gssapi-credential quoted_string;

tkey-domain quoted_string;

transfers-per-ns integer;

transfers-in integer;

transfers-out integer;

use-ixfr boolean;

version ( quoted_string | none );

allow-recursion { address_match_element; ... };

allow-recursion-on { address_match_element; ... };

sortlist { address_match_element; ... };

topology { address_match_element; ... }; // not implemented auth-nxdomain boolean; // default changed

minimal-responses boolean;

recursion boolean;

rrset-order {
[ class string ] [ type string ] [ name quoted_string ] string string; ...
};

provide-ixfr boolean;

request-ixfr boolean;

rfc2308-type1 boolean; // not yet implemented

additional-from-auth boolean;

additional-from-cache boolean;

query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];

query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];

use-queryport-pool boolean;

queryport-pool-ports integer;

queryport-pool-updateinterval integer;

cleaning-interval integer;

min-roots integer; // not implemented

lame-ttl integer;

max-ncache-ttl integer;

max-cache-ttl integer;

transfer-format ( many-answers | one-answer );

max-cache-size size;

max-acache-size size;

clients-per-query number;

max-clients-per-query number;

check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );

check-integrity boolean;

check-mx-cname ( fail | warn | ignore );

check-srv-cname ( fail | warn | ignore );

cache-file quoted_string; // test option suppress-initial-notify boolean; // not yet implemented preferred-glue string;

dual-stack-servers [ port integer ] {
( quoted_string [port integer] | ipv4_address [port integer] | ipv6_address [port integer] ); ...
};

edns-udp-size integer;

max-udp-size integer;

root-delegation-only [ exclude { quoted_string; ... } ];

disable-algorithms string { string; ... };

dnssec-enable boolean;

dnssec-validation boolean;

dnssec-lookaside string trust-anchor string;

dnssec-lookaside ( auto | domain trust-anchor domain );

dnssec-must-be-secure string boolean;

dnssec-accept-expired boolean;

empty-server string;

empty-contact string;

empty-zones-enable boolean;

disable-empty-zone string;

dialup dialuptype;

ixfr-from-differences ixfrdiff;

allow-query { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-query-cache { address_match_element; ... };

allow-query-cache-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

update-check-ksk boolean;

dnssec-dnskey-kskonly boolean;

masterfile-format ( text | raw );

notify notifytype;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];

notify-delay seconds;

notify-to-soa boolean;

also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};

max-journal-size size_no_default;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-retry-time integer;

min-retry-time integer;

max-refresh-time integer;

min-refresh-time integer;

multi-master boolean;

sig-validity-interval integer;

sig-re-signing-interval integer;

sig-signing-nodes integer;

sig-signing-signatures integer;

sig-signing-type integer;

transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
alt-transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
alt-transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
use-alt-transfer-source boolean;

zone-statistics boolean;

key-directory quoted_string;

managed-keys-directory quoted_string;

auto-dnssec allow|maintain|create|off;

try-tcp-refresh boolean;

zero-no-soa-ttl boolean;

zero-no-soa-ttl-cache boolean;

dnssec-secure-to-insecure boolean;

deny-answer-addresses {
address_match_list
} [ except-from { namelist } ];

deny-answer-aliases {
namelist
} [ except-from { namelist } ];

nsec3-test-zone boolean; // testing only

allow-v6-synthesis { address_match_element; ... }; // obsolete deallocate-on-exit boolean; // obsolete

fake-iquery boolean; // obsolete

fetch-glue boolean; // obsolete

has-old-clients boolean; // obsolete

maintain-ixfr-base boolean; // obsolete

max-ixfr-log-size size; // obsolete

multiple-cnames boolean; // obsolete

named-xfer quoted_string; // obsolete serial-queries integer; // obsolete

treat-cr-as-space boolean; // obsolete

use-id-pool boolean; // obsolete
};

VIEW

view string optional_class {
match-clients { address_match_element; ... };

match-destinations { address_match_element; ... };

match-recursive-only boolean;

key string {
algorithm string;

secret string;
};

zone string optional_class {
...
};

server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
...
};

trusted-keys {
string integer integer integer quoted_string;

[...]
};

allow-recursion { address_match_element; ... };

allow-recursion-on { address_match_element; ... };

sortlist { address_match_element; ... };

topology { address_match_element; ... }; // not implemented auth-nxdomain boolean; // default changed

minimal-responses boolean;

recursion boolean;

rrset-order {
[ class string ] [ type string ] [ name quoted_string ] string string; ...
};

provide-ixfr boolean;

request-ixfr boolean;

rfc2308-type1 boolean; // not yet implemented

additional-from-auth boolean;

additional-from-cache boolean;

query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];

query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];

use-queryport-pool boolean;

queryport-pool-ports integer;

queryport-pool-updateinterval integer;

cleaning-interval integer;

min-roots integer; // not implemented

lame-ttl integer;

max-ncache-ttl integer;

max-cache-ttl integer;

transfer-format ( many-answers | one-answer );

max-cache-size size;

max-acache-size size;

clients-per-query number;

max-clients-per-query number;

check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );

check-integrity boolean;

check-mx-cname ( fail | warn | ignore );

check-srv-cname ( fail | warn | ignore );

cache-file quoted_string; // test option suppress-initial-notify boolean; // not yet implemented preferred-glue string;

dual-stack-servers [ port integer ] {
( quoted_string [port integer] | ipv4_address [port integer] | ipv6_address [port integer] ); ...
};

edns-udp-size integer;

max-udp-size integer;

root-delegation-only [ exclude { quoted_string; ... } ];

disable-algorithms string { string; ... };

dnssec-enable boolean;

dnssec-validation boolean;

dnssec-lookaside string trust-anchor string;

dnssec-must-be-secure string boolean;

dnssec-accept-expired boolean;

empty-server string;

empty-contact string;

empty-zones-enable boolean;

disable-empty-zone string;

dialup dialuptype;

ixfr-from-differences ixfrdiff;

allow-query { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-query-cache { address_match_element; ... };

allow-query-cache-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

update-check-ksk boolean;

dnssec-dnskey-kskonly boolean;

masterfile-format ( text | raw );

notify notifytype;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];

notify-delay seconds;

notify-to-soa boolean;

also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};

max-journal-size size_no_default;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-retry-time integer;

min-retry-time integer;

max-refresh-time integer;

min-refresh-time integer;

multi-master boolean;

sig-validity-interval integer;

transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
alt-transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
alt-transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
use-alt-transfer-source boolean;

zone-statistics boolean;

try-tcp-refresh boolean;

key-directory quoted_string;

zero-no-soa-ttl boolean;

zero-no-soa-ttl-cache boolean;

dnssec-secure-to-insecure boolean;

allow-v6-synthesis { address_match_element; ... }; // obsolete fetch-glue boolean; // obsolete

maintain-ixfr-base boolean; // obsolete

max-ixfr-log-size size; // obsolete
};

ZONE

zone string optional_class {
type ( master | slave | stub | hint |
forward | delegation-only );
file quoted_string;

masters [ port integer ] {
( masters |

ipv4_address [port integer] | ipv6_address [ port integer ] ) [ key string ]; ...
};

database string;

delegation-only boolean;

check-names ( fail | warn | ignore );

check-mx ( fail | warn | ignore );

check-integrity boolean;

check-mx-cname ( fail | warn | ignore );

check-srv-cname ( fail | warn | ignore );

dialup dialuptype;

ixfr-from-differences boolean;

journal quoted_string;

zero-no-soa-ttl boolean;

dnssec-secure-to-insecure boolean;

allow-query { address_match_element; ... };

allow-query-on { address_match_element; ... };

allow-transfer { address_match_element; ... };

allow-update { address_match_element; ... };

allow-update-forwarding { address_match_element; ... };

update-policy local | {
( grant | deny ) string ( name | subdomain | wildcard | self | selfsub | selfwild |
krb5-self | ms-self | krb5-subdomain | ms-subdomain |
tcp-self | zonesub | 6to4-self ) string
rrtypelist;

[...]
};

update-check-ksk boolean;

dnssec-dnskey-kskonly boolean;

masterfile-format ( text | raw );

notify notifytype;

notify-source ( ipv4_address | * ) [ port ( integer | * ) ];

notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];

notify-delay seconds;

notify-to-soa boolean;

also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};

max-journal-size size_no_default;

max-transfer-time-in integer;

max-transfer-time-out integer;

max-transfer-idle-in integer;

max-transfer-idle-out integer;

max-retry-time integer;

min-retry-time integer;

max-refresh-time integer;

min-refresh-time integer;

multi-master boolean;

sig-validity-interval integer;

transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
alt-transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
alt-transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
use-alt-transfer-source boolean;

zone-statistics boolean;

try-tcp-refresh boolean;

key-directory quoted_string;

nsec3-test-zone boolean; // testing only

ixfr-base quoted_string; // obsolete ixfr-tmp-file quoted_string; // obsolete maintain-ixfr-base boolean; // obsolete

max-ixfr-log-size size; // obsolete

pubkey integer integer integer quoted_string; // obsolete
};

FILES

/etc/named.conf

SEE ALSO

named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference Manual.

COPYRIGHT

Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")

BIND9 Aug 13, 2004 NAMED.CONF(5)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout