named.conf.html - This HTML code outputs a manual page for …

/contrib/bind9/bin/named/named.conf.html

https://bitbucket.org/freebsd/freebsd-head/ · HTML · 634 lines · 618 code · 0 blank · 16 comment · 0 complexity · 8ae4653f0dfd43effb249abaec361708 MD5 · raw file

<!--
 - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
 - 
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 - 
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="id2476275"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543353"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
      for
      <span><strong class="command">named</strong></span>.  Statements are enclosed
      in braces and terminated with a semi-colon.  Clauses in
      the statements are also semi-colon terminated.  The usual
      comment styles are supported:
    </p>
<p>
      C style: /* */
    </p>
<p>
      C++ style: // to end of line
    </p>
<p>
      Unix style: # to end of line
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2543381"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543397"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
	algorithm <em class="replaceable"><code>string</code></em>;<br>
	secret <em class="replaceable"><code>string</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543416"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
	( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
	<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543462"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
	bogus <em class="replaceable"><code>boolean</code></em>;<br>
	edns <em class="replaceable"><code>boolean</code></em>;<br>
	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
	max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	keys <em class="replaceable"><code>server_key</code></em>;<br>
	transfers <em class="replaceable"><code>integer</code></em>;<br>
	transfer-format ( many-answers | one-answer );<br>
	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
	support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543530"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
	<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543556"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys {<br>
	<em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543585"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
	inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
		allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
		[<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
	unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543620"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
	channel <em class="replaceable"><code>string</code></em> {<br>
		file <em class="replaceable"><code>log_file</code></em>;<br>
		syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
		null;<br>
		stderr;<br>
		severity <em class="replaceable"><code>log_severity</code></em>;<br>
		print-time <em class="replaceable"><code>boolean</code></em>;<br>
		print-severity <em class="replaceable"><code>boolean</code></em>;<br>
		print-category <em class="replaceable"><code>boolean</code></em>;<br>
	};<br>
	category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543658"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
	};<br>
	view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
	search { <em class="replaceable"><code>string</code></em>; ... };<br>
	ndots <em class="replaceable"><code>integer</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543700"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
	avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
	avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
	blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	coresize <em class="replaceable"><code>size</code></em>;<br>
	datasize <em class="replaceable"><code>size</code></em>;<br>
	directory <em class="replaceable"><code>quoted_string</code></em>;<br>
	dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
	files <em class="replaceable"><code>size</code></em>;<br>
	heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
	host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
	host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
	hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
	interface-interval <em class="replaceable"><code>integer</code></em>;<br>
	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
	memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
	pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
	port <em class="replaceable"><code>integer</code></em>;<br>
	querylog <em class="replaceable"><code>boolean</code></em>;<br>
	recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
	reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
	random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
	recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
	serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
	server-id ( <em class="replaceable"><code>quoted_string</code></em> | none |;<br>
	stacksize <em class="replaceable"><code>size</code></em>;<br>
	statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
	statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
	tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
	tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
	tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
	tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
	tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
	tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
	transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
	transfers-in <em class="replaceable"><code>integer</code></em>;<br>
	transfers-out <em class="replaceable"><code>integer</code></em>;<br>
	use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
	recursion <em class="replaceable"><code>boolean</code></em>;<br>
	rrset-order {<br>
		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
	};<br>
	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
	query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
	queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
	queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
	resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
	transfer-format ( many-answers | one-answer );<br>
	max-cache-size <em class="replaceable"><code>size</code></em>;<br>
	max-acache-size <em class="replaceable"><code>size</code></em>;<br>
	clients-per-query <em class="replaceable"><code>number</code></em>;<br>
	max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
	check-names ( master | slave | response )<br>
		( fail | warn | ignore );<br>
	check-mx ( fail | warn | ignore );<br>
	check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
	check-mx-cname ( fail | warn | ignore );<br>
	check-srv-cname ( fail | warn | ignore );<br>
	cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
	preferred-glue <em class="replaceable"><code>string</code></em>;<br>
	dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
	};<br>
	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
	max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
	disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
	dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
	dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	dns64-server <em class="replaceable"><code>string</code></em>;<br>
	dns64-contact <em class="replaceable"><code>string</code></em>;<br>
	dns64 <em class="replaceable"><code>prefix</code></em> {<br>
		clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
		exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
		mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
		break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
		recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
		suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
	};<br>
<br>
	empty-server <em class="replaceable"><code>string</code></em>;<br>
	empty-contact <em class="replaceable"><code>string</code></em>;<br>
	empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
	disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
<br>
	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
<br>
	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	masterfile-format ( text | raw );<br>
	notify <em class="replaceable"><code>notifytype</code></em>;<br>
	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
	notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
	forward ( first | only );<br>
	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
	};<br>
<br>
	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
	sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
	sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
	sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
	sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
<br>
	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
	managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
	auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>;<br>
	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
	zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
	deny-answer-addresses {<br>
		<em class="replaceable"><code>address_match_list</code></em><br>
	} [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
	deny-answer-aliases {<br>
		<em class="replaceable"><code>namelist</code></em><br>
	} [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
<br>
	nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
<br>
	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
	deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
	multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
	serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
	treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544574"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
	match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	key <em class="replaceable"><code>string</code></em> {<br>
		algorithm <em class="replaceable"><code>string</code></em>;<br>
		secret <em class="replaceable"><code>string</code></em>;<br>
	};<br>
<br>
	zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
		...<br>
	};<br>
<br>
	server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
		...<br>
	};<br>
<br>
	trusted-keys {<br>
		<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
		[<span class="optional">...</span>]<br>
	};<br>
<br>
	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
	recursion <em class="replaceable"><code>boolean</code></em>;<br>
	rrset-order {<br>
		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
	};<br>
	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
	query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
	queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
	queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
	resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
	transfer-format ( many-answers | one-answer );<br>
	max-cache-size <em class="replaceable"><code>size</code></em>;<br>
	max-acache-size <em class="replaceable"><code>size</code></em>;<br>
	clients-per-query <em class="replaceable"><code>number</code></em>;<br>
	max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
	check-names ( master | slave | response )<br>
		( fail | warn | ignore );<br>
	check-mx ( fail | warn | ignore );<br>
	check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
	check-mx-cname ( fail | warn | ignore );<br>
	check-srv-cname ( fail | warn | ignore );<br>
	cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
	preferred-glue <em class="replaceable"><code>string</code></em>;<br>
	dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
	};<br>
	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
	max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
	disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
	dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
	dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	dns64-server <em class="replaceable"><code>string</code></em>;<br>
	dns64-contact <em class="replaceable"><code>string</code></em>;<br>
	dns64 <em class="replaceable"><code>prefix</code></em> {<br>
		clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
		exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
		mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
		break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
		recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
		suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
	};<br>
<br>
	empty-server <em class="replaceable"><code>string</code></em>;<br>
	empty-contact <em class="replaceable"><code>string</code></em>;<br>
	empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
	disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
<br>
	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
<br>
	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	masterfile-format ( text | raw );<br>
	notify <em class="replaceable"><code>notifytype</code></em>;<br>
	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
	notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
	forward ( first | only );<br>
	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
	};<br>
<br>
	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
<br>
	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
	zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545284"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
	type ( master | slave | stub | hint |<br>
		forward | delegation-only );<br>
	file <em class="replaceable"><code>quoted_string</code></em>;<br>
<br>
	masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>masters</code></em> |<br>
		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
	};<br>
<br>
	database <em class="replaceable"><code>string</code></em>;<br>
	delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
	check-names ( fail | warn | ignore );<br>
	check-mx ( fail | warn | ignore );<br>
	check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
	check-mx-cname ( fail | warn | ignore );<br>
	check-srv-cname ( fail | warn | ignore );<br>
	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
	ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
	journal <em class="replaceable"><code>quoted_string</code></em>;<br>
	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
	update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
		( grant | deny ) <em class="replaceable"><code>string</code></em><br>
		( name | subdomain | wildcard | self | selfsub | selfwild |<br>
                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
		  tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
		<em class="replaceable"><code>rrtypelist</code></em>;<br>
		[<span class="optional">...</span>]<br>
	}</code></em>;<br>
	update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
	dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	masterfile-format ( text | raw );<br>
	notify <em class="replaceable"><code>notifytype</code></em>;<br>
	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
	notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
	forward ( first | only );<br>
	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
	};<br>
<br>
	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
<br>
	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
<br>
	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
<br>
	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
<br>
	nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
<br>
	ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
	ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
	pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545664"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2545675"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
</div>
</div></body>
</html>
Summary ✨

This HTML code outputs a manual page for the named configuration file, detailing its syntax and options. It provides a reference guide for configuring the BIND 9 DNS server software, including settings such as transfer sources, zone statistics, and security parameters. The output is formatted to resemble a traditional Unix manual page.
Alerts (6)

'<font' Deprecated HTML tag detected; use CSS for styling instead
261 262 263 447 448 449