/contrib/bind9/bin/named/named.conf.html
HTML | 634 lines | 618 code | 0 blank | 16 comment | 0 complexity | 8ae4653f0dfd43effb249abaec361708 MD5 | raw file
1<!-- 2 - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") 3 - 4 - Permission to use, copy, modify, and/or distribute this software for any 5 - purpose with or without fee is hereby granted, provided that the above 6 - copyright notice and this permission notice appear in all copies. 7 - 8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 - PERFORMANCE OF THIS SOFTWARE. 15--> 16<!-- $Id$ --> 17<html> 18<head> 19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 20<title>named.conf</title> 21<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 22</head> 23<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> 24<a name="id2476275"></a><div class="titlepage"></div> 25<div class="refnamediv"> 26<h2>Name</h2> 27<p><code class="filename">named.conf</code> — configuration file for named</p> 28</div> 29<div class="refsynopsisdiv"> 30<h2>Synopsis</h2> 31<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> 32</div> 33<div class="refsect1" lang="en"> 34<a name="id2543353"></a><h2>DESCRIPTION</h2> 35<p><code class="filename">named.conf</code> is the configuration file 36 for 37 <span><strong class="command">named</strong></span>. Statements are enclosed 38 in braces and terminated with a semi-colon. Clauses in 39 the statements are also semi-colon terminated. The usual 40 comment styles are supported: 41 </p> 42<p> 43 C style: /* */ 44 </p> 45<p> 46 C++ style: // to end of line 47 </p> 48<p> 49 Unix style: # to end of line 50 </p> 51</div> 52<div class="refsect1" lang="en"> 53<a name="id2543381"></a><h2>ACL</h2> 54<div class="literallayout"><p><br> 55acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 56<br> 57</p></div> 58</div> 59<div class="refsect1" lang="en"> 60<a name="id2543397"></a><h2>KEY</h2> 61<div class="literallayout"><p><br> 62key <em class="replaceable"><code>domain_name</code></em> {<br> 63 algorithm <em class="replaceable"><code>string</code></em>;<br> 64 secret <em class="replaceable"><code>string</code></em>;<br> 65};<br> 66</p></div> 67</div> 68<div class="refsect1" lang="en"> 69<a name="id2543416"></a><h2>MASTERS</h2> 70<div class="literallayout"><p><br> 71masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 72 ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> 73 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br> 74};<br> 75</p></div> 76</div> 77<div class="refsect1" lang="en"> 78<a name="id2543462"></a><h2>SERVER</h2> 79<div class="literallayout"><p><br> 80server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> 81 bogus <em class="replaceable"><code>boolean</code></em>;<br> 82 edns <em class="replaceable"><code>boolean</code></em>;<br> 83 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br> 84 max-udp-size <em class="replaceable"><code>integer</code></em>;<br> 85 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 86 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 87 keys <em class="replaceable"><code>server_key</code></em>;<br> 88 transfers <em class="replaceable"><code>integer</code></em>;<br> 89 transfer-format ( many-answers | one-answer );<br> 90 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 91 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 92 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 93 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 94<br> 95 support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 96};<br> 97</p></div> 98</div> 99<div class="refsect1" lang="en"> 100<a name="id2543530"></a><h2>TRUSTED-KEYS</h2> 101<div class="literallayout"><p><br> 102trusted-keys {<br> 103 <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> 104};<br> 105</p></div> 106</div> 107<div class="refsect1" lang="en"> 108<a name="id2543556"></a><h2>MANAGED-KEYS</h2> 109<div class="literallayout"><p><br> 110managed-keys {<br> 111 <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> 112};<br> 113</p></div> 114</div> 115<div class="refsect1" lang="en"> 116<a name="id2543585"></a><h2>CONTROLS</h2> 117<div class="literallayout"><p><br> 118controls {<br> 119 inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 120 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br> 121 allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br> 122 [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br> 123 unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br> 124};<br> 125</p></div> 126</div> 127<div class="refsect1" lang="en"> 128<a name="id2543620"></a><h2>LOGGING</h2> 129<div class="literallayout"><p><br> 130logging {<br> 131 channel <em class="replaceable"><code>string</code></em> {<br> 132 file <em class="replaceable"><code>log_file</code></em>;<br> 133 syslog <em class="replaceable"><code>optional_facility</code></em>;<br> 134 null;<br> 135 stderr;<br> 136 severity <em class="replaceable"><code>log_severity</code></em>;<br> 137 print-time <em class="replaceable"><code>boolean</code></em>;<br> 138 print-severity <em class="replaceable"><code>boolean</code></em>;<br> 139 print-category <em class="replaceable"><code>boolean</code></em>;<br> 140 };<br> 141 category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> 142};<br> 143</p></div> 144</div> 145<div class="refsect1" lang="en"> 146<a name="id2543658"></a><h2>LWRES</h2> 147<div class="literallayout"><p><br> 148lwres {<br> 149 listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 150 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> 151 };<br> 152 view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br> 153 search { <em class="replaceable"><code>string</code></em>; ... };<br> 154 ndots <em class="replaceable"><code>integer</code></em>;<br> 155};<br> 156</p></div> 157</div> 158<div class="refsect1" lang="en"> 159<a name="id2543700"></a><h2>OPTIONS</h2> 160<div class="literallayout"><p><br> 161options {<br> 162 avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> 163 avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> 164 blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 165 coresize <em class="replaceable"><code>size</code></em>;<br> 166 datasize <em class="replaceable"><code>size</code></em>;<br> 167 directory <em class="replaceable"><code>quoted_string</code></em>;<br> 168 dump-file <em class="replaceable"><code>quoted_string</code></em>;<br> 169 files <em class="replaceable"><code>size</code></em>;<br> 170 heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br> 171 host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br> 172 host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br> 173 hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br> 174 interface-interval <em class="replaceable"><code>integer</code></em>;<br> 175 listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 176 listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 177 match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br> 178 memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br> 179 pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br> 180 port <em class="replaceable"><code>integer</code></em>;<br> 181 querylog <em class="replaceable"><code>boolean</code></em>;<br> 182 recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br> 183 reserved-sockets <em class="replaceable"><code>integer</code></em>;<br> 184 random-device <em class="replaceable"><code>quoted_string</code></em>;<br> 185 recursive-clients <em class="replaceable"><code>integer</code></em>;<br> 186 serial-query-rate <em class="replaceable"><code>integer</code></em>;<br> 187 server-id ( <em class="replaceable"><code>quoted_string</code></em> | none |;<br> 188 stacksize <em class="replaceable"><code>size</code></em>;<br> 189 statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br> 190 statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br> 191 tcp-clients <em class="replaceable"><code>integer</code></em>;<br> 192 tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br> 193 tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br> 194 tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br> 195 tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br> 196 tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br> 197 transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br> 198 transfers-in <em class="replaceable"><code>integer</code></em>;<br> 199 transfers-out <em class="replaceable"><code>integer</code></em>;<br> 200 use-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 201 version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br> 202 allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 203 allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 204 sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 205 topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br> 206 auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br> 207 minimal-responses <em class="replaceable"><code>boolean</code></em>;<br> 208 recursion <em class="replaceable"><code>boolean</code></em>;<br> 209 rrset-order {<br> 210 [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br> 211 [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br> 212 };<br> 213 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 214 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 215 rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br> 216 additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br> 217 additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br> 218 query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 219 query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 220 use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br> 221 queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br> 222 queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br> 223 cleaning-interval <em class="replaceable"><code>integer</code></em>;<br> 224 resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br> 225 min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br> 226 lame-ttl <em class="replaceable"><code>integer</code></em>;<br> 227 max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br> 228 max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br> 229 transfer-format ( many-answers | one-answer );<br> 230 max-cache-size <em class="replaceable"><code>size</code></em>;<br> 231 max-acache-size <em class="replaceable"><code>size</code></em>;<br> 232 clients-per-query <em class="replaceable"><code>number</code></em>;<br> 233 max-clients-per-query <em class="replaceable"><code>number</code></em>;<br> 234 check-names ( master | slave | response )<br> 235 ( fail | warn | ignore );<br> 236 check-mx ( fail | warn | ignore );<br> 237 check-integrity <em class="replaceable"><code>boolean</code></em>;<br> 238 check-mx-cname ( fail | warn | ignore );<br> 239 check-srv-cname ( fail | warn | ignore );<br> 240 cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br> 241 suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br> 242 preferred-glue <em class="replaceable"><code>string</code></em>;<br> 243 dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 244 ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> 245 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> 246 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br> 247 };<br> 248 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br> 249 max-udp-size <em class="replaceable"><code>integer</code></em>;<br> 250 root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br> 251 disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> 252 dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br> 253 dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br> 254 dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> 255 dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br> 256 dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br> 257<br> 258 dns64-server <em class="replaceable"><code>string</code></em>;<br> 259 dns64-contact <em class="replaceable"><code>string</code></em>;<br> 260 dns64 <em class="replaceable"><code>prefix</code></em> {<br> 261 clients { <font color="red"><replacable>acl</replacable></font>; };<br> 262 exclude { <font color="red"><replacable>acl</replacable></font>; };<br> 263 mapped { <font color="red"><replacable>acl</replacable></font>; };<br> 264 break-dnssec <em class="replaceable"><code>boolean</code></em>;<br> 265 recursive-only <em class="replaceable"><code>boolean</code></em>;<br> 266 suffix <em class="replaceable"><code>ipv6_address</code></em>;<br> 267 };<br> 268<br> 269 empty-server <em class="replaceable"><code>string</code></em>;<br> 270 empty-contact <em class="replaceable"><code>string</code></em>;<br> 271 empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br> 272 disable-empty-zone <em class="replaceable"><code>string</code></em>;<br> 273<br> 274 dialup <em class="replaceable"><code>dialuptype</code></em>;<br> 275 ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br> 276<br> 277 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 278 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 279 allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 280 allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 281 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 282 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 283 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 284 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br> 285 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br> 286<br> 287 masterfile-format ( text | raw );<br> 288 notify <em class="replaceable"><code>notifytype</code></em>;<br> 289 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 290 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 291 notify-delay <em class="replaceable"><code>seconds</code></em>;<br> 292 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br> 293 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br> 294 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br> 295 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 296<br> 297 forward ( first | only );<br> 298 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 299 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> 300 };<br> 301<br> 302 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br> 303 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br> 304 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br> 305 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br> 306 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br> 307 max-retry-time <em class="replaceable"><code>integer</code></em>;<br> 308 min-retry-time <em class="replaceable"><code>integer</code></em>;<br> 309 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br> 310 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br> 311 multi-master <em class="replaceable"><code>boolean</code></em>;<br> 312<br> 313 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br> 314 sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br> 315 sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br> 316 sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br> 317 sig-signing-type <em class="replaceable"><code>integer</code></em>;<br> 318<br> 319 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 320 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 321 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 322 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 323<br> 324 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 325 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 326 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 327 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 328 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br> 329<br> 330 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br> 331 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br> 332 managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br> 333 auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>;<br> 334 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br> 335 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br> 336 zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br> 337 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br> 338 deny-answer-addresses {<br> 339 <em class="replaceable"><code>address_match_list</code></em><br> 340 } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br> 341 deny-answer-aliases {<br> 342 <em class="replaceable"><code>namelist</code></em><br> 343 } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br> 344<br> 345 nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br> 346<br> 347 allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br> 348 deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 349 fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 350 fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 351 has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 352 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 353 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br> 354 multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 355 named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br> 356 serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br> 357 treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 358 use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 359};<br> 360</p></div> 361</div> 362<div class="refsect1" lang="en"> 363<a name="id2544574"></a><h2>VIEW</h2> 364<div class="literallayout"><p><br> 365view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> 366 match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 367 match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 368 match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br> 369<br> 370 key <em class="replaceable"><code>string</code></em> {<br> 371 algorithm <em class="replaceable"><code>string</code></em>;<br> 372 secret <em class="replaceable"><code>string</code></em>;<br> 373 };<br> 374<br> 375 zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> 376 ...<br> 377 };<br> 378<br> 379 server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> 380 ...<br> 381 };<br> 382<br> 383 trusted-keys {<br> 384 <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br> 385 [<span class="optional">...</span>]<br> 386 };<br> 387<br> 388 allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 389 allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 390 sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 391 topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br> 392 auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br> 393 minimal-responses <em class="replaceable"><code>boolean</code></em>;<br> 394 recursion <em class="replaceable"><code>boolean</code></em>;<br> 395 rrset-order {<br> 396 [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br> 397 [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br> 398 };<br> 399 provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 400 request-ixfr <em class="replaceable"><code>boolean</code></em>;<br> 401 rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br> 402 additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br> 403 additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br> 404 query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 405 query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 406 use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br> 407 queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br> 408 queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br> 409 cleaning-interval <em class="replaceable"><code>integer</code></em>;<br> 410 resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br> 411 min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br> 412 lame-ttl <em class="replaceable"><code>integer</code></em>;<br> 413 max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br> 414 max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br> 415 transfer-format ( many-answers | one-answer );<br> 416 max-cache-size <em class="replaceable"><code>size</code></em>;<br> 417 max-acache-size <em class="replaceable"><code>size</code></em>;<br> 418 clients-per-query <em class="replaceable"><code>number</code></em>;<br> 419 max-clients-per-query <em class="replaceable"><code>number</code></em>;<br> 420 check-names ( master | slave | response )<br> 421 ( fail | warn | ignore );<br> 422 check-mx ( fail | warn | ignore );<br> 423 check-integrity <em class="replaceable"><code>boolean</code></em>;<br> 424 check-mx-cname ( fail | warn | ignore );<br> 425 check-srv-cname ( fail | warn | ignore );<br> 426 cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br> 427 suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br> 428 preferred-glue <em class="replaceable"><code>string</code></em>;<br> 429 dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 430 ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> 431 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> 432 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br> 433 };<br> 434 edns-udp-size <em class="replaceable"><code>integer</code></em>;<br> 435 max-udp-size <em class="replaceable"><code>integer</code></em>;<br> 436 root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br> 437 disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> 438 dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br> 439 dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br> 440 dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> 441 dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br> 442 dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br> 443<br> 444 dns64-server <em class="replaceable"><code>string</code></em>;<br> 445 dns64-contact <em class="replaceable"><code>string</code></em>;<br> 446 dns64 <em class="replaceable"><code>prefix</code></em> {<br> 447 clients { <font color="red"><replacable>acl</replacable></font>; };<br> 448 exclude { <font color="red"><replacable>acl</replacable></font>; };<br> 449 mapped { <font color="red"><replacable>acl</replacable></font>; };<br> 450 break-dnssec <em class="replaceable"><code>boolean</code></em>;<br> 451 recursive-only <em class="replaceable"><code>boolean</code></em>;<br> 452 suffix <em class="replaceable"><code>ipv6_address</code></em>;<br> 453 };<br> 454<br> 455 empty-server <em class="replaceable"><code>string</code></em>;<br> 456 empty-contact <em class="replaceable"><code>string</code></em>;<br> 457 empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br> 458 disable-empty-zone <em class="replaceable"><code>string</code></em>;<br> 459<br> 460 dialup <em class="replaceable"><code>dialuptype</code></em>;<br> 461 ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br> 462<br> 463 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 464 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 465 allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 466 allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 467 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 468 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 469 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 470 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br> 471 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br> 472<br> 473 masterfile-format ( text | raw );<br> 474 notify <em class="replaceable"><code>notifytype</code></em>;<br> 475 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 476 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 477 notify-delay <em class="replaceable"><code>seconds</code></em>;<br> 478 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br> 479 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br> 480 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br> 481 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 482<br> 483 forward ( first | only );<br> 484 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 485 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> 486 };<br> 487<br> 488 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br> 489 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br> 490 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br> 491 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br> 492 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br> 493 max-retry-time <em class="replaceable"><code>integer</code></em>;<br> 494 min-retry-time <em class="replaceable"><code>integer</code></em>;<br> 495 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br> 496 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br> 497 multi-master <em class="replaceable"><code>boolean</code></em>;<br> 498 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br> 499<br> 500 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 501 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 502 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 503 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 504<br> 505 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 506 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 507 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 508 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 509 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br> 510<br> 511 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br> 512 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br> 513 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br> 514 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br> 515 zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br> 516 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br> 517<br> 518 allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br> 519 fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 520 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 521 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br> 522};<br> 523</p></div> 524</div> 525<div class="refsect1" lang="en"> 526<a name="id2545284"></a><h2>ZONE</h2> 527<div class="literallayout"><p><br> 528zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> 529 type ( master | slave | stub | hint |<br> 530 forward | delegation-only );<br> 531 file <em class="replaceable"><code>quoted_string</code></em>;<br> 532<br> 533 masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 534 ( <em class="replaceable"><code>masters</code></em> |<br> 535 <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> 536 <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br> 537 };<br> 538<br> 539 database <em class="replaceable"><code>string</code></em>;<br> 540 delegation-only <em class="replaceable"><code>boolean</code></em>;<br> 541 check-names ( fail | warn | ignore );<br> 542 check-mx ( fail | warn | ignore );<br> 543 check-integrity <em class="replaceable"><code>boolean</code></em>;<br> 544 check-mx-cname ( fail | warn | ignore );<br> 545 check-srv-cname ( fail | warn | ignore );<br> 546 dialup <em class="replaceable"><code>dialuptype</code></em>;<br> 547 ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br> 548 journal <em class="replaceable"><code>quoted_string</code></em>;<br> 549 zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br> 550 dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br> 551<br> 552 allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 553 allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 554 allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 555 allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 556 allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 557 update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br> 558 ( grant | deny ) <em class="replaceable"><code>string</code></em><br> 559 ( name | subdomain | wildcard | self | selfsub | selfwild |<br> 560 krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br> 561 tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br> 562 <em class="replaceable"><code>rrtypelist</code></em>;<br> 563 [<span class="optional">...</span>]<br> 564 }</code></em>;<br> 565 update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br> 566 dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br> 567<br> 568 masterfile-format ( text | raw );<br> 569 notify <em class="replaceable"><code>notifytype</code></em>;<br> 570 notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 571 notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 572 notify-delay <em class="replaceable"><code>seconds</code></em>;<br> 573 notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br> 574 also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br> 575 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br> 576 allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> 577<br> 578 forward ( first | only );<br> 579 forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> 580 ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> 581 };<br> 582<br> 583 max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br> 584 max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br> 585 max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br> 586 max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br> 587 max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br> 588 max-retry-time <em class="replaceable"><code>integer</code></em>;<br> 589 min-retry-time <em class="replaceable"><code>integer</code></em>;<br> 590 max-refresh-time <em class="replaceable"><code>integer</code></em>;<br> 591 min-refresh-time <em class="replaceable"><code>integer</code></em>;<br> 592 multi-master <em class="replaceable"><code>boolean</code></em>;<br> 593 sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br> 594<br> 595 transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 596 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 597 transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 598 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 599<br> 600 alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br> 601 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 602 alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br> 603 [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br> 604 use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br> 605<br> 606 zone-statistics <em class="replaceable"><code>boolean</code></em>;<br> 607 try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br> 608 key-directory <em class="replaceable"><code>quoted_string</code></em>;<br> 609<br> 610 nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br> 611<br> 612 ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br> 613 ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br> 614 maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br> 615 max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br> 616 pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br> 617};<br> 618</p></div> 619</div> 620<div class="refsect1" lang="en"> 621<a name="id2545664"></a><h2>FILES</h2> 622<p><code class="filename">/etc/named.conf</code> 623 </p> 624</div> 625<div class="refsect1" lang="en"> 626<a name="id2545675"></a><h2>SEE ALSO</h2> 627<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 628 <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, 629 <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, 630 <em class="citetitle">BIND 9 Administrator Reference Manual</em>. 631 </p> 632</div> 633</div></body> 634</html>