PageRenderTime 61ms CodeModel.GetById 16ms app.highlight 36ms RepoModel.GetById 1ms app.codeStats 1ms

/contrib/bind9/bin/named/named.conf.html

https://bitbucket.org/freebsd/freebsd-head/
HTML | 634 lines | 618 code | 0 blank | 16 comment | 0 complexity | 8ae4653f0dfd43effb249abaec361708 MD5 | raw file
  1<!--
  2 - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
  3 - 
  4 - Permission to use, copy, modify, and/or distribute this software for any
  5 - purpose with or without fee is hereby granted, provided that the above
  6 - copyright notice and this permission notice appear in all copies.
  7 - 
  8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 14 - PERFORMANCE OF THIS SOFTWARE.
 15-->
 16<!-- $Id$ -->
 17<html>
 18<head>
 19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 20<title>named.conf</title>
 21<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 22</head>
 23<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 24<a name="id2476275"></a><div class="titlepage"></div>
 25<div class="refnamediv">
 26<h2>Name</h2>
 27<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
 28</div>
 29<div class="refsynopsisdiv">
 30<h2>Synopsis</h2>
 31<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
 32</div>
 33<div class="refsect1" lang="en">
 34<a name="id2543353"></a><h2>DESCRIPTION</h2>
 35<p><code class="filename">named.conf</code> is the configuration file
 36      for
 37      <span><strong class="command">named</strong></span>.  Statements are enclosed
 38      in braces and terminated with a semi-colon.  Clauses in
 39      the statements are also semi-colon terminated.  The usual
 40      comment styles are supported:
 41    </p>
 42<p>
 43      C style: /* */
 44    </p>
 45<p>
 46      C++ style: // to end of line
 47    </p>
 48<p>
 49      Unix style: # to end of line
 50    </p>
 51</div>
 52<div class="refsect1" lang="en">
 53<a name="id2543381"></a><h2>ACL</h2>
 54<div class="literallayout"><p><br>
 55acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 56<br>
 57</p></div>
 58</div>
 59<div class="refsect1" lang="en">
 60<a name="id2543397"></a><h2>KEY</h2>
 61<div class="literallayout"><p><br>
 62key <em class="replaceable"><code>domain_name</code></em> {<br>
 63	algorithm <em class="replaceable"><code>string</code></em>;<br>
 64	secret <em class="replaceable"><code>string</code></em>;<br>
 65};<br>
 66</p></div>
 67</div>
 68<div class="refsect1" lang="en">
 69<a name="id2543416"></a><h2>MASTERS</h2>
 70<div class="literallayout"><p><br>
 71masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
 72<em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
 73	<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
 74};<br>
 75</p></div>
 76</div>
 77<div class="refsect1" lang="en">
 78<a name="id2543462"></a><h2>SERVER</h2>
 79<div class="literallayout"><p><br>
 80server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
 81	bogus <em class="replaceable"><code>boolean</code></em>;<br>
 82	edns <em class="replaceable"><code>boolean</code></em>;<br>
 83	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
 84	max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
 85	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
 86	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
 87	keys <em class="replaceable"><code>server_key</code></em>;<br>
 88	transfers <em class="replaceable"><code>integer</code></em>;<br>
 89	transfer-format ( many-answers | one-answer );<br>
 90	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
 91		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
 92	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
 93		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
 94<br>
 95	support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
 96};<br>
 97</p></div>
 98</div>
 99<div class="refsect1" lang="en">
100<a name="id2543530"></a><h2>TRUSTED-KEYS</h2>
101<div class="literallayout"><p><br>
102trusted-keys {<br>
103	<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
104};<br>
105</p></div>
106</div>
107<div class="refsect1" lang="en">
108<a name="id2543556"></a><h2>MANAGED-KEYS</h2>
109<div class="literallayout"><p><br>
110managed-keys {<br>
111	<em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
112};<br>
113</p></div>
114</div>
115<div class="refsect1" lang="en">
116<a name="id2543585"></a><h2>CONTROLS</h2>
117<div class="literallayout"><p><br>
118controls {<br>
119	inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
120		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
121		allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
122		[<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
123	unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
124};<br>
125</p></div>
126</div>
127<div class="refsect1" lang="en">
128<a name="id2543620"></a><h2>LOGGING</h2>
129<div class="literallayout"><p><br>
130logging {<br>
131	channel <em class="replaceable"><code>string</code></em> {<br>
132		file <em class="replaceable"><code>log_file</code></em>;<br>
133		syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
134		null;<br>
135		stderr;<br>
136		severity <em class="replaceable"><code>log_severity</code></em>;<br>
137		print-time <em class="replaceable"><code>boolean</code></em>;<br>
138		print-severity <em class="replaceable"><code>boolean</code></em>;<br>
139		print-category <em class="replaceable"><code>boolean</code></em>;<br>
140	};<br>
141	category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
142};<br>
143</p></div>
144</div>
145<div class="refsect1" lang="en">
146<a name="id2543658"></a><h2>LWRES</h2>
147<div class="literallayout"><p><br>
148lwres {<br>
149	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
150<em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
151	};<br>
152	view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
153	search { <em class="replaceable"><code>string</code></em>; ... };<br>
154	ndots <em class="replaceable"><code>integer</code></em>;<br>
155};<br>
156</p></div>
157</div>
158<div class="refsect1" lang="en">
159<a name="id2543700"></a><h2>OPTIONS</h2>
160<div class="literallayout"><p><br>
161options {<br>
162	avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
163	avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
164	blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
165	coresize <em class="replaceable"><code>size</code></em>;<br>
166	datasize <em class="replaceable"><code>size</code></em>;<br>
167	directory <em class="replaceable"><code>quoted_string</code></em>;<br>
168	dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
169	files <em class="replaceable"><code>size</code></em>;<br>
170	heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
171	host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
172	host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
173	hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
174	interface-interval <em class="replaceable"><code>integer</code></em>;<br>
175	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
176	listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
177	match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
178	memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
179	pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
180	port <em class="replaceable"><code>integer</code></em>;<br>
181	querylog <em class="replaceable"><code>boolean</code></em>;<br>
182	recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
183	reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
184	random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
185	recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
186	serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
187	server-id ( <em class="replaceable"><code>quoted_string</code></em> | none |;<br>
188	stacksize <em class="replaceable"><code>size</code></em>;<br>
189	statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
190	statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
191	tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
192	tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
193	tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
194	tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
195	tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
196	tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
197	transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
198	transfers-in <em class="replaceable"><code>integer</code></em>;<br>
199	transfers-out <em class="replaceable"><code>integer</code></em>;<br>
200	use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
201	version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
202	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
203	allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
204	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
205	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
206	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
207	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
208	recursion <em class="replaceable"><code>boolean</code></em>;<br>
209	rrset-order {<br>
210		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
211		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span><em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
212	};<br>
213	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
214	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
215	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
216	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
217	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
218	query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
219	query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
220	use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
221	queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
222	queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
223	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
224	resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
225	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
226	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
227	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
228	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
229	transfer-format ( many-answers | one-answer );<br>
230	max-cache-size <em class="replaceable"><code>size</code></em>;<br>
231	max-acache-size <em class="replaceable"><code>size</code></em>;<br>
232	clients-per-query <em class="replaceable"><code>number</code></em>;<br>
233	max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
234	check-names ( master | slave | response )<br>
235		( fail | warn | ignore );<br>
236	check-mx ( fail | warn | ignore );<br>
237	check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
238	check-mx-cname ( fail | warn | ignore );<br>
239	check-srv-cname ( fail | warn | ignore );<br>
240	cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
241	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
242	preferred-glue <em class="replaceable"><code>string</code></em>;<br>
243	dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
244<em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
245		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
246		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
247	};<br>
248	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
249	max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
250	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
251	disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
252	dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
253	dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
254	dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
255	dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
256	dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
257<br>
258	dns64-server <em class="replaceable"><code>string</code></em>;<br>
259	dns64-contact <em class="replaceable"><code>string</code></em>;<br>
260	dns64 <em class="replaceable"><code>prefix</code></em> {<br>
261		clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
262		exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
263		mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
264		break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
265		recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
266		suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
267	};<br>
268<br>
269	empty-server <em class="replaceable"><code>string</code></em>;<br>
270	empty-contact <em class="replaceable"><code>string</code></em>;<br>
271	empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
272	disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
273<br>
274	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
275	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
276<br>
277	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
278	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
279	allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
280	allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
281	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
282	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
283	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
284	update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
285	dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
286<br>
287	masterfile-format ( text | raw );<br>
288	notify <em class="replaceable"><code>notifytype</code></em>;<br>
289	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
290	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
291	notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
292	notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
293	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
294		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
295	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
296<br>
297	forward ( first | only );<br>
298	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
299<em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
300	};<br>
301<br>
302	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
303	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
304	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
305	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
306	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
307	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
308	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
309	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
310	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
311	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
312<br>
313	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
314	sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
315	sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
316	sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
317	sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
318<br>
319	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
320		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
321	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
322		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
323<br>
324	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
325		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
326	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
327		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
328	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
329<br>
330	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
331	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
332	managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
333	auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>;<br>
334	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
335	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
336	zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
337	dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
338	deny-answer-addresses {<br>
339		<em class="replaceable"><code>address_match_list</code></em><br>
340	} [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
341	deny-answer-aliases {<br>
342		<em class="replaceable"><code>namelist</code></em><br>
343	} [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
344<br>
345	nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
346<br>
347	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
348	deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
349	fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
350	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
351	has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
352	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
353	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
354	multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
355	named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
356	serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
357	treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
358	use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
359};<br>
360</p></div>
361</div>
362<div class="refsect1" lang="en">
363<a name="id2544574"></a><h2>VIEW</h2>
364<div class="literallayout"><p><br>
365view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
366	match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
367	match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
368	match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
369<br>
370	key <em class="replaceable"><code>string</code></em> {<br>
371		algorithm <em class="replaceable"><code>string</code></em>;<br>
372		secret <em class="replaceable"><code>string</code></em>;<br>
373	};<br>
374<br>
375	zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
376		...<br>
377	};<br>
378<br>
379	server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
380		...<br>
381	};<br>
382<br>
383	trusted-keys {<br>
384		<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
385		[<span class="optional">...</span>]<br>
386	};<br>
387<br>
388	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
389	allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
390	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
391	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
392	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
393	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
394	recursion <em class="replaceable"><code>boolean</code></em>;<br>
395	rrset-order {<br>
396		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
397		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span><em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
398	};<br>
399	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
400	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
401	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
402	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
403	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
404	query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
405	query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
406	use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
407	queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
408	queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
409	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
410	resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
411	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
412	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
413	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
414	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
415	transfer-format ( many-answers | one-answer );<br>
416	max-cache-size <em class="replaceable"><code>size</code></em>;<br>
417	max-acache-size <em class="replaceable"><code>size</code></em>;<br>
418	clients-per-query <em class="replaceable"><code>number</code></em>;<br>
419	max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
420	check-names ( master | slave | response )<br>
421		( fail | warn | ignore );<br>
422	check-mx ( fail | warn | ignore );<br>
423	check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
424	check-mx-cname ( fail | warn | ignore );<br>
425	check-srv-cname ( fail | warn | ignore );<br>
426	cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
427	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
428	preferred-glue <em class="replaceable"><code>string</code></em>;<br>
429	dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
430<em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
431		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
432		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
433	};<br>
434	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
435	max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
436	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
437	disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
438	dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
439	dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
440	dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
441	dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
442	dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
443<br>
444	dns64-server <em class="replaceable"><code>string</code></em>;<br>
445	dns64-contact <em class="replaceable"><code>string</code></em>;<br>
446	dns64 <em class="replaceable"><code>prefix</code></em> {<br>
447		clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
448		exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
449		mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
450		break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
451		recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
452		suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
453	};<br>
454<br>
455	empty-server <em class="replaceable"><code>string</code></em>;<br>
456	empty-contact <em class="replaceable"><code>string</code></em>;<br>
457	empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
458	disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
459<br>
460	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
461	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
462<br>
463	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
464	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
465	allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
466	allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
467	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
468	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
469	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
470	update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
471	dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
472<br>
473	masterfile-format ( text | raw );<br>
474	notify <em class="replaceable"><code>notifytype</code></em>;<br>
475	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
476	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
477	notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
478	notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
479	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
480		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
481	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
482<br>
483	forward ( first | only );<br>
484	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
485<em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
486	};<br>
487<br>
488	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
489	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
490	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
491	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
492	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
493	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
494	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
495	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
496	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
497	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
498	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
499<br>
500	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
501		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
502	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
503		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
504<br>
505	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
506		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
507	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
508		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
509	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
510<br>
511	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
512	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
513	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
514	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
515	zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
516	dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
517<br>
518	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
519	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
520	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
521	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
522};<br>
523</p></div>
524</div>
525<div class="refsect1" lang="en">
526<a name="id2545284"></a><h2>ZONE</h2>
527<div class="literallayout"><p><br>
528zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
529	type ( master | slave | stub | hint |<br>
530		forward | delegation-only );<br>
531	file <em class="replaceable"><code>quoted_string</code></em>;<br>
532<br>
533	masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
534<em class="replaceable"><code>masters</code></em> |<br>
535		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
536		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
537	};<br>
538<br>
539	database <em class="replaceable"><code>string</code></em>;<br>
540	delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
541	check-names ( fail | warn | ignore );<br>
542	check-mx ( fail | warn | ignore );<br>
543	check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
544	check-mx-cname ( fail | warn | ignore );<br>
545	check-srv-cname ( fail | warn | ignore );<br>
546	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
547	ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
548	journal <em class="replaceable"><code>quoted_string</code></em>;<br>
549	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
550	dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
551<br>
552	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
553	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
554	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
555	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
556	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
557	update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
558		( grant | deny ) <em class="replaceable"><code>string</code></em><br>
559		( name | subdomain | wildcard | self | selfsub | selfwild |<br>
560                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
561		  tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
562		<em class="replaceable"><code>rrtypelist</code></em>;<br>
563		[<span class="optional">...</span>]<br>
564	}</code></em>;<br>
565	update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
566	dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
567<br>
568	masterfile-format ( text | raw );<br>
569	notify <em class="replaceable"><code>notifytype</code></em>;<br>
570	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
571	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
572	notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
573	notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
574	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
575		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
576	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
577<br>
578	forward ( first | only );<br>
579	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
580<em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
581	};<br>
582<br>
583	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
584	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
585	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
586	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
587	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
588	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
589	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
590	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
591	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
592	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
593	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
594<br>
595	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
596		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
597	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
598		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
599<br>
600	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
601		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
602	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
603		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
604	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
605<br>
606	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
607	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
608	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
609<br>
610	nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
611<br>
612	ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
613	ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
614	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
615	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
616	pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
617};<br>
618</p></div>
619</div>
620<div class="refsect1" lang="en">
621<a name="id2545664"></a><h2>FILES</h2>
622<p><code class="filename">/etc/named.conf</code>
623    </p>
624</div>
625<div class="refsect1" lang="en">
626<a name="id2545675"></a><h2>SEE ALSO</h2>
627<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
628      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
629      <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
630      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
631    </p>
632</div>
633</div></body>
634</html>