.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "NAMED.CONF" "5" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
.SH NAME
named.conf \- configuration file for **named**
.SH SYNOPSIS
.sp
\fBnamed.conf\fP
.SH DESCRIPTION
.sp
\fBnamed.conf\fP is the configuration file for \fBnamed\fP\&. Statements are
enclosed in braces and terminated with a semi\-colon. Clauses in the
statements are also semi\-colon terminated. The usual comment styles are
supported:
.sp
C style: /* */
.INDENT 0.0
.INDENT 3.5
C++ style: // to end of line
.UNINDENT
.UNINDENT
.sp
Unix style: # to end of line
.SS ACL
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
acl string { address_match_element; ... };
.ft P
.fi
.UNINDENT
.UNINDENT
.SS CONTROLS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
controls {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] allow
{ address_match_element; ... } [
keys { string; ... } ] [ read\-only
boolean ];
unix quoted_string perm integer
owner integer group integer [
keys { string; ... } ] [ read\-only
boolean ];
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS DLZ
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
dlz string {
database string;
search boolean;
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS DNSSEC\-POLICY
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
dnssec\-policy string {
dnskey\-ttl duration;
keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime
duration_or_unlimited algorithm string [ integer ]; ... };
max\-zone\-ttl duration;
nsec3param [ iterations integer ] [ optout boolean ] [
salt\-length integer ];
parent\-ds\-ttl duration;
parent\-propagation\-delay duration;
publish\-safety duration;
purge\-keys duration;
retire\-safety duration;
signatures\-refresh duration;
signatures\-validity duration;
signatures\-validity\-dnskey duration;
zone\-propagation\-delay duration;
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS DYNDB
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
dyndb string quoted_string {
unspecified\-text };
.ft P
.fi
.UNINDENT
.UNINDENT
.SS KEY
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
key string {
algorithm string;
secret string;
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS LOGGING
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
logging {
category string { string; ... };
channel string {
buffered boolean;
file quoted_string [ versions ( unlimited | integer ) ]
[ size size ] [ suffix ( increment | timestamp ) ];
null;
print\-category boolean;
print\-severity boolean;
print\-time ( iso8601 | iso8601\-utc | local | boolean );
severity log_severity;
stderr;
syslog [ syslog_facility ];
};
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS MANAGED\-KEYS
.sp
See DNSSEC\-KEYS.
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
managed\-keys { string ( static\-key
| initial\-key | static\-ds |
initial\-ds ) integer integer
integer quoted_string; ... };, deprecated
.ft P
.fi
.UNINDENT
.UNINDENT
.SS MASTERS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
masters string [ port integer ] [ dscp
integer ] { ( remote\-servers |
ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key
string ]; ... };
.ft P
.fi
.UNINDENT
.UNINDENT
.SS OPTIONS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
options {
allow\-new\-zones boolean;
allow\-notify { address_match_element; ... };
allow\-query { address_match_element; ... };
allow\-query\-cache { address_match_element; ... };
allow\-query\-cache\-on { address_match_element; ... };
allow\-query\-on { address_match_element; ... };
allow\-recursion { address_match_element; ... };
allow\-recursion\-on { address_match_element; ... };
allow\-transfer { address_match_element; ... };
allow\-update { address_match_element; ... };
allow\-update\-forwarding { address_match_element; ... };
also\-notify [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ]; ... };
alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
answer\-cookie boolean;
attach\-cache string;
auth\-nxdomain boolean; // default changed
auto\-dnssec ( allow | maintain | off );// deprecated
automatic\-interface\-scan boolean;
avoid\-v4\-udp\-ports { portrange; ... };
avoid\-v6\-udp\-ports { portrange; ... };
bindkeys\-file quoted_string;
blackhole { address_match_element; ... };
cache\-file quoted_string;// deprecated
catalog\-zones { zone string [ default\-masters [ port integer ]
[ dscp integer ] { ( remote\-servers | ipv4_address [ port
integer ] | ipv6_address [ port integer ] ) [ key
string ]; ... } ] [ zone\-directory quoted_string ] [
in\-memory boolean ] [ min\-update\-interval duration ]; ... };
check\-dup\-records ( fail | warn | ignore );
check\-integrity boolean;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check\-sibling boolean;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard boolean;
clients\-per\-query integer;
cookie\-algorithm ( aes | siphash24 );
cookie\-secret string;
coresize ( default | unlimited | sizeval );
datasize ( default | unlimited | sizeval );
deny\-answer\-addresses { address_match_element; ... } [
except\-from { string; ... } ];
deny\-answer\-aliases { string; ... } [ except\-from { string; ...
} ];
dialup ( notify | notify\-passive | passive | refresh | boolean );
directory quoted_string;
disable\-algorithms string { string;
... };
disable\-ds\-digests string { string;
... };
disable\-empty\-zone string;
dns64 netprefix {
break\-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive\-only boolean;
suffix ipv6_address;
};
dns64\-contact string;
dns64\-server string;
dnskey\-sig\-validity integer;
dnsrps\-enable boolean;
dnsrps\-options { unspecified\-text };
dnssec\-accept\-expired boolean;
dnssec\-dnskey\-kskonly boolean;
dnssec\-loadkeys\-interval integer;
dnssec\-must\-be\-secure string boolean;
dnssec\-policy string;
dnssec\-secure\-to\-insecure boolean;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap\-identity ( quoted_string | none | hostname );
dnstap\-output ( file | unix ) quoted_string [ size ( unlimited |
size ) ] [ versions ( unlimited | integer ) ] [ suffix (
increment | timestamp ) ];
dnstap\-version ( quoted_string | none );
dscp integer;
dual\-stack\-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dump\-file quoted_string;
edns\-udp\-size integer;
empty\-contact string;
empty\-server string;
empty\-zones\-enable boolean;
fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint;
fetches\-per\-server integer [ ( drop | fail ) ];
fetches\-per\-zone integer [ ( drop | fail ) ];
files ( default | unlimited | sizeval );
flush\-zones\-on\-shutdown boolean;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
fstrm\-set\-buffer\-hint integer;
fstrm\-set\-flush\-timeout integer;
fstrm\-set\-input\-queue\-size integer;
fstrm\-set\-output\-notify\-threshold integer;
fstrm\-set\-output\-queue\-model ( mpsc | spsc );
fstrm\-set\-output\-queue\-size integer;
fstrm\-set\-reopen\-interval duration;
geoip\-directory ( quoted_string | none );
glue\-cache boolean;
heartbeat\-interval integer;
hostname ( quoted_string | none );
interface\-interval duration;
ixfr\-from\-differences ( primary | master | secondary | slave |
boolean );
keep\-response\-order { address_match_element; ... };
key\-directory quoted_string;
lame\-ttl duration;
listen\-on [ port integer ] [ dscp
integer ] {
address_match_element; ... };
listen\-on\-v6 [ port integer ] [ dscp
integer ] {
address_match_element; ... };
lmdb\-mapsize sizeval;
lock\-file ( quoted_string | none );
managed\-keys\-directory quoted_string;
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
match\-mapped\-addresses boolean;
max\-cache\-size ( default | unlimited | sizeval | percentage );
max\-cache\-ttl duration;
max\-clients\-per\-query integer;
max\-ixfr\-ratio ( unlimited | percentage );
max\-journal\-size ( default | unlimited | sizeval );
max\-ncache\-ttl duration;
max\-records integer;
max\-recursion\-depth integer;
max\-recursion\-queries integer;
max\-refresh\-time integer;
max\-retry\-time integer;
max\-rsa\-exponent\-size integer;
max\-stale\-ttl duration;
max\-transfer\-idle\-in integer;
max\-transfer\-idle\-out integer;
max\-transfer\-time\-in integer;
max\-transfer\-time\-out integer;
max\-udp\-size integer;
max\-zone\-ttl ( unlimited | duration );
memstatistics boolean;
memstatistics\-file quoted_string;
message\-compression boolean;
min\-cache\-ttl duration;
min\-ncache\-ttl duration;
min\-refresh\-time integer;
min\-retry\-time integer;
minimal\-any boolean;
minimal\-responses ( no\-auth | no\-auth\-recursive | boolean );
multi\-master boolean;
new\-zones\-directory quoted_string;
no\-case\-compress { address_match_element; ... };
nocookie\-udp\-size integer;
notify ( explicit | master\-only | primary\-only | boolean );
notify\-delay integer;
notify\-rate integer;
notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify\-to\-soa boolean;
nta\-lifetime duration;
nta\-recheck duration;
nxdomain\-redirect string;
parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
pid\-file ( quoted_string | none );
port integer;
preferred\-glue string;
prefetch integer [ integer ];
provide\-ixfr boolean;
qname\-minimization ( strict | relaxed | disabled | off );
query\-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
querylog boolean;
random\-device ( quoted_string | none );
rate\-limit {
all\-per\-second integer;
errors\-per\-second integer;
exempt\-clients { address_match_element; ... };
ipv4\-prefix\-length integer;
ipv6\-prefix\-length integer;
log\-only boolean;
max\-table\-size integer;
min\-table\-size integer;
nodata\-per\-second integer;
nxdomains\-per\-second integer;
qps\-scale integer;
referrals\-per\-second integer;
responses\-per\-second integer;
slip integer;
window integer;
};
recursing\-file quoted_string;
recursion boolean;
recursive\-clients integer;
request\-expire boolean;
request\-ixfr boolean;
request\-nsid boolean;
require\-server\-cookie boolean;
reserved\-sockets integer;
resolver\-nonbackoff\-tries integer;
resolver\-query\-timeout integer;
resolver\-retry\-interval integer;
response\-padding { address_match_element; ... } block\-size
integer;
response\-policy { zone string [ add\-soa boolean ] [ log
boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval
duration ] [ policy ( cname | disabled | drop | given | no\-op
| nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [
recursive\-only boolean ] [ nsip\-enable boolean ] [
nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [
break\-dnssec boolean ] [ max\-policy\-ttl duration ] [
min\-update\-interval duration ] [ min\-ns\-dots integer ] [
nsip\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ]
[ recursive\-only boolean ] [ nsip\-enable boolean ] [
nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [
dnsrps\-options { unspecified\-text } ];
reuseport boolean;
root\-delegation\-only [ exclude { string; ... } ];
root\-key\-sentinel boolean;
rrset\-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
secroots\-file quoted_string;
send\-cookie boolean;
serial\-query\-rate integer;
serial\-update\-method ( date | increment | unixtime );
server\-id ( quoted_string | none | hostname );
servfail\-ttl duration;
session\-keyalg string;
session\-keyfile ( quoted_string | none );
session\-keyname string;
sig\-signing\-nodes integer;
sig\-signing\-signatures integer;
sig\-signing\-type integer;
sig\-validity\-interval integer [ integer ];
sortlist { address_match_element; ... };
stacksize ( default | unlimited | sizeval );
stale\-answer\-client\-timeout ( disabled | off | integer );
stale\-answer\-enable boolean;
stale\-answer\-ttl duration;
stale\-cache\-enable boolean;
stale\-refresh\-time duration;
startup\-notify\-rate integer;
statistics\-file quoted_string;
synth\-from\-dnssec boolean;
tcp\-advertised\-timeout integer;
tcp\-clients integer;
tcp\-idle\-timeout integer;
tcp\-initial\-timeout integer;
tcp\-keepalive\-timeout integer;
tcp\-listen\-queue integer;
tkey\-dhkey quoted_string integer;
tkey\-domain quoted_string;
tkey\-gssapi\-credential quoted_string;
tkey\-gssapi\-keytab quoted_string;
transfer\-format ( many\-answers | one\-answer );
transfer\-message\-size integer;
transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers\-in integer;
transfers\-out integer;
transfers\-per\-ns integer;
trust\-anchor\-telemetry boolean; // experimental
try\-tcp\-refresh boolean;
update\-check\-ksk boolean;
update\-quota integer;
use\-alt\-transfer\-source boolean;
use\-v4\-udp\-ports { portrange; ... };
use\-v6\-udp\-ports { portrange; ... };
v6\-bias integer;
validate\-except { string; ... };
version ( quoted_string | none );
zero\-no\-soa\-ttl boolean;
zero\-no\-soa\-ttl\-cache boolean;
zone\-statistics ( full | terse | none | boolean );
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS PARENTAL\-AGENTS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
parental\-agents string [ port integer ] [
dscp integer ] { ( remote\-servers |
ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key
string ]; ... };
.ft P
.fi
.UNINDENT
.UNINDENT
.SS PLUGIN
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
plugin ( query ) string [ { unspecified\-text
} ];
.ft P
.fi
.UNINDENT
.UNINDENT
.SS PRIMARIES
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
primaries string [ port integer ] [ dscp
integer ] { ( remote\-servers |
ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key
string ]; ... };
.ft P
.fi
.UNINDENT
.UNINDENT
.SS SERVER
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
server netprefix {
bogus boolean;
edns boolean;
edns\-udp\-size integer;
edns\-version integer;
keys server_key;
max\-udp\-size integer;
notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
padding integer;
provide\-ixfr boolean;
query\-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
request\-expire boolean;
request\-ixfr boolean;
request\-nsid boolean;
send\-cookie boolean;
tcp\-keepalive boolean;
tcp\-only boolean;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers integer;
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS STATISTICS\-CHANNELS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
statistics\-channels {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] [
allow { address_match_element; ...
} ];
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS TRUST\-ANCHORS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
trust\-anchors { string ( static\-key |
initial\-key | static\-ds | initial\-ds )
integer integer integer
quoted_string; ... };
.ft P
.fi
.UNINDENT
.UNINDENT
.SS TRUSTED\-KEYS
.sp
Deprecated \- see DNSSEC\-KEYS.
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
trusted\-keys { string integer
integer integer
quoted_string; ... };, deprecated
.ft P
.fi
.UNINDENT
.UNINDENT
.SS VIEW
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
view string [ class ] {
allow\-new\-zones boolean;
allow\-notify { address_match_element; ... };
allow\-query { address_match_element; ... };
allow\-query\-cache { address_match_element; ... };
allow\-query\-cache\-on { address_match_element; ... };
allow\-query\-on { address_match_element; ... };
allow\-recursion { address_match_element; ... };
allow\-recursion\-on { address_match_element; ... };
allow\-transfer { address_match_element; ... };
allow\-update { address_match_element; ... };
allow\-update\-forwarding { address_match_element; ... };
also\-notify [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ]; ... };
alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
attach\-cache string;
auth\-nxdomain boolean; // default changed
auto\-dnssec ( allow | maintain | off );// deprecated
cache\-file quoted_string;// deprecated
catalog\-zones { zone string [ default\-masters [ port integer ]
[ dscp integer ] { ( remote\-servers | ipv4_address [ port
integer ] | ipv6_address [ port integer ] ) [ key
string ]; ... } ] [ zone\-directory quoted_string ] [
in\-memory boolean ] [ min\-update\-interval duration ]; ... };
check\-dup\-records ( fail | warn | ignore );
check\-integrity boolean;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check\-sibling boolean;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard boolean;
clients\-per\-query integer;
deny\-answer\-addresses { address_match_element; ... } [
except\-from { string; ... } ];
deny\-answer\-aliases { string; ... } [ except\-from { string; ...
} ];
dialup ( notify | notify\-passive | passive | refresh | boolean );
disable\-algorithms string { string;
... };
disable\-ds\-digests string { string;
... };
disable\-empty\-zone string;
dlz string {
database string;
search boolean;
};
dns64 netprefix {
break\-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive\-only boolean;
suffix ipv6_address;
};
dns64\-contact string;
dns64\-server string;
dnskey\-sig\-validity integer;
dnsrps\-enable boolean;
dnsrps\-options { unspecified\-text };
dnssec\-accept\-expired boolean;
dnssec\-dnskey\-kskonly boolean;
dnssec\-loadkeys\-interval integer;
dnssec\-must\-be\-secure string boolean;
dnssec\-policy string;
dnssec\-secure\-to\-insecure boolean;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dual\-stack\-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dyndb string quoted_string {
unspecified\-text };
edns\-udp\-size integer;
empty\-contact string;
empty\-server string;
empty\-zones\-enable boolean;
fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint;
fetches\-per\-server integer [ ( drop | fail ) ];
fetches\-per\-zone integer [ ( drop | fail ) ];
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
glue\-cache boolean;
ixfr\-from\-differences ( primary | master | secondary | slave |
boolean );
key string {
algorithm string;
secret string;
};
key\-directory quoted_string;
lame\-ttl duration;
lmdb\-mapsize sizeval;
managed\-keys { string (
static\-key | initial\-key
| static\-ds | initial\-ds
) integer integer
integer
quoted_string; ... };, deprecated
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
match\-clients { address_match_element; ... };
match\-destinations { address_match_element; ... };
match\-recursive\-only boolean;
max\-cache\-size ( default | unlimited | sizeval | percentage );
max\-cache\-ttl duration;
max\-clients\-per\-query integer;
max\-ixfr\-ratio ( unlimited | percentage );
max\-journal\-size ( default | unlimited | sizeval );
max\-ncache\-ttl duration;
max\-records integer;
max\-recursion\-depth integer;
max\-recursion\-queries integer;
max\-refresh\-time integer;
max\-retry\-time integer;
max\-stale\-ttl duration;
max\-transfer\-idle\-in integer;
max\-transfer\-idle\-out integer;
max\-transfer\-time\-in integer;
max\-transfer\-time\-out integer;
max\-udp\-size integer;
max\-zone\-ttl ( unlimited | duration );
message\-compression boolean;
min\-cache\-ttl duration;
min\-ncache\-ttl duration;
min\-refresh\-time integer;
min\-retry\-time integer;
minimal\-any boolean;
minimal\-responses ( no\-auth | no\-auth\-recursive | boolean );
multi\-master boolean;
new\-zones\-directory quoted_string;
no\-case\-compress { address_match_element; ... };
nocookie\-udp\-size integer;
notify ( explicit | master\-only | primary\-only | boolean );
notify\-delay integer;
notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify\-to\-soa boolean;
nta\-lifetime duration;
nta\-recheck duration;
nxdomain\-redirect string;
parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
plugin ( query ) string [ {
unspecified\-text } ];
preferred\-glue string;
prefetch integer [ integer ];
provide\-ixfr boolean;
qname\-minimization ( strict | relaxed | disabled | off );
query\-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
rate\-limit {
all\-per\-second integer;
errors\-per\-second integer;
exempt\-clients { address_match_element; ... };
ipv4\-prefix\-length integer;
ipv6\-prefix\-length integer;
log\-only boolean;
max\-table\-size integer;
min\-table\-size integer;
nodata\-per\-second integer;
nxdomains\-per\-second integer;
qps\-scale integer;
referrals\-per\-second integer;
responses\-per\-second integer;
slip integer;
window integer;
};
recursion boolean;
request\-expire boolean;
request\-ixfr boolean;
request\-nsid boolean;
require\-server\-cookie boolean;
resolver\-nonbackoff\-tries integer;
resolver\-query\-timeout integer;
resolver\-retry\-interval integer;
response\-padding { address_match_element; ... } block\-size
integer;
response\-policy { zone string [ add\-soa boolean ] [ log
boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval
duration ] [ policy ( cname | disabled | drop | given | no\-op
| nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [
recursive\-only boolean ] [ nsip\-enable boolean ] [
nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [
break\-dnssec boolean ] [ max\-policy\-ttl duration ] [
min\-update\-interval duration ] [ min\-ns\-dots integer ] [
nsip\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ]
[ recursive\-only boolean ] [ nsip\-enable boolean ] [
nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [
dnsrps\-options { unspecified\-text } ];
root\-delegation\-only [ exclude { string; ... } ];
root\-key\-sentinel boolean;
rrset\-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
send\-cookie boolean;
serial\-update\-method ( date | increment | unixtime );
server netprefix {
bogus boolean;
edns boolean;
edns\-udp\-size integer;
edns\-version integer;
keys server_key;
max\-udp\-size integer;
notify\-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify\-source\-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
padding integer;
provide\-ixfr boolean;
query\-source ( ( [ address ] ( ipv4_address | * ) [ port
( integer | * ) ] ) | ( [ [ address ] (
ipv4_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [
port ( integer | * ) ] ) | ( [ [ address ] (
ipv6_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
request\-expire boolean;
request\-ixfr boolean;
request\-nsid boolean;
send\-cookie boolean;
tcp\-keepalive boolean;
tcp\-only boolean;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer\-source\-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
transfers integer;
};
servfail\-ttl duration;
sig\-signing\-nodes integer;
sig\-signing\-signatures integer;
sig\-signing\-type integer;
sig\-validity\-interval integer [ integer ];
sortlist { address_match_element; ... };
stale\-answer\-client\-timeout ( disabled | off | integer );
stale\-answer\-enable boolean;
stale\-answer\-ttl duration;
stale\-cache\-enable boolean;
stale\-refresh\-time duration;
synth\-from\-dnssec boolean;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
trust\-anchor\-telemetry boolean; // experimental
trust\-anchors { string ( static\-key |
initial\-key | static\-ds | initial\-ds
) integer integer integer
quoted_string; ... };
trusted\-keys { string
integer integer
integer
quoted_string; ... };, deprecated
try\-tcp\-refresh boolean;
update\-check\-ksk boolean;
use\-alt\-transfer\-source boolean;
v6\-bias integer;
validate\-except { string; ... };
zero\-no\-soa\-ttl boolean;
zero\-no\-soa\-ttl\-cache boolean;
zone string [ class ] {
allow\-notify { address_match_element; ... };
allow\-query { address_match_element; ... };
allow\-query\-on { address_match_element; ... };
allow\-transfer { address_match_element; ... };
allow\-update { address_match_element; ... };
allow\-update\-forwarding { address_match_element; ... };
also\-notify [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ];
... };
alt\-transfer\-source ( ipv4_address | * ) [ port (
integer | * ) ] [ dscp integer ];
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
auto\-dnssec ( allow | maintain | off );// deprecated
check\-dup\-records ( fail | warn | ignore );
check\-integrity boolean;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( fail | warn | ignore );
check\-sibling boolean;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard boolean;
database string;
delegation\-only boolean;
dialup ( notify | notify\-passive | passive | refresh |
boolean );
dlz string;
dnskey\-sig\-validity integer;
dnssec\-dnskey\-kskonly boolean;
dnssec\-loadkeys\-interval integer;
dnssec\-policy string;
dnssec\-secure\-to\-insecure boolean;
dnssec\-update\-mode ( maintain | no\-resign );
file quoted_string;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { (
ipv4_address | ipv6_address ) [ port integer ] [
dscp integer ]; ... };
in\-view string;
inline\-signing boolean;
ixfr\-from\-differences boolean;
journal quoted_string;
key\-directory quoted_string;
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
masters [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ];
... };
max\-ixfr\-ratio ( unlimited | percentage );
max\-journal\-size ( default | unlimited | sizeval );
max\-records integer;
max\-refresh\-time integer;
max\-retry\-time integer;
max\-transfer\-idle\-in integer;
max\-transfer\-idle\-out integer;
max\-transfer\-time\-in integer;
max\-transfer\-time\-out integer;
max\-zone\-ttl ( unlimited | duration );
min\-refresh\-time integer;
min\-retry\-time integer;
multi\-master boolean;
notify ( explicit | master\-only | primary\-only | boolean );
notify\-delay integer;
notify\-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify\-source\-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
notify\-to\-soa boolean;
parental\-agents [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ];
... };
parental\-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
primaries [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ];
... };
request\-expire boolean;
request\-ixfr boolean;
serial\-update\-method ( date | increment | unixtime );
server\-addresses { ( ipv4_address | ipv6_address ); ... };
server\-names { string; ... };
sig\-signing\-nodes integer;
sig\-signing\-signatures integer;
sig\-signing\-type integer;
sig\-validity\-interval integer [ integer ];
transfer\-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer\-source\-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
try\-tcp\-refresh boolean;
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect |
static\-stub | stub );
update\-check\-ksk boolean;
update\-policy ( local | { ( deny | grant ) string (
6to4\-self | external | krb5\-self | krb5\-selfsub |
krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain |
name | self | selfsub | selfwild | subdomain | tcp\-self
| wildcard | zonesub ) [ string ] rrtypelist; ... } );
use\-alt\-transfer\-source boolean;
zero\-no\-soa\-ttl boolean;
zone\-statistics ( full | terse | none | boolean );
};
zone\-statistics ( full | terse | none | boolean );
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SS ZONE
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
zone string [ class ] {
allow\-notify { address_match_element; ... };
allow\-query { address_match_element; ... };
allow\-query\-on { address_match_element; ... };
allow\-transfer { address_match_element; ... };
allow\-update { address_match_element; ... };
allow\-update\-forwarding { address_match_element; ... };
also\-notify [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ]; ... };
alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
auto\-dnssec ( allow | maintain | off );// deprecated
check\-dup\-records ( fail | warn | ignore );
check\-integrity boolean;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( fail | warn | ignore );
check\-sibling boolean;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard boolean;
database string;
delegation\-only boolean;
dialup ( notify | notify\-passive | passive | refresh | boolean );
dlz string;
dnskey\-sig\-validity integer;
dnssec\-dnskey\-kskonly boolean;
dnssec\-loadkeys\-interval integer;
dnssec\-policy string;
dnssec\-secure\-to\-insecure boolean;
dnssec\-update\-mode ( maintain | no\-resign );
file quoted_string;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
in\-view string;
inline\-signing boolean;
ixfr\-from\-differences boolean;
journal quoted_string;
key\-directory quoted_string;
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
masters [ port integer ] [ dscp integer ] { ( remote\-servers
| ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
max\-ixfr\-ratio ( unlimited | percentage );
max\-journal\-size ( default | unlimited | sizeval );
max\-records integer;
max\-refresh\-time integer;
max\-retry\-time integer;
max\-transfer\-idle\-in integer;
max\-transfer\-idle\-out integer;
max\-transfer\-time\-in integer;
max\-transfer\-time\-out integer;
max\-zone\-ttl ( unlimited | duration );
min\-refresh\-time integer;
min\-retry\-time integer;
multi\-master boolean;
notify ( explicit | master\-only | primary\-only | boolean );
notify\-delay integer;
notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify\-to\-soa boolean;
parental\-agents [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ]; ... };
parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
primaries [ port integer ] [ dscp integer ] { (
remote\-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ]; ... };
request\-expire boolean;
request\-ixfr boolean;
serial\-update\-method ( date | increment | unixtime );
server\-addresses { ( ipv4_address | ipv6_address ); ... };
server\-names { string; ... };
sig\-signing\-nodes integer;
sig\-signing\-signatures integer;
sig\-signing\-type integer;
sig\-validity\-interval integer [ integer ];
transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
try\-tcp\-refresh boolean;
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect | static\-stub |
stub );
update\-check\-ksk boolean;
update\-policy ( local | { ( deny | grant ) string ( 6to4\-self |
external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self
| ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild
| subdomain | tcp\-self | wildcard | zonesub ) [ string ]
rrtypelist; ... } );
use\-alt\-transfer\-source boolean;
zero\-no\-soa\-ttl boolean;
zone\-statistics ( full | terse | none | boolean );
};
.ft P
.fi
.UNINDENT
.UNINDENT
.SH FILES
.sp
\fB/etc/named.conf\fP
.SH SEE ALSO
.sp
\fBddns\-confgen(8)\fP, \fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2023, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.