.\" $NetBSD: named.conf.5,v 1.5.4.1 2019/09/12 19:18:00 martin Exp $
.\"
.\" Copyright (C) 2004-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
.\"
.hy 0
.ad l
'\" t
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2019-07-21
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2019\-07\-21" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
named.conf \- configuration file for \fBnamed\fR
.SH "SYNOPSIS"
.HP \w'\fBnamed\&.conf\fR\ 'u
\fBnamed\&.conf\fR
.SH "DESCRIPTION"
.PP
named\&.conf
is the configuration file for
\fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported:
.PP
C style: /* */
.PP
C++ style: // to end of line
.PP
Unix style: # to end of line
.SH "ACL"
.sp
.if n \{\
.RS 4
.\}
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
.SH "CONTROLS"
.sp
.if n \{\
.RS 4
.\}
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR |
* ) [ port ( \fIinteger\fR | * ) ] allow
{ \fIaddress_match_element\fR; \&.\&.\&. } [
keys { \fIstring\fR; \&.\&.\&. } ] [ read\-only
\fIboolean\fR ];
unix \fIquoted_string\fR perm \fIinteger\fR
owner \fIinteger\fR group \fIinteger\fR [
keys { \fIstring\fR; \&.\&.\&. } ] [ read\-only
\fIboolean\fR ];
};
.fi
.if n \{\
.RE
.\}
.SH "DLZ"
.sp
.if n \{\
.RS 4
.\}
.nf
dlz \fIstring\fR {
database \fIstring\fR;
search \fIboolean\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "DYNDB"
.sp
.if n \{\
.RS 4
.\}
.nf
dyndb \fIstring\fR \fIquoted_string\fR {
\fIunspecified\-text\fR };
.fi
.if n \{\
.RE
.\}
.SH "KEY"
.sp
.if n \{\
.RS 4
.\}
.nf
key \fIstring\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "LOGGING"
.sp
.if n \{\
.RS 4
.\}
.nf
logging {
category \fIstring\fR { \fIstring\fR; \&.\&.\&. };
channel \fIstring\fR {
buffered \fIboolean\fR;
file \fIquoted_string\fR [ versions ( unlimited | \fIinteger\fR ) ]
[ size \fIsize\fR ] [ suffix ( increment | timestamp ) ];
null;
print\-category \fIboolean\fR;
print\-severity \fIboolean\fR;
print\-time ( iso8601 | iso8601\-utc | local | \fIboolean\fR );
severity \fIlog_severity\fR;
stderr;
syslog [ \fIsyslog_facility\fR ];
};
};
.fi
.if n \{\
.RE
.\}
.SH "MANAGED-KEYS"
.sp
.if n \{\
.RS 4
.\}
.nf
managed\-keys { \fIstring\fR \fIstring\fR \fIinteger\fR
\fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
.SH "MASTERS"
.sp
.if n \{\
.RS 4
.\}
.nf
masters \fIstring\fR [ port \fIinteger\fR ] [ dscp
\fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [
port \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
.SH "OPTIONS"
.sp
.if n \{\
.RS 4
.\}
.nf
options {
allow\-new\-zones \fIboolean\fR;
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
\fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
answer\-cookie \fIboolean\fR;
attach\-cache \fIstring\fR;
auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off );
automatic\-interface\-scan \fIboolean\fR;
avoid\-v4\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
avoid\-v6\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
bindkeys\-file \fIquoted_string\fR;
blackhole { \fIaddress_match_element\fR; \&.\&.\&. };
cache\-file \fIquoted_string\fR;
catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ]
[ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port
\fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
\fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [
in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. };
check\-dup\-records ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check\-sibling \fIboolean\fR;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
cookie\-algorithm ( aes | sha1 | sha256 | siphash24 );
cookie\-secret \fIstring\fR;
coresize ( default | unlimited | \fIsizeval\fR );
datasize ( default | unlimited | \fIsizeval\fR );
deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [
except\-from { \fIstring\fR; \&.\&.\&. } ];
deny\-answer\-aliases { \fIstring\fR; \&.\&.\&. } [ except\-from { \fIstring\fR; \&.\&.\&.
} ];
dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR );
directory \fIquoted_string\fR;
disable\-algorithms \fIstring\fR { \fIstring\fR;
\&.\&.\&. };
disable\-ds\-digests \fIstring\fR { \fIstring\fR;
\&.\&.\&. };
disable\-empty\-zone \fIstring\fR;
dns64 \fInetprefix\fR {
break\-dnssec \fIboolean\fR;
clients { \fIaddress_match_element\fR; \&.\&.\&. };
exclude { \fIaddress_match_element\fR; \&.\&.\&. };
mapped { \fIaddress_match_element\fR; \&.\&.\&. };
recursive\-only \fIboolean\fR;
suffix \fIipv6_address\fR;
};
dns64\-contact \fIstring\fR;
dns64\-server \fIstring\fR;
dnskey\-sig\-validity \fIinteger\fR;
dnsrps\-enable \fIboolean\fR;
dnsrps\-options { \fIunspecified\-text\fR };
dnssec\-accept\-expired \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-enable \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-lookaside ( \fIstring\fR trust\-anchor
\fIstring\fR | auto | no );
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
\&.\&.\&. };
dnstap\-identity ( \fIquoted_string\fR | none |
hostname );
dnstap\-output ( file | unix ) \fIquoted_string\fR [
size ( unlimited | \fIsize\fR ) ] [ versions (
unlimited | \fIinteger\fR ) ] [ suffix ( increment
| timestamp ) ];
dnstap\-version ( \fIquoted_string\fR | none );
dscp \fIinteger\fR;
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] ); \&.\&.\&. };
dump\-file \fIquoted_string\fR;
edns\-udp\-size \fIinteger\fR;
empty\-contact \fIstring\fR;
empty\-server \fIstring\fR;
empty\-zones\-enable \fIboolean\fR;
fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR \fIfixedpoint\fR \fIfixedpoint\fR;
fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
files ( default | unlimited | \fIsizeval\fR );
flush\-zones\-on\-shutdown \fIboolean\fR;
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
| \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
fstrm\-set\-buffer\-hint \fIinteger\fR;
fstrm\-set\-flush\-timeout \fIinteger\fR;
fstrm\-set\-input\-queue\-size \fIinteger\fR;
fstrm\-set\-output\-notify\-threshold \fIinteger\fR;
fstrm\-set\-output\-queue\-model ( mpsc | spsc );
fstrm\-set\-output\-queue\-size \fIinteger\fR;
fstrm\-set\-reopen\-interval \fIttlval\fR;
geoip\-directory ( \fIquoted_string\fR | none );
glue\-cache \fIboolean\fR;
heartbeat\-interval \fIinteger\fR;
hostname ( \fIquoted_string\fR | none );
inline\-signing \fIboolean\fR;
interface\-interval \fIttlval\fR;
ixfr\-from\-differences ( primary | master | secondary | slave |
\fIboolean\fR );
keep\-response\-order { \fIaddress_match_element\fR; \&.\&.\&. };
key\-directory \fIquoted_string\fR;
lame\-ttl \fIttlval\fR;
listen\-on [ port \fIinteger\fR ] [ dscp
\fIinteger\fR ] {
\fIaddress_match_element\fR; \&.\&.\&. };
listen\-on\-v6 [ port \fIinteger\fR ] [ dscp
\fIinteger\fR ] {
\fIaddress_match_element\fR; \&.\&.\&. };
lmdb\-mapsize \fIsizeval\fR;
lock\-file ( \fIquoted_string\fR | none );
managed\-keys\-directory \fIquoted_string\fR;
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
match\-mapped\-addresses \fIboolean\fR;
max\-cache\-size ( default | unlimited | \fIsizeval\fR | \fIpercentage\fR );
max\-cache\-ttl \fIttlval\fR;
max\-clients\-per\-query \fIinteger\fR;
max\-journal\-size ( default | unlimited | \fIsizeval\fR );
max\-ncache\-ttl \fIttlval\fR;
max\-records \fIinteger\fR;
max\-recursion\-depth \fIinteger\fR;
max\-recursion\-queries \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
max\-rsa\-exponent\-size \fIinteger\fR;
max\-stale\-ttl \fIttlval\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
max\-zone\-ttl ( unlimited | \fIttlval\fR );
memstatistics \fIboolean\fR;
memstatistics\-file \fIquoted_string\fR;
message\-compression \fIboolean\fR;
min\-cache\-ttl \fIttlval\fR;
min\-ncache\-ttl \fIttlval\fR;
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
minimal\-any \fIboolean\fR;
minimal\-responses ( no\-auth | no\-auth\-recursive | \fIboolean\fR );
multi\-master \fIboolean\fR;
new\-zones\-directory \fIquoted_string\fR;
no\-case\-compress { \fIaddress_match_element\fR; \&.\&.\&. };
nocookie\-udp\-size \fIinteger\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
notify\-rate \fIinteger\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
[ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
nta\-lifetime \fIttlval\fR;
nta\-recheck \fIttlval\fR;
nxdomain\-redirect \fIstring\fR;
pid\-file ( \fIquoted_string\fR | none );
port \fIinteger\fR;
preferred\-glue \fIstring\fR;
prefetch \fIinteger\fR [ \fIinteger\fR ];
provide\-ixfr \fIboolean\fR;
qname\-minimization ( strict | relaxed | disabled | off );
query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port (
\fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ]
port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ]
port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
querylog \fIboolean\fR;
random\-device ( \fIquoted_string\fR | none );
rate\-limit {
all\-per\-second \fIinteger\fR;
errors\-per\-second \fIinteger\fR;
exempt\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
ipv4\-prefix\-length \fIinteger\fR;
ipv6\-prefix\-length \fIinteger\fR;
log\-only \fIboolean\fR;
max\-table\-size \fIinteger\fR;
min\-table\-size \fIinteger\fR;
nodata\-per\-second \fIinteger\fR;
nxdomains\-per\-second \fIinteger\fR;
qps\-scale \fIinteger\fR;
referrals\-per\-second \fIinteger\fR;
responses\-per\-second \fIinteger\fR;
slip \fIinteger\fR;
window \fIinteger\fR;
};
recursing\-file \fIquoted_string\fR;
recursion \fIboolean\fR;
recursive\-clients \fIinteger\fR;
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
request\-nsid \fIboolean\fR;
require\-server\-cookie \fIboolean\fR;
reserved\-sockets \fIinteger\fR;
resolver\-nonbackoff\-tries \fIinteger\fR;
resolver\-query\-timeout \fIinteger\fR;
resolver\-retry\-interval \fIinteger\fR;
response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size
\fIinteger\fR;
response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log
\fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval
\fIttlval\fR ] [ policy ( cname | disabled | drop | given | no\-op |
nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [
break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [
min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [
nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ]
[ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [
dnsrps\-options { \fIunspecified\-text\fR } ];
root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ];
root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
\fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
secroots\-file \fIquoted_string\fR;
send\-cookie \fIboolean\fR;
serial\-query\-rate \fIinteger\fR;
serial\-update\-method ( date | increment | unixtime );
server\-id ( \fIquoted_string\fR | none | hostname );
servfail\-ttl \fIttlval\fR;
session\-keyalg \fIstring\fR;
session\-keyfile ( \fIquoted_string\fR | none );
session\-keyname \fIstring\fR;
sig\-signing\-nodes \fIinteger\fR;
sig\-signing\-signatures \fIinteger\fR;
sig\-signing\-type \fIinteger\fR;
sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
stacksize ( default | unlimited | \fIsizeval\fR );
stale\-answer\-enable \fIboolean\fR;
stale\-answer\-ttl \fIttlval\fR;
startup\-notify\-rate \fIinteger\fR;
statistics\-file \fIquoted_string\fR;
synth\-from\-dnssec \fIboolean\fR;
tcp\-advertised\-timeout \fIinteger\fR;
tcp\-clients \fIinteger\fR;
tcp\-idle\-timeout \fIinteger\fR;
tcp\-initial\-timeout \fIinteger\fR;
tcp\-keepalive\-timeout \fIinteger\fR;
tcp\-listen\-queue \fIinteger\fR;
tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
tkey\-domain \fIquoted_string\fR;
tkey\-gssapi\-credential \fIquoted_string\fR;
tkey\-gssapi\-keytab \fIquoted_string\fR;
transfer\-format ( many\-answers | one\-answer );
transfer\-message\-size \fIinteger\fR;
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
transfers\-in \fIinteger\fR;
transfers\-out \fIinteger\fR;
transfers\-per\-ns \fIinteger\fR;
trust\-anchor\-telemetry \fIboolean\fR; // experimental
try\-tcp\-refresh \fIboolean\fR;
update\-check\-ksk \fIboolean\fR;
use\-alt\-transfer\-source \fIboolean\fR;
use\-v4\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
use\-v6\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
v6\-bias \fIinteger\fR;
validate\-except { \fIstring\fR; \&.\&.\&. };
version ( \fIquoted_string\fR | none );
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );
};
.fi
.if n \{\
.RE
.\}
.SH "PLUGIN"
.sp
.if n \{\
.RS 4
.\}
.nf
plugin ( query ) \fIstring\fR [ { \fIunspecified\-text\fR
} ];
.fi
.if n \{\
.RE
.\}
.SH "SERVER"
.sp
.if n \{\
.RS 4
.\}
.nf
server \fInetprefix\fR {
bogus \fIboolean\fR;
edns \fIboolean\fR;
edns\-udp\-size \fIinteger\fR;
edns\-version \fIinteger\fR;
keys \fIserver_key\fR;
max\-udp\-size \fIinteger\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
[ dscp \fIinteger\fR ];
padding \fIinteger\fR;
provide\-ixfr \fIboolean\fR;
query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port (
\fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ]
port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ]
port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
request\-nsid \fIboolean\fR;
send\-cookie \fIboolean\fR;
tcp\-keepalive \fIboolean\fR;
tcp\-only \fIboolean\fR;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
transfers \fIinteger\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "STATISTICS-CHANNELS"
.sp
.if n \{\
.RS 4
.\}
.nf
statistics\-channels {
inet ( \fIipv4_address\fR | \fIipv6_address\fR |
* ) [ port ( \fIinteger\fR | * ) ] [
allow { \fIaddress_match_element\fR; \&.\&.\&.
} ];
};
.fi
.if n \{\
.RE
.\}
.SH "TRUSTED-KEYS"
.sp
.if n \{\
.RS 4
.\}
.nf
trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR
\fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
.SH "VIEW"
.sp
.if n \{\
.RS 4
.\}
.nf
view \fIstring\fR [ \fIclass\fR ] {
allow\-new\-zones \fIboolean\fR;
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
\fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
attach\-cache \fIstring\fR;
auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off );
cache\-file \fIquoted_string\fR;
catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ]
[ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port
\fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
\fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [
in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. };
check\-dup\-records ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check\-sibling \fIboolean\fR;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [
except\-from { \fIstring\fR; \&.\&.\&. } ];
deny\-answer\-aliases { \fIstring\fR; \&.\&.\&. } [ except\-from { \fIstring\fR; \&.\&.\&.
} ];
dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR );
disable\-algorithms \fIstring\fR { \fIstring\fR;
\&.\&.\&. };
disable\-ds\-digests \fIstring\fR { \fIstring\fR;
\&.\&.\&. };
disable\-empty\-zone \fIstring\fR;
dlz \fIstring\fR {
database \fIstring\fR;
search \fIboolean\fR;
};
dns64 \fInetprefix\fR {
break\-dnssec \fIboolean\fR;
clients { \fIaddress_match_element\fR; \&.\&.\&. };
exclude { \fIaddress_match_element\fR; \&.\&.\&. };
mapped { \fIaddress_match_element\fR; \&.\&.\&. };
recursive\-only \fIboolean\fR;
suffix \fIipv6_address\fR;
};
dns64\-contact \fIstring\fR;
dns64\-server \fIstring\fR;
dnskey\-sig\-validity \fIinteger\fR;
dnsrps\-enable \fIboolean\fR;
dnsrps\-options { \fIunspecified\-text\fR };
dnssec\-accept\-expired \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-enable \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-lookaside ( \fIstring\fR trust\-anchor
\fIstring\fR | auto | no );
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
\&.\&.\&. };
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] ); \&.\&.\&. };
dyndb \fIstring\fR \fIquoted_string\fR {
\fIunspecified\-text\fR };
edns\-udp\-size \fIinteger\fR;
empty\-contact \fIstring\fR;
empty\-server \fIstring\fR;
empty\-zones\-enable \fIboolean\fR;
fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR \fIfixedpoint\fR \fIfixedpoint\fR;
fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
| \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
glue\-cache \fIboolean\fR;
inline\-signing \fIboolean\fR;
ixfr\-from\-differences ( primary | master | secondary | slave |
\fIboolean\fR );
key \fIstring\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
key\-directory \fIquoted_string\fR;
lame\-ttl \fIttlval\fR;
lmdb\-mapsize \fIsizeval\fR;
managed\-keys { \fIstring\fR \fIstring\fR
\fIinteger\fR \fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. };
match\-recursive\-only \fIboolean\fR;
max\-cache\-size ( default | unlimited | \fIsizeval\fR | \fIpercentage\fR );
max\-cache\-ttl \fIttlval\fR;
max\-clients\-per\-query \fIinteger\fR;
max\-journal\-size ( default | unlimited | \fIsizeval\fR );
max\-ncache\-ttl \fIttlval\fR;
max\-records \fIinteger\fR;
max\-recursion\-depth \fIinteger\fR;
max\-recursion\-queries \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
max\-stale\-ttl \fIttlval\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
max\-zone\-ttl ( unlimited | \fIttlval\fR );
message\-compression \fIboolean\fR;
min\-cache\-ttl \fIttlval\fR;
min\-ncache\-ttl \fIttlval\fR;
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
minimal\-any \fIboolean\fR;
minimal\-responses ( no\-auth | no\-auth\-recursive | \fIboolean\fR );
multi\-master \fIboolean\fR;
new\-zones\-directory \fIquoted_string\fR;
no\-case\-compress { \fIaddress_match_element\fR; \&.\&.\&. };
nocookie\-udp\-size \fIinteger\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
[ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
nta\-lifetime \fIttlval\fR;
nta\-recheck \fIttlval\fR;
nxdomain\-redirect \fIstring\fR;
plugin ( query ) \fIstring\fR [ {
\fIunspecified\-text\fR } ];
preferred\-glue \fIstring\fR;
prefetch \fIinteger\fR [ \fIinteger\fR ];
provide\-ixfr \fIboolean\fR;
qname\-minimization ( strict | relaxed | disabled | off );
query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port (
\fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ]
port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ]
port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
rate\-limit {
all\-per\-second \fIinteger\fR;
errors\-per\-second \fIinteger\fR;
exempt\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
ipv4\-prefix\-length \fIinteger\fR;
ipv6\-prefix\-length \fIinteger\fR;
log\-only \fIboolean\fR;
max\-table\-size \fIinteger\fR;
min\-table\-size \fIinteger\fR;
nodata\-per\-second \fIinteger\fR;
nxdomains\-per\-second \fIinteger\fR;
qps\-scale \fIinteger\fR;
referrals\-per\-second \fIinteger\fR;
responses\-per\-second \fIinteger\fR;
slip \fIinteger\fR;
window \fIinteger\fR;
};
recursion \fIboolean\fR;
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
request\-nsid \fIboolean\fR;
require\-server\-cookie \fIboolean\fR;
resolver\-nonbackoff\-tries \fIinteger\fR;
resolver\-query\-timeout \fIinteger\fR;
resolver\-retry\-interval \fIinteger\fR;
response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size
\fIinteger\fR;
response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log
\fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval
\fIttlval\fR ] [ policy ( cname | disabled | drop | given | no\-op |
nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [
break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [
min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [
nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ]
[ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [
dnsrps\-options { \fIunspecified\-text\fR } ];
root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ];
root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
\fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
send\-cookie \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
server \fInetprefix\fR {
bogus \fIboolean\fR;
edns \fIboolean\fR;
edns\-udp\-size \fIinteger\fR;
edns\-version \fIinteger\fR;
keys \fIserver_key\fR;
max\-udp\-size \fIinteger\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | *
) ] [ dscp \fIinteger\fR ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR
| * ) ] [ dscp \fIinteger\fR ];
padding \fIinteger\fR;
provide\-ixfr \fIboolean\fR;
query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port
( \fIinteger\fR | * ) ] ) | ( [ [ address ] (
\fIipv4_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [
dscp \fIinteger\fR ];
query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [
port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] (
\fIipv6_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [
dscp \fIinteger\fR ];
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
request\-nsid \fIboolean\fR;
send\-cookie \fIboolean\fR;
tcp\-keepalive \fIboolean\fR;
tcp\-only \fIboolean\fR;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
transfers \fIinteger\fR;
};
servfail\-ttl \fIttlval\fR;
sig\-signing\-nodes \fIinteger\fR;
sig\-signing\-signatures \fIinteger\fR;
sig\-signing\-type \fIinteger\fR;
sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
stale\-answer\-enable \fIboolean\fR;
stale\-answer\-ttl \fIttlval\fR;
synth\-from\-dnssec \fIboolean\fR;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
trust\-anchor\-telemetry \fIboolean\fR; // experimental
trusted\-keys { \fIstring\fR \fIinteger\fR
\fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
\&.\&.\&. };
try\-tcp\-refresh \fIboolean\fR;
update\-check\-ksk \fIboolean\fR;
use\-alt\-transfer\-source \fIboolean\fR;
v6\-bias \fIinteger\fR;
validate\-except { \fIstring\fR; \&.\&.\&. };
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
zone \fIstring\fR [ \fIclass\fR ] {
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { (
\fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] |
\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ];
\&.\&.\&. };
alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port (
\fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
auto\-dnssec ( allow | maintain | off );
check\-dup\-records ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( fail | warn | ignore );
check\-sibling \fIboolean\fR;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
database \fIstring\fR;
delegation\-only \fIboolean\fR;
dialup ( notify | notify\-passive | passive | refresh |
\fIboolean\fR );
dlz \fIstring\fR;
dnskey\-sig\-validity \fIinteger\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
file \fIquoted_string\fR;
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { (
\fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ] [
dscp \fIinteger\fR ]; \&.\&.\&. };
in\-view \fIstring\fR;
inline\-signing \fIboolean\fR;
ixfr\-from\-differences \fIboolean\fR;
journal \fIquoted_string\fR;
key\-directory \fIquoted_string\fR;
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR
| \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [
port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
max\-ixfr\-log\-size ( default | unlimited |
max\-journal\-size ( default | unlimited | \fIsizeval\fR );
max\-records \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | *
) ] [ dscp \fIinteger\fR ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR
| * ) ] [ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
server\-addresses { ( \fIipv4_address\fR | \fIipv6_address\fR ); \&.\&.\&. };
server\-names { \fIstring\fR; \&.\&.\&. };
sig\-signing\-nodes \fIinteger\fR;
sig\-signing\-signatures \fIinteger\fR;
sig\-signing\-type \fIinteger\fR;
sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect |
static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR (
6to4\-self | external | krb5\-self | krb5\-selfsub |
krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain |
name | self | selfsub | selfwild | subdomain | tcp\-self
| wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );
};
zone\-statistics ( full | terse | none | \fIboolean\fR );
};
.fi
.if n \{\
.RE
.\}
.SH "ZONE"
.sp
.if n \{\
.RS 4
.\}
.nf
zone \fIstring\fR [ \fIclass\fR ] {
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
\fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ];
auto\-dnssec ( allow | maintain | off );
check\-dup\-records ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
check\-names ( fail | warn | ignore );
check\-sibling \fIboolean\fR;
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
database \fIstring\fR;
delegation\-only \fIboolean\fR;
dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR );
dlz \fIstring\fR;
dnskey\-sig\-validity \fIinteger\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
file \fIquoted_string\fR;
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
| \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
in\-view \fIstring\fR;
inline\-signing \fIboolean\fR;
ixfr\-from\-differences \fIboolean\fR;
journal \fIquoted_string\fR;
key\-directory \fIquoted_string\fR;
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
\fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
\fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
max\-journal\-size ( default | unlimited | \fIsizeval\fR );
max\-records \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
[ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
server\-addresses { ( \fIipv4_address\fR | \fIipv6_address\fR ); \&.\&.\&. };
server\-names { \fIstring\fR; \&.\&.\&. };
sig\-signing\-nodes \fIinteger\fR;
sig\-signing\-signatures \fIinteger\fR;
sig\-signing\-type \fIinteger\fR;
sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect | static\-stub |
stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self
| ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild
| subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ]
\fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR );
};
.fi
.if n \{\
.RE
.\}
.SH "FILES"
.PP
/etc/named\&.conf
.SH "SEE ALSO"
.PP
\fBddns-confgen\fR(8),
\fBnamed\fR(8),
\fBnamed-checkconf\fR(8),
\fBrndc\fR(8),
\fBrndc-confgen\fR(8),
BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2004-2019 Internet Systems Consortium, Inc. ("ISC")
.br