named.conf.docbook 34.6 KB
Newer Older
1
<!--
2
 - Copyright (C) 2004-2016  Internet Systems Consortium, Inc. ("ISC")
3
 -
Automatic Updater's avatar
Automatic Updater committed
4
 - Permission to use, copy, modify, and/or distribute this software for any
5 6 7 8 9 10 11 12 13 14 15
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->
Tinderbox User's avatar
Tinderbox User committed
16

Evan Hunt's avatar
Evan Hunt committed
17 18 19 20 21
<!-- Converted by db4-upgrade version 1.0 -->
<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
  <info>
    <date>2014-01-08</date>
  </info>
22
  <refentryinfo>
Evan Hunt's avatar
Evan Hunt committed
23 24
    <corpname>ISC</corpname>
    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
25 26 27 28 29 30 31 32 33 34
  </refentryinfo>

  <refmeta>
    <refentrytitle><filename>named.conf</filename></refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>BIND9</refmiscinfo>
  </refmeta>

  <refnamediv>
    <refname><filename>named.conf</filename></refname>
35
    <refpurpose>configuration file for <command>named</command></refpurpose>
36 37
  </refnamediv>

38 39 40 41
  <docinfo>
    <copyright>
      <year>2004</year>
      <year>2005</year>
Mark Andrews's avatar
Mark Andrews committed
42
      <year>2006</year>
Mark Andrews's avatar
Mark Andrews committed
43
      <year>2007</year>
Automatic Updater's avatar
Automatic Updater committed
44
      <year>2008</year>
Automatic Updater's avatar
Automatic Updater committed
45
      <year>2009</year>
Automatic Updater's avatar
Automatic Updater committed
46
      <year>2010</year>
Automatic Updater's avatar
Automatic Updater committed
47
      <year>2011</year>
Tinderbox User's avatar
Tinderbox User committed
48
      <year>2012</year>
Tinderbox User's avatar
Tinderbox User committed
49
      <year>2013</year>
Tinderbox User's avatar
Tinderbox User committed
50
      <year>2014</year>
51
      <year>2015</year>
52
      <year>2016</year>
53 54 55 56
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
  </docinfo>

57
  <refsynopsisdiv>
Evan Hunt's avatar
Evan Hunt committed
58
    <cmdsynopsis sepchar=" ">
59 60 61 62
      <command>named.conf</command>
    </cmdsynopsis>
  </refsynopsisdiv>

Evan Hunt's avatar
Evan Hunt committed
63
  <refsection><info><title>DESCRIPTION</title></info>
64

65 66 67 68 69 70
    <para><filename>named.conf</filename> is the configuration file
      for
      <command>named</command>.  Statements are enclosed
      in braces and terminated with a semi-colon.  Clauses in
      the statements are also semi-colon terminated.  The usual
      comment styles are supported:
71 72
    </para>
    <para>
73
      C style: /* */
74 75
    </para>
    <para>
76
      C++ style: // to end of line
77 78
    </para>
    <para>
79
      Unix style: # to end of line
80
    </para>
Evan Hunt's avatar
Evan Hunt committed
81
  </refsection>
82

Evan Hunt's avatar
Evan Hunt committed
83
  <refsection><info><title>ACL</title></info>
84

Evan Hunt's avatar
Evan Hunt committed
85
    <literallayout class="normal">
86 87
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };

88
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
89
  </refsection>
90

Evan Hunt's avatar
Evan Hunt committed
91
  <refsection><info><title>KEY</title></info>
92

Evan Hunt's avatar
Evan Hunt committed
93
    <literallayout class="normal">
94 95 96 97
key <replaceable>domain_name</replaceable> {
	algorithm <replaceable>string</replaceable>;
	secret <replaceable>string</replaceable>;
};
98
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
99
  </refsection>
100

Evan Hunt's avatar
Evan Hunt committed
101
  <refsection><info><title>MASTERS</title></info>
102

Evan Hunt's avatar
Evan Hunt committed
103
    <literallayout class="normal">
104 105 106 107
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
	( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
	<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
};
108
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
109
  </refsection>
110

Evan Hunt's avatar
Evan Hunt committed
111
  <refsection><info><title>SERVER</title></info>
112

Evan Hunt's avatar
Evan Hunt committed
113
    <literallayout class="normal">
114
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
115 116
	bogus <replaceable>boolean</replaceable>;
	edns <replaceable>boolean</replaceable>;
117
	edns-udp-size <replaceable>integer</replaceable>;
118
	max-udp-size <replaceable>integer</replaceable>;
119
	tcp-only <replaceable>boolean</replaceable>;
120 121 122 123 124 125 126 127 128 129 130 131
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	keys <replaceable>server_key</replaceable>;
	transfers <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	support-ixfr <replaceable>boolean</replaceable>; // obsolete
};
132
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
133
  </refsection>
134

Evan Hunt's avatar
Evan Hunt committed
135
  <refsection><info><title>TRUSTED-KEYS</title></info>
136

Evan Hunt's avatar
Evan Hunt committed
137
    <literallayout class="normal">
138
trusted-keys {
139
	<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
140
};
141
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
142
  </refsection>
143

Evan Hunt's avatar
Evan Hunt committed
144
  <refsection><info><title>MANAGED-KEYS</title></info>
145

Evan Hunt's avatar
Evan Hunt committed
146
    <literallayout class="normal">
147
managed-keys {
148
	<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
149 150
};
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
151
  </refsection>
152

Evan Hunt's avatar
Evan Hunt committed
153
  <refsection><info><title>CONTROLS</title></info>
154

Evan Hunt's avatar
Evan Hunt committed
155
    <literallayout class="normal">
156 157 158 159 160 161 162
controls {
	inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
		allow { <replaceable>address_match_element</replaceable>; ... }
		<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
	unix <replaceable>unsupported</replaceable>; // not implemented
};
163
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
164
  </refsection>
165

Evan Hunt's avatar
Evan Hunt committed
166
  <refsection><info><title>LOGGING</title></info>
167

Evan Hunt's avatar
Evan Hunt committed
168
    <literallayout class="normal">
169 170 171 172 173 174 175 176 177 178 179 180 181
logging {
	channel <replaceable>string</replaceable> {
		file <replaceable>log_file</replaceable>;
		syslog <replaceable>optional_facility</replaceable>;
		null;
		stderr;
		severity <replaceable>log_severity</replaceable>;
		print-time <replaceable>boolean</replaceable>;
		print-severity <replaceable>boolean</replaceable>;
		print-category <replaceable>boolean</replaceable>;
	};
	category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
182
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
183
  </refsection>
184

Evan Hunt's avatar
Evan Hunt committed
185
  <refsection><info><title>LWRES</title></info>
186

Evan Hunt's avatar
Evan Hunt committed
187
    <literallayout class="normal">
188 189 190 191 192 193 194
lwres {
	listen-on <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};
	view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
	search { <replaceable>string</replaceable>; ... };
	ndots <replaceable>integer</replaceable>;
195 196
	lwres-tasks <replaceable>integer</replaceable>;
	lwres-clients <replaceable>integer</replaceable>;
197
};
198
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
199
  </refsection>
200

Evan Hunt's avatar
Evan Hunt committed
201
  <refsection><info><title>OPTIONS</title></info>
202

Evan Hunt's avatar
Evan Hunt committed
203
    <literallayout class="normal">
204 205 206 207 208 209 210 211 212 213 214
options {
	avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
	avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
	blackhole { <replaceable>address_match_element</replaceable>; ... };
	coresize <replaceable>size</replaceable>;
	datasize <replaceable>size</replaceable>;
	directory <replaceable>quoted_string</replaceable>;
	dump-file <replaceable>quoted_string</replaceable>;
	files <replaceable>size</replaceable>;
	heartbeat-interval <replaceable>integer</replaceable>;
	host-statistics <replaceable>boolean</replaceable>; // not implemented
215
	host-statistics-max <replaceable>number</replaceable>; // not implemented
216 217
	hostname ( <replaceable>quoted_string</replaceable> | none );
	interface-interval <replaceable>integer</replaceable>;
218
	keep-response-order { <replaceable>address_match_element</replaceable>; ... };
219 220 221 222 223 224 225 226
	listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
	listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
	match-mapped-addresses <replaceable>boolean</replaceable>;
	memstatistics-file <replaceable>quoted_string</replaceable>;
	pid-file ( <replaceable>quoted_string</replaceable> | none );
	port <replaceable>integer</replaceable>;
	querylog <replaceable>boolean</replaceable>;
	recursing-file <replaceable>quoted_string</replaceable>;
227
	reserved-sockets <replaceable>integer</replaceable>;
228 229 230
	random-device <replaceable>quoted_string</replaceable>;
	recursive-clients <replaceable>integer</replaceable>;
	serial-query-rate <replaceable>integer</replaceable>;
231
	server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
232 233 234 235 236 237 238
	stacksize <replaceable>size</replaceable>;
	statistics-file <replaceable>quoted_string</replaceable>;
	statistics-interval <replaceable>integer</replaceable>; // not yet implemented
	tcp-clients <replaceable>integer</replaceable>;
	tcp-listen-queue <replaceable>integer</replaceable>;
	tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
	tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
239
	tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
240
	tkey-domain <replaceable>quoted_string</replaceable>;
241
	transfer-message-size <replaceable>integer</replaceable>;
242 243 244 245 246
	transfers-per-ns <replaceable>integer</replaceable>;
	transfers-in <replaceable>integer</replaceable>;
	transfers-out <replaceable>integer</replaceable>;
	version ( <replaceable>quoted_string</replaceable> | none );
	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
247
	allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
248 249 250
	sortlist { <replaceable>address_match_element</replaceable>; ... };
	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
Evan Hunt's avatar
Evan Hunt committed
251
	minimal-any <replaceable>boolean</replaceable>;
252 253 254 255 256 257 258 259 260 261 262
	minimal-responses <replaceable>boolean</replaceable>;
	recursion <replaceable>boolean</replaceable>;
	rrset-order {
		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
	};
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
	additional-from-auth <replaceable>boolean</replaceable>;
	additional-from-cache <replaceable>boolean</replaceable>;
Mark Andrews's avatar
Mark Andrews committed
263 264
	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
265 266 267
	use-queryport-pool <replaceable>boolean</replaceable>;
	queryport-pool-ports <replaceable>integer</replaceable>;
	queryport-pool-updateinterval <replaceable>integer</replaceable>;
268
	cleaning-interval <replaceable>integer</replaceable>;
269
	resolver-query-timeout <replaceable>integer</replaceable>;
270 271 272 273 274
	min-roots <replaceable>integer</replaceable>; // not implemented
	lame-ttl <replaceable>integer</replaceable>;
	max-ncache-ttl <replaceable>integer</replaceable>;
	max-cache-ttl <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
275 276
	max-cache-size <replaceable>size</replaceable>;
	max-acache-size <replaceable>size</replaceable>;
277 278
	clients-per-query <replaceable>number</replaceable>;
	max-clients-per-query <replaceable>number</replaceable>;
279 280
	check-names ( master | slave | response )
		( fail | warn | ignore );
281
	check-mx ( fail | warn | ignore );
282 283 284
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
285
	cache-file <replaceable>quoted_string</replaceable>; // test option
286 287 288 289 290 291
	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
	preferred-glue <replaceable>string</replaceable>;
	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
292
	};
293
	edns-udp-size <replaceable>integer</replaceable>;
294
	max-udp-size <replaceable>integer</replaceable>;
295 296
	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
297
	disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
298
	dnssec-enable <replaceable>boolean</replaceable>;
299
	dnssec-validation <replaceable>boolean</replaceable>;
300
	dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
301
	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
302
	dnssec-accept-expired <replaceable>boolean</replaceable>;
303

304 305 306
	dns64-server <replaceable>string</replaceable>;
	dns64-contact <replaceable>string</replaceable>;
	dns64 <replaceable>prefix</replaceable> {
307 308 309
		clients { <replaceable>acl</replaceable>; };
		exclude { <replaceable>acl</replaceable>; };
		mapped { <replaceable>acl</replaceable>; };
310 311 312 313 314
		break-dnssec <replaceable>boolean</replaceable>;
		recursive-only <replaceable>boolean</replaceable>;
		suffix <replaceable>ipv6_address</replaceable>;
	};

315 316 317 318 319
	empty-server <replaceable>string</replaceable>;
	empty-contact <replaceable>string</replaceable>;
	empty-zones-enable <replaceable>boolean</replaceable>;
	disable-empty-zone <replaceable>string</replaceable>;

320 321 322 323
	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;

	allow-query { <replaceable>address_match_element</replaceable>; ... };
324
	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
325
	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
326
	allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
327
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
328
	allow-update { <replaceable>address_match_element</replaceable>; ... };
329
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
330
	update-check-ksk <replaceable>boolean</replaceable>;
331
	dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
332

Evan Hunt's avatar
Evan Hunt committed
333
	masterfile-format ( text | raw | map );
334 335 336
	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
337
	notify-delay <replaceable>seconds</replaceable>;
338
	notify-to-soa <replaceable>boolean</replaceable>;
339
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
340 341
		<optional> port <replaceable>integer</replaceable> </optional>; ...
		<optional> key <replaceable>keyname</replaceable> </optional> ... };
342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};

	max-journal-size <replaceable>size_no_default</replaceable>;
	max-transfer-time-in <replaceable>integer</replaceable>;
	max-transfer-time-out <replaceable>integer</replaceable>;
	max-transfer-idle-in <replaceable>integer</replaceable>;
	max-transfer-idle-out <replaceable>integer</replaceable>;
	max-retry-time <replaceable>integer</replaceable>;
	min-retry-time <replaceable>integer</replaceable>;
	max-refresh-time <replaceable>integer</replaceable>;
	min-refresh-time <replaceable>integer</replaceable>;
	multi-master <replaceable>boolean</replaceable>;
359

360
	sig-validity-interval <replaceable>integer</replaceable>;
361 362 363 364
	sig-re-signing-interval <replaceable>integer</replaceable>;
	sig-signing-nodes <replaceable>integer</replaceable>;
	sig-signing-signatures <replaceable>integer</replaceable>;
	sig-signing-type <replaceable>integer</replaceable>;
365 366 367 368 369 370 371 372 373 374 375 376 377 378

	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-alt-transfer-source <replaceable>boolean</replaceable>;

	zone-statistics <replaceable>boolean</replaceable>;
	key-directory <replaceable>quoted_string</replaceable>;
379
	managed-keys-directory <replaceable>quoted_string</replaceable>;
380
	auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
381
	try-tcp-refresh <replaceable>boolean</replaceable>;
382 383
	zero-no-soa-ttl <replaceable>boolean</replaceable>;
	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
384
	dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
385
	automatic-interface-scan <replaceable>boolean</replaceable>;
386 387 388 389 390 391 392

	cookie-algorithm ( <replaceable>aes</replaceable> | <replaceable>sha1</replaceable> | <replaceable>sha256</replaceable> );
	cookie-secret <replaceable>string</replaceable>;
	require-server-cookie <replaceable>boolean</replaceable>;
	send-cookie <replaceable>boolean</replaceable>;
	nocookie-udp-size <replaceable>integer</replaceable>;

393 394 395 396 397 398
	deny-answer-addresses {
		<replaceable>address_match_list</replaceable>
	} <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
	deny-answer-aliases {
		<replaceable>namelist</replaceable>
	} <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
399

400 401
	nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only

402 403 404 405 406 407 408 409 410 411 412 413
	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
	deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
	fake-iquery <replaceable>boolean</replaceable>; // obsolete
	fetch-glue <replaceable>boolean</replaceable>; // obsolete
	has-old-clients <replaceable>boolean</replaceable>; // obsolete
	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
	multiple-cnames <replaceable>boolean</replaceable>; // obsolete
	named-xfer <replaceable>quoted_string</replaceable>; // obsolete
	serial-queries <replaceable>integer</replaceable>; // obsolete
	treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
	use-id-pool <replaceable>boolean</replaceable>; // obsolete
414
	use-ixfr <replaceable>boolean</replaceable>; // obsolete
415
};
416
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
417
  </refsection>
418

Evan Hunt's avatar
Evan Hunt committed
419
  <refsection><info><title>VIEW</title></info>
420

Evan Hunt's avatar
Evan Hunt committed
421
    <literallayout class="normal">
422 423 424 425 426 427 428 429 430 431 432 433 434 435
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
	match-clients { <replaceable>address_match_element</replaceable>; ... };
	match-destinations { <replaceable>address_match_element</replaceable>; ... };
	match-recursive-only <replaceable>boolean</replaceable>;

	key <replaceable>string</replaceable> {
		algorithm <replaceable>string</replaceable>;
		secret <replaceable>string</replaceable>;
	};

	zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
		...
	};

436
	server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
437 438 439 440
		...
	};

	trusted-keys {
441 442
		<replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
		<optional>...</optional>
443 444 445
	};

	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
446
	allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
447 448 449
	sortlist { <replaceable>address_match_element</replaceable>; ... };
	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
Evan Hunt's avatar
Evan Hunt committed
450
	minimal-any <replaceable>boolean</replaceable>;
451 452 453 454 455 456 457 458 459 460 461
	minimal-responses <replaceable>boolean</replaceable>;
	recursion <replaceable>boolean</replaceable>;
	rrset-order {
		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
	};
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
	additional-from-auth <replaceable>boolean</replaceable>;
	additional-from-cache <replaceable>boolean</replaceable>;
Mark Andrews's avatar
Mark Andrews committed
462 463
	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
464 465 466
	use-queryport-pool <replaceable>boolean</replaceable>;
	queryport-pool-ports <replaceable>integer</replaceable>;
	queryport-pool-updateinterval <replaceable>integer</replaceable>;
467
	cleaning-interval <replaceable>integer</replaceable>;
468
	resolver-query-timeout <replaceable>integer</replaceable>;
469 470 471 472 473
	min-roots <replaceable>integer</replaceable>; // not implemented
	lame-ttl <replaceable>integer</replaceable>;
	max-ncache-ttl <replaceable>integer</replaceable>;
	max-cache-ttl <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
474 475
	max-cache-size <replaceable>size</replaceable>;
	max-acache-size <replaceable>size</replaceable>;
476 477
	clients-per-query <replaceable>number</replaceable>;
	max-clients-per-query <replaceable>number</replaceable>;
478 479
	check-names ( master | slave | response )
		( fail | warn | ignore );
480
	check-mx ( fail | warn | ignore );
481 482 483
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
484
	cache-file <replaceable>quoted_string</replaceable>; // test option
485 486 487 488 489 490 491 492
	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
	preferred-glue <replaceable>string</replaceable>;
	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
	};
	edns-udp-size <replaceable>integer</replaceable>;
493
	max-udp-size <replaceable>integer</replaceable>;
494 495
	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
496
	disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
497
	dnssec-enable <replaceable>boolean</replaceable>;
498
	dnssec-validation <replaceable>boolean</replaceable>;
499
	dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
500
	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
501
	dnssec-accept-expired <replaceable>boolean</replaceable>;
502

503 504 505
	dns64-server <replaceable>string</replaceable>;
	dns64-contact <replaceable>string</replaceable>;
	dns64 <replaceable>prefix</replaceable> {
506 507 508
		clients { <replaceable>acl</replaceable>; };
		exclude { <replaceable>acl</replaceable>; };
		mapped { <replaceable>acl</replaceable>; };
509 510 511 512 513
		break-dnssec <replaceable>boolean</replaceable>;
		recursive-only <replaceable>boolean</replaceable>;
		suffix <replaceable>ipv6_address</replaceable>;
	};

514 515 516 517 518
	empty-server <replaceable>string</replaceable>;
	empty-contact <replaceable>string</replaceable>;
	empty-zones-enable <replaceable>boolean</replaceable>;
	disable-empty-zone <replaceable>string</replaceable>;

519 520 521 522
	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;

	allow-query { <replaceable>address_match_element</replaceable>; ... };
523
	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
524
	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
525
	allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
526
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
527
	allow-update { <replaceable>address_match_element</replaceable>; ... };
528
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
529
	update-check-ksk <replaceable>boolean</replaceable>;
530
	dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
531

Evan Hunt's avatar
Evan Hunt committed
532
	masterfile-format ( text | raw | map );
533 534 535
	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
536
	notify-delay <replaceable>seconds</replaceable>;
537
	notify-to-soa <replaceable>boolean</replaceable>;
538
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
539 540
		<optional> port <replaceable>integer</replaceable> </optional>; ...
		<optional> key <replaceable>keyname</replaceable> </optional> ... };
541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};

	max-journal-size <replaceable>size_no_default</replaceable>;
	max-transfer-time-in <replaceable>integer</replaceable>;
	max-transfer-time-out <replaceable>integer</replaceable>;
	max-transfer-idle-in <replaceable>integer</replaceable>;
	max-transfer-idle-out <replaceable>integer</replaceable>;
	max-retry-time <replaceable>integer</replaceable>;
	min-retry-time <replaceable>integer</replaceable>;
	max-refresh-time <replaceable>integer</replaceable>;
	min-refresh-time <replaceable>integer</replaceable>;
	multi-master <replaceable>boolean</replaceable>;
	sig-validity-interval <replaceable>integer</replaceable>;

	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-alt-transfer-source <replaceable>boolean</replaceable>;

	zone-statistics <replaceable>boolean</replaceable>;
572
	try-tcp-refresh <replaceable>boolean</replaceable>;
573
	key-directory <replaceable>quoted_string</replaceable>;
574 575
	zero-no-soa-ttl <replaceable>boolean</replaceable>;
	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
576
	dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
577

578 579 580 581
	require-server-cookie <replaceable>boolean</replaceable>;
	send-cookie <replaceable>boolean</replaceable>;
	nocookie-udp-size <replaceable>integer</replaceable>;

582 583 584 585 586
	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
	fetch-glue <replaceable>boolean</replaceable>; // obsolete
	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
};
587
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
588
  </refsection>
589

Evan Hunt's avatar
Evan Hunt committed
590
  <refsection><info><title>ZONE</title></info>
591

Evan Hunt's avatar
Evan Hunt committed
592
    <literallayout class="normal">
593
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
594
	type ( master | slave | stub | hint | redirect |
595 596 597 598 599 600 601 602 603 604 605 606
		forward | delegation-only );
	file <replaceable>quoted_string</replaceable>;

	masters <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>masters</replaceable> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
	};

	database <replaceable>string</replaceable>;
	delegation-only <replaceable>boolean</replaceable>;
	check-names ( fail | warn | ignore );
607
	check-mx ( fail | warn | ignore );
608 609 610
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
611 612
	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>boolean</replaceable>;
613
	journal <replaceable>quoted_string</replaceable>;
614
	zero-no-soa-ttl <replaceable>boolean</replaceable>;
615
	dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
616 617

	allow-query { <replaceable>address_match_element</replaceable>; ... };
618
	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
619 620 621
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
	allow-update { <replaceable>address_match_element</replaceable>; ... };
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
622
	update-policy <replaceable>local</replaceable> | <replaceable> {
623
		( grant | deny ) <replaceable>string</replaceable>
624
		( name | subdomain | wildcard | self | selfsub | selfwild |
625
		  krb5-self | ms-self | krb5-subdomain | ms-subdomain |
626 627 628 629
		  tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
		<replaceable>rrtypelist</replaceable>;
		<optional>...</optional>
	}</replaceable>;
630
	update-check-ksk <replaceable>boolean</replaceable>;
631
	dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
632

Evan Hunt's avatar
Evan Hunt committed
633
	masterfile-format ( text | raw | map );
634 635 636
	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
637
	notify-delay <replaceable>seconds</replaceable>;
638
	notify-to-soa <replaceable>boolean</replaceable>;
639
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
640 641
		<optional> port <replaceable>integer</replaceable> </optional>; ...
		<optional> key <replaceable>keyname</replaceable> </optional> ... };
642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};

	max-journal-size <replaceable>size_no_default</replaceable>;
	max-transfer-time-in <replaceable>integer</replaceable>;
	max-transfer-time-out <replaceable>integer</replaceable>;
	max-transfer-idle-in <replaceable>integer</replaceable>;
	max-transfer-idle-out <replaceable>integer</replaceable>;
	max-retry-time <replaceable>integer</replaceable>;
	min-retry-time <replaceable>integer</replaceable>;
	max-refresh-time <replaceable>integer</replaceable>;
	min-refresh-time <replaceable>integer</replaceable>;
	multi-master <replaceable>boolean</replaceable>;
659
	request-ixfr <replaceable>boolean</replaceable>;
660 661 662 663 664 665 666 667 668 669 670 671 672 673
	sig-validity-interval <replaceable>integer</replaceable>;

	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-alt-transfer-source <replaceable>boolean</replaceable>;

	zone-statistics <replaceable>boolean</replaceable>;
674
	try-tcp-refresh <replaceable>boolean</replaceable>;
675 676
	key-directory <replaceable>quoted_string</replaceable>;

677 678
	nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only

679 680 681 682 683 684
	ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
	ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
	pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
};
685
</literallayout>
Evan Hunt's avatar
Evan Hunt committed
686
  </refsection>
687

Evan Hunt's avatar
Evan Hunt committed
688
  <refsection><info><title>FILES</title></info>
689

690 691
    <para><filename>/etc/named.conf</filename>
    </para>
Evan Hunt's avatar
Evan Hunt committed
692
  </refsection>
693

Evan Hunt's avatar
Evan Hunt committed
694
  <refsection><info><title>SEE ALSO</title></info>
695

696
    <para><citerefentry>
697
	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
698
      </citerefentry>,
699
      <citerefentry>
700
	<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
701
      </citerefentry>,
702
      <citerefentry>
703
	<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
704
      </citerefentry>,
705
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
706
    </para>
Evan Hunt's avatar
Evan Hunt committed
707
  </refsection>
708

Evan Hunt's avatar
Evan Hunt committed
709
</refentry>