Manpages - named.conf.5
Table of Contents
NAME
named.conf - configuration file for named
SYNOPSIS
named.conf
DESCRIPTION
named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:
C style: * *
#+begin_quote C++ style: // to end of line
#+end_quote
Unix style: # to end of line
ACL
#+begin_quote
acl string { address_match_element; ... };
#+end_quote
CONTROLS
#+begin_quote
controls { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ]; unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ]; };
#+end_quote
DLZ
#+begin_quote
dlz string { database string; search boolean; };
#+end_quote
DNSSEC-POLICY
#+begin_quote
dnssec-policy string { dnskey-ttl duration; keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; max-zone-ttl duration; nsec3param [ iterations integer ] [ optout boolean ] [ salt-length integer ]; parent-ds-ttl duration; parent-propagation-delay duration; publish-safety duration; purge-keys duration; retire-safety duration; signatures-refresh duration; signatures-validity duration; signatures-validity-dnskey duration; zone-propagation-delay duration; };
#+end_quote
DYNDB
#+begin_quote
dyndb string quoted_string { unspecified-text };
#+end_quote
KEY
#+begin_quote
key string { algorithm string; secret string; };
#+end_quote
LOGGING
#+begin_quote
logging { category string { string; ... }; channel string { buffered boolean; file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print-category boolean; print-severity boolean; print-time ( iso8601 | iso8601-utc | local | boolean ); severity log_severity; stderr; syslog [ syslog_facility ]; }; };
#+end_quote
MANAGED-KEYS
See DNSSEC-KEYS.
#+begin_quote
managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated
#+end_quote
MASTERS
#+begin_quote
masters string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... };
#+end_quote
OPTIONS
#+begin_quote
options { allow-new-zones boolean; allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-cache { address_match_element; ... }; allow-query-cache-on { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer-cookie boolean; attach-cache string; auth-nxdomain boolean; // default changed auto-dnssec ( allow | maintain | off ); automatic-interface-scan boolean; avoid-v4-udp-ports { portrange; ... }; avoid-v6-udp-ports { portrange; ... }; bindkeys-file quoted_string; blackhole { address_match_element; ... }; cache-file quoted_string;// deprecated catalog-zones { zone string [ default-masters [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; clients-per-query integer; cookie-algorithm ( aes | siphash24 ); cookie-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); directory quoted_string; disable-algorithms string { string; ... }; disable-ds-digests string { string; ... }; disable-empty-zone string; dns64 netprefix { break-dnssec boolean; clients { address_match_element; ... }; exclude { address_match_element; ... }; mapped { address_match_element; ... }; recursive-only boolean; suffix ipv6_address; }; dns64-contact string; dns64-server string; dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-must-be-secure string boolean; dnssec-policy string; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap-identity ( quoted_string | none | hostname ); dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap-version ( quoted_string | none ); dscp integer; dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump-file quoted_string; edns-udp-size integer; empty-contact string; empty-server string; empty-zones-enable boolean; fetch-quota-params integer fixedpoint fixedpoint fixedpoint; fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; files ( default | unlimited | sizeval ); flush-zones-on-shutdown boolean; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm-set-buffer-hint integer; fstrm-set-flush-timeout integer; fstrm-set-input-queue-size integer; fstrm-set-output-notify-threshold integer; fstrm-set-output-queue-model ( mpsc | spsc ); fstrm-set-output-queue-size integer; fstrm-set-reopen-interval duration; geoip-directory ( quoted_string | none ); glue-cache boolean; heartbeat-interval integer; hostname ( quoted_string | none ); interface-interval duration; ixfr-from-differences ( primary | master | secondary | slave | boolean ); keep-response-order { address_match_element; ... }; key-directory quoted_string; lame-ttl duration; listen-on [ port integer ] [ dscp integer ] { address_match_element; ... }; listen-on-v6 [ port integer ] [ dscp integer ] { address_match_element; ... }; lmdb-mapsize sizeval; lock-file ( quoted_string | none ); managed-keys-directory quoted_string; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); match-mapped-addresses boolean; max-cache-size ( default | unlimited | sizeval | percentage ); max-cache-ttl duration; max-clients-per-query integer; max-ixfr-ratio ( unlimited | percentage ); max-journal-size ( default | unlimited | sizeval ); max-ncache-ttl duration; max-records integer; max-recursion-depth integer; max-recursion-queries integer; max-refresh-time integer; max-retry-time integer; max-rsa-exponent-size integer; max-stale-ttl duration; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-udp-size integer; max-zone-ttl ( unlimited | duration ); memstatistics boolean; memstatistics-file quoted_string; message-compression boolean; min-cache-ttl duration; min-ncache-ttl duration; min-refresh-time integer; min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; nocookie-udp-size integer; notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; notify-rate integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime duration; nta-recheck duration; nxdomain-redirect string; parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; pid-file ( quoted_string | none ); port integer; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random-device ( quoted_string | none ); rate-limit { all-per-second integer; errors-per-second integer; exempt-clients { address_match_element; ... }; ipv4-prefix-length integer; ipv6-prefix-length integer; log-only boolean; max-table-size integer; min-table-size integer; nodata-per-second integer; nxdomains-per-second integer; qps-scale integer; referrals-per-second integer; responses-per-second integer; slip integer; window integer; }; recursing-file quoted_string; recursion boolean; recursive-clients integer; request-expire boolean; request-ixfr boolean; request-nsid boolean; require-server-cookie boolean; reserved-sockets integer; resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots-file quoted_string; send-cookie boolean; serial-query-rate integer; serial-update-method ( date | increment | unixtime ); server-id ( quoted_string | none | hostname ); servfail-ttl duration; session-keyalg string; session-keyfile ( quoted_string | none ); session-keyname string; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; sortlist { address_match_element; ... }; stacksize ( default | unlimited | sizeval ); stale-answer-client-timeout ( disabled | off | integer ); stale-answer-enable boolean; stale-answer-ttl duration; stale-cache-enable boolean; stale-refresh-time duration; startup-notify-rate integer; statistics-file quoted_string; synth-from-dnssec boolean; tcp-advertised-timeout integer; tcp-clients integer; tcp-idle-timeout integer; tcp-initial-timeout integer; tcp-keepalive-timeout integer; tcp-listen-queue integer; tkey-dhkey quoted_string integer; tkey-domain quoted_string; tkey-gssapi-credential quoted_string; tkey-gssapi-keytab quoted_string; transfer-format ( many-answers | one-answer ); transfer-message-size integer; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers-in integer; transfers-out integer; transfers-per-ns integer; trust-anchor-telemetry boolean; // experimental try-tcp-refresh boolean; update-check-ksk boolean; use-alt-transfer-source boolean; use-v4-udp-ports { portrange; ... }; use-v6-udp-ports { portrange; ... }; v6-bias integer; validate-except { string; ... }; version ( quoted_string | none ); zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; zone-statistics ( full | terse | none | boolean ); };
#+end_quote
PARENTAL-AGENTS
#+begin_quote
parental-agents string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... };
#+end_quote
PLUGIN
#+begin_quote
plugin ( query ) string [ { unspecified-text } ];
#+end_quote
PRIMARIES
#+begin_quote
primaries string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... };
#+end_quote
SERVER
#+begin_quote
server netprefix { bogus boolean; edns boolean; edns-udp-size integer; edns-version integer; keys server_key; max-udp-size integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; send-cookie boolean; tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; };
#+end_quote
STATISTICS-CHANNELS
#+begin_quote
statistics-channels { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; };
#+end_quote
TRUST-ANCHORS
#+begin_quote
trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };
#+end_quote
TRUSTED-KEYS
Deprecated - see DNSSEC-KEYS.
#+begin_quote
trusted-keys { string integer integer integer quoted_string; ... };, deprecated
#+end_quote
VIEW
#+begin_quote
view string [ class ] { allow-new-zones boolean; allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-cache { address_match_element; ... }; allow-query-cache-on { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach-cache string; auth-nxdomain boolean; // default changed auto-dnssec ( allow | maintain | off ); cache-file quoted_string;// deprecated catalog-zones { zone string [ default-masters [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; clients-per-query integer; deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); disable-algorithms string { string; ... }; disable-ds-digests string { string; ... }; disable-empty-zone string; dlz string { database string; search boolean; }; dns64 netprefix { break-dnssec boolean; clients { address_match_element; ... }; exclude { address_match_element; ... }; mapped { address_match_element; ... }; recursive-only boolean; suffix ipv6_address; }; dns64-contact string; dns64-server string; dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-must-be-secure string boolean; dnssec-policy string; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dyndb string quoted_string { unspecified-text }; edns-udp-size integer; empty-contact string; empty-server string; empty-zones-enable boolean; fetch-quota-params integer fixedpoint fixedpoint fixedpoint; fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; glue-cache boolean; ixfr-from-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; }; key-directory quoted_string; lame-ttl duration; lmdb-mapsize sizeval; managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); match-clients { address_match_element; ... }; match-destinations { address_match_element; ... }; match-recursive-only boolean; max-cache-size ( default | unlimited | sizeval | percentage ); max-cache-ttl duration; max-clients-per-query integer; max-ixfr-ratio ( unlimited | percentage ); max-journal-size ( default | unlimited | sizeval ); max-ncache-ttl duration; max-records integer; max-recursion-depth integer; max-recursion-queries integer; max-refresh-time integer; max-retry-time integer; max-stale-ttl duration; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-udp-size integer; max-zone-ttl ( unlimited | duration ); message-compression boolean; min-cache-ttl duration; min-ncache-ttl duration; min-refresh-time integer; min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; nocookie-udp-size integer; notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime duration; nta-recheck duration; nxdomain-redirect string; parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; plugin ( query ) string [ { unspecified-text } ]; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate-limit { all-per-second integer; errors-per-second integer; exempt-clients { address_match_element; ... }; ipv4-prefix-length integer; ipv6-prefix-length integer; log-only boolean; max-table-size integer; min-table-size integer; nodata-per-second integer; nxdomains-per-second integer; qps-scale integer; referrals-per-second integer; responses-per-second integer; slip integer; window integer; }; recursion boolean; request-expire boolean; request-ixfr boolean; request-nsid boolean; require-server-cookie boolean; resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send-cookie boolean; serial-update-method ( date | increment | unixtime ); server netprefix { bogus boolean; edns boolean; edns-udp-size integer; edns-version integer; keys server_key; max-udp-size integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; send-cookie boolean; tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail-ttl duration; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; sortlist { address_match_element; ... }; stale-answer-client-timeout ( disabled | off | integer ); stale-answer-enable boolean; stale-answer-ttl duration; stale-cache-enable boolean; stale-refresh-time duration; synth-from-dnssec boolean; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust-anchor-telemetry boolean; // experimental trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; trusted-keys { string integer integer integer quoted_string; ... };, deprecated try-tcp-refresh boolean; update-check-ksk boolean; use-alt-transfer-source boolean; v6-bias integer; validate-except { string; ... }; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; zone string [ class ] { allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; auto-dnssec ( allow | maintain | off ); check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; database string; delegation-only boolean; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-policy string; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); file quoted_string; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; in-view string; inline-signing boolean; ixfr-from-differences boolean; journal quoted_string; key-directory quoted_string; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; max-ixfr-ratio ( unlimited | percentage ); max-journal-size ( default | unlimited | sizeval ); max-records integer; max-refresh-time integer; max-retry-time integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-zone-ttl ( unlimited | duration ); min-refresh-time integer; min-retry-time integer; multi-master boolean; notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; parental-agents [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; request-expire boolean; request-ixfr boolean; serial-update-method ( date | increment | unixtime ); server-addresses { ( ipv4_address | ipv6_address ); ... }; server-names { string; ... }; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try-tcp-refresh boolean; type ( primary | master | secondary | slave | mirror | delegation-only | forward | hint | redirect | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; zone-statistics ( full | terse | none | boolean ); };
#+end_quote
ZONE
#+begin_quote
zone string [ class ] { allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; auto-dnssec ( allow | maintain | off ); check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; database string; delegation-only boolean; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-policy string; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); file quoted_string; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; in-view string; inline-signing boolean; ixfr-from-differences boolean; journal quoted_string; key-directory quoted_string; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; max-ixfr-ratio ( unlimited | percentage ); max-journal-size ( default | unlimited | sizeval ); max-records integer; max-refresh-time integer; max-retry-time integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-zone-ttl ( unlimited | duration ); min-refresh-time integer; min-retry-time integer; multi-master boolean; notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; parental-agents [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; request-expire boolean; request-ixfr boolean; serial-update-method ( date | increment | unixtime ); server-addresses { ( ipv4_address | ipv6_address ); ... }; server-names { string; ... }; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try-tcp-refresh boolean; type ( primary | master | secondary | slave | mirror | delegation-only | forward | hint | redirect | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); };
#+end_quote
FILES
/etc/named.conf
SEE ALSO
ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-confgen(8), BIND 9 Administrator Reference Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2021, Internet Systems Consortium