Manpages - named.conf.5

Table of Contents

NAME

named.conf - configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: * *

#+begin_quote C++ style: // to end of line

#+end_quote

Unix style: # to end of line

ACL

#+begin_quote

      acl string { address_match_element; ... };

#+end_quote

CONTROLS

#+begin_quote

      controls {
            inet ( ipv4_address | ipv6_address |
                * ) [ port ( integer | * ) ] allow
                { address_match_element; ... } [
                keys { string; ... } ] [ read-only
                boolean ];
            unix quoted_string perm integer
                owner integer group integer [
                keys { string; ... } ] [ read-only
                boolean ];
      };

#+end_quote

DLZ

#+begin_quote

      dlz string {
            database string;
            search boolean;
      };

#+end_quote

DNSSEC-POLICY

#+begin_quote

      dnssec-policy string {
            dnskey-ttl duration;
            keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
                duration_or_unlimited algorithm string [ integer ]; ... };
            max-zone-ttl duration;
            nsec3param [ iterations integer ] [ optout boolean ] [
                salt-length integer ];
            parent-ds-ttl duration;
            parent-propagation-delay duration;
            publish-safety duration;
            purge-keys duration;
            retire-safety duration;
            signatures-refresh duration;
            signatures-validity duration;
            signatures-validity-dnskey duration;
            zone-propagation-delay duration;
      };

#+end_quote

DYNDB

#+begin_quote

      dyndb string quoted_string {
          unspecified-text };

#+end_quote

KEY

#+begin_quote

      key string {
            algorithm string;
            secret string;
      };

#+end_quote

LOGGING

#+begin_quote

      logging {
            category string { string; ... };
            channel string {
                    buffered boolean;
                    file quoted_string [ versions ( unlimited | integer ) ]
                        [ size size ] [ suffix ( increment | timestamp ) ];
                    null;
                    print-category boolean;
                    print-severity boolean;
                    print-time ( iso8601 | iso8601-utc | local | boolean );
                    severity log_severity;
                    stderr;
                    syslog [ syslog_facility ];
            };
      };

#+end_quote

MANAGED-KEYS

See DNSSEC-KEYS.

#+begin_quote

      managed-keys { string ( static-key
          | initial-key | static-ds |
          initial-ds ) integer integer
          integer quoted_string; ... };, deprecated

#+end_quote

MASTERS

#+begin_quote

      masters string [ port integer ] [ dscp
          integer ] { ( remote-servers |
          ipv4_address [ port integer ] |
          ipv6_address [ port integer ] ) [ key
          string ]; ... };

#+end_quote

OPTIONS

#+begin_quote

      options {
            allow-new-zones boolean;
            allow-notify { address_match_element; ... };
            allow-query { address_match_element; ... };
            allow-query-cache { address_match_element; ... };
            allow-query-cache-on { address_match_element; ... };
            allow-query-on { address_match_element; ... };
            allow-recursion { address_match_element; ... };
            allow-recursion-on { address_match_element; ... };
            allow-transfer { address_match_element; ... };
            allow-update { address_match_element; ... };
            allow-update-forwarding { address_match_element; ... };
            also-notify [ port integer ] [ dscp integer ] { (
                remote-servers | ipv4_address [ port integer ] |
                ipv6_address [ port integer ] ) [ key string ]; ... };
            alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
                * ) ] [ dscp integer ];
            answer-cookie boolean;
            attach-cache string;
            auth-nxdomain boolean; // default changed
            auto-dnssec ( allow | maintain | off );
            automatic-interface-scan boolean;
            avoid-v4-udp-ports { portrange; ... };
            avoid-v6-udp-ports { portrange; ... };
            bindkeys-file quoted_string;
            blackhole { address_match_element; ... };
            cache-file quoted_string;// deprecated
            catalog-zones { zone string [ default-masters [ port integer ]
                [ dscp integer ] { ( remote-servers | ipv4_address [ port
                integer ] | ipv6_address [ port integer ] ) [ key
                string ]; ... } ] [ zone-directory quoted_string ] [
                in-memory boolean ] [ min-update-interval duration ]; ... };
            check-dup-records ( fail | warn | ignore );
            check-integrity boolean;
            check-mx ( fail | warn | ignore );
            check-mx-cname ( fail | warn | ignore );
            check-names ( primary | master |
                secondary | slave | response ) (
                fail | warn | ignore );
            check-sibling boolean;
            check-spf ( warn | ignore );
            check-srv-cname ( fail | warn | ignore );
            check-wildcard boolean;
            clients-per-query integer;
            cookie-algorithm ( aes | siphash24 );
            cookie-secret string;
            coresize ( default | unlimited | sizeval );
            datasize ( default | unlimited | sizeval );
            deny-answer-addresses { address_match_element; ... } [
                except-from { string; ... } ];
            deny-answer-aliases { string; ... } [ except-from { string; ...
                } ];
            dialup ( notify | notify-passive | passive | refresh | boolean );
            directory quoted_string;
            disable-algorithms string { string;
                ... };
            disable-ds-digests string { string;
                ... };
            disable-empty-zone string;
            dns64 netprefix {
                    break-dnssec boolean;
                    clients { address_match_element; ... };
                    exclude { address_match_element; ... };
                    mapped { address_match_element; ... };
                    recursive-only boolean;
                    suffix ipv6_address;
            };
            dns64-contact string;
            dns64-server string;
            dnskey-sig-validity integer;
            dnsrps-enable boolean;
            dnsrps-options { unspecified-text };
            dnssec-accept-expired boolean;
            dnssec-dnskey-kskonly boolean;
            dnssec-loadkeys-interval integer;
            dnssec-must-be-secure string boolean;
            dnssec-policy string;
            dnssec-secure-to-insecure boolean;
            dnssec-update-mode ( maintain | no-resign );
            dnssec-validation ( yes | no | auto );
            dnstap { ( all | auth | client | forwarder | resolver | update ) [
                ( query | response ) ]; ... };
            dnstap-identity ( quoted_string | none | hostname );
            dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
                size ) ] [ versions ( unlimited | integer ) ] [ suffix (
                increment | timestamp ) ];
            dnstap-version ( quoted_string | none );
            dscp integer;
            dual-stack-servers [ port integer ] { ( quoted_string [ port
                integer ] [ dscp integer ] | ipv4_address [ port
                integer ] [ dscp integer ] | ipv6_address [ port
                integer ] [ dscp integer ] ); ... };
            dump-file quoted_string;
            edns-udp-size integer;
            empty-contact string;
            empty-server string;
            empty-zones-enable boolean;
            fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
            fetches-per-server integer [ ( drop | fail ) ];
            fetches-per-zone integer [ ( drop | fail ) ];
            files ( default | unlimited | sizeval );
            flush-zones-on-shutdown boolean;
            forward ( first | only );
            forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
                | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
            fstrm-set-buffer-hint integer;
            fstrm-set-flush-timeout integer;
            fstrm-set-input-queue-size integer;
            fstrm-set-output-notify-threshold integer;
            fstrm-set-output-queue-model ( mpsc | spsc );
            fstrm-set-output-queue-size integer;
            fstrm-set-reopen-interval duration;
            geoip-directory ( quoted_string | none );
            glue-cache boolean;
            heartbeat-interval integer;
            hostname ( quoted_string | none );
            interface-interval duration;
            ixfr-from-differences ( primary | master | secondary | slave |
                boolean );
            keep-response-order { address_match_element; ... };
            key-directory quoted_string;
            lame-ttl duration;
            listen-on [ port integer ] [ dscp
                integer ] {
                address_match_element; ... };
            listen-on-v6 [ port integer ] [ dscp
                integer ] {
                address_match_element; ... };
            lmdb-mapsize sizeval;
            lock-file ( quoted_string | none );
            managed-keys-directory quoted_string;
            masterfile-format ( map | raw | text );
            masterfile-style ( full | relative );
            match-mapped-addresses boolean;
            max-cache-size ( default | unlimited | sizeval | percentage );
            max-cache-ttl duration;
            max-clients-per-query integer;
            max-ixfr-ratio ( unlimited | percentage );
            max-journal-size ( default | unlimited | sizeval );
            max-ncache-ttl duration;
            max-records integer;
            max-recursion-depth integer;
            max-recursion-queries integer;
            max-refresh-time integer;
            max-retry-time integer;
            max-rsa-exponent-size integer;
            max-stale-ttl duration;
            max-transfer-idle-in integer;
            max-transfer-idle-out integer;
            max-transfer-time-in integer;
            max-transfer-time-out integer;
            max-udp-size integer;
            max-zone-ttl ( unlimited | duration );
            memstatistics boolean;
            memstatistics-file quoted_string;
            message-compression boolean;
            min-cache-ttl duration;
            min-ncache-ttl duration;
            min-refresh-time integer;
            min-retry-time integer;
            minimal-any boolean;
            minimal-responses ( no-auth | no-auth-recursive | boolean );
            multi-master boolean;
            new-zones-directory quoted_string;
            no-case-compress { address_match_element; ... };
            nocookie-udp-size integer;
            notify ( explicit | master-only | primary-only | boolean );
            notify-delay integer;
            notify-rate integer;
            notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                [ dscp integer ];
            notify-to-soa boolean;
            nta-lifetime duration;
            nta-recheck duration;
            nxdomain-redirect string;
            parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            pid-file ( quoted_string | none );
            port integer;
            preferred-glue string;
            prefetch integer [ integer ];
            provide-ixfr boolean;
            qname-minimization ( strict | relaxed | disabled | off );
            query-source ( ( [ address ] ( ipv4_address | * ) [ port (
                integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
                port ( integer | * ) ) ) [ dscp integer ];
            query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
                integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
                port ( integer | * ) ) ) [ dscp integer ];
            querylog boolean;
            random-device ( quoted_string | none );
            rate-limit {
                    all-per-second integer;
                    errors-per-second integer;
                    exempt-clients { address_match_element; ... };
                    ipv4-prefix-length integer;
                    ipv6-prefix-length integer;
                    log-only boolean;
                    max-table-size integer;
                    min-table-size integer;
                    nodata-per-second integer;
                    nxdomains-per-second integer;
                    qps-scale integer;
                    referrals-per-second integer;
                    responses-per-second integer;
                    slip integer;
                    window integer;
            };
            recursing-file quoted_string;
            recursion boolean;
            recursive-clients integer;
            request-expire boolean;
            request-ixfr boolean;
            request-nsid boolean;
            require-server-cookie boolean;
            reserved-sockets integer;
            resolver-nonbackoff-tries integer;
            resolver-query-timeout integer;
            resolver-retry-interval integer;
            response-padding { address_match_element; ... } block-size
                integer;
            response-policy { zone string [ add-soa boolean ] [ log
                boolean ] [ max-policy-ttl duration ] [ min-update-interval
                duration ] [ policy ( cname | disabled | drop | given | no-op
                | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
                recursive-only boolean ] [ nsip-enable boolean ] [
                nsdname-enable boolean ]; ... } [ add-soa boolean ] [
                break-dnssec boolean ] [ max-policy-ttl duration ] [
                min-update-interval duration ] [ min-ns-dots integer ] [
                nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
                [ recursive-only boolean ] [ nsip-enable boolean ] [
                nsdname-enable boolean ] [ dnsrps-enable boolean ] [
                dnsrps-options { unspecified-text } ];
            root-delegation-only [ exclude { string; ... } ];
            root-key-sentinel boolean;
            rrset-order { [ class string ] [ type string ] [ name
                quoted_string ] string string; ... };
            secroots-file quoted_string;
            send-cookie boolean;
            serial-query-rate integer;
            serial-update-method ( date | increment | unixtime );
            server-id ( quoted_string | none | hostname );
            servfail-ttl duration;
            session-keyalg string;
            session-keyfile ( quoted_string | none );
            session-keyname string;
            sig-signing-nodes integer;
            sig-signing-signatures integer;
            sig-signing-type integer;
            sig-validity-interval integer [ integer ];
            sortlist { address_match_element; ... };
            stacksize ( default | unlimited | sizeval );
            stale-answer-client-timeout ( disabled | off | integer );
            stale-answer-enable boolean;
            stale-answer-ttl duration;
            stale-cache-enable boolean;
            stale-refresh-time duration;
            startup-notify-rate integer;
            statistics-file quoted_string;
            synth-from-dnssec boolean;
            tcp-advertised-timeout integer;
            tcp-clients integer;
            tcp-idle-timeout integer;
            tcp-initial-timeout integer;
            tcp-keepalive-timeout integer;
            tcp-listen-queue integer;
            tkey-dhkey quoted_string integer;
            tkey-domain quoted_string;
            tkey-gssapi-credential quoted_string;
            tkey-gssapi-keytab quoted_string;
            transfer-format ( many-answers | one-answer );
            transfer-message-size integer;
            transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            transfers-in integer;
            transfers-out integer;
            transfers-per-ns integer;
            trust-anchor-telemetry boolean; // experimental
            try-tcp-refresh boolean;
            update-check-ksk boolean;
            use-alt-transfer-source boolean;
            use-v4-udp-ports { portrange; ... };
            use-v6-udp-ports { portrange; ... };
            v6-bias integer;
            validate-except { string; ... };
            version ( quoted_string | none );
            zero-no-soa-ttl boolean;
            zero-no-soa-ttl-cache boolean;
            zone-statistics ( full | terse | none | boolean );
      };

#+end_quote

PARENTAL-AGENTS

#+begin_quote

      parental-agents string [ port integer ] [
          dscp integer ] { ( remote-servers |
          ipv4_address [ port integer ] |
          ipv6_address [ port integer ] ) [ key
          string ]; ... };

#+end_quote

PLUGIN

#+begin_quote

      plugin ( query ) string [ { unspecified-text
          } ];

#+end_quote

PRIMARIES

#+begin_quote

      primaries string [ port integer ] [ dscp
          integer ] { ( remote-servers |
          ipv4_address [ port integer ] |
          ipv6_address [ port integer ] ) [ key
          string ]; ... };

#+end_quote

SERVER

#+begin_quote

      server netprefix {
            bogus boolean;
            edns boolean;
            edns-udp-size integer;
            edns-version integer;
            keys server_key;
            max-udp-size integer;
            notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                [ dscp integer ];
            padding integer;
            provide-ixfr boolean;
            query-source ( ( [ address ] ( ipv4_address | * ) [ port (
                integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
                port ( integer | * ) ) ) [ dscp integer ];
            query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
                integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
                port ( integer | * ) ) ) [ dscp integer ];
            request-expire boolean;
            request-ixfr boolean;
            request-nsid boolean;
            send-cookie boolean;
            tcp-keepalive boolean;
            tcp-only boolean;
            transfer-format ( many-answers | one-answer );
            transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            transfers integer;
      };

#+end_quote

STATISTICS-CHANNELS

#+begin_quote

      statistics-channels {
            inet ( ipv4_address | ipv6_address |
                * ) [ port ( integer | * ) ] [
                allow { address_match_element; ...
                } ];
      };

#+end_quote

TRUST-ANCHORS

#+begin_quote

      trust-anchors { string ( static-key |
          initial-key | static-ds | initial-ds )
          integer integer integer
          quoted_string; ... };

#+end_quote

TRUSTED-KEYS

Deprecated - see DNSSEC-KEYS.

#+begin_quote

      trusted-keys { string integer
          integer integer
          quoted_string; ... };, deprecated

#+end_quote

VIEW

#+begin_quote

      view string [ class ] {
            allow-new-zones boolean;
            allow-notify { address_match_element; ... };
            allow-query { address_match_element; ... };
            allow-query-cache { address_match_element; ... };
            allow-query-cache-on { address_match_element; ... };
            allow-query-on { address_match_element; ... };
            allow-recursion { address_match_element; ... };
            allow-recursion-on { address_match_element; ... };
            allow-transfer { address_match_element; ... };
            allow-update { address_match_element; ... };
            allow-update-forwarding { address_match_element; ... };
            also-notify [ port integer ] [ dscp integer ] { (
                remote-servers | ipv4_address [ port integer ] |
                ipv6_address [ port integer ] ) [ key string ]; ... };
            alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
                * ) ] [ dscp integer ];
            attach-cache string;
            auth-nxdomain boolean; // default changed
            auto-dnssec ( allow | maintain | off );
            cache-file quoted_string;// deprecated
            catalog-zones { zone string [ default-masters [ port integer ]
                [ dscp integer ] { ( remote-servers | ipv4_address [ port
                integer ] | ipv6_address [ port integer ] ) [ key
                string ]; ... } ] [ zone-directory quoted_string ] [
                in-memory boolean ] [ min-update-interval duration ]; ... };
            check-dup-records ( fail | warn | ignore );
            check-integrity boolean;
            check-mx ( fail | warn | ignore );
            check-mx-cname ( fail | warn | ignore );
            check-names ( primary | master |
                secondary | slave | response ) (
                fail | warn | ignore );
            check-sibling boolean;
            check-spf ( warn | ignore );
            check-srv-cname ( fail | warn | ignore );
            check-wildcard boolean;
            clients-per-query integer;
            deny-answer-addresses { address_match_element; ... } [
                except-from { string; ... } ];
            deny-answer-aliases { string; ... } [ except-from { string; ...
                } ];
            dialup ( notify | notify-passive | passive | refresh | boolean );
            disable-algorithms string { string;
                ... };
            disable-ds-digests string { string;
                ... };
            disable-empty-zone string;
            dlz string {
                    database string;
                    search boolean;
            };
            dns64 netprefix {
                    break-dnssec boolean;
                    clients { address_match_element; ... };
                    exclude { address_match_element; ... };
                    mapped { address_match_element; ... };
                    recursive-only boolean;
                    suffix ipv6_address;
            };
            dns64-contact string;
            dns64-server string;
            dnskey-sig-validity integer;
            dnsrps-enable boolean;
            dnsrps-options { unspecified-text };
            dnssec-accept-expired boolean;
            dnssec-dnskey-kskonly boolean;
            dnssec-loadkeys-interval integer;
            dnssec-must-be-secure string boolean;
            dnssec-policy string;
            dnssec-secure-to-insecure boolean;
            dnssec-update-mode ( maintain | no-resign );
            dnssec-validation ( yes | no | auto );
            dnstap { ( all | auth | client | forwarder | resolver | update ) [
                ( query | response ) ]; ... };
            dual-stack-servers [ port integer ] { ( quoted_string [ port
                integer ] [ dscp integer ] | ipv4_address [ port
                integer ] [ dscp integer ] | ipv6_address [ port
                integer ] [ dscp integer ] ); ... };
            dyndb string quoted_string {
                unspecified-text };
            edns-udp-size integer;
            empty-contact string;
            empty-server string;
            empty-zones-enable boolean;
            fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
            fetches-per-server integer [ ( drop | fail ) ];
            fetches-per-zone integer [ ( drop | fail ) ];
            forward ( first | only );
            forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
                | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
            glue-cache boolean;
            ixfr-from-differences ( primary | master | secondary | slave |
                boolean );
            key string {
                    algorithm string;
                    secret string;
            };
            key-directory quoted_string;
            lame-ttl duration;
            lmdb-mapsize sizeval;
            managed-keys { string (
                static-key | initial-key
                | static-ds | initial-ds
                ) integer integer
                integer
                quoted_string; ... };, deprecated
            masterfile-format ( map | raw | text );
            masterfile-style ( full | relative );
            match-clients { address_match_element; ... };
            match-destinations { address_match_element; ... };
            match-recursive-only boolean;
            max-cache-size ( default | unlimited | sizeval | percentage );
            max-cache-ttl duration;
            max-clients-per-query integer;
            max-ixfr-ratio ( unlimited | percentage );
            max-journal-size ( default | unlimited | sizeval );
            max-ncache-ttl duration;
            max-records integer;
            max-recursion-depth integer;
            max-recursion-queries integer;
            max-refresh-time integer;
            max-retry-time integer;
            max-stale-ttl duration;
            max-transfer-idle-in integer;
            max-transfer-idle-out integer;
            max-transfer-time-in integer;
            max-transfer-time-out integer;
            max-udp-size integer;
            max-zone-ttl ( unlimited | duration );
            message-compression boolean;
            min-cache-ttl duration;
            min-ncache-ttl duration;
            min-refresh-time integer;
            min-retry-time integer;
            minimal-any boolean;
            minimal-responses ( no-auth | no-auth-recursive | boolean );
            multi-master boolean;
            new-zones-directory quoted_string;
            no-case-compress { address_match_element; ... };
            nocookie-udp-size integer;
            notify ( explicit | master-only | primary-only | boolean );
            notify-delay integer;
            notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                [ dscp integer ];
            notify-to-soa boolean;
            nta-lifetime duration;
            nta-recheck duration;
            nxdomain-redirect string;
            parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            plugin ( query ) string [ {
                unspecified-text } ];
            preferred-glue string;
            prefetch integer [ integer ];
            provide-ixfr boolean;
            qname-minimization ( strict | relaxed | disabled | off );
            query-source ( ( [ address ] ( ipv4_address | * ) [ port (
                integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
                port ( integer | * ) ) ) [ dscp integer ];
            query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
                integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
                port ( integer | * ) ) ) [ dscp integer ];
            rate-limit {
                    all-per-second integer;
                    errors-per-second integer;
                    exempt-clients { address_match_element; ... };
                    ipv4-prefix-length integer;
                    ipv6-prefix-length integer;
                    log-only boolean;
                    max-table-size integer;
                    min-table-size integer;
                    nodata-per-second integer;
                    nxdomains-per-second integer;
                    qps-scale integer;
                    referrals-per-second integer;
                    responses-per-second integer;
                    slip integer;
                    window integer;
            };
            recursion boolean;
            request-expire boolean;
            request-ixfr boolean;
            request-nsid boolean;
            require-server-cookie boolean;
            resolver-nonbackoff-tries integer;
            resolver-query-timeout integer;
            resolver-retry-interval integer;
            response-padding { address_match_element; ... } block-size
                integer;
            response-policy { zone string [ add-soa boolean ] [ log
                boolean ] [ max-policy-ttl duration ] [ min-update-interval
                duration ] [ policy ( cname | disabled | drop | given | no-op
                | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
                recursive-only boolean ] [ nsip-enable boolean ] [
                nsdname-enable boolean ]; ... } [ add-soa boolean ] [
                break-dnssec boolean ] [ max-policy-ttl duration ] [
                min-update-interval duration ] [ min-ns-dots integer ] [
                nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
                [ recursive-only boolean ] [ nsip-enable boolean ] [
                nsdname-enable boolean ] [ dnsrps-enable boolean ] [
                dnsrps-options { unspecified-text } ];
            root-delegation-only [ exclude { string; ... } ];
            root-key-sentinel boolean;
            rrset-order { [ class string ] [ type string ] [ name
                quoted_string ] string string; ... };
            send-cookie boolean;
            serial-update-method ( date | increment | unixtime );
            server netprefix {
                    bogus boolean;
                    edns boolean;
                    edns-udp-size integer;
                    edns-version integer;
                    keys server_key;
                    max-udp-size integer;
                    notify-source ( ipv4_address | * ) [ port ( integer | *
                        ) ] [ dscp integer ];
                    notify-source-v6 ( ipv6_address | * ) [ port ( integer
                        | * ) ] [ dscp integer ];
                    padding integer;
                    provide-ixfr boolean;
                    query-source ( ( [ address ] ( ipv4_address | * ) [ port
                        ( integer | * ) ] ) | ( [ [ address ] (
                        ipv4_address | * ) ] port ( integer | * ) ) ) [
                        dscp integer ];
                    query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
                        port ( integer | * ) ] ) | ( [ [ address ] (
                        ipv6_address | * ) ] port ( integer | * ) ) ) [
                        dscp integer ];
                    request-expire boolean;
                    request-ixfr boolean;
                    request-nsid boolean;
                    send-cookie boolean;
                    tcp-keepalive boolean;
                    tcp-only boolean;
                    transfer-format ( many-answers | one-answer );
                    transfer-source ( ipv4_address | * ) [ port ( integer |
                        * ) ] [ dscp integer ];
                    transfer-source-v6 ( ipv6_address | * ) [ port (
                        integer | * ) ] [ dscp integer ];
                    transfers integer;
            };
            servfail-ttl duration;
            sig-signing-nodes integer;
            sig-signing-signatures integer;
            sig-signing-type integer;
            sig-validity-interval integer [ integer ];
            sortlist { address_match_element; ... };
            stale-answer-client-timeout ( disabled | off | integer );
            stale-answer-enable boolean;
            stale-answer-ttl duration;
            stale-cache-enable boolean;
            stale-refresh-time duration;
            synth-from-dnssec boolean;
            transfer-format ( many-answers | one-answer );
            transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            trust-anchor-telemetry boolean; // experimental
            trust-anchors { string ( static-key |
                initial-key | static-ds | initial-ds
                ) integer integer integer
                quoted_string; ... };
            trusted-keys { string
                integer integer
                integer
                quoted_string; ... };, deprecated
            try-tcp-refresh boolean;
            update-check-ksk boolean;
            use-alt-transfer-source boolean;
            v6-bias integer;
            validate-except { string; ... };
            zero-no-soa-ttl boolean;
            zero-no-soa-ttl-cache boolean;
            zone string [ class ] {
                    allow-notify { address_match_element; ... };
                    allow-query { address_match_element; ... };
                    allow-query-on { address_match_element; ... };
                    allow-transfer { address_match_element; ... };
                    allow-update { address_match_element; ... };
                    allow-update-forwarding { address_match_element; ... };
                    also-notify [ port integer ] [ dscp integer ] { (
                        remote-servers | ipv4_address [ port integer ] |
                        ipv6_address [ port integer ] ) [ key string ];
                        ... };
                    alt-transfer-source ( ipv4_address | * ) [ port (
                        integer | * ) ] [ dscp integer ];
                    alt-transfer-source-v6 ( ipv6_address | * ) [ port (
                        integer | * ) ] [ dscp integer ];
                    auto-dnssec ( allow | maintain | off );
                    check-dup-records ( fail | warn | ignore );
                    check-integrity boolean;
                    check-mx ( fail | warn | ignore );
                    check-mx-cname ( fail | warn | ignore );
                    check-names ( fail | warn | ignore );
                    check-sibling boolean;
                    check-spf ( warn | ignore );
                    check-srv-cname ( fail | warn | ignore );
                    check-wildcard boolean;
                    database string;
                    delegation-only boolean;
                    dialup ( notify | notify-passive | passive | refresh |
                        boolean );
                    dlz string;
                    dnskey-sig-validity integer;
                    dnssec-dnskey-kskonly boolean;
                    dnssec-loadkeys-interval integer;
                    dnssec-policy string;
                    dnssec-secure-to-insecure boolean;
                    dnssec-update-mode ( maintain | no-resign );
                    file quoted_string;
                    forward ( first | only );
                    forwarders [ port integer ] [ dscp integer ] { (
                        ipv4_address | ipv6_address ) [ port integer ] [
                        dscp integer ]; ... };
                    in-view string;
                    inline-signing boolean;
                    ixfr-from-differences boolean;
                    journal quoted_string;
                    key-directory quoted_string;
                    masterfile-format ( map | raw | text );
                    masterfile-style ( full | relative );
                    masters [ port integer ] [ dscp integer ] { (
                        remote-servers | ipv4_address [ port integer ] |
                        ipv6_address [ port integer ] ) [ key string ];
                        ... };
                    max-ixfr-ratio ( unlimited | percentage );
                    max-journal-size ( default | unlimited | sizeval );
                    max-records integer;
                    max-refresh-time integer;
                    max-retry-time integer;
                    max-transfer-idle-in integer;
                    max-transfer-idle-out integer;
                    max-transfer-time-in integer;
                    max-transfer-time-out integer;
                    max-zone-ttl ( unlimited | duration );
                    min-refresh-time integer;
                    min-retry-time integer;
                    multi-master boolean;
                    notify ( explicit | master-only | primary-only | boolean );
                    notify-delay integer;
                    notify-source ( ipv4_address | * ) [ port ( integer | *
                        ) ] [ dscp integer ];
                    notify-source-v6 ( ipv6_address | * ) [ port ( integer
                        | * ) ] [ dscp integer ];
                    notify-to-soa boolean;
                    parental-agents [ port integer ] [ dscp integer ] { (
                        remote-servers | ipv4_address [ port integer ] |
                        ipv6_address [ port integer ] ) [ key string ];
                        ... };
                    parental-source ( ipv4_address | * ) [ port ( integer |
                        * ) ] [ dscp integer ];
                    parental-source-v6 ( ipv6_address | * ) [ port (
                        integer | * ) ] [ dscp integer ];
                    primaries [ port integer ] [ dscp integer ] { (
                        remote-servers | ipv4_address [ port integer ] |
                        ipv6_address [ port integer ] ) [ key string ];
                        ... };
                    request-expire boolean;
                    request-ixfr boolean;
                    serial-update-method ( date | increment | unixtime );
                    server-addresses { ( ipv4_address | ipv6_address ); ... };
                    server-names { string; ... };
                    sig-signing-nodes integer;
                    sig-signing-signatures integer;
                    sig-signing-type integer;
                    sig-validity-interval integer [ integer ];
                    transfer-source ( ipv4_address | * ) [ port ( integer |
                        * ) ] [ dscp integer ];
                    transfer-source-v6 ( ipv6_address | * ) [ port (
                        integer | * ) ] [ dscp integer ];
                    try-tcp-refresh boolean;
                    type ( primary | master | secondary | slave | mirror |
                        delegation-only | forward | hint | redirect |
                        static-stub | stub );
                    update-check-ksk boolean;
                    update-policy ( local | { ( deny | grant ) string (
                        6to4-self | external | krb5-self | krb5-selfsub |
                        krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
                        name | self | selfsub | selfwild | subdomain | tcp-self
                        | wildcard | zonesub ) [ string ] rrtypelist; ... };
                    use-alt-transfer-source boolean;
                    zero-no-soa-ttl boolean;
                    zone-statistics ( full | terse | none | boolean );
            };
            zone-statistics ( full | terse | none | boolean );
      };

#+end_quote

ZONE

#+begin_quote

      zone string [ class ] {
            allow-notify { address_match_element; ... };
            allow-query { address_match_element; ... };
            allow-query-on { address_match_element; ... };
            allow-transfer { address_match_element; ... };
            allow-update { address_match_element; ... };
            allow-update-forwarding { address_match_element; ... };
            also-notify [ port integer ] [ dscp integer ] { (
                remote-servers | ipv4_address [ port integer ] |
                ipv6_address [ port integer ] ) [ key string ]; ... };
            alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
                * ) ] [ dscp integer ];
            auto-dnssec ( allow | maintain | off );
            check-dup-records ( fail | warn | ignore );
            check-integrity boolean;
            check-mx ( fail | warn | ignore );
            check-mx-cname ( fail | warn | ignore );
            check-names ( fail | warn | ignore );
            check-sibling boolean;
            check-spf ( warn | ignore );
            check-srv-cname ( fail | warn | ignore );
            check-wildcard boolean;
            database string;
            delegation-only boolean;
            dialup ( notify | notify-passive | passive | refresh | boolean );
            dlz string;
            dnskey-sig-validity integer;
            dnssec-dnskey-kskonly boolean;
            dnssec-loadkeys-interval integer;
            dnssec-policy string;
            dnssec-secure-to-insecure boolean;
            dnssec-update-mode ( maintain | no-resign );
            file quoted_string;
            forward ( first | only );
            forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
                | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
            in-view string;
            inline-signing boolean;
            ixfr-from-differences boolean;
            journal quoted_string;
            key-directory quoted_string;
            masterfile-format ( map | raw | text );
            masterfile-style ( full | relative );
            masters [ port integer ] [ dscp integer ] { ( remote-servers
                | ipv4_address [ port integer ] | ipv6_address [ port
                integer ] ) [ key string ]; ... };
            max-ixfr-ratio ( unlimited | percentage );
            max-journal-size ( default | unlimited | sizeval );
            max-records integer;
            max-refresh-time integer;
            max-retry-time integer;
            max-transfer-idle-in integer;
            max-transfer-idle-out integer;
            max-transfer-time-in integer;
            max-transfer-time-out integer;
            max-zone-ttl ( unlimited | duration );
            min-refresh-time integer;
            min-retry-time integer;
            multi-master boolean;
            notify ( explicit | master-only | primary-only | boolean );
            notify-delay integer;
            notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                [ dscp integer ];
            notify-to-soa boolean;
            parental-agents [ port integer ] [ dscp integer ] { (
                remote-servers | ipv4_address [ port integer ] |
                ipv6_address [ port integer ] ) [ key string ]; ... };
            parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            primaries [ port integer ] [ dscp integer ] { (
                remote-servers | ipv4_address [ port integer ] |
                ipv6_address [ port integer ] ) [ key string ]; ... };
            request-expire boolean;
            request-ixfr boolean;
            serial-update-method ( date | increment | unixtime );
            server-addresses { ( ipv4_address | ipv6_address ); ... };
            server-names { string; ... };
            sig-signing-nodes integer;
            sig-signing-signatures integer;
            sig-signing-type integer;
            sig-validity-interval integer [ integer ];
            transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                dscp integer ];
            transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                ] [ dscp integer ];
            try-tcp-refresh boolean;
            type ( primary | master | secondary | slave | mirror |
                delegation-only | forward | hint | redirect | static-stub |
                stub );
            update-check-ksk boolean;
            update-policy ( local | { ( deny | grant ) string ( 6to4-self |
                external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
                | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
                | subdomain | tcp-self | wildcard | zonesub ) [ string ]
                rrtypelist; ... };
            use-alt-transfer-source boolean;
            zero-no-soa-ttl boolean;
            zone-statistics ( full | terse | none | boolean );
      };

#+end_quote

FILES

/etc/named.conf

SEE ALSO

ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-confgen(8), BIND 9 Administrator Reference Manual.

AUTHOR

Internet Systems Consortium

COPYRIGHT

2021, Internet Systems Consortium

Author: dt

Created: 2022-02-20 Sun 09:30