named.conf - configuration file for named
named.conf
named.conf is the configuration file for named(1M). Statements are enclosed in braces and terminated with a semicolon. Clauses in the statements are also terminated with a semicolon. The usual comment styles are supported:
/* */
// to end of line
# to end of line
acl string { address_match_element; ... };
key domain_name {
algorithm string;
secret string;
};
masters string [ port integer ] {
( masters | ipv4_address [port integer] |
ipv6_address [port integer] ) [ key string ]; ...
};
server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
bogus boolean;
edns boolean;
edns-udp-size integer;
max-udp-size integer;
provide-ixfr boolean;
request-ixfr boolean;
keys server_key;
transfers integer;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
support-ixfr boolean; // obsolete
}.
trusted-keys {
domain_name flags protocol algorithm key; ...
};
controls {
inet ( ipv4_address | ipv6_address | * )
[ port ( integer | * ) ]
allow { address_match_element; ... }
[ keys { string; ... } ];
unix unsupported; // not implemented
}
logging {
channel string {
file log_file;
syslog optional_facility;
null;
stderr;
severity log_severity;
print-time boolean;
print-severity boolean;
print-category boolean;
};
category string { string; ... };
};
lwres {
listen-on [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};
view
string optional_class;
search { string; ... };
ndots integer;
};
options {
avoid-v4-udp-ports { port; ... };
avoid-v6-udp-ports { port; ... };
blackhole { address_match_element; ... };
coresize size;
datasize size;
directory quoted_string;
dump-file quoted_string;
files size;
heartbeat-interval integer;
host-statistics boolean; // not implemented
host-statistics-max number; // not implemented
hostname ( quoted_string | none );
interface-interval integer;
listen-on [ port integer ] \
{ address_match_element; ... };
listen-on-v6 [ port integer ] \
{ address_match_element; ... };
match-mapped-addresses boolean;
memstatistics-file quoted_string;
pid-file ( quoted_string | none );
port integer;
querylog boolean;
recursing-file quoted_string;
reserved-sockets integer;
random-device quoted_string;
recursive-clients integer;
serial-query-rate integer;
server-id ( quoted_string | none |;
stacksize size;
statistics-file quoted_string;
statistics-interval integer; \
// not yet implemented
tcp-clients integer;
tcp-listen-queue integer;
tkey-dhkey quoted_string integer;
tkey-gssapi-credential quoted_string;
tkey-domain quoted_string;
transfers-per-ns integer;
transfers-in integer;
transfers-out integer;
use-ixfr boolean;
version ( quoted_string | none );
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
sortlist { address_match_element; ... };
topology { address_match_element; ... }; \
// not implemented
auth-nxdomain boolean; // default changed
minimal-responses boolean;
recursion boolean;
rrset-order {
[ class string ] [ type string ]
[ name quoted_string ] string string; ...
};
provide-ixfr boolean;
request-ixfr boolean;
rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
query-source ( ( ipv4_address | * ) | \
[ address ( ipv4_address | * ) ] ) \
[ port ( integer | * ) ];
query-source-v6 ( ( ipv6_address | * ) | \
[ address ( ipv6_address | * ) ] ) \
[ port ( integer | * ) ];
use-queryport-pool boolean;
queryport-pool-ports integer;
queryport-pool-updateinterval integer;
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
max-ncache-ttl integer;
max-cache-ttl integer;
transfer-format ( many-answers | one-answer );
max-cache-size size;
max-acache-size size;
clients-per-query number;
max-clients-per-query number;
check-names ( master | slave | response )\
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity boolean;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file quoted_string; // test option
suppress-initial-notify boolean; \
// not yet implemented
preferred-glue string;
dual-stack-servers [ port integer ] {
( quoted_string [port integer] |
ipv4_address [port integer] |
ipv6_address [port integer] ); ...
};
edns-udp-size integer;
max-udp-size integer;
root-delegation-only [ exclude
{ quoted_string; ... } ];
disable-algorithms string { string; ... };
dnssec-enable boolean;
dnssec-validation boolean;
dnssec-lookaside string trust-anchor string;
dnssec-must-be-secure string boolean;
dnssec-accept-expired boolean;
empty-server string;
empty-contact string;
empty-zones-enable boolean;
disable-empty-zone string;
dialup dialuptype;
ixfr-from-differences ixfrdiff;
allow-query { address_match_element; \
... };
allow-query-on { address_match_element; \
... };
allow-query-cache { address_match_element; \
... };
allow-query-cache-on { address_match_element; \
... };
allow-transfer { address_match_element; \
... };
allow-update { address_match_element; \
... };
allow-update-forwarding { address_match_element; \
... };
update-check-ksk boolean;
masterfile-format ( text | raw );
notify notifytype;
notify-source ( ipv4_address | * ) \
[ port ( integer | * ) ];
notify-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
notify-delay seconds;
notify-to-soa boolean;
also-notify [ port integer ] \
{ ( ipv4_address | ipv6_address \)
[port integer ]; ... };
allow-notify { address_match_element; ... };
forward ( first | only );
forwarders [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};
max-journal-size size_no_default;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-retry-time integer;
min-retry-time integer;
max-refresh-time integer;
min-refresh-time integer;
multi-master boolean;
sig-validity-interval integer;
sig-re-signing-interval integer;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
transfer-source ( ipv4_address | * )\
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )\
[ port ( integer | * ) ];
alt-transfer-source ( ipv4_address | * )\
[ port ( integer | * ) ];
alt-transfer-source-v6 ( ipv6_address | * )\
[ port ( integer | * ) ];
use-alt-transfer-source boolean;
zone-statistics boolean;
key-directory quoted_string;
try-tcp-refresh boolean;
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
nsec3-test-zone boolean; // testing only
allow-v6-synthesis { address_match_element; ... }; \
// obsolete
deallocate-on-exit boolean; // obsolete
fake-iquery boolean; // obsolete
fetch-glue boolean; // obsolete
has-old-clients boolean; // obsolete
maintain-ixfr-base boolean; // obsolete
max-ixfr-log-size size; // obsolete
multiple-cnames boolean; // obsolete
named-xfer quoted_string; // obsolete
serial-queries integer; // obsolete
treat-cr-as-space boolean; // obsolete
use-id-pool boolean; // obsolete
};
view string optional_class {
match-clients { address_match_element; ... };
match-destinations { address_match_element; ... };
match-recursive-only boolean;
key string {
algorithm string;
secret string;
};
zone string optional_class {
...
};
server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen]) {
...
};
trusted-keys {
string integer integer integer quoted_string; ...
};
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
sortlist { address_match_element; ... };
topology { address_match_element; ... }; // not implemented
auth-nxdomain boolean; // default changed
minimal-responses boolean;
recursion boolean;
rrset-order {
[ class string ] [ type string ]
[ name quoted_string ] string string; ...
};
provide-ixfr boolean;
request-ixfr boolean;
rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
query-source ( ( ipv4_address | * ) | [ address \
( ipv4_address | * ) ] ) [ port ( integer | * ) ];
query-source-v6 ( ( ipv6_address | * ) | [ address \
( ipv6_address | * ) ] ) [ port ( integer | * ) ];
use-queryport-pool boolean;
queryport-pool-ports integer;
queryport-pool-updateinterval integer;
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
max-ncache-ttl integer;
max-cache-ttl integer;
transfer-format ( many-answers | one-answer );
max-cache-size size;
max-acache-size size;
clients-per-query number;
max-clients-per-query number;
check-names ( master | slave | response )\
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity boolean;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file quoted_string; // test option
suppress-initial-notify boolean; // not yet implemented
preferred-glue string;
dual-stack-servers [ port integer ] {
( quoted_string [port integer] |
ipv4_address [port integer] |
ipv6_address [port integer] ); ...
};
edns-udp-size integer;
max-udp-size integer;
root-delegation-only [ exclude { quoted_string; ... } ];
disable-algorithms string { string; ... };
dnssec-enable boolean;
dnssec-validation boolean;
dnssec-lookaside string trust-anchor string;
dnssec-must-be-secure string boolean;
dnssec-accept-expired boolean;
empty-server string;
empty-contact string;
empty-zones-enable boolean;
disable-empty-zone string;
dialup dialuptype;
ixfr-from-differences ixfrdiff;
allow-query { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-query-cache {
address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
update-check-ksk boolean;
masterfile-format ( text | raw );
notify notifytype;
notify-source ( ipv4_address | * ) \
[ port ( integer | * ) ];
notify-source-v6 ( ipv6_address | * ) \
[ port ( integer | * ) ];
notify-delay seconds;
notify-to-soa boolean;
also-notify [ port integer ] { ( ipv4_address | \
ipv6_address ) [ port integer ]; ... };
allow-notify { address_match_element; ... };
forward ( first | only );
forwarders [ port integer ] \{
( ipv4_address | ipv6_address ) \
[ port integer ]; ...
};
max-journal-size size_no_default;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-retry-time integer;
min-retry-time integer;
max-refresh-time integer;
min-refresh-time integer;
multi-master boolean;
sig-validity-interval integer;
transfer-source ( ipv4_address | * )\
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )\
[ port ( integer | * ) ];
alt-transfer-source ( ipv4_address | * )\
[ port ( integer | * ) ];
alt-transfer-source-v6 ( ipv6_address | * )\
[ port ( integer | * ) ];
use-alt-transfer-source boolean;
zone-statistics boolean;
try-tcp-refresh boolean;
key-directory quoted_string;
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
allow-v6-synthesis { address_match_element; ... };\
// obsolete
fetch-glue boolean; // obsolete
maintain-ixfr-base boolean; // obsolete
max-ixfr-log-size size; // obsolete
};
zonestring optional_class {
type ( master | slave | stub | hint |
forward | delegation-only );
file quoted_string;
masters [ port integer ] \{
( masters |
ipv4_address [port integer] |
ipv6_address [ port integer ] ) [ key string ]; ...
};
database string;
delegation-only boolean;
check-names ( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity boolean;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
dialup dialuptype;
ixfr-from-differences boolean;
journal quoted_string;
zero-no-soa-ttl boolean;
allow-query { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
update-policy {
( grant | deny ) string
( name | subdomain | wildcard | self | selfsub |
selfwild |krb5-self | ms-self | krb5-subdomain |
ms-subdomain | tcp-self | 6to4-self ) string
rrtypelist; ...
};
update-check-ksk boolean;
masterfile-format ( text | raw );
notify notifytype;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
notify-delay seconds;
notify-to-soa boolean;
also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };
forward ( first | only );
forwarders [ port integer ] {
( ipv4_address | ipv6_address ) [ port integer ]; ...
};
max-journal-size size_no_default;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-retry-time integer;
min-retry-time integer;
max-refresh-time integer;
min-refresh-time integer;
multi-master boolean;
sig-validity-interval integer;
transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
alt-transfer-source ( ipv4_address | * )
[ port ( integer | * ) ];
alt-transfer-source-v6 ( ipv6_address | * )
[ port ( integer | * ) ];
use-alt-transfer-source boolean;
zone-statistics boolean;
try-tcp-refresh boolean;
key-directory quoted_string;
nsec3-test-zone boolean; // testing only
ixfr-base quoted_string; // obsolete
ixfr-tmp-file quoted_string; // obsolete
maintain-ixfr-base boolean; // obsolete
max-ixfr-log-size size; // obsolete
pubkey integer integer integer quoted_string; // obsolete
};
named(1M), named-checkconf(1M), rndc(1M)
BIND 9 Administrator Reference Manual