2 This is a summary of the named.conf options supported by
3 this version of BIND 9.
5 acl <string> { <address_match_element>; ... };
8 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
9 ) ] allow { <address_match_element>; ... } [ keys { <string>;
11 unix <quoted_string> perm <integer> owner <integer> group <integer>
12 [ keys { <string>; ... } ];
25 category <string> { <string>; ... };
27 file <quoted_string> [ versions ( "unlimited" | <integer> )
30 print-category <boolean>;
31 print-severity <boolean>;
33 severity <log_severity>;
35 syslog <optional_facility>;
40 listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
41 [ port <integer> ]; ... };
43 search { <string>; ... };
44 view <string> <optional_class>;
47 managed-keys { <string> <string> <integer> <integer> <integer>
48 <quoted_string>; ... };
50 masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
51 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
54 acache-cleaning-interval <integer>;
55 acache-enable <boolean>;
56 additional-from-auth <boolean>;
57 additional-from-cache <boolean>;
58 allow-notify { <address_match_element>; ... };
59 allow-query { <address_match_element>; ... };
60 allow-query-cache { <address_match_element>; ... };
61 allow-query-cache-on { <address_match_element>; ... };
62 allow-query-on { <address_match_element>; ... };
63 allow-recursion { <address_match_element>; ... };
64 allow-recursion-on { <address_match_element>; ... };
65 allow-transfer { <address_match_element>; ... };
66 allow-update { <address_match_element>; ... };
67 allow-update-forwarding { <address_match_element>; ... };
68 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
69 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
70 ) [ port <integer> ]; ... };
71 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
72 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
74 attach-cache <string>;
75 auth-nxdomain <boolean>; // default changed
76 avoid-v4-udp-ports { <portrange>; ... };
77 avoid-v6-udp-ports { <portrange>; ... };
78 bindkeys-file <quoted_string>;
79 blackhole { <address_match_element>; ... };
80 cache-file <quoted_string>;
81 check-dup-records ( fail | warn | ignore );
82 check-integrity <boolean>;
83 check-mx ( fail | warn | ignore );
84 check-mx-cname ( fail | warn | ignore );
85 check-names ( master | slave | response ) ( fail | warn | ignore );
86 check-sibling <boolean>;
87 check-srv-cname ( fail | warn | ignore );
88 check-wildcard <boolean>;
89 cleaning-interval <integer>;
90 clients-per-query <integer>;
93 deallocate-on-exit <boolean>; // obsolete
94 deny-answer-addresses { <address_match_element>; ... } [
95 except-from { <quoted_string>; ... } ];
96 deny-answer-aliases { <quoted_string>; ... } [ except-from {
97 <quoted_string>; ... } ];
99 directory <quoted_string>;
100 disable-algorithms <string> { <string>; ... };
101 disable-empty-zone <string>;
102 dnssec-accept-expired <boolean>;
103 dnssec-dnskey-kskonly <boolean>;
104 dnssec-enable <boolean>;
105 dnssec-lookaside <string> trust-anchor <string>;
106 dnssec-must-be-secure <string> <boolean>;
107 dnssec-secure-to-insecure <boolean>;
108 dnssec-validation <boolean>;
109 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
110 <integer> ] | <ipv4_address> [ port <integer> ] |
111 <ipv6_address> [ port <integer> ] ); ... };
112 dump-file <quoted_string>;
113 edns-udp-size <integer>;
114 empty-contact <string>;
115 empty-server <string>;
116 empty-zones-enable <boolean>;
117 fake-iquery <boolean>; // obsolete
118 fetch-glue <boolean>; // obsolete
120 flush-zones-on-shutdown <boolean>;
121 forward ( first | only );
122 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
123 [ port <integer> ]; ... };
124 has-old-clients <boolean>; // obsolete
125 heartbeat-interval <integer>;
126 host-statistics <boolean>; // not implemented
127 host-statistics-max <integer>; // not implemented
128 hostname ( <quoted_string> | none );
129 interface-interval <integer>;
130 ixfr-from-differences <ixfrdiff>;
131 key-directory <quoted_string>;
133 listen-on [ port <integer> ] { <address_match_element>; ... };
134 listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
135 maintain-ixfr-base <boolean>; // obsolete
136 managed-keys-directory <quoted_string>;
137 masterfile-format ( text | raw );
138 match-mapped-addresses <boolean>;
139 max-acache-size <size_no_default>;
140 max-cache-size <size_no_default>;
141 max-cache-ttl <integer>;
142 max-clients-per-query <integer>;
143 max-ixfr-log-size <size>; // obsolete
144 max-journal-size <size_no_default>;
145 max-ncache-ttl <integer>;
146 max-refresh-time <integer>;
147 max-retry-time <integer>;
148 max-transfer-idle-in <integer>;
149 max-transfer-idle-out <integer>;
150 max-transfer-time-in <integer>;
151 max-transfer-time-out <integer>;
152 max-udp-size <integer>;
153 memstatistics <boolean>;
154 memstatistics-file <quoted_string>;
155 min-refresh-time <integer>;
156 min-retry-time <integer>;
157 min-roots <integer>; // not implemented
158 minimal-responses <boolean>;
159 multi-master <boolean>;
160 multiple-cnames <boolean>; // obsolete
161 named-xfer <quoted_string>; // obsolete
163 notify-delay <integer>;
164 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
165 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
166 notify-to-soa <boolean>;
167 nsec3-test-zone <boolean>; // test only
168 pid-file ( <quoted_string> | none );
170 preferred-glue <string>;
171 provide-ixfr <boolean>;
172 query-source <querysource4>;
173 query-source-v6 <querysource6>;
175 queryport-pool-ports <integer>; // obsolete
176 queryport-pool-updateinterval <integer>; // obsolete
177 random-device <quoted_string>;
178 recursing-file <quoted_string>;
180 recursive-clients <integer>;
181 request-ixfr <boolean>;
182 request-nsid <boolean>;
183 reserved-sockets <integer>;
184 rfc2308-type1 <boolean>; // not yet implemented
185 root-delegation-only [ exclude { <quoted_string>; ... } ];
186 rrset-order { [ class <string> ] [ type <string> ] [ name
187 <quoted_string> ] <string> <string>; ... };
188 serial-queries <integer>; // obsolete
189 serial-query-rate <integer>;
190 server-id ( <quoted_string> | none | hostname );
191 session-keyalg <string>;
192 session-keyfile ( <quoted_string> | none );
193 session-keyname <string>;
194 sig-signing-nodes <integer>;
195 sig-signing-signatures <integer>;
196 sig-signing-type <integer>;
197 sig-validity-interval <integer> [ <integer> ];
198 sortlist { <address_match_element>; ... };
200 statistics-file <quoted_string>;
201 statistics-interval <integer>; // not yet implemented
202 suppress-initial-notify <boolean>; // not yet implemented
203 tcp-clients <integer>;
204 tcp-listen-queue <integer>;
205 tkey-dhkey <quoted_string> <integer>;
206 tkey-domain <quoted_string>;
207 tkey-gssapi-credential <quoted_string>;
208 topology { <address_match_element>; ... }; // not implemented
209 transfer-format ( many-answers | one-answer );
210 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
211 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
212 transfers-in <integer>;
213 transfers-out <integer>;
214 transfers-per-ns <integer>;
215 treat-cr-as-space <boolean>; // obsolete
216 try-tcp-refresh <boolean>;
217 update-check-ksk <boolean>;
218 use-alt-transfer-source <boolean>;
219 use-id-pool <boolean>; // obsolete
221 use-queryport-pool <boolean>; // obsolete
222 use-v4-udp-ports { <portrange>; ... };
223 use-v6-udp-ports { <portrange>; ... };
224 version ( <quoted_string> | none );
225 zero-no-soa-ttl <boolean>;
226 zero-no-soa-ttl-cache <boolean>;
227 zone-statistics <boolean>;
233 edns-udp-size <integer>;
235 max-udp-size <integer>;
236 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
237 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
238 provide-ixfr <boolean>;
239 query-source <querysource4>;
240 query-source-v6 <querysource6>;
241 request-ixfr <boolean>;
242 support-ixfr <boolean>; // obsolete
243 transfer-format ( many-answers | one-answer );
244 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
245 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
249 statistics-channels {
250 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
251 ) ] [ allow { <address_match_element>; ... } ];
254 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
256 view <string> <optional_class> {
257 acache-cleaning-interval <integer>;
258 acache-enable <boolean>;
259 additional-from-auth <boolean>;
260 additional-from-cache <boolean>;
261 allow-notify { <address_match_element>; ... };
262 allow-query { <address_match_element>; ... };
263 allow-query-cache { <address_match_element>; ... };
264 allow-query-cache-on { <address_match_element>; ... };
265 allow-query-on { <address_match_element>; ... };
266 allow-recursion { <address_match_element>; ... };
267 allow-recursion-on { <address_match_element>; ... };
268 allow-transfer { <address_match_element>; ... };
269 allow-update { <address_match_element>; ... };
270 allow-update-forwarding { <address_match_element>; ... };
271 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
272 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
273 ) [ port <integer> ]; ... };
274 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
275 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
277 attach-cache <string>;
278 auth-nxdomain <boolean>; // default changed
279 cache-file <quoted_string>;
280 check-dup-records ( fail | warn | ignore );
281 check-integrity <boolean>;
282 check-mx ( fail | warn | ignore );
283 check-mx-cname ( fail | warn | ignore );
284 check-names ( master | slave | response ) ( fail | warn | ignore );
285 check-sibling <boolean>;
286 check-srv-cname ( fail | warn | ignore );
287 check-wildcard <boolean>;
288 cleaning-interval <integer>;
289 clients-per-query <integer>;
291 deny-answer-addresses { <address_match_element>; ... } [
292 except-from { <quoted_string>; ... } ];
293 deny-answer-aliases { <quoted_string>; ... } [ except-from {
294 <quoted_string>; ... } ];
296 disable-algorithms <string> { <string>; ... };
297 disable-empty-zone <string>;
301 dnssec-accept-expired <boolean>;
302 dnssec-dnskey-kskonly <boolean>;
303 dnssec-enable <boolean>;
304 dnssec-lookaside <string> trust-anchor <string>;
305 dnssec-must-be-secure <string> <boolean>;
306 dnssec-secure-to-insecure <boolean>;
307 dnssec-validation <boolean>;
308 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
309 <integer> ] | <ipv4_address> [ port <integer> ] |
310 <ipv6_address> [ port <integer> ] ); ... };
311 edns-udp-size <integer>;
312 empty-contact <string>;
313 empty-server <string>;
314 empty-zones-enable <boolean>;
315 fetch-glue <boolean>; // obsolete
316 forward ( first | only );
317 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
318 [ port <integer> ]; ... };
319 ixfr-from-differences <ixfrdiff>;
324 key-directory <quoted_string>;
326 maintain-ixfr-base <boolean>; // obsolete
327 managed-keys { <string> <string> <integer> <integer> <integer>
328 <quoted_string>; ... };
329 masterfile-format ( text | raw );
330 match-clients { <address_match_element>; ... };
331 match-destinations { <address_match_element>; ... };
332 match-recursive-only <boolean>;
333 max-acache-size <size_no_default>;
334 max-cache-size <size_no_default>;
335 max-cache-ttl <integer>;
336 max-clients-per-query <integer>;
337 max-ixfr-log-size <size>; // obsolete
338 max-journal-size <size_no_default>;
339 max-ncache-ttl <integer>;
340 max-refresh-time <integer>;
341 max-retry-time <integer>;
342 max-transfer-idle-in <integer>;
343 max-transfer-idle-out <integer>;
344 max-transfer-time-in <integer>;
345 max-transfer-time-out <integer>;
346 max-udp-size <integer>;
347 min-refresh-time <integer>;
348 min-retry-time <integer>;
349 min-roots <integer>; // not implemented
350 minimal-responses <boolean>;
351 multi-master <boolean>;
353 notify-delay <integer>;
354 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
355 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
356 notify-to-soa <boolean>;
357 nsec3-test-zone <boolean>; // test only
358 preferred-glue <string>;
359 provide-ixfr <boolean>;
360 query-source <querysource4>;
361 query-source-v6 <querysource6>;
362 queryport-pool-ports <integer>; // obsolete
363 queryport-pool-updateinterval <integer>; // obsolete
365 request-ixfr <boolean>;
366 request-nsid <boolean>;
367 rfc2308-type1 <boolean>; // not yet implemented
368 root-delegation-only [ exclude { <quoted_string>; ... } ];
369 rrset-order { [ class <string> ] [ type <string> ] [ name
370 <quoted_string> ] <string> <string>; ... };
374 edns-udp-size <integer>;
376 max-udp-size <integer>;
377 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
379 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
381 provide-ixfr <boolean>;
382 query-source <querysource4>;
383 query-source-v6 <querysource6>;
384 request-ixfr <boolean>;
385 support-ixfr <boolean>; // obsolete
386 transfer-format ( many-answers | one-answer );
387 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
389 transfer-source-v6 ( <ipv6_address> | * ) [ port (
393 sig-signing-nodes <integer>;
394 sig-signing-signatures <integer>;
395 sig-signing-type <integer>;
396 sig-validity-interval <integer> [ <integer> ];
397 sortlist { <address_match_element>; ... };
398 suppress-initial-notify <boolean>; // not yet implemented
399 topology { <address_match_element>; ... }; // not implemented
400 transfer-format ( many-answers | one-answer );
401 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
402 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
403 trusted-keys { <string> <integer> <integer> <integer>
404 <quoted_string>; ... };
405 try-tcp-refresh <boolean>;
406 update-check-ksk <boolean>;
407 use-alt-transfer-source <boolean>;
408 use-queryport-pool <boolean>; // obsolete
409 zero-no-soa-ttl <boolean>;
410 zero-no-soa-ttl-cache <boolean>;
411 zone <string> <optional_class> {
412 allow-notify { <address_match_element>; ... };
413 allow-query { <address_match_element>; ... };
414 allow-query-on { <address_match_element>; ... };
415 allow-transfer { <address_match_element>; ... };
416 allow-update { <address_match_element>; ... };
417 allow-update-forwarding { <address_match_element>; ... };
418 also-notify [ port <integer> ] { ( <ipv4_address> |
419 <ipv6_address> ) [ port <integer> ]; ... };
420 alt-transfer-source ( <ipv4_address> | * ) [ port (
422 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
424 auto-dnssec ( allow | maintain | create | off );
425 check-dup-records ( fail | warn | ignore );
426 check-integrity <boolean>;
427 check-mx ( fail | warn | ignore );
428 check-mx-cname ( fail | warn | ignore );
429 check-names ( fail | warn | ignore );
430 check-sibling <boolean>;
431 check-srv-cname ( fail | warn | ignore );
432 check-wildcard <boolean>;
434 delegation-only <boolean>;
436 dnssec-dnskey-kskonly <boolean>;
437 dnssec-secure-to-insecure <boolean>;
438 file <quoted_string>;
439 forward ( first | only );
440 forwarders [ port <integer> ] { ( <ipv4_address> |
441 <ipv6_address> ) [ port <integer> ]; ... };
442 ixfr-base <quoted_string>; // obsolete
443 ixfr-from-differences <boolean>;
444 ixfr-tmp-file <quoted_string>; // obsolete
445 journal <quoted_string>;
446 key-directory <quoted_string>;
447 maintain-ixfr-base <boolean>; // obsolete
448 masterfile-format ( text | raw );
449 masters [ port <integer> ] { ( <masters> | <ipv4_address> [
450 port <integer> ] | <ipv6_address> [ port <integer> ] )
451 [ key <string> ]; ... };
452 max-ixfr-log-size <size>; // obsolete
453 max-journal-size <size_no_default>;
454 max-refresh-time <integer>;
455 max-retry-time <integer>;
456 max-transfer-idle-in <integer>;
457 max-transfer-idle-out <integer>;
458 max-transfer-time-in <integer>;
459 max-transfer-time-out <integer>;
460 min-refresh-time <integer>;
461 min-retry-time <integer>;
462 multi-master <boolean>;
464 notify-delay <integer>;
465 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
467 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
469 notify-to-soa <boolean>;
470 nsec3-test-zone <boolean>; // test only
471 pubkey <integer> <integer> <integer>
472 <quoted_string>; // obsolete
473 sig-signing-nodes <integer>;
474 sig-signing-signatures <integer>;
475 sig-signing-type <integer>;
476 sig-validity-interval <integer> [ <integer> ];
477 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
479 transfer-source-v6 ( <ipv6_address> | * ) [ port (
481 try-tcp-refresh <boolean>;
482 type ( master | slave | stub | hint | forward |
484 update-check-ksk <boolean>;
485 update-policy ( local | { ( grant | deny ) <string> ( name
486 | subdomain | wildcard | self | selfsub | selfwild |
487 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
488 tcp-self | 6to4-self | zonesub ) [ <string> ]
490 use-alt-transfer-source <boolean>;
491 zero-no-soa-ttl <boolean>;
492 zone-statistics <boolean>;
494 zone-statistics <boolean>;
497 zone <string> <optional_class> {
498 allow-notify { <address_match_element>; ... };
499 allow-query { <address_match_element>; ... };
500 allow-query-on { <address_match_element>; ... };
501 allow-transfer { <address_match_element>; ... };
502 allow-update { <address_match_element>; ... };
503 allow-update-forwarding { <address_match_element>; ... };
504 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
505 ) [ port <integer> ]; ... };
506 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
507 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
509 auto-dnssec ( allow | maintain | create | off );
510 check-dup-records ( fail | warn | ignore );
511 check-integrity <boolean>;
512 check-mx ( fail | warn | ignore );
513 check-mx-cname ( fail | warn | ignore );
514 check-names ( fail | warn | ignore );
515 check-sibling <boolean>;
516 check-srv-cname ( fail | warn | ignore );
517 check-wildcard <boolean>;
519 delegation-only <boolean>;
521 dnssec-dnskey-kskonly <boolean>;
522 dnssec-secure-to-insecure <boolean>;
523 file <quoted_string>;
524 forward ( first | only );
525 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
526 [ port <integer> ]; ... };
527 ixfr-base <quoted_string>; // obsolete
528 ixfr-from-differences <boolean>;
529 ixfr-tmp-file <quoted_string>; // obsolete
530 journal <quoted_string>;
531 key-directory <quoted_string>;
532 maintain-ixfr-base <boolean>; // obsolete
533 masterfile-format ( text | raw );
534 masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
535 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
537 max-ixfr-log-size <size>; // obsolete
538 max-journal-size <size_no_default>;
539 max-refresh-time <integer>;
540 max-retry-time <integer>;
541 max-transfer-idle-in <integer>;
542 max-transfer-idle-out <integer>;
543 max-transfer-time-in <integer>;
544 max-transfer-time-out <integer>;
545 min-refresh-time <integer>;
546 min-retry-time <integer>;
547 multi-master <boolean>;
549 notify-delay <integer>;
550 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
551 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
552 notify-to-soa <boolean>;
553 nsec3-test-zone <boolean>; // test only
554 pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
555 sig-signing-nodes <integer>;
556 sig-signing-signatures <integer>;
557 sig-signing-type <integer>;
558 sig-validity-interval <integer> [ <integer> ];
559 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
560 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
561 try-tcp-refresh <boolean>;
562 type ( master | slave | stub | hint | forward | delegation-only );
563 update-check-ksk <boolean>;
564 update-policy ( local | { ( grant | deny ) <string> ( name |
565 subdomain | wildcard | self | selfsub | selfwild | krb5-self |
566 ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
567 | zonesub ) [ <string> ] <rrtypelist>; ... };
568 use-alt-transfer-source <boolean>;
569 zero-no-soa-ttl <boolean>;
570 zone-statistics <boolean>;