1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
7 - Permission to use, copy, modify, and/or distribute this software for any
8 - purpose with or without fee is hereby granted, provided that the above
9 - copyright notice and this permission notice appear in all copies.
11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 - PERFORMANCE OF THIS SOFTWARE.
20 <!-- $Id: named.conf.docbook,v 1.46 2010/05/14 23:50:39 tbox Exp $ -->
23 <date>Aug 13, 2004</date>
27 <refentrytitle><filename>named.conf</filename></refentrytitle>
28 <manvolnum>5</manvolnum>
29 <refmiscinfo>BIND9</refmiscinfo>
33 <refname><filename>named.conf</filename></refname>
34 <refpurpose>configuration file for named</refpurpose>
46 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
52 <command>named.conf</command>
57 <title>DESCRIPTION</title>
58 <para><filename>named.conf</filename> is the configuration file
60 <command>named</command>. Statements are enclosed
61 in braces and terminated with a semi-colon. Clauses in
62 the statements are also semi-colon terminated. The usual
63 comment styles are supported:
69 C++ style: // to end of line
72 Unix style: # to end of line
79 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
87 key <replaceable>domain_name</replaceable> {
88 algorithm <replaceable>string</replaceable>;
89 secret <replaceable>string</replaceable>;
95 <title>MASTERS</title>
97 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
98 ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
99 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
105 <title>SERVER</title>
107 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
108 bogus <replaceable>boolean</replaceable>;
109 edns <replaceable>boolean</replaceable>;
110 edns-udp-size <replaceable>integer</replaceable>;
111 max-udp-size <replaceable>integer</replaceable>;
112 provide-ixfr <replaceable>boolean</replaceable>;
113 request-ixfr <replaceable>boolean</replaceable>;
114 keys <replaceable>server_key</replaceable>;
115 transfers <replaceable>integer</replaceable>;
116 transfer-format ( many-answers | one-answer );
117 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
118 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
119 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
120 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
122 support-ixfr <replaceable>boolean</replaceable>; // obsolete
128 <title>TRUSTED-KEYS</title>
131 <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
137 <title>MANAGED-KEYS</title>
140 <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
146 <title>CONTROLS</title>
149 inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
150 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
151 allow { <replaceable>address_match_element</replaceable>; ... }
152 <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
153 unix <replaceable>unsupported</replaceable>; // not implemented
159 <title>LOGGING</title>
162 channel <replaceable>string</replaceable> {
163 file <replaceable>log_file</replaceable>;
164 syslog <replaceable>optional_facility</replaceable>;
167 severity <replaceable>log_severity</replaceable>;
168 print-time <replaceable>boolean</replaceable>;
169 print-severity <replaceable>boolean</replaceable>;
170 print-category <replaceable>boolean</replaceable>;
172 category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
181 listen-on <optional> port <replaceable>integer</replaceable> </optional> {
182 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
184 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
185 search { <replaceable>string</replaceable>; ... };
186 ndots <replaceable>integer</replaceable>;
192 <title>OPTIONS</title>
195 avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
196 avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
197 blackhole { <replaceable>address_match_element</replaceable>; ... };
198 coresize <replaceable>size</replaceable>;
199 datasize <replaceable>size</replaceable>;
200 directory <replaceable>quoted_string</replaceable>;
201 dump-file <replaceable>quoted_string</replaceable>;
202 files <replaceable>size</replaceable>;
203 heartbeat-interval <replaceable>integer</replaceable>;
204 host-statistics <replaceable>boolean</replaceable>; // not implemented
205 host-statistics-max <replaceable>number</replaceable>; // not implemented
206 hostname ( <replaceable>quoted_string</replaceable> | none );
207 interface-interval <replaceable>integer</replaceable>;
208 listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
209 listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
210 match-mapped-addresses <replaceable>boolean</replaceable>;
211 memstatistics-file <replaceable>quoted_string</replaceable>;
212 pid-file ( <replaceable>quoted_string</replaceable> | none );
213 port <replaceable>integer</replaceable>;
214 querylog <replaceable>boolean</replaceable>;
215 recursing-file <replaceable>quoted_string</replaceable>;
216 reserved-sockets <replaceable>integer</replaceable>;
217 random-device <replaceable>quoted_string</replaceable>;
218 recursive-clients <replaceable>integer</replaceable>;
219 serial-query-rate <replaceable>integer</replaceable>;
220 server-id ( <replaceable>quoted_string</replaceable> | none |;
221 stacksize <replaceable>size</replaceable>;
222 statistics-file <replaceable>quoted_string</replaceable>;
223 statistics-interval <replaceable>integer</replaceable>; // not yet implemented
224 tcp-clients <replaceable>integer</replaceable>;
225 tcp-listen-queue <replaceable>integer</replaceable>;
226 tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
227 tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
228 tkey-domain <replaceable>quoted_string</replaceable>;
229 transfers-per-ns <replaceable>integer</replaceable>;
230 transfers-in <replaceable>integer</replaceable>;
231 transfers-out <replaceable>integer</replaceable>;
232 use-ixfr <replaceable>boolean</replaceable>;
233 version ( <replaceable>quoted_string</replaceable> | none );
234 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
235 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
236 sortlist { <replaceable>address_match_element</replaceable>; ... };
237 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
238 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
239 minimal-responses <replaceable>boolean</replaceable>;
240 recursion <replaceable>boolean</replaceable>;
242 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
243 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
245 provide-ixfr <replaceable>boolean</replaceable>;
246 request-ixfr <replaceable>boolean</replaceable>;
247 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
248 additional-from-auth <replaceable>boolean</replaceable>;
249 additional-from-cache <replaceable>boolean</replaceable>;
250 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
251 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
252 use-queryport-pool <replaceable>boolean</replaceable>;
253 queryport-pool-ports <replaceable>integer</replaceable>;
254 queryport-pool-updateinterval <replaceable>integer</replaceable>;
255 cleaning-interval <replaceable>integer</replaceable>;
256 min-roots <replaceable>integer</replaceable>; // not implemented
257 lame-ttl <replaceable>integer</replaceable>;
258 max-ncache-ttl <replaceable>integer</replaceable>;
259 max-cache-ttl <replaceable>integer</replaceable>;
260 transfer-format ( many-answers | one-answer );
261 max-cache-size <replaceable>size</replaceable>;
262 max-acache-size <replaceable>size</replaceable>;
263 clients-per-query <replaceable>number</replaceable>;
264 max-clients-per-query <replaceable>number</replaceable>;
265 check-names ( master | slave | response )
266 ( fail | warn | ignore );
267 check-mx ( fail | warn | ignore );
268 check-integrity <replaceable>boolean</replaceable>;
269 check-mx-cname ( fail | warn | ignore );
270 check-srv-cname ( fail | warn | ignore );
271 cache-file <replaceable>quoted_string</replaceable>; // test option
272 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
273 preferred-glue <replaceable>string</replaceable>;
274 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
275 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
276 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
277 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
279 edns-udp-size <replaceable>integer</replaceable>;
280 max-udp-size <replaceable>integer</replaceable>;
281 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
282 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
283 dnssec-enable <replaceable>boolean</replaceable>;
284 dnssec-validation <replaceable>boolean</replaceable>;
285 dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
286 dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
287 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
288 dnssec-accept-expired <replaceable>boolean</replaceable>;
290 empty-server <replaceable>string</replaceable>;
291 empty-contact <replaceable>string</replaceable>;
292 empty-zones-enable <replaceable>boolean</replaceable>;
293 disable-empty-zone <replaceable>string</replaceable>;
295 dialup <replaceable>dialuptype</replaceable>;
296 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
298 allow-query { <replaceable>address_match_element</replaceable>; ... };
299 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
300 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
301 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
302 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
303 allow-update { <replaceable>address_match_element</replaceable>; ... };
304 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
305 update-check-ksk <replaceable>boolean</replaceable>;
306 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
308 masterfile-format ( text | raw );
309 notify <replaceable>notifytype</replaceable>;
310 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
311 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
312 notify-delay <replaceable>seconds</replaceable>;
313 notify-to-soa <replaceable>boolean</replaceable>;
314 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
315 <optional> port <replaceable>integer</replaceable> </optional>; ... };
316 allow-notify { <replaceable>address_match_element</replaceable>; ... };
318 forward ( first | only );
319 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
320 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
323 max-journal-size <replaceable>size_no_default</replaceable>;
324 max-transfer-time-in <replaceable>integer</replaceable>;
325 max-transfer-time-out <replaceable>integer</replaceable>;
326 max-transfer-idle-in <replaceable>integer</replaceable>;
327 max-transfer-idle-out <replaceable>integer</replaceable>;
328 max-retry-time <replaceable>integer</replaceable>;
329 min-retry-time <replaceable>integer</replaceable>;
330 max-refresh-time <replaceable>integer</replaceable>;
331 min-refresh-time <replaceable>integer</replaceable>;
332 multi-master <replaceable>boolean</replaceable>;
334 sig-validity-interval <replaceable>integer</replaceable>;
335 sig-re-signing-interval <replaceable>integer</replaceable>;
336 sig-signing-nodes <replaceable>integer</replaceable>;
337 sig-signing-signatures <replaceable>integer</replaceable>;
338 sig-signing-type <replaceable>integer</replaceable>;
340 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
341 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
342 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
343 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
345 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
346 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
347 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
348 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
349 use-alt-transfer-source <replaceable>boolean</replaceable>;
351 zone-statistics <replaceable>boolean</replaceable>;
352 key-directory <replaceable>quoted_string</replaceable>;
353 managed-keys-directory <replaceable>quoted_string</replaceable>;
354 auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>;
355 try-tcp-refresh <replaceable>boolean</replaceable>;
356 zero-no-soa-ttl <replaceable>boolean</replaceable>;
357 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
358 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
359 deny-answer-addresses {
360 <replaceable>address_match_list</replaceable>
361 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
362 deny-answer-aliases {
363 <replaceable>namelist</replaceable>
364 } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
366 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
368 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
369 deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
370 fake-iquery <replaceable>boolean</replaceable>; // obsolete
371 fetch-glue <replaceable>boolean</replaceable>; // obsolete
372 has-old-clients <replaceable>boolean</replaceable>; // obsolete
373 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
374 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
375 multiple-cnames <replaceable>boolean</replaceable>; // obsolete
376 named-xfer <replaceable>quoted_string</replaceable>; // obsolete
377 serial-queries <replaceable>integer</replaceable>; // obsolete
378 treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
379 use-id-pool <replaceable>boolean</replaceable>; // obsolete
387 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
388 match-clients { <replaceable>address_match_element</replaceable>; ... };
389 match-destinations { <replaceable>address_match_element</replaceable>; ... };
390 match-recursive-only <replaceable>boolean</replaceable>;
392 key <replaceable>string</replaceable> {
393 algorithm <replaceable>string</replaceable>;
394 secret <replaceable>string</replaceable>;
397 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
401 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
406 <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
407 <optional>...</optional>
410 allow-recursion { <replaceable>address_match_element</replaceable>; ... };
411 allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
412 sortlist { <replaceable>address_match_element</replaceable>; ... };
413 topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
414 auth-nxdomain <replaceable>boolean</replaceable>; // default changed
415 minimal-responses <replaceable>boolean</replaceable>;
416 recursion <replaceable>boolean</replaceable>;
418 <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
419 <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
421 provide-ixfr <replaceable>boolean</replaceable>;
422 request-ixfr <replaceable>boolean</replaceable>;
423 rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
424 additional-from-auth <replaceable>boolean</replaceable>;
425 additional-from-cache <replaceable>boolean</replaceable>;
426 query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
427 query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
428 use-queryport-pool <replaceable>boolean</replaceable>;
429 queryport-pool-ports <replaceable>integer</replaceable>;
430 queryport-pool-updateinterval <replaceable>integer</replaceable>;
431 cleaning-interval <replaceable>integer</replaceable>;
432 min-roots <replaceable>integer</replaceable>; // not implemented
433 lame-ttl <replaceable>integer</replaceable>;
434 max-ncache-ttl <replaceable>integer</replaceable>;
435 max-cache-ttl <replaceable>integer</replaceable>;
436 transfer-format ( many-answers | one-answer );
437 max-cache-size <replaceable>size</replaceable>;
438 max-acache-size <replaceable>size</replaceable>;
439 clients-per-query <replaceable>number</replaceable>;
440 max-clients-per-query <replaceable>number</replaceable>;
441 check-names ( master | slave | response )
442 ( fail | warn | ignore );
443 check-mx ( fail | warn | ignore );
444 check-integrity <replaceable>boolean</replaceable>;
445 check-mx-cname ( fail | warn | ignore );
446 check-srv-cname ( fail | warn | ignore );
447 cache-file <replaceable>quoted_string</replaceable>; // test option
448 suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
449 preferred-glue <replaceable>string</replaceable>;
450 dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
451 ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
452 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
453 <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
455 edns-udp-size <replaceable>integer</replaceable>;
456 max-udp-size <replaceable>integer</replaceable>;
457 root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
458 disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
459 dnssec-enable <replaceable>boolean</replaceable>;
460 dnssec-validation <replaceable>boolean</replaceable>;
461 dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
462 dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
463 dnssec-accept-expired <replaceable>boolean</replaceable>;
465 empty-server <replaceable>string</replaceable>;
466 empty-contact <replaceable>string</replaceable>;
467 empty-zones-enable <replaceable>boolean</replaceable>;
468 disable-empty-zone <replaceable>string</replaceable>;
470 dialup <replaceable>dialuptype</replaceable>;
471 ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
473 allow-query { <replaceable>address_match_element</replaceable>; ... };
474 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
475 allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
476 allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
477 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
478 allow-update { <replaceable>address_match_element</replaceable>; ... };
479 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
480 update-check-ksk <replaceable>boolean</replaceable>;
481 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
483 masterfile-format ( text | raw );
484 notify <replaceable>notifytype</replaceable>;
485 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
486 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
487 notify-delay <replaceable>seconds</replaceable>;
488 notify-to-soa <replaceable>boolean</replaceable>;
489 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
490 <optional> port <replaceable>integer</replaceable> </optional>; ... };
491 allow-notify { <replaceable>address_match_element</replaceable>; ... };
493 forward ( first | only );
494 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
495 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
498 max-journal-size <replaceable>size_no_default</replaceable>;
499 max-transfer-time-in <replaceable>integer</replaceable>;
500 max-transfer-time-out <replaceable>integer</replaceable>;
501 max-transfer-idle-in <replaceable>integer</replaceable>;
502 max-transfer-idle-out <replaceable>integer</replaceable>;
503 max-retry-time <replaceable>integer</replaceable>;
504 min-retry-time <replaceable>integer</replaceable>;
505 max-refresh-time <replaceable>integer</replaceable>;
506 min-refresh-time <replaceable>integer</replaceable>;
507 multi-master <replaceable>boolean</replaceable>;
508 sig-validity-interval <replaceable>integer</replaceable>;
510 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
511 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
512 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
513 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
515 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
516 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
517 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
518 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
519 use-alt-transfer-source <replaceable>boolean</replaceable>;
521 zone-statistics <replaceable>boolean</replaceable>;
522 try-tcp-refresh <replaceable>boolean</replaceable>;
523 key-directory <replaceable>quoted_string</replaceable>;
524 zero-no-soa-ttl <replaceable>boolean</replaceable>;
525 zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
526 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
528 allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
529 fetch-glue <replaceable>boolean</replaceable>; // obsolete
530 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
531 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
539 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
540 type ( master | slave | stub | hint |
541 forward | delegation-only );
542 file <replaceable>quoted_string</replaceable>;
544 masters <optional> port <replaceable>integer</replaceable> </optional> {
545 ( <replaceable>masters</replaceable> |
546 <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
547 <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
550 database <replaceable>string</replaceable>;
551 delegation-only <replaceable>boolean</replaceable>;
552 check-names ( fail | warn | ignore );
553 check-mx ( fail | warn | ignore );
554 check-integrity <replaceable>boolean</replaceable>;
555 check-mx-cname ( fail | warn | ignore );
556 check-srv-cname ( fail | warn | ignore );
557 dialup <replaceable>dialuptype</replaceable>;
558 ixfr-from-differences <replaceable>boolean</replaceable>;
559 journal <replaceable>quoted_string</replaceable>;
560 zero-no-soa-ttl <replaceable>boolean</replaceable>;
561 dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
563 allow-query { <replaceable>address_match_element</replaceable>; ... };
564 allow-query-on { <replaceable>address_match_element</replaceable>; ... };
565 allow-transfer { <replaceable>address_match_element</replaceable>; ... };
566 allow-update { <replaceable>address_match_element</replaceable>; ... };
567 allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
568 update-policy <replaceable>local</replaceable> | <replaceable> {
569 ( grant | deny ) <replaceable>string</replaceable>
570 ( name | subdomain | wildcard | self | selfsub | selfwild |
571 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
572 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
573 <replaceable>rrtypelist</replaceable>;
574 <optional>...</optional>
576 update-check-ksk <replaceable>boolean</replaceable>;
577 dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
579 masterfile-format ( text | raw );
580 notify <replaceable>notifytype</replaceable>;
581 notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
582 notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
583 notify-delay <replaceable>seconds</replaceable>;
584 notify-to-soa <replaceable>boolean</replaceable>;
585 also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
586 <optional> port <replaceable>integer</replaceable> </optional>; ... };
587 allow-notify { <replaceable>address_match_element</replaceable>; ... };
589 forward ( first | only );
590 forwarders <optional> port <replaceable>integer</replaceable> </optional> {
591 ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
594 max-journal-size <replaceable>size_no_default</replaceable>;
595 max-transfer-time-in <replaceable>integer</replaceable>;
596 max-transfer-time-out <replaceable>integer</replaceable>;
597 max-transfer-idle-in <replaceable>integer</replaceable>;
598 max-transfer-idle-out <replaceable>integer</replaceable>;
599 max-retry-time <replaceable>integer</replaceable>;
600 min-retry-time <replaceable>integer</replaceable>;
601 max-refresh-time <replaceable>integer</replaceable>;
602 min-refresh-time <replaceable>integer</replaceable>;
603 multi-master <replaceable>boolean</replaceable>;
604 sig-validity-interval <replaceable>integer</replaceable>;
606 transfer-source ( <replaceable>ipv4_address</replaceable> | * )
607 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
608 transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
609 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
611 alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
612 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
613 alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
614 <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
615 use-alt-transfer-source <replaceable>boolean</replaceable>;
617 zone-statistics <replaceable>boolean</replaceable>;
618 try-tcp-refresh <replaceable>boolean</replaceable>;
619 key-directory <replaceable>quoted_string</replaceable>;
621 nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
623 ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
624 ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
625 maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
626 max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
627 pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
634 <para><filename>/etc/named.conf</filename>
639 <title>SEE ALSO</title>
641 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
644 <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
647 <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
649 <citetitle>BIND 9 Administrator Reference Manual</citetitle>.