Man Linux: Main Page and Category List

NAME

       named.conf - configuration file for named

SYNOPSIS

       named.conf

DESCRIPTION

       named.conf is the configuration file for named. Statements are enclosed
       in braces and terminated with a semi-colon. Clauses in the statements
       are also semi-colon terminated. The usual comment styles are supported:

       C style: /* */

       C++ style: // to end of line

       Unix style: # to end of line

ACL

           acl string { address_match_element; ... };

KEY

           key domain_name {
                algorithm string;
                secret string;
           };

MASTERS

           masters string [ port integer ] {
                ( masters | ipv4_address [port integer] |
                ipv6_address [port integer] ) [ key string ]; ...
           };

SERVER

           server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
                bogus boolean;
                edns boolean;
                edns-udp-size integer;
                max-udp-size integer;
                provide-ixfr boolean;
                request-ixfr boolean;
                keys server_key;
                transfers integer;
                transfer-format ( many-answers | one-answer );
                transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                support-ixfr boolean; // obsolete
           };

TRUSTED-KEYS

           trusted-keys {
                domain_name flags protocol algorithm key; ...
           };

MANAGED-KEYS

           managed-keys {
                domain_name initial-key flags protocol algorithm key; ...
           };

CONTROLS

           controls {
                inet ( ipv4_address | ipv6_address | * )
                     [ port ( integer | * ) ]
                     allow { address_match_element; ... }
                     [ keys { string; ... } ];
                unix unsupported; // not implemented
           };

LOGGING

           logging {
                channel string {
                     file log_file;
                     syslog optional_facility;
                     null;
                     stderr;
                     severity log_severity;
                     print-time boolean;
                     print-severity boolean;
                     print-category boolean;
                };
                category string { string; ... };
           };

LWRES

           lwres {
                listen-on [ port integer ] {
                     ( ipv4_address | ipv6_address ) [ port integer ]; ...
                };
                view string optional_class;
                search { string; ... };
                ndots integer;
           };

OPTIONS

           options {
                avoid-v4-udp-ports { port; ... };
                avoid-v6-udp-ports { port; ... };
                blackhole { address_match_element; ... };
                coresize size;
                datasize size;
                directory quoted_string;
                dump-file quoted_string;
                files size;
                heartbeat-interval integer;
                host-statistics boolean; // not implemented
                host-statistics-max number; // not implemented
                hostname ( quoted_string | none );
                interface-interval integer;
                listen-on [ port integer ] { address_match_element; ... };
                listen-on-v6 [ port integer ] { address_match_element; ... };
                match-mapped-addresses boolean;
                memstatistics-file quoted_string;
                pid-file ( quoted_string | none );
                port integer;
                querylog boolean;
                recursing-file quoted_string;
                reserved-sockets integer;
                random-device quoted_string;
                recursive-clients integer;
                serial-query-rate integer;
                server-id ( quoted_string | none |;
                stacksize size;
                statistics-file quoted_string;
                statistics-interval integer; // not yet implemented
                tcp-clients integer;
                tcp-listen-queue integer;
                tkey-dhkey quoted_string integer;
                tkey-gssapi-credential quoted_string;
                tkey-domain quoted_string;
                transfers-per-ns integer;
                transfers-in integer;
                transfers-out integer;
                use-ixfr boolean;
                version ( quoted_string | none );
                allow-recursion { address_match_element; ... };
                allow-recursion-on { address_match_element; ... };
                sortlist { address_match_element; ... };
                topology { address_match_element; ... }; // not implemented
                auth-nxdomain boolean; // default changed
                minimal-responses boolean;
                recursion boolean;
                rrset-order {
                     [ class string ] [ type string ]
                     [ name quoted_string ] string string; ...
                };
                provide-ixfr boolean;
                request-ixfr boolean;
                rfc2308-type1 boolean; // not yet implemented
                additional-from-auth boolean;
                additional-from-cache boolean;
                query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
                query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
                use-queryport-pool boolean;
                queryport-pool-ports integer;
                queryport-pool-updateinterval integer;
                cleaning-interval integer;
                min-roots integer; // not implemented
                lame-ttl integer;
                max-ncache-ttl integer;
                max-cache-ttl integer;
                transfer-format ( many-answers | one-answer );
                max-cache-size size;
                max-acache-size size;
                clients-per-query number;
                max-clients-per-query number;
                check-names ( master | slave | response )
                     ( fail | warn | ignore );
                check-mx ( fail | warn | ignore );
                check-integrity boolean;
                check-mx-cname ( fail | warn | ignore );
                check-srv-cname ( fail | warn | ignore );
                cache-file quoted_string; // test option
                suppress-initial-notify boolean; // not yet implemented
                preferred-glue string;
                dual-stack-servers [ port integer ] {
                     ( quoted_string [port integer] |
                     ipv4_address [port integer] |
                     ipv6_address [port integer] ); ...
                };
                edns-udp-size integer;
                max-udp-size integer;
                root-delegation-only [ exclude { quoted_string; ... } ];
                disable-algorithms string { string; ... };
                dnssec-enable boolean;
                dnssec-validation boolean;
                dnssec-lookaside string trust-anchor string;
                dnssec-lookaside ( auto | domain trust-anchor domain );
                dnssec-must-be-secure string boolean;
                dnssec-accept-expired boolean;
                empty-server string;
                empty-contact string;
                empty-zones-enable boolean;
                disable-empty-zone string;
                dialup dialuptype;
                ixfr-from-differences ixfrdiff;
                allow-query { address_match_element; ... };
                allow-query-on { address_match_element; ... };
                allow-query-cache { address_match_element; ... };
                allow-query-cache-on { address_match_element; ... };
                allow-transfer { address_match_element; ... };
                allow-update { address_match_element; ... };
                allow-update-forwarding { address_match_element; ... };
                update-check-ksk boolean;
                dnssec-dnskey-kskonly boolean;
                masterfile-format ( text | raw );
                notify notifytype;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
                notify-delay seconds;
                notify-to-soa boolean;
                also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                     [ port integer ]; ... };
                allow-notify { address_match_element; ... };
                forward ( first | only );
                forwarders [ port integer ] {
                     ( ipv4_address | ipv6_address ) [ port integer ]; ...
                };
                max-journal-size size_no_default;
                max-transfer-time-in integer;
                max-transfer-time-out integer;
                max-transfer-idle-in integer;
                max-transfer-idle-out integer;
                max-retry-time integer;
                min-retry-time integer;
                max-refresh-time integer;
                min-refresh-time integer;
                multi-master boolean;
                sig-validity-interval integer;
                sig-re-signing-interval integer;
                sig-signing-nodes integer;
                sig-signing-signatures integer;
                sig-signing-type integer;
                transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                alt-transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                alt-transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                use-alt-transfer-source boolean;
                zone-statistics boolean;
                key-directory quoted_string;
                managed-keys-directory quoted_string;
                auto-dnssec allow|maintain|create|off;
                try-tcp-refresh boolean;
                zero-no-soa-ttl boolean;
                zero-no-soa-ttl-cache boolean;
                dnssec-secure-to-insecure boolean;
                deny-answer-addresses {
                     address_match_list
                } [ except-from { namelist } ];
                deny-answer-aliases {
                     namelist
                } [ except-from { namelist } ];
                nsec3-test-zone boolean;  // testing only
                allow-v6-synthesis { address_match_element; ... }; // obsolete
                deallocate-on-exit boolean; // obsolete
                fake-iquery boolean; // obsolete
                fetch-glue boolean; // obsolete
                has-old-clients boolean; // obsolete
                maintain-ixfr-base boolean; // obsolete
                max-ixfr-log-size size; // obsolete
                multiple-cnames boolean; // obsolete
                named-xfer quoted_string; // obsolete
                serial-queries integer; // obsolete
                treat-cr-as-space boolean; // obsolete
                use-id-pool boolean; // obsolete
           };

VIEW

           view string optional_class {
                match-clients { address_match_element; ... };
                match-destinations { address_match_element; ... };
                match-recursive-only boolean;
                key string {
                     algorithm string;
                     secret string;
                };
                zone string optional_class {
                     ...
                };
                server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
                     ...
                };
                trusted-keys {
                     string integer integer integer quoted_string;
                     [...]
                };
                allow-recursion { address_match_element; ... };
                allow-recursion-on { address_match_element; ... };
                sortlist { address_match_element; ... };
                topology { address_match_element; ... }; // not implemented
                auth-nxdomain boolean; // default changed
                minimal-responses boolean;
                recursion boolean;
                rrset-order {
                     [ class string ] [ type string ]
                     [ name quoted_string ] string string; ...
                };
                provide-ixfr boolean;
                request-ixfr boolean;
                rfc2308-type1 boolean; // not yet implemented
                additional-from-auth boolean;
                additional-from-cache boolean;
                query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
                query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
                use-queryport-pool boolean;
                queryport-pool-ports integer;
                queryport-pool-updateinterval integer;
                cleaning-interval integer;
                min-roots integer; // not implemented
                lame-ttl integer;
                max-ncache-ttl integer;
                max-cache-ttl integer;
                transfer-format ( many-answers | one-answer );
                max-cache-size size;
                max-acache-size size;
                clients-per-query number;
                max-clients-per-query number;
                check-names ( master | slave | response )
                     ( fail | warn | ignore );
                check-mx ( fail | warn | ignore );
                check-integrity boolean;
                check-mx-cname ( fail | warn | ignore );
                check-srv-cname ( fail | warn | ignore );
                cache-file quoted_string; // test option
                suppress-initial-notify boolean; // not yet implemented
                preferred-glue string;
                dual-stack-servers [ port integer ] {
                     ( quoted_string [port integer] |
                     ipv4_address [port integer] |
                     ipv6_address [port integer] ); ...
                };
                edns-udp-size integer;
                max-udp-size integer;
                root-delegation-only [ exclude { quoted_string; ... } ];
                disable-algorithms string { string; ... };
                dnssec-enable boolean;
                dnssec-validation boolean;
                dnssec-lookaside string trust-anchor string;
                dnssec-must-be-secure string boolean;
                dnssec-accept-expired boolean;
                empty-server string;
                empty-contact string;
                empty-zones-enable boolean;
                disable-empty-zone string;
                dialup dialuptype;
                ixfr-from-differences ixfrdiff;
                allow-query { address_match_element; ... };
                allow-query-on { address_match_element; ... };
                allow-query-cache { address_match_element; ... };
                allow-query-cache-on { address_match_element; ... };
                allow-transfer { address_match_element; ... };
                allow-update { address_match_element; ... };
                allow-update-forwarding { address_match_element; ... };
                update-check-ksk boolean;
                dnssec-dnskey-kskonly boolean;
                masterfile-format ( text | raw );
                notify notifytype;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
                notify-delay seconds;
                notify-to-soa boolean;
                also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                     [ port integer ]; ... };
                allow-notify { address_match_element; ... };
                forward ( first | only );
                forwarders [ port integer ] {
                     ( ipv4_address | ipv6_address ) [ port integer ]; ...
                };
                max-journal-size size_no_default;
                max-transfer-time-in integer;
                max-transfer-time-out integer;
                max-transfer-idle-in integer;
                max-transfer-idle-out integer;
                max-retry-time integer;
                min-retry-time integer;
                max-refresh-time integer;
                min-refresh-time integer;
                multi-master boolean;
                sig-validity-interval integer;
                transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                alt-transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                alt-transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                use-alt-transfer-source boolean;
                zone-statistics boolean;
                try-tcp-refresh boolean;
                key-directory quoted_string;
                zero-no-soa-ttl boolean;
                zero-no-soa-ttl-cache boolean;
                dnssec-secure-to-insecure boolean;
                allow-v6-synthesis { address_match_element; ... }; // obsolete
                fetch-glue boolean; // obsolete
                maintain-ixfr-base boolean; // obsolete
                max-ixfr-log-size size; // obsolete
           };

ZONE

           zone string optional_class {
                type ( master | slave | stub | hint |
                     forward | delegation-only );
                file quoted_string;
                masters [ port integer ] {
                     ( masters |
                     ipv4_address [port integer] |
                     ipv6_address [ port integer ] ) [ key string ]; ...
                };
                database string;
                delegation-only boolean;
                check-names ( fail | warn | ignore );
                check-mx ( fail | warn | ignore );
                check-integrity boolean;
                check-mx-cname ( fail | warn | ignore );
                check-srv-cname ( fail | warn | ignore );
                dialup dialuptype;
                ixfr-from-differences boolean;
                journal quoted_string;
                zero-no-soa-ttl boolean;
                dnssec-secure-to-insecure boolean;
                allow-query { address_match_element; ... };
                allow-query-on { address_match_element; ... };
                allow-transfer { address_match_element; ... };
                allow-update { address_match_element; ... };
                allow-update-forwarding { address_match_element; ... };
                update-policy local |  {
                     ( grant | deny ) string
                     ( name | subdomain | wildcard | self | selfsub | selfwild |
                             krb5-self | ms-self | krb5-subdomain | ms-subdomain |
                       tcp-self | zonesub | 6to4-self ) string
                     rrtypelist;
                     [...]
                };
                update-check-ksk boolean;
                dnssec-dnskey-kskonly boolean;
                masterfile-format ( text | raw );
                notify notifytype;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
                notify-delay seconds;
                notify-to-soa boolean;
                also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                     [ port integer ]; ... };
                allow-notify { address_match_element; ... };
                forward ( first | only );
                forwarders [ port integer ] {
                     ( ipv4_address | ipv6_address ) [ port integer ]; ...
                };
                max-journal-size size_no_default;
                max-transfer-time-in integer;
                max-transfer-time-out integer;
                max-transfer-idle-in integer;
                max-transfer-idle-out integer;
                max-retry-time integer;
                min-retry-time integer;
                max-refresh-time integer;
                min-refresh-time integer;
                multi-master boolean;
                sig-validity-interval integer;
                transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                alt-transfer-source ( ipv4_address | * )
                     [ port ( integer | * ) ];
                alt-transfer-source-v6 ( ipv6_address | * )
                     [ port ( integer | * ) ];
                use-alt-transfer-source boolean;
                zone-statistics boolean;
                try-tcp-refresh boolean;
                key-directory quoted_string;
                nsec3-test-zone boolean;  // testing only
                ixfr-base quoted_string; // obsolete
                ixfr-tmp-file quoted_string; // obsolete
                maintain-ixfr-base boolean; // obsolete
                max-ixfr-log-size size; // obsolete
                pubkey integer integer integer quoted_string; // obsolete
           };

FILES

       /etc/named.conf

SEE ALSO

       named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference
       Manual.

COPYRIGHT

       Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")

BIND9                            Aug 13, 2004                    NAMED.CONF(5)