.\" $NetBSD: named.conf.5,v 1.14.8.1 2017/06/21 18:03:20 snj Exp $ .\" .\" Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" .hy 0 .ad l '\" t .\" Title: named.conf .\" Author: .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 2014-01-08 .\" Manual: BIND9 .\" Source: ISC .\" Language: English .\" .TH "NAMED\&.CONF" "5" "2014\-01\-08" "ISC" "BIND9" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" named.conf \- configuration file for named .SH "SYNOPSIS" .HP \w'\fBnamed\&.conf\fR\ 'u \fBnamed\&.conf\fR .SH "DESCRIPTION" .PP named\&.conf is the configuration file for \fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported: .PP C style: /* */ .PP C++ style: // to end of line .PP Unix style: # to end of line .SH "ACL" .sp .if n \{\ .RS 4 .\} .nf acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "KEY" .sp .if n \{\ .RS 4 .\} .nf key \fIdomain_name\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; .fi .if n \{\ .RE .\} .SH "MASTERS" .sp .if n \{\ .RS 4 .\} .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "SERVER" .sp .if n \{\ .RS 4 .\} .nf server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) { bogus \fIboolean\fR; edns \fIboolean\fR; edns\-udp\-size \fIinteger\fR; max\-udp\-size \fIinteger\fR; tcp\-only \fIboolean\fR; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; keys \fIserver_key\fR; transfers \fIinteger\fR; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; support\-ixfr \fIboolean\fR; // obsolete }; .fi .if n \{\ .RE .\} .SH "TRUSTED-KEYS" .sp .if n \{\ .RS 4 .\} .nf trusted\-keys { \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "MANAGED-KEYS" .sp .if n \{\ .RS 4 .\} .nf managed\-keys { \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "CONTROLS" .sp .if n \{\ .RS 4 .\} .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] allow { \fIaddress_match_element\fR; \&.\&.\&. } [ keys { \fIstring\fR; \&.\&.\&. } ]; unix \fIunsupported\fR; // not implemented }; .fi .if n \{\ .RE .\} .SH "LOGGING" .sp .if n \{\ .RS 4 .\} .nf logging { channel \fIstring\fR { file \fIlog_file\fR; syslog \fIoptional_facility\fR; null; stderr; severity \fIlog_severity\fR; print\-time \fIboolean\fR; print\-severity \fIboolean\fR; print\-category \fIboolean\fR; }; category \fIstring\fR { \fIstring\fR; \&.\&.\&. }; }; .fi .if n \{\ .RE .\} .SH "LWRES" .sp .if n \{\ .RS 4 .\} .nf lwres { listen\-on [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; view \fIstring\fR \fIoptional_class\fR; search { \fIstring\fR; \&.\&.\&. }; ndots \fIinteger\fR; }; .fi .if n \{\ .RE .\} .SH "OPTIONS" .sp .if n \{\ .RS 4 .\} .nf options { avoid\-v4\-udp\-ports { \fIport\fR; \&.\&.\&. }; avoid\-v6\-udp\-ports { \fIport\fR; \&.\&.\&. }; blackhole { \fIaddress_match_element\fR; \&.\&.\&. }; coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; dump\-file \fIquoted_string\fR; files \fIsize\fR; heartbeat\-interval \fIinteger\fR; host\-statistics \fIboolean\fR; // not implemented host\-statistics\-max \fInumber\fR; // not implemented hostname ( \fIquoted_string\fR | none ); interface\-interval \fIinteger\fR; listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; match\-mapped\-addresses \fIboolean\fR; memstatistics\-file \fIquoted_string\fR; pid\-file ( \fIquoted_string\fR | none ); port \fIinteger\fR; querylog \fIboolean\fR; recursing\-file \fIquoted_string\fR; reserved\-sockets \fIinteger\fR; random\-device \fIquoted_string\fR; recursive\-clients \fIinteger\fR; serial\-query\-rate \fIinteger\fR; server\-id ( \fIquoted_string\fR | hostname | none ); stacksize \fIsize\fR; statistics\-file \fIquoted_string\fR; statistics\-interval \fIinteger\fR; // not yet implemented tcp\-clients \fIinteger\fR; tcp\-listen\-queue \fIinteger\fR; tkey\-dhkey \fIquoted_string\fR \fIinteger\fR; tkey\-gssapi\-credential \fIquoted_string\fR; tkey\-gssapi\-keytab \fIquoted_string\fR; tkey\-domain \fIquoted_string\fR; transfers\-per\-ns \fIinteger\fR; transfers\-in \fIinteger\fR; transfers\-out \fIinteger\fR; version ( \fIquoted_string\fR | none ); allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. }; sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed minimal\-responses \fIboolean\fR; recursion \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. }; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; use\-queryport\-pool \fIboolean\fR; queryport\-pool\-ports \fIinteger\fR; queryport\-pool\-updateinterval \fIinteger\fR; cleaning\-interval \fIinteger\fR; resolver\-query\-timeout \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; max\-ncache\-ttl \fIinteger\fR; max\-cache\-ttl \fIinteger\fR; transfer\-format ( many\-answers | one\-answer ); max\-cache\-size \fIsize\fR; max\-acache\-size \fIsize\fR; clients\-per\-query \fInumber\fR; max\-clients\-per\-query \fInumber\fR; check\-names ( master | slave | response ) ( fail | warn | ignore ); check\-mx ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx\-cname ( fail | warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); cache\-file \fIquoted_string\fR; // test option suppress\-initial\-notify \fIboolean\fR; // not yet implemented preferred\-glue \fIstring\fR; dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&. }; edns\-udp\-size \fIinteger\fR; max\-udp\-size \fIinteger\fR; root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ]; disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-accept\-expired \fIboolean\fR; dns64\-server \fIstring\fR; dns64\-contact \fIstring\fR; dns64 \fIprefix\fR { clients { acl; }; exclude { acl; }; mapped { acl; }; break\-dnssec \fIboolean\fR; recursive\-only \fIboolean\fR; suffix \fIipv6_address\fR; }; empty\-server \fIstring\fR; empty\-contact \fIstring\fR; empty\-zones\-enable \fIboolean\fR; disable\-empty\-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; update\-check\-ksk \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; masterfile\-format ( text | raw | map ); notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. [ key \fIkeyname\fR ] \&.\&.\&. }; allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; max\-journal\-size \fIsize_no_default\fR; max\-records \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-retry\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; max\-refresh\-time \fIinteger\fR; min\-refresh\-time \fIinteger\fR; multi\-master \fIboolean\fR; sig\-validity\-interval \fIinteger\fR; sig\-re\-signing\-interval \fIinteger\fR; sig\-signing\-nodes \fIinteger\fR; sig\-signing\-signatures \fIinteger\fR; sig\-signing\-type \fIinteger\fR; transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; managed\-keys\-directory \fIquoted_string\fR; auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBoff\fR; try\-tcp\-refresh \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl\-cache \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; automatic\-interface\-scan \fIboolean\fR; deny\-answer\-addresses { \fIaddress_match_list\fR } [ except\-from { \fInamelist\fR } ]; deny\-answer\-aliases { \fInamelist\fR } [ except\-from { \fInamelist\fR } ]; nsec3\-test\-zone \fIboolean\fR; // testing only allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete deallocate\-on\-exit \fIboolean\fR; // obsolete fake\-iquery \fIboolean\fR; // obsolete fetch\-glue \fIboolean\fR; // obsolete has\-old\-clients \fIboolean\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete max\-ixfr\-log\-size \fIsize\fR; // obsolete multiple\-cnames \fIboolean\fR; // obsolete named\-xfer \fIquoted_string\fR; // obsolete serial\-queries \fIinteger\fR; // obsolete treat\-cr\-as\-space \fIboolean\fR; // obsolete use\-id\-pool \fIboolean\fR; // obsolete use\-ixfr \fIboolean\fR; // obsolete }; .fi .if n \{\ .RE .\} .SH "VIEW" .sp .if n \{\ .RS 4 .\} .nf view \fIstring\fR \fIoptional_class\fR { match\-clients { \fIaddress_match_element\fR; \&.\&.\&. }; match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. }; match\-recursive\-only \fIboolean\fR; key \fIstring\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; zone \fIstring\fR \fIoptional_class\fR { \&.\&.\&. }; server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) { \&.\&.\&. }; trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; [\&.\&.\&.] }; managed\-keys { \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; [\&.\&.\&.] }; allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. }; sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed minimal\-responses \fIboolean\fR; recursion \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. }; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; use\-queryport\-pool \fIboolean\fR; queryport\-pool\-ports \fIinteger\fR; queryport\-pool\-updateinterval \fIinteger\fR; cleaning\-interval \fIinteger\fR; resolver\-query\-timeout \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; max\-ncache\-ttl \fIinteger\fR; max\-cache\-ttl \fIinteger\fR; transfer\-format ( many\-answers | one\-answer ); max\-cache\-size \fIsize\fR; max\-acache\-size \fIsize\fR; clients\-per\-query \fInumber\fR; max\-clients\-per\-query \fInumber\fR; check\-names ( master | slave | response ) ( fail | warn | ignore ); check\-mx ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx\-cname ( fail | warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); cache\-file \fIquoted_string\fR; // test option suppress\-initial\-notify \fIboolean\fR; // not yet implemented preferred\-glue \fIstring\fR; dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&. }; edns\-udp\-size \fIinteger\fR; max\-udp\-size \fIinteger\fR; root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ]; disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-accept\-expired \fIboolean\fR; dns64\-server \fIstring\fR; dns64\-contact \fIstring\fR; dns64 \fIprefix\fR { clients { acl; }; exclude { acl; }; mapped { acl; }; break\-dnssec \fIboolean\fR; recursive\-only \fIboolean\fR; suffix \fIipv6_address\fR; }; empty\-server \fIstring\fR; empty\-contact \fIstring\fR; empty\-zones\-enable \fIboolean\fR; disable\-empty\-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; update\-check\-ksk \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; masterfile\-format ( text | raw | map ); notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. [ key \fIkeyname\fR ] \&.\&.\&. }; allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; max\-journal\-size \fIsize_no_default\fR; max\-records \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-retry\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; max\-refresh\-time \fIinteger\fR; min\-refresh\-time \fIinteger\fR; multi\-master \fIboolean\fR; sig\-validity\-interval \fIinteger\fR; transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; try\-tcp\-refresh \fIboolean\fR; key\-directory \fIquoted_string\fR; zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl\-cache \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete fetch\-glue \fIboolean\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete max\-ixfr\-log\-size \fIsize\fR; // obsolete }; .fi .if n \{\ .RE .\} .SH "ZONE" .sp .if n \{\ .RS 4 .\} .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | redirect | forward | delegation\-only ); file \fIquoted_string\fR; masters [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; database \fIstring\fR; delegation\-only \fIboolean\fR; check\-names ( fail | warn | ignore ); check\-mx ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx\-cname ( fail | warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); dialup \fIdialuptype\fR; ixfr\-from\-differences \fIboolean\fR; journal \fIquoted_string\fR; zero\-no\-soa\-ttl \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; update\-policy \fIlocal\fR | \fI { ( grant | deny ) \fR\fI\fIstring\fR\fR\fI ( name | subdomain | wildcard | self | selfsub | selfwild | krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain | tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI \fR\fI\fIrrtypelist\fR\fR\fI; \fR\fI[\&.\&.\&.]\fR\fI }\fR; update\-check\-ksk \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; masterfile\-format ( text | raw | map ); notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. [ key \fIkeyname\fR ] \&.\&.\&. }; allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; max\-journal\-size \fIsize_no_default\fR; max\-records \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-retry\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; max\-refresh\-time \fIinteger\fR; min\-refresh\-time \fIinteger\fR; multi\-master \fIboolean\fR; request\-ixfr \fIboolean\fR; sig\-validity\-interval \fIinteger\fR; transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; try\-tcp\-refresh \fIboolean\fR; key\-directory \fIquoted_string\fR; nsec3\-test\-zone \fIboolean\fR; // testing only ixfr\-base \fIquoted_string\fR; // obsolete ixfr\-tmp\-file \fIquoted_string\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete max\-ixfr\-log\-size \fIsize\fR; // obsolete pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete }; .fi .if n \{\ .RE .\} .SH "FILES" .PP /etc/named\&.conf .SH "SEE ALSO" .PP \fBnamed\fR(8), \fBnamed-checkconf\fR(8), \fBrndc\fR(8), BIND 9 Administrator Reference Manual\&. .SH "AUTHOR" .PP \fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" .br Copyright \(co 2004-2016 Internet Systems Consortium, Inc. ("ISC") .br