.\" $NetBSD: named.conf.5,v 1.14.8.1 2017/06/21 18:03:20 snj Exp $
.\"
.\" Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.hy 0
.ad l
'\" t
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1
.\" Date: 2014-01-08
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2014\-01\-08" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
named.conf \- configuration file for named
.SH "SYNOPSIS"
.HP \w'\fBnamed\&.conf\fR\ 'u
\fBnamed\&.conf\fR
.SH "DESCRIPTION"
.PP
named\&.conf
is the configuration file for
\fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported:
.PP
C style: /* */
.PP
C++ style: // to end of line
.PP
Unix style: # to end of line
.SH "ACL"
.sp
.if n \{\
.RS 4
.\}
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
.SH "KEY"
.sp
.if n \{\
.RS 4
.\}
.nf
key \fIdomain_name\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "MASTERS"
.sp
.if n \{\
.RS 4
.\}
.nf
masters \fIstring\fR [ port \fIinteger\fR ] {
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; \&.\&.\&.
};
.fi
.if n \{\
.RE
.\}
.SH "SERVER"
.sp
.if n \{\
.RS 4
.\}
.nf
server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
bogus \fIboolean\fR;
edns \fIboolean\fR;
edns\-udp\-size \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
tcp\-only \fIboolean\fR;
provide\-ixfr \fIboolean\fR;
request\-ixfr \fIboolean\fR;
keys \fIserver_key\fR;
transfers \fIinteger\fR;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
support\-ixfr \fIboolean\fR; // obsolete
};
.fi
.if n \{\
.RE
.\}
.SH "TRUSTED-KEYS"
.sp
.if n \{\
.RS 4
.\}
.nf
trusted\-keys {
\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&.
};
.fi
.if n \{\
.RE
.\}
.SH "MANAGED-KEYS"
.sp
.if n \{\
.RS 4
.\}
.nf
managed\-keys {
\fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&.
};
.fi
.if n \{\
.RE
.\}
.SH "CONTROLS"
.sp
.if n \{\
.RS 4
.\}
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ]
allow { \fIaddress_match_element\fR; \&.\&.\&. }
[ keys { \fIstring\fR; \&.\&.\&. } ];
unix \fIunsupported\fR; // not implemented
};
.fi
.if n \{\
.RE
.\}
.SH "LOGGING"
.sp
.if n \{\
.RS 4
.\}
.nf
logging {
channel \fIstring\fR {
file \fIlog_file\fR;
syslog \fIoptional_facility\fR;
null;
stderr;
severity \fIlog_severity\fR;
print\-time \fIboolean\fR;
print\-severity \fIboolean\fR;
print\-category \fIboolean\fR;
};
category \fIstring\fR { \fIstring\fR; \&.\&.\&. };
};
.fi
.if n \{\
.RE
.\}
.SH "LWRES"
.sp
.if n \{\
.RS 4
.\}
.nf
lwres {
listen\-on [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
view \fIstring\fR \fIoptional_class\fR;
search { \fIstring\fR; \&.\&.\&. };
ndots \fIinteger\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "OPTIONS"
.sp
.if n \{\
.RS 4
.\}
.nf
options {
avoid\-v4\-udp\-ports { \fIport\fR; \&.\&.\&. };
avoid\-v6\-udp\-ports { \fIport\fR; \&.\&.\&. };
blackhole { \fIaddress_match_element\fR; \&.\&.\&. };
coresize \fIsize\fR;
datasize \fIsize\fR;
directory \fIquoted_string\fR;
dump\-file \fIquoted_string\fR;
files \fIsize\fR;
heartbeat\-interval \fIinteger\fR;
host\-statistics \fIboolean\fR; // not implemented
host\-statistics\-max \fInumber\fR; // not implemented
hostname ( \fIquoted_string\fR | none );
interface\-interval \fIinteger\fR;
listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. };
listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. };
match\-mapped\-addresses \fIboolean\fR;
memstatistics\-file \fIquoted_string\fR;
pid\-file ( \fIquoted_string\fR | none );
port \fIinteger\fR;
querylog \fIboolean\fR;
recursing\-file \fIquoted_string\fR;
reserved\-sockets \fIinteger\fR;
random\-device \fIquoted_string\fR;
recursive\-clients \fIinteger\fR;
serial\-query\-rate \fIinteger\fR;
server\-id ( \fIquoted_string\fR | hostname | none );
stacksize \fIsize\fR;
statistics\-file \fIquoted_string\fR;
statistics\-interval \fIinteger\fR; // not yet implemented
tcp\-clients \fIinteger\fR;
tcp\-listen\-queue \fIinteger\fR;
tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
tkey\-gssapi\-credential \fIquoted_string\fR;
tkey\-gssapi\-keytab \fIquoted_string\fR;
tkey\-domain \fIquoted_string\fR;
transfers\-per\-ns \fIinteger\fR;
transfers\-in \fIinteger\fR;
transfers\-out \fIinteger\fR;
version ( \fIquoted_string\fR | none );
allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
auth\-nxdomain \fIboolean\fR; // default changed
minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset\-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&.
};
provide\-ixfr \fIboolean\fR;
request\-ixfr \fIboolean\fR;
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
use\-queryport\-pool \fIboolean\fR;
queryport\-pool\-ports \fIinteger\fR;
queryport\-pool\-updateinterval \fIinteger\fR;
cleaning\-interval \fIinteger\fR;
resolver\-query\-timeout \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
max\-ncache\-ttl \fIinteger\fR;
max\-cache\-ttl \fIinteger\fR;
transfer\-format ( many\-answers | one\-answer );
max\-cache\-size \fIsize\fR;
max\-acache\-size \fIsize\fR;
clients\-per\-query \fInumber\fR;
max\-clients\-per\-query \fInumber\fR;
check\-names ( master | slave | response )
( fail | warn | ignore );
check\-mx ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx\-cname ( fail | warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
cache\-file \fIquoted_string\fR; // test option
suppress\-initial\-notify \fIboolean\fR; // not yet implemented
preferred\-glue \fIstring\fR;
dual\-stack\-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&.
};
edns\-udp\-size \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. };
disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. };
dnssec\-enable \fIboolean\fR;
dnssec\-validation \fIboolean\fR;
dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-accept\-expired \fIboolean\fR;
dns64\-server \fIstring\fR;
dns64\-contact \fIstring\fR;
dns64 \fIprefix\fR {
clients { acl; };
exclude { acl; };
mapped { acl; };
break\-dnssec \fIboolean\fR;
recursive\-only \fIboolean\fR;
suffix \fIipv6_address\fR;
};
empty\-server \fIstring\fR;
empty\-contact \fIstring\fR;
empty\-zones\-enable \fIboolean\fR;
disable\-empty\-zone \fIstring\fR;
dialup \fIdialuptype\fR;
ixfr\-from\-differences \fIixfrdiff\fR;
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw | map );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; \&.\&.\&.
[ key \fIkeyname\fR ] \&.\&.\&. };
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
min\-refresh\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
sig\-validity\-interval \fIinteger\fR;
sig\-re\-signing\-interval \fIinteger\fR;
sig\-signing\-nodes \fIinteger\fR;
sig\-signing\-signatures \fIinteger\fR;
sig\-signing\-type \fIinteger\fR;
transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt\-transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
use\-alt\-transfer\-source \fIboolean\fR;
zone\-statistics \fIboolean\fR;
key\-directory \fIquoted_string\fR;
managed\-keys\-directory \fIquoted_string\fR;
auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBoff\fR;
try\-tcp\-refresh \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
automatic\-interface\-scan \fIboolean\fR;
deny\-answer\-addresses {
\fIaddress_match_list\fR
} [ except\-from { \fInamelist\fR } ];
deny\-answer\-aliases {
\fInamelist\fR
} [ except\-from { \fInamelist\fR } ];
nsec3\-test\-zone \fIboolean\fR; // testing only
allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete
deallocate\-on\-exit \fIboolean\fR; // obsolete
fake\-iquery \fIboolean\fR; // obsolete
fetch\-glue \fIboolean\fR; // obsolete
has\-old\-clients \fIboolean\fR; // obsolete
maintain\-ixfr\-base \fIboolean\fR; // obsolete
max\-ixfr\-log\-size \fIsize\fR; // obsolete
multiple\-cnames \fIboolean\fR; // obsolete
named\-xfer \fIquoted_string\fR; // obsolete
serial\-queries \fIinteger\fR; // obsolete
treat\-cr\-as\-space \fIboolean\fR; // obsolete
use\-id\-pool \fIboolean\fR; // obsolete
use\-ixfr \fIboolean\fR; // obsolete
};
.fi
.if n \{\
.RE
.\}
.SH "VIEW"
.sp
.if n \{\
.RS 4
.\}
.nf
view \fIstring\fR \fIoptional_class\fR {
match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. };
match\-recursive\-only \fIboolean\fR;
key \fIstring\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
zone \fIstring\fR \fIoptional_class\fR {
\&.\&.\&.
};
server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
\&.\&.\&.
};
trusted\-keys {
\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
[\&.\&.\&.]
};
managed\-keys {
\fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR;
[\&.\&.\&.]
};
allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
auth\-nxdomain \fIboolean\fR; // default changed
minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset\-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&.
};
provide\-ixfr \fIboolean\fR;
request\-ixfr \fIboolean\fR;
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
use\-queryport\-pool \fIboolean\fR;
queryport\-pool\-ports \fIinteger\fR;
queryport\-pool\-updateinterval \fIinteger\fR;
cleaning\-interval \fIinteger\fR;
resolver\-query\-timeout \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
max\-ncache\-ttl \fIinteger\fR;
max\-cache\-ttl \fIinteger\fR;
transfer\-format ( many\-answers | one\-answer );
max\-cache\-size \fIsize\fR;
max\-acache\-size \fIsize\fR;
clients\-per\-query \fInumber\fR;
max\-clients\-per\-query \fInumber\fR;
check\-names ( master | slave | response )
( fail | warn | ignore );
check\-mx ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx\-cname ( fail | warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
cache\-file \fIquoted_string\fR; // test option
suppress\-initial\-notify \fIboolean\fR; // not yet implemented
preferred\-glue \fIstring\fR;
dual\-stack\-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&.
};
edns\-udp\-size \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. };
disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. };
dnssec\-enable \fIboolean\fR;
dnssec\-validation \fIboolean\fR;
dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-accept\-expired \fIboolean\fR;
dns64\-server \fIstring\fR;
dns64\-contact \fIstring\fR;
dns64 \fIprefix\fR {
clients { acl; };
exclude { acl; };
mapped { acl; };
break\-dnssec \fIboolean\fR;
recursive\-only \fIboolean\fR;
suffix \fIipv6_address\fR;
};
empty\-server \fIstring\fR;
empty\-contact \fIstring\fR;
empty\-zones\-enable \fIboolean\fR;
disable\-empty\-zone \fIstring\fR;
dialup \fIdialuptype\fR;
ixfr\-from\-differences \fIixfrdiff\fR;
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw | map );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; \&.\&.\&.
[ key \fIkeyname\fR ] \&.\&.\&. };
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
min\-refresh\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
sig\-validity\-interval \fIinteger\fR;
transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt\-transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
use\-alt\-transfer\-source \fIboolean\fR;
zone\-statistics \fIboolean\fR;
try\-tcp\-refresh \fIboolean\fR;
key\-directory \fIquoted_string\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete
fetch\-glue \fIboolean\fR; // obsolete
maintain\-ixfr\-base \fIboolean\fR; // obsolete
max\-ixfr\-log\-size \fIsize\fR; // obsolete
};
.fi
.if n \{\
.RE
.\}
.SH "ZONE"
.sp
.if n \{\
.RS 4
.\}
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint | redirect |
forward | delegation\-only );
file \fIquoted_string\fR;
masters [ port \fIinteger\fR ] {
( \fImasters\fR |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&.
};
database \fIstring\fR;
delegation\-only \fIboolean\fR;
check\-names ( fail | warn | ignore );
check\-mx ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
check\-mx\-cname ( fail | warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
dialup \fIdialuptype\fR;
ixfr\-from\-differences \fIboolean\fR;
journal \fIquoted_string\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
update\-policy \fIlocal\fR | \fI {
( grant | deny ) \fR\fI\fIstring\fR\fR\fI
( name | subdomain | wildcard | self | selfsub | selfwild |
krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
\fR\fI\fIrrtypelist\fR\fR\fI;
\fR\fI[\&.\&.\&.]\fR\fI
}\fR;
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw | map );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; \&.\&.\&.
[ key \fIkeyname\fR ] \&.\&.\&. };
allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
max\-transfer\-time\-in \fIinteger\fR;
max\-transfer\-time\-out \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
max\-retry\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
max\-refresh\-time \fIinteger\fR;
min\-refresh\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
request\-ixfr \fIboolean\fR;
sig\-validity\-interval \fIinteger\fR;
transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt\-transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
use\-alt\-transfer\-source \fIboolean\fR;
zone\-statistics \fIboolean\fR;
try\-tcp\-refresh \fIboolean\fR;
key\-directory \fIquoted_string\fR;
nsec3\-test\-zone \fIboolean\fR; // testing only
ixfr\-base \fIquoted_string\fR; // obsolete
ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
maintain\-ixfr\-base \fIboolean\fR; // obsolete
max\-ixfr\-log\-size \fIsize\fR; // obsolete
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
};
.fi
.if n \{\
.RE
.\}
.SH "FILES"
.PP
/etc/named\&.conf
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
\fBnamed-checkconf\fR(8),
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2004-2016 Internet Systems Consortium, Inc. ("ISC")
.br