named.conf
— configuration file for named
named.conf
named.conf
is the configuration file
for
named. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
masters string
[ port integer
] {
( masters
| ipv4_address
[port integer
] |
ipv6_address
[port integer
] ) [ key string
]; ...
};
server ( ipv4_address[/prefixlen]
| ipv6_address[/prefixlen]
) {
bogus boolean
;
edns boolean
;
edns-udp-size integer
;
max-udp-size integer
;
tcp-only boolean
;
provide-ixfr boolean
;
request-ixfr boolean
;
keys server_key
;
transfers integer
;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
support-ixfr boolean
; // obsolete
};
controls {
inet ( ipv4_address
| ipv6_address
| * )
[ port ( integer
| * ) ]
allow { address_match_element
; ... }
[ keys { string
; ... } ];
unix unsupported
; // not implemented
};
logging {
channel string
{
file log_file
;
syslog optional_facility
;
null;
stderr;
severity log_severity
;
print-time boolean
;
print-severity boolean
;
print-category boolean
;
};
category string
{ string
; ... };
};
lwres {
listen-on [ port integer
] {
( ipv4_address
| ipv6_address
) [ port integer
]; ...
};
view string
optional_class
;
search { string
; ... };
ndots integer
;
};
options {
avoid-v4-udp-ports { port
; ... };
avoid-v6-udp-ports { port
; ... };
blackhole { address_match_element
; ... };
coresize size
;
datasize size
;
directory quoted_string
;
dump-file quoted_string
;
files size
;
heartbeat-interval integer
;
host-statistics boolean
; // not implemented
host-statistics-max number
; // not implemented
hostname ( quoted_string
| none );
interface-interval integer
;
listen-on [ port integer
] { address_match_element
; ... };
listen-on-v6 [ port integer
] { address_match_element
; ... };
match-mapped-addresses boolean
;
memstatistics-file quoted_string
;
pid-file ( quoted_string
| none );
port integer
;
querylog boolean
;
recursing-file quoted_string
;
reserved-sockets integer
;
random-device quoted_string
;
recursive-clients integer
;
serial-query-rate integer
;
server-id ( quoted_string
| hostname | none );
stacksize size
;
statistics-file quoted_string
;
statistics-interval integer
; // not yet implemented
tcp-clients integer
;
tcp-listen-queue integer
;
tkey-dhkey quoted_string
integer
;
tkey-gssapi-credential quoted_string
;
tkey-gssapi-keytab quoted_string
;
tkey-domain quoted_string
;
transfers-per-ns integer
;
transfers-in integer
;
transfers-out integer
;
version ( quoted_string
| none );
allow-recursion { address_match_element
; ... };
allow-recursion-on { address_match_element
; ... };
sortlist { address_match_element
; ... };
topology { address_match_element
; ... }; // not implemented
auth-nxdomain boolean
; // default changed
minimal-responses boolean
;
recursion boolean
;
rrset-order {
[ class string
] [ type string
]
[ name quoted_string
] string
string
; ...
};
provide-ixfr boolean
;
request-ixfr boolean
;
rfc2308-type1 boolean
; // not yet implemented
additional-from-auth boolean
;
additional-from-cache boolean
;
query-source ( ( ipv4_address
| * ) | [ address ( ipv4_address
| * ) ] ) [ port ( integer
| * ) ];
query-source-v6 ( ( ipv6_address
| * ) | [ address ( ipv6_address
| * ) ] ) [ port ( integer
| * ) ];
use-queryport-pool boolean
;
queryport-pool-ports integer
;
queryport-pool-updateinterval integer
;
cleaning-interval integer
;
resolver-query-timeout integer
;
min-roots integer
; // not implemented
lame-ttl integer
;
max-ncache-ttl integer
;
max-cache-ttl integer
;
transfer-format ( many-answers | one-answer );
max-cache-size size
;
max-acache-size size
;
clients-per-query number
;
max-clients-per-query number
;
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity boolean
;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file quoted_string
; // test option
suppress-initial-notify boolean
; // not yet implemented
preferred-glue string
;
dual-stack-servers [ port integer
] {
( quoted_string
[port integer
] |
ipv4_address
[port integer
] |
ipv6_address
[port integer
] ); ...
};
edns-udp-size integer
;
max-udp-size integer
;
root-delegation-only [ exclude { quoted_string
; ... } ];
disable-algorithms string
{ string
; ... };
disable-ds-digests string
{ string
; ... };
dnssec-enable boolean
;
dnssec-validation boolean
;
dnssec-lookaside ( auto
| no
| domain
trust-anchor domain
);
dnssec-must-be-secure string
boolean
;
dnssec-accept-expired boolean
;
dns64-server string
;
dns64-contact string
;
dns64 prefix
{
clients { <replacable>acl</replacable>; };
exclude { <replacable>acl</replacable>; };
mapped { <replacable>acl</replacable>; };
break-dnssec boolean
;
recursive-only boolean
;
suffix ipv6_address
;
};
empty-server string
;
empty-contact string
;
empty-zones-enable boolean
;
disable-empty-zone string
;
dialup dialuptype
;
ixfr-from-differences ixfrdiff
;
allow-query { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-query-cache { address_match_element
; ... };
allow-query-cache-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
update-check-ksk boolean
;
dnssec-dnskey-kskonly boolean
;
masterfile-format ( text | raw | map );
notify notifytype
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ];
notify-delay seconds
;
notify-to-soa boolean
;
also-notify [ port integer
] { ( ipv4_address
| ipv6_address
)
[ port integer
]; ...
[ key keyname
] ... };
allow-notify { address_match_element
; ... };
forward ( first | only );
forwarders [ port integer
] {
( ipv4_address
| ipv6_address
) [ port integer
]; ...
};
max-journal-size size_no_default
;
max-records integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-retry-time integer
;
min-retry-time integer
;
max-refresh-time integer
;
min-refresh-time integer
;
multi-master boolean
;
sig-validity-interval integer
;
sig-re-signing-interval integer
;
sig-signing-nodes integer
;
sig-signing-signatures integer
;
sig-signing-type integer
;
transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
alt-transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
alt-transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
use-alt-transfer-source boolean
;
zone-statistics boolean
;
key-directory quoted_string
;
managed-keys-directory quoted_string
;
auto-dnssec allow
|maintain
|off
;
try-tcp-refresh boolean
;
zero-no-soa-ttl boolean
;
zero-no-soa-ttl-cache boolean
;
dnssec-secure-to-insecure boolean
;
automatic-interface-scan boolean
;
deny-answer-addresses {
address_match_list
} [ except-from { namelist
} ];
deny-answer-aliases {
namelist
} [ except-from { namelist
} ];
nsec3-test-zone boolean
; // testing only
allow-v6-synthesis { address_match_element
; ... }; // obsolete
deallocate-on-exit boolean
; // obsolete
fake-iquery boolean
; // obsolete
fetch-glue boolean
; // obsolete
has-old-clients boolean
; // obsolete
maintain-ixfr-base boolean
; // obsolete
max-ixfr-log-size size
; // obsolete
multiple-cnames boolean
; // obsolete
named-xfer quoted_string
; // obsolete
serial-queries integer
; // obsolete
treat-cr-as-space boolean
; // obsolete
use-id-pool boolean
; // obsolete
use-ixfr boolean
; // obsolete
};
view string
optional_class
{
match-clients { address_match_element
; ... };
match-destinations { address_match_element
; ... };
match-recursive-only boolean
;
key string
{
algorithm string
;
secret string
;
};
zone string
optional_class
{
...
};
server ( ipv4_address[/prefixlen]
| ipv6_address[/prefixlen]
) {
...
};
trusted-keys {
string
integer
integer
integer
quoted_string
;
[...]
};
managed-keys {
domain_name
initial-key
flags
protocol
algorithm
key
;
[...]
};
allow-recursion { address_match_element
; ... };
allow-recursion-on { address_match_element
; ... };
sortlist { address_match_element
; ... };
topology { address_match_element
; ... }; // not implemented
auth-nxdomain boolean
; // default changed
minimal-responses boolean
;
recursion boolean
;
rrset-order {
[ class string
] [ type string
]
[ name quoted_string
] string
string
; ...
};
provide-ixfr boolean
;
request-ixfr boolean
;
rfc2308-type1 boolean
; // not yet implemented
additional-from-auth boolean
;
additional-from-cache boolean
;
query-source ( ( ipv4_address
| * ) | [ address ( ipv4_address
| * ) ] ) [ port ( integer
| * ) ];
query-source-v6 ( ( ipv6_address
| * ) | [ address ( ipv6_address
| * ) ] ) [ port ( integer
| * ) ];
use-queryport-pool boolean
;
queryport-pool-ports integer
;
queryport-pool-updateinterval integer
;
cleaning-interval integer
;
resolver-query-timeout integer
;
min-roots integer
; // not implemented
lame-ttl integer
;
max-ncache-ttl integer
;
max-cache-ttl integer
;
transfer-format ( many-answers | one-answer );
max-cache-size size
;
max-acache-size size
;
clients-per-query number
;
max-clients-per-query number
;
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity boolean
;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file quoted_string
; // test option
suppress-initial-notify boolean
; // not yet implemented
preferred-glue string
;
dual-stack-servers [ port integer
] {
( quoted_string
[port integer
] |
ipv4_address
[port integer
] |
ipv6_address
[port integer
] ); ...
};
edns-udp-size integer
;
max-udp-size integer
;
root-delegation-only [ exclude { quoted_string
; ... } ];
disable-algorithms string
{ string
; ... };
disable-ds-digests string
{ string
; ... };
dnssec-enable boolean
;
dnssec-validation boolean
;
dnssec-lookaside ( auto
| no
| domain
trust-anchor domain
);
dnssec-must-be-secure string
boolean
;
dnssec-accept-expired boolean
;
dns64-server string
;
dns64-contact string
;
dns64 prefix
{
clients { <replacable>acl</replacable>; };
exclude { <replacable>acl</replacable>; };
mapped { <replacable>acl</replacable>; };
break-dnssec boolean
;
recursive-only boolean
;
suffix ipv6_address
;
};
empty-server string
;
empty-contact string
;
empty-zones-enable boolean
;
disable-empty-zone string
;
dialup dialuptype
;
ixfr-from-differences ixfrdiff
;
allow-query { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-query-cache { address_match_element
; ... };
allow-query-cache-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
update-check-ksk boolean
;
dnssec-dnskey-kskonly boolean
;
masterfile-format ( text | raw | map );
notify notifytype
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ];
notify-delay seconds
;
notify-to-soa boolean
;
also-notify [ port integer
] { ( ipv4_address
| ipv6_address
)
[ port integer
]; ...
[ key keyname
] ... };
allow-notify { address_match_element
; ... };
forward ( first | only );
forwarders [ port integer
] {
( ipv4_address
| ipv6_address
) [ port integer
]; ...
};
max-journal-size size_no_default
;
max-records integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-retry-time integer
;
min-retry-time integer
;
max-refresh-time integer
;
min-refresh-time integer
;
multi-master boolean
;
sig-validity-interval integer
;
transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
alt-transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
alt-transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
use-alt-transfer-source boolean
;
zone-statistics boolean
;
try-tcp-refresh boolean
;
key-directory quoted_string
;
zero-no-soa-ttl boolean
;
zero-no-soa-ttl-cache boolean
;
dnssec-secure-to-insecure boolean
;
allow-v6-synthesis { address_match_element
; ... }; // obsolete
fetch-glue boolean
; // obsolete
maintain-ixfr-base boolean
; // obsolete
max-ixfr-log-size size
; // obsolete
};
zone string
optional_class
{
type ( master | slave | stub | hint | redirect |
forward | delegation-only );
file quoted_string
;
masters [ port integer
] {
( masters
|
ipv4_address
[port integer
] |
ipv6_address
[ port integer
] ) [ key string
]; ...
};
database string
;
delegation-only boolean
;
check-names ( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity boolean
;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
dialup dialuptype
;
ixfr-from-differences boolean
;
journal quoted_string
;
zero-no-soa-ttl boolean
;
dnssec-secure-to-insecure boolean
;
allow-query { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
update-policy local
| {
;
( grant | deny ) string
( name | subdomain | wildcard | self | selfsub | selfwild |
krb5-self | ms-self | krb5-subdomain | ms-subdomain |
tcp-self | zonesub | 6to4-self ) string
rrtypelist
;
[...]
}
update-check-ksk boolean
;
dnssec-dnskey-kskonly boolean
;
masterfile-format ( text | raw | map );
notify notifytype
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ];
notify-delay seconds
;
notify-to-soa boolean
;
also-notify [ port integer
] { ( ipv4_address
| ipv6_address
)
[ port integer
]; ...
[ key keyname
] ... };
allow-notify { address_match_element
; ... };
forward ( first | only );
forwarders [ port integer
] {
( ipv4_address
| ipv6_address
) [ port integer
]; ...
};
max-journal-size size_no_default
;
max-records integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-retry-time integer
;
min-retry-time integer
;
max-refresh-time integer
;
min-refresh-time integer
;
multi-master boolean
;
request-ixfr boolean
;
sig-validity-interval integer
;
transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
alt-transfer-source ( ipv4_address
| * )
[ port ( integer
| * ) ];
alt-transfer-source-v6 ( ipv6_address
| * )
[ port ( integer
| * ) ];
use-alt-transfer-source boolean
;
zone-statistics boolean
;
try-tcp-refresh boolean
;
key-directory quoted_string
;
nsec3-test-zone boolean
; // testing only
ixfr-base quoted_string
; // obsolete
ixfr-tmp-file quoted_string
; // obsolete
maintain-ixfr-base boolean
; // obsolete
max-ixfr-log-size size
; // obsolete
pubkey integer
integer
integer
quoted_string
; // obsolete
};