Scroll to navigation

NAMED.CONF(5) BIND9 NAMED.CONF(5)

NAME

named.conf - configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL

acl string { address_match_element; ... };

CONTROLS

controls {
	inet ( ipv4_address | ipv6_address |
	    * ) [ port ( integer | * ) ] allow
	    { address_match_element; ... } [
	    keys { string; ... } ] [ read-only
	    boolean ];
	unix quoted_string perm integer
	    owner integer group integer [
	    keys { string; ... } ] [ read-only
	    boolean ];
};

DLZ

dlz string {
	database string;
	search boolean;
};

DYNDB

dyndb string quoted_string {

unspecified-text };

KEY

key string {
	algorithm string;
	secret string;
};

LOGGING

logging {
	category string { string; ... };
	channel string {
		buffered boolean;
		file quoted_string [ versions ( unlimited | integer ) ]
		    [ size size ] [ suffix ( increment | timestamp ) ];
		null;
		print-category boolean;
		print-severity boolean;
		print-time ( iso8601 | iso8601-utc | local | boolean );
		severity log_severity;
		stderr;
		syslog [ syslog_facility ];
	};
};

MANAGED-KEYS

managed-keys { string string integer

integer integer quoted_string; ... };

MASTERS

masters string [ port integer ] [ dscp

integer ] { ( masters | ipv4_address [
port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };

OPTIONS

options {
	allow-new-zones boolean;
	allow-notify { address_match_element; ... };
	allow-query { address_match_element; ... };
	allow-query-cache { address_match_element; ... };
	allow-query-cache-on { address_match_element; ... };
	allow-query-on { address_match_element; ... };
	allow-recursion { address_match_element; ... };
	allow-recursion-on { address_match_element; ... };
	allow-transfer { address_match_element; ... };
	allow-update { address_match_element; ... };
	allow-update-forwarding { address_match_element; ... };
	also-notify [ port integer ] [ dscp integer ] { ( masters |
	    ipv4_address [ port integer ] | ipv6_address [ port
	    integer ] ) [ key string ]; ... };
	alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
	    * ) ] [ dscp integer ];
	attach-cache string;
	auth-nxdomain boolean; // default changed
	auto-dnssec ( allow | maintain | off );
	automatic-interface-scan boolean;
	avoid-v4-udp-ports { portrange; ... };
	avoid-v6-udp-ports { portrange; ... };
	bindkeys-file quoted_string;
	blackhole { address_match_element; ... };
	cache-file quoted_string;
	catalog-zones { zone quoted_string [ default-masters [ port
	    integer ] [ dscp integer ] { ( masters | ipv4_address [
	    port integer ] | ipv6_address [ port integer ] ) [ key
	    string ]; ... } ] [ zone-directory quoted_string ] [
	    in-memory boolean ] [ min-update-interval ttlval ]; ... };
	check-dup-records ( fail | warn | ignore );
	check-integrity boolean;
	check-mx ( fail | warn | ignore );
	check-mx-cname ( fail | warn | ignore );
	check-names ( primary | master |
	    secondary | slave | response ) (
	    fail | warn | ignore );
	check-sibling boolean;
	check-spf ( warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	check-wildcard boolean;
	cleaning-interval integer;
	clients-per-query integer;
	cookie-algorithm ( aes | sha1 | sha256 );
	cookie-secret string;
	coresize ( default | unlimited | sizeval );
	datasize ( default | unlimited | sizeval );
	deny-answer-addresses { address_match_element; ... } [
	    except-from { string; ... } ];
	deny-answer-aliases { string; ... } [ except-from { string; ...
	    } ];
	dialup ( notify | notify-passive | passive | refresh | boolean );
	directory quoted_string;
	disable-algorithms string { string;
	    ... };
	disable-ds-digests string { string;
	    ... };
	disable-empty-zone string;
	dns64 netprefix {
		break-dnssec boolean;
		clients { address_match_element; ... };
		exclude { address_match_element; ... };
		mapped { address_match_element; ... };
		recursive-only boolean;
		suffix ipv6_address;
	};
	dns64-contact string;
	dns64-server string;
	dnskey-sig-validity integer;
	dnsrps-enable boolean;
	dnsrps-options { unspecified-text };
	dnssec-accept-expired boolean;
	dnssec-dnskey-kskonly boolean;
	dnssec-enable boolean;
	dnssec-loadkeys-interval integer;
	dnssec-lookaside ( string trust-anchor
	    string | auto | no );
	dnssec-must-be-secure string boolean;
	dnssec-secure-to-insecure boolean;
	dnssec-update-mode ( maintain | no-resign );
	dnssec-validation ( yes | no | auto );
	dnstap { ( all | auth | client | forwarder | resolver ) [ ( query |
	    response ) ]; ... };
	dnstap-identity ( quoted_string | none | hostname );
	dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
	    size ) ] [ versions ( unlimited | integer ) ] [ suffix (
	    increment | timestamp ) ];
	dnstap-version ( quoted_string | none );
	dscp integer;
	dual-stack-servers [ port integer ] { ( quoted_string [ port
	    integer ] [ dscp integer ] | ipv4_address [ port
	    integer ] [ dscp integer ] | ipv6_address [ port
	    integer ] [ dscp integer ] ); ... };
	dump-file quoted_string;
	edns-udp-size integer;
	empty-contact string;
	empty-server string;
	empty-zones-enable boolean;
	fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
	fetches-per-server integer [ ( drop | fail ) ];
	fetches-per-zone integer [ ( drop | fail ) ];
	files ( default | unlimited | sizeval );
	filter-aaaa { address_match_element; ... };
	filter-aaaa-on-v4 ( break-dnssec | boolean );
	filter-aaaa-on-v6 ( break-dnssec | boolean );
	flush-zones-on-shutdown boolean;
	forward ( first | only );
	forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
	    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
	fstrm-set-buffer-hint integer;
	fstrm-set-flush-timeout integer;
	fstrm-set-input-queue-size integer;
	fstrm-set-output-notify-threshold integer;
	fstrm-set-output-queue-model ( mpsc | spsc );
	fstrm-set-output-queue-size integer;
	fstrm-set-reopen-interval ttlval;
	geoip-directory ( quoted_string | none );
	glue-cache boolean;
	heartbeat-interval integer;
	hostname ( quoted_string | none );
	inline-signing boolean;
	interface-interval ttlval;
	ixfr-from-differences ( primary | master | secondary | slave |
	    boolean );
	keep-response-order { address_match_element; ... };
	key-directory quoted_string;
	lame-ttl ttlval;
	listen-on [ port integer ] [ dscp
	    integer ] {
	    address_match_element; ... };
	listen-on-v6 [ port integer ] [ dscp
	    integer ] {
	    address_match_element; ... };
	lmdb-mapsize sizeval;
	lock-file ( quoted_string | none );
	managed-keys-directory quoted_string;
	masterfile-format ( map | raw | text );
	masterfile-style ( full | relative );
	match-mapped-addresses boolean;
	max-cache-size ( default | unlimited | sizeval | percentage );
	max-cache-ttl ttlval;
	max-clients-per-query integer;
	max-journal-size ( default | unlimited | sizeval );
	max-ncache-ttl ttlval;
	max-records integer;
	max-recursion-depth integer;
	max-recursion-queries integer;
	max-refresh-time integer;
	max-retry-time integer;
	max-rsa-exponent-size integer;
	max-stale-ttl ttlval;
	max-transfer-idle-in integer;
	max-transfer-idle-out integer;
	max-transfer-time-in integer;
	max-transfer-time-out integer;
	max-udp-size integer;
	max-zone-ttl ( unlimited | ttlval );
	memstatistics boolean;
	memstatistics-file quoted_string;
	message-compression boolean;
	min-refresh-time integer;
	min-retry-time integer;
	minimal-any boolean;
	minimal-responses ( no-auth | no-auth-recursive | boolean );
	multi-master boolean;
	new-zones-directory quoted_string;
	no-case-compress { address_match_element; ... };
	nocookie-udp-size integer;
	notify ( explicit | master-only | boolean );
	notify-delay integer;
	notify-rate integer;
	notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
	    [ dscp integer ];
	notify-to-soa boolean;
	nta-lifetime ttlval;
	nta-recheck ttlval;
	nxdomain-redirect string;
	pid-file ( quoted_string | none );
	port integer;
	preferred-glue string;
	prefetch integer [ integer ];
	provide-ixfr boolean;
	qname-minimization ( strict | relaxed | disabled | off );
	query-source ( ( [ address ] ( ipv4_address | * ) [ port (
	    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
	    port ( integer | * ) ) ) [ dscp integer ];
	query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
	    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
	    port ( integer | * ) ) ) [ dscp integer ];
	querylog boolean;
	random-device ( quoted_string | none );
	rate-limit {
		all-per-second integer;
		errors-per-second integer;
		exempt-clients { address_match_element; ... };
		ipv4-prefix-length integer;
		ipv6-prefix-length integer;
		log-only boolean;
		max-table-size integer;
		min-table-size integer;
		nodata-per-second integer;
		nxdomains-per-second integer;
		qps-scale integer;
		referrals-per-second integer;
		responses-per-second integer;
		slip integer;
		window integer;
	};
	recursing-file quoted_string;
	recursion boolean;
	recursive-clients integer;
	request-expire boolean;
	request-ixfr boolean;
	request-nsid boolean;
	require-server-cookie boolean;
	reserved-sockets integer;
	resolver-nonbackoff-tries integer;
	resolver-query-timeout integer;
	resolver-retry-interval integer;
	response-padding { address_match_element; ... } block-size
	    integer;
	response-policy { zone quoted_string [ log boolean ] [
	    max-policy-ttl ttlval ] [ min-update-interval ttlval ] [
	    policy ( cname | disabled | drop | given | no-op | nodata |
	    nxdomain | passthru | tcp-only quoted_string ) ] [
	    recursive-only boolean ] [ nsip-enable boolean ] [
	    nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [
	    max-policy-ttl ttlval ] [ min-update-interval ttlval ] [
	    min-ns-dots integer ] [ nsip-wait-recurse boolean ] [
	    qname-wait-recurse boolean ] [ recursive-only boolean ] [
	    nsip-enable boolean ] [ nsdname-enable boolean ] [
	    dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
	    } ];
	root-delegation-only [ exclude { string; ... } ];
	root-key-sentinel boolean;
	rrset-order { [ class string ] [ type string ] [ name
	    quoted_string ] string string; ... };
	secroots-file quoted_string;
	send-cookie boolean;
	serial-query-rate integer;
	serial-update-method ( date | increment | unixtime );
	server-id ( quoted_string | none | hostname );
	servfail-ttl ttlval;
	session-keyalg string;
	session-keyfile ( quoted_string | none );
	session-keyname string;
	sig-signing-nodes integer;
	sig-signing-signatures integer;
	sig-signing-type integer;
	sig-validity-interval integer [ integer ];
	sortlist { address_match_element; ... };
	stacksize ( default | unlimited | sizeval );
	stale-answer-enable boolean;
	stale-answer-ttl ttlval;
	startup-notify-rate integer;
	statistics-file quoted_string;
	synth-from-dnssec boolean;
	tcp-advertised-timeout integer;
	tcp-clients integer;
	tcp-idle-timeout integer;
	tcp-initial-timeout integer;
	tcp-keepalive-timeout integer;
	tcp-listen-queue integer;
	tkey-dhkey quoted_string integer;
	tkey-domain quoted_string;
	tkey-gssapi-credential quoted_string;
	tkey-gssapi-keytab quoted_string;
	transfer-format ( many-answers | one-answer );
	transfer-message-size integer;
	transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	transfers-in integer;
	transfers-out integer;
	transfers-per-ns integer;
	trust-anchor-telemetry boolean; // experimental
	try-tcp-refresh boolean;
	update-check-ksk boolean;
	use-alt-transfer-source boolean;
	use-v4-udp-ports { portrange; ... };
	use-v6-udp-ports { portrange; ... };
	v6-bias integer;
	validate-except { string; ... };
	version ( quoted_string | none );
	zero-no-soa-ttl boolean;
	zero-no-soa-ttl-cache boolean;
	zone-statistics ( full | terse | none | boolean );
};

SERVER

server netprefix {
	bogus boolean;
	edns boolean;
	edns-udp-size integer;
	edns-version integer;
	keys server_key;
	max-udp-size integer;
	notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
	    [ dscp integer ];
	padding integer;
	provide-ixfr boolean;
	query-source ( ( [ address ] ( ipv4_address | * ) [ port (
	    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
	    port ( integer | * ) ) ) [ dscp integer ];
	query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
	    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
	    port ( integer | * ) ) ) [ dscp integer ];
	request-expire boolean;
	request-ixfr boolean;
	request-nsid boolean;
	send-cookie boolean;
	tcp-keepalive boolean;
	tcp-only boolean;
	transfer-format ( many-answers | one-answer );
	transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	transfers integer;
};

STATISTICS-CHANNELS

statistics-channels {
	inet ( ipv4_address | ipv6_address |
	    * ) [ port ( integer | * ) ] [
	    allow { address_match_element; ...
	    } ];
};

TRUSTED-KEYS

trusted-keys { string integer integer

integer quoted_string; ... };

VIEW

view string [ class ] {
	allow-new-zones boolean;
	allow-notify { address_match_element; ... };
	allow-query { address_match_element; ... };
	allow-query-cache { address_match_element; ... };
	allow-query-cache-on { address_match_element; ... };
	allow-query-on { address_match_element; ... };
	allow-recursion { address_match_element; ... };
	allow-recursion-on { address_match_element; ... };
	allow-transfer { address_match_element; ... };
	allow-update { address_match_element; ... };
	allow-update-forwarding { address_match_element; ... };
	also-notify [ port integer ] [ dscp integer ] { ( masters |
	    ipv4_address [ port integer ] | ipv6_address [ port
	    integer ] ) [ key string ]; ... };
	alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
	    * ) ] [ dscp integer ];
	attach-cache string;
	auth-nxdomain boolean; // default changed
	auto-dnssec ( allow | maintain | off );
	cache-file quoted_string;
	catalog-zones { zone quoted_string [ default-masters [ port
	    integer ] [ dscp integer ] { ( masters | ipv4_address [
	    port integer ] | ipv6_address [ port integer ] ) [ key
	    string ]; ... } ] [ zone-directory quoted_string ] [
	    in-memory boolean ] [ min-update-interval ttlval ]; ... };
	check-dup-records ( fail | warn | ignore );
	check-integrity boolean;
	check-mx ( fail | warn | ignore );
	check-mx-cname ( fail | warn | ignore );
	check-names ( primary | master |
	    secondary | slave | response ) (
	    fail | warn | ignore );
	check-sibling boolean;
	check-spf ( warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	check-wildcard boolean;
	cleaning-interval integer;
	clients-per-query integer;
	deny-answer-addresses { address_match_element; ... } [
	    except-from { string; ... } ];
	deny-answer-aliases { string; ... } [ except-from { string; ...
	    } ];
	dialup ( notify | notify-passive | passive | refresh | boolean );
	disable-algorithms string { string;
	    ... };
	disable-ds-digests string { string;
	    ... };
	disable-empty-zone string;
	dlz string {
		database string;
		search boolean;
	};
	dns64 netprefix {
		break-dnssec boolean;
		clients { address_match_element; ... };
		exclude { address_match_element; ... };
		mapped { address_match_element; ... };
		recursive-only boolean;
		suffix ipv6_address;
	};
	dns64-contact string;
	dns64-server string;
	dnskey-sig-validity integer;
	dnsrps-enable boolean;
	dnsrps-options { unspecified-text };
	dnssec-accept-expired boolean;
	dnssec-dnskey-kskonly boolean;
	dnssec-enable boolean;
	dnssec-loadkeys-interval integer;
	dnssec-lookaside ( string trust-anchor
	    string | auto | no );
	dnssec-must-be-secure string boolean;
	dnssec-secure-to-insecure boolean;
	dnssec-update-mode ( maintain | no-resign );
	dnssec-validation ( yes | no | auto );
	dnstap { ( all | auth | client | forwarder | resolver ) [ ( query |
	    response ) ]; ... };
	dual-stack-servers [ port integer ] { ( quoted_string [ port
	    integer ] [ dscp integer ] | ipv4_address [ port
	    integer ] [ dscp integer ] | ipv6_address [ port
	    integer ] [ dscp integer ] ); ... };
	dyndb string quoted_string {
	    unspecified-text };
	edns-udp-size integer;
	empty-contact string;
	empty-server string;
	empty-zones-enable boolean;
	fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
	fetches-per-server integer [ ( drop | fail ) ];
	fetches-per-zone integer [ ( drop | fail ) ];
	filter-aaaa { address_match_element; ... };
	filter-aaaa-on-v4 ( break-dnssec | boolean );
	filter-aaaa-on-v6 ( break-dnssec | boolean );
	forward ( first | only );
	forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
	    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
	glue-cache boolean;
	inline-signing boolean;
	ixfr-from-differences ( primary | master | secondary | slave |
	    boolean );
	key string {
		algorithm string;
		secret string;
	};
	key-directory quoted_string;
	lame-ttl ttlval;
	lmdb-mapsize sizeval;
	managed-keys { string string
	    integer integer integer
	    quoted_string; ... };
	masterfile-format ( map | raw | text );
	masterfile-style ( full | relative );
	match-clients { address_match_element; ... };
	match-destinations { address_match_element; ... };
	match-recursive-only boolean;
	max-cache-size ( default | unlimited | sizeval | percentage );
	max-cache-ttl ttlval;
	max-clients-per-query integer;
	max-journal-size ( default | unlimited | sizeval );
	max-ncache-ttl ttlval;
	max-records integer;
	max-recursion-depth integer;
	max-recursion-queries integer;
	max-refresh-time integer;
	max-retry-time integer;
	max-stale-ttl ttlval;
	max-transfer-idle-in integer;
	max-transfer-idle-out integer;
	max-transfer-time-in integer;
	max-transfer-time-out integer;
	max-udp-size integer;
	max-zone-ttl ( unlimited | ttlval );
	message-compression boolean;
	min-refresh-time integer;
	min-retry-time integer;
	minimal-any boolean;
	minimal-responses ( no-auth | no-auth-recursive | boolean );
	multi-master boolean;
	new-zones-directory quoted_string;
	no-case-compress { address_match_element; ... };
	nocookie-udp-size integer;
	notify ( explicit | master-only | boolean );
	notify-delay integer;
	notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
	    [ dscp integer ];
	notify-to-soa boolean;
	nta-lifetime ttlval;
	nta-recheck ttlval;
	nxdomain-redirect string;
	preferred-glue string;
	prefetch integer [ integer ];
	provide-ixfr boolean;
	qname-minimization ( strict | relaxed | disabled | off );
	query-source ( ( [ address ] ( ipv4_address | * ) [ port (
	    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
	    port ( integer | * ) ) ) [ dscp integer ];
	query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
	    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
	    port ( integer | * ) ) ) [ dscp integer ];
	rate-limit {
		all-per-second integer;
		errors-per-second integer;
		exempt-clients { address_match_element; ... };
		ipv4-prefix-length integer;
		ipv6-prefix-length integer;
		log-only boolean;
		max-table-size integer;
		min-table-size integer;
		nodata-per-second integer;
		nxdomains-per-second integer;
		qps-scale integer;
		referrals-per-second integer;
		responses-per-second integer;
		slip integer;
		window integer;
	};
	recursion boolean;
	request-expire boolean;
	request-ixfr boolean;
	request-nsid boolean;
	require-server-cookie boolean;
	resolver-nonbackoff-tries integer;
	resolver-query-timeout integer;
	resolver-retry-interval integer;
	response-padding { address_match_element; ... } block-size
	    integer;
	response-policy { zone quoted_string [ log boolean ] [
	    max-policy-ttl ttlval ] [ min-update-interval ttlval ] [
	    policy ( cname | disabled | drop | given | no-op | nodata |
	    nxdomain | passthru | tcp-only quoted_string ) ] [
	    recursive-only boolean ] [ nsip-enable boolean ] [
	    nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [
	    max-policy-ttl ttlval ] [ min-update-interval ttlval ] [
	    min-ns-dots integer ] [ nsip-wait-recurse boolean ] [
	    qname-wait-recurse boolean ] [ recursive-only boolean ] [
	    nsip-enable boolean ] [ nsdname-enable boolean ] [
	    dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
	    } ];
	root-delegation-only [ exclude { string; ... } ];
	root-key-sentinel boolean;
	rrset-order { [ class string ] [ type string ] [ name
	    quoted_string ] string string; ... };
	send-cookie boolean;
	serial-update-method ( date | increment | unixtime );
	server netprefix {
		bogus boolean;
		edns boolean;
		edns-udp-size integer;
		edns-version integer;
		keys server_key;
		max-udp-size integer;
		notify-source ( ipv4_address | * ) [ port ( integer | *
		    ) ] [ dscp integer ];
		notify-source-v6 ( ipv6_address | * ) [ port ( integer
		    | * ) ] [ dscp integer ];
		padding integer;
		provide-ixfr boolean;
		query-source ( ( [ address ] ( ipv4_address | * ) [ port
		    ( integer | * ) ] ) | ( [ [ address ] (
		    ipv4_address | * ) ] port ( integer | * ) ) ) [
		    dscp integer ];
		query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
		    port ( integer | * ) ] ) | ( [ [ address ] (
		    ipv6_address | * ) ] port ( integer | * ) ) ) [
		    dscp integer ];
		request-expire boolean;
		request-ixfr boolean;
		request-nsid boolean;
		send-cookie boolean;
		tcp-keepalive boolean;
		tcp-only boolean;
		transfer-format ( many-answers | one-answer );
		transfer-source ( ipv4_address | * ) [ port ( integer |
		    * ) ] [ dscp integer ];
		transfer-source-v6 ( ipv6_address | * ) [ port (
		    integer | * ) ] [ dscp integer ];
		transfers integer;
	};
	servfail-ttl ttlval;
	sig-signing-nodes integer;
	sig-signing-signatures integer;
	sig-signing-type integer;
	sig-validity-interval integer [ integer ];
	sortlist { address_match_element; ... };
	stale-answer-enable boolean;
	stale-answer-ttl ttlval;
	synth-from-dnssec boolean;
	transfer-format ( many-answers | one-answer );
	transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	trust-anchor-telemetry boolean; // experimental
	trusted-keys { string integer
	    integer integer quoted_string;
	    ... };
	try-tcp-refresh boolean;
	update-check-ksk boolean;
	use-alt-transfer-source boolean;
	v6-bias integer;
	validate-except { string; ... };
	zero-no-soa-ttl boolean;
	zero-no-soa-ttl-cache boolean;
	zone string [ class ] {
		allow-notify { address_match_element; ... };
		allow-query { address_match_element; ... };
		allow-query-on { address_match_element; ... };
		allow-transfer { address_match_element; ... };
		allow-update { address_match_element; ... };
		allow-update-forwarding { address_match_element; ... };
		also-notify [ port integer ] [ dscp integer ] { (
		    masters | ipv4_address [ port integer ] |
		    ipv6_address [ port integer ] ) [ key string ];
		    ... };
		alt-transfer-source ( ipv4_address | * ) [ port (
		    integer | * ) ] [ dscp integer ];
		alt-transfer-source-v6 ( ipv6_address | * ) [ port (
		    integer | * ) ] [ dscp integer ];
		auto-dnssec ( allow | maintain | off );
		check-dup-records ( fail | warn | ignore );
		check-integrity boolean;
		check-mx ( fail | warn | ignore );
		check-mx-cname ( fail | warn | ignore );
		check-names ( fail | warn | ignore );
		check-sibling boolean;
		check-spf ( warn | ignore );
		check-srv-cname ( fail | warn | ignore );
		check-wildcard boolean;
		database string;
		delegation-only boolean;
		dialup ( notify | notify-passive | passive | refresh |
		    boolean );
		dlz string;
		dnskey-sig-validity integer;
		dnssec-dnskey-kskonly boolean;
		dnssec-loadkeys-interval integer;
		dnssec-secure-to-insecure boolean;
		dnssec-update-mode ( maintain | no-resign );
		file quoted_string;
		forward ( first | only );
		forwarders [ port integer ] [ dscp integer ] { (
		    ipv4_address | ipv6_address ) [ port integer ] [
		    dscp integer ]; ... };
		in-view string;
		inline-signing boolean;
		ixfr-from-differences boolean;
		journal quoted_string;
		key-directory quoted_string;
		masterfile-format ( map | raw | text );
		masterfile-style ( full | relative );
		masters [ port integer ] [ dscp integer ] { ( masters
		    | ipv4_address [ port integer ] | ipv6_address [
		    port integer ] ) [ key string ]; ... };
		max-ixfr-log-size ( default | unlimited |
		max-journal-size ( default | unlimited | sizeval );
		max-records integer;
		max-refresh-time integer;
		max-retry-time integer;
		max-transfer-idle-in integer;
		max-transfer-idle-out integer;
		max-transfer-time-in integer;
		max-transfer-time-out integer;
		max-zone-ttl ( unlimited | ttlval );
		min-refresh-time integer;
		min-retry-time integer;
		mirror boolean;
		multi-master boolean;
		notify ( explicit | master-only | boolean );
		notify-delay integer;
		notify-source ( ipv4_address | * ) [ port ( integer | *
		    ) ] [ dscp integer ];
		notify-source-v6 ( ipv6_address | * ) [ port ( integer
		    | * ) ] [ dscp integer ];
		notify-to-soa boolean;
		pubkey integer
		    integer
		    integer
		request-expire boolean;
		request-ixfr boolean;
		serial-update-method ( date | increment | unixtime );
		server-addresses { ( ipv4_address | ipv6_address ) [
		    port integer ]; ... };
		server-names { string; ... };
		sig-signing-nodes integer;
		sig-signing-signatures integer;
		sig-signing-type integer;
		sig-validity-interval integer [ integer ];
		transfer-source ( ipv4_address | * ) [ port ( integer |
		    * ) ] [ dscp integer ];
		transfer-source-v6 ( ipv6_address | * ) [ port (
		    integer | * ) ] [ dscp integer ];
		try-tcp-refresh boolean;
		type ( primary | master | secondary | slave |
		    delegation-only | forward | hint | redirect |
		    static-stub | stub );
		update-check-ksk boolean;
		update-policy ( local | { ( deny | grant ) string (
		    6to4-self | external | krb5-self | krb5-subdomain |
		    ms-self | ms-subdomain | name | self | selfsub |
		    selfwild | subdomain | tcp-self | wildcard | zonesub )
		    [ string ] rrtypelist; ... };
		use-alt-transfer-source boolean;
		zero-no-soa-ttl boolean;
		zone-statistics ( full | terse | none | boolean );
	};
	zone-statistics ( full | terse | none | boolean );
};

ZONE

zone string [ class ] {
	allow-notify { address_match_element; ... };
	allow-query { address_match_element; ... };
	allow-query-on { address_match_element; ... };
	allow-transfer { address_match_element; ... };
	allow-update { address_match_element; ... };
	allow-update-forwarding { address_match_element; ... };
	also-notify [ port integer ] [ dscp integer ] { ( masters |
	    ipv4_address [ port integer ] | ipv6_address [ port
	    integer ] ) [ key string ]; ... };
	alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
	    * ) ] [ dscp integer ];
	auto-dnssec ( allow | maintain | off );
	check-dup-records ( fail | warn | ignore );
	check-integrity boolean;
	check-mx ( fail | warn | ignore );
	check-mx-cname ( fail | warn | ignore );
	check-names ( fail | warn | ignore );
	check-sibling boolean;
	check-spf ( warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	check-wildcard boolean;
	database string;
	delegation-only boolean;
	dialup ( notify | notify-passive | passive | refresh | boolean );
	dlz string;
	dnskey-sig-validity integer;
	dnssec-dnskey-kskonly boolean;
	dnssec-loadkeys-interval integer;
	dnssec-secure-to-insecure boolean;
	dnssec-update-mode ( maintain | no-resign );
	file quoted_string;
	forward ( first | only );
	forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
	    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
	in-view string;
	inline-signing boolean;
	ixfr-from-differences boolean;
	journal quoted_string;
	key-directory quoted_string;
	masterfile-format ( map | raw | text );
	masterfile-style ( full | relative );
	masters [ port integer ] [ dscp integer ] { ( masters |
	    ipv4_address [ port integer ] | ipv6_address [ port
	    integer ] ) [ key string ]; ... };
	max-journal-size ( default | unlimited | sizeval );
	max-records integer;
	max-refresh-time integer;
	max-retry-time integer;
	max-transfer-idle-in integer;
	max-transfer-idle-out integer;
	max-transfer-time-in integer;
	max-transfer-time-out integer;
	max-zone-ttl ( unlimited | ttlval );
	min-refresh-time integer;
	min-retry-time integer;
	mirror boolean;
	multi-master boolean;
	notify ( explicit | master-only | boolean );
	notify-delay integer;
	notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
	    [ dscp integer ];
	notify-to-soa boolean;
	pubkey integer integer
	request-expire boolean;
	request-ixfr boolean;
	serial-update-method ( date | increment | unixtime );
	server-addresses { ( ipv4_address | ipv6_address ) [ port
	    integer ]; ... };
	server-names { string; ... };
	sig-signing-nodes integer;
	sig-signing-signatures integer;
	sig-signing-type integer;
	sig-validity-interval integer [ integer ];
	transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
	    dscp integer ];
	transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
	    ] [ dscp integer ];
	try-tcp-refresh boolean;
	type ( primary | master | secondary | slave | delegation-only |
	    forward | hint | redirect | static-stub | stub );
	update-check-ksk boolean;
	update-policy ( local | { ( deny | grant ) string ( 6to4-self |
	    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
	    | name | self | selfsub | selfwild | subdomain | tcp-self |
	    wildcard | zonesub ) [ string ] rrtypelist; ... };
	use-alt-transfer-source boolean;
	zero-no-soa-ttl boolean;
	zone-statistics ( full | terse | none | boolean );
};

FILES

/etc/named.conf

SEE ALSO

ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-confgen(8), BIND 9 Administrator Reference Manual.

AUTHOR

Internet Systems Consortium, Inc.

COPYRIGHT

Copyright © 2004-2018 Internet Systems Consortium, Inc. ("ISC")

2018-06-21 ISC