.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "NAMED.CONF" "5" "2023-01-12" "9.16.37-Debian" "BIND 9" .SH NAME named.conf \- configuration file for **named** .SH SYNOPSIS .sp \fBnamed.conf\fP .SH DESCRIPTION .sp \fBnamed.conf\fP is the configuration file for \fBnamed\fP\&. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .sp C style: /* */ .INDENT 0.0 .INDENT 3.5 C++ style: // to end of line .UNINDENT .UNINDENT .sp Unix style: # to end of line .SS ACL .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C acl string { address_match_element; ... }; .ft P .fi .UNINDENT .UNINDENT .SS CONTROLS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C controls { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read\-only boolean ]; unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read\-only boolean ]; }; .ft P .fi .UNINDENT .UNINDENT .SS DLZ .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C dlz string { database string; search boolean; }; .ft P .fi .UNINDENT .UNINDENT .SS DNSSEC\-POLICY .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C dnssec\-policy string { dnskey\-ttl duration; keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; max\-zone\-ttl duration; nsec3param [ iterations integer ] [ optout boolean ] [ salt\-length integer ]; parent\-ds\-ttl duration; parent\-propagation\-delay duration; publish\-safety duration; purge\-keys duration; retire\-safety duration; signatures\-refresh duration; signatures\-validity duration; signatures\-validity\-dnskey duration; zone\-propagation\-delay duration; }; .ft P .fi .UNINDENT .UNINDENT .SS DYNDB .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C dyndb string quoted_string { unspecified\-text }; .ft P .fi .UNINDENT .UNINDENT .SS KEY .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C key string { algorithm string; secret string; }; .ft P .fi .UNINDENT .UNINDENT .SS LOGGING .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C logging { category string { string; ... }; channel string { buffered boolean; file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print\-category boolean; print\-severity boolean; print\-time ( iso8601 | iso8601\-utc | local | boolean ); severity log_severity; stderr; syslog [ syslog_facility ]; }; }; .ft P .fi .UNINDENT .UNINDENT .SS MANAGED\-KEYS .sp See DNSSEC\-KEYS. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated .ft P .fi .UNINDENT .UNINDENT .SS MASTERS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C masters string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; .ft P .fi .UNINDENT .UNINDENT .SS OPTIONS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C options { allow\-new\-zones boolean; allow\-notify { address_match_element; ... }; allow\-query { address_match_element; ... }; allow\-query\-cache { address_match_element; ... }; allow\-query\-cache\-on { address_match_element; ... }; allow\-query\-on { address_match_element; ... }; allow\-recursion { address_match_element; ... }; allow\-recursion\-on { address_match_element; ... }; allow\-transfer { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer\-cookie boolean; attach\-cache string; auth\-nxdomain boolean; // default changed auto\-dnssec ( allow | maintain | off );// deprecated automatic\-interface\-scan boolean; avoid\-v4\-udp\-ports { portrange; ... }; avoid\-v6\-udp\-ports { portrange; ... }; bindkeys\-file quoted_string; blackhole { address_match_element; ... }; cache\-file quoted_string;// deprecated catalog\-zones { zone string [ default\-masters [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard boolean; clients\-per\-query integer; cookie\-algorithm ( aes | siphash24 ); cookie\-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; dialup ( notify | notify\-passive | passive | refresh | boolean ); directory quoted_string; disable\-algorithms string { string; ... }; disable\-ds\-digests string { string; ... }; disable\-empty\-zone string; dns64 netprefix { break\-dnssec boolean; clients { address_match_element; ... }; exclude { address_match_element; ... }; mapped { address_match_element; ... }; recursive\-only boolean; suffix ipv6_address; }; dns64\-contact string; dns64\-server string; dnskey\-sig\-validity integer; dnsrps\-enable boolean; dnsrps\-options { unspecified\-text }; dnssec\-accept\-expired boolean; dnssec\-dnskey\-kskonly boolean; dnssec\-loadkeys\-interval integer; dnssec\-must\-be\-secure string boolean; dnssec\-policy string; dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap\-identity ( quoted_string | none | hostname ); dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap\-version ( quoted_string | none ); dscp integer; dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump\-file quoted_string; edns\-udp\-size integer; empty\-contact string; empty\-server string; empty\-zones\-enable boolean; fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; fetches\-per\-server integer [ ( drop | fail ) ]; fetches\-per\-zone integer [ ( drop | fail ) ]; files ( default | unlimited | sizeval ); flush\-zones\-on\-shutdown boolean; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm\-set\-buffer\-hint integer; fstrm\-set\-flush\-timeout integer; fstrm\-set\-input\-queue\-size integer; fstrm\-set\-output\-notify\-threshold integer; fstrm\-set\-output\-queue\-model ( mpsc | spsc ); fstrm\-set\-output\-queue\-size integer; fstrm\-set\-reopen\-interval duration; geoip\-directory ( quoted_string | none ); glue\-cache boolean; heartbeat\-interval integer; hostname ( quoted_string | none ); interface\-interval duration; ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); keep\-response\-order { address_match_element; ... }; key\-directory quoted_string; lame\-ttl duration; listen\-on [ port integer ] [ dscp integer ] { address_match_element; ... }; listen\-on\-v6 [ port integer ] [ dscp integer ] { address_match_element; ... }; lmdb\-mapsize sizeval; lock\-file ( quoted_string | none ); managed\-keys\-directory quoted_string; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); match\-mapped\-addresses boolean; max\-cache\-size ( default | unlimited | sizeval | percentage ); max\-cache\-ttl duration; max\-clients\-per\-query integer; max\-ixfr\-ratio ( unlimited | percentage ); max\-journal\-size ( default | unlimited | sizeval ); max\-ncache\-ttl duration; max\-records integer; max\-recursion\-depth integer; max\-recursion\-queries integer; max\-refresh\-time integer; max\-retry\-time integer; max\-rsa\-exponent\-size integer; max\-stale\-ttl duration; max\-transfer\-idle\-in integer; max\-transfer\-idle\-out integer; max\-transfer\-time\-in integer; max\-transfer\-time\-out integer; max\-udp\-size integer; max\-zone\-ttl ( unlimited | duration ); memstatistics boolean; memstatistics\-file quoted_string; message\-compression boolean; min\-cache\-ttl duration; min\-ncache\-ttl duration; min\-refresh\-time integer; min\-retry\-time integer; minimal\-any boolean; minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); multi\-master boolean; new\-zones\-directory quoted_string; no\-case\-compress { address_match_element; ... }; nocookie\-udp\-size integer; notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; notify\-rate integer; notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; nta\-lifetime duration; nta\-recheck duration; nxdomain\-redirect string; parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; pid\-file ( quoted_string | none ); port integer; preferred\-glue string; prefetch integer [ integer ]; provide\-ixfr boolean; qname\-minimization ( strict | relaxed | disabled | off ); query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random\-device ( quoted_string | none ); rate\-limit { all\-per\-second integer; errors\-per\-second integer; exempt\-clients { address_match_element; ... }; ipv4\-prefix\-length integer; ipv6\-prefix\-length integer; log\-only boolean; max\-table\-size integer; min\-table\-size integer; nodata\-per\-second integer; nxdomains\-per\-second integer; qps\-scale integer; referrals\-per\-second integer; responses\-per\-second integer; slip integer; window integer; }; recursing\-file quoted_string; recursion boolean; recursive\-clients integer; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; require\-server\-cookie boolean; reserved\-sockets integer; resolver\-nonbackoff\-tries integer; resolver\-query\-timeout integer; resolver\-retry\-interval integer; response\-padding { address_match_element; ... } block\-size integer; response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; reuseport boolean; root\-delegation\-only [ exclude { string; ... } ]; root\-key\-sentinel boolean; rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots\-file quoted_string; send\-cookie boolean; serial\-query\-rate integer; serial\-update\-method ( date | increment | unixtime ); server\-id ( quoted_string | none | hostname ); servfail\-ttl duration; session\-keyalg string; session\-keyfile ( quoted_string | none ); session\-keyname string; sig\-signing\-nodes integer; sig\-signing\-signatures integer; sig\-signing\-type integer; sig\-validity\-interval integer [ integer ]; sortlist { address_match_element; ... }; stacksize ( default | unlimited | sizeval ); stale\-answer\-client\-timeout ( disabled | off | integer ); stale\-answer\-enable boolean; stale\-answer\-ttl duration; stale\-cache\-enable boolean; stale\-refresh\-time duration; startup\-notify\-rate integer; statistics\-file quoted_string; synth\-from\-dnssec boolean; tcp\-advertised\-timeout integer; tcp\-clients integer; tcp\-idle\-timeout integer; tcp\-initial\-timeout integer; tcp\-keepalive\-timeout integer; tcp\-listen\-queue integer; tkey\-dhkey quoted_string integer; tkey\-domain quoted_string; tkey\-gssapi\-credential quoted_string; tkey\-gssapi\-keytab quoted_string; transfer\-format ( many\-answers | one\-answer ); transfer\-message\-size integer; transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers\-in integer; transfers\-out integer; transfers\-per\-ns integer; trust\-anchor\-telemetry boolean; // experimental try\-tcp\-refresh boolean; update\-check\-ksk boolean; update\-quota integer; use\-alt\-transfer\-source boolean; use\-v4\-udp\-ports { portrange; ... }; use\-v6\-udp\-ports { portrange; ... }; v6\-bias integer; validate\-except { string; ... }; version ( quoted_string | none ); zero\-no\-soa\-ttl boolean; zero\-no\-soa\-ttl\-cache boolean; zone\-statistics ( full | terse | none | boolean ); }; .ft P .fi .UNINDENT .UNINDENT .SS PARENTAL\-AGENTS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C parental\-agents string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; .ft P .fi .UNINDENT .UNINDENT .SS PLUGIN .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C plugin ( query ) string [ { unspecified\-text } ]; .ft P .fi .UNINDENT .UNINDENT .SS PRIMARIES .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C primaries string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; .ft P .fi .UNINDENT .UNINDENT .SS SERVER .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C server netprefix { bogus boolean; edns boolean; edns\-udp\-size integer; edns\-version integer; keys server_key; max\-udp\-size integer; notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide\-ixfr boolean; query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; send\-cookie boolean; tcp\-keepalive boolean; tcp\-only boolean; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; .ft P .fi .UNINDENT .UNINDENT .SS STATISTICS\-CHANNELS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C statistics\-channels { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; }; .ft P .fi .UNINDENT .UNINDENT .SS TRUST\-ANCHORS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; .ft P .fi .UNINDENT .UNINDENT .SS TRUSTED\-KEYS .sp Deprecated \- see DNSSEC\-KEYS. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C trusted\-keys { string integer integer integer quoted_string; ... };, deprecated .ft P .fi .UNINDENT .UNINDENT .SS VIEW .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C view string [ class ] { allow\-new\-zones boolean; allow\-notify { address_match_element; ... }; allow\-query { address_match_element; ... }; allow\-query\-cache { address_match_element; ... }; allow\-query\-cache\-on { address_match_element; ... }; allow\-query\-on { address_match_element; ... }; allow\-recursion { address_match_element; ... }; allow\-recursion\-on { address_match_element; ... }; allow\-transfer { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach\-cache string; auth\-nxdomain boolean; // default changed auto\-dnssec ( allow | maintain | off );// deprecated cache\-file quoted_string;// deprecated catalog\-zones { zone string [ default\-masters [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard boolean; clients\-per\-query integer; deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; dialup ( notify | notify\-passive | passive | refresh | boolean ); disable\-algorithms string { string; ... }; disable\-ds\-digests string { string; ... }; disable\-empty\-zone string; dlz string { database string; search boolean; }; dns64 netprefix { break\-dnssec boolean; clients { address_match_element; ... }; exclude { address_match_element; ... }; mapped { address_match_element; ... }; recursive\-only boolean; suffix ipv6_address; }; dns64\-contact string; dns64\-server string; dnskey\-sig\-validity integer; dnsrps\-enable boolean; dnsrps\-options { unspecified\-text }; dnssec\-accept\-expired boolean; dnssec\-dnskey\-kskonly boolean; dnssec\-loadkeys\-interval integer; dnssec\-must\-be\-secure string boolean; dnssec\-policy string; dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dyndb string quoted_string { unspecified\-text }; edns\-udp\-size integer; empty\-contact string; empty\-server string; empty\-zones\-enable boolean; fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; fetches\-per\-server integer [ ( drop | fail ) ]; fetches\-per\-zone integer [ ( drop | fail ) ]; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; glue\-cache boolean; ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; }; key\-directory quoted_string; lame\-ttl duration; lmdb\-mapsize sizeval; managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); match\-clients { address_match_element; ... }; match\-destinations { address_match_element; ... }; match\-recursive\-only boolean; max\-cache\-size ( default | unlimited | sizeval | percentage ); max\-cache\-ttl duration; max\-clients\-per\-query integer; max\-ixfr\-ratio ( unlimited | percentage ); max\-journal\-size ( default | unlimited | sizeval ); max\-ncache\-ttl duration; max\-records integer; max\-recursion\-depth integer; max\-recursion\-queries integer; max\-refresh\-time integer; max\-retry\-time integer; max\-stale\-ttl duration; max\-transfer\-idle\-in integer; max\-transfer\-idle\-out integer; max\-transfer\-time\-in integer; max\-transfer\-time\-out integer; max\-udp\-size integer; max\-zone\-ttl ( unlimited | duration ); message\-compression boolean; min\-cache\-ttl duration; min\-ncache\-ttl duration; min\-refresh\-time integer; min\-retry\-time integer; minimal\-any boolean; minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); multi\-master boolean; new\-zones\-directory quoted_string; no\-case\-compress { address_match_element; ... }; nocookie\-udp\-size integer; notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; nta\-lifetime duration; nta\-recheck duration; nxdomain\-redirect string; parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; plugin ( query ) string [ { unspecified\-text } ]; preferred\-glue string; prefetch integer [ integer ]; provide\-ixfr boolean; qname\-minimization ( strict | relaxed | disabled | off ); query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate\-limit { all\-per\-second integer; errors\-per\-second integer; exempt\-clients { address_match_element; ... }; ipv4\-prefix\-length integer; ipv6\-prefix\-length integer; log\-only boolean; max\-table\-size integer; min\-table\-size integer; nodata\-per\-second integer; nxdomains\-per\-second integer; qps\-scale integer; referrals\-per\-second integer; responses\-per\-second integer; slip integer; window integer; }; recursion boolean; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; require\-server\-cookie boolean; resolver\-nonbackoff\-tries integer; resolver\-query\-timeout integer; resolver\-retry\-interval integer; response\-padding { address_match_element; ... } block\-size integer; response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; root\-delegation\-only [ exclude { string; ... } ]; root\-key\-sentinel boolean; rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send\-cookie boolean; serial\-update\-method ( date | increment | unixtime ); server netprefix { bogus boolean; edns boolean; edns\-udp\-size integer; edns\-version integer; keys server_key; max\-udp\-size integer; notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide\-ixfr boolean; query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; send\-cookie boolean; tcp\-keepalive boolean; tcp\-only boolean; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail\-ttl duration; sig\-signing\-nodes integer; sig\-signing\-signatures integer; sig\-signing\-type integer; sig\-validity\-interval integer [ integer ]; sortlist { address_match_element; ... }; stale\-answer\-client\-timeout ( disabled | off | integer ); stale\-answer\-enable boolean; stale\-answer\-ttl duration; stale\-cache\-enable boolean; stale\-refresh\-time duration; synth\-from\-dnssec boolean; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust\-anchor\-telemetry boolean; // experimental trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; trusted\-keys { string integer integer integer quoted_string; ... };, deprecated try\-tcp\-refresh boolean; update\-check\-ksk boolean; use\-alt\-transfer\-source boolean; v6\-bias integer; validate\-except { string; ... }; zero\-no\-soa\-ttl boolean; zero\-no\-soa\-ttl\-cache boolean; zone string [ class ] { allow\-notify { address_match_element; ... }; allow\-query { address_match_element; ... }; allow\-query\-on { address_match_element; ... }; allow\-transfer { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; auto\-dnssec ( allow | maintain | off );// deprecated check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard boolean; database string; delegation\-only boolean; dialup ( notify | notify\-passive | passive | refresh | boolean ); dlz string; dnskey\-sig\-validity integer; dnssec\-dnskey\-kskonly boolean; dnssec\-loadkeys\-interval integer; dnssec\-policy string; dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); file quoted_string; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; in\-view string; inline\-signing boolean; ixfr\-from\-differences boolean; journal quoted_string; key\-directory quoted_string; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); masters [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; max\-ixfr\-ratio ( unlimited | percentage ); max\-journal\-size ( default | unlimited | sizeval ); max\-records integer; max\-refresh\-time integer; max\-retry\-time integer; max\-transfer\-idle\-in integer; max\-transfer\-idle\-out integer; max\-transfer\-time\-in integer; max\-transfer\-time\-out integer; max\-zone\-ttl ( unlimited | duration ); min\-refresh\-time integer; min\-retry\-time integer; multi\-master boolean; notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; parental\-agents [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; request\-expire boolean; request\-ixfr boolean; serial\-update\-method ( date | increment | unixtime ); server\-addresses { ( ipv4_address | ipv6_address ); ... }; server\-names { string; ... }; sig\-signing\-nodes integer; sig\-signing\-signatures integer; sig\-signing\-type integer; sig\-validity\-interval integer [ integer ]; transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try\-tcp\-refresh boolean; type ( primary | master | secondary | slave | mirror | delegation\-only | forward | hint | redirect | static\-stub | stub ); update\-check\-ksk boolean; update\-policy ( local | { ( deny | grant ) string ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ string ] rrtypelist; ... } ); use\-alt\-transfer\-source boolean; zero\-no\-soa\-ttl boolean; zone\-statistics ( full | terse | none | boolean ); }; zone\-statistics ( full | terse | none | boolean ); }; .ft P .fi .UNINDENT .UNINDENT .SS ZONE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone string [ class ] { allow\-notify { address_match_element; ... }; allow\-query { address_match_element; ... }; allow\-query\-on { address_match_element; ... }; allow\-transfer { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; auto\-dnssec ( allow | maintain | off );// deprecated check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard boolean; database string; delegation\-only boolean; dialup ( notify | notify\-passive | passive | refresh | boolean ); dlz string; dnskey\-sig\-validity integer; dnssec\-dnskey\-kskonly boolean; dnssec\-loadkeys\-interval integer; dnssec\-policy string; dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); file quoted_string; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; in\-view string; inline\-signing boolean; ixfr\-from\-differences boolean; journal quoted_string; key\-directory quoted_string; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); masters [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; max\-ixfr\-ratio ( unlimited | percentage ); max\-journal\-size ( default | unlimited | sizeval ); max\-records integer; max\-refresh\-time integer; max\-retry\-time integer; max\-transfer\-idle\-in integer; max\-transfer\-idle\-out integer; max\-transfer\-time\-in integer; max\-transfer\-time\-out integer; max\-zone\-ttl ( unlimited | duration ); min\-refresh\-time integer; min\-retry\-time integer; multi\-master boolean; notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; parental\-agents [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; request\-expire boolean; request\-ixfr boolean; serial\-update\-method ( date | increment | unixtime ); server\-addresses { ( ipv4_address | ipv6_address ); ... }; server\-names { string; ... }; sig\-signing\-nodes integer; sig\-signing\-signatures integer; sig\-signing\-type integer; sig\-validity\-interval integer [ integer ]; transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try\-tcp\-refresh boolean; type ( primary | master | secondary | slave | mirror | delegation\-only | forward | hint | redirect | static\-stub | stub ); update\-check\-ksk boolean; update\-policy ( local | { ( deny | grant ) string ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ string ] rrtypelist; ... } ); use\-alt\-transfer\-source boolean; zero\-no\-soa\-ttl boolean; zone\-statistics ( full | terse | none | boolean ); }; .ft P .fi .UNINDENT .UNINDENT .SH FILES .sp \fB/etc/named.conf\fP .SH SEE ALSO .sp \fBddns\-confgen(8)\fP, \fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT 2023, Internet Systems Consortium .\" Generated by docutils manpage writer. .