Scroll to navigation

NAMED.CONF(5) BIND9 NAMED.CONF(5)

NAME

named.conf - configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line

ACL

acl  string { address_match_element; ... };

KEY

key  domain_name {
	algorithm  string;
	secret  string;
};

MASTERS

masters  string [ port integer ] {
	(  masters | ipv4_address [port integer] |
	 ipv6_address [port integer] ) [ key string ]; ...
};

SERVER

server (  ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
	bogus  boolean;
	edns  boolean;
	edns-udp-size  integer;
	max-udp-size  integer;
	provide-ixfr  boolean;
	request-ixfr  boolean;
	keys  server_key;
	transfers  integer;
	transfer-format ( many-answers | one-answer );
	transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	support-ixfr  boolean; // obsolete
};

TRUSTED-KEYS

trusted-keys {
	 domain_name flags protocol algorithm key; ... 
};

MANAGED-KEYS

managed-keys {
	 domain_name initial-key flags protocol algorithm key; ... 
};

CONTROLS

controls {
	inet (  ipv4_address | ipv6_address | * )
		[ port (  integer | * ) ]
		allow {  address_match_element; ... }
		[ keys {  string; ... } ];
	unix  unsupported; // not implemented
};

LOGGING

logging {
	channel  string {
		file  log_file;
		syslog  optional_facility;
		null;
		stderr;
		severity  log_severity;
		print-time  boolean;
		print-severity  boolean;
		print-category  boolean;
	};
	category  string { string; ... };
};

LWRES

lwres {
	listen-on [ port  integer ] {
		(  ipv4_address | ipv6_address ) [ port integer ]; ...
	};
	view  string optional_class;
	search {  string; ... };
	ndots  integer;
};

OPTIONS

options {
	avoid-v4-udp-ports {  port; ... };
	avoid-v6-udp-ports {  port; ... };
	blackhole {  address_match_element; ... };
	coresize  size;
	datasize  size;
	directory  quoted_string;
	dump-file  quoted_string;
	files  size;
	heartbeat-interval  integer;
	host-statistics  boolean; // not implemented
	host-statistics-max  number; // not implemented
	hostname (  quoted_string | none );
	interface-interval  integer;
	listen-on [ port  integer ] { address_match_element; ... };
	listen-on-v6 [ port  integer ] { address_match_element; ... };
	match-mapped-addresses  boolean;
	memstatistics-file  quoted_string;
	pid-file (  quoted_string | none );
	port  integer;
	querylog  boolean;
	recursing-file  quoted_string;
	reserved-sockets  integer;
	random-device  quoted_string;
	recursive-clients  integer;
	serial-query-rate  integer;
	server-id (  quoted_string | none |;
	stacksize  size;
	statistics-file  quoted_string;
	statistics-interval  integer; // not yet implemented
	tcp-clients  integer;
	tcp-listen-queue  integer;
	tkey-dhkey  quoted_string integer;
	tkey-gssapi-credential  quoted_string;
	tkey-gssapi-keytab  quoted_string;
	tkey-domain  quoted_string;
	transfers-per-ns  integer;
	transfers-in  integer;
	transfers-out  integer;
	use-ixfr  boolean;
	version (  quoted_string | none );
	allow-recursion {  address_match_element; ... };
	allow-recursion-on {  address_match_element; ... };
	sortlist {  address_match_element; ... };
	topology {  address_match_element; ... }; // not implemented
	auth-nxdomain  boolean; // default changed
	minimal-responses  boolean;
	recursion  boolean;
	rrset-order {
		[ class  string ] [ type string ]
		[ name  quoted_string ] string string; ...
	};
	provide-ixfr  boolean;
	request-ixfr  boolean;
	rfc2308-type1  boolean; // not yet implemented
	additional-from-auth  boolean;
	additional-from-cache  boolean;
	query-source ( (  ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
	query-source-v6 ( (  ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
	use-queryport-pool  boolean;
	queryport-pool-ports  integer;
	queryport-pool-updateinterval  integer;
	cleaning-interval  integer;
	resolver-query-timeout  integer;
	min-roots  integer; // not implemented
	lame-ttl  integer;
	max-ncache-ttl  integer;
	max-cache-ttl  integer;
	transfer-format ( many-answers | one-answer );
	max-cache-size  size;
	max-acache-size  size;
	clients-per-query  number;
	max-clients-per-query  number;
	check-names ( master | slave | response )
		( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity  boolean;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	cache-file  quoted_string; // test option
	suppress-initial-notify  boolean; // not yet implemented
	preferred-glue  string;
	dual-stack-servers [ port  integer ] {
		(  quoted_string [port integer] |
		 ipv4_address [port integer] |
		 ipv6_address [port integer] ); ...
	};
	edns-udp-size  integer;
	max-udp-size  integer;
	root-delegation-only [ exclude {  quoted_string; ... } ];
	disable-algorithms  string { string; ... };
	dnssec-enable  boolean;
	dnssec-validation  boolean;
	dnssec-lookaside (  auto | no | domain trust-anchor domain );
	dnssec-must-be-secure  string boolean;
	dnssec-accept-expired  boolean;
	dns64-server  string;
	dns64-contact  string;
	dns64  prefix {
		clients { <replacable>acl</replacable>; };
		exclude { <replacable>acl</replacable>; };
		mapped { <replacable>acl</replacable>; };
		break-dnssec  boolean;
		recursive-only  boolean;
		suffix  ipv6_address;
	};
	empty-server  string;
	empty-contact  string;
	empty-zones-enable  boolean;
	disable-empty-zone  string;
	dialup  dialuptype;
	ixfr-from-differences  ixfrdiff;
	allow-query {  address_match_element; ... };
	allow-query-on {  address_match_element; ... };
	allow-query-cache {  address_match_element; ... };
	allow-query-cache-on {  address_match_element; ... };
	allow-transfer {  address_match_element; ... };
	allow-update {  address_match_element; ... };
	allow-update-forwarding {  address_match_element; ... };
	update-check-ksk  boolean;
	dnssec-dnskey-kskonly  boolean;
	masterfile-format ( text | raw );
	notify  notifytype;
	notify-source (  ipv4_address | * ) [ port ( integer | * ) ];
	notify-source-v6 (  ipv6_address | * ) [ port ( integer | * ) ];
	notify-delay  seconds;
	notify-to-soa  boolean;
	also-notify [ port  integer ] { ( ipv4_address | ipv6_address )
		[ port  integer ]; ... };
	allow-notify {  address_match_element; ... };
	forward ( first | only );
	forwarders [ port  integer ] {
		(  ipv4_address | ipv6_address ) [ port integer ]; ...
	};
	max-journal-size  size_no_default;
	max-transfer-time-in  integer;
	max-transfer-time-out  integer;
	max-transfer-idle-in  integer;
	max-transfer-idle-out  integer;
	max-retry-time  integer;
	min-retry-time  integer;
	max-refresh-time  integer;
	min-refresh-time  integer;
	multi-master  boolean;
	sig-validity-interval  integer;
	sig-re-signing-interval  integer;
	sig-signing-nodes  integer;
	sig-signing-signatures  integer;
	sig-signing-type  integer;
	transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	alt-transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	alt-transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	use-alt-transfer-source  boolean;
	zone-statistics  boolean;
	key-directory  quoted_string;
	managed-keys-directory  quoted_string;
	auto-dnssec  allow|maintain|create|off;
	try-tcp-refresh  boolean;
	zero-no-soa-ttl  boolean;
	zero-no-soa-ttl-cache  boolean;
	dnssec-secure-to-insecure  boolean;
	deny-answer-addresses {
		 address_match_list
	} [ except-from {  namelist } ];
	deny-answer-aliases {
		 namelist
	} [ except-from {  namelist } ];
	nsec3-test-zone  boolean;  // testing only
	allow-v6-synthesis {  address_match_element; ... }; // obsolete
	deallocate-on-exit  boolean; // obsolete
	fake-iquery  boolean; // obsolete
	fetch-glue  boolean; // obsolete
	has-old-clients  boolean; // obsolete
	maintain-ixfr-base  boolean; // obsolete
	max-ixfr-log-size  size; // obsolete
	multiple-cnames  boolean; // obsolete
	named-xfer  quoted_string; // obsolete
	serial-queries  integer; // obsolete
	treat-cr-as-space  boolean; // obsolete
	use-id-pool  boolean; // obsolete
};

VIEW

view  string optional_class {
	match-clients {  address_match_element; ... };
	match-destinations {  address_match_element; ... };
	match-recursive-only  boolean;
	key  string {
		algorithm  string;
		secret  string;
	};
	zone  string optional_class {
		...
	};
	server (  ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
		...
	};
	trusted-keys {
		 string integer integer integer quoted_string;
		[...]
	};
	allow-recursion {  address_match_element; ... };
	allow-recursion-on {  address_match_element; ... };
	sortlist {  address_match_element; ... };
	topology {  address_match_element; ... }; // not implemented
	auth-nxdomain  boolean; // default changed
	minimal-responses  boolean;
	recursion  boolean;
	rrset-order {
		[ class  string ] [ type string ]
		[ name  quoted_string ] string string; ...
	};
	provide-ixfr  boolean;
	request-ixfr  boolean;
	rfc2308-type1  boolean; // not yet implemented
	additional-from-auth  boolean;
	additional-from-cache  boolean;
	query-source ( (  ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
	query-source-v6 ( (  ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
	use-queryport-pool  boolean;
	queryport-pool-ports  integer;
	queryport-pool-updateinterval  integer;
	cleaning-interval  integer;
	resolver-query-timeout  integer;
	min-roots  integer; // not implemented
	lame-ttl  integer;
	max-ncache-ttl  integer;
	max-cache-ttl  integer;
	transfer-format ( many-answers | one-answer );
	max-cache-size  size;
	max-acache-size  size;
	clients-per-query  number;
	max-clients-per-query  number;
	check-names ( master | slave | response )
		( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity  boolean;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	cache-file  quoted_string; // test option
	suppress-initial-notify  boolean; // not yet implemented
	preferred-glue  string;
	dual-stack-servers [ port  integer ] {
		(  quoted_string [port integer] |
		 ipv4_address [port integer] |
		 ipv6_address [port integer] ); ...
	};
	edns-udp-size  integer;
	max-udp-size  integer;
	root-delegation-only [ exclude {  quoted_string; ... } ];
	disable-algorithms  string { string; ... };
	dnssec-enable  boolean;
	dnssec-validation  boolean;
	dnssec-lookaside (  auto | no | domain trust-anchor domain );
	dnssec-must-be-secure  string boolean;
	dnssec-accept-expired  boolean;
	dns64-server  string;
	dns64-contact  string;
	dns64  prefix {
		clients { <replacable>acl</replacable>; };
		exclude { <replacable>acl</replacable>; };
		mapped { <replacable>acl</replacable>; };
		break-dnssec  boolean;
		recursive-only  boolean;
		suffix  ipv6_address;
	};
	empty-server  string;
	empty-contact  string;
	empty-zones-enable  boolean;
	disable-empty-zone  string;
	dialup  dialuptype;
	ixfr-from-differences  ixfrdiff;
	allow-query {  address_match_element; ... };
	allow-query-on {  address_match_element; ... };
	allow-query-cache {  address_match_element; ... };
	allow-query-cache-on {  address_match_element; ... };
	allow-transfer {  address_match_element; ... };
	allow-update {  address_match_element; ... };
	allow-update-forwarding {  address_match_element; ... };
	update-check-ksk  boolean;
	dnssec-dnskey-kskonly  boolean;
	masterfile-format ( text | raw );
	notify  notifytype;
	notify-source (  ipv4_address | * ) [ port ( integer | * ) ];
	notify-source-v6 (  ipv6_address | * ) [ port ( integer | * ) ];
	notify-delay  seconds;
	notify-to-soa  boolean;
	also-notify [ port  integer ] { ( ipv4_address | ipv6_address )
		[ port  integer ]; ... };
	allow-notify {  address_match_element; ... };
	forward ( first | only );
	forwarders [ port  integer ] {
		(  ipv4_address | ipv6_address ) [ port integer ]; ...
	};
	max-journal-size  size_no_default;
	max-transfer-time-in  integer;
	max-transfer-time-out  integer;
	max-transfer-idle-in  integer;
	max-transfer-idle-out  integer;
	max-retry-time  integer;
	min-retry-time  integer;
	max-refresh-time  integer;
	min-refresh-time  integer;
	multi-master  boolean;
	sig-validity-interval  integer;
	transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	alt-transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	alt-transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	use-alt-transfer-source  boolean;
	zone-statistics  boolean;
	try-tcp-refresh  boolean;
	key-directory  quoted_string;
	zero-no-soa-ttl  boolean;
	zero-no-soa-ttl-cache  boolean;
	dnssec-secure-to-insecure  boolean;
	allow-v6-synthesis {  address_match_element; ... }; // obsolete
	fetch-glue  boolean; // obsolete
	maintain-ixfr-base  boolean; // obsolete
	max-ixfr-log-size  size; // obsolete
};

ZONE

zone  string optional_class {
	type ( master | slave | stub | hint |
		forward | delegation-only );
	file  quoted_string;
	masters [ port  integer ] {
		(  masters |
		 ipv4_address [port integer] |
		 ipv6_address [ port integer ] ) [ key string ]; ...
	};
	database  string;
	delegation-only  boolean;
	check-names ( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity  boolean;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	dialup  dialuptype;
	ixfr-from-differences  boolean;
	journal  quoted_string;
	zero-no-soa-ttl  boolean;
	dnssec-secure-to-insecure  boolean;
	allow-query {  address_match_element; ... };
	allow-query-on {  address_match_element; ... };
	allow-transfer {  address_match_element; ... };
	allow-update {  address_match_element; ... };
	allow-update-forwarding {  address_match_element; ... };
	update-policy  local |  {
		( grant | deny ) string
		( name | subdomain | wildcard | self | selfsub | selfwild |
                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |
		  tcp-self | zonesub | 6to4-self ) string
		rrtypelist;
		[...]
	};
	update-check-ksk  boolean;
	dnssec-dnskey-kskonly  boolean;
	masterfile-format ( text | raw );
	notify  notifytype;
	notify-source (  ipv4_address | * ) [ port ( integer | * ) ];
	notify-source-v6 (  ipv6_address | * ) [ port ( integer | * ) ];
	notify-delay  seconds;
	notify-to-soa  boolean;
	also-notify [ port  integer ] { ( ipv4_address | ipv6_address )
		[ port  integer ]; ... };
	allow-notify {  address_match_element; ... };
	forward ( first | only );
	forwarders [ port  integer ] {
		(  ipv4_address | ipv6_address ) [ port integer ]; ...
	};
	max-journal-size  size_no_default;
	max-transfer-time-in  integer;
	max-transfer-time-out  integer;
	max-transfer-idle-in  integer;
	max-transfer-idle-out  integer;
	max-retry-time  integer;
	min-retry-time  integer;
	max-refresh-time  integer;
	min-refresh-time  integer;
	multi-master  boolean;
	sig-validity-interval  integer;
	transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	alt-transfer-source (  ipv4_address | * )
		[ port (  integer | * ) ];
	alt-transfer-source-v6 (  ipv6_address | * )
		[ port (  integer | * ) ];
	use-alt-transfer-source  boolean;
	zone-statistics  boolean;
	try-tcp-refresh  boolean;
	key-directory  quoted_string;
	nsec3-test-zone  boolean;  // testing only
	ixfr-base  quoted_string; // obsolete
	ixfr-tmp-file  quoted_string; // obsolete
	maintain-ixfr-base  boolean; // obsolete
	max-ixfr-log-size  size; // obsolete
	pubkey  integer integer integer quoted_string; // obsolete
};

FILES

/etc/named.conf

SEE ALSO

named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference Manual.

COPYRIGHT

Copyright © 2004-2011 Internet Systems Consortium, Inc. ("ISC")
 
August 13, 2004 BIND9