"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.17.5/bin/named/named.conf.rst" (4 Sep 2020, 34707 Bytes) of package /linux/misc/dns/bind9/9.17.5/bind-9.17.5.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the latest Fossies "Diffs" side-by-side code changes report for "named.conf.rst": 9.17.4_vs_9.17.5.

named.conf - configuration file for named

Synopsis

named.conf

Description

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL

acl string { address_match_element; ... };

CONTROLS

controls {
  inet ( ipv4_address | ipv6_address |
      * ) [ port ( integer | * ) ] allow
      { address_match_element; ... } [
      keys { string; ... } ] [ read-only
      boolean ];
  unix quoted_string perm integer
      owner integer group integer [
      keys { string; ... } ] [ read-only
      boolean ];
};

DLZ

dlz string {
  database string;
  search boolean;
};

DNSSEC-POLICY

dnssec-policy string {
  dnskey-ttl duration;
  keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
      duration_or_unlimited algorithm string [ integer ]; ... };
  max-zone-ttl duration;
  parent-ds-ttl duration;
  parent-propagation-delay duration;
  publish-safety duration;
  retire-safety duration;
  signatures-refresh duration;
  signatures-validity duration;
  signatures-validity-dnskey duration;
  zone-propagation-delay duration;
};

DYNDB

dyndb string quoted_string {
    unspecified-text };

KEY

key string {
  algorithm string;
  secret string;
};

LOGGING

logging {
  category string { string; ... };
  channel string {
      buffered boolean;
      file quoted_string [ versions ( unlimited | integer ) ]
          [ size size ] [ suffix ( increment | timestamp ) ];
      null;
      print-category boolean;
      print-severity boolean;
      print-time ( iso8601 | iso8601-utc | local | boolean );
      severity log_severity;
      stderr;
      syslog [ syslog_facility ];
  };
};

MANAGED-KEYS

See DNSSEC-KEYS.

managed-keys { string ( static-key
    | initial-key | static-ds |
    initial-ds ) integer integer
    integer quoted_string; ... };, deprecated

MASTERS

masters string [ port integer ] [ dscp
    integer ] { ( primaries | ipv4_address
    [ port integer ] | ipv6_address [ port
    integer ] ) [ key string ]; ... };

OPTIONS

options {
  allow-new-zones boolean;
  allow-notify { address_match_element; ... };
  allow-query { address_match_element; ... };
  allow-query-cache { address_match_element; ... };
  allow-query-cache-on { address_match_element; ... };
  allow-query-on { address_match_element; ... };
  allow-recursion { address_match_element; ... };
  allow-recursion-on { address_match_element; ... };
  allow-transfer { address_match_element; ... };
  allow-update { address_match_element; ... };
  allow-update-forwarding { address_match_element; ... };
  also-notify [ port integer ] [ dscp integer ] { ( primaries |
      ipv4_address [ port integer ] | ipv6_address [ port
      integer ] ) [ key string ]; ... };
  alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
      * ) ] [ dscp integer ];
  answer-cookie boolean;
  attach-cache string;
  auth-nxdomain boolean; // default changed
  auto-dnssec ( allow | maintain | off );
  automatic-interface-scan boolean;
  avoid-v4-udp-ports { portrange; ... };
  avoid-v6-udp-ports { portrange; ... };
  bindkeys-file quoted_string;
  blackhole { address_match_element; ... };
  cache-file quoted_string;
  catalog-zones { zone string [ default-masters [ port integer ]
      [ dscp integer ] { ( primaries | ipv4_address [ port
      integer ] | ipv6_address [ port integer ] ) [ key
      string ]; ... } ] [ zone-directory quoted_string ] [
      in-memory boolean ] [ min-update-interval duration ]; ... };
  check-dup-records ( fail | warn | ignore );
  check-integrity boolean;
  check-mx ( fail | warn | ignore );
  check-mx-cname ( fail | warn | ignore );
  check-names ( primary | master |
      secondary | slave | response ) (
      fail | warn | ignore );
  check-sibling boolean;
  check-spf ( warn | ignore );
  check-srv-cname ( fail | warn | ignore );
  check-wildcard boolean;
  clients-per-query integer;
  cookie-algorithm ( aes | siphash24 );
  cookie-secret string;
  coresize ( default | unlimited | sizeval );
  datasize ( default | unlimited | sizeval );
  deny-answer-addresses { address_match_element; ... } [
      except-from { string; ... } ];
  deny-answer-aliases { string; ... } [ except-from { string; ...
      } ];
  dialup ( notify | notify-passive | passive | refresh | boolean );
  directory quoted_string;
  disable-algorithms string { string;
      ... };
  disable-ds-digests string { string;
      ... };
  disable-empty-zone string;
  dns64 netprefix {
      break-dnssec boolean;
      clients { address_match_element; ... };
      exclude { address_match_element; ... };
      mapped { address_match_element; ... };
      recursive-only boolean;
      suffix ipv6_address;
  };
  dns64-contact string;
  dns64-server string;
  dnskey-sig-validity integer;
  dnsrps-enable boolean;
  dnsrps-options { unspecified-text };
  dnssec-accept-expired boolean;
  dnssec-dnskey-kskonly boolean;
  dnssec-loadkeys-interval integer;
  dnssec-must-be-secure string boolean;
  dnssec-policy string;
  dnssec-secure-to-insecure boolean;
  dnssec-update-mode ( maintain | no-resign );
  dnssec-validation ( yes | no | auto );
  dnstap { ( all | auth | client | forwarder | resolver | update ) [
      ( query | response ) ]; ... };
  dnstap-identity ( quoted_string | none | hostname );
  dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
      size ) ] [ versions ( unlimited | integer ) ] [ suffix (
      increment | timestamp ) ];
  dnstap-version ( quoted_string | none );
  dscp integer;
  dual-stack-servers [ port integer ] { ( quoted_string [ port
      integer ] [ dscp integer ] | ipv4_address [ port
      integer ] [ dscp integer ] | ipv6_address [ port
      integer ] [ dscp integer ] ); ... };
  dump-file quoted_string;
  edns-udp-size integer;
  empty-contact string;
  empty-server string;
  empty-zones-enable boolean;
  fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
  fetches-per-server integer [ ( drop | fail ) ];
  fetches-per-zone integer [ ( drop | fail ) ];
  files ( default | unlimited | sizeval );
  flush-zones-on-shutdown boolean;
  forward ( first | only );
  forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
      | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
  fstrm-set-buffer-hint integer;
  fstrm-set-flush-timeout integer;
  fstrm-set-input-queue-size integer;
  fstrm-set-output-notify-threshold integer;
  fstrm-set-output-queue-model ( mpsc | spsc );
  fstrm-set-output-queue-size integer;
  fstrm-set-reopen-interval duration;
  geoip-directory ( quoted_string | none );
  glue-cache boolean;
  heartbeat-interval integer;
  hostname ( quoted_string | none );
  inline-signing boolean;
  interface-interval duration;
  ixfr-from-differences ( primary | master | secondary | slave |
      boolean );
  keep-response-order { address_match_element; ... };
  key-directory quoted_string;
  lame-ttl duration;
  listen-on [ port integer ] [ dscp
      integer ] {
      address_match_element; ... };
  listen-on-v6 [ port integer ] [ dscp
      integer ] {
      address_match_element; ... };
  lmdb-mapsize sizeval;
  lock-file ( quoted_string | none );
  managed-keys-directory quoted_string;
  masterfile-format ( map | raw | text );
  masterfile-style ( full | relative );
  match-mapped-addresses boolean;
  max-cache-size ( default | unlimited | sizeval | percentage );
  max-cache-ttl duration;
  max-clients-per-query integer;
  max-ixfr-ratio ( unlimited | percentage );
  max-journal-size ( default | unlimited | sizeval );
  max-ncache-ttl duration;
  max-records integer;
  max-recursion-depth integer;
  max-recursion-queries integer;
  max-refresh-time integer;
  max-retry-time integer;
  max-rsa-exponent-size integer;
  max-stale-ttl duration;
  max-transfer-idle-in integer;
  max-transfer-idle-out integer;
  max-transfer-time-in integer;
  max-transfer-time-out integer;
  max-udp-size integer;
  max-zone-ttl ( unlimited | duration );
  memstatistics boolean;
  memstatistics-file quoted_string;
  message-compression boolean;
  min-cache-ttl duration;
  min-ncache-ttl duration;
  min-refresh-time integer;
  min-retry-time integer;
  minimal-any boolean;
  minimal-responses ( no-auth | no-auth-recursive | boolean );
  multi-master boolean;
  new-zones-directory quoted_string;
  no-case-compress { address_match_element; ... };
  nocookie-udp-size integer;
  notify ( explicit | master-only | primary-only | boolean );
  notify-delay integer;
  notify-rate integer;
  notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
      [ dscp integer ];
  notify-to-soa boolean;
  nta-lifetime duration;
  nta-recheck duration;
  nxdomain-redirect string;
  pid-file ( quoted_string | none );
  port integer;
  preferred-glue string;
  prefetch integer [ integer ];
  provide-ixfr boolean;
  qname-minimization ( strict | relaxed | disabled | off );
  query-source ( ( [ address ] ( ipv4_address | * ) [ port (
      integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
      port ( integer | * ) ) ) [ dscp integer ];
  query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
      integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
      port ( integer | * ) ) ) [ dscp integer ];
  querylog boolean;
  random-device ( quoted_string | none );
  rate-limit {
      all-per-second integer;
      errors-per-second integer;
      exempt-clients { address_match_element; ... };
      ipv4-prefix-length integer;
      ipv6-prefix-length integer;
      log-only boolean;
      max-table-size integer;
      min-table-size integer;
      nodata-per-second integer;
      nxdomains-per-second integer;
      qps-scale integer;
      referrals-per-second integer;
      responses-per-second integer;
      slip integer;
      window integer;
  };
  recursing-file quoted_string;
  recursion boolean;
  recursive-clients integer;
  request-expire boolean;
  request-ixfr boolean;
  request-nsid boolean;
  require-server-cookie boolean;
  reserved-sockets integer;
  resolver-nonbackoff-tries integer;
  resolver-query-timeout integer;
  resolver-retry-interval integer;
  response-padding { address_match_element; ... } block-size
      integer;
  response-policy { zone string [ add-soa boolean ] [ log
      boolean ] [ max-policy-ttl duration ] [ min-update-interval
      duration ] [ policy ( cname | disabled | drop | given | no-op
      | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
      recursive-only boolean ] [ nsip-enable boolean ] [
      nsdname-enable boolean ]; ... } [ add-soa boolean ] [
      break-dnssec boolean ] [ max-policy-ttl duration ] [
      min-update-interval duration ] [ min-ns-dots integer ] [
      nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean
      ] [ qname-wait-recurse boolean ] [ recursive-only boolean ]
      [ nsip-enable boolean ] [ nsdname-enable boolean ] [
      dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
      } ];
  root-delegation-only [ exclude { string; ... } ];
  root-key-sentinel boolean;
  rrset-order { [ class string ] [ type string ] [ name
      quoted_string ] string string; ... };
  secroots-file quoted_string;
  send-cookie boolean;
  serial-query-rate integer;
  serial-update-method ( date | increment | unixtime );
  server-id ( quoted_string | none | hostname );
  servfail-ttl duration;
  session-keyalg string;
  session-keyfile ( quoted_string | none );
  session-keyname string;
  sig-signing-nodes integer;
  sig-signing-signatures integer;
  sig-signing-type integer;
  sig-validity-interval integer [ integer ];
  sortlist { address_match_element; ... };
  stacksize ( default | unlimited | sizeval );
  stale-answer-enable boolean;
  stale-answer-ttl duration;
  stale-cache-enable boolean;
  startup-notify-rate integer;
  statistics-file quoted_string;
  synth-from-dnssec boolean;
  tcp-advertised-timeout integer;
  tcp-clients integer;
  tcp-idle-timeout integer;
  tcp-initial-timeout integer;
  tcp-keepalive-timeout integer;
  tcp-listen-queue integer;
  tkey-dhkey quoted_string integer;
  tkey-domain quoted_string;
  tkey-gssapi-credential quoted_string;
  tkey-gssapi-keytab quoted_string;
  transfer-format ( many-answers | one-answer );
  transfer-message-size integer;
  transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  transfers-in integer;
  transfers-out integer;
  transfers-per-ns integer;
  trust-anchor-telemetry boolean; // experimental
  try-tcp-refresh boolean;
  update-check-ksk boolean;
  use-alt-transfer-source boolean;
  use-v4-udp-ports { portrange; ... };
  use-v6-udp-ports { portrange; ... };
  v6-bias integer;
  validate-except { string; ... };
  version ( quoted_string | none );
  zero-no-soa-ttl boolean;
  zero-no-soa-ttl-cache boolean;
  zone-statistics ( full | terse | none | boolean );
};

PLUGIN

plugin ( query ) string [ { unspecified-text
    } ];

PRIMARIES

primaries string [ port integer ] [ dscp
    integer ] { ( primaries | ipv4_address
    [ port integer ] | ipv6_address [ port
    integer ] ) [ key string ]; ... };

SERVER

server netprefix {
  bogus boolean;
  edns boolean;
  edns-udp-size integer;
  edns-version integer;
  keys server_key;
  max-udp-size integer;
  notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
      [ dscp integer ];
  padding integer;
  provide-ixfr boolean;
  query-source ( ( [ address ] ( ipv4_address | * ) [ port (
      integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
      port ( integer | * ) ) ) [ dscp integer ];
  query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
      integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
      port ( integer | * ) ) ) [ dscp integer ];
  request-expire boolean;
  request-ixfr boolean;
  request-nsid boolean;
  send-cookie boolean;
  tcp-keepalive boolean;
  tcp-only boolean;
  transfer-format ( many-answers | one-answer );
  transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  transfers integer;
};

STATISTICS-CHANNELS

statistics-channels {
  inet ( ipv4_address | ipv6_address |
      * ) [ port ( integer | * ) ] [
      allow { address_match_element; ...
      } ];
};

TRUST-ANCHORS

trust-anchors { string ( static-key |
    initial-key | static-ds | initial-ds )
    integer integer integer
    quoted_string; ... };

TRUSTED-KEYS

Deprecated - see DNSSEC-KEYS.

trusted-keys { string integer
    integer integer
    quoted_string; ... };, deprecated

VIEW

view string [ class ] {
  allow-new-zones boolean;
  allow-notify { address_match_element; ... };
  allow-query { address_match_element; ... };
  allow-query-cache { address_match_element; ... };
  allow-query-cache-on { address_match_element; ... };
  allow-query-on { address_match_element; ... };
  allow-recursion { address_match_element; ... };
  allow-recursion-on { address_match_element; ... };
  allow-transfer { address_match_element; ... };
  allow-update { address_match_element; ... };
  allow-update-forwarding { address_match_element; ... };
  also-notify [ port integer ] [ dscp integer ] { ( primaries |
      ipv4_address [ port integer ] | ipv6_address [ port
      integer ] ) [ key string ]; ... };
  alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
      * ) ] [ dscp integer ];
  attach-cache string;
  auth-nxdomain boolean; // default changed
  auto-dnssec ( allow | maintain | off );
  cache-file quoted_string;
  catalog-zones { zone string [ default-masters [ port integer ]
      [ dscp integer ] { ( primaries | ipv4_address [ port
      integer ] | ipv6_address [ port integer ] ) [ key
      string ]; ... } ] [ zone-directory quoted_string ] [
      in-memory boolean ] [ min-update-interval duration ]; ... };
  check-dup-records ( fail | warn | ignore );
  check-integrity boolean;
  check-mx ( fail | warn | ignore );
  check-mx-cname ( fail | warn | ignore );
  check-names ( primary | master |
      secondary | slave | response ) (
      fail | warn | ignore );
  check-sibling boolean;
  check-spf ( warn | ignore );
  check-srv-cname ( fail | warn | ignore );
  check-wildcard boolean;
  clients-per-query integer;
  deny-answer-addresses { address_match_element; ... } [
      except-from { string; ... } ];
  deny-answer-aliases { string; ... } [ except-from { string; ...
      } ];
  dialup ( notify | notify-passive | passive | refresh | boolean );
  disable-algorithms string { string;
      ... };
  disable-ds-digests string { string;
      ... };
  disable-empty-zone string;
  dlz string {
      database string;
      search boolean;
  };
  dns64 netprefix {
      break-dnssec boolean;
      clients { address_match_element; ... };
      exclude { address_match_element; ... };
      mapped { address_match_element; ... };
      recursive-only boolean;
      suffix ipv6_address;
  };
  dns64-contact string;
  dns64-server string;
  dnskey-sig-validity integer;
  dnsrps-enable boolean;
  dnsrps-options { unspecified-text };
  dnssec-accept-expired boolean;
  dnssec-dnskey-kskonly boolean;
  dnssec-loadkeys-interval integer;
  dnssec-must-be-secure string boolean;
  dnssec-policy string;
  dnssec-secure-to-insecure boolean;
  dnssec-update-mode ( maintain | no-resign );
  dnssec-validation ( yes | no | auto );
  dnstap { ( all | auth | client | forwarder | resolver | update ) [
      ( query | response ) ]; ... };
  dual-stack-servers [ port integer ] { ( quoted_string [ port
      integer ] [ dscp integer ] | ipv4_address [ port
      integer ] [ dscp integer ] | ipv6_address [ port
      integer ] [ dscp integer ] ); ... };
  dyndb string quoted_string {
      unspecified-text };
  edns-udp-size integer;
  empty-contact string;
  empty-server string;
  empty-zones-enable boolean;
  fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
  fetches-per-server integer [ ( drop | fail ) ];
  fetches-per-zone integer [ ( drop | fail ) ];
  forward ( first | only );
  forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
      | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
  glue-cache boolean;
  inline-signing boolean;
  ixfr-from-differences ( primary | master | secondary | slave |
      boolean );
  key string {
      algorithm string;
      secret string;
  };
  key-directory quoted_string;
  lame-ttl duration;
  lmdb-mapsize sizeval;
  managed-keys { string (
      static-key | initial-key
      | static-ds | initial-ds
      ) integer integer
      integer
      quoted_string; ... };, deprecated
  masterfile-format ( map | raw | text );
  masterfile-style ( full | relative );
  match-clients { address_match_element; ... };
  match-destinations { address_match_element; ... };
  match-recursive-only boolean;
  max-cache-size ( default | unlimited | sizeval | percentage );
  max-cache-ttl duration;
  max-clients-per-query integer;
  max-ixfr-ratio ( unlimited | percentage );
  max-journal-size ( default | unlimited | sizeval );
  max-ncache-ttl duration;
  max-records integer;
  max-recursion-depth integer;
  max-recursion-queries integer;
  max-refresh-time integer;
  max-retry-time integer;
  max-stale-ttl duration;
  max-transfer-idle-in integer;
  max-transfer-idle-out integer;
  max-transfer-time-in integer;
  max-transfer-time-out integer;
  max-udp-size integer;
  max-zone-ttl ( unlimited | duration );
  message-compression boolean;
  min-cache-ttl duration;
  min-ncache-ttl duration;
  min-refresh-time integer;
  min-retry-time integer;
  minimal-any boolean;
  minimal-responses ( no-auth | no-auth-recursive | boolean );
  multi-master boolean;
  new-zones-directory quoted_string;
  no-case-compress { address_match_element; ... };
  nocookie-udp-size integer;
  notify ( explicit | master-only | primary-only | boolean );
  notify-delay integer;
  notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
      [ dscp integer ];
  notify-to-soa boolean;
  nta-lifetime duration;
  nta-recheck duration;
  nxdomain-redirect string;
  plugin ( query ) string [ {
      unspecified-text } ];
  preferred-glue string;
  prefetch integer [ integer ];
  provide-ixfr boolean;
  qname-minimization ( strict | relaxed | disabled | off );
  query-source ( ( [ address ] ( ipv4_address | * ) [ port (
      integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
      port ( integer | * ) ) ) [ dscp integer ];
  query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
      integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
      port ( integer | * ) ) ) [ dscp integer ];
  rate-limit {
      all-per-second integer;
      errors-per-second integer;
      exempt-clients { address_match_element; ... };
      ipv4-prefix-length integer;
      ipv6-prefix-length integer;
      log-only boolean;
      max-table-size integer;
      min-table-size integer;
      nodata-per-second integer;
      nxdomains-per-second integer;
      qps-scale integer;
      referrals-per-second integer;
      responses-per-second integer;
      slip integer;
      window integer;
  };
  recursion boolean;
  request-expire boolean;
  request-ixfr boolean;
  request-nsid boolean;
  require-server-cookie boolean;
  resolver-nonbackoff-tries integer;
  resolver-query-timeout integer;
  resolver-retry-interval integer;
  response-padding { address_match_element; ... } block-size
      integer;
  response-policy { zone string [ add-soa boolean ] [ log
      boolean ] [ max-policy-ttl duration ] [ min-update-interval
      duration ] [ policy ( cname | disabled | drop | given | no-op
      | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
      recursive-only boolean ] [ nsip-enable boolean ] [
      nsdname-enable boolean ]; ... } [ add-soa boolean ] [
      break-dnssec boolean ] [ max-policy-ttl duration ] [
      min-update-interval duration ] [ min-ns-dots integer ] [
      nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean
      ] [ qname-wait-recurse boolean ] [ recursive-only boolean ]
      [ nsip-enable boolean ] [ nsdname-enable boolean ] [
      dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
      } ];
  root-delegation-only [ exclude { string; ... } ];
  root-key-sentinel boolean;
  rrset-order { [ class string ] [ type string ] [ name
      quoted_string ] string string; ... };
  send-cookie boolean;
  serial-update-method ( date | increment | unixtime );
  server netprefix {
      bogus boolean;
      edns boolean;
      edns-udp-size integer;
      edns-version integer;
      keys server_key;
      max-udp-size integer;
      notify-source ( ipv4_address | * ) [ port ( integer | *
          ) ] [ dscp integer ];
      notify-source-v6 ( ipv6_address | * ) [ port ( integer
          | * ) ] [ dscp integer ];
      padding integer;
      provide-ixfr boolean;
      query-source ( ( [ address ] ( ipv4_address | * ) [ port
          ( integer | * ) ] ) | ( [ [ address ] (
          ipv4_address | * ) ] port ( integer | * ) ) ) [
          dscp integer ];
      query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
          port ( integer | * ) ] ) | ( [ [ address ] (
          ipv6_address | * ) ] port ( integer | * ) ) ) [
          dscp integer ];
      request-expire boolean;
      request-ixfr boolean;
      request-nsid boolean;
      send-cookie boolean;
      tcp-keepalive boolean;
      tcp-only boolean;
      transfer-format ( many-answers | one-answer );
      transfer-source ( ipv4_address | * ) [ port ( integer |
          * ) ] [ dscp integer ];
      transfer-source-v6 ( ipv6_address | * ) [ port (
          integer | * ) ] [ dscp integer ];
      transfers integer;
  };
  servfail-ttl duration;
  sig-signing-nodes integer;
  sig-signing-signatures integer;
  sig-signing-type integer;
  sig-validity-interval integer [ integer ];
  sortlist { address_match_element; ... };
  stale-answer-enable boolean;
  stale-answer-ttl duration;
  stale-cache-enable boolean;
  synth-from-dnssec boolean;
  transfer-format ( many-answers | one-answer );
  transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  trust-anchor-telemetry boolean; // experimental
  trust-anchors { string ( static-key |
      initial-key | static-ds | initial-ds
      ) integer integer integer
      quoted_string; ... };
  trusted-keys { string
      integer integer
      integer
      quoted_string; ... };, deprecated
  try-tcp-refresh boolean;
  update-check-ksk boolean;
  use-alt-transfer-source boolean;
  v6-bias integer;
  validate-except { string; ... };
  zero-no-soa-ttl boolean;
  zero-no-soa-ttl-cache boolean;
  zone string [ class ] {
      allow-notify { address_match_element; ... };
      allow-query { address_match_element; ... };
      allow-query-on { address_match_element; ... };
      allow-transfer { address_match_element; ... };
      allow-update { address_match_element; ... };
      allow-update-forwarding { address_match_element; ... };
      also-notify [ port integer ] [ dscp integer ] { (
          primaries | ipv4_address [ port integer ] |
          ipv6_address [ port integer ] ) [ key string ];
          ... };
      alt-transfer-source ( ipv4_address | * ) [ port (
          integer | * ) ] [ dscp integer ];
      alt-transfer-source-v6 ( ipv6_address | * ) [ port (
          integer | * ) ] [ dscp integer ];
      auto-dnssec ( allow | maintain | off );
      check-dup-records ( fail | warn | ignore );
      check-integrity boolean;
      check-mx ( fail | warn | ignore );
      check-mx-cname ( fail | warn | ignore );
      check-names ( fail | warn | ignore );
      check-sibling boolean;
      check-spf ( warn | ignore );
      check-srv-cname ( fail | warn | ignore );
      check-wildcard boolean;
      database string;
      delegation-only boolean;
      dialup ( notify | notify-passive | passive | refresh |
          boolean );
      dlz string;
      dnskey-sig-validity integer;
      dnssec-dnskey-kskonly boolean;
      dnssec-loadkeys-interval integer;
      dnssec-policy string;
      dnssec-secure-to-insecure boolean;
      dnssec-update-mode ( maintain | no-resign );
      file quoted_string;
      forward ( first | only );
      forwarders [ port integer ] [ dscp integer ] { (
          ipv4_address | ipv6_address ) [ port integer ] [
          dscp integer ]; ... };
      in-view string;
      inline-signing boolean;
      ixfr-from-differences boolean;
      journal quoted_string;
      key-directory quoted_string;
      masterfile-format ( map | raw | text );
      masterfile-style ( full | relative );
      masters [ port integer ] [ dscp integer ] { (
          primaries | ipv4_address [ port integer ] |
          ipv6_address [ port integer ] ) [ key string ];
          ... };
      max-ixfr-ratio ( unlimited | percentage );
      max-journal-size ( default | unlimited | sizeval );
      max-records integer;
      max-refresh-time integer;
      max-retry-time integer;
      max-transfer-idle-in integer;
      max-transfer-idle-out integer;
      max-transfer-time-in integer;
      max-transfer-time-out integer;
      max-zone-ttl ( unlimited | duration );
      min-refresh-time integer;
      min-retry-time integer;
      multi-master boolean;
      notify ( explicit | master-only | primary-only | boolean );
      notify-delay integer;
      notify-source ( ipv4_address | * ) [ port ( integer | *
          ) ] [ dscp integer ];
      notify-source-v6 ( ipv6_address | * ) [ port ( integer
          | * ) ] [ dscp integer ];
      notify-to-soa boolean;
      primaries [ port integer ] [ dscp integer ] { (
          primaries | ipv4_address [ port integer ] |
          ipv6_address [ port integer ] ) [ key string ];
          ... };
      request-expire boolean;
      request-ixfr boolean;
      serial-update-method ( date | increment | unixtime );
      server-addresses { ( ipv4_address | ipv6_address ); ... };
      server-names { string; ... };
      sig-signing-nodes integer;
      sig-signing-signatures integer;
      sig-signing-type integer;
      sig-validity-interval integer [ integer ];
      transfer-source ( ipv4_address | * ) [ port ( integer |
          * ) ] [ dscp integer ];
      transfer-source-v6 ( ipv6_address | * ) [ port (
          integer | * ) ] [ dscp integer ];
      try-tcp-refresh boolean;
      type ( primary | master | secondary | slave | mirror |
          delegation-only | forward | hint | redirect |
          static-stub | stub );
      update-check-ksk boolean;
      update-policy ( local | { ( deny | grant ) string (
          6to4-self | external | krb5-self | krb5-selfsub |
          krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
          name | self | selfsub | selfwild | subdomain | tcp-self
          | wildcard | zonesub ) [ string ] rrtypelist; ... };
      use-alt-transfer-source boolean;
      zero-no-soa-ttl boolean;
      zone-statistics ( full | terse | none | boolean );
  };
  zone-statistics ( full | terse | none | boolean );
};

ZONE

zone string [ class ] {
  allow-notify { address_match_element; ... };
  allow-query { address_match_element; ... };
  allow-query-on { address_match_element; ... };
  allow-transfer { address_match_element; ... };
  allow-update { address_match_element; ... };
  allow-update-forwarding { address_match_element; ... };
  also-notify [ port integer ] [ dscp integer ] { ( primaries |
      ipv4_address [ port integer ] | ipv6_address [ port
      integer ] ) [ key string ]; ... };
  alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
      * ) ] [ dscp integer ];
  auto-dnssec ( allow | maintain | off );
  check-dup-records ( fail | warn | ignore );
  check-integrity boolean;
  check-mx ( fail | warn | ignore );
  check-mx-cname ( fail | warn | ignore );
  check-names ( fail | warn | ignore );
  check-sibling boolean;
  check-spf ( warn | ignore );
  check-srv-cname ( fail | warn | ignore );
  check-wildcard boolean;
  database string;
  delegation-only boolean;
  dialup ( notify | notify-passive | passive | refresh | boolean );
  dlz string;
  dnskey-sig-validity integer;
  dnssec-dnskey-kskonly boolean;
  dnssec-loadkeys-interval integer;
  dnssec-policy string;
  dnssec-secure-to-insecure boolean;
  dnssec-update-mode ( maintain | no-resign );
  file quoted_string;
  forward ( first | only );
  forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
      | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
  in-view string;
  inline-signing boolean;
  ixfr-from-differences boolean;
  journal quoted_string;
  key-directory quoted_string;
  masterfile-format ( map | raw | text );
  masterfile-style ( full | relative );
  masters [ port integer ] [ dscp integer ] { ( primaries |
      ipv4_address [ port integer ] | ipv6_address [ port
      integer ] ) [ key string ]; ... };
  max-ixfr-ratio ( unlimited | percentage );
  max-journal-size ( default | unlimited | sizeval );
  max-records integer;
  max-refresh-time integer;
  max-retry-time integer;
  max-transfer-idle-in integer;
  max-transfer-idle-out integer;
  max-transfer-time-in integer;
  max-transfer-time-out integer;
  max-zone-ttl ( unlimited | duration );
  min-refresh-time integer;
  min-retry-time integer;
  multi-master boolean;
  notify ( explicit | master-only | primary-only | boolean );
  notify-delay integer;
  notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
      [ dscp integer ];
  notify-to-soa boolean;
  primaries [ port integer ] [ dscp integer ] { ( primaries |
      ipv4_address [ port integer ] | ipv6_address [ port
      integer ] ) [ key string ]; ... };
  request-expire boolean;
  request-ixfr boolean;
  serial-update-method ( date | increment | unixtime );
  server-addresses { ( ipv4_address | ipv6_address ); ... };
  server-names { string; ... };
  sig-signing-nodes integer;
  sig-signing-signatures integer;
  sig-signing-type integer;
  sig-validity-interval integer [ integer ];
  transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
      dscp integer ];
  transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
      ] [ dscp integer ];
  try-tcp-refresh boolean;
  type ( primary | master | secondary | slave | mirror |
      delegation-only | forward | hint | redirect | static-stub |
      stub );
  update-check-ksk boolean;
  update-policy ( local | { ( deny | grant ) string ( 6to4-self |
      external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
      | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
      | subdomain | tcp-self | wildcard | zonesub ) [ string ]
      rrtypelist; ... };
  use-alt-transfer-source boolean;
  zero-no-soa-ttl boolean;
  zone-statistics ( full | terse | none | boolean );
};

Files

/etc/named.conf

See Also

named(8), named-checkconf(8), rndc(8), rndc-confgen(8), tsig-keygen(8), BIND 9 Administrator Reference Manual.