named.conf
Prev Manual pages Next

Name

named.conf — configuration file for named

Synopsis

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL


acl�string�{�address_match_element;�...�};

CONTROLS


controls�{
inet�(�ipv4_address�|�ipv6_address�|
����*�)�[�port�(�integer�|�*�)�]�allow
����{�address_match_element;�...�}�[
����keys�{�string;�...�}�];
unix�quoted_string�perm�integer
����owner�integer�group�integer�[
����keys�{�string;�...�}�];
};

DLZ


dlz�string�{
database�string;
};

KEY


key�string�{
algorithm�string;
secret�string;
};

LOGGING


logging�{
category�string�{�string;�...�};
channel�string�{
file�quoted_string�[�versions�(�"unlimited"�|�integer�)
����]�[�size�size];
null;
print-category�boolean;
print-severity�boolean;
print-time�boolean;
severity�log_severity;
stderr;
syslog�[syslog_facility];
};
};

LWRES


lwres�{
listen-on�[�port�integer]�{�(�ipv4_address�|�ipv6_address�)
����[�port�integer];�...�};
ndots�integer;
search�{�string;�...�};
view�string�[class];
};

MANAGED-KEYS


managed-keys�{�stringstringinteger
����integerintegerquoted_string;�...�};

MASTERS


masters�string�[�port�integer]�{�(
����masters�|�ipv4_address�[�port�integer
����]�|�ipv6_address�[�port�integer]�)�[
����key�string];�...�};

OPTIONS


options�{
acache-cleaning-interval�integer;
acache-enable�boolean;
additional-from-auth�boolean;
additional-from-cache�boolean;
allow-new-zones�boolean;
allow-notify�{�address_match_element;�...�};
allow-query�{�address_match_element;�...�};
allow-query-cache�{�address_match_element;�...�};
allow-query-cache-on�{�address_match_element;�...�};
allow-query-on�{�address_match_element;�...�};
allow-recursion�{�address_match_element;�...�};
allow-recursion-on�{�address_match_element;�...�};
allow-transfer�{�address_match_element;�...�};
allow-update�{�address_match_element;�...�};
allow-update-forwarding�{�address_match_element;�...�};
also-notify�[�port�integer]�{�(�masters�|�ipv4_address�[
����port�integer]�|�ipv6_address�[�port�integer]�)�[�key
����string];�...�};
alt-transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
alt-transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|
����*�)�];
attach-cache�string;
auth-nxdomain�boolean;�//�default�changed
auto-dnssec�(�allow�|�maintain�|�off�);
avoid-v4-udp-ports�{�portrange;�...�};
avoid-v6-udp-ports�{�portrange;�...�};
bindkeys-file�quoted_string;
blackhole�{�address_match_element;�...�};
cache-file�quoted_string;
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�master�|�slave�|�response
����)�(�fail�|�warn�|�ignore�);
check-sibling�boolean;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean;
cleaning-interval�integer;
clients-per-query�integer;
coresize�(�default�|�unlimited�|�sizeval�);
datasize�(�default�|�unlimited�|�sizeval�);
deny-answer-addresses�{�address_match_element;�...�}�[
����except-from�{�quoted_string;�...�}�];
deny-answer-aliases�{�quoted_string;�...�}�[�except-from�{
����quoted_string;�...�}�];
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|�boolean�);
directory�quoted_string;
disable-algorithms�string�{�string;
����...�};
disable-empty-zone�string;
dns64�netprefix�{
break-dnssec�boolean;
clients�{�address_match_element;�...�};
exclude�{�address_match_element;�...�};
mapped�{�address_match_element;�...�};
recursive-only�boolean;
suffix�ipv6_address;
};
dns64-contact�string;
dns64-server�string;
dnssec-accept-expired�boolean;
dnssec-dnskey-kskonly�boolean;
dnssec-enable�boolean;
dnssec-loadkeys-interval�integer;
dnssec-lookaside�(�string�trust-anchor
����string�|�auto�|�no�);
dnssec-must-be-secure�stringboolean;
dnssec-secure-to-insecure�boolean;
dnssec-update-mode�(�maintain�|�no-resign�);
dnssec-validation�(�yes�|�no�|�auto�);
dual-stack-servers�[�port�integer]�{�(�quoted_string�[�port
����integer]�|�ipv4_address�[�port�integer]�|
����ipv6_address�[�port�integer]�);�...�};
dump-file�quoted_string;
edns-udp-size�integer;
empty-contact�string;
empty-server�string;
empty-zones-enable�boolean;
fetch-quota-params�integerfixedpoint
����fixedpointfixedpoint;
fetches-per-server�integer�[�(�drop�|�fail�)�];
fetches-per-zone�integer�[�(�drop�|�fail�)�];
files�(�default�|�unlimited�|�sizeval�);
filter-aaaa�{�address_match_element;�...�};
filter-aaaa-on-v4�(�break-dnssec�|�boolean�);
flush-zones-on-shutdown�boolean;
forward�(�first�|�only�);
forwarders�[�port�integer]�{�(�ipv4_address�|�ipv6_address�)
����[�port�integer];�...�};
heartbeat-interval�integer;
hostname�(�quoted_string�|�none�);
inline-signing�boolean;
interface-interval�integer;
ixfr-from-differences�(�master�|�slave�|�boolean�);
key-directory�quoted_string;
lame-ttl�integer;
listen-on�[�port�integer]�{
����address_match_element;�...�};
listen-on-v6�[�port�integer]�{
����address_match_element;�...�};
managed-keys-directory�quoted_string;
masterfile-format�(�raw�|�text�);
match-mapped-addresses�boolean;
max-acache-size�size_no_default;
max-cache-size�size_no_default;
max-cache-ttl�integer;
max-clients-per-query�integer;
max-journal-size�size_no_default;
max-ncache-ttl�integer;
max-records�integer;
max-recursion-depth�integer;
max-recursion-queries�integer;
max-refresh-time�integer;
max-retry-time�integer;
max-rsa-exponent-size�integer;
max-transfer-idle-in�integer;
max-transfer-idle-out�integer;
max-transfer-time-in�integer;
max-transfer-time-out�integer;
max-udp-size�integer;
memstatistics�boolean;
memstatistics-file�quoted_string;
min-refresh-time�integer;
min-retry-time�integer;
minimal-responses�boolean;
multi-master�boolean;
no-case-compress�{�address_match_element;�...�};
notify�(�explicit�|�master-only�|�boolean�);
notify-delay�integer;
notify-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
notify-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
notify-to-soa�boolean;
nsec3-test-zone�boolean;�//�test�only
pid-file�(�quoted_string�|�none�);
port�integer;
preferred-glue�string;
provide-ixfr�boolean;
query-source�(�(�[�address�]�(�ipv4_address�|�*�)�[�port�(
����integer�|�*�)�]�)�|�(�[�[�address�]�(�ipv4_address�|�*�)�]
����port�(�integer�|�*�)�)�);
query-source-v6�(�(�[�address�]�(�ipv6_address�|�*�)�[�port�(
����integer�|�*�)�]�)�|�(�[�[�address�]�(�ipv6_address�|�*�)�]
����port�(�integer�|�*�)�)�);
querylog�boolean;
random-device�quoted_string;
recursing-file�quoted_string;
recursion�boolean;
recursive-clients�integer;
request-ixfr�boolean;
request-nsid�boolean;
reserved-sockets�integer;
resolver-query-timeout�integer;
response-policy�{�zone�quoted_string�[�policy�(�cname�|�disabled
����|�given�|�no-op�|�nodata�|�nxdomain�|�passthru�quoted_string
����)�]�[�recursive-only�boolean]�[�max-policy-ttl�integer];
����...�}�[�recursive-only�boolean]�[�break-dnssec�boolean]�[
����max-policy-ttl�integer]�[�min-ns-dots�integer];
root-delegation-only�[�exclude�{�quoted_string;�...�}�];
rrset-order�{�[�class�string]�[�type�string]�[�name
����quoted_string]�stringstring;�...�};
secroots-file�quoted_string;
serial-query-rate�integer;
serial-update-method�(�increment�|�unixtime�);
server-id�(�quoted_string�|�none�|�hostname�);
session-keyalg�string;
session-keyfile�(�quoted_string�|�none�);
session-keyname�string;
sig-signing-nodes�integer;
sig-signing-signatures�integer;
sig-signing-type�integer;
sig-validity-interval�integer�[integer];
sortlist�{�address_match_element;�...�};
stacksize�(�default�|�unlimited�|�sizeval�);
statistics-file�quoted_string;
tcp-clients�integer;
tcp-listen-queue�integer;
tkey-dhkey�quoted_stringinteger;
tkey-domain�quoted_string;
tkey-gssapi-credential�quoted_string;
tkey-gssapi-keytab�quoted_string;
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
transfers-in�integer;
transfers-out�integer;
transfers-per-ns�integer;
try-tcp-refresh�boolean;
update-check-ksk�boolean;
use-alt-transfer-source�boolean;
use-v4-udp-ports�{�portrange;�...�};
use-v6-udp-ports�{�portrange;�...�};
version�(�quoted_string�|�none�);
zero-no-soa-ttl�boolean;
zero-no-soa-ttl-cache�boolean;
zone-statistics�(�full�|�terse�|�none�|�boolean�);
};

SERVER


server�netprefix�{
bogus�boolean;
edns�boolean;
edns-udp-size�integer;
keys�server_key;
max-udp-size�integer;
notify-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
notify-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
provide-ixfr�boolean;
query-source�(�(�[�address�]�(�ipv4_address�|�*�)�[�port�(
����integer�|�*�)�]�)�|�(�[�[�address�]�(�ipv4_address�|�*�)�]
����port�(�integer�|�*�)�)�);
query-source-v6�(�(�[�address�]�(�ipv6_address�|�*�)�[�port�(
����integer�|�*�)�]�)�|�(�[�[�address�]�(�ipv6_address�|�*�)�]
����port�(�integer�|�*�)�)�);
request-ixfr�boolean;
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
transfers�integer;
};

STATISTICS-CHANNELS


statistics-channels�{
inet�(�ipv4_address�|�ipv6_address�|
����*�)�[�port�(�integer�|�*�)�]�[
����allow�{�address_match_element;�...
����}�];
};

TRUSTED-KEYS


trusted-keys�{�stringintegerinteger
����integerquoted_string;�...�};

VIEW


view�string�[class]�{
acache-cleaning-interval�integer;
acache-enable�boolean;
additional-from-auth�boolean;
additional-from-cache�boolean;
allow-new-zones�boolean;
allow-notify�{�address_match_element;�...�};
allow-query�{�address_match_element;�...�};
allow-query-cache�{�address_match_element;�...�};
allow-query-cache-on�{�address_match_element;�...�};
allow-query-on�{�address_match_element;�...�};
allow-recursion�{�address_match_element;�...�};
allow-recursion-on�{�address_match_element;�...�};
allow-transfer�{�address_match_element;�...�};
allow-update�{�address_match_element;�...�};
allow-update-forwarding�{�address_match_element;�...�};
also-notify�[�port�integer]�{�(�masters�|�ipv4_address�[
����port�integer]�|�ipv6_address�[�port�integer]�)�[�key
����string];�...�};
alt-transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
alt-transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|
����*�)�];
attach-cache�string;
auth-nxdomain�boolean;�//�default�changed
auto-dnssec�(�allow�|�maintain�|�off�);
cache-file�quoted_string;
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�master�|�slave�|�response
����)�(�fail�|�warn�|�ignore�);
check-sibling�boolean;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean;
cleaning-interval�integer;
clients-per-query�integer;
deny-answer-addresses�{�address_match_element;�...�}�[
����except-from�{�quoted_string;�...�}�];
deny-answer-aliases�{�quoted_string;�...�}�[�except-from�{
����quoted_string;�...�}�];
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|�boolean�);
disable-algorithms�string�{�string;
����...�};
disable-empty-zone�string;
dlz�string�{
database�string;
};
dns64�netprefix�{
break-dnssec�boolean;
clients�{�address_match_element;�...�};
exclude�{�address_match_element;�...�};
mapped�{�address_match_element;�...�};
recursive-only�boolean;
suffix�ipv6_address;
};
dns64-contact�string;
dns64-server�string;
dnssec-accept-expired�boolean;
dnssec-dnskey-kskonly�boolean;
dnssec-enable�boolean;
dnssec-loadkeys-interval�integer;
dnssec-lookaside�(�string�trust-anchor
����string�|�auto�|�no�);
dnssec-must-be-secure�stringboolean;
dnssec-secure-to-insecure�boolean;
dnssec-update-mode�(�maintain�|�no-resign�);
dnssec-validation�(�yes�|�no�|�auto�);
dual-stack-servers�[�port�integer]�{�(�quoted_string�[�port
����integer]�|�ipv4_address�[�port�integer]�|
����ipv6_address�[�port�integer]�);�...�};
edns-udp-size�integer;
empty-contact�string;
empty-server�string;
empty-zones-enable�boolean;
fetch-quota-params�integerfixedpoint
����fixedpointfixedpoint;
fetches-per-server�integer�[�(�drop�|�fail�)�];
fetches-per-zone�integer�[�(�drop�|�fail�)�];
filter-aaaa�{�address_match_element;�...�};
filter-aaaa-on-v4�(�break-dnssec�|�boolean�);
forward�(�first�|�only�);
forwarders�[�port�integer]�{�(�ipv4_address�|�ipv6_address�)
����[�port�integer];�...�};
inline-signing�boolean;
ixfr-from-differences�(�master�|�slave�|�boolean�);
key�string�{
algorithm�string;
secret�string;
};
key-directory�quoted_string;
lame-ttl�integer;
managed-keys�{�stringstring
����integerintegerinteger
����quoted_string;�...�};
masterfile-format�(�raw�|�text�);
match-clients�{�address_match_element;�...�};
match-destinations�{�address_match_element;�...�};
match-recursive-only�boolean;
max-acache-size�size_no_default;
max-cache-size�size_no_default;
max-cache-ttl�integer;
max-clients-per-query�integer;
max-journal-size�size_no_default;
max-ncache-ttl�integer;
max-records�integer;
max-recursion-depth�integer;
max-recursion-queries�integer;
max-refresh-time�integer;
max-retry-time�integer;
max-transfer-idle-in�integer;
max-transfer-idle-out�integer;
max-transfer-time-in�integer;
max-transfer-time-out�integer;
max-udp-size�integer;
min-refresh-time�integer;
min-retry-time�integer;
minimal-responses�boolean;
multi-master�boolean;
no-case-compress�{�address_match_element;�...�};
notify�(�explicit�|�master-only�|�boolean�);
notify-delay�integer;
notify-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
notify-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
notify-to-soa�boolean;
nsec3-test-zone�boolean;�//�test�only
preferred-glue�string;
provide-ixfr�boolean;
query-source�(�(�[�address�]�(�ipv4_address�|�*�)�[�port�(
����integer�|�*�)�]�)�|�(�[�[�address�]�(�ipv4_address�|�*�)�]
����port�(�integer�|�*�)�)�);
query-source-v6�(�(�[�address�]�(�ipv6_address�|�*�)�[�port�(
����integer�|�*�)�]�)�|�(�[�[�address�]�(�ipv6_address�|�*�)�]
����port�(�integer�|�*�)�)�);
recursion�boolean;
request-ixfr�boolean;
request-nsid�boolean;
resolver-query-timeout�integer;
response-policy�{�zone�quoted_string�[�policy�(�cname�|�disabled
����|�given�|�no-op�|�nodata�|�nxdomain�|�passthru�quoted_string
����)�]�[�recursive-only�boolean]�[�max-policy-ttl�integer];
����...�}�[�recursive-only�boolean]�[�break-dnssec�boolean]�[
����max-policy-ttl�integer]�[�min-ns-dots�integer];
root-delegation-only�[�exclude�{�quoted_string;�...�}�];
rrset-order�{�[�class�string]�[�type�string]�[�name
����quoted_string]�stringstring;�...�};
serial-update-method�(�increment�|�unixtime�);
server�netprefix�{
bogus�boolean;
edns�boolean;
edns-udp-size�integer;
keys�server_key;
max-udp-size�integer;
notify-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*
����)�];
notify-source-v6�(�ipv6_address�|�*�)�[�port�(�integer
����|�*�)�];
provide-ixfr�boolean;
query-source�(�(�[�address�]�(�ipv4_address�|�*�)�[�port
����(�integer�|�*�)�]�)�|�(�[�[�address�]�(
����ipv4_address�|�*�)�]�port�(�integer�|�*�)�)�);
query-source-v6�(�(�[�address�]�(�ipv6_address�|�*�)�[
����port�(�integer�|�*�)�]�)�|�(�[�[�address�]�(
����ipv6_address�|�*�)�]�port�(�integer�|�*�)�)�);
request-ixfr�boolean;
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|
����*�)�];
transfer-source-v6�(�ipv6_address�|�*�)�[�port�(
����integer�|�*�)�];
transfers�integer;
};
sig-signing-nodes�integer;
sig-signing-signatures�integer;
sig-signing-type�integer;
sig-validity-interval�integer�[integer];
sortlist�{�address_match_element;�...�};
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
trusted-keys�{�stringinteger
����integerintegerquoted_string;
����...�};
try-tcp-refresh�boolean;
update-check-ksk�boolean;
use-alt-transfer-source�boolean;
zero-no-soa-ttl�boolean;
zero-no-soa-ttl-cache�boolean;
zone�string�[class]�{
allow-notify�{�address_match_element;�...�};
allow-query�{�address_match_element;�...�};
allow-query-on�{�address_match_element;�...�};
allow-transfer�{�address_match_element;�...�};
allow-update�{�address_match_element;�...�};
allow-update-forwarding�{�address_match_element;�...�};
also-notify�[�port�integer]�{�(�masters�|
����ipv4_address�[�port�integer]�|�ipv6_address�[
����port�integer]�)�[�key�string];�...�};
alt-transfer-source�(�ipv4_address�|�*�)�[�port�(
����integer�|�*�)�];
alt-transfer-source-v6�(�ipv6_address�|�*�)�[�port�(
����integer�|�*�)�];
auto-dnssec�(�allow�|�maintain�|�off�);
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�fail�|�warn�|�ignore�);
check-sibling�boolean;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean;
database�string;
delegation-only�boolean;
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|
����boolean�);
dnssec-dnskey-kskonly�boolean;
dnssec-loadkeys-interval�integer;
dnssec-secure-to-insecure�boolean;
dnssec-update-mode�(�maintain�|�no-resign�);
file�quoted_string;
forward�(�first�|�only�);
forwarders�[�port�integer]�{�(�ipv4_address�|
����ipv6_address�)�[�port�integer];�...�};
inline-signing�boolean;
ixfr-from-differences�boolean;
journal�quoted_string;
key-directory�quoted_string;
masterfile-format�(�raw�|�text�);
masters�[�port�integer]�{�(�masters�|�ipv4_address�[
����port�integer]�|�ipv6_address�[�port�integer]�)
����[�key�string];�...�};
max-ixfr-log-size�(�default�|�unlimited�|
max-journal-size�size_no_default;
max-records�integer;
max-refresh-time�integer;
max-retry-time�integer;
max-transfer-idle-in�integer;
max-transfer-idle-out�integer;
max-transfer-time-in�integer;
max-transfer-time-out�integer;
min-refresh-time�integer;
min-retry-time�integer;
multi-master�boolean;
notify�(�explicit�|�master-only�|�boolean�);
notify-delay�integer;
notify-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*
����)�];
notify-source-v6�(�ipv6_address�|�*�)�[�port�(�integer
����|�*�)�];
notify-to-soa�boolean;
nsec3-test-zone�boolean;�//�test�only
pubkey�integer
����integer
����integer
request-ixfr�boolean;
serial-update-method�(�increment�|�unixtime�);
server-addresses�{�(�ipv4_address�|�ipv6_address�)�[
����port�integer];�...�};
server-names�{�quoted_string;�...�};
sig-signing-nodes�integer;
sig-signing-signatures�integer;
sig-signing-type�integer;
sig-validity-interval�integer�[integer];
transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|
����*�)�];
transfer-source-v6�(�ipv6_address�|�*�)�[�port�(
����integer�|�*�)�];
try-tcp-refresh�boolean;
type�(�delegation-only�|�forward�|�hint�|�master�|�redirect
����|�slave�|�static-stub�|�stub�);
update-check-ksk�boolean;
update-policy�(�local�|�{�(�deny�|�grant�)�string�(
����6to4-self�|�external�|�krb5-self�|�krb5-subdomain�|
����ms-self�|�ms-subdomain�|�name�|�self�|�selfsub�|
����selfwild�|�subdomain�|�tcp-self�|�wildcard�|�zonesub�)
����[string]�rrtypelist;�...�};
use-alt-transfer-source�boolean;
zero-no-soa-ttl�boolean;
zone-statistics�(�full�|�terse�|�none�|�boolean�);
};
zone-statistics�(�full�|�terse�|�none�|�boolean�);
};

ZONE


zone�string�[class]�{
allow-notify�{�address_match_element;�...�};
allow-query�{�address_match_element;�...�};
allow-query-on�{�address_match_element;�...�};
allow-transfer�{�address_match_element;�...�};
allow-update�{�address_match_element;�...�};
allow-update-forwarding�{�address_match_element;�...�};
also-notify�[�port�integer]�{�(�masters�|�ipv4_address�[
����port�integer]�|�ipv6_address�[�port�integer]�)�[�key
����string];�...�};
alt-transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
alt-transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|
����*�)�];
auto-dnssec�(�allow�|�maintain�|�off�);
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�fail�|�warn�|�ignore�);
check-sibling�boolean;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean;
database�string;
delegation-only�boolean;
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|�boolean�);
dnssec-dnskey-kskonly�boolean;
dnssec-loadkeys-interval�integer;
dnssec-secure-to-insecure�boolean;
dnssec-update-mode�(�maintain�|�no-resign�);
file�quoted_string;
forward�(�first�|�only�);
forwarders�[�port�integer]�{�(�ipv4_address�|�ipv6_address�)
����[�port�integer];�...�};
inline-signing�boolean;
ixfr-from-differences�boolean;
journal�quoted_string;
key-directory�quoted_string;
masterfile-format�(�raw�|�text�);
masters�[�port�integer]�{�(�masters�|�ipv4_address�[�port
����integer]�|�ipv6_address�[�port�integer]�)�[�key
����string];�...�};
max-journal-size�size_no_default;
max-records�integer;
max-refresh-time�integer;
max-retry-time�integer;
max-transfer-idle-in�integer;
max-transfer-idle-out�integer;
max-transfer-time-in�integer;
max-transfer-time-out�integer;
min-refresh-time�integer;
min-retry-time�integer;
multi-master�boolean;
notify�(�explicit�|�master-only�|�boolean�);
notify-delay�integer;
notify-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
notify-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
notify-to-soa�boolean;
nsec3-test-zone�boolean;�//�test�only
pubkey�integerinteger
request-ixfr�boolean;
serial-update-method�(�increment�|�unixtime�);
server-addresses�{�(�ipv4_address�|�ipv6_address�)�[�port
����integer];�...�};
server-names�{�quoted_string;�...�};
sig-signing-nodes�integer;
sig-signing-signatures�integer;
sig-signing-type�integer;
sig-validity-interval�integer�[integer];
transfer-source�(�ipv4_address�|�*�)�[�port�(�integer�|�*�)�];
transfer-source-v6�(�ipv6_address�|�*�)�[�port�(�integer�|�*�)�];
try-tcp-refresh�boolean;
type�(�delegation-only�|�forward�|�hint�|�master�|�redirect�|�slave
����|�static-stub�|�stub�);
update-check-ksk�boolean;
update-policy�(�local�|�{�(�deny�|�grant�)�string�(�6to4-self�|
����external�|�krb5-self�|�krb5-subdomain�|�ms-self�|�ms-subdomain
����|�name�|�self�|�selfsub�|�selfwild�|�subdomain�|�tcp-self�|
����wildcard�|�zonesub�)�[string]�rrtypelist;�...�};
use-alt-transfer-source�boolean;
zero-no-soa-ttl�boolean;
zone-statistics�(�full�|�terse�|�none�|�boolean�);
};

FILES

/etc/named.conf

SEE ALSO

ddns-confgen(8) , named(8) , named-checkconf(8) , rndc(8) , rndc-confgen(8) , BIND 9 Administrator Reference Manual.

Prev Up Next
named Home lwresd

BIND 9.9.11 (Extended Support Version)