upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 19:41:04 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/doc/misc/named.conf.rst

1024 lines
34 KiB
ReStructuredText
Raw Blame History

..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
.. highlight: console
named.conf - configuration file for **named**
---------------------------------------------
Synopsis
~~~~~~~~
:program:`named.conf`
Description
~~~~~~~~~~~
``named.conf`` is the configuration file for ``named``. Statements are
enclosed in braces and terminated with a semi-colon. Clauses in the
statements are also semi-colon terminated. The usual comment styles are
supported:
C style: /\* \*/
C++ style: // to end of line
Unix style: # to end of line
ACL
^^^
::
acl string { address_match_element; ... };
CONTROLS
^^^^^^^^
::
controls {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] allow
{ address_match_element; ... } [
keys { string; ... } ] [ read-only
boolean ];
unix quoted_string perm integer
owner integer group integer [
keys { string; ... } ] [ read-only
boolean ];
};
DLZ
^^^
::
dlz string {
database string;
search boolean;
};
DNSSEC-POLICY
^^^^^^^^^^^^^
::
dnssec-policy string {
dnskey-ttl duration;
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
duration_or_unlimited algorithm string [ integer ]; ... };
max-zone-ttl duration;
parent-ds-ttl duration;
parent-propagation-delay duration;
publish-safety duration;
retire-safety duration;
signatures-refresh duration;
signatures-validity duration;
signatures-validity-dnskey duration;
zone-propagation-delay duration;
};
DYNDB
^^^^^
::
dyndb string quoted_string {
unspecified-text };
KEY
^^^
::
key string {
algorithm string;
secret string;
};
LOGGING
^^^^^^^
::
logging {
category string { string; ... };
channel string {
buffered boolean;
file quoted_string [ versions ( unlimited | integer ) ]
[ size size ] [ suffix ( increment | timestamp ) ];
null;
print-category boolean;
print-severity boolean;
print-time ( iso8601 | iso8601-utc | local | boolean );
severity log_severity;
stderr;
syslog [ syslog_facility ];
};
};
MANAGED-KEYS
^^^^^^^^^^^^
See DNSSEC-KEYS.
::
managed-keys { string ( static-key
| initial-key | static-ds |
initial-ds ) integer integer
integer quoted_string; ... };, deprecated
MASTERS
^^^^^^^
::
masters string [ port integer ] [ dscp
integer ] { ( masters | ipv4_address [
port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
OPTIONS
^^^^^^^
::
options {
allow-new-zones boolean;
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-cache { address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
automatic-interface-scan boolean;
avoid-v4-udp-ports { portrange; ... };
avoid-v6-udp-ports { portrange; ... };
bindkeys-file quoted_string;
blackhole { address_match_element; ... };
cache-file quoted_string;
catalog-zones { zone string [ default-masters [ port integer ]
[ dscp integer ] { ( masters | ipv4_address [ port
integer ] | ipv6_address [ port integer ] ) [ key
string ]; ... } ] [ zone-directory quoted_string ] [
in-memory boolean ] [ min-update-interval duration ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
clients-per-query integer;
cookie-algorithm ( aes | siphash24 );
cookie-secret string;
coresize ( default | unlimited | sizeval );
datasize ( default | unlimited | sizeval );
deny-answer-addresses { address_match_element; ... } [
except-from { string; ... } ];
deny-answer-aliases { string; ... } [ except-from { string; ...
} ];
dialup ( notify | notify-passive | passive | refresh | boolean );
directory quoted_string;
disable-algorithms string { string;
... };
disable-ds-digests string { string;
... };
disable-empty-zone string;
dns64 netprefix {
break-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive-only boolean;
suffix ipv6_address;
};
dns64-contact string;
dns64-server string;
dnskey-sig-validity integer;
dnsrps-enable boolean;
dnsrps-options { unspecified-text };
dnssec-accept-expired boolean;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-must-be-secure string boolean;
dnssec-policy string;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
... };
dnstap-identity ( quoted_string | none |
hostname );
dnstap-output ( file | unix ) quoted_string [
size ( unlimited | size ) ] [ versions (
unlimited | integer ) ] [ suffix ( increment
| timestamp ) ];
dnstap-version ( quoted_string | none );
dscp integer;
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dump-file quoted_string;
edns-udp-size integer;
empty-contact string;
empty-server string;
empty-zones-enable boolean;
fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
fetches-per-server integer [ ( drop | fail ) ];
fetches-per-zone integer [ ( drop | fail ) ];
files ( default | unlimited | sizeval );
flush-zones-on-shutdown boolean;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
fstrm-set-buffer-hint integer;
fstrm-set-flush-timeout integer;
fstrm-set-input-queue-size integer;
fstrm-set-output-notify-threshold integer;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size integer;
fstrm-set-reopen-interval duration;
geoip-directory ( quoted_string | none );
glue-cache boolean;
heartbeat-interval integer;
hostname ( quoted_string | none );
inline-signing boolean;
interface-interval duration;
ixfr-from-differences ( primary | master | secondary | slave |
boolean );
keep-response-order { address_match_element; ... };
key-directory quoted_string;
lame-ttl duration;
listen-on [ port integer ] [ dscp
integer ] {
address_match_element; ... };
listen-on-v6 [ port integer ] [ dscp
integer ] {
address_match_element; ... };
lmdb-mapsize sizeval;
lock-file ( quoted_string | none );
managed-keys-directory quoted_string;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses boolean;
max-cache-size ( default | unlimited | sizeval | percentage );
max-cache-ttl duration;
max-clients-per-query integer;
max-ixfr-ratio ( unlimited | percentage );
max-journal-size ( default | unlimited | sizeval );
max-ncache-ttl duration;
max-records integer;
max-recursion-depth integer;
max-recursion-queries integer;
max-refresh-time integer;
max-retry-time integer;
max-rsa-exponent-size integer;
max-stale-ttl duration;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-udp-size integer;
max-zone-ttl ( unlimited | duration );
memstatistics boolean;
memstatistics-file quoted_string;
message-compression boolean;
min-cache-ttl duration;
min-ncache-ttl duration;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
multi-master boolean;
new-zones-directory quoted_string;
no-case-compress { address_match_element; ... };
nocookie-udp-size integer;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-rate integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
nta-lifetime duration;
nta-recheck duration;
nxdomain-redirect string;
pid-file ( quoted_string | none );
port integer;
preferred-glue string;
prefetch integer [ integer ];
provide-ixfr boolean;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
querylog boolean;
random-device ( quoted_string | none );
rate-limit {
all-per-second integer;
errors-per-second integer;
exempt-clients { address_match_element; ... };
ipv4-prefix-length integer;
ipv6-prefix-length integer;
log-only boolean;
max-table-size integer;
min-table-size integer;
nodata-per-second integer;
nxdomains-per-second integer;
qps-scale integer;
referrals-per-second integer;
responses-per-second integer;
slip integer;
window integer;
};
recursing-file quoted_string;
recursion boolean;
recursive-clients integer;
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
require-server-cookie boolean;
reserved-sockets integer;
resolver-nonbackoff-tries integer;
resolver-query-timeout integer;
resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
integer;
response-policy { zone string [ add-soa boolean ] [ log
boolean ] [ max-policy-ttl duration ] [ min-update-interval
duration ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
recursive-only boolean ] [ nsip-enable boolean ] [
nsdname-enable boolean ]; ... } [ add-soa boolean ] [
break-dnssec boolean ] [ max-policy-ttl duration ] [
min-update-interval duration ] [ min-ns-dots integer ] [
nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean
] [ qname-wait-recurse boolean ] [ recursive-only boolean ]
[ nsip-enable boolean ] [ nsdname-enable boolean ] [
dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
} ];
root-delegation-only [ exclude { string; ... } ];
root-key-sentinel boolean;
rrset-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
secroots-file quoted_string;
send-cookie boolean;
serial-query-rate integer;
serial-update-method ( date | increment | unixtime );
server-id ( quoted_string | none | hostname );
servfail-ttl duration;
session-keyalg string;
session-keyfile ( quoted_string | none );
session-keyname string;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
sortlist { address_match_element; ... };
stacksize ( default | unlimited | sizeval );
stale-answer-enable boolean;
stale-answer-ttl duration;
startup-notify-rate integer;
statistics-file quoted_string;
synth-from-dnssec boolean;
tcp-advertised-timeout integer;
tcp-clients integer;
tcp-idle-timeout integer;
tcp-initial-timeout integer;
tcp-keepalive-timeout integer;
tcp-listen-queue integer;
tkey-dhkey quoted_string integer;
tkey-domain quoted_string;
tkey-gssapi-credential quoted_string;
tkey-gssapi-keytab quoted_string;
transfer-format ( many-answers | one-answer );
transfer-message-size integer;
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers-in integer;
transfers-out integer;
transfers-per-ns integer;
trust-anchor-telemetry boolean; // experimental
try-tcp-refresh boolean;
update-check-ksk boolean;
use-alt-transfer-source boolean;
use-v4-udp-ports { portrange; ... };
use-v6-udp-ports { portrange; ... };
v6-bias integer;
validate-except { string; ... };
version ( quoted_string | none );
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
zone-statistics ( full | terse | none | boolean );
};
PLUGIN
^^^^^^
::
plugin ( query ) string [ { unspecified-text
} ];
SERVER
^^^^^^
::
server netprefix {
bogus boolean;
edns boolean;
edns-udp-size integer;
edns-version integer;
keys server_key;
max-udp-size integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
padding integer;
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
send-cookie boolean;
tcp-keepalive boolean;
tcp-only boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers integer;
};
STATISTICS-CHANNELS
^^^^^^^^^^^^^^^^^^^
::
statistics-channels {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] [
allow { address_match_element; ...
} ];
};
TRUST-ANCHORS
^^^^^^^^^^^^^
::
trust-anchors { string ( static-key |
initial-key | static-ds | initial-ds )
integer integer integer
quoted_string; ... };
TRUSTED-KEYS
^^^^^^^^^^^^
Deprecated - see DNSSEC-KEYS.
::
trusted-keys { string integer
integer integer
quoted_string; ... };, deprecated
VIEW
^^^^
::
view string [ class ] {
allow-new-zones boolean;
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-cache { address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
cache-file quoted_string;
catalog-zones { zone string [ default-masters [ port integer ]
[ dscp integer ] { ( masters | ipv4_address [ port
integer ] | ipv6_address [ port integer ] ) [ key
string ]; ... } ] [ zone-directory quoted_string ] [
in-memory boolean ] [ min-update-interval duration ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
clients-per-query integer;
deny-answer-addresses { address_match_element; ... } [
except-from { string; ... } ];
deny-answer-aliases { string; ... } [ except-from { string; ...
} ];
dialup ( notify | notify-passive | passive | refresh | boolean );
disable-algorithms string { string;
... };
disable-ds-digests string { string;
... };
disable-empty-zone string;
dlz string {
database string;
search boolean;
};
dns64 netprefix {
break-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive-only boolean;
suffix ipv6_address;
};
dns64-contact string;
dns64-server string;
dnskey-sig-validity integer;
dnsrps-enable boolean;
dnsrps-options { unspecified-text };
dnssec-accept-expired boolean;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-must-be-secure string boolean;
dnssec-policy string;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
... };
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dyndb string quoted_string {
unspecified-text };
edns-udp-size integer;
empty-contact string;
empty-server string;
empty-zones-enable boolean;
fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
fetches-per-server integer [ ( drop | fail ) ];
fetches-per-zone integer [ ( drop | fail ) ];
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
glue-cache boolean;
inline-signing boolean;
ixfr-from-differences ( primary | master | secondary | slave |
boolean );
key string {
algorithm string;
secret string;
};
key-directory quoted_string;
lame-ttl duration;
lmdb-mapsize sizeval;
managed-keys { string (
static-key | initial-key
| static-ds | initial-ds
) integer integer
integer
quoted_string; ... };, deprecated
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-clients { address_match_element; ... };
match-destinations { address_match_element; ... };
match-recursive-only boolean;
max-cache-size ( default | unlimited | sizeval | percentage );
max-cache-ttl duration;
max-clients-per-query integer;
max-ixfr-ratio ( unlimited | percentage );
max-journal-size ( default | unlimited | sizeval );
max-ncache-ttl duration;
max-records integer;
max-recursion-depth integer;
max-recursion-queries integer;
max-refresh-time integer;
max-retry-time integer;
max-stale-ttl duration;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-udp-size integer;
max-zone-ttl ( unlimited | duration );
message-compression boolean;
min-cache-ttl duration;
min-ncache-ttl duration;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
multi-master boolean;
new-zones-directory quoted_string;
no-case-compress { address_match_element; ... };
nocookie-udp-size integer;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
nta-lifetime duration;
nta-recheck duration;
nxdomain-redirect string;
plugin ( query ) string [ {
unspecified-text } ];
preferred-glue string;
prefetch integer [ integer ];
provide-ixfr boolean;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
rate-limit {
all-per-second integer;
errors-per-second integer;
exempt-clients { address_match_element; ... };
ipv4-prefix-length integer;
ipv6-prefix-length integer;
log-only boolean;
max-table-size integer;
min-table-size integer;
nodata-per-second integer;
nxdomains-per-second integer;
qps-scale integer;
referrals-per-second integer;
responses-per-second integer;
slip integer;
window integer;
};
recursion boolean;
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
require-server-cookie boolean;
resolver-nonbackoff-tries integer;
resolver-query-timeout integer;
resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
integer;
response-policy { zone string [ add-soa boolean ] [ log
boolean ] [ max-policy-ttl duration ] [ min-update-interval
duration ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
recursive-only boolean ] [ nsip-enable boolean ] [
nsdname-enable boolean ]; ... } [ add-soa boolean ] [
break-dnssec boolean ] [ max-policy-ttl duration ] [
min-update-interval duration ] [ min-ns-dots integer ] [
nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean
] [ qname-wait-recurse boolean ] [ recursive-only boolean ]
[ nsip-enable boolean ] [ nsdname-enable boolean ] [
dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
} ];
root-delegation-only [ exclude { string; ... } ];
root-key-sentinel boolean;
rrset-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
send-cookie boolean;
serial-update-method ( date | increment | unixtime );
server netprefix {
bogus boolean;
edns boolean;
edns-udp-size integer;
edns-version integer;
keys server_key;
max-udp-size integer;
notify-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
padding integer;
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port
( integer | * ) ] ) | ( [ [ address ] (
ipv4_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
port ( integer | * ) ] ) | ( [ [ address ] (
ipv6_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
send-cookie boolean;
tcp-keepalive boolean;
tcp-only boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
transfers integer;
};
servfail-ttl duration;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
sortlist { address_match_element; ... };
stale-answer-enable boolean;
stale-answer-ttl duration;
synth-from-dnssec boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
trust-anchor-telemetry boolean; // experimental
trust-anchors { string ( static-key |
initial-key | static-ds | initial-ds
) integer integer integer
quoted_string; ... };
trusted-keys { string
integer integer
integer
quoted_string; ... };, deprecated
try-tcp-refresh boolean;
update-check-ksk boolean;
use-alt-transfer-source boolean;
v6-bias integer;
validate-except { string; ... };
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
zone string [ class ] {
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { (
masters | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ];
... };
alt-transfer-source ( ipv4_address | * ) [ port (
integer | * ) ] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
database string;
delegation-only boolean;
dialup ( notify | notify-passive | passive | refresh |
boolean );
dlz string;
dnskey-sig-validity integer;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-policy string;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
file quoted_string;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { (
ipv4_address | ipv6_address ) [ port integer ] [
dscp integer ]; ... };
in-view string;
inline-signing boolean;
ixfr-from-differences boolean;
journal quoted_string;
key-directory quoted_string;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port integer ] [ dscp integer ] { ( masters
| ipv4_address [ port integer ] | ipv6_address [
port integer ] ) [ key string ]; ... };
max-ixfr-ratio ( unlimited | percentage );
max-journal-size ( default | unlimited | sizeval );
max-records integer;
max-refresh-time integer;
max-retry-time integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-zone-ttl ( unlimited | duration );
min-refresh-time integer;
min-retry-time integer;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
notify-to-soa boolean;
request-expire boolean;
request-ixfr boolean;
serial-update-method ( date | increment | unixtime );
server-addresses { ( ipv4_address | ipv6_address ); ... };
server-names { string; ... };
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
transfer-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
try-tcp-refresh boolean;
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string (
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ string ] rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
};
zone-statistics ( full | terse | none | boolean );
};
ZONE
^^^^
::
zone string [ class ] {
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
database string;
delegation-only boolean;
dialup ( notify | notify-passive | passive | refresh | boolean );
dlz string;
dnskey-sig-validity integer;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-policy string;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
file quoted_string;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
in-view string;
inline-signing boolean;
ixfr-from-differences boolean;
journal quoted_string;
key-directory quoted_string;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port integer ] [ dscp integer ] { ( masters |
ipv4_address [ port integer ] | ipv6_address [ port
integer ] ) [ key string ]; ... };
max-ixfr-ratio ( unlimited | percentage );
max-journal-size ( default | unlimited | sizeval );
max-records integer;
max-refresh-time integer;
max-retry-time integer;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-zone-ttl ( unlimited | duration );
min-refresh-time integer;
min-retry-time integer;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
request-expire boolean;
request-ixfr boolean;
serial-update-method ( date | increment | unixtime );
server-addresses { ( ipv4_address | ipv6_address ); ... };
server-names { string; ... };
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
try-tcp-refresh boolean;
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ string ]
rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
};
Files
~~~~~
``/etc/named.conf``
See Also
~~~~~~~~
:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual.
Reference in a new issue View git blame Copy permalink