DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

named.conf(5)




NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)


NAME

     named.conf - configuration file for named


SYNOPSIS

     named.conf


DESCRIPTION

     named.conf is the configuration file for named. Statements
     are enclosed in braces and terminated with a semi-colon.
     Clauses in the statements are also semi-colon terminated.
     The usual comment styles are supported:

     C style: /* */

     C++ style: // to end of line

     Unix style: # to end of line


ACL

         acl string { address_match_element; ... };


KEY

         key domain_name {
              algorithm string;
              secret string;
         };


MASTERS

         masters string [ port integer ] {
              ( masters | ipv4_address [port integer] |
              ipv6_address [port integer] ) [ key string ]; ...
         };


SERVER

         server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
              bogus boolean;
              edns boolean;
              edns-udp-size integer;
              max-udp-size integer;
              tcp-only boolean;
              provide-ixfr boolean;
              request-ixfr boolean;
              keys server_key;
              transfers integer;
              transfer-format ( many-answers | one-answer );
              transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              support-ixfr boolean; // obsolete
         };

ISC                  Last change: 2014-01-08                    1

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)


TRUSTED-KEYS

         trusted-keys {
              domain_name flags protocol algorithm key; ...
         };


MANAGED-KEYS

         managed-keys {
              domain_name initial-key flags protocol algorithm key; ...
         };


CONTROLS

         controls {
              inet ( ipv4_address | ipv6_address | * )
                   [ port ( integer | * ) ]
                   allow { address_match_element; ... }
                   [ keys { string; ... } ];
              unix unsupported; // not implemented
         };


LOGGING

         logging {
              channel string {
                   file log_file;
                   syslog optional_facility;
                   null;
                   stderr;
                   severity log_severity;
                   print-time boolean;
                   print-severity boolean;
                   print-category boolean;
              };
              category string { string; ... };
         };


LWRES

         lwres {
              listen-on [ port integer ] {
                   ( ipv4_address | ipv6_address ) [ port integer ]; ...
              };
              view string optional_class;
              search { string; ... };
              ndots integer;
         };


OPTIONS

         options {
              avoid-v4-udp-ports { port; ... };
              avoid-v6-udp-ports { port; ... };
              blackhole { address_match_element; ... };
              coresize size;
              datasize size;
              directory quoted_string;

ISC                  Last change: 2014-01-08                    2

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              dump-file quoted_string;
              files size;
              heartbeat-interval integer;
              host-statistics boolean; // not implemented
              host-statistics-max number; // not implemented
              hostname ( quoted_string | none );
              interface-interval integer;
              listen-on [ port integer ] { address_match_element; ... };
              listen-on-v6 [ port integer ] { address_match_element; ... };
              match-mapped-addresses boolean;
              memstatistics-file quoted_string;
              pid-file ( quoted_string | none );
              port integer;
              querylog boolean;
              recursing-file quoted_string;
              reserved-sockets integer;
              random-device quoted_string;
              recursive-clients integer;
              serial-query-rate integer;
              server-id ( quoted_string | hostname | none );
              stacksize size;
              statistics-file quoted_string;
              statistics-interval integer; // not yet implemented
              tcp-clients integer;
              tcp-listen-queue integer;
              tkey-dhkey quoted_string integer;
              tkey-gssapi-credential quoted_string;
              tkey-gssapi-keytab quoted_string;
              tkey-domain quoted_string;
              transfers-per-ns integer;
              transfers-in integer;
              transfers-out integer;
              version ( quoted_string | none );
              allow-recursion { address_match_element; ... };
              allow-recursion-on { address_match_element; ... };
              sortlist { address_match_element; ... };
              topology { address_match_element; ... }; // not implemented
              auth-nxdomain boolean; // default changed
              minimal-responses boolean;
              recursion boolean;
              rrset-order {
                   [ class string ] [ type string ]
                   [ name quoted_string ] string string; ...
              };
              provide-ixfr boolean;
              request-ixfr boolean;
              rfc2308-type1 boolean; // not yet implemented
              additional-from-auth boolean;
              additional-from-cache boolean;
              query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
              query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
              use-queryport-pool boolean;

ISC                  Last change: 2014-01-08                    3

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              queryport-pool-ports integer;
              queryport-pool-updateinterval integer;
              cleaning-interval integer;
              resolver-query-timeout integer;
              min-roots integer; // not implemented
              lame-ttl integer;
              max-ncache-ttl integer;
              max-cache-ttl integer;
              transfer-format ( many-answers | one-answer );
              max-cache-size size;
              max-acache-size size;
              clients-per-query number;
              max-clients-per-query number;
              check-names ( master | slave | response )
                   ( fail | warn | ignore );
              check-mx ( fail | warn | ignore );
              check-integrity boolean;
              check-mx-cname ( fail | warn | ignore );
              check-srv-cname ( fail | warn | ignore );
              cache-file quoted_string; // test option
              suppress-initial-notify boolean; // not yet implemented
              preferred-glue string;
              dual-stack-servers [ port integer ] {
                   ( quoted_string [port integer] |
                   ipv4_address [port integer] |
                   ipv6_address [port integer] ); ...
              };
              edns-udp-size integer;
              max-udp-size integer;
              root-delegation-only [ exclude { quoted_string; ... } ];
              disable-algorithms string { string; ... };
              disable-ds-digests string { string; ... };
              dnssec-enable boolean;
              dnssec-validation boolean;
              dnssec-lookaside ( auto | no | domain trust-anchor domain );
              dnssec-must-be-secure string boolean;
              dnssec-accept-expired boolean;
              dns64-server string;
              dns64-contact string;
              dns64 prefix {
                   clients { <replacable>acl</replacable>; };
                   exclude { <replacable>acl</replacable>; };
                   mapped { <replacable>acl</replacable>; };
                   break-dnssec boolean;
                   recursive-only boolean;
                   suffix ipv6_address;
              };
              empty-server string;
              empty-contact string;
              empty-zones-enable boolean;
              disable-empty-zone string;
              dialup dialuptype;

ISC                  Last change: 2014-01-08                    4

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              ixfr-from-differences ixfrdiff;
              allow-query { address_match_element; ... };
              allow-query-on { address_match_element; ... };
              allow-query-cache { address_match_element; ... };
              allow-query-cache-on { address_match_element; ... };
              allow-transfer { address_match_element; ... };
              allow-update { address_match_element; ... };
              allow-update-forwarding { address_match_element; ... };
              update-check-ksk boolean;
              dnssec-dnskey-kskonly boolean;
              masterfile-format ( text | raw | map );
              notify notifytype;
              notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
              notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
              notify-delay seconds;
              notify-to-soa boolean;
              also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                   [ port integer ]; ...
                   [ key keyname ] ... };
              allow-notify { address_match_element; ... };
              forward ( first | only );
              forwarders [ port integer ] {
                   ( ipv4_address | ipv6_address ) [ port integer ]; ...
              };
              max-journal-size size_no_default;
              max-records integer;
              max-transfer-time-in integer;
              max-transfer-time-out integer;
              max-transfer-idle-in integer;
              max-transfer-idle-out integer;
              max-retry-time integer;
              min-retry-time integer;
              max-refresh-time integer;
              min-refresh-time integer;
              multi-master boolean;
              sig-validity-interval integer;
              sig-re-signing-interval integer;
              sig-signing-nodes integer;
              sig-signing-signatures integer;
              sig-signing-type integer;
              transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              alt-transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              alt-transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              use-alt-transfer-source boolean;
              zone-statistics boolean;
              key-directory quoted_string;
              managed-keys-directory quoted_string;

ISC                  Last change: 2014-01-08                    5

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              auto-dnssec allow|maintain|off;
              try-tcp-refresh boolean;
              zero-no-soa-ttl boolean;
              zero-no-soa-ttl-cache boolean;
              dnssec-secure-to-insecure boolean;
              automatic-interface-scan boolean;
              deny-answer-addresses {
                   address_match_list
              } [ except-from { namelist } ];
              deny-answer-aliases {
                   namelist
              } [ except-from { namelist } ];
              nsec3-test-zone boolean;  // testing only
              allow-v6-synthesis { address_match_element; ... }; // obsolete
              deallocate-on-exit boolean; // obsolete
              fake-iquery boolean; // obsolete
              fetch-glue boolean; // obsolete
              has-old-clients boolean; // obsolete
              maintain-ixfr-base boolean; // obsolete
              max-ixfr-log-size size; // obsolete
              multiple-cnames boolean; // obsolete
              named-xfer quoted_string; // obsolete
              serial-queries integer; // obsolete
              treat-cr-as-space boolean; // obsolete
              use-id-pool boolean; // obsolete
              use-ixfr boolean; // obsolete
         };


VIEW

         view string optional_class {
              match-clients { address_match_element; ... };
              match-destinations { address_match_element; ... };
              match-recursive-only boolean;
              key string {
                   algorithm string;
                   secret string;
              };
              zone string optional_class {
                   ...
              };
              server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
                   ...
              };
              trusted-keys {
                   string integer integer integer quoted_string;
                   [...]
              };
              managed-keys {
                   domain_name initial-key flags protocol algorithm key;
                   [...]
              };
              allow-recursion { address_match_element; ... };

ISC                  Last change: 2014-01-08                    6

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              allow-recursion-on { address_match_element; ... };
              sortlist { address_match_element; ... };
              topology { address_match_element; ... }; // not implemented
              auth-nxdomain boolean; // default changed
              minimal-responses boolean;
              recursion boolean;
              rrset-order {
                   [ class string ] [ type string ]
                   [ name quoted_string ] string string; ...
              };
              provide-ixfr boolean;
              request-ixfr boolean;
              rfc2308-type1 boolean; // not yet implemented
              additional-from-auth boolean;
              additional-from-cache boolean;
              query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
              query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
              use-queryport-pool boolean;
              queryport-pool-ports integer;
              queryport-pool-updateinterval integer;
              cleaning-interval integer;
              resolver-query-timeout integer;
              min-roots integer; // not implemented
              lame-ttl integer;
              max-ncache-ttl integer;
              max-cache-ttl integer;
              transfer-format ( many-answers | one-answer );
              max-cache-size size;
              max-acache-size size;
              clients-per-query number;
              max-clients-per-query number;
              check-names ( master | slave | response )
                   ( fail | warn | ignore );
              check-mx ( fail | warn | ignore );
              check-integrity boolean;
              check-mx-cname ( fail | warn | ignore );
              check-srv-cname ( fail | warn | ignore );
              cache-file quoted_string; // test option
              suppress-initial-notify boolean; // not yet implemented
              preferred-glue string;
              dual-stack-servers [ port integer ] {
                   ( quoted_string [port integer] |
                   ipv4_address [port integer] |
                   ipv6_address [port integer] ); ...
              };
              edns-udp-size integer;
              max-udp-size integer;
              root-delegation-only [ exclude { quoted_string; ... } ];
              disable-algorithms string { string; ... };
              disable-ds-digests string { string; ... };
              dnssec-enable boolean;
              dnssec-validation boolean;

ISC                  Last change: 2014-01-08                    7

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              dnssec-lookaside ( auto | no | domain trust-anchor domain );
              dnssec-must-be-secure string boolean;
              dnssec-accept-expired boolean;
              dns64-server string;
              dns64-contact string;
              dns64 prefix {
                   clients { <replacable>acl</replacable>; };
                   exclude { <replacable>acl</replacable>; };
                   mapped { <replacable>acl</replacable>; };
                   break-dnssec boolean;
                   recursive-only boolean;
                   suffix ipv6_address;
              };
              empty-server string;
              empty-contact string;
              empty-zones-enable boolean;
              disable-empty-zone string;
              dialup dialuptype;
              ixfr-from-differences ixfrdiff;
              allow-query { address_match_element; ... };
              allow-query-on { address_match_element; ... };
              allow-query-cache { address_match_element; ... };
              allow-query-cache-on { address_match_element; ... };
              allow-transfer { address_match_element; ... };
              allow-update { address_match_element; ... };
              allow-update-forwarding { address_match_element; ... };
              update-check-ksk boolean;
              dnssec-dnskey-kskonly boolean;
              masterfile-format ( text | raw | map );
              notify notifytype;
              notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
              notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
              notify-delay seconds;
              notify-to-soa boolean;
              also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                   [ port integer ]; ...
                   [ key keyname ] ... };
              allow-notify { address_match_element; ... };
              forward ( first | only );
              forwarders [ port integer ] {
                   ( ipv4_address | ipv6_address ) [ port integer ]; ...
              };
              max-journal-size size_no_default;
              max-records integer;
              max-transfer-time-in integer;
              max-transfer-time-out integer;
              max-transfer-idle-in integer;
              max-transfer-idle-out integer;
              max-retry-time integer;
              min-retry-time integer;
              max-refresh-time integer;
              min-refresh-time integer;

ISC                  Last change: 2014-01-08                    8

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              multi-master boolean;
              sig-validity-interval integer;
              transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              alt-transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              alt-transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              use-alt-transfer-source boolean;
              zone-statistics boolean;
              try-tcp-refresh boolean;
              key-directory quoted_string;
              zero-no-soa-ttl boolean;
              zero-no-soa-ttl-cache boolean;
              dnssec-secure-to-insecure boolean;
              allow-v6-synthesis { address_match_element; ... }; // obsolete
              fetch-glue boolean; // obsolete
              maintain-ixfr-base boolean; // obsolete
              max-ixfr-log-size size; // obsolete
         };


ZONE

         zone string optional_class {
              type ( master | slave | stub | hint | redirect |
                   forward | delegation-only );
              file quoted_string;
              masters [ port integer ] {
                   ( masters |
                   ipv4_address [port integer] |
                   ipv6_address [ port integer ] ) [ key string ]; ...
              };
              database string;
              delegation-only boolean;
              check-names ( fail | warn | ignore );
              check-mx ( fail | warn | ignore );
              check-integrity boolean;
              check-mx-cname ( fail | warn | ignore );
              check-srv-cname ( fail | warn | ignore );
              dialup dialuptype;
              ixfr-from-differences boolean;
              journal quoted_string;
              zero-no-soa-ttl boolean;
              dnssec-secure-to-insecure boolean;
              allow-query { address_match_element; ... };
              allow-query-on { address_match_element; ... };
              allow-transfer { address_match_element; ... };
              allow-update { address_match_element; ... };
              allow-update-forwarding { address_match_element; ... };
              update-policy local |  {
                   ( grant | deny ) string

ISC                  Last change: 2014-01-08                    9

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

                   ( name | subdomain | wildcard | self | selfsub | selfwild |
                           krb5-self | ms-self | krb5-subdomain | ms-subdomain |
                     tcp-self | zonesub | 6to4-self ) string
                   rrtypelist;
                   [...]
              };
              update-check-ksk boolean;
              dnssec-dnskey-kskonly boolean;
              masterfile-format ( text | raw | map );
              notify notifytype;
              notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
              notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
              notify-delay seconds;
              notify-to-soa boolean;
              also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                   [ port integer ]; ...
                   [ key keyname ] ... };
              allow-notify { address_match_element; ... };
              forward ( first | only );
              forwarders [ port integer ] {
                   ( ipv4_address | ipv6_address ) [ port integer ]; ...
              };
              max-journal-size size_no_default;
              max-records integer;
              max-transfer-time-in integer;
              max-transfer-time-out integer;
              max-transfer-idle-in integer;
              max-transfer-idle-out integer;
              max-retry-time integer;
              min-retry-time integer;
              max-refresh-time integer;
              min-refresh-time integer;
              multi-master boolean;
              request-ixfr boolean;
              sig-validity-interval integer;
              transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              alt-transfer-source ( ipv4_address | * )
                   [ port ( integer | * ) ];
              alt-transfer-source-v6 ( ipv6_address | * )
                   [ port ( integer | * ) ];
              use-alt-transfer-source boolean;
              zone-statistics boolean;
              try-tcp-refresh boolean;
              key-directory quoted_string;
              nsec3-test-zone boolean;  // testing only
              ixfr-base quoted_string; // obsolete
              ixfr-tmp-file quoted_string; // obsolete
              maintain-ixfr-base boolean; // obsolete
              max-ixfr-log-size size; // obsolete

ISC                  Last change: 2014-01-08                   10

NAMED.CONF(5)                 BIND9                 NAMED.CONF(5)

              pubkey integer integer integer quoted_string; // obsolete
         };


FILES

     /etc/named.conf


SEE ALSO

     named(8), named-checkconf(8), rndc(8), BIND 9 Administrator
     Reference Manual.


AUTHOR

     Internet Systems Consortium, Inc.


COPYRIGHT

     Copyright 8c9 2004-2016 Internet Systems Consortium, Inc.
     ("ISC")

ISC                  Last change: 2014-01-08                   11


Man(1) output converted with man2html