NAMED.CONF

NAME
SYNOPSIS
DESCRIPTION
ACL
KEY
MASTERS
SERVER
TRUSTED−KEYS
CONTROLS
LOGGING
LWRES
OPTIONS
VIEW
ZONE
FILES
SEE ALSO
COPYRIGHT

NAME

named.conf − configuration file for named

SYNOPSIS

named.conf

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi−colon. Clauses in the statements are also semi−colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

ACL

acl string { address_match_element; ... };

KEY

key domain_name {

algorithm string;

secret string;

};

MASTERS

masters string [ port integer ] {

( masters | ipv4_address [port integer] |

ipv6_address [port integer] ) [ key string ]; ...

};

SERVER

server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {

bogus boolean;

edns boolean;

edns−udp−size integer;

max−udp−size integer;

provide−ixfr boolean;

request−ixfr boolean;

keys server_key;

transfers integer;

transfer−format ( many−answers | one−answer );

transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

support−ixfr boolean; // obsolete

};

TRUSTED−KEYS

trusted−keys {

domain_name flags protocol algorithm key; ...

};

CONTROLS

controls {

inet ( ipv4_address | ipv6_address | * )

[ port ( integer | * ) ]

allow { address_match_element; ... }

[ keys { string; ... } ];

unix unsupported; // not implemented

};

LOGGING

logging {

channel string {

file log_file;

syslog optional_facility;

null;

stderr;

severity log_severity;

print−time boolean;

print−severity boolean;

print−category boolean;

};

category string { string; ... };

};

LWRES

lwres {

listen−on [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

view string optional_class;

search { string; ... };

ndots integer;

};

OPTIONS

options {

avoid−v4−udp−ports { port; ... };

avoid−v6−udp−ports { port; ... };

blackhole { address_match_element; ... };

coresize size;

datasize size;

directory quoted_string;

dump−file quoted_string;

files size;

heartbeat−interval integer;

host−statistics boolean; // not implemented

host−statistics−max number; // not implemented

hostname ( quoted_string | none );

interface−interval integer;

listen−on [ port integer ] { address_match_element; ... };

listen−on−v6 [ port integer ] { address_match_element; ... };

match−mapped−addresses boolean;

memstatistics−file quoted_string;

pid−file ( quoted_string | none );

port integer;

querylog boolean;

recursing−file quoted_string;

reserved−sockets integer;

random−device quoted_string;

recursive−clients integer;

serial−query−rate integer;

server−id ( quoted_string | none |;

stacksize size;

statistics−file quoted_string;

statistics−interval integer; // not yet implemented

tcp−clients integer;

tcp−listen−queue integer;

tkey−dhkey quoted_string integer;

tkey−gssapi−credential quoted_string;

tkey−domain quoted_string;

transfers−per−ns integer;

transfers−in integer;

transfers−out integer;

use−ixfr boolean;

version ( quoted_string | none );

allow−recursion { address_match_element; ... };

sortlist { address_match_element; ... };

topology { address_match_element; ... }; // not implemented

auth−nxdomain boolean; // default changed

minimal−responses boolean;

recursion boolean;

rrset−order {

[ class string ] [ type string ]

[ name quoted_string ] string string; ...

};

provide−ixfr boolean;

request−ixfr boolean;

rfc2308−type1 boolean; // not yet implemented

additional−from−auth boolean;

additional−from−cache boolean;

query−source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];

query−source−v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];

cleaning−interval integer;

min−roots integer; // not implemented

lame−ttl integer;

max−ncache−ttl integer;

max−cache−ttl integer;

transfer−format ( many−answers | one−answer );

max−cache−size size_no_default;

max−acache−size size_no_default;

clients−per−query number;

max−clients−per−query number;

check−names ( master | slave | response )

( fail | warn | ignore );

check−mx ( fail | warn | ignore );

check−integrity boolean;

check−mx−cname ( fail | warn | ignore );

check−srv−cname ( fail | warn | ignore );

cache−file quoted_string; // test option

suppress−initial−notify boolean; // not yet implemented

preferred−glue string;

dual−stack−servers [ port integer ] {

( quoted_string [port integer] |

ipv4_address [port integer] |

ipv6_address [port integer] ); ...

};

edns−udp−size integer;

max−udp−size integer;

root−delegation−only [ exclude { quoted_string; ... } ];

disable−algorithms string { string; ... };

dnssec−enable boolean;

dnssec−validation boolean;

dnssec−lookaside string trust−anchor string;

dnssec−must−be−secure string boolean;

dnssec−accept−expired boolean;

empty−server string;

empty−contact string;

empty−zones−enable boolean;

disable−empty−zone string;

dialup dialuptype;

ixfr−from−differences ixfrdiff;

allow−query { address_match_element; ... };

allow−query−cache { address_match_element; ... };

allow−transfer { address_match_element; ... };

allow−update { address_match_element; ... };

allow−update−forwarding { address_match_element; ... };

update−check−ksk boolean;

masterfile−format ( text | raw );

notify notifytype;

notify−source ( ipv4_address | * ) [ port ( integer | * ) ];

notify−source−v6 ( ipv6_address | * ) [ port ( integer | * ) ];

notify−delay seconds;

also−notify [ port integer ] { ( ipv4_address | ipv6_address )

[ port integer ]; ... };

allow−notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

max−journal−size size_no_default;

max−transfer−time−in integer;

max−transfer−time−out integer;

max−transfer−idle−in integer;

max−transfer−idle−out integer;

max−retry−time integer;

min−retry−time integer;

max−refresh−time integer;

min−refresh−time integer;

multi−master boolean;

sig−validity−interval integer;

transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

alt−transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

alt−transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

use−alt−transfer−source boolean;

zone−statistics boolean;

key−directory quoted_string;

zero−no−soa−ttl boolean;

zero−no−soa−ttl−cache boolean;

allow−v6−synthesis { address_match_element; ... }; // obsolete

deallocate−on−exit boolean; // obsolete

fake−iquery boolean; // obsolete

fetch−glue boolean; // obsolete

has−old−clients boolean; // obsolete

maintain−ixfr−base boolean; // obsolete

max−ixfr−log−size size; // obsolete

multiple−cnames boolean; // obsolete

named−xfer quoted_string; // obsolete

serial−queries integer; // obsolete

treat−cr−as−space boolean; // obsolete

use−id−pool boolean; // obsolete

};

VIEW

view string optional_class {

match−clients { address_match_element; ... };

match−destinations { address_match_element; ... };

match−recursive−only boolean;

key string {

algorithm string;

secret string;

};

zone string optional_class {

...

};

server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {

...

};

trusted−keys {

string integer integer integer quoted_string; ...

};

allow−recursion { address_match_element; ... };

sortlist { address_match_element; ... };

topology { address_match_element; ... }; // not implemented

auth−nxdomain boolean; // default changed

minimal−responses boolean;

recursion boolean;

rrset−order {

[ class string ] [ type string ]

[ name quoted_string ] string string; ...

};

provide−ixfr boolean;

request−ixfr boolean;

rfc2308−type1 boolean; // not yet implemented

additional−from−auth boolean;

additional−from−cache boolean;

query−source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];

query−source−v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];

cleaning−interval integer;

min−roots integer; // not implemented

lame−ttl integer;

max−ncache−ttl integer;

max−cache−ttl integer;

transfer−format ( many−answers | one−answer );

max−cache−size size_no_default;

max−acache−size size_no_default;

clients−per−query number;

max−clients−per−query number;

check−names ( master | slave | response )

( fail | warn | ignore );

check−mx ( fail | warn | ignore );

check−integrity boolean;

check−mx−cname ( fail | warn | ignore );

check−srv−cname ( fail | warn | ignore );

cache−file quoted_string; // test option

suppress−initial−notify boolean; // not yet implemented

preferred−glue string;

dual−stack−servers [ port integer ] {

( quoted_string [port integer] |

ipv4_address [port integer] |

ipv6_address [port integer] ); ...

};

edns−udp−size integer;

max−udp−size integer;

root−delegation−only [ exclude { quoted_string; ... } ];

disable−algorithms string { string; ... };

dnssec−enable boolean;

dnssec−validation boolean;

dnssec−lookaside string trust−anchor string;

dnssec−must−be−secure string boolean;

dnssec−accept−expired boolean;

empty−server string;

empty−contact string;

empty−zones−enable boolean;

disable−empty−zone string;

dialup dialuptype;

ixfr−from−differences ixfrdiff;

allow−query { address_match_element; ... };

allow−query−cache { address_match_element; ... };

allow−transfer { address_match_element; ... };

allow−update { address_match_element; ... };

allow−update−forwarding { address_match_element; ... };

update−check−ksk boolean;

masterfile−format ( text | raw );

notify notifytype;

notify−source ( ipv4_address | * ) [ port ( integer | * ) ];

notify−source−v6 ( ipv6_address | * ) [ port ( integer | * ) ];

notify−delay seconds;

also−notify [ port integer ] { ( ipv4_address | ipv6_address )

[ port integer ]; ... };

allow−notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

max−journal−size size_no_default;

max−transfer−time−in integer;

max−transfer−time−out integer;

max−transfer−idle−in integer;

max−transfer−idle−out integer;

max−retry−time integer;

min−retry−time integer;

max−refresh−time integer;

min−refresh−time integer;

multi−master boolean;

sig−validity−interval integer;

transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

alt−transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

alt−transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

use−alt−transfer−source boolean;

zone−statistics boolean;

key−directory quoted_string;

zero−no−soa−ttl boolean;

zero−no−soa−ttl−cache boolean;

allow−v6−synthesis { address_match_element; ... }; // obsolete

fetch−glue boolean; // obsolete

maintain−ixfr−base boolean; // obsolete

max−ixfr−log−size size; // obsolete

};

ZONE

zone string optional_class {

type ( master | slave | stub | hint |

forward | delegation−only );

file quoted_string;

masters [ port integer ] {

( masters |

ipv4_address [port integer] |

ipv6_address [ port integer ] ) [ key string ]; ...

};

database string;

delegation−only boolean;

check−names ( fail | warn | ignore );

check−mx ( fail | warn | ignore );

check−integrity boolean;

check−mx−cname ( fail | warn | ignore );

check−srv−cname ( fail | warn | ignore );

dialup dialuptype;

ixfr−from−differences boolean;

journal quoted_string;

zero−no−soa−ttl boolean;

allow−query { address_match_element; ... };

allow−transfer { address_match_element; ... };

allow−update { address_match_element; ... };

allow−update−forwarding { address_match_element; ... };

update−policy {

( grant | deny ) string

( name | subdomain | wildcard | self ) string

rrtypelist; ...

};

update−check−ksk boolean;

masterfile−format ( text | raw );

notify notifytype;

notify−source ( ipv4_address | * ) [ port ( integer | * ) ];

notify−source−v6 ( ipv6_address | * ) [ port ( integer | * ) ];

notify−delay seconds;

also−notify [ port integer ] { ( ipv4_address | ipv6_address )

[ port integer ]; ... };

allow−notify { address_match_element; ... };

forward ( first | only );

forwarders [ port integer ] {

( ipv4_address | ipv6_address ) [ port integer ]; ...

};

max−journal−size size_no_default;

max−transfer−time−in integer;

max−transfer−time−out integer;

max−transfer−idle−in integer;

max−transfer−idle−out integer;

max−retry−time integer;

min−retry−time integer;

max−refresh−time integer;

min−refresh−time integer;

multi−master boolean;

sig−validity−interval integer;

transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

alt−transfer−source ( ipv4_address | * )

[ port ( integer | * ) ];

alt−transfer−source−v6 ( ipv6_address | * )

[ port ( integer | * ) ];

use−alt−transfer−source boolean;

zone−statistics boolean;

key−directory quoted_string;

ixfr−base quoted_string; // obsolete

ixfr−tmp−file quoted_string; // obsolete

maintain−ixfr−base boolean; // obsolete

max−ixfr−log−size size; // obsolete

pubkey integer integer integer quoted_string; // obsolete

};

FILES

/etc/namedb/named.conf

SEE ALSO

named(8), named−checkconf(8), rndc(8), BIND 9 Administrator Reference Manual.

COPYRIGHT

Copyright © 2004−2008 Internet Systems Consortium, Inc. ("ISC")