6318052d9e
lots of new features compared to 9.4.x, including: Full NSEC3 support Automatic zone re-signing New update-policy methods tcp-self and 6to4-self DHCID support. More detailed statistics counters including those supported in BIND 8. Faster ACL processing. Efficient LRU cache-cleaning mechanism. NSID support.
630 lines
30 KiB
Plaintext
630 lines
30 KiB
Plaintext
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
|
[<!ENTITY mdash "—">]>
|
|
<!--
|
|
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
|
|
-
|
|
- Permission to use, copy, modify, and/or distribute this software for any
|
|
- purpose with or without fee is hereby granted, provided that the above
|
|
- copyright notice and this permission notice appear in all copies.
|
|
-
|
|
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
- PERFORMANCE OF THIS SOFTWARE.
|
|
-->
|
|
|
|
<!-- $Id: named.conf.docbook,v 1.39 2008/09/24 02:46:21 marka Exp $ -->
|
|
<refentry>
|
|
<refentryinfo>
|
|
<date>Aug 13, 2004</date>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle><filename>named.conf</filename></refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
<refmiscinfo>BIND9</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname><filename>named.conf</filename></refname>
|
|
<refpurpose>configuration file for named</refpurpose>
|
|
</refnamediv>
|
|
|
|
<docinfo>
|
|
<copyright>
|
|
<year>2004</year>
|
|
<year>2005</year>
|
|
<year>2006</year>
|
|
<year>2007</year>
|
|
<year>2008</year>
|
|
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
|
</copyright>
|
|
</docinfo>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>named.conf</command>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>DESCRIPTION</title>
|
|
<para><filename>named.conf</filename> is the configuration file
|
|
for
|
|
<command>named</command>. Statements are enclosed
|
|
in braces and terminated with a semi-colon. Clauses in
|
|
the statements are also semi-colon terminated. The usual
|
|
comment styles are supported:
|
|
</para>
|
|
<para>
|
|
C style: /* */
|
|
</para>
|
|
<para>
|
|
C++ style: // to end of line
|
|
</para>
|
|
<para>
|
|
Unix style: # to end of line
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>ACL</title>
|
|
<literallayout>
|
|
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
|
|
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>KEY</title>
|
|
<literallayout>
|
|
key <replaceable>domain_name</replaceable> {
|
|
algorithm <replaceable>string</replaceable>;
|
|
secret <replaceable>string</replaceable>;
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>MASTERS</title>
|
|
<literallayout>
|
|
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
|
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>SERVER</title>
|
|
<literallayout>
|
|
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
|
|
bogus <replaceable>boolean</replaceable>;
|
|
edns <replaceable>boolean</replaceable>;
|
|
edns-udp-size <replaceable>integer</replaceable>;
|
|
max-udp-size <replaceable>integer</replaceable>;
|
|
provide-ixfr <replaceable>boolean</replaceable>;
|
|
request-ixfr <replaceable>boolean</replaceable>;
|
|
keys <replaceable>server_key</replaceable>;
|
|
transfers <replaceable>integer</replaceable>;
|
|
transfer-format ( many-answers | one-answer );
|
|
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
|
|
support-ixfr <replaceable>boolean</replaceable>; // obsolete
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>TRUSTED-KEYS</title>
|
|
<literallayout>
|
|
trusted-keys {
|
|
<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>CONTROLS</title>
|
|
<literallayout>
|
|
controls {
|
|
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
|
|
allow { <replaceable>address_match_element</replaceable>; ... }
|
|
<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
|
|
unix <replaceable>unsupported</replaceable>; // not implemented
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>LOGGING</title>
|
|
<literallayout>
|
|
logging {
|
|
channel <replaceable>string</replaceable> {
|
|
file <replaceable>log_file</replaceable>;
|
|
syslog <replaceable>optional_facility</replaceable>;
|
|
null;
|
|
stderr;
|
|
severity <replaceable>log_severity</replaceable>;
|
|
print-time <replaceable>boolean</replaceable>;
|
|
print-severity <replaceable>boolean</replaceable>;
|
|
print-category <replaceable>boolean</replaceable>;
|
|
};
|
|
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>LWRES</title>
|
|
<literallayout>
|
|
lwres {
|
|
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
|
|
};
|
|
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
|
|
search { <replaceable>string</replaceable>; ... };
|
|
ndots <replaceable>integer</replaceable>;
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>OPTIONS</title>
|
|
<literallayout>
|
|
options {
|
|
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
|
|
avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
|
|
blackhole { <replaceable>address_match_element</replaceable>; ... };
|
|
coresize <replaceable>size</replaceable>;
|
|
datasize <replaceable>size</replaceable>;
|
|
directory <replaceable>quoted_string</replaceable>;
|
|
dump-file <replaceable>quoted_string</replaceable>;
|
|
files <replaceable>size</replaceable>;
|
|
heartbeat-interval <replaceable>integer</replaceable>;
|
|
host-statistics <replaceable>boolean</replaceable>; // not implemented
|
|
host-statistics-max <replaceable>number</replaceable>; // not implemented
|
|
hostname ( <replaceable>quoted_string</replaceable> | none );
|
|
interface-interval <replaceable>integer</replaceable>;
|
|
listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
|
|
listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
|
|
match-mapped-addresses <replaceable>boolean</replaceable>;
|
|
memstatistics-file <replaceable>quoted_string</replaceable>;
|
|
pid-file ( <replaceable>quoted_string</replaceable> | none );
|
|
port <replaceable>integer</replaceable>;
|
|
querylog <replaceable>boolean</replaceable>;
|
|
recursing-file <replaceable>quoted_string</replaceable>;
|
|
reserved-sockets <replaceable>integer</replaceable>;
|
|
random-device <replaceable>quoted_string</replaceable>;
|
|
recursive-clients <replaceable>integer</replaceable>;
|
|
serial-query-rate <replaceable>integer</replaceable>;
|
|
server-id ( <replaceable>quoted_string</replaceable> | none |;
|
|
stacksize <replaceable>size</replaceable>;
|
|
statistics-file <replaceable>quoted_string</replaceable>;
|
|
statistics-interval <replaceable>integer</replaceable>; // not yet implemented
|
|
tcp-clients <replaceable>integer</replaceable>;
|
|
tcp-listen-queue <replaceable>integer</replaceable>;
|
|
tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
|
|
tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
|
|
tkey-domain <replaceable>quoted_string</replaceable>;
|
|
transfers-per-ns <replaceable>integer</replaceable>;
|
|
transfers-in <replaceable>integer</replaceable>;
|
|
transfers-out <replaceable>integer</replaceable>;
|
|
use-ixfr <replaceable>boolean</replaceable>;
|
|
version ( <replaceable>quoted_string</replaceable> | none );
|
|
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
|
|
sortlist { <replaceable>address_match_element</replaceable>; ... };
|
|
topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
|
|
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
|
|
minimal-responses <replaceable>boolean</replaceable>;
|
|
recursion <replaceable>boolean</replaceable>;
|
|
rrset-order {
|
|
<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
|
|
<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
|
|
};
|
|
provide-ixfr <replaceable>boolean</replaceable>;
|
|
request-ixfr <replaceable>boolean</replaceable>;
|
|
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
|
|
additional-from-auth <replaceable>boolean</replaceable>;
|
|
additional-from-cache <replaceable>boolean</replaceable>;
|
|
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
use-queryport-pool <replaceable>boolean</replaceable>;
|
|
queryport-pool-ports <replaceable>integer</replaceable>;
|
|
queryport-pool-updateinterval <replaceable>integer</replaceable>;
|
|
cleaning-interval <replaceable>integer</replaceable>;
|
|
min-roots <replaceable>integer</replaceable>; // not implemented
|
|
lame-ttl <replaceable>integer</replaceable>;
|
|
max-ncache-ttl <replaceable>integer</replaceable>;
|
|
max-cache-ttl <replaceable>integer</replaceable>;
|
|
transfer-format ( many-answers | one-answer );
|
|
max-cache-size <replaceable>size</replaceable>;
|
|
max-acache-size <replaceable>size</replaceable>;
|
|
clients-per-query <replaceable>number</replaceable>;
|
|
max-clients-per-query <replaceable>number</replaceable>;
|
|
check-names ( master | slave | response )
|
|
( fail | warn | ignore );
|
|
check-mx ( fail | warn | ignore );
|
|
check-integrity <replaceable>boolean</replaceable>;
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
cache-file <replaceable>quoted_string</replaceable>; // test option
|
|
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
|
|
preferred-glue <replaceable>string</replaceable>;
|
|
dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
|
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
|
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
|
|
};
|
|
edns-udp-size <replaceable>integer</replaceable>;
|
|
max-udp-size <replaceable>integer</replaceable>;
|
|
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
|
|
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
|
|
dnssec-enable <replaceable>boolean</replaceable>;
|
|
dnssec-validation <replaceable>boolean</replaceable>;
|
|
dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
|
|
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
|
|
dnssec-accept-expired <replaceable>boolean</replaceable>;
|
|
|
|
empty-server <replaceable>string</replaceable>;
|
|
empty-contact <replaceable>string</replaceable>;
|
|
empty-zones-enable <replaceable>boolean</replaceable>;
|
|
disable-empty-zone <replaceable>string</replaceable>;
|
|
|
|
dialup <replaceable>dialuptype</replaceable>;
|
|
ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
|
|
|
|
allow-query { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-update { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
|
|
update-check-ksk <replaceable>boolean</replaceable>;
|
|
|
|
masterfile-format ( text | raw );
|
|
notify <replaceable>notifytype</replaceable>;
|
|
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
notify-delay <replaceable>seconds</replaceable>;
|
|
notify-to-soa <replaceable>boolean</replaceable>;
|
|
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
|
|
<optional> port <replaceable>integer</replaceable> </optional>; ... };
|
|
allow-notify { <replaceable>address_match_element</replaceable>; ... };
|
|
|
|
forward ( first | only );
|
|
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
|
|
};
|
|
|
|
max-journal-size <replaceable>size_no_default</replaceable>;
|
|
max-transfer-time-in <replaceable>integer</replaceable>;
|
|
max-transfer-time-out <replaceable>integer</replaceable>;
|
|
max-transfer-idle-in <replaceable>integer</replaceable>;
|
|
max-transfer-idle-out <replaceable>integer</replaceable>;
|
|
max-retry-time <replaceable>integer</replaceable>;
|
|
min-retry-time <replaceable>integer</replaceable>;
|
|
max-refresh-time <replaceable>integer</replaceable>;
|
|
min-refresh-time <replaceable>integer</replaceable>;
|
|
multi-master <replaceable>boolean</replaceable>;
|
|
|
|
sig-validity-interval <replaceable>integer</replaceable>;
|
|
sig-re-signing-interval <replaceable>integer</replaceable>;
|
|
sig-signing-nodes <replaceable>integer</replaceable>;
|
|
sig-signing-signatures <replaceable>integer</replaceable>;
|
|
sig-signing-type <replaceable>integer</replaceable>;
|
|
|
|
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
|
|
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
use-alt-transfer-source <replaceable>boolean</replaceable>;
|
|
|
|
zone-statistics <replaceable>boolean</replaceable>;
|
|
key-directory <replaceable>quoted_string</replaceable>;
|
|
try-tcp-refresh <replaceable>boolean</replaceable>;
|
|
zero-no-soa-ttl <replaceable>boolean</replaceable>;
|
|
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
|
|
|
|
nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
|
|
|
|
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
|
|
deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
|
|
fake-iquery <replaceable>boolean</replaceable>; // obsolete
|
|
fetch-glue <replaceable>boolean</replaceable>; // obsolete
|
|
has-old-clients <replaceable>boolean</replaceable>; // obsolete
|
|
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
|
|
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
|
|
multiple-cnames <replaceable>boolean</replaceable>; // obsolete
|
|
named-xfer <replaceable>quoted_string</replaceable>; // obsolete
|
|
serial-queries <replaceable>integer</replaceable>; // obsolete
|
|
treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
|
|
use-id-pool <replaceable>boolean</replaceable>; // obsolete
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>VIEW</title>
|
|
<literallayout>
|
|
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
|
|
match-clients { <replaceable>address_match_element</replaceable>; ... };
|
|
match-destinations { <replaceable>address_match_element</replaceable>; ... };
|
|
match-recursive-only <replaceable>boolean</replaceable>;
|
|
|
|
key <replaceable>string</replaceable> {
|
|
algorithm <replaceable>string</replaceable>;
|
|
secret <replaceable>string</replaceable>;
|
|
};
|
|
|
|
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
|
|
...
|
|
};
|
|
|
|
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
|
|
...
|
|
};
|
|
|
|
trusted-keys {
|
|
<replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ...
|
|
};
|
|
|
|
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
|
|
sortlist { <replaceable>address_match_element</replaceable>; ... };
|
|
topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
|
|
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
|
|
minimal-responses <replaceable>boolean</replaceable>;
|
|
recursion <replaceable>boolean</replaceable>;
|
|
rrset-order {
|
|
<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
|
|
<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
|
|
};
|
|
provide-ixfr <replaceable>boolean</replaceable>;
|
|
request-ixfr <replaceable>boolean</replaceable>;
|
|
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
|
|
additional-from-auth <replaceable>boolean</replaceable>;
|
|
additional-from-cache <replaceable>boolean</replaceable>;
|
|
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
use-queryport-pool <replaceable>boolean</replaceable>;
|
|
queryport-pool-ports <replaceable>integer</replaceable>;
|
|
queryport-pool-updateinterval <replaceable>integer</replaceable>;
|
|
cleaning-interval <replaceable>integer</replaceable>;
|
|
min-roots <replaceable>integer</replaceable>; // not implemented
|
|
lame-ttl <replaceable>integer</replaceable>;
|
|
max-ncache-ttl <replaceable>integer</replaceable>;
|
|
max-cache-ttl <replaceable>integer</replaceable>;
|
|
transfer-format ( many-answers | one-answer );
|
|
max-cache-size <replaceable>size</replaceable>;
|
|
max-acache-size <replaceable>size</replaceable>;
|
|
clients-per-query <replaceable>number</replaceable>;
|
|
max-clients-per-query <replaceable>number</replaceable>;
|
|
check-names ( master | slave | response )
|
|
( fail | warn | ignore );
|
|
check-mx ( fail | warn | ignore );
|
|
check-integrity <replaceable>boolean</replaceable>;
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
cache-file <replaceable>quoted_string</replaceable>; // test option
|
|
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
|
|
preferred-glue <replaceable>string</replaceable>;
|
|
dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
|
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
|
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
|
|
};
|
|
edns-udp-size <replaceable>integer</replaceable>;
|
|
max-udp-size <replaceable>integer</replaceable>;
|
|
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
|
|
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
|
|
dnssec-enable <replaceable>boolean</replaceable>;
|
|
dnssec-validation <replaceable>boolean</replaceable>;
|
|
dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
|
|
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
|
|
dnssec-accept-expired <replaceable>boolean</replaceable>;
|
|
|
|
empty-server <replaceable>string</replaceable>;
|
|
empty-contact <replaceable>string</replaceable>;
|
|
empty-zones-enable <replaceable>boolean</replaceable>;
|
|
disable-empty-zone <replaceable>string</replaceable>;
|
|
|
|
dialup <replaceable>dialuptype</replaceable>;
|
|
ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
|
|
|
|
allow-query { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-update { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
|
|
update-check-ksk <replaceable>boolean</replaceable>;
|
|
|
|
masterfile-format ( text | raw );
|
|
notify <replaceable>notifytype</replaceable>;
|
|
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
notify-delay <replaceable>seconds</replaceable>;
|
|
notify-to-soa <replaceable>boolean</replaceable>;
|
|
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
|
|
<optional> port <replaceable>integer</replaceable> </optional>; ... };
|
|
allow-notify { <replaceable>address_match_element</replaceable>; ... };
|
|
|
|
forward ( first | only );
|
|
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
|
|
};
|
|
|
|
max-journal-size <replaceable>size_no_default</replaceable>;
|
|
max-transfer-time-in <replaceable>integer</replaceable>;
|
|
max-transfer-time-out <replaceable>integer</replaceable>;
|
|
max-transfer-idle-in <replaceable>integer</replaceable>;
|
|
max-transfer-idle-out <replaceable>integer</replaceable>;
|
|
max-retry-time <replaceable>integer</replaceable>;
|
|
min-retry-time <replaceable>integer</replaceable>;
|
|
max-refresh-time <replaceable>integer</replaceable>;
|
|
min-refresh-time <replaceable>integer</replaceable>;
|
|
multi-master <replaceable>boolean</replaceable>;
|
|
sig-validity-interval <replaceable>integer</replaceable>;
|
|
|
|
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
|
|
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
use-alt-transfer-source <replaceable>boolean</replaceable>;
|
|
|
|
zone-statistics <replaceable>boolean</replaceable>;
|
|
try-tcp-refresh <replaceable>boolean</replaceable>;
|
|
key-directory <replaceable>quoted_string</replaceable>;
|
|
zero-no-soa-ttl <replaceable>boolean</replaceable>;
|
|
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
|
|
|
|
allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
|
|
fetch-glue <replaceable>boolean</replaceable>; // obsolete
|
|
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
|
|
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>ZONE</title>
|
|
<literallayout>
|
|
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
|
|
type ( master | slave | stub | hint |
|
|
forward | delegation-only );
|
|
file <replaceable>quoted_string</replaceable>;
|
|
|
|
masters <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>masters</replaceable> |
|
|
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
|
<replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
|
|
};
|
|
|
|
database <replaceable>string</replaceable>;
|
|
delegation-only <replaceable>boolean</replaceable>;
|
|
check-names ( fail | warn | ignore );
|
|
check-mx ( fail | warn | ignore );
|
|
check-integrity <replaceable>boolean</replaceable>;
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
dialup <replaceable>dialuptype</replaceable>;
|
|
ixfr-from-differences <replaceable>boolean</replaceable>;
|
|
journal <replaceable>quoted_string</replaceable>;
|
|
zero-no-soa-ttl <replaceable>boolean</replaceable>;
|
|
|
|
allow-query { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-update { <replaceable>address_match_element</replaceable>; ... };
|
|
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
|
|
update-policy {
|
|
( grant | deny ) <replaceable>string</replaceable>
|
|
( name | subdomain | wildcard | self | selfsub | selfwild |
|
|
krb5-self | ms-self | krb5-subdomain | ms-subdomain |
|
|
tcp-self | 6to4-self ) <replaceable>string</replaceable>
|
|
<replaceable>rrtypelist</replaceable>; ...
|
|
};
|
|
update-check-ksk <replaceable>boolean</replaceable>;
|
|
|
|
masterfile-format ( text | raw );
|
|
notify <replaceable>notifytype</replaceable>;
|
|
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
notify-delay <replaceable>seconds</replaceable>;
|
|
notify-to-soa <replaceable>boolean</replaceable>;
|
|
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
|
|
<optional> port <replaceable>integer</replaceable> </optional>; ... };
|
|
allow-notify { <replaceable>address_match_element</replaceable>; ... };
|
|
|
|
forward ( first | only );
|
|
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
|
|
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
|
|
};
|
|
|
|
max-journal-size <replaceable>size_no_default</replaceable>;
|
|
max-transfer-time-in <replaceable>integer</replaceable>;
|
|
max-transfer-time-out <replaceable>integer</replaceable>;
|
|
max-transfer-idle-in <replaceable>integer</replaceable>;
|
|
max-transfer-idle-out <replaceable>integer</replaceable>;
|
|
max-retry-time <replaceable>integer</replaceable>;
|
|
min-retry-time <replaceable>integer</replaceable>;
|
|
max-refresh-time <replaceable>integer</replaceable>;
|
|
min-refresh-time <replaceable>integer</replaceable>;
|
|
multi-master <replaceable>boolean</replaceable>;
|
|
sig-validity-interval <replaceable>integer</replaceable>;
|
|
|
|
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
|
|
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
|
|
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
|
|
use-alt-transfer-source <replaceable>boolean</replaceable>;
|
|
|
|
zone-statistics <replaceable>boolean</replaceable>;
|
|
try-tcp-refresh <replaceable>boolean</replaceable>;
|
|
key-directory <replaceable>quoted_string</replaceable>;
|
|
|
|
nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
|
|
|
|
ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
|
|
ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
|
|
maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
|
|
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
|
|
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
|
|
};
|
|
</literallayout>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>FILES</title>
|
|
<para><filename>/etc/named.conf</filename>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>SEE ALSO</title>
|
|
<para><citerefentry>
|
|
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry><!--
|
|
- Local variables:
|
|
- mode: sgml
|
|
- End:
|
|
-->
|