This is a summary of the named.conf options supported by
this version of BIND 9.
+acl <string> { <address_match_element>; ... };
+
+controls {
+ inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
+ ) ] allow { <address_match_element>; ... } [ keys { <string>;
+ ... } ];
+ unix <quoted_string> perm <integer> owner <integer> group <integer>
+ [ keys { <string>; ... } ];
+};
+
+dlz <string> {
+ database <string>;
+};
+
+key <string> {
+ algorithm <string>;
+ secret <string>;
+};
+
+logging {
+ category <string> { <string>; ... };
+ channel <string> {
+ file <quoted_string> [ versions ( "unlimited" | <integer> )
+ ] [ size <size> ];
+ null;
+ print-category <boolean>;
+ print-severity <boolean>;
+ print-time <boolean>;
+ severity <log_severity>;
+ stderr;
+ syslog <optional_facility>;
+ };
+};
+
+lwres {
+ listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
+ [ port <integer> ]; ... };
+ ndots <integer>;
+ search { <string>; ... };
+ view <string> <optional_class>;
+};
+
+managed-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
+
+masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
+ <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
+
options {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
+ also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
+ ) [ port <integer> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
+ * ) ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
avoid-v4-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
cache-file <quoted_string>;
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
+ check-sibling <boolean>;
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
coresize <size>;
datasize <size>;
+ ddns-autoconf <boolean>;
ddns-keyalg <string>;
ddns-keyfile ( <quoted_string> | none );
ddns-keyname <string>;
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
+ dialup <dialuptype>;
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
fetch-glue <boolean>; // obsolete
files <size>;
flush-zones-on-shutdown <boolean>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
+ [ port <integer> ]; ... };
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
hostname ( <quoted_string> | none );
interface-interval <integer>;
ixfr-from-differences <ixfrdiff>;
+ key-directory <quoted_string>;
lame-ttl <integer>;
listen-on [ port <integer> ] { <address_match_element>; ... };
listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
+ maintain-ixfr-base <boolean>; // obsolete
+ masterfile-format ( text | raw );
match-mapped-addresses <boolean>;
max-acache-size <size_no_default>;
max-cache-size <size_no_default>;
max-cache-ttl <integer>;
max-clients-per-query <integer>;
+ max-ixfr-log-size <size>; // obsolete
+ max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
max-udp-size <integer>;
memstatistics <boolean>;
memstatistics-file <quoted_string>;
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-responses <boolean>;
+ multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
+ notify <notifytype>;
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
reserved-sockets <integer>;
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
- rrset-order { [ class <string> ] [ type <string> ] [
- name <quoted_string> ] <string> <string>; ... };
- serial-queries <integer>; // obsolete
+ rrset-order { [ class <string> ] [ type <string> ] [ name
+ <quoted_string> ] <string> <string>; ... };
+ serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none |;
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
stacksize <size>;
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
+ suppress-initial-notify <boolean>; // not yet implemented
tcp-clients <integer>;
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
+ topology { <address_match_element>; ... }; // not implemented
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
+ try-tcp-refresh <boolean>;
+ update-check-ksk <boolean>;
+ use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
use-ixfr <boolean>;
+ use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
version ( <quoted_string> | none );
+ zero-no-soa-ttl <boolean>;
+ zero-no-soa-ttl-cache <boolean>;
+ zone-statistics <boolean>;
+};
+
+server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns-udp-size <integer>;
+ keys <server_key>;
+ max-udp-size <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ provide-ixfr <boolean>;
+ query-source <querysource4>;
+ query-source-v6 <querysource6>;
+ request-ixfr <boolean>;
+ support-ixfr <boolean>; // obsolete
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ transfers <integer>;
+};
+
+statistics-channels {
+ inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
+ ) ] [ allow { <address_match_element>; ... } ];
+};
+
+trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
+
+view <string> <optional_class> {
+ acache-cleaning-interval <integer>;
+ acache-enable <boolean>;
+ additional-from-auth <boolean>;
+ additional-from-cache <boolean>;
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-cache { <address_match_element>; ... };
+ allow-query-cache-on { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-recursion { <address_match_element>; ... };
+ allow-recursion-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ allow-v6-synthesis { <address_match_element>; ... }; // obsolete
+ also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
+ ) [ port <integer> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
+ * ) ];
+ attach-cache <string>;
+ auth-nxdomain <boolean>; // default changed
+ cache-file <quoted_string>;
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response ) ( fail | warn | ignore );
+ check-sibling <boolean>;
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ cleaning-interval <integer>;
+ clients-per-query <integer>;
+ database <string>;
+ ddns-autoconf <boolean>;
+ deny-answer-addresses { <address_match_element>; ... } [
+ except-from { <quoted_string>; ... } ];
+ deny-answer-aliases { <quoted_string>; ... } [ except-from {
+ <quoted_string>; ... } ];
+ dialup <dialuptype>;
+ disable-algorithms <string> { <string>; ... };
+ disable-empty-zone <string>;
+ dlz <string> {
+ database <string>;
+ };
+ dnssec-accept-expired <boolean>;
+ dnssec-enable <boolean>;
+ dnssec-lookaside <string> trust-anchor <string>;
+ dnssec-must-be-secure <string> <boolean>;
+ dnssec-validation <boolean>;
+ dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
+ <integer> ] | <ipv4_address> [ port <integer> ] |
+ <ipv6_address> [ port <integer> ] ); ... };
+ edns-udp-size <integer>;
+ empty-contact <string>;
+ empty-server <string>;
+ empty-zones-enable <boolean>;
+ fetch-glue <boolean>; // obsolete
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
+ [ port <integer> ]; ... };
+ ixfr-from-differences <ixfrdiff>;
+ key <string> {
+ algorithm <string>;
+ secret <string>;
+ };
+ key-directory <quoted_string>;
+ lame-ttl <integer>;
+ maintain-ixfr-base <boolean>; // obsolete
+ managed-keys { <string> <integer> <integer> <integer>
+ <quoted_string>; ... };
+ masterfile-format ( text | raw );
+ match-clients { <address_match_element>; ... };
+ match-destinations { <address_match_element>; ... };
+ match-recursive-only <boolean>;
+ max-acache-size <size_no_default>;
+ max-cache-size <size_no_default>;
+ max-cache-ttl <integer>;
+ max-clients-per-query <integer>;
+ max-ixfr-log-size <size>; // obsolete
+ max-journal-size <size_no_default>;
+ max-ncache-ttl <integer>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ max-udp-size <integer>;
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ min-roots <integer>; // not implemented
+ minimal-responses <boolean>;
+ multi-master <boolean>;
+ notify <notifytype>;
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ preferred-glue <string>;
+ provide-ixfr <boolean>;
+ query-source <querysource4>;
+ query-source-v6 <querysource6>;
+ queryport-pool-ports <integer>; // obsolete
+ queryport-pool-updateinterval <integer>; // obsolete
+ recursion <boolean>;
+ request-ixfr <boolean>;
+ request-nsid <boolean>;
+ rfc2308-type1 <boolean>; // not yet implemented
+ root-delegation-only [ exclude { <quoted_string>; ... } ];
+ rrset-order { [ class <string> ] [ type <string> ] [ name
+ <quoted_string> ] <string> <string>; ... };
+ server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns-udp-size <integer>;
+ keys <server_key>;
+ max-udp-size <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
+ ) ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
+ | * ) ];
+ provide-ixfr <boolean>;
+ query-source <querysource4>;
+ query-source-v6 <querysource6>;
+ request-ixfr <boolean>;
+ support-ixfr <boolean>; // obsolete
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
+ * ) ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ];
+ transfers <integer>;
+ };
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
+ suppress-initial-notify <boolean>; // not yet implemented
+ topology { <address_match_element>; ... }; // not implemented
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ trusted-keys { <string> <integer> <integer> <integer>
+ <quoted_string>; ... };
+ try-tcp-refresh <boolean>;
+ update-check-ksk <boolean>;
+ use-alt-transfer-source <boolean>;
+ use-queryport-pool <boolean>; // obsolete
+ zero-no-soa-ttl <boolean>;
+ zero-no-soa-ttl-cache <boolean>;
+ zone <string> <optional_class> {
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ also-notify [ port <integer> ] { ( <ipv4_address> |
+ <ipv6_address> ) [ port <integer> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port (
+ <integer> | * ) ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ];
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <boolean>;
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ database <string>;
+ ddns-autoconf <boolean>;
+ delegation-only <boolean>;
+ dialup <dialuptype>;
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> |
+ <ipv6_address> ) [ port <integer> ]; ... };
+ ixfr-base <quoted_string>; // obsolete
+ ixfr-from-differences <boolean>;
+ ixfr-tmp-file <quoted_string>; // obsolete
+ journal <quoted_string>;
+ key-directory <quoted_string>;
+ maintain-ixfr-base <boolean>; // obsolete
+ masterfile-format ( text | raw );
+ masters [ port <integer> ] { ( <masters> | <ipv4_address> [
+ port <integer> ] | <ipv6_address> [ port <integer> ] )
+ [ key <string> ]; ... };
+ max-ixfr-log-size <size>; // obsolete
+ max-journal-size <size_no_default>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ multi-master <boolean>;
+ notify <notifytype>;
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
+ ) ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
+ | * ) ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ pubkey <integer> <integer> <integer>
+ <quoted_string>; // obsolete
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
+ * ) ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ];
+ try-tcp-refresh <boolean>;
+ type ( master | slave | stub | hint | forward |
+ delegation-only );
+ update-check-ksk <boolean>;
+ update-policy { ( grant | deny ) <string> ( name |
+ subdomain | wildcard | self | selfsub | selfwild |
+ krb5-self | ms-self | krb5-subdomain | ms-subdomain |
+ tcp-self | 6to4-self | zonesub ) [ <string> ]
+ <rrtypelist>; ... };
+ use-alt-transfer-source <boolean>;
+ zero-no-soa-ttl <boolean>;
+ zone-statistics <boolean>;
+ };
+ zone-statistics <boolean>;
+};
+
+zone <string> <optional_class> {
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
+ ) [ port <integer> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
+ * ) ];
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <boolean>;
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ database <string>;
+ ddns-autoconf <boolean>;
+ delegation-only <boolean>;
+ dialup <dialuptype>;
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
+ [ port <integer> ]; ... };
+ ixfr-base <quoted_string>; // obsolete
+ ixfr-from-differences <boolean>;
+ ixfr-tmp-file <quoted_string>; // obsolete
+ journal <quoted_string>;
+ key-directory <quoted_string>;
+ maintain-ixfr-base <boolean>; // obsolete
+ masterfile-format ( text | raw );
+ masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
+ <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
+ <string> ]; ... };
+ max-ixfr-log-size <size>; // obsolete
+ max-journal-size <size_no_default>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ multi-master <boolean>;
+ notify <notifytype>;
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
+ try-tcp-refresh <boolean>;
+ type ( master | slave | stub | hint | forward | delegation-only );
+ update-check-ksk <boolean>;
+ update-policy { ( grant | deny ) <string> ( name | subdomain |
+ wildcard | self | selfsub | selfwild | krb5-self | ms-self |
+ krb5-subdomain | ms-subdomain | tcp-self | 6to4-self | zonesub
+ ) [ <string> ] <rrtypelist>; ... };
+ use-alt-transfer-source <boolean>;
+ zero-no-soa-ttl <boolean>;
+ zone-statistics <boolean>;
+};
projects / thirdparty / bind9.git / commitdiff
