From: Mark Andrews Date: Fri, 20 Aug 2004 21:33:14 +0000 (+0000) Subject: 1701. [doc] A minimal named.conf man page. X-Git-Tag: v9.2.4rc8~31^2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=689023771c563d8660e45d439a207e06e96de28f;p=thirdparty%2Fbind9.git 1701. [doc] A minimal named.conf man page. --- diff --git a/CHANGES b/CHANGES index 8bc632c62ca..712fe47ab58 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +1701. [doc] A minimal named.conf man page. + 1700. [func] nslookup is no longer to be treated as deprecated. Remove "deprecated" warning message. Add man page. diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 new file mode 100644 index 00000000000..a8460fa33fd --- /dev/null +++ b/bin/named/named.conf.5 @@ -0,0 +1,474 @@ +.\" +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" "" +.SH NAME +named.conf \- configuration file for named +.SH SYNOPSIS +.sp +\fBnamed.conf\fR +.SH "DESCRIPTION" +.PP +\fInamed.conf\fR is the configuration file for +\fBnamed\fR. Statements are enclosed +in braces and terminated with a semi-colon. Clauses in +the statements are also semi-colon terminated. The usual +comment styles are supported: +.PP +C style: /* */ +.PP +C++ style: // to end of line +.PP +Unix style: # to end of line +.SH "ACL" +.sp +.nf +acl \fIstring\fR { \fIaddress_match_element\fR; ... }; +.sp +.fi +.SH "KEY" +.sp +.nf +key \fIdomain_name\fR { + algorithm \fIstring\fR; + secret \fIstring\fR; +}; +.sp +.fi +.SH "MASTERS" +.sp +.nf +masters \fIstring\fR [ port \fIinteger\fR ] { + ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | + \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ... +}; +.sp +.fi +.SH "SERVER" +.sp +.nf +server ( \fIipv4_address\fR | \fIipv6_address\fR ) { + bogus \fIboolean\fR; + edns \fIboolean\fR; + provide-ixfr \fIboolean\fR; + request-ixfr \fIboolean\fR; + keys \fIserver_key\fR; + transfers \fIinteger\fR; + transfer-format ( many-answers | one-answer ); + transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + + support-ixfr \fIboolean\fR; // obsolete +}; +.sp +.fi +.SH "TRUSTED-KEYS" +.sp +.nf +trusted-keys { + \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... +}; +.sp +.fi +.SH "CONTROLS" +.sp +.nf +controls { + inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ] + allow { \fIaddress_match_element\fR; ... } + [ keys { \fIstring\fR; ... } ]; + unix \fIunsupported\fR; // not implemented +}; +.sp +.fi +.SH "LOGGING" +.sp +.nf +logging { + channel \fIstring\fR { + file \fIlog_file\fR; + syslog \fIoptional_facility\fR; + null; + stderr; + severity \fIlog_severity\fR; + print-time \fIboolean\fR; + print-severity \fIboolean\fR; + print-category \fIboolean\fR; + }; + category \fIstring\fR { \fIstring\fR; ... }; +}; +.sp +.fi +.SH "LWRES" +.sp +.nf +lwres { + listen-on [ port \fIinteger\fR ] { + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + }; + view \fIstring\fR \fIoptional_class\fR; + search { \fIstring\fR; ... }; + ndots \fIinteger\fR; +}; +.sp +.fi +.SH "OPTIONS" +.sp +.nf +options { + avoid-v4-udp-ports { \fIport\fR; ... }; + avoid-v6-udp-ports { \fIport\fR; ... }; + blackhole { \fIaddress_match_element\fR; ... }; + coresize \fIsize\fR; + datasize \fIsize\fR; + directory \fIquoted_string\fR; + dump-file \fIquoted_string\fR; + files \fIsize\fR; + heartbeat-interval \fIinteger\fR; + host-statistics \fIboolean\fR; // not implemented + hostname ( \fIquoted_string\fR | none ); + interface-interval \fIinteger\fR; + listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... }; + listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... }; + match-mapped-addresses \fIboolean\fR; + memstatistics-file \fIquoted_string\fR; + pid-file ( \fIquoted_string\fR | none ); + port \fIinteger\fR; + querylog \fIboolean\fR; + recursing-file \fIquoted_string\fR; + random-device \fIquoted_string\fR; + recursive-clients \fIinteger\fR; + serial-query-rate \fIinteger\fR; + server-id ( \fIquoted_string\fR | none |; + stacksize \fIsize\fR; + statistics-file \fIquoted_string\fR; + statistics-interval \fIinteger\fR; // not yet implemented + tcp-clients \fIinteger\fR; + tcp-listen-queue \fIinteger\fR; + tkey-dhkey \fIquoted_string\fR \fIinteger\fR; + tkey-gssapi-credential \fIquoted_string\fR; + tkey-domain \fIquoted_string\fR; + transfers-per-ns \fIinteger\fR; + transfers-in \fIinteger\fR; + transfers-out \fIinteger\fR; + use-ixfr \fIboolean\fR; + version ( \fIquoted_string\fR | none ); + allow-recursion { \fIaddress_match_element\fR; ... }; + sortlist { \fIaddress_match_element\fR; ... }; + topology { \fIaddress_match_element\fR; ... }; // not implemented + auth-nxdomain \fIboolean\fR; // default changed + minimal-responses \fIboolean\fR; + recursion \fIboolean\fR; + rrset-order { + [ class \fIstring\fR ] [ type \fIstring\fR ] + [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ... + }; + provide-ixfr \fIboolean\fR; + request-ixfr \fIboolean\fR; + rfc2308-type1 \fIboolean\fR; // not yet implemented + additional-from-auth \fIboolean\fR; + additional-from-cache \fIboolean\fR; + query-source \fIquerysource4\fR; + query-source-v6 \fIquerysource6\fR; + cleaning-interval \fIinteger\fR; + min-roots \fIinteger\fR; // not implemented + lame-ttl \fIinteger\fR; + max-ncache-ttl \fIinteger\fR; + max-cache-ttl \fIinteger\fR; + transfer-format ( many-answers | one-answer ); + max-cache-size \fIsize_no_default\fR; + check-names ( master | slave | response ) + ( fail | warn | ignore ); + cache-file \fIquoted_string\fR; + suppress-initial-notify \fIboolean\fR; // not yet implemented + preferred-glue \fIstring\fR; + dual-stack-servers [ port \fIinteger\fR ] { + ( \fIquoted_string\fR [port \fIinteger\fR] | + \fIipv4_address\fR [port \fIinteger\fR] | + \fIipv6_address\fR [port \fIinteger\fR] ); ... + } + edns-udp-size \fIinteger\fR; + root-delegation-only [ exclude { \fIquoted_string\fR; ... } ]; + disable-algorithms \fIstring\fR { \fIstring\fR; ... }; + dnssec-enable \fIboolean\fR; + dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR; + dnssec-must-be-secure \fIstring\fR \fIboolean\fR; + + dialup \fIdialuptype\fR; + ixfr-from-differences \fIixfrdiff\fR; + + allow-query { \fIaddress_match_element\fR; ... }; + allow-transfer { \fIaddress_match_element\fR; ... }; + allow-update-forwarding { \fIaddress_match_element\fR; ... }; + + notify \fInotifytype\fR; + notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) + [ port \fIinteger\fR ]; ... }; + allow-notify { \fIaddress_match_element\fR; ... }; + + forward ( first | only ); + forwarders [ port \fIinteger\fR ] { + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + }; + + max-journal-size \fIsize_no_default\fR; + max-transfer-time-in \fIinteger\fR; + max-transfer-time-out \fIinteger\fR; + max-transfer-idle-in \fIinteger\fR; + max-transfer-idle-out \fIinteger\fR; + max-retry-time \fIinteger\fR; + min-retry-time \fIinteger\fR; + max-refresh-time \fIinteger\fR; + min-refresh-time \fIinteger\fR; + multi-master \fIboolean\fR; + sig-validity-interval \fIinteger\fR; + + transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + + alt-transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + alt-transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + use-alt-transfer-source \fIboolean\fR; + + zone-statistics \fIboolean\fR; + key-directory \fIquoted_string\fR; + + allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete + deallocate-on-exit \fIboolean\fR; // obsolete + fake-iquery \fIboolean\fR; // obsolete + fetch-glue \fIboolean\fR; // obsolete + has-old-clients \fIboolean\fR; // obsolete + maintain-ixfr-base \fIboolean\fR; // obsolete + max-ixfr-log-size \fIsize\fR; // obsolete + multiple-cnames \fIboolean\fR; // obsolete + named-xfer \fIquoted_string\fR; // obsolete + serial-queries \fIinteger\fR; // obsolete + treat-cr-as-space \fIboolean\fR; // obsolete + use-id-pool \fIboolean\fR; // obsolete +}; +.sp +.fi +.SH "VIEW" +.sp +.nf +view \fIstring\fR \fIoptional_class\fR { + match-clients { \fIaddress_match_element\fR; ... }; + match-destinations { \fIaddress_match_element\fR; ... }; + match-recursive-only \fIboolean\fR; + + key \fIstring\fR { + algorithm \fIstring\fR; + secret \fIstring\fR; + }; + + zone \fIstring\fR \fIoptional_class\fR { + ... + }; + + server ( \fIipv4_address\fR | \fIipv6_address\fR ) { + ... + }; + + trusted-keys { + \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ... + }; + + allow-recursion { \fIaddress_match_element\fR; ... }; + sortlist { \fIaddress_match_element\fR; ... }; + topology { \fIaddress_match_element\fR; ... }; // not implemented + auth-nxdomain \fIboolean\fR; // default changed + minimal-responses \fIboolean\fR; + recursion \fIboolean\fR; + rrset-order { + [ class \fIstring\fR ] [ type \fIstring\fR ] + [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ... + }; + provide-ixfr \fIboolean\fR; + request-ixfr \fIboolean\fR; + rfc2308-type1 \fIboolean\fR; // not yet implemented + additional-from-auth \fIboolean\fR; + additional-from-cache \fIboolean\fR; + query-source \fIquerysource4\fR; + query-source-v6 \fIquerysource6\fR; + cleaning-interval \fIinteger\fR; + min-roots \fIinteger\fR; // not implemented + lame-ttl \fIinteger\fR; + max-ncache-ttl \fIinteger\fR; + max-cache-ttl \fIinteger\fR; + transfer-format ( many-answers | one-answer ); + max-cache-size \fIsize_no_default\fR; + check-names ( master | slave | response ) + ( fail | warn | ignore ); + cache-file \fIquoted_string\fR; + suppress-initial-notify \fIboolean\fR; // not yet implemented + preferred-glue \fIstring\fR; + dual-stack-servers [ port \fIinteger\fR ] { + ( \fIquoted_string\fR [port \fIinteger\fR] | + \fIipv4_address\fR [port \fIinteger\fR] | + \fIipv6_address\fR [port \fIinteger\fR] ); ... + }; + edns-udp-size \fIinteger\fR; + root-delegation-only [ exclude { \fIquoted_string\fR; ... } ]; + disable-algorithms \fIstring\fR { \fIstring\fR; ... }; + dnssec-enable \fIboolean\fR; + dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR; + + dnssec-must-be-secure \fIstring\fR \fIboolean\fR; + dialup \fIdialuptype\fR; + ixfr-from-differences \fIixfrdiff\fR; + + allow-query { \fIaddress_match_element\fR; ... }; + allow-transfer { \fIaddress_match_element\fR; ... }; + allow-update-forwarding { \fIaddress_match_element\fR; ... }; + + notify \fInotifytype\fR; + notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) + [ port \fIinteger\fR ]; ... }; + allow-notify { \fIaddress_match_element\fR; ... }; + + forward ( first | only ); + forwarders [ port \fIinteger\fR ] { + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + }; + + max-journal-size \fIsize_no_default\fR; + max-transfer-time-in \fIinteger\fR; + max-transfer-time-out \fIinteger\fR; + max-transfer-idle-in \fIinteger\fR; + max-transfer-idle-out \fIinteger\fR; + max-retry-time \fIinteger\fR; + min-retry-time \fIinteger\fR; + max-refresh-time \fIinteger\fR; + min-refresh-time \fIinteger\fR; + multi-master \fIboolean\fR; + sig-validity-interval \fIinteger\fR; + + transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + + alt-transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + alt-transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + use-alt-transfer-source \fIboolean\fR; + + zone-statistics \fIboolean\fR; + key-directory \fIquoted_string\fR; + + allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete + fetch-glue \fIboolean\fR; // obsolete + maintain-ixfr-base \fIboolean\fR; // obsolete + max-ixfr-log-size \fIsize\fR; // obsolete +}; +.sp +.fi +.SH "ZONE" +.sp +.nf +zone \fIstring\fR \fIoptional_class\fR { + type ( master | slave | stub | hint | + forward | delegation-only ); + file \fIquoted_string\fR; + + masters [ port \fIinteger\fR ] { + ( \fImasters\fR | + \fIipv4_address\fR [port \fIinteger\fR] | + \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ... + }; + + database \fIstring\fR; + delegation-only \fIboolean\fR; + check-names ( fail | warn | ignore ); + dialup \fIdialuptype\fR; + ixfr-from-differences \fIboolean\fR; + + allow-query { \fIaddress_match_element\fR; ... }; + allow-transfer { \fIaddress_match_element\fR; ... }; + allow-update { \fIaddress_match_element\fR; ... }; + allow-update-forwarding { \fIaddress_match_element\fR; ... }; + update-policy { + ( grant | deny ) \fIstring\fR + ( name | subdomain | wildcard | self ) \fIstring\fR + \fIrrtypelist\fR; ... + }; + + notify \fInotifytype\fR; + notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) + [ port \fIinteger\fR ]; ... }; + allow-notify { \fIaddress_match_element\fR; ... }; + + forward ( first | only ); + forwarders [ port \fIinteger\fR ] { + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + }; + + max-journal-size \fIsize_no_default\fR; + max-transfer-time-in \fIinteger\fR; + max-transfer-time-out \fIinteger\fR; + max-transfer-idle-in \fIinteger\fR; + max-transfer-idle-out \fIinteger\fR; + max-retry-time \fIinteger\fR; + min-retry-time \fIinteger\fR; + max-refresh-time \fIinteger\fR; + min-refresh-time \fIinteger\fR; + multi-master \fIboolean\fR; + sig-validity-interval \fIinteger\fR; + + transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + + alt-transfer-source ( \fIipv4_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + alt-transfer-source-v6 ( \fIipv6_address\fR | * ) + [ port ( \fIinteger\fR | * ) ]; + use-alt-transfer-source \fIboolean\fR; + + zone-statistics \fIboolean\fR; + key-directory \fIquoted_string\fR; + + ixfr-base \fIquoted_string\fR; // obsolete + ixfr-tmp-file \fIquoted_string\fR; // obsolete + maintain-ixfr-base \fIboolean\fR; // obsolete + max-ixfr-log-size \fIsize\fR; // obsolete + pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete +}; +.sp +.fi +.SH "FILES" +.PP +\fI/etc/named.conf\fR +.SH "SEE ALSO" +.PP +\fBnamed\fR(8), +\fBrndc\fR(8), +\fBBIND 9 Adminstrators Reference Manual\fR. diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook new file mode 100644 index 00000000000..07d78507ecb --- /dev/null +++ b/bin/named/named.conf.docbook @@ -0,0 +1,532 @@ + + + + + + + + Aug 13, 2004 + + + + named.conf + 5 + BIND9 + + + + named.conf + configuration file for named + + + + + named.conf + + + + + DESCRIPTION + + named.conf is the configuration file for + named. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + + + C style: /* */ + + + C++ style: // to end of line + + + Unix style: # to end of line + + + + +ACL + +acl string { address_match_element; ... }; + + + + + +KEY + +key domain_name { + algorithm string; + secret string; +}; + + + + +MASTERS + +masters string port integer { + ( masters | ipv4_address port integer | + ipv6_address port integer ) key string ; ... +}; + + + + +SERVER + +server ( ipv4_address | ipv6_address ) { + bogus boolean; + edns boolean; + provide-ixfr boolean; + request-ixfr boolean; + keys server_key; + transfers integer; + transfer-format ( many-answers | one-answer ); + transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + + support-ixfr boolean; // obsolete +}; + + + + +TRUSTED-KEYS + +trusted-keys { + domain_name flags protocol algorithm key; ... +}; + + + + +CONTROLS + +controls { + inet ( ipv4_address | ipv6_address | * ) + port ( integer | * ) + allow { address_match_element; ... } + keys { string; ... } ; + unix unsupported; // not implemented +}; + + + + +LOGGING + +logging { + channel string { + file log_file; + syslog optional_facility; + null; + stderr; + severity log_severity; + print-time boolean; + print-severity boolean; + print-category boolean; + }; + category string { string; ... }; +}; + + + + +LWRES + +lwres { + listen-on port integer { + ( ipv4_address | ipv6_address ) port integer ; ... + }; + view string optional_class; + search { string; ... }; + ndots integer; +}; + + + + +OPTIONS + +options { + avoid-v4-udp-ports { port; ... }; + avoid-v6-udp-ports { port; ... }; + blackhole { address_match_element; ... }; + coresize size; + datasize size; + directory quoted_string; + dump-file quoted_string; + files size; + heartbeat-interval integer; + host-statistics boolean; // not implemented + hostname ( quoted_string | none ); + interface-interval integer; + listen-on port integer { address_match_element; ... }; + listen-on-v6 port integer { address_match_element; ... }; + match-mapped-addresses boolean; + memstatistics-file quoted_string; + pid-file ( quoted_string | none ); + port integer; + querylog boolean; + recursing-file quoted_string; + random-device quoted_string; + recursive-clients integer; + serial-query-rate integer; + server-id ( quoted_string | none |; + stacksize size; + statistics-file quoted_string; + statistics-interval integer; // not yet implemented + tcp-clients integer; + tcp-listen-queue integer; + tkey-dhkey quoted_string integer; + tkey-gssapi-credential quoted_string; + tkey-domain quoted_string; + transfers-per-ns integer; + transfers-in integer; + transfers-out integer; + use-ixfr boolean; + version ( quoted_string | none ); + allow-recursion { address_match_element; ... }; + sortlist { address_match_element; ... }; + topology { address_match_element; ... }; // not implemented + auth-nxdomain boolean; // default changed + minimal-responses boolean; + recursion boolean; + rrset-order { + class string type string + name quoted_string string string; ... + }; + provide-ixfr boolean; + request-ixfr boolean; + rfc2308-type1 boolean; // not yet implemented + additional-from-auth boolean; + additional-from-cache boolean; + query-source querysource4; + query-source-v6 querysource6; + cleaning-interval integer; + min-roots integer; // not implemented + lame-ttl integer; + max-ncache-ttl integer; + max-cache-ttl integer; + transfer-format ( many-answers | one-answer ); + max-cache-size size_no_default; + check-names ( master | slave | response ) + ( fail | warn | ignore ); + cache-file quoted_string; + suppress-initial-notify boolean; // not yet implemented + preferred-glue string; + dual-stack-servers port integer { + ( quoted_string port integer | + ipv4_address port integer | + ipv6_address port integer ); ... + } + edns-udp-size integer; + root-delegation-only exclude { quoted_string; ... } ; + disable-algorithms string { string; ... }; + dnssec-enable boolean; + dnssec-lookaside string trust-anchor string; + dnssec-must-be-secure string boolean; + + dialup dialuptype; + ixfr-from-differences ixfrdiff; + + allow-query { address_match_element; ... }; + allow-transfer { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + + notify notifytype; + notify-source ( ipv4_address | * ) port ( integer | * ) ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) ; + also-notify port integer { ( ipv4_address | ipv6_address ) + port integer ; ... }; + allow-notify { address_match_element; ... }; + + forward ( first | only ); + forwarders port integer { + ( ipv4_address | ipv6_address ) port integer ; ... + }; + + max-journal-size size_no_default; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-transfer-idle-in integer; + max-transfer-idle-out integer; + max-retry-time integer; + min-retry-time integer; + max-refresh-time integer; + min-refresh-time integer; + multi-master boolean; + sig-validity-interval integer; + + transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + + alt-transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + alt-transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + use-alt-transfer-source boolean; + + zone-statistics boolean; + key-directory quoted_string; + + allow-v6-synthesis { address_match_element; ... }; // obsolete + deallocate-on-exit boolean; // obsolete + fake-iquery boolean; // obsolete + fetch-glue boolean; // obsolete + has-old-clients boolean; // obsolete + maintain-ixfr-base boolean; // obsolete + max-ixfr-log-size size; // obsolete + multiple-cnames boolean; // obsolete + named-xfer quoted_string; // obsolete + serial-queries integer; // obsolete + treat-cr-as-space boolean; // obsolete + use-id-pool boolean; // obsolete +}; + + + + +VIEW + +view string optional_class { + match-clients { address_match_element; ... }; + match-destinations { address_match_element; ... }; + match-recursive-only boolean; + + key string { + algorithm string; + secret string; + }; + + zone string optional_class { + ... + }; + + server ( ipv4_address | ipv6_address ) { + ... + }; + + trusted-keys { + string integer integer integer quoted_string; ... + }; + + allow-recursion { address_match_element; ... }; + sortlist { address_match_element; ... }; + topology { address_match_element; ... }; // not implemented + auth-nxdomain boolean; // default changed + minimal-responses boolean; + recursion boolean; + rrset-order { + class string type string + name quoted_string string string; ... + }; + provide-ixfr boolean; + request-ixfr boolean; + rfc2308-type1 boolean; // not yet implemented + additional-from-auth boolean; + additional-from-cache boolean; + query-source querysource4; + query-source-v6 querysource6; + cleaning-interval integer; + min-roots integer; // not implemented + lame-ttl integer; + max-ncache-ttl integer; + max-cache-ttl integer; + transfer-format ( many-answers | one-answer ); + max-cache-size size_no_default; + check-names ( master | slave | response ) + ( fail | warn | ignore ); + cache-file quoted_string; + suppress-initial-notify boolean; // not yet implemented + preferred-glue string; + dual-stack-servers port integer { + ( quoted_string port integer | + ipv4_address port integer | + ipv6_address port integer ); ... + }; + edns-udp-size integer; + root-delegation-only exclude { quoted_string; ... } ; + disable-algorithms string { string; ... }; + dnssec-enable boolean; + dnssec-lookaside string trust-anchor string; + + dnssec-must-be-secure string boolean; + dialup dialuptype; + ixfr-from-differences ixfrdiff; + + allow-query { address_match_element; ... }; + allow-transfer { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + + notify notifytype; + notify-source ( ipv4_address | * ) port ( integer | * ) ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) ; + also-notify port integer { ( ipv4_address | ipv6_address ) + port integer ; ... }; + allow-notify { address_match_element; ... }; + + forward ( first | only ); + forwarders port integer { + ( ipv4_address | ipv6_address ) port integer ; ... + }; + + max-journal-size size_no_default; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-transfer-idle-in integer; + max-transfer-idle-out integer; + max-retry-time integer; + min-retry-time integer; + max-refresh-time integer; + min-refresh-time integer; + multi-master boolean; + sig-validity-interval integer; + + transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + + alt-transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + alt-transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + use-alt-transfer-source boolean; + + zone-statistics boolean; + key-directory quoted_string; + + allow-v6-synthesis { address_match_element; ... }; // obsolete + fetch-glue boolean; // obsolete + maintain-ixfr-base boolean; // obsolete + max-ixfr-log-size size; // obsolete +}; + + + + +ZONE + +zone string optional_class { + type ( master | slave | stub | hint | + forward | delegation-only ); + file quoted_string; + + masters port integer { + ( masters | + ipv4_address port integer | + ipv6_address port integer ) key string ; ... + }; + + database string; + delegation-only boolean; + check-names ( fail | warn | ignore ); + dialup dialuptype; + ixfr-from-differences boolean; + + allow-query { address_match_element; ... }; + allow-transfer { address_match_element; ... }; + allow-update { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + update-policy { + ( grant | deny ) string + ( name | subdomain | wildcard | self ) string + rrtypelist; ... + }; + + notify notifytype; + notify-source ( ipv4_address | * ) port ( integer | * ) ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) ; + also-notify port integer { ( ipv4_address | ipv6_address ) + port integer ; ... }; + allow-notify { address_match_element; ... }; + + forward ( first | only ); + forwarders port integer { + ( ipv4_address | ipv6_address ) port integer ; ... + }; + + max-journal-size size_no_default; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-transfer-idle-in integer; + max-transfer-idle-out integer; + max-retry-time integer; + min-retry-time integer; + max-refresh-time integer; + min-refresh-time integer; + multi-master boolean; + sig-validity-interval integer; + + transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + + alt-transfer-source ( ipv4_address | * ) + port ( integer | * ) ; + alt-transfer-source-v6 ( ipv6_address | * ) + port ( integer | * ) ; + use-alt-transfer-source boolean; + + zone-statistics boolean; + key-directory quoted_string; + + ixfr-base quoted_string; // obsolete + ixfr-tmp-file quoted_string; // obsolete + maintain-ixfr-base boolean; // obsolete + max-ixfr-log-size size; // obsolete + pubkey integer integer integer quoted_string; // obsolete +}; + + + + +FILES + +/etc/named.conf + + + + +SEE ALSO + + +named8 +, + +rndc8 +, + +BIND 9 Adminstrators Reference Manual +. + + + + + diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html new file mode 100644 index 00000000000..572bec655bf --- /dev/null +++ b/bin/named/named.conf.html @@ -0,0 +1,2587 @@ + +named.conf

named.conf

Name

named.conf -- configuration file for named

Synopsis

named.conf

DESCRIPTION

named.conf is the configuration file for + named. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: +

C style: /* */ +

C++ style: // to end of line +

Unix style: # to end of line +

OPTIONS

options {
+ avoid-v4-udp-ports { port; ... };
+ avoid-v6-udp-ports { port; ... };
+ blackhole { address_match_element; ... };
+ coresize size;
+ datasize size;
+ deallocate-on-exit boolean; // obsolete
+ directory quoted_string;
+ dump-file quoted_string;
+ fake-iquery boolean; // obsolete
+ files size;
+ has-old-clients boolean; // obsolete
+ heartbeat-interval integer;
+ host-statistics boolean; // not implemented
+ hostname ( quoted_string | none );
+ interface-interval integer;
+ listen-on [ port integer ] { address_match_element; ... };
+ listen-on-v6 [ port integer ] { address_match_element; ... };
+ match-mapped-addresses boolean;
+ memstatistics-file quoted_string;
+ multiple-cnames boolean; // obsolete
+ named-xfer quoted_string; // obsolete
+ pid-file ( quoted_string | none );
+ port integer;
+ querylog boolean;
+ recursing-file quoted_string;
+ random-device quoted_string;
+ recursive-clients integer;
+ serial-queries integer; // obsolete
+ serial-query-rate integer;
+ server-id ( quoted_string | none |;
+ stacksize size;
+ statistics-file quoted_string;
+ statistics-interval integer; // not yet implemented
+ tcp-clients integer;
+ tcp-listen-queue integer;
+ tkey-dhkey quoted_string integer;
+ tkey-gssapi-credential quoted_string;
+ tkey-domain quoted_string;
+ transfers-per-ns integer;
+ transfers-in integer;
+ transfers-out integer;
+ treat-cr-as-space boolean; // obsolete
+ use-id-pool boolean; // obsolete
+ use-ixfr boolean;
+ version ( quoted_string | none );
+ allow-recursion { address_match_element; ... };
+ allow-v6-synthesis { address_match_element; ... }; // obsolete
+ sortlist { address_match_element; ... };
+ topology { address_match_element; ... }; // not implemented
+ auth-nxdomain boolean; // default changed
+ minimal-responses boolean;
+ recursion boolean;
+ rrset-order {
+ [ class string ] [ type string ]
+ [ name quoted_string string string; ...
+ };
+ provide-ixfr boolean;
+ request-ixfr boolean;
+ fetch-glue boolean; // obsolete
+ rfc2308-type1 boolean; // not yet implemented
+ additional-from-auth boolean;
+ additional-from-cache boolean;
+ query-source querysource4;
+ query-source-v6 querysource6;
+ cleaning-interval integer;
+ min-roots integer; // not implemented
+ lame-ttl integer;
+ max-ncache-ttl integer;
+ max-cache-ttl integer;
+ transfer-format ( many-answers | one-answer );
+ max-cache-size size_no_default;
+ check-names ( master | slave | response )
+ ( fail | warn | ignore );
+ cache-file quoted_string;
+ suppress-initial-notify boolean; // not yet implemented
+ preferred-glue string;
+ dual-stack-servers [ port integer ] {
+ ( quoted_string [port integer] |
+ ipv4_address [port integer] |
+ ipv6_address [port integer] ); ...
+ }
+ edns-udp-size integer;
+ root-delegation-only [ exclude { quoted_string; ... } ];
+ disable-algorithms string { string; ... };
+ dnssec-enable boolean;
+ dnssec-lookaside string trust-anchor string;
+ dnssec-must-be-secure string boolean;
+ ixfr-from-differences ixfrdiff;
+ allow-query { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ allow-notify { address_match_element; ... };
+ notify notifytype;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+ also-notify [ port integer ] { ( ipv4_address | ipv6_address )
+ [ port integer ]; ... };
+ dialup dialuptype;
+ forward ( first | only );
+ forwarders [ port integer ] {
+ ( ipv4_address | ipv6_address ) [ port integer ]; ...
+ };
+ maintain-ixfr-base boolean; // obsolete
+ max-ixfr-log-size size; // obsolete
+ max-journal-size size_no_default;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-retry-time integer;
+ min-retry-time integer;
+ max-refresh-time integer;
+ min-refresh-time integer;
+ multi-master boolean;
+ sig-validity-interval integer;
+ transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+ alt-transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ alt-transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+ use-alt-transfer-source boolean;
+ zone-statistics boolean;
+ key-directory quoted_string;
+};

CONTROLS

controls {
+ inet ( ipv4_address | ipv6_address | * )
+ [ port ( integer | * ) ]
+ allow { address_match_element; ... }
+ [ keys { string; ... } ];
+ unix unsupported; // not implemented
+};

ACL

acl string { address_match_element; ... };

MASTERS

masters string [ port integer ] {
+ ( masters | ipv4_address [port integer] |
+ ipv6_address [port integer] ) [ key string ]; ...
+};

LOGGING

logging {
+ channel string {
+ file log_file;
+ syslog optional_facility;
+ null;
+ stderr;
+ severity log_severity;
+ print-time boolean;
+ print-severity boolean;
+ print-category boolean;
+ };
+ category string { string; ... };
+};

VIEW


+view string optional_class {
+ match-clients { address_match_element; ... };
+ match-destinations { address_match_element; ... };
+ match-recursive-only boolean;
+ key string {
+ algorithm string;
+ secret string;
+ };
+ zone string optional_class {
+ ...
+ };
+ server ( ipv4_address | ipv6_address ) {
+ ...
+ };
+ trusted-keys {
+ string integer integer integer quoted_string; ...
+ };
+ allow-recursion { address_match_element; ... };
+ allow-v6-synthesis { address_match_element; ... }; // obsolete
+ sortlist { address_match_element; ... };
+ topology { address_match_element; ... }; // not implemented
+ auth-nxdomain boolean; // default changed
+ minimal-responses boolean;
+ recursion boolean;
+ rrset-order {
+ [ class string ] [ type string ]
+ [ name quoted_string string string; ...
+ };
+ provide-ixfr boolean;
+ request-ixfr boolean;
+ fetch-glue boolean; // obsolete
+ rfc2308-type1 boolean; // not yet implemented
+ additional-from-auth boolean;
+ additional-from-cache boolean;
+ query-source querysource4;
+ query-source-v6 querysource6;
+ cleaning-interval integer;
+ min-roots integer; // not implemented
+ lame-ttl integer;
+ max-ncache-ttl integer;
+ max-cache-ttl integer;
+ transfer-format ( many-answers | one-answer );
+ max-cache-size size_no_default;
+ check-names ( master | slave | response )
+ ( fail | warn | ignore );
+ cache-file quoted_string;
+ suppress-initial-notify boolean; // not yet implemented
+ preferred-glue string;
+ dual-stack-servers [ port integer ] {
+ ( quoted_string [port integer] |
+ ipv4_address [port integer] |
+ ipv6_address [port integer] ); ...
+ };
+ edns-udp-size integer;
+ root-delegation-only [ exclude { quoted_string; ... } ];
+ disable-algorithms string { string; ... };
+ dnssec-enable boolean;
+ dnssec-lookaside string trust-anchor string;
+ dnssec-must-be-secure string boolean;
+ ixfr-from-differences ixfrdiff;
+ allow-query { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ allow-notify { address_match_element; ... };
+ notify notifytype;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+ also-notify [ port integer ] { ( ipv4_address | ipv6_address )
+ [ port integer ]; ... };
+ dialup dialuptype;
+ forward ( first | only );
+ forwarders [ port integer ] {
+ ( ipv4_address | ipv6_address ) [ port integer ]; ...
+ };
+ maintain-ixfr-base boolean; // obsolete
+ max-ixfr-log-size size; // obsolete
+ max-journal-size size_no_default;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-retry-time integer;
+ min-retry-time integer;
+ max-refresh-time integer;
+ min-refresh-time integer;
+ multi-master boolean;
+ sig-validity-interval integer;
+ transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+ alt-transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ alt-transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+ use-alt-transfer-source boolean;
+ zone-statistics boolean;
+ key-directory quoted_string;
+};

LWRES

lwres {
+ listen-on [ port integer ] {
+ ( ipv4_address | ipv6_address ) [ port integer ]; ...
+ };
+ view string optional_class;
+ search { string; ... };
+ ndots integer;
+};

KEY

key domain_name {
+ algorithm string;
+ secret string;
+};

ZONE

zone string optional_class {
+ type ( master | slave | stub | hint |
+ forward | delegation-only );
+ file quoted_string;
+
+ masters [ port integer ] {
+ ( masters |
+ ipv4_address [port integer] |
+ ipv6_address [ port integer ] ) [ key string ]; ...
+ };
+
+ database string;
+ delegation-only boolean;
+ check-names ( fail | warn | ignore );
+ dialup dialuptype;
+ ixfr-from-differences boolean;
+
+ allow-query { address_match_element; ... };
+ allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
+ allow-update-forwarding { address_match_element; ... };
+ update-policy {
+ ( grant | deny ) string
+ ( name | subdomain | wildcard | self ) string
+ rrtypelist; ...
+ };
+ notify notifytype;
+ notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
+ notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+ also-notify [ port integer ] { ( ipv4_address | ipv6_address )
+ [ port integer ]; ... };
+ allow-notify { address_match_element; ... };
+
+ forward ( first | only );
+ forwarders [ port integer ] {
+ ( ipv4_address | ipv6_address ) [ port integer ]; ...
+ };
+
+ max-journal-size size_no_default;
+ max-transfer-time-in integer;
+ max-transfer-time-out integer;
+ max-transfer-idle-in integer;
+ max-transfer-idle-out integer;
+ max-retry-time integer;
+ min-retry-time integer;
+ max-refresh-time integer;
+ min-refresh-time integer;
+ multi-master boolean;
+ sig-validity-interval integer;
+
+ transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+
+ alt-transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ alt-transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+ use-alt-transfer-source boolean;
+
+ zone-statistics boolean;
+ key-directory quoted_string;
+
+ ixfr-base quoted_string; // obsolete
+ ixfr-tmp-file quoted_string; // obsolete
+ maintain-ixfr-base boolean; // obsolete
+ max-ixfr-log-size size; // obsolete
+ pubkey integer integer integer quoted_string; // obsolete
+};

SERVER

server ( ipv4_address | ipv6_address ) {
+ bogus boolean;
+ edns boolean;
+ provide-ixfr boolean;
+ request-ixfr boolean;
+ support-ixfr boolean; // obsolete
+ keys server_key;
+ transfers integer;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( ipv4_address | * )
+ [ port ( integer | * ) ];
+ transfer-source-v6 ( ipv6_address | * )
+ [ port ( integer | * ) ];
+};

TRUSTED-KEYS

trusted-keys {
+ domain_name flags protocol algorithm key; ... 
+};

FILES

/etc/named.conf

SEE ALSO

named(8), +rndc(8), +BIND 9 Adminstrators Reference Manual.