'\" te .\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") .\" Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" Portions Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved. .TH named.conf 4 "28 Nov 2009" "SunOS 5.11" "File Formats" .SH NAME named.conf \- configuration file for named .SH SYNOPSIS .LP .nf named.conf .fi .SH DESCRIPTION .sp .LP \fBnamed.conf\fR is the configuration file for \fBnamed\fR(1M). Statements are enclosed in braces and terminated with a semicolon. Clauses in the statements are also terminated with a semicolon. The usual comment styles are supported: .sp .ne 2 .mk .na \fBC style\fR .ad .RS 14n .rt /* */ .RE .sp .ne 2 .mk .na \fBC++ style\fR .ad .RS 14n .rt // to end of line .RE .sp .ne 2 .mk .na \fBUnix style\fR .ad .RS 14n .rt # to end of line .RE .SS "ACL" .sp .in +2 .nf acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi .in -2 .SS "Key" .sp .in +2 .nf key \fIdomain_name\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; .fi .in -2 .SS "Masters" .sp .in +2 .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ... }; .fi .in -2 .SS "Server" .sp .in +2 .nf server ( \fIipv4_address\fR[/\fIprefixlen\fR] | \fIipv6_address\fR[/\fIprefixlen\fR] ) { bogus \fIboolean\fR; edns \fIboolean\fR; edns-udp-size \fIinteger\fR; max-udp-size \fIinteger\fR; provide-ixfr \fIboolean\fR; request-ixfr \fIboolean\fR; keys \fIserver_key\fR; transfers \fIinteger\fR; transfer-format ( many-answers | one-answer ); transfer-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; transfer-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; support-ixfr \fIboolean\fR; // obsolete }. .fi .in -2 .SS "Trusted-Keys" .sp .in +2 .nf trusted-keys { \fIdomain_name flags protocol algorithm key\fR; ... }; .fi .in -2 .SS "Controls" .sp .in +2 .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] allow { \fIaddress_match_element\fR; ... } [ keys { \fIstring\fR; ... } ]; unix \fIunsupported\fR; // not implemented } .fi .in -2 .SS "Logging" .sp .in +2 .nf logging { channel string { file \fIlog_file\fR; syslog \fIoptional_facility\fR; null; stderr; severity \fIlog_severity\fR; print-time \fIboolean\fR; print-severity \fIboolean\fR; print-category \fIboolean\fR; }; category \fIstring\fR { \fIstring\fR; ... }; }; .fi .in -2 .SS "LWRES" .sp .in +2 .nf lwres { listen-on [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; view \fI\fR \fIstring optional_class\fR; search { \fIstring\fR; ... }; ndots \fIinteger\fR; }; .fi .in -2 .SS "Options" .sp .in +2 .nf options { avoid-v4-udp-ports { \fIport\fR; ... }; avoid-v6-udp-ports { \fIport\fR; ... }; blackhole { \fIaddress_match_element\fR; ... }; coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; dump-file \fIquoted_string\fR; files \fIsize\fR; heartbeat-interval \fIinteger\fR; host-statistics \fIboolean\fR; // not implemented host-statistics-max \fInumber\fR; // not implemented hostname ( \fIquoted_string\fR | none ); interface-interval \fIinteger\fR; listen-on [ port \fIinteger\fR ] \e { \fIaddress_match_element\fR; ... }; listen-on-v6 [ port \fIinteger\fR ] \e { \fIaddress_match_element\fR; ... }; match-mapped-addresses \fIboolean\fR; memstatistics-file \fIquoted_string\fR; pid-file ( \fIquoted_string\fR | none ); port \fIinteger\fR; querylog \fIboolean\fR; recursing-file \fIquoted_string\fR; reserved-sockets \fIinteger\fR; random-device \fIquoted_string\fR; recursive-clients \fIinteger\fR; serial-query-rate \fIinteger\fR; server-id ( \fIquoted_string\fR | none |; stacksize \fIsize\fR; statistics-file \fIquoted_string\fR; statistics-interval \fIinteger\fR; \e // not yet implemented tcp-clients \fIinteger\fR; tcp-listen-queue \fIinteger\fR; tkey-dhkey \fIquoted_string integer\fR; tkey-gssapi-credential \fIquoted_string\fR; tkey-domain \fIquoted_string\fR; transfers-per-ns \fIinteger\fR; transfers-in \fIinteger\fR; transfers-out \fIinteger\fR; use-ixfr \fIboolean\fR; version ( \fIquoted_string\fR | none ); allow-recursion { \fIaddress_match_element\fR; ... }; allow-recursion-on { \fIaddress_match_element\fR; ... }; sortlist { \fIaddress_match_element\fR; ... }; topology { \fIaddress_match_element\fR; ... }; \e // not implemented auth-nxdomain \fIboolean\fR; // default changed minimal-responses \fIboolean\fR; recursion \fIboolean\fR; rrset-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name \fIquoted_string\fR ] \fIstring string\fR; ... }; provide-ixfr \fIboolean\fR; request-ixfr \fIboolean\fR; rfc2308-type1 \fIboolean\fR; // not yet implemented additional-from-auth \fIboolean\fR; additional-from-cache \fIboolean\fR; query-source ( ( \fIipv4_address\fR | * ) | \e [ address ( \fIipv4_address\fR | * ) ] ) \e [ port ( \fIinteger\fR | * ) ]; query-source-v6 ( ( \fIipv6_address\fR | * ) | \e [ address ( \fIipv6_address\fR | * ) ] ) \e [ port ( \fIinteger\fR | * ) ]; use-queryport-pool \fIboolean\fR; queryport-pool-ports \fIinteger\fR; queryport-pool-updateinterval \fIinteger\fR; cleaning-interval \fIinteger\fR; min-roots \fIinteger\fR; // not implemented lame-ttl \fIinteger\fR; max-ncache-ttl \fIinteger\fR; max-cache-ttl \fIinteger\fR; transfer-format ( many-answers | one-answer ); max-cache-size \fIsize\fR; max-acache-size \fIsize\fR; clients-per-query \fInumber\fR; max-clients-per-query \fInumber\fR; check-names ( master | slave | response )\e ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity \fIboolean\fR; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); cache-file \fIquoted_string\fR; // test option suppress-initial-notify \fIboolean\fR; \e // not yet implemented preferred-glue \fIstring\fR; dual-stack-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | ipv4_address [port \fIinteger\fR] | ipv6_address [port \fIinteger\fR] ); ... }; edns-udp-size \fIinteger\fR; max-udp-size \fIinteger\fR; root-delegation-only [ exclude { \fIquoted_string\fR; ... } ]; disable-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec-enable \fIboolean\fR; dnssec-validation \fIboolean\fR; dnssec-lookaside string trust-anchor \fIstring\fR; dnssec-must-be-secure \fIstring boolean\fR; dnssec-accept-expired \fIboolean\fR; empty-server \fIstring\fR; empty-contact \fIstring\fR; empty-zones-enable \fIboolean\fR; disable-empty-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr-from-differences ixfrdiff; allow-query { \fIaddress_match_element\fR; \e ... }; allow-query-on { \fIaddress_match_element\fR; \e ... }; allow-query-cache { \fIaddress_match_element\fR; \e ... }; allow-query-cache-on { \fIaddress_match_element\fR; \e ... }; allow-transfer { \fIaddress_match_element\fR; \e ... }; allow-update { \fIaddress_match_element\fR; \e ... }; allow-update-forwarding { \fIaddress_match_element\fR; \e ... }; update-check-ksk \fIboolean\fR; masterfile-format ( text | raw ); notify \fInotifytype\fR; notify-source ( \fIipv4_address\fR | * ) \e [ port ( \fIinteger\fR | * ) ]; notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify-delay \fIseconds\fR; notify-to-soa \fIboolean\fR; also-notify [ port \fIinteger\fR ] \e { ( \fIipv4_address\fR | \fIipv6_address\fR \e) [port integer ]; ... }; allow-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; max-journal-size \fIsize_no_default\fR; max-transfer-time-in \fIinteger\fR; max-transfer-time-out \fIinteger\fR; max-transfer-idle-in \fIinteger\fR; max-transfer-idle-out \fIinteger\fR; max-retry-time \fIinteger\fR; min-retry-time \fIinteger\fR; max-refresh-time \fIinteger\fR; min-refresh-time \fIinteger\fR; multi-master \fIboolean\fR; sig-validity-interval \fIinteger\fR; sig-re-signing-interval \fIinteger\fR; sig-signing-nodes \fIinteger\fR; sig-signing-signatures \fIinteger\fR; sig-signing-type \fIinteger\fR; transfer-source ( \fIipv4_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; transfer-source-v6 ( \fIipv6_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; alt-transfer-source ( \fIipv4_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; alt-transfer-source-v6 ( \fIipv6_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; use-alt-transfer-source \fIboolean\fR; zone-statistics \fIboolean\fR; key-directory \fIquoted_string\fR; try-tcp-refresh \fIboolean\fR; zero-no-soa-ttl \fIboolean\fR; zero-no-soa-ttl-cache \fIboolean\fR; nsec3-test-zone \fIboolean\fR; // testing only allow-v6-synthesis { \fIaddress_match_element\fR; ... }; \e // obsolete deallocate-on-exit \fIboolean\fR; // obsolete fake-iquery \fIboolean\fR; // obsolete fetch-glue \fIboolean\fR; // obsolete has-old-clients \fIboolean\fR; // obsolete maintain-ixfr-base \fIboolean\fR; // obsolete max-ixfr-log-size \fIsize\fR; // obsolete multiple-cnames \fIboolean\fR; // obsolete named-xfer \fIquoted_string\fR; // obsolete serial-queries \fIinteger\fR; // obsolete treat-cr-as-space \fIboolean\fR; // obsolete use-id-pool \fIboolean\fR; // obsolete }; .fi .in -2 .SS "View" .sp .in +2 .nf view \fIstring optional_class\fR { match-clients { \fIaddress_match_element\fR; ... }; match-destinations { \fIaddress_match_element\fR; ... }; match-recursive-only \fIboolean\fR; key \fIstring\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; zone \fIstring optional_class\fR { ... }; server ( \fIipv4_address\fR[/\fIprefixlen\fR] | \fIipv6_address\fR[/\fIprefixlen\fR]) { ... }; trusted-keys { \fIstring integer integer integer quoted_string\fR; ... }; allow-recursion { \fIaddress_match_element\fR; ... }; allow-recursion-on { \fIaddress_match_element\fR; ... }; sortlist { \fIaddress_match_element\fR; ... }; topology { \fIaddress_match_element\fR; ... }; // not implemented auth-nxdomain \fIboolean\fR; // default changed minimal-responses \fIboolean\fR; recursion \fIboolean\fR; rrset-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name \fIquoted_string\fR ] string \fIstring\fR; ... }; provide-ixfr \fIboolean\fR; request-ixfr \fIboolean\fR; rfc2308-type1 \fIboolean\fR; // not yet implemented additional-from-auth \fIboolean\fR; additional-from-cache \fIboolean\fR; query-source ( ( \fIipv4_address\fR | * ) | [ address \e ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; query-source-v6 ( ( \fIipv6_address\fR | * ) | [ address \e ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; use-queryport-pool \fIboolean\fR; queryport-pool-ports \fIinteger\fR; queryport-pool-updateinterval \fIinteger\fR; cleaning-interval \fIinteger\fR; min-roots \fIinteger\fR; // not implemented lame-ttl \fIinteger\fR; max-ncache-ttl \fIinteger\fR; max-cache-ttl \fIinteger\fR; transfer-format ( many-answers | one-answer ); max-cache-size \fIsize\fR; max-acache-size \fIsize\fR; clients-per-query \fInumber\fR; max-clients-per-query \fInumber\fR; check-names ( master | slave | response )\e ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity \fIboolean\fR; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); cache-file \fIquoted_string\fR; // test option suppress-initial-notify \fIboolean\fR; // not yet implemented preferred-glue \fIstring\fR; dual-stack-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ); ... }; edns-udp-size \fIinteger\fR; max-udp-size \fIinteger\fR; root-delegation-only [ exclude { quoted_string; ... } ]; disable-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec-enable \fIboolean\fR; dnssec-validation \fIboolean\fR; dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR; dnssec-must-be-secure \fIstring boolean\fR; dnssec-accept-expired \fIboolean\fR; empty-server \fIstring\fR; empty-contact \fIstring\fR; empty-zones-enable \fIboolean\fR; disable-empty-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr-from-differences \fIixfrdiff\fR; allow-query { \fIaddress_match_element\fR; ... }; allow-query-on { \fIaddress_match_element\fR; ... }; allow-query-cache { \fI\fR \fIaddress_match_element\fR; ... }; allow-query-cache-on { address_match_element; ... }; allow-transfer { \fIaddress_match_element\fR; ... }; allow-update { \fIaddress_match_element\fR; ... }; allow-update-forwarding { \fIaddress_match_element\fR; ... }; update-check-ksk \fIboolean\fR; masterfile-format ( text | raw ); notify notifytype; notify-source ( \fIipv4_address\fR | * ) \e [ port ( \fIinteger\fR | * ) ]; notify-source-v6 ( \fIipv6_address\fR | * ) \e [ port ( \fIinteger\fR | * ) ]; notify-delay \fIseconds\fR; notify-to-soa \fIboolean\fR; also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \e \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; allow-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] \e{ ( \fIipv4_address\fR | \fIipv6_address\fR ) \e [ port \fIinteger\fR ]; ... }; max-journal-size \fIsize_no_default\fR; max-transfer-time-in \fIinteger\fR; max-transfer-time-out \fIinteger\fR; max-transfer-idle-in \fIinteger\fR; max-transfer-idle-out \fIinteger\fR; max-retry-time \fIinteger\fR; min-retry-time \fIinteger\fR; max-refresh-time \fIinteger\fR; min-refresh-time \fIinteger\fR; multi-master \fIboolean\fR; sig-validity-interval \fIinteger\fR; transfer-source ( \fIipv4_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; transfer-source-v6 ( \fIipv6_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; alt-transfer-source ( \fIipv4_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; alt-transfer-source-v6 ( \fIipv6_address\fR | * )\e [ port ( \fIinteger\fR | * ) ]; use-alt-transfer-source \fIboolean\fR; zone-statistics \fIboolean\fR; try-tcp-refresh \fIboolean\fR; key-directory \fIquoted_string\fR; zero-no-soa-ttl \fIboolean\fR; zero-no-soa-ttl-cache \fIboolean\fR; allow-v6-synthesis { \fIaddress_match_element\fR; ... };\e // obsolete fetch-glue \fIboolean\fR; // obsolete maintain-ixfr-base \fIboolean\fR; // obsolete max-ixfr-log-size \fIsize\fR; // obsolete }; .fi .in -2 .SS "Zone" .sp .in +2 .nf zone\fIstring optional_class\fR { type ( master | slave | stub | hint | forward | delegation-only ); file \fIquoted_string\fR; masters [ port \fIinteger\fR ] \e{ ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ... }; database \fIstring\fR; delegation-only \fIboolean\fR; check-names ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity \fIboolean\fR; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); dialup \fIdialuptype\fR; ixfr-from-differences \fIboolean\fR; journal \fIquoted_string\fR; zero-no-soa-ttl \fIboolean\fR; allow-query { \fIaddress_match_element\fR; ... }; allow-query-on { \fIaddress_match_element\fR; ... }; allow-transfer { \fIaddress_match_element\fR; ... }; allow-update { \fIaddress_match_element\fR; ... }; allow-update-forwarding { \fIaddress_match_element\fR; ... }; update-policy { ( grant | deny ) \fIstring\fR ( name | subdomain | wildcard | self | selfsub | selfwild |krb5-self | ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self ) \fIstring\fR rrtypelist; ... }; update-check-ksk \fIboolean\fR; masterfile-format ( text | raw ); notify \fInotifytype\fR; notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify-delay \fIseconds\fR; notify-to-soa \fIboolean\fR; also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | ipv6_address ) [ port integer ]; ... }; allow-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; max-journal-size \fIsize_no_default\fR; max-transfer-time-in \fIinteger\fR; max-transfer-time-out \fIinteger\fR; max-transfer-idle-in \fIinteger\fR; max-transfer-idle-out \fIinteger\fR; max-retry-time \fIinteger\fR; min-retry-time \fIinteger\fR; max-refresh-time \fIinteger\fR; min-refresh-time \fIinteger\fR; multi-master \fIboolean\fR; sig-validity-interval \fIinteger\fR; transfer-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; transfer-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt-transfer-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; alt-transfer-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; use-alt-transfer-source \fIboolean\fR; zone-statistics \fIboolean\fR; try-tcp-refresh \fIboolean\fR; key-directory \fIquoted_string\fR; nsec3-test-zone \fIboolean\fR; // testing only ixfr-base \fIquoted_string\fR; // obsolete ixfr-tmp-file \fIquoted_string\fR; // obsolete maintain-ixfr-base \fIboolean\fR; // obsolete max-ixfr-log-size \fIsize\fR; // obsolete pubkey \fIinteger integer integer quoted_string\fR; // obsolete }; .fi .in -2 .SH SEE ALSO .sp .LP \fBnamed\fR(1M), \fBnamed-checkconf\fR(1M), \fBrndc\fR(1M) .sp .LP \fIBIND 9 Administrator Reference Manual\fR