Arch manual pages

NAMED.CONF(5) BIND 9 NAMED.CONF(5)

named.conf - configuration file for **named**

named.conf

named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

acl string { address_match_element; ... };

controls {
      inet ( ipv4_address | ipv6_address |
          * ) [ port ( integer | * ) ] allow
          { address_match_element; ... } [
          keys { string; ... } ] [ read-only
          boolean ];
      unix quoted_string perm integer
          owner integer group integer [
          keys { string; ... } ] [ read-only
          boolean ];
};

dlz string {
      database string;
      search boolean;
};

dnssec-policy string {
      dnskey-ttl duration;
      keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
          duration_or_unlimited algorithm string [ integer ]; ... };
      max-zone-ttl duration;
      parent-ds-ttl duration;
      parent-propagation-delay duration;
      publish-safety duration;
      retire-safety duration;
      signatures-refresh duration;
      signatures-validity duration;
      signatures-validity-dnskey duration;
      zone-propagation-delay duration;
};

dyndb string quoted_string {
    unspecified-text };

key string {
      algorithm string;
      secret string;
};

logging {
      category string { string; ... };
      channel string {
              buffered boolean;
              file quoted_string [ versions ( unlimited | integer ) ]
                  [ size size ] [ suffix ( increment | timestamp ) ];
              null;
              print-category boolean;
              print-severity boolean;
              print-time ( iso8601 | iso8601-utc | local | boolean );
              severity log_severity;
              stderr;
              syslog [ syslog_facility ];
      };
};

See DNSSEC-KEYS.
managed-keys { string ( static-key
    | initial-key | static-ds |
    initial-ds ) integer integer
    integer quoted_string; ... };, deprecated

masters string [ port integer ] [ dscp
    integer ] { ( masters | ipv4_address [
    port integer ] | ipv6_address [ port
    integer ] ) [ key string ]; ... };

options {
      allow-new-zones boolean;
      allow-notify { address_match_element; ... };
      allow-query { address_match_element; ... };
      allow-query-cache { address_match_element; ... };
      allow-query-cache-on { address_match_element; ... };
      allow-query-on { address_match_element; ... };
      allow-recursion { address_match_element; ... };
      allow-recursion-on { address_match_element; ... };
      allow-transfer { address_match_element; ... };
      allow-update { address_match_element; ... };
      allow-update-forwarding { address_match_element; ... };
      also-notify [ port integer ] [ dscp integer ] { ( masters |
          ipv4_address [ port integer ] | ipv6_address [ port
          integer ] ) [ key string ]; ... };
      alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
          * ) ] [ dscp integer ];
      answer-cookie boolean;
      attach-cache string;
      auth-nxdomain boolean; // default changed
      auto-dnssec ( allow | maintain | off );
      automatic-interface-scan boolean;
      avoid-v4-udp-ports { portrange; ... };
      avoid-v6-udp-ports { portrange; ... };
      bindkeys-file quoted_string;
      blackhole { address_match_element; ... };
      cache-file quoted_string;
      catalog-zones { zone string [ default-masters [ port integer ]
          [ dscp integer ] { ( masters | ipv4_address [ port
          integer ] | ipv6_address [ port integer ] ) [ key
          string ]; ... } ] [ zone-directory quoted_string ] [
          in-memory boolean ] [ min-update-interval duration ]; ... };
      check-dup-records ( fail | warn | ignore );
      check-integrity boolean;
      check-mx ( fail | warn | ignore );
      check-mx-cname ( fail | warn | ignore );
      check-names ( primary | master |
          secondary | slave | response ) (
          fail | warn | ignore );
      check-sibling boolean;
      check-spf ( warn | ignore );
      check-srv-cname ( fail | warn | ignore );
      check-wildcard boolean;
      clients-per-query integer;
      cookie-algorithm ( aes | siphash24 );
      cookie-secret string;
      coresize ( default | unlimited | sizeval );
      datasize ( default | unlimited | sizeval );
      deny-answer-addresses { address_match_element; ... } [
          except-from { string; ... } ];
      deny-answer-aliases { string; ... } [ except-from { string; ...
          } ];
      dialup ( notify | notify-passive | passive | refresh | boolean );
      directory quoted_string;
      disable-algorithms string { string;
          ... };
      disable-ds-digests string { string;
          ... };
      disable-empty-zone string;
      dns64 netprefix {
              break-dnssec boolean;
              clients { address_match_element; ... };
              exclude { address_match_element; ... };
              mapped { address_match_element; ... };
              recursive-only boolean;
              suffix ipv6_address;
      };
      dns64-contact string;
      dns64-server string;
      dnskey-sig-validity integer;
      dnsrps-enable boolean;
      dnsrps-options { unspecified-text };
      dnssec-accept-expired boolean;
      dnssec-dnskey-kskonly boolean;
      dnssec-loadkeys-interval integer;
      dnssec-must-be-secure string boolean;
      dnssec-policy string;
      dnssec-secure-to-insecure boolean;
      dnssec-update-mode ( maintain | no-resign );
      dnssec-validation ( yes | no | auto );
      dnstap { ( all | auth | client | forwarder |
          resolver | update ) [ ( query | response ) ];
          ... };
      dnstap-identity ( quoted_string | none |
          hostname );
      dnstap-output ( file | unix ) quoted_string [
          size ( unlimited | size ) ] [ versions (
          unlimited | integer ) ] [ suffix ( increment
          | timestamp ) ];
      dnstap-version ( quoted_string | none );
      dscp integer;
      dual-stack-servers [ port integer ] { ( quoted_string [ port
          integer ] [ dscp integer ] | ipv4_address [ port
          integer ] [ dscp integer ] | ipv6_address [ port
          integer ] [ dscp integer ] ); ... };
      dump-file quoted_string;
      edns-udp-size integer;
      empty-contact string;
      empty-server string;
      empty-zones-enable boolean;
      fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
      fetches-per-server integer [ ( drop | fail ) ];
      fetches-per-zone integer [ ( drop | fail ) ];
      files ( default | unlimited | sizeval );
      flush-zones-on-shutdown boolean;
      forward ( first | only );
      forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
          | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
      fstrm-set-buffer-hint integer;
      fstrm-set-flush-timeout integer;
      fstrm-set-input-queue-size integer;
      fstrm-set-output-notify-threshold integer;
      fstrm-set-output-queue-model ( mpsc | spsc );
      fstrm-set-output-queue-size integer;
      fstrm-set-reopen-interval duration;
      geoip-directory ( quoted_string | none );
      glue-cache boolean;
      heartbeat-interval integer;
      hostname ( quoted_string | none );
      inline-signing boolean;
      interface-interval duration;
      ixfr-from-differences ( primary | master | secondary | slave |
          boolean );
      keep-response-order { address_match_element; ... };
      key-directory quoted_string;
      lame-ttl duration;
      listen-on [ port integer ] [ dscp
          integer ] {
          address_match_element; ... };
      listen-on-v6 [ port integer ] [ dscp
          integer ] {
          address_match_element; ... };
      lmdb-mapsize sizeval;
      lock-file ( quoted_string | none );
      managed-keys-directory quoted_string;
      masterfile-format ( map | raw | text );
      masterfile-style ( full | relative );
      match-mapped-addresses boolean;
      max-cache-size ( default | unlimited | sizeval | percentage );
      max-cache-ttl duration;
      max-clients-per-query integer;
      max-journal-size ( default | unlimited | sizeval );
      max-ncache-ttl duration;
      max-records integer;
      max-recursion-depth integer;
      max-recursion-queries integer;
      max-refresh-time integer;
      max-retry-time integer;
      max-rsa-exponent-size integer;
      max-stale-ttl duration;
      max-transfer-idle-in integer;
      max-transfer-idle-out integer;
      max-transfer-time-in integer;
      max-transfer-time-out integer;
      max-udp-size integer;
      max-zone-ttl ( unlimited | duration );
      memstatistics boolean;
      memstatistics-file quoted_string;
      message-compression boolean;
      min-cache-ttl duration;
      min-ncache-ttl duration;
      min-refresh-time integer;
      min-retry-time integer;
      minimal-any boolean;
      minimal-responses ( no-auth | no-auth-recursive | boolean );
      multi-master boolean;
      new-zones-directory quoted_string;
      no-case-compress { address_match_element; ... };
      nocookie-udp-size integer;
      notify ( explicit | master-only | boolean );
      notify-delay integer;
      notify-rate integer;
      notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
          [ dscp integer ];
      notify-to-soa boolean;
      nta-lifetime duration;
      nta-recheck duration;
      nxdomain-redirect string;
      pid-file ( quoted_string | none );
      port integer;
      preferred-glue string;
      prefetch integer [ integer ];
      provide-ixfr boolean;
      qname-minimization ( strict | relaxed | disabled | off );
      query-source ( ( [ address ] ( ipv4_address | * ) [ port (
          integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
          port ( integer | * ) ) ) [ dscp integer ];
      query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
          integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
          port ( integer | * ) ) ) [ dscp integer ];
      querylog boolean;
      random-device ( quoted_string | none );
      rate-limit {
              all-per-second integer;
              errors-per-second integer;
              exempt-clients { address_match_element; ... };
              ipv4-prefix-length integer;
              ipv6-prefix-length integer;
              log-only boolean;
              max-table-size integer;
              min-table-size integer;
              nodata-per-second integer;
              nxdomains-per-second integer;
              qps-scale integer;
              referrals-per-second integer;
              responses-per-second integer;
              slip integer;
              window integer;
      };
      recursing-file quoted_string;
      recursion boolean;
      recursive-clients integer;
      request-expire boolean;
      request-ixfr boolean;
      request-nsid boolean;
      require-server-cookie boolean;
      reserved-sockets integer;
      resolver-nonbackoff-tries integer;
      resolver-query-timeout integer;
      resolver-retry-interval integer;
      response-padding { address_match_element; ... } block-size
          integer;
      response-policy { zone string [ add-soa boolean ] [ log
          boolean ] [ max-policy-ttl duration ] [ min-update-interval
          duration ] [ policy ( cname | disabled | drop | given | no-op
          | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
          recursive-only boolean ] [ nsip-enable boolean ] [
          nsdname-enable boolean ]; ... } [ add-soa boolean ] [
          break-dnssec boolean ] [ max-policy-ttl duration ] [
          min-update-interval duration ] [ min-ns-dots integer ] [
          nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
          [ recursive-only boolean ] [ nsip-enable boolean ] [
          nsdname-enable boolean ] [ dnsrps-enable boolean ] [
          dnsrps-options { unspecified-text } ];
      root-delegation-only [ exclude { string; ... } ];
      root-key-sentinel boolean;
      rrset-order { [ class string ] [ type string ] [ name
          quoted_string ] string string; ... };
      secroots-file quoted_string;
      send-cookie boolean;
      serial-query-rate integer;
      serial-update-method ( date | increment | unixtime );
      server-id ( quoted_string | none | hostname );
      servfail-ttl duration;
      session-keyalg string;
      session-keyfile ( quoted_string | none );
      session-keyname string;
      sig-signing-nodes integer;
      sig-signing-signatures integer;
      sig-signing-type integer;
      sig-validity-interval integer [ integer ];
      sortlist { address_match_element; ... };
      stacksize ( default | unlimited | sizeval );
      stale-answer-enable boolean;
      stale-answer-ttl duration;
      stale-cache-enable boolean;
      startup-notify-rate integer;
      statistics-file quoted_string;
      synth-from-dnssec boolean;
      tcp-advertised-timeout integer;
      tcp-clients integer;
      tcp-idle-timeout integer;
      tcp-initial-timeout integer;
      tcp-keepalive-timeout integer;
      tcp-listen-queue integer;
      tkey-dhkey quoted_string integer;
      tkey-domain quoted_string;
      tkey-gssapi-credential quoted_string;
      tkey-gssapi-keytab quoted_string;
      transfer-format ( many-answers | one-answer );
      transfer-message-size integer;
      transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      transfers-in integer;
      transfers-out integer;
      transfers-per-ns integer;
      trust-anchor-telemetry boolean; // experimental
      try-tcp-refresh boolean;
      update-check-ksk boolean;
      use-alt-transfer-source boolean;
      use-v4-udp-ports { portrange; ... };
      use-v6-udp-ports { portrange; ... };
      v6-bias integer;
      validate-except { string; ... };
      version ( quoted_string | none );
      zero-no-soa-ttl boolean;
      zero-no-soa-ttl-cache boolean;
      zone-statistics ( full | terse | none | boolean );
};

plugin ( query ) string [ { unspecified-text
    } ];

server netprefix {
      bogus boolean;
      edns boolean;
      edns-udp-size integer;
      edns-version integer;
      keys server_key;
      max-udp-size integer;
      notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
          [ dscp integer ];
      padding integer;
      provide-ixfr boolean;
      query-source ( ( [ address ] ( ipv4_address | * ) [ port (
          integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
          port ( integer | * ) ) ) [ dscp integer ];
      query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
          integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
          port ( integer | * ) ) ) [ dscp integer ];
      request-expire boolean;
      request-ixfr boolean;
      request-nsid boolean;
      send-cookie boolean;
      tcp-keepalive boolean;
      tcp-only boolean;
      transfer-format ( many-answers | one-answer );
      transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      transfers integer;
};

statistics-channels {
      inet ( ipv4_address | ipv6_address |
          * ) [ port ( integer | * ) ] [
          allow { address_match_element; ...
          } ];
};

trust-anchors { string ( static-key |
    initial-key | static-ds | initial-ds )
    integer integer integer
    quoted_string; ... };

Deprecated - see DNSSEC-KEYS.
trusted-keys { string integer
    integer integer
    quoted_string; ... };, deprecated

view string [ class ] {
      allow-new-zones boolean;
      allow-notify { address_match_element; ... };
      allow-query { address_match_element; ... };
      allow-query-cache { address_match_element; ... };
      allow-query-cache-on { address_match_element; ... };
      allow-query-on { address_match_element; ... };
      allow-recursion { address_match_element; ... };
      allow-recursion-on { address_match_element; ... };
      allow-transfer { address_match_element; ... };
      allow-update { address_match_element; ... };
      allow-update-forwarding { address_match_element; ... };
      also-notify [ port integer ] [ dscp integer ] { ( masters |
          ipv4_address [ port integer ] | ipv6_address [ port
          integer ] ) [ key string ]; ... };
      alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
          * ) ] [ dscp integer ];
      attach-cache string;
      auth-nxdomain boolean; // default changed
      auto-dnssec ( allow | maintain | off );
      cache-file quoted_string;
      catalog-zones { zone string [ default-masters [ port integer ]
          [ dscp integer ] { ( masters | ipv4_address [ port
          integer ] | ipv6_address [ port integer ] ) [ key
          string ]; ... } ] [ zone-directory quoted_string ] [
          in-memory boolean ] [ min-update-interval duration ]; ... };
      check-dup-records ( fail | warn | ignore );
      check-integrity boolean;
      check-mx ( fail | warn | ignore );
      check-mx-cname ( fail | warn | ignore );
      check-names ( primary | master |
          secondary | slave | response ) (
          fail | warn | ignore );
      check-sibling boolean;
      check-spf ( warn | ignore );
      check-srv-cname ( fail | warn | ignore );
      check-wildcard boolean;
      clients-per-query integer;
      deny-answer-addresses { address_match_element; ... } [
          except-from { string; ... } ];
      deny-answer-aliases { string; ... } [ except-from { string; ...
          } ];
      dialup ( notify | notify-passive | passive | refresh | boolean );
      disable-algorithms string { string;
          ... };
      disable-ds-digests string { string;
          ... };
      disable-empty-zone string;
      dlz string {
              database string;
              search boolean;
      };
      dns64 netprefix {
              break-dnssec boolean;
              clients { address_match_element; ... };
              exclude { address_match_element; ... };
              mapped { address_match_element; ... };
              recursive-only boolean;
              suffix ipv6_address;
      };
      dns64-contact string;
      dns64-server string;
      dnskey-sig-validity integer;
      dnsrps-enable boolean;
      dnsrps-options { unspecified-text };
      dnssec-accept-expired boolean;
      dnssec-dnskey-kskonly boolean;
      dnssec-loadkeys-interval integer;
      dnssec-must-be-secure string boolean;
      dnssec-policy string;
      dnssec-secure-to-insecure boolean;
      dnssec-update-mode ( maintain | no-resign );
      dnssec-validation ( yes | no | auto );
      dnstap { ( all | auth | client | forwarder |
          resolver | update ) [ ( query | response ) ];
          ... };
      dual-stack-servers [ port integer ] { ( quoted_string [ port
          integer ] [ dscp integer ] | ipv4_address [ port
          integer ] [ dscp integer ] | ipv6_address [ port
          integer ] [ dscp integer ] ); ... };
      dyndb string quoted_string {
          unspecified-text };
      edns-udp-size integer;
      empty-contact string;
      empty-server string;
      empty-zones-enable boolean;
      fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
      fetches-per-server integer [ ( drop | fail ) ];
      fetches-per-zone integer [ ( drop | fail ) ];
      forward ( first | only );
      forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
          | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
      glue-cache boolean;
      inline-signing boolean;
      ixfr-from-differences ( primary | master | secondary | slave |
          boolean );
      key string {
              algorithm string;
              secret string;
      };
      key-directory quoted_string;
      lame-ttl duration;
      lmdb-mapsize sizeval;
      managed-keys { string (
          static-key | initial-key
          | static-ds | initial-ds
          ) integer integer
          integer
          quoted_string; ... };, deprecated
      masterfile-format ( map | raw | text );
      masterfile-style ( full | relative );
      match-clients { address_match_element; ... };
      match-destinations { address_match_element; ... };
      match-recursive-only boolean;
      max-cache-size ( default | unlimited | sizeval | percentage );
      max-cache-ttl duration;
      max-clients-per-query integer;
      max-journal-size ( default | unlimited | sizeval );
      max-ncache-ttl duration;
      max-records integer;
      max-recursion-depth integer;
      max-recursion-queries integer;
      max-refresh-time integer;
      max-retry-time integer;
      max-stale-ttl duration;
      max-transfer-idle-in integer;
      max-transfer-idle-out integer;
      max-transfer-time-in integer;
      max-transfer-time-out integer;
      max-udp-size integer;
      max-zone-ttl ( unlimited | duration );
      message-compression boolean;
      min-cache-ttl duration;
      min-ncache-ttl duration;
      min-refresh-time integer;
      min-retry-time integer;
      minimal-any boolean;
      minimal-responses ( no-auth | no-auth-recursive | boolean );
      multi-master boolean;
      new-zones-directory quoted_string;
      no-case-compress { address_match_element; ... };
      nocookie-udp-size integer;
      notify ( explicit | master-only | boolean );
      notify-delay integer;
      notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
          [ dscp integer ];
      notify-to-soa boolean;
      nta-lifetime duration;
      nta-recheck duration;
      nxdomain-redirect string;
      plugin ( query ) string [ {
          unspecified-text } ];
      preferred-glue string;
      prefetch integer [ integer ];
      provide-ixfr boolean;
      qname-minimization ( strict | relaxed | disabled | off );
      query-source ( ( [ address ] ( ipv4_address | * ) [ port (
          integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
          port ( integer | * ) ) ) [ dscp integer ];
      query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
          integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
          port ( integer | * ) ) ) [ dscp integer ];
      rate-limit {
              all-per-second integer;
              errors-per-second integer;
              exempt-clients { address_match_element; ... };
              ipv4-prefix-length integer;
              ipv6-prefix-length integer;
              log-only boolean;
              max-table-size integer;
              min-table-size integer;
              nodata-per-second integer;
              nxdomains-per-second integer;
              qps-scale integer;
              referrals-per-second integer;
              responses-per-second integer;
              slip integer;
              window integer;
      };
      recursion boolean;
      request-expire boolean;
      request-ixfr boolean;
      request-nsid boolean;
      require-server-cookie boolean;
      resolver-nonbackoff-tries integer;
      resolver-query-timeout integer;
      resolver-retry-interval integer;
      response-padding { address_match_element; ... } block-size
          integer;
      response-policy { zone string [ add-soa boolean ] [ log
          boolean ] [ max-policy-ttl duration ] [ min-update-interval
          duration ] [ policy ( cname | disabled | drop | given | no-op
          | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
          recursive-only boolean ] [ nsip-enable boolean ] [
          nsdname-enable boolean ]; ... } [ add-soa boolean ] [
          break-dnssec boolean ] [ max-policy-ttl duration ] [
          min-update-interval duration ] [ min-ns-dots integer ] [
          nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
          [ recursive-only boolean ] [ nsip-enable boolean ] [
          nsdname-enable boolean ] [ dnsrps-enable boolean ] [
          dnsrps-options { unspecified-text } ];
      root-delegation-only [ exclude { string; ... } ];
      root-key-sentinel boolean;
      rrset-order { [ class string ] [ type string ] [ name
          quoted_string ] string string; ... };
      send-cookie boolean;
      serial-update-method ( date | increment | unixtime );
      server netprefix {
              bogus boolean;
              edns boolean;
              edns-udp-size integer;
              edns-version integer;
              keys server_key;
              max-udp-size integer;
              notify-source ( ipv4_address | * ) [ port ( integer | *
                  ) ] [ dscp integer ];
              notify-source-v6 ( ipv6_address | * ) [ port ( integer
                  | * ) ] [ dscp integer ];
              padding integer;
              provide-ixfr boolean;
              query-source ( ( [ address ] ( ipv4_address | * ) [ port
                  ( integer | * ) ] ) | ( [ [ address ] (
                  ipv4_address | * ) ] port ( integer | * ) ) ) [
                  dscp integer ];
              query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
                  port ( integer | * ) ] ) | ( [ [ address ] (
                  ipv6_address | * ) ] port ( integer | * ) ) ) [
                  dscp integer ];
              request-expire boolean;
              request-ixfr boolean;
              request-nsid boolean;
              send-cookie boolean;
              tcp-keepalive boolean;
              tcp-only boolean;
              transfer-format ( many-answers | one-answer );
              transfer-source ( ipv4_address | * ) [ port ( integer |
                  * ) ] [ dscp integer ];
              transfer-source-v6 ( ipv6_address | * ) [ port (
                  integer | * ) ] [ dscp integer ];
              transfers integer;
      };
      servfail-ttl duration;
      sig-signing-nodes integer;
      sig-signing-signatures integer;
      sig-signing-type integer;
      sig-validity-interval integer [ integer ];
      sortlist { address_match_element; ... };
      stale-answer-enable boolean;
      stale-answer-ttl duration;
      stale-cache-enable boolean;
      synth-from-dnssec boolean;
      transfer-format ( many-answers | one-answer );
      transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      trust-anchor-telemetry boolean; // experimental
      trust-anchors { string ( static-key |
          initial-key | static-ds | initial-ds
          ) integer integer integer
          quoted_string; ... };
      trusted-keys { string
          integer integer
          integer
          quoted_string; ... };, deprecated
      try-tcp-refresh boolean;
      update-check-ksk boolean;
      use-alt-transfer-source boolean;
      v6-bias integer;
      validate-except { string; ... };
      zero-no-soa-ttl boolean;
      zero-no-soa-ttl-cache boolean;
      zone string [ class ] {
              allow-notify { address_match_element; ... };
              allow-query { address_match_element; ... };
              allow-query-on { address_match_element; ... };
              allow-transfer { address_match_element; ... };
              allow-update { address_match_element; ... };
              allow-update-forwarding { address_match_element; ... };
              also-notify [ port integer ] [ dscp integer ] { (
                  masters | ipv4_address [ port integer ] |
                  ipv6_address [ port integer ] ) [ key string ];
                  ... };
              alt-transfer-source ( ipv4_address | * ) [ port (
                  integer | * ) ] [ dscp integer ];
              alt-transfer-source-v6 ( ipv6_address | * ) [ port (
                  integer | * ) ] [ dscp integer ];
              auto-dnssec ( allow | maintain | off );
              check-dup-records ( fail | warn | ignore );
              check-integrity boolean;
              check-mx ( fail | warn | ignore );
              check-mx-cname ( fail | warn | ignore );
              check-names ( fail | warn | ignore );
              check-sibling boolean;
              check-spf ( warn | ignore );
              check-srv-cname ( fail | warn | ignore );
              check-wildcard boolean;
              database string;
              delegation-only boolean;
              dialup ( notify | notify-passive | passive | refresh |
                  boolean );
              dlz string;
              dnskey-sig-validity integer;
              dnssec-dnskey-kskonly boolean;
              dnssec-loadkeys-interval integer;
              dnssec-policy string;
              dnssec-secure-to-insecure boolean;
              dnssec-update-mode ( maintain | no-resign );
              file quoted_string;
              forward ( first | only );
              forwarders [ port integer ] [ dscp integer ] { (
                  ipv4_address | ipv6_address ) [ port integer ] [
                  dscp integer ]; ... };
              in-view string;
              inline-signing boolean;
              ixfr-from-differences boolean;
              journal quoted_string;
              key-directory quoted_string;
              masterfile-format ( map | raw | text );
              masterfile-style ( full | relative );
              masters [ port integer ] [ dscp integer ] { ( masters
                  | ipv4_address [ port integer ] | ipv6_address [
                  port integer ] ) [ key string ]; ... };
              max-journal-size ( default | unlimited | sizeval );
              max-records integer;
              max-refresh-time integer;
              max-retry-time integer;
              max-transfer-idle-in integer;
              max-transfer-idle-out integer;
              max-transfer-time-in integer;
              max-transfer-time-out integer;
              max-zone-ttl ( unlimited | duration );
              min-refresh-time integer;
              min-retry-time integer;
              multi-master boolean;
              notify ( explicit | master-only | boolean );
              notify-delay integer;
              notify-source ( ipv4_address | * ) [ port ( integer | *
                  ) ] [ dscp integer ];
              notify-source-v6 ( ipv6_address | * ) [ port ( integer
                  | * ) ] [ dscp integer ];
              notify-to-soa boolean;
              request-expire boolean;
              request-ixfr boolean;
              serial-update-method ( date | increment | unixtime );
              server-addresses { ( ipv4_address | ipv6_address ); ... };
              server-names { string; ... };
              sig-signing-nodes integer;
              sig-signing-signatures integer;
              sig-signing-type integer;
              sig-validity-interval integer [ integer ];
              transfer-source ( ipv4_address | * ) [ port ( integer |
                  * ) ] [ dscp integer ];
              transfer-source-v6 ( ipv6_address | * ) [ port (
                  integer | * ) ] [ dscp integer ];
              try-tcp-refresh boolean;
              type ( primary | master | secondary | slave | mirror |
                  delegation-only | forward | hint | redirect |
                  static-stub | stub );
              update-check-ksk boolean;
              update-policy ( local | { ( deny | grant ) string (
                  6to4-self | external | krb5-self | krb5-selfsub |
                  krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
                  name | self | selfsub | selfwild | subdomain | tcp-self
                  | wildcard | zonesub ) [ string ] rrtypelist; ... };
              use-alt-transfer-source boolean;
              zero-no-soa-ttl boolean;
              zone-statistics ( full | terse | none | boolean );
      };
      zone-statistics ( full | terse | none | boolean );
};

zone string [ class ] {
      allow-notify { address_match_element; ... };
      allow-query { address_match_element; ... };
      allow-query-on { address_match_element; ... };
      allow-transfer { address_match_element; ... };
      allow-update { address_match_element; ... };
      allow-update-forwarding { address_match_element; ... };
      also-notify [ port integer ] [ dscp integer ] { ( masters |
          ipv4_address [ port integer ] | ipv6_address [ port
          integer ] ) [ key string ]; ... };
      alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
          * ) ] [ dscp integer ];
      auto-dnssec ( allow | maintain | off );
      check-dup-records ( fail | warn | ignore );
      check-integrity boolean;
      check-mx ( fail | warn | ignore );
      check-mx-cname ( fail | warn | ignore );
      check-names ( fail | warn | ignore );
      check-sibling boolean;
      check-spf ( warn | ignore );
      check-srv-cname ( fail | warn | ignore );
      check-wildcard boolean;
      database string;
      delegation-only boolean;
      dialup ( notify | notify-passive | passive | refresh | boolean );
      dlz string;
      dnskey-sig-validity integer;
      dnssec-dnskey-kskonly boolean;
      dnssec-loadkeys-interval integer;
      dnssec-policy string;
      dnssec-secure-to-insecure boolean;
      dnssec-update-mode ( maintain | no-resign );
      file quoted_string;
      forward ( first | only );
      forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
          | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
      in-view string;
      inline-signing boolean;
      ixfr-from-differences boolean;
      journal quoted_string;
      key-directory quoted_string;
      masterfile-format ( map | raw | text );
      masterfile-style ( full | relative );
      masters [ port integer ] [ dscp integer ] { ( masters |
          ipv4_address [ port integer ] | ipv6_address [ port
          integer ] ) [ key string ]; ... };
      max-journal-size ( default | unlimited | sizeval );
      max-records integer;
      max-refresh-time integer;
      max-retry-time integer;
      max-transfer-idle-in integer;
      max-transfer-idle-out integer;
      max-transfer-time-in integer;
      max-transfer-time-out integer;
      max-zone-ttl ( unlimited | duration );
      min-refresh-time integer;
      min-retry-time integer;
      multi-master boolean;
      notify ( explicit | master-only | boolean );
      notify-delay integer;
      notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
          [ dscp integer ];
      notify-to-soa boolean;
      request-expire boolean;
      request-ixfr boolean;
      serial-update-method ( date | increment | unixtime );
      server-addresses { ( ipv4_address | ipv6_address ); ... };
      server-names { string; ... };
      sig-signing-nodes integer;
      sig-signing-signatures integer;
      sig-signing-type integer;
      sig-validity-interval integer [ integer ];
      transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
          dscp integer ];
      transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
          ] [ dscp integer ];
      try-tcp-refresh boolean;
      type ( primary | master | secondary | slave | mirror |
          delegation-only | forward | hint | redirect | static-stub |
          stub );
      update-check-ksk boolean;
      update-policy ( local | { ( deny | grant ) string ( 6to4-self |
          external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
          | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
          | subdomain | tcp-self | wildcard | zonesub ) [ string ]
          rrtypelist; ... };
      use-alt-transfer-source boolean;
      zero-no-soa-ttl boolean;
      zone-statistics ( full | terse | none | boolean );
};

/etc/named.conf

ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-confgen(8), BIND 9 Administrator Reference Manual.

Internet Systems Consortium

2020, Internet Systems Consortium
2020-09-26 9.16.7