config root man

Current Path : /usr/src/contrib/bind9/bin/named/

FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64
Upload File :
Current File : //usr/src/contrib/bind9/bin/named/named.conf.docbook

<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
	       [<!ENTITY mdash "&#8212;">]>
<!--
 - Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
 -
 - Permission to use, copy, modify, and/or distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<!-- $Id: named.conf.docbook,v 1.49.14.2 2011/11/07 00:31:47 marka Exp $ -->
<refentry>
  <refentryinfo>
    <date>Aug 13, 2004</date>
  </refentryinfo>

  <refmeta>
    <refentrytitle><filename>named.conf</filename></refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>BIND9</refmiscinfo>
  </refmeta>

  <refnamediv>
    <refname><filename>named.conf</filename></refname>
    <refpurpose>configuration file for named</refpurpose>
  </refnamediv>

  <docinfo>
    <copyright>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2008</year>
      <year>2009</year>
      <year>2010</year>
      <year>2011</year>
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
  </docinfo>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>named.conf</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>DESCRIPTION</title>
    <para><filename>named.conf</filename> is the configuration file
      for
      <command>named</command>.  Statements are enclosed
      in braces and terminated with a semi-colon.  Clauses in
      the statements are also semi-colon terminated.  The usual
      comment styles are supported:
    </para>
    <para>
      C style: /* */
    </para>
    <para>
      C++ style: // to end of line
    </para>
    <para>
      Unix style: # to end of line
    </para>
  </refsect1>

  <refsect1>
    <title>ACL</title>
    <literallayout>
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };

</literallayout>
  </refsect1>

  <refsect1>
    <title>KEY</title>
    <literallayout>
key <replaceable>domain_name</replaceable> {
	algorithm <replaceable>string</replaceable>;
	secret <replaceable>string</replaceable>;
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>MASTERS</title>
    <literallayout>
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
	( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
	<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>SERVER</title>
    <literallayout>
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
	bogus <replaceable>boolean</replaceable>;
	edns <replaceable>boolean</replaceable>;
	edns-udp-size <replaceable>integer</replaceable>;
	max-udp-size <replaceable>integer</replaceable>;
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	keys <replaceable>server_key</replaceable>;
	transfers <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	support-ixfr <replaceable>boolean</replaceable>; // obsolete
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>TRUSTED-KEYS</title>
    <literallayout>
trusted-keys {
	<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>MANAGED-KEYS</title>
    <literallayout>
managed-keys {
	<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>CONTROLS</title>
    <literallayout>
controls {
	inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
		allow { <replaceable>address_match_element</replaceable>; ... }
		<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
	unix <replaceable>unsupported</replaceable>; // not implemented
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>LOGGING</title>
    <literallayout>
logging {
	channel <replaceable>string</replaceable> {
		file <replaceable>log_file</replaceable>;
		syslog <replaceable>optional_facility</replaceable>;
		null;
		stderr;
		severity <replaceable>log_severity</replaceable>;
		print-time <replaceable>boolean</replaceable>;
		print-severity <replaceable>boolean</replaceable>;
		print-category <replaceable>boolean</replaceable>;
	};
	category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>LWRES</title>
    <literallayout>
lwres {
	listen-on <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};
	view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
	search { <replaceable>string</replaceable>; ... };
	ndots <replaceable>integer</replaceable>;
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>OPTIONS</title>
    <literallayout>
options {
	avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
	avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
	blackhole { <replaceable>address_match_element</replaceable>; ... };
	coresize <replaceable>size</replaceable>;
	datasize <replaceable>size</replaceable>;
	directory <replaceable>quoted_string</replaceable>;
	dump-file <replaceable>quoted_string</replaceable>;
	files <replaceable>size</replaceable>;
	heartbeat-interval <replaceable>integer</replaceable>;
	host-statistics <replaceable>boolean</replaceable>; // not implemented
	host-statistics-max <replaceable>number</replaceable>; // not implemented
	hostname ( <replaceable>quoted_string</replaceable> | none );
	interface-interval <replaceable>integer</replaceable>;
	listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
	listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
	match-mapped-addresses <replaceable>boolean</replaceable>;
	memstatistics-file <replaceable>quoted_string</replaceable>;
	pid-file ( <replaceable>quoted_string</replaceable> | none );
	port <replaceable>integer</replaceable>;
	querylog <replaceable>boolean</replaceable>;
	recursing-file <replaceable>quoted_string</replaceable>;
	reserved-sockets <replaceable>integer</replaceable>;
	random-device <replaceable>quoted_string</replaceable>;
	recursive-clients <replaceable>integer</replaceable>;
	serial-query-rate <replaceable>integer</replaceable>;
	server-id ( <replaceable>quoted_string</replaceable> | none |;
	stacksize <replaceable>size</replaceable>;
	statistics-file <replaceable>quoted_string</replaceable>;
	statistics-interval <replaceable>integer</replaceable>; // not yet implemented
	tcp-clients <replaceable>integer</replaceable>;
	tcp-listen-queue <replaceable>integer</replaceable>;
	tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
	tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
	tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
	tkey-domain <replaceable>quoted_string</replaceable>;
	transfers-per-ns <replaceable>integer</replaceable>;
	transfers-in <replaceable>integer</replaceable>;
	transfers-out <replaceable>integer</replaceable>;
	use-ixfr <replaceable>boolean</replaceable>;
	version ( <replaceable>quoted_string</replaceable> | none );
	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
	allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
	sortlist { <replaceable>address_match_element</replaceable>; ... };
	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
	minimal-responses <replaceable>boolean</replaceable>;
	recursion <replaceable>boolean</replaceable>;
	rrset-order {
		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
	};
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
	additional-from-auth <replaceable>boolean</replaceable>;
	additional-from-cache <replaceable>boolean</replaceable>;
	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-queryport-pool <replaceable>boolean</replaceable>;
	queryport-pool-ports <replaceable>integer</replaceable>;
	queryport-pool-updateinterval <replaceable>integer</replaceable>;
	cleaning-interval <replaceable>integer</replaceable>;
	resolver-query-timeout <replaceable>integer</replaceable>;
	min-roots <replaceable>integer</replaceable>; // not implemented
	lame-ttl <replaceable>integer</replaceable>;
	max-ncache-ttl <replaceable>integer</replaceable>;
	max-cache-ttl <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
	max-cache-size <replaceable>size</replaceable>;
	max-acache-size <replaceable>size</replaceable>;
	clients-per-query <replaceable>number</replaceable>;
	max-clients-per-query <replaceable>number</replaceable>;
	check-names ( master | slave | response )
		( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	cache-file <replaceable>quoted_string</replaceable>; // test option
	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
	preferred-glue <replaceable>string</replaceable>;
	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
	};
	edns-udp-size <replaceable>integer</replaceable>;
	max-udp-size <replaceable>integer</replaceable>;
	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
	dnssec-enable <replaceable>boolean</replaceable>;
	dnssec-validation <replaceable>boolean</replaceable>;
	dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
	dnssec-accept-expired <replaceable>boolean</replaceable>;

	dns64-server <replaceable>string</replaceable>;
	dns64-contact <replaceable>string</replaceable>;
	dns64 <replaceable>prefix</replaceable> {
		clients { <replacable>acl</replacable>; };
		exclude { <replacable>acl</replacable>; };
		mapped { <replacable>acl</replacable>; };
		break-dnssec <replaceable>boolean</replaceable>;
		recursive-only <replaceable>boolean</replaceable>;
		suffix <replaceable>ipv6_address</replaceable>;
	};

	empty-server <replaceable>string</replaceable>;
	empty-contact <replaceable>string</replaceable>;
	empty-zones-enable <replaceable>boolean</replaceable>;
	disable-empty-zone <replaceable>string</replaceable>;

	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;

	allow-query { <replaceable>address_match_element</replaceable>; ... };
	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
	allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
	allow-update { <replaceable>address_match_element</replaceable>; ... };
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
	update-check-ksk <replaceable>boolean</replaceable>;
	dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;

	masterfile-format ( text | raw );
	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-delay <replaceable>seconds</replaceable>;
	notify-to-soa <replaceable>boolean</replaceable>;
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
		<optional> port <replaceable>integer</replaceable> </optional>; ... };
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};

	max-journal-size <replaceable>size_no_default</replaceable>;
	max-transfer-time-in <replaceable>integer</replaceable>;
	max-transfer-time-out <replaceable>integer</replaceable>;
	max-transfer-idle-in <replaceable>integer</replaceable>;
	max-transfer-idle-out <replaceable>integer</replaceable>;
	max-retry-time <replaceable>integer</replaceable>;
	min-retry-time <replaceable>integer</replaceable>;
	max-refresh-time <replaceable>integer</replaceable>;
	min-refresh-time <replaceable>integer</replaceable>;
	multi-master <replaceable>boolean</replaceable>;

	sig-validity-interval <replaceable>integer</replaceable>;
	sig-re-signing-interval <replaceable>integer</replaceable>;
	sig-signing-nodes <replaceable>integer</replaceable>;
	sig-signing-signatures <replaceable>integer</replaceable>;
	sig-signing-type <replaceable>integer</replaceable>;

	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-alt-transfer-source <replaceable>boolean</replaceable>;

	zone-statistics <replaceable>boolean</replaceable>;
	key-directory <replaceable>quoted_string</replaceable>;
	managed-keys-directory <replaceable>quoted_string</replaceable>;
	auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>;
	try-tcp-refresh <replaceable>boolean</replaceable>;
	zero-no-soa-ttl <replaceable>boolean</replaceable>;
	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
	dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
	deny-answer-addresses {
		<replaceable>address_match_list</replaceable>
	} <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
	deny-answer-aliases {
		<replaceable>namelist</replaceable>
	} <optional> except-from { <replaceable>namelist</replaceable> } </optional>;

	nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only

	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
	deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
	fake-iquery <replaceable>boolean</replaceable>; // obsolete
	fetch-glue <replaceable>boolean</replaceable>; // obsolete
	has-old-clients <replaceable>boolean</replaceable>; // obsolete
	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
	multiple-cnames <replaceable>boolean</replaceable>; // obsolete
	named-xfer <replaceable>quoted_string</replaceable>; // obsolete
	serial-queries <replaceable>integer</replaceable>; // obsolete
	treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
	use-id-pool <replaceable>boolean</replaceable>; // obsolete
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>VIEW</title>
    <literallayout>
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
	match-clients { <replaceable>address_match_element</replaceable>; ... };
	match-destinations { <replaceable>address_match_element</replaceable>; ... };
	match-recursive-only <replaceable>boolean</replaceable>;

	key <replaceable>string</replaceable> {
		algorithm <replaceable>string</replaceable>;
		secret <replaceable>string</replaceable>;
	};

	zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
		...
	};

	server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
		...
	};

	trusted-keys {
		<replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
		<optional>...</optional>
	};

	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
	allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
	sortlist { <replaceable>address_match_element</replaceable>; ... };
	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
	minimal-responses <replaceable>boolean</replaceable>;
	recursion <replaceable>boolean</replaceable>;
	rrset-order {
		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
	};
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
	additional-from-auth <replaceable>boolean</replaceable>;
	additional-from-cache <replaceable>boolean</replaceable>;
	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-queryport-pool <replaceable>boolean</replaceable>;
	queryport-pool-ports <replaceable>integer</replaceable>;
	queryport-pool-updateinterval <replaceable>integer</replaceable>;
	cleaning-interval <replaceable>integer</replaceable>;
	resolver-query-timeout <replaceable>integer</replaceable>;
	min-roots <replaceable>integer</replaceable>; // not implemented
	lame-ttl <replaceable>integer</replaceable>;
	max-ncache-ttl <replaceable>integer</replaceable>;
	max-cache-ttl <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
	max-cache-size <replaceable>size</replaceable>;
	max-acache-size <replaceable>size</replaceable>;
	clients-per-query <replaceable>number</replaceable>;
	max-clients-per-query <replaceable>number</replaceable>;
	check-names ( master | slave | response )
		( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	cache-file <replaceable>quoted_string</replaceable>; // test option
	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
	preferred-glue <replaceable>string</replaceable>;
	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
	};
	edns-udp-size <replaceable>integer</replaceable>;
	max-udp-size <replaceable>integer</replaceable>;
	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
	dnssec-enable <replaceable>boolean</replaceable>;
	dnssec-validation <replaceable>boolean</replaceable>;
	dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
	dnssec-accept-expired <replaceable>boolean</replaceable>;

	dns64-server <replaceable>string</replaceable>;
	dns64-contact <replaceable>string</replaceable>;
	dns64 <replaceable>prefix</replaceable> {
		clients { <replacable>acl</replacable>; };
		exclude { <replacable>acl</replacable>; };
		mapped { <replacable>acl</replacable>; };
		break-dnssec <replaceable>boolean</replaceable>;
		recursive-only <replaceable>boolean</replaceable>;
		suffix <replaceable>ipv6_address</replaceable>;
	};

	empty-server <replaceable>string</replaceable>;
	empty-contact <replaceable>string</replaceable>;
	empty-zones-enable <replaceable>boolean</replaceable>;
	disable-empty-zone <replaceable>string</replaceable>;

	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;

	allow-query { <replaceable>address_match_element</replaceable>; ... };
	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
	allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
	allow-update { <replaceable>address_match_element</replaceable>; ... };
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
	update-check-ksk <replaceable>boolean</replaceable>;
	dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;

	masterfile-format ( text | raw );
	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-delay <replaceable>seconds</replaceable>;
	notify-to-soa <replaceable>boolean</replaceable>;
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
		<optional> port <replaceable>integer</replaceable> </optional>; ... };
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};

	max-journal-size <replaceable>size_no_default</replaceable>;
	max-transfer-time-in <replaceable>integer</replaceable>;
	max-transfer-time-out <replaceable>integer</replaceable>;
	max-transfer-idle-in <replaceable>integer</replaceable>;
	max-transfer-idle-out <replaceable>integer</replaceable>;
	max-retry-time <replaceable>integer</replaceable>;
	min-retry-time <replaceable>integer</replaceable>;
	max-refresh-time <replaceable>integer</replaceable>;
	min-refresh-time <replaceable>integer</replaceable>;
	multi-master <replaceable>boolean</replaceable>;
	sig-validity-interval <replaceable>integer</replaceable>;

	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-alt-transfer-source <replaceable>boolean</replaceable>;

	zone-statistics <replaceable>boolean</replaceable>;
	try-tcp-refresh <replaceable>boolean</replaceable>;
	key-directory <replaceable>quoted_string</replaceable>;
	zero-no-soa-ttl <replaceable>boolean</replaceable>;
	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
	dnssec-secure-to-insecure <replaceable>boolean</replaceable>;

	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
	fetch-glue <replaceable>boolean</replaceable>; // obsolete
	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>ZONE</title>
    <literallayout>
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
	type ( master | slave | stub | hint |
		forward | delegation-only );
	file <replaceable>quoted_string</replaceable>;

	masters <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>masters</replaceable> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
	};

	database <replaceable>string</replaceable>;
	delegation-only <replaceable>boolean</replaceable>;
	check-names ( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>boolean</replaceable>;
	journal <replaceable>quoted_string</replaceable>;
	zero-no-soa-ttl <replaceable>boolean</replaceable>;
	dnssec-secure-to-insecure <replaceable>boolean</replaceable>;

	allow-query { <replaceable>address_match_element</replaceable>; ... };
	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
	allow-update { <replaceable>address_match_element</replaceable>; ... };
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
	update-policy <replaceable>local</replaceable> | <replaceable> {
		( grant | deny ) <replaceable>string</replaceable>
		( name | subdomain | wildcard | self | selfsub | selfwild |
                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |
		  tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
		<replaceable>rrtypelist</replaceable>;
		<optional>...</optional>
	}</replaceable>;
	update-check-ksk <replaceable>boolean</replaceable>;
	dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;

	masterfile-format ( text | raw );
	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-delay <replaceable>seconds</replaceable>;
	notify-to-soa <replaceable>boolean</replaceable>;
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
		<optional> port <replaceable>integer</replaceable> </optional>; ... };
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};

	max-journal-size <replaceable>size_no_default</replaceable>;
	max-transfer-time-in <replaceable>integer</replaceable>;
	max-transfer-time-out <replaceable>integer</replaceable>;
	max-transfer-idle-in <replaceable>integer</replaceable>;
	max-transfer-idle-out <replaceable>integer</replaceable>;
	max-retry-time <replaceable>integer</replaceable>;
	min-retry-time <replaceable>integer</replaceable>;
	max-refresh-time <replaceable>integer</replaceable>;
	min-refresh-time <replaceable>integer</replaceable>;
	multi-master <replaceable>boolean</replaceable>;
	sig-validity-interval <replaceable>integer</replaceable>;

	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	use-alt-transfer-source <replaceable>boolean</replaceable>;

	zone-statistics <replaceable>boolean</replaceable>;
	try-tcp-refresh <replaceable>boolean</replaceable>;
	key-directory <replaceable>quoted_string</replaceable>;

	nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only

	ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
	ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
	pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>FILES</title>
    <para><filename>/etc/named.conf</filename>
    </para>
  </refsect1>

  <refsect1>
    <title>SEE ALSO</title>
    <para><citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
  </refsect1>

</refentry><!--
 - Local variables:
 - mode: sgml
 - End:
-->

Man Man