Current Path : /usr/src/contrib/bind9/bin/named/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/src/contrib/bind9/bin/named/named.conf.docbook |
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> <!-- $Id: named.conf.docbook,v 1.49.14.2 2011/11/07 00:31:47 marka Exp $ --> <refentry> <refentryinfo> <date>Aug 13, 2004</date> </refentryinfo> <refmeta> <refentrytitle><filename>named.conf</filename></refentrytitle> <manvolnum>5</manvolnum> <refmiscinfo>BIND9</refmiscinfo> </refmeta> <refnamediv> <refname><filename>named.conf</filename></refname> <refpurpose>configuration file for named</refpurpose> </refnamediv> <docinfo> <copyright> <year>2004</year> <year>2005</year> <year>2006</year> <year>2007</year> <year>2008</year> <year>2009</year> <year>2010</year> <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> <refsynopsisdiv> <cmdsynopsis> <command>named.conf</command> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> <para><filename>named.conf</filename> is the configuration file for <command>named</command>. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported: </para> <para> C style: /* */ </para> <para> C++ style: // to end of line </para> <para> Unix style: # to end of line </para> </refsect1> <refsect1> <title>ACL</title> <literallayout> acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... }; </literallayout> </refsect1> <refsect1> <title>KEY</title> <literallayout> key <replaceable>domain_name</replaceable> { algorithm <replaceable>string</replaceable>; secret <replaceable>string</replaceable>; }; </literallayout> </refsect1> <refsect1> <title>MASTERS</title> <literallayout> masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... }; </literallayout> </refsect1> <refsect1> <title>SERVER</title> <literallayout> server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { bogus <replaceable>boolean</replaceable>; edns <replaceable>boolean</replaceable>; edns-udp-size <replaceable>integer</replaceable>; max-udp-size <replaceable>integer</replaceable>; provide-ixfr <replaceable>boolean</replaceable>; request-ixfr <replaceable>boolean</replaceable>; keys <replaceable>server_key</replaceable>; transfers <replaceable>integer</replaceable>; transfer-format ( many-answers | one-answer ); transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; support-ixfr <replaceable>boolean</replaceable>; // obsolete }; </literallayout> </refsect1> <refsect1> <title>TRUSTED-KEYS</title> <literallayout> trusted-keys { <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... }; </literallayout> </refsect1> <refsect1> <title>MANAGED-KEYS</title> <literallayout> managed-keys { <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... }; </literallayout> </refsect1> <refsect1> <title>CONTROLS</title> <literallayout> controls { inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> allow { <replaceable>address_match_element</replaceable>; ... } <optional> keys { <replaceable>string</replaceable>; ... } </optional>; unix <replaceable>unsupported</replaceable>; // not implemented }; </literallayout> </refsect1> <refsect1> <title>LOGGING</title> <literallayout> logging { channel <replaceable>string</replaceable> { file <replaceable>log_file</replaceable>; syslog <replaceable>optional_facility</replaceable>; null; stderr; severity <replaceable>log_severity</replaceable>; print-time <replaceable>boolean</replaceable>; print-severity <replaceable>boolean</replaceable>; print-category <replaceable>boolean</replaceable>; }; category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; }; </literallayout> </refsect1> <refsect1> <title>LWRES</title> <literallayout> lwres { listen-on <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>; search { <replaceable>string</replaceable>; ... }; ndots <replaceable>integer</replaceable>; }; </literallayout> </refsect1> <refsect1> <title>OPTIONS</title> <literallayout> options { avoid-v4-udp-ports { <replaceable>port</replaceable>; ... }; avoid-v6-udp-ports { <replaceable>port</replaceable>; ... }; blackhole { <replaceable>address_match_element</replaceable>; ... }; coresize <replaceable>size</replaceable>; datasize <replaceable>size</replaceable>; directory <replaceable>quoted_string</replaceable>; dump-file <replaceable>quoted_string</replaceable>; files <replaceable>size</replaceable>; heartbeat-interval <replaceable>integer</replaceable>; host-statistics <replaceable>boolean</replaceable>; // not implemented host-statistics-max <replaceable>number</replaceable>; // not implemented hostname ( <replaceable>quoted_string</replaceable> | none ); interface-interval <replaceable>integer</replaceable>; listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... }; match-mapped-addresses <replaceable>boolean</replaceable>; memstatistics-file <replaceable>quoted_string</replaceable>; pid-file ( <replaceable>quoted_string</replaceable> | none ); port <replaceable>integer</replaceable>; querylog <replaceable>boolean</replaceable>; recursing-file <replaceable>quoted_string</replaceable>; reserved-sockets <replaceable>integer</replaceable>; random-device <replaceable>quoted_string</replaceable>; recursive-clients <replaceable>integer</replaceable>; serial-query-rate <replaceable>integer</replaceable>; server-id ( <replaceable>quoted_string</replaceable> | none |; stacksize <replaceable>size</replaceable>; statistics-file <replaceable>quoted_string</replaceable>; statistics-interval <replaceable>integer</replaceable>; // not yet implemented tcp-clients <replaceable>integer</replaceable>; tcp-listen-queue <replaceable>integer</replaceable>; tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>; tkey-gssapi-credential <replaceable>quoted_string</replaceable>; tkey-gssapi-keytab <replaceable>quoted_string</replaceable>; tkey-domain <replaceable>quoted_string</replaceable>; transfers-per-ns <replaceable>integer</replaceable>; transfers-in <replaceable>integer</replaceable>; transfers-out <replaceable>integer</replaceable>; use-ixfr <replaceable>boolean</replaceable>; version ( <replaceable>quoted_string</replaceable> | none ); allow-recursion { <replaceable>address_match_element</replaceable>; ... }; allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; sortlist { <replaceable>address_match_element</replaceable>; ... }; topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented auth-nxdomain <replaceable>boolean</replaceable>; // default changed minimal-responses <replaceable>boolean</replaceable>; recursion <replaceable>boolean</replaceable>; rrset-order { <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... }; provide-ixfr <replaceable>boolean</replaceable>; request-ixfr <replaceable>boolean</replaceable>; rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented additional-from-auth <replaceable>boolean</replaceable>; additional-from-cache <replaceable>boolean</replaceable>; query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; use-queryport-pool <replaceable>boolean</replaceable>; queryport-pool-ports <replaceable>integer</replaceable>; queryport-pool-updateinterval <replaceable>integer</replaceable>; cleaning-interval <replaceable>integer</replaceable>; resolver-query-timeout <replaceable>integer</replaceable>; min-roots <replaceable>integer</replaceable>; // not implemented lame-ttl <replaceable>integer</replaceable>; max-ncache-ttl <replaceable>integer</replaceable>; max-cache-ttl <replaceable>integer</replaceable>; transfer-format ( many-answers | one-answer ); max-cache-size <replaceable>size</replaceable>; max-acache-size <replaceable>size</replaceable>; clients-per-query <replaceable>number</replaceable>; max-clients-per-query <replaceable>number</replaceable>; check-names ( master | slave | response ) ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity <replaceable>boolean</replaceable>; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); cache-file <replaceable>quoted_string</replaceable>; // test option suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented preferred-glue <replaceable>string</replaceable>; dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... }; edns-udp-size <replaceable>integer</replaceable>; max-udp-size <replaceable>integer</replaceable>; root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; dns64-server <replaceable>string</replaceable>; dns64-contact <replaceable>string</replaceable>; dns64 <replaceable>prefix</replaceable> { clients { <replacable>acl</replacable>; }; exclude { <replacable>acl</replacable>; }; mapped { <replacable>acl</replacable>; }; break-dnssec <replaceable>boolean</replaceable>; recursive-only <replaceable>boolean</replaceable>; suffix <replaceable>ipv6_address</replaceable>; }; empty-server <replaceable>string</replaceable>; empty-contact <replaceable>string</replaceable>; empty-zones-enable <replaceable>boolean</replaceable>; disable-empty-zone <replaceable>string</replaceable>; dialup <replaceable>dialuptype</replaceable>; ixfr-from-differences <replaceable>ixfrdiff</replaceable>; allow-query { <replaceable>address_match_element</replaceable>; ... }; allow-query-on { <replaceable>address_match_element</replaceable>; ... }; allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; allow-transfer { <replaceable>address_match_element</replaceable>; ... }; allow-update { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; update-check-ksk <replaceable>boolean</replaceable>; dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; masterfile-format ( text | raw ); notify <replaceable>notifytype</replaceable>; notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; notify-delay <replaceable>seconds</replaceable>; notify-to-soa <replaceable>boolean</replaceable>; also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; allow-notify { <replaceable>address_match_element</replaceable>; ... }; forward ( first | only ); forwarders <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; max-journal-size <replaceable>size_no_default</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; max-transfer-time-out <replaceable>integer</replaceable>; max-transfer-idle-in <replaceable>integer</replaceable>; max-transfer-idle-out <replaceable>integer</replaceable>; max-retry-time <replaceable>integer</replaceable>; min-retry-time <replaceable>integer</replaceable>; max-refresh-time <replaceable>integer</replaceable>; min-refresh-time <replaceable>integer</replaceable>; multi-master <replaceable>boolean</replaceable>; sig-validity-interval <replaceable>integer</replaceable>; sig-re-signing-interval <replaceable>integer</replaceable>; sig-signing-nodes <replaceable>integer</replaceable>; sig-signing-signatures <replaceable>integer</replaceable>; sig-signing-type <replaceable>integer</replaceable>; transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; use-alt-transfer-source <replaceable>boolean</replaceable>; zone-statistics <replaceable>boolean</replaceable>; key-directory <replaceable>quoted_string</replaceable>; managed-keys-directory <replaceable>quoted_string</replaceable>; auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>; try-tcp-refresh <replaceable>boolean</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; dnssec-secure-to-insecure <replaceable>boolean</replaceable>; deny-answer-addresses { <replaceable>address_match_list</replaceable> } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; deny-answer-aliases { <replaceable>namelist</replaceable> } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; nsec3-test-zone <replaceable>boolean</replaceable>; // testing only allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete fake-iquery <replaceable>boolean</replaceable>; // obsolete fetch-glue <replaceable>boolean</replaceable>; // obsolete has-old-clients <replaceable>boolean</replaceable>; // obsolete maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete max-ixfr-log-size <replaceable>size</replaceable>; // obsolete multiple-cnames <replaceable>boolean</replaceable>; // obsolete named-xfer <replaceable>quoted_string</replaceable>; // obsolete serial-queries <replaceable>integer</replaceable>; // obsolete treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete use-id-pool <replaceable>boolean</replaceable>; // obsolete }; </literallayout> </refsect1> <refsect1> <title>VIEW</title> <literallayout> view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { match-clients { <replaceable>address_match_element</replaceable>; ... }; match-destinations { <replaceable>address_match_element</replaceable>; ... }; match-recursive-only <replaceable>boolean</replaceable>; key <replaceable>string</replaceable> { algorithm <replaceable>string</replaceable>; secret <replaceable>string</replaceable>; }; zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { ... }; server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { ... }; trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; <optional>...</optional> }; allow-recursion { <replaceable>address_match_element</replaceable>; ... }; allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; sortlist { <replaceable>address_match_element</replaceable>; ... }; topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented auth-nxdomain <replaceable>boolean</replaceable>; // default changed minimal-responses <replaceable>boolean</replaceable>; recursion <replaceable>boolean</replaceable>; rrset-order { <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... }; provide-ixfr <replaceable>boolean</replaceable>; request-ixfr <replaceable>boolean</replaceable>; rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented additional-from-auth <replaceable>boolean</replaceable>; additional-from-cache <replaceable>boolean</replaceable>; query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; use-queryport-pool <replaceable>boolean</replaceable>; queryport-pool-ports <replaceable>integer</replaceable>; queryport-pool-updateinterval <replaceable>integer</replaceable>; cleaning-interval <replaceable>integer</replaceable>; resolver-query-timeout <replaceable>integer</replaceable>; min-roots <replaceable>integer</replaceable>; // not implemented lame-ttl <replaceable>integer</replaceable>; max-ncache-ttl <replaceable>integer</replaceable>; max-cache-ttl <replaceable>integer</replaceable>; transfer-format ( many-answers | one-answer ); max-cache-size <replaceable>size</replaceable>; max-acache-size <replaceable>size</replaceable>; clients-per-query <replaceable>number</replaceable>; max-clients-per-query <replaceable>number</replaceable>; check-names ( master | slave | response ) ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity <replaceable>boolean</replaceable>; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); cache-file <replaceable>quoted_string</replaceable>; // test option suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented preferred-glue <replaceable>string</replaceable>; dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ... }; edns-udp-size <replaceable>integer</replaceable>; max-udp-size <replaceable>integer</replaceable>; root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>; disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; dns64-server <replaceable>string</replaceable>; dns64-contact <replaceable>string</replaceable>; dns64 <replaceable>prefix</replaceable> { clients { <replacable>acl</replacable>; }; exclude { <replacable>acl</replacable>; }; mapped { <replacable>acl</replacable>; }; break-dnssec <replaceable>boolean</replaceable>; recursive-only <replaceable>boolean</replaceable>; suffix <replaceable>ipv6_address</replaceable>; }; empty-server <replaceable>string</replaceable>; empty-contact <replaceable>string</replaceable>; empty-zones-enable <replaceable>boolean</replaceable>; disable-empty-zone <replaceable>string</replaceable>; dialup <replaceable>dialuptype</replaceable>; ixfr-from-differences <replaceable>ixfrdiff</replaceable>; allow-query { <replaceable>address_match_element</replaceable>; ... }; allow-query-on { <replaceable>address_match_element</replaceable>; ... }; allow-query-cache { <replaceable>address_match_element</replaceable>; ... }; allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... }; allow-transfer { <replaceable>address_match_element</replaceable>; ... }; allow-update { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; update-check-ksk <replaceable>boolean</replaceable>; dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; masterfile-format ( text | raw ); notify <replaceable>notifytype</replaceable>; notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; notify-delay <replaceable>seconds</replaceable>; notify-to-soa <replaceable>boolean</replaceable>; also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; allow-notify { <replaceable>address_match_element</replaceable>; ... }; forward ( first | only ); forwarders <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; max-journal-size <replaceable>size_no_default</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; max-transfer-time-out <replaceable>integer</replaceable>; max-transfer-idle-in <replaceable>integer</replaceable>; max-transfer-idle-out <replaceable>integer</replaceable>; max-retry-time <replaceable>integer</replaceable>; min-retry-time <replaceable>integer</replaceable>; max-refresh-time <replaceable>integer</replaceable>; min-refresh-time <replaceable>integer</replaceable>; multi-master <replaceable>boolean</replaceable>; sig-validity-interval <replaceable>integer</replaceable>; transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; use-alt-transfer-source <replaceable>boolean</replaceable>; zone-statistics <replaceable>boolean</replaceable>; try-tcp-refresh <replaceable>boolean</replaceable>; key-directory <replaceable>quoted_string</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; dnssec-secure-to-insecure <replaceable>boolean</replaceable>; allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete fetch-glue <replaceable>boolean</replaceable>; // obsolete maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete max-ixfr-log-size <replaceable>size</replaceable>; // obsolete }; </literallayout> </refsect1> <refsect1> <title>ZONE</title> <literallayout> zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { type ( master | slave | stub | hint | forward | delegation-only ); file <replaceable>quoted_string</replaceable>; masters <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... }; database <replaceable>string</replaceable>; delegation-only <replaceable>boolean</replaceable>; check-names ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity <replaceable>boolean</replaceable>; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); dialup <replaceable>dialuptype</replaceable>; ixfr-from-differences <replaceable>boolean</replaceable>; journal <replaceable>quoted_string</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; dnssec-secure-to-insecure <replaceable>boolean</replaceable>; allow-query { <replaceable>address_match_element</replaceable>; ... }; allow-query-on { <replaceable>address_match_element</replaceable>; ... }; allow-transfer { <replaceable>address_match_element</replaceable>; ... }; allow-update { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; update-policy <replaceable>local</replaceable> | <replaceable> { ( grant | deny ) <replaceable>string</replaceable> ( name | subdomain | wildcard | self | selfsub | selfwild | krb5-self | ms-self | krb5-subdomain | ms-subdomain | tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable> <replaceable>rrtypelist</replaceable>; <optional>...</optional> }</replaceable>; update-check-ksk <replaceable>boolean</replaceable>; dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; masterfile-format ( text | raw ); notify <replaceable>notifytype</replaceable>; notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; notify-delay <replaceable>seconds</replaceable>; notify-to-soa <replaceable>boolean</replaceable>; also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; allow-notify { <replaceable>address_match_element</replaceable>; ... }; forward ( first | only ); forwarders <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... }; max-journal-size <replaceable>size_no_default</replaceable>; max-transfer-time-in <replaceable>integer</replaceable>; max-transfer-time-out <replaceable>integer</replaceable>; max-transfer-idle-in <replaceable>integer</replaceable>; max-transfer-idle-out <replaceable>integer</replaceable>; max-retry-time <replaceable>integer</replaceable>; min-retry-time <replaceable>integer</replaceable>; max-refresh-time <replaceable>integer</replaceable>; min-refresh-time <replaceable>integer</replaceable>; multi-master <replaceable>boolean</replaceable>; sig-validity-interval <replaceable>integer</replaceable>; transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>; use-alt-transfer-source <replaceable>boolean</replaceable>; zone-statistics <replaceable>boolean</replaceable>; try-tcp-refresh <replaceable>boolean</replaceable>; key-directory <replaceable>quoted_string</replaceable>; nsec3-test-zone <replaceable>boolean</replaceable>; // testing only ixfr-base <replaceable>quoted_string</replaceable>; // obsolete ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete max-ixfr-log-size <replaceable>size</replaceable>; // obsolete pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete }; </literallayout> </refsect1> <refsect1> <title>FILES</title> <para><filename>/etc/named.conf</filename> </para> </refsect1> <refsect1> <title>SEE ALSO</title> <para><citerefentry> <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> </refsect1> </refentry><!-- - Local variables: - mode: sgml - End: -->