Close of build 81.1.
'\" te
.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
.\" Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" Portions Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
.TH named.conf 4 "28 Nov 2009" "SunOS 5.12" "File Formats"
.SH NAME
named.conf \- configuration file for named
.SH SYNOPSIS
.LP
.nf
named.conf
.fi
.SH DESCRIPTION
.sp
.LP
\fBnamed.conf\fR is the configuration file for \fBnamed\fR(1M). Statements are enclosed in braces and terminated with a semicolon. Clauses in the statements are also terminated with a semicolon. The usual comment styles are supported:
.sp
.ne 2
.mk
.na
\fBC style\fR
.ad
.RS 14n
.rt
/* */
.RE
.sp
.ne 2
.mk
.na
\fBC++ style\fR
.ad
.RS 14n
.rt
// to end of line
.RE
.sp
.ne 2
.mk
.na
\fBUnix style\fR
.ad
.RS 14n
.rt
# to end of line
.RE
.SS "ACL"
.sp
.in +2
.nf
acl \fIstring\fR { \fIaddress_match_element\fR; ... };
.fi
.in -2
.SS "Key"
.sp
.in +2
.nf
key \fIdomain_name\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
.fi
.in -2
.SS "Masters"
.sp
.in +2
.nf
masters \fIstring\fR [ port \fIinteger\fR ] {
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
};
.fi
.in -2
.SS "Server"
.sp
.in +2
.nf
server ( \fIipv4_address\fR[/\fIprefixlen\fR] | \fIipv6_address\fR[/\fIprefixlen\fR] ) {
bogus \fIboolean\fR;
edns \fIboolean\fR;
edns-udp-size \fIinteger\fR;
max-udp-size \fIinteger\fR;
provide-ixfr \fIboolean\fR;
request-ixfr \fIboolean\fR;
keys \fIserver_key\fR;
transfers \fIinteger\fR;
transfer-format ( many-answers | one-answer );
transfer-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
transfer-source-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
support-ixfr \fIboolean\fR; // obsolete
}.
.fi
.in -2
.SS "Trusted-Keys"
.sp
.in +2
.nf
trusted-keys {
\fIdomain_name flags protocol algorithm key\fR; ...
};
.fi
.in -2
.SS "Controls"
.sp
.in +2
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ]
allow { \fIaddress_match_element\fR; ... }
[ keys { \fIstring\fR; ... } ];
unix \fIunsupported\fR; // not implemented
}
.fi
.in -2
.SS "Logging"
.sp
.in +2
.nf
logging {
channel string {
file \fIlog_file\fR;
syslog \fIoptional_facility\fR;
null;
stderr;
severity \fIlog_severity\fR;
print-time \fIboolean\fR;
print-severity \fIboolean\fR;
print-category \fIboolean\fR;
};
category \fIstring\fR { \fIstring\fR; ... };
};
.fi
.in -2
.SS "LWRES"
.sp
.in +2
.nf
lwres {
listen-on [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
view \fI\fR
\fIstring optional_class\fR;
search { \fIstring\fR; ... };
ndots \fIinteger\fR;
};
.fi
.in -2
.SS "Options"
.sp
.in +2
.nf
options {
avoid-v4-udp-ports { \fIport\fR; ... };
avoid-v6-udp-ports { \fIport\fR; ... };
blackhole { \fIaddress_match_element\fR; ... };
coresize \fIsize\fR;
datasize \fIsize\fR;
directory \fIquoted_string\fR;
dump-file \fIquoted_string\fR;
files \fIsize\fR;
heartbeat-interval \fIinteger\fR;
host-statistics \fIboolean\fR; // not implemented
host-statistics-max \fInumber\fR; // not implemented
hostname ( \fIquoted_string\fR | none );
interface-interval \fIinteger\fR;
listen-on [ port \fIinteger\fR ] \e
{ \fIaddress_match_element\fR; ... };
listen-on-v6 [ port \fIinteger\fR ] \e
{ \fIaddress_match_element\fR; ... };
match-mapped-addresses \fIboolean\fR;
memstatistics-file \fIquoted_string\fR;
pid-file ( \fIquoted_string\fR | none );
port \fIinteger\fR;
querylog \fIboolean\fR;
recursing-file \fIquoted_string\fR;
reserved-sockets \fIinteger\fR;
random-device \fIquoted_string\fR;
recursive-clients \fIinteger\fR;
serial-query-rate \fIinteger\fR;
server-id ( \fIquoted_string\fR | none |;
stacksize \fIsize\fR;
statistics-file \fIquoted_string\fR;
statistics-interval \fIinteger\fR; \e
// not yet implemented
tcp-clients \fIinteger\fR;
tcp-listen-queue \fIinteger\fR;
tkey-dhkey \fIquoted_string integer\fR;
tkey-gssapi-credential \fIquoted_string\fR;
tkey-domain \fIquoted_string\fR;
transfers-per-ns \fIinteger\fR;
transfers-in \fIinteger\fR;
transfers-out \fIinteger\fR;
use-ixfr \fIboolean\fR;
version ( \fIquoted_string\fR | none );
allow-recursion { \fIaddress_match_element\fR; ... };
allow-recursion-on { \fIaddress_match_element\fR; ... };
sortlist { \fIaddress_match_element\fR; ... };
topology { \fIaddress_match_element\fR; ... }; \e
// not implemented
auth-nxdomain \fIboolean\fR; // default changed
minimal-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
[ name \fIquoted_string\fR ] \fIstring string\fR; ...
};
provide-ixfr \fIboolean\fR;
request-ixfr \fIboolean\fR;
rfc2308-type1 \fIboolean\fR; // not yet implemented
additional-from-auth \fIboolean\fR;
additional-from-cache \fIboolean\fR;
query-source ( ( \fIipv4_address\fR | * ) | \e
[ address ( \fIipv4_address\fR | * ) ] ) \e
[ port ( \fIinteger\fR | * ) ];
query-source-v6 ( ( \fIipv6_address\fR | * ) | \e
[ address ( \fIipv6_address\fR | * ) ] ) \e
[ port ( \fIinteger\fR | * ) ];
use-queryport-pool \fIboolean\fR;
queryport-pool-ports \fIinteger\fR;
queryport-pool-updateinterval \fIinteger\fR;
cleaning-interval \fIinteger\fR;
min-roots \fIinteger\fR; // not implemented
lame-ttl \fIinteger\fR;
max-ncache-ttl \fIinteger\fR;
max-cache-ttl \fIinteger\fR;
transfer-format ( many-answers | one-answer );
max-cache-size \fIsize\fR;
max-acache-size \fIsize\fR;
clients-per-query \fInumber\fR;
max-clients-per-query \fInumber\fR;
check-names ( master | slave | response )\e
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity \fIboolean\fR;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file \fIquoted_string\fR; // test option
suppress-initial-notify \fIboolean\fR; \e
// not yet implemented
preferred-glue \fIstring\fR;
dual-stack-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
ipv4_address [port \fIinteger\fR] |
ipv6_address [port \fIinteger\fR] ); ...
};
edns-udp-size \fIinteger\fR;
max-udp-size \fIinteger\fR;
root-delegation-only [ exclude
{ \fIquoted_string\fR; ... } ];
disable-algorithms \fIstring\fR { \fIstring\fR; ... };
dnssec-enable \fIboolean\fR;
dnssec-validation \fIboolean\fR;
dnssec-lookaside string trust-anchor \fIstring\fR;
dnssec-must-be-secure \fIstring boolean\fR;
dnssec-accept-expired \fIboolean\fR;
empty-server \fIstring\fR;
empty-contact \fIstring\fR;
empty-zones-enable \fIboolean\fR;
disable-empty-zone \fIstring\fR;
dialup \fIdialuptype\fR;
ixfr-from-differences ixfrdiff;
allow-query { \fIaddress_match_element\fR; \e
... };
allow-query-on { \fIaddress_match_element\fR; \e
... };
allow-query-cache { \fIaddress_match_element\fR; \e
... };
allow-query-cache-on { \fIaddress_match_element\fR; \e
... };
allow-transfer { \fIaddress_match_element\fR; \e
... };
allow-update { \fIaddress_match_element\fR; \e
... };
allow-update-forwarding { \fIaddress_match_element\fR; \e
... };
update-check-ksk \fIboolean\fR;
masterfile-format ( text | raw );
notify \fInotifytype\fR;
notify-source ( \fIipv4_address\fR | * ) \e
[ port ( \fIinteger\fR | * ) ];
notify-source-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
notify-delay \fIseconds\fR;
notify-to-soa \fIboolean\fR;
also-notify [ port \fIinteger\fR ] \e
{ ( \fIipv4_address\fR | \fIipv6_address\fR \e)
[port integer ]; ... };
allow-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
max-journal-size \fIsize_no_default\fR;
max-transfer-time-in \fIinteger\fR;
max-transfer-time-out \fIinteger\fR;
max-transfer-idle-in \fIinteger\fR;
max-transfer-idle-out \fIinteger\fR;
max-retry-time \fIinteger\fR;
min-retry-time \fIinteger\fR;
max-refresh-time \fIinteger\fR;
min-refresh-time \fIinteger\fR;
multi-master \fIboolean\fR;
sig-validity-interval \fIinteger\fR;
sig-re-signing-interval \fIinteger\fR;
sig-signing-nodes \fIinteger\fR;
sig-signing-signatures \fIinteger\fR;
sig-signing-type \fIinteger\fR;
transfer-source ( \fIipv4_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
transfer-source-v6 ( \fIipv6_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
alt-transfer-source ( \fIipv4_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
alt-transfer-source-v6 ( \fIipv6_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
use-alt-transfer-source \fIboolean\fR;
zone-statistics \fIboolean\fR;
key-directory \fIquoted_string\fR;
try-tcp-refresh \fIboolean\fR;
zero-no-soa-ttl \fIboolean\fR;
zero-no-soa-ttl-cache \fIboolean\fR;
nsec3-test-zone \fIboolean\fR; // testing only
allow-v6-synthesis { \fIaddress_match_element\fR; ... }; \e
// obsolete
deallocate-on-exit \fIboolean\fR; // obsolete
fake-iquery \fIboolean\fR; // obsolete
fetch-glue \fIboolean\fR; // obsolete
has-old-clients \fIboolean\fR; // obsolete
maintain-ixfr-base \fIboolean\fR; // obsolete
max-ixfr-log-size \fIsize\fR; // obsolete
multiple-cnames \fIboolean\fR; // obsolete
named-xfer \fIquoted_string\fR; // obsolete
serial-queries \fIinteger\fR; // obsolete
treat-cr-as-space \fIboolean\fR; // obsolete
use-id-pool \fIboolean\fR; // obsolete
};
.fi
.in -2
.SS "View"
.sp
.in +2
.nf
view \fIstring optional_class\fR {
match-clients { \fIaddress_match_element\fR; ... };
match-destinations { \fIaddress_match_element\fR; ... };
match-recursive-only \fIboolean\fR;
key \fIstring\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
zone \fIstring optional_class\fR {
...
};
server ( \fIipv4_address\fR[/\fIprefixlen\fR] | \fIipv6_address\fR[/\fIprefixlen\fR]) {
...
};
trusted-keys {
\fIstring integer integer integer quoted_string\fR; ...
};
allow-recursion { \fIaddress_match_element\fR; ... };
allow-recursion-on { \fIaddress_match_element\fR; ... };
sortlist { \fIaddress_match_element\fR; ... };
topology { \fIaddress_match_element\fR; ... }; // not implemented
auth-nxdomain \fIboolean\fR; // default changed
minimal-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
[ name \fIquoted_string\fR ] string \fIstring\fR; ...
};
provide-ixfr \fIboolean\fR;
request-ixfr \fIboolean\fR;
rfc2308-type1 \fIboolean\fR; // not yet implemented
additional-from-auth \fIboolean\fR;
additional-from-cache \fIboolean\fR;
query-source ( ( \fIipv4_address\fR | * ) | [ address \e
( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
query-source-v6 ( ( \fIipv6_address\fR | * ) | [ address \e
( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
use-queryport-pool \fIboolean\fR;
queryport-pool-ports \fIinteger\fR;
queryport-pool-updateinterval \fIinteger\fR;
cleaning-interval \fIinteger\fR;
min-roots \fIinteger\fR; // not implemented
lame-ttl \fIinteger\fR;
max-ncache-ttl \fIinteger\fR;
max-cache-ttl \fIinteger\fR;
transfer-format ( many-answers | one-answer );
max-cache-size \fIsize\fR;
max-acache-size \fIsize\fR;
clients-per-query \fInumber\fR;
max-clients-per-query \fInumber\fR;
check-names ( master | slave | response )\e
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity \fIboolean\fR;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file \fIquoted_string\fR; // test option
suppress-initial-notify \fIboolean\fR; // not yet implemented
preferred-glue \fIstring\fR;
dual-stack-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [port \fIinteger\fR] ); ...
};
edns-udp-size \fIinteger\fR;
max-udp-size \fIinteger\fR;
root-delegation-only [ exclude { quoted_string; ... } ];
disable-algorithms \fIstring\fR { \fIstring\fR; ... };
dnssec-enable \fIboolean\fR;
dnssec-validation \fIboolean\fR;
dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
dnssec-must-be-secure \fIstring boolean\fR;
dnssec-accept-expired \fIboolean\fR;
empty-server \fIstring\fR;
empty-contact \fIstring\fR;
empty-zones-enable \fIboolean\fR;
disable-empty-zone \fIstring\fR;
dialup \fIdialuptype\fR;
ixfr-from-differences \fIixfrdiff\fR;
allow-query { \fIaddress_match_element\fR; ... };
allow-query-on { \fIaddress_match_element\fR; ... };
allow-query-cache { \fI\fR
\fIaddress_match_element\fR; ... };
allow-query-cache-on { address_match_element; ... };
allow-transfer { \fIaddress_match_element\fR; ... };
allow-update { \fIaddress_match_element\fR; ... };
allow-update-forwarding { \fIaddress_match_element\fR; ... };
update-check-ksk \fIboolean\fR;
masterfile-format ( text | raw );
notify notifytype;
notify-source ( \fIipv4_address\fR | * ) \e
[ port ( \fIinteger\fR | * ) ];
notify-source-v6 ( \fIipv6_address\fR | * ) \e
[ port ( \fIinteger\fR | * ) ];
notify-delay \fIseconds\fR;
notify-to-soa \fIboolean\fR;
also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \e
\fIipv6_address\fR ) [ port \fIinteger\fR ]; ... };
allow-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] \e{
( \fIipv4_address\fR | \fIipv6_address\fR ) \e
[ port \fIinteger\fR ]; ...
};
max-journal-size \fIsize_no_default\fR;
max-transfer-time-in \fIinteger\fR;
max-transfer-time-out \fIinteger\fR;
max-transfer-idle-in \fIinteger\fR;
max-transfer-idle-out \fIinteger\fR;
max-retry-time \fIinteger\fR;
min-retry-time \fIinteger\fR;
max-refresh-time \fIinteger\fR;
min-refresh-time \fIinteger\fR;
multi-master \fIboolean\fR;
sig-validity-interval \fIinteger\fR;
transfer-source ( \fIipv4_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
transfer-source-v6 ( \fIipv6_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
alt-transfer-source ( \fIipv4_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
alt-transfer-source-v6 ( \fIipv6_address\fR | * )\e
[ port ( \fIinteger\fR | * ) ];
use-alt-transfer-source \fIboolean\fR;
zone-statistics \fIboolean\fR;
try-tcp-refresh \fIboolean\fR;
key-directory \fIquoted_string\fR;
zero-no-soa-ttl \fIboolean\fR;
zero-no-soa-ttl-cache \fIboolean\fR;
allow-v6-synthesis { \fIaddress_match_element\fR; ... };\e
// obsolete
fetch-glue \fIboolean\fR; // obsolete
maintain-ixfr-base \fIboolean\fR; // obsolete
max-ixfr-log-size \fIsize\fR; // obsolete
};
.fi
.in -2
.SS "Zone"
.sp
.in +2
.nf
zone\fIstring optional_class\fR {
type ( master | slave | stub | hint |
forward | delegation-only );
file \fIquoted_string\fR;
masters [ port \fIinteger\fR ] \e{
( \fImasters\fR |
\fIipv4_address\fR [port \fIinteger\fR] |
\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
};
database \fIstring\fR;
delegation-only \fIboolean\fR;
check-names ( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity \fIboolean\fR;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
dialup \fIdialuptype\fR;
ixfr-from-differences \fIboolean\fR;
journal \fIquoted_string\fR;
zero-no-soa-ttl \fIboolean\fR;
allow-query { \fIaddress_match_element\fR; ... };
allow-query-on { \fIaddress_match_element\fR; ... };
allow-transfer { \fIaddress_match_element\fR; ... };
allow-update { \fIaddress_match_element\fR; ... };
allow-update-forwarding { \fIaddress_match_element\fR; ... };
update-policy {
( grant | deny ) \fIstring\fR
( name | subdomain | wildcard | self | selfsub |
selfwild |krb5-self | ms-self | krb5-subdomain |
ms-subdomain | tcp-self | 6to4-self ) \fIstring\fR
rrtypelist; ...
};
update-check-ksk \fIboolean\fR;
masterfile-format ( text | raw );
notify \fInotifytype\fR;
notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify-delay \fIseconds\fR;
notify-to-soa \fIboolean\fR;
also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | ipv6_address )
[ port integer ]; ... };
allow-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
};
max-journal-size \fIsize_no_default\fR;
max-transfer-time-in \fIinteger\fR;
max-transfer-time-out \fIinteger\fR;
max-transfer-idle-in \fIinteger\fR;
max-transfer-idle-out \fIinteger\fR;
max-retry-time \fIinteger\fR;
min-retry-time \fIinteger\fR;
max-refresh-time \fIinteger\fR;
min-refresh-time \fIinteger\fR;
multi-master \fIboolean\fR;
sig-validity-interval \fIinteger\fR;
transfer-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
transfer-source-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt-transfer-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
alt-transfer-source-v6 ( \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ];
use-alt-transfer-source \fIboolean\fR;
zone-statistics \fIboolean\fR;
try-tcp-refresh \fIboolean\fR;
key-directory \fIquoted_string\fR;
nsec3-test-zone \fIboolean\fR; // testing only
ixfr-base \fIquoted_string\fR; // obsolete
ixfr-tmp-file \fIquoted_string\fR; // obsolete
maintain-ixfr-base \fIboolean\fR; // obsolete
max-ixfr-log-size \fIsize\fR; // obsolete
pubkey \fIinteger integer integer quoted_string\fR; // obsolete
};
.fi
.in -2
.SH SEE ALSO
.sp
.LP
\fBnamed\fR(1M), \fBnamed-checkconf\fR(1M), \fBrndc\fR(1M)
.sp
.LP
\fIBIND 9 Administrator Reference Manual\fR