576 lines
20 KiB
Groff
576 lines
20 KiB
Groff
.\" $NetBSD: named.conf.5,v 1.4 2009/12/26 23:08:21 christos Exp $
|
|
.\"
|
|
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
|
.\"
|
|
.\" Permission to use, copy, modify, and/or distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
.\" PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.\" Id: named.conf.5,v 1.41 2009/12/04 01:13:44 tbox Exp
|
|
.\"
|
|
.hy 0
|
|
.ad l
|
|
.\" Title: \fInamed.conf\fR
|
|
.\" Author:
|
|
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
|
.\" Date: Aug 13, 2004
|
|
.\" Manual: BIND9
|
|
.\" Source: BIND9
|
|
.\"
|
|
.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.SH "NAME"
|
|
named.conf \- configuration file for named
|
|
.SH "SYNOPSIS"
|
|
.HP 11
|
|
\fBnamed.conf\fR
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fInamed.conf\fR
|
|
is the configuration file for
|
|
\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
|
|
.PP
|
|
C style: /* */
|
|
.PP
|
|
C++ style: // to end of line
|
|
.PP
|
|
Unix style: # to end of line
|
|
.SH "ACL"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
acl \fIstring\fR { \fIaddress_match_element\fR; ... };
|
|
.fi
|
|
.RE
|
|
.SH "KEY"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
key \fIdomain_name\fR {
|
|
algorithm \fIstring\fR;
|
|
secret \fIstring\fR;
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "MASTERS"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
masters \fIstring\fR [ port \fIinteger\fR ] {
|
|
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
|
|
\fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "SERVER"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
|
|
bogus \fIboolean\fR;
|
|
edns \fIboolean\fR;
|
|
edns\-udp\-size \fIinteger\fR;
|
|
max\-udp\-size \fIinteger\fR;
|
|
provide\-ixfr \fIboolean\fR;
|
|
request\-ixfr \fIboolean\fR;
|
|
keys \fIserver_key\fR;
|
|
transfers \fIinteger\fR;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
support\-ixfr \fIboolean\fR; // obsolete
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "TRUSTED\-KEYS"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
trusted\-keys {
|
|
\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "MANAGED\-KEYS"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
managed\-keys {
|
|
\fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "CONTROLS"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
controls {
|
|
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ]
|
|
allow { \fIaddress_match_element\fR; ... }
|
|
[ keys { \fIstring\fR; ... } ];
|
|
unix \fIunsupported\fR; // not implemented
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "LOGGING"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
logging {
|
|
channel \fIstring\fR {
|
|
file \fIlog_file\fR;
|
|
syslog \fIoptional_facility\fR;
|
|
null;
|
|
stderr;
|
|
severity \fIlog_severity\fR;
|
|
print\-time \fIboolean\fR;
|
|
print\-severity \fIboolean\fR;
|
|
print\-category \fIboolean\fR;
|
|
};
|
|
category \fIstring\fR { \fIstring\fR; ... };
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "LWRES"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
lwres {
|
|
listen\-on [ port \fIinteger\fR ] {
|
|
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
|
|
};
|
|
view \fIstring\fR \fIoptional_class\fR;
|
|
search { \fIstring\fR; ... };
|
|
ndots \fIinteger\fR;
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "OPTIONS"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
options {
|
|
avoid\-v4\-udp\-ports { \fIport\fR; ... };
|
|
avoid\-v6\-udp\-ports { \fIport\fR; ... };
|
|
blackhole { \fIaddress_match_element\fR; ... };
|
|
coresize \fIsize\fR;
|
|
datasize \fIsize\fR;
|
|
directory \fIquoted_string\fR;
|
|
dump\-file \fIquoted_string\fR;
|
|
files \fIsize\fR;
|
|
heartbeat\-interval \fIinteger\fR;
|
|
host\-statistics \fIboolean\fR; // not implemented
|
|
host\-statistics\-max \fInumber\fR; // not implemented
|
|
hostname ( \fIquoted_string\fR | none );
|
|
interface\-interval \fIinteger\fR;
|
|
listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
|
|
listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
|
|
match\-mapped\-addresses \fIboolean\fR;
|
|
memstatistics\-file \fIquoted_string\fR;
|
|
pid\-file ( \fIquoted_string\fR | none );
|
|
port \fIinteger\fR;
|
|
querylog \fIboolean\fR;
|
|
recursing\-file \fIquoted_string\fR;
|
|
reserved\-sockets \fIinteger\fR;
|
|
random\-device \fIquoted_string\fR;
|
|
recursive\-clients \fIinteger\fR;
|
|
serial\-query\-rate \fIinteger\fR;
|
|
server\-id ( \fIquoted_string\fR | none );
|
|
stacksize \fIsize\fR;
|
|
statistics\-file \fIquoted_string\fR;
|
|
statistics\-interval \fIinteger\fR; // not yet implemented
|
|
tcp\-clients \fIinteger\fR;
|
|
tcp\-listen\-queue \fIinteger\fR;
|
|
tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
|
|
tkey\-gssapi\-credential \fIquoted_string\fR;
|
|
tkey\-domain \fIquoted_string\fR;
|
|
transfers\-per\-ns \fIinteger\fR;
|
|
transfers\-in \fIinteger\fR;
|
|
transfers\-out \fIinteger\fR;
|
|
use\-ixfr \fIboolean\fR;
|
|
version ( \fIquoted_string\fR | none );
|
|
allow\-recursion { \fIaddress_match_element\fR; ... };
|
|
allow\-recursion\-on { \fIaddress_match_element\fR; ... };
|
|
sortlist { \fIaddress_match_element\fR; ... };
|
|
topology { \fIaddress_match_element\fR; ... }; // not implemented
|
|
auth\-nxdomain \fIboolean\fR; // default changed
|
|
minimal\-responses \fIboolean\fR;
|
|
recursion \fIboolean\fR;
|
|
rrset\-order {
|
|
[ class \fIstring\fR ] [ type \fIstring\fR ]
|
|
[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
|
|
};
|
|
provide\-ixfr \fIboolean\fR;
|
|
request\-ixfr \fIboolean\fR;
|
|
rfc2308\-type1 \fIboolean\fR; // not yet implemented
|
|
additional\-from\-auth \fIboolean\fR;
|
|
additional\-from\-cache \fIboolean\fR;
|
|
query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
|
|
query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
|
|
use\-queryport\-pool \fIboolean\fR;
|
|
queryport\-pool\-ports \fIinteger\fR;
|
|
queryport\-pool\-updateinterval \fIinteger\fR;
|
|
cleaning\-interval \fIinteger\fR;
|
|
min\-roots \fIinteger\fR; // not implemented
|
|
lame\-ttl \fIinteger\fR;
|
|
max\-ncache\-ttl \fIinteger\fR;
|
|
max\-cache\-ttl \fIinteger\fR;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
max\-cache\-size \fIsize\fR;
|
|
max\-acache\-size \fIsize\fR;
|
|
clients\-per\-query \fInumber\fR;
|
|
max\-clients\-per\-query \fInumber\fR;
|
|
check\-names ( master | slave | response )
|
|
( fail | warn | ignore );
|
|
check\-mx ( fail | warn | ignore );
|
|
check\-integrity \fIboolean\fR;
|
|
check\-mx\-cname ( fail | warn | ignore );
|
|
check\-srv\-cname ( fail | warn | ignore );
|
|
cache\-file \fIquoted_string\fR; // test option
|
|
suppress\-initial\-notify \fIboolean\fR; // not yet implemented
|
|
preferred\-glue \fIstring\fR;
|
|
dual\-stack\-servers [ port \fIinteger\fR ] {
|
|
( \fIquoted_string\fR [port \fIinteger\fR] |
|
|
\fIipv4_address\fR [port \fIinteger\fR] |
|
|
\fIipv6_address\fR [port \fIinteger\fR] ); ...
|
|
};
|
|
edns\-udp\-size \fIinteger\fR;
|
|
max\-udp\-size \fIinteger\fR;
|
|
root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
|
|
disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
|
|
dnssec\-enable \fIboolean\fR;
|
|
dnssec\-validation \fIboolean\fR;
|
|
dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
|
|
dnssec\-lookaside ( \fIauto\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
|
|
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
|
|
dnssec\-accept\-expired \fIboolean\fR;
|
|
empty\-server \fIstring\fR;
|
|
empty\-contact \fIstring\fR;
|
|
empty\-zones\-enable \fIboolean\fR;
|
|
disable\-empty\-zone \fIstring\fR;
|
|
dialup \fIdialuptype\fR;
|
|
ixfr\-from\-differences \fIixfrdiff\fR;
|
|
allow\-query { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-on { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-cache { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
|
|
allow\-transfer { \fIaddress_match_element\fR; ... };
|
|
allow\-update { \fIaddress_match_element\fR; ... };
|
|
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
|
|
update\-check\-ksk \fIboolean\fR;
|
|
dnssec\-dnskey\-kskonly \fIboolean\fR;
|
|
masterfile\-format ( text | raw );
|
|
notify \fInotifytype\fR;
|
|
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
|
|
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
|
|
notify\-delay \fIseconds\fR;
|
|
notify\-to\-soa \fIboolean\fR;
|
|
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
|
|
[ port \fIinteger\fR ]; ... };
|
|
allow\-notify { \fIaddress_match_element\fR; ... };
|
|
forward ( first | only );
|
|
forwarders [ port \fIinteger\fR ] {
|
|
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
|
|
};
|
|
max\-journal\-size \fIsize_no_default\fR;
|
|
max\-transfer\-time\-in \fIinteger\fR;
|
|
max\-transfer\-time\-out \fIinteger\fR;
|
|
max\-transfer\-idle\-in \fIinteger\fR;
|
|
max\-transfer\-idle\-out \fIinteger\fR;
|
|
max\-retry\-time \fIinteger\fR;
|
|
min\-retry\-time \fIinteger\fR;
|
|
max\-refresh\-time \fIinteger\fR;
|
|
min\-refresh\-time \fIinteger\fR;
|
|
multi\-master \fIboolean\fR;
|
|
sig\-validity\-interval \fIinteger\fR;
|
|
sig\-re\-signing\-interval \fIinteger\fR;
|
|
sig\-signing\-nodes \fIinteger\fR;
|
|
sig\-signing\-signatures \fIinteger\fR;
|
|
sig\-signing\-type \fIinteger\fR;
|
|
transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
alt\-transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
use\-alt\-transfer\-source \fIboolean\fR;
|
|
zone\-statistics \fIboolean\fR;
|
|
key\-directory \fIquoted_string\fR;
|
|
auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBcreate\fR|\fBoff\fR;
|
|
try\-tcp\-refresh \fIboolean\fR;
|
|
zero\-no\-soa\-ttl \fIboolean\fR;
|
|
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
|
|
dnssec\-secure\-to\-insecure \fIboolean\fR;
|
|
deny\-answer\-addresses {
|
|
\fIaddress_match_list\fR
|
|
} [ except\-from { \fInamelist\fR } ];
|
|
deny\-answer\-aliases {
|
|
\fInamelist\fR
|
|
} [ except\-from { \fInamelist\fR } ];
|
|
nsec3\-test\-zone \fIboolean\fR; // testing only
|
|
allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
|
|
deallocate\-on\-exit \fIboolean\fR; // obsolete
|
|
fake\-iquery \fIboolean\fR; // obsolete
|
|
fetch\-glue \fIboolean\fR; // obsolete
|
|
has\-old\-clients \fIboolean\fR; // obsolete
|
|
maintain\-ixfr\-base \fIboolean\fR; // obsolete
|
|
max\-ixfr\-log\-size \fIsize\fR; // obsolete
|
|
multiple\-cnames \fIboolean\fR; // obsolete
|
|
named\-xfer \fIquoted_string\fR; // obsolete
|
|
serial\-queries \fIinteger\fR; // obsolete
|
|
treat\-cr\-as\-space \fIboolean\fR; // obsolete
|
|
use\-id\-pool \fIboolean\fR; // obsolete
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "VIEW"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
view \fIstring\fR \fIoptional_class\fR {
|
|
match\-clients { \fIaddress_match_element\fR; ... };
|
|
match\-destinations { \fIaddress_match_element\fR; ... };
|
|
match\-recursive\-only \fIboolean\fR;
|
|
key \fIstring\fR {
|
|
algorithm \fIstring\fR;
|
|
secret \fIstring\fR;
|
|
};
|
|
zone \fIstring\fR \fIoptional_class\fR {
|
|
...
|
|
};
|
|
server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
|
|
...
|
|
};
|
|
trusted\-keys {
|
|
\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
|
|
[...]
|
|
};
|
|
allow\-recursion { \fIaddress_match_element\fR; ... };
|
|
allow\-recursion\-on { \fIaddress_match_element\fR; ... };
|
|
sortlist { \fIaddress_match_element\fR; ... };
|
|
topology { \fIaddress_match_element\fR; ... }; // not implemented
|
|
auth\-nxdomain \fIboolean\fR; // default changed
|
|
minimal\-responses \fIboolean\fR;
|
|
recursion \fIboolean\fR;
|
|
rrset\-order {
|
|
[ class \fIstring\fR ] [ type \fIstring\fR ]
|
|
[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
|
|
};
|
|
provide\-ixfr \fIboolean\fR;
|
|
request\-ixfr \fIboolean\fR;
|
|
rfc2308\-type1 \fIboolean\fR; // not yet implemented
|
|
additional\-from\-auth \fIboolean\fR;
|
|
additional\-from\-cache \fIboolean\fR;
|
|
query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
|
|
query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
|
|
use\-queryport\-pool \fIboolean\fR;
|
|
queryport\-pool\-ports \fIinteger\fR;
|
|
queryport\-pool\-updateinterval \fIinteger\fR;
|
|
cleaning\-interval \fIinteger\fR;
|
|
min\-roots \fIinteger\fR; // not implemented
|
|
lame\-ttl \fIinteger\fR;
|
|
max\-ncache\-ttl \fIinteger\fR;
|
|
max\-cache\-ttl \fIinteger\fR;
|
|
transfer\-format ( many\-answers | one\-answer );
|
|
max\-cache\-size \fIsize\fR;
|
|
max\-acache\-size \fIsize\fR;
|
|
clients\-per\-query \fInumber\fR;
|
|
max\-clients\-per\-query \fInumber\fR;
|
|
check\-names ( master | slave | response )
|
|
( fail | warn | ignore );
|
|
check\-mx ( fail | warn | ignore );
|
|
check\-integrity \fIboolean\fR;
|
|
check\-mx\-cname ( fail | warn | ignore );
|
|
check\-srv\-cname ( fail | warn | ignore );
|
|
cache\-file \fIquoted_string\fR; // test option
|
|
suppress\-initial\-notify \fIboolean\fR; // not yet implemented
|
|
preferred\-glue \fIstring\fR;
|
|
dual\-stack\-servers [ port \fIinteger\fR ] {
|
|
( \fIquoted_string\fR [port \fIinteger\fR] |
|
|
\fIipv4_address\fR [port \fIinteger\fR] |
|
|
\fIipv6_address\fR [port \fIinteger\fR] ); ...
|
|
};
|
|
edns\-udp\-size \fIinteger\fR;
|
|
max\-udp\-size \fIinteger\fR;
|
|
root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
|
|
disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
|
|
dnssec\-enable \fIboolean\fR;
|
|
dnssec\-validation \fIboolean\fR;
|
|
dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
|
|
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
|
|
dnssec\-accept\-expired \fIboolean\fR;
|
|
empty\-server \fIstring\fR;
|
|
empty\-contact \fIstring\fR;
|
|
empty\-zones\-enable \fIboolean\fR;
|
|
disable\-empty\-zone \fIstring\fR;
|
|
dialup \fIdialuptype\fR;
|
|
ixfr\-from\-differences \fIixfrdiff\fR;
|
|
allow\-query { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-on { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-cache { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
|
|
allow\-transfer { \fIaddress_match_element\fR; ... };
|
|
allow\-update { \fIaddress_match_element\fR; ... };
|
|
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
|
|
update\-check\-ksk \fIboolean\fR;
|
|
dnssec\-dnskey\-kskonly \fIboolean\fR;
|
|
masterfile\-format ( text | raw );
|
|
notify \fInotifytype\fR;
|
|
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
|
|
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
|
|
notify\-delay \fIseconds\fR;
|
|
notify\-to\-soa \fIboolean\fR;
|
|
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
|
|
[ port \fIinteger\fR ]; ... };
|
|
allow\-notify { \fIaddress_match_element\fR; ... };
|
|
forward ( first | only );
|
|
forwarders [ port \fIinteger\fR ] {
|
|
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
|
|
};
|
|
max\-journal\-size \fIsize_no_default\fR;
|
|
max\-transfer\-time\-in \fIinteger\fR;
|
|
max\-transfer\-time\-out \fIinteger\fR;
|
|
max\-transfer\-idle\-in \fIinteger\fR;
|
|
max\-transfer\-idle\-out \fIinteger\fR;
|
|
max\-retry\-time \fIinteger\fR;
|
|
min\-retry\-time \fIinteger\fR;
|
|
max\-refresh\-time \fIinteger\fR;
|
|
min\-refresh\-time \fIinteger\fR;
|
|
multi\-master \fIboolean\fR;
|
|
sig\-validity\-interval \fIinteger\fR;
|
|
transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
alt\-transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
use\-alt\-transfer\-source \fIboolean\fR;
|
|
zone\-statistics \fIboolean\fR;
|
|
try\-tcp\-refresh \fIboolean\fR;
|
|
key\-directory \fIquoted_string\fR;
|
|
zero\-no\-soa\-ttl \fIboolean\fR;
|
|
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
|
|
dnssec\-secure\-to\-insecure \fIboolean\fR;
|
|
allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
|
|
fetch\-glue \fIboolean\fR; // obsolete
|
|
maintain\-ixfr\-base \fIboolean\fR; // obsolete
|
|
max\-ixfr\-log\-size \fIsize\fR; // obsolete
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "ZONE"
|
|
.sp
|
|
.RS 4
|
|
.nf
|
|
zone \fIstring\fR \fIoptional_class\fR {
|
|
type ( master | slave | stub | hint |
|
|
forward | delegation\-only );
|
|
file \fIquoted_string\fR;
|
|
masters [ port \fIinteger\fR ] {
|
|
( \fImasters\fR |
|
|
\fIipv4_address\fR [port \fIinteger\fR] |
|
|
\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
|
|
};
|
|
database \fIstring\fR;
|
|
delegation\-only \fIboolean\fR;
|
|
check\-names ( fail | warn | ignore );
|
|
check\-mx ( fail | warn | ignore );
|
|
check\-integrity \fIboolean\fR;
|
|
check\-mx\-cname ( fail | warn | ignore );
|
|
check\-srv\-cname ( fail | warn | ignore );
|
|
dialup \fIdialuptype\fR;
|
|
ixfr\-from\-differences \fIboolean\fR;
|
|
journal \fIquoted_string\fR;
|
|
zero\-no\-soa\-ttl \fIboolean\fR;
|
|
dnssec\-secure\-to\-insecure \fIboolean\fR;
|
|
allow\-query { \fIaddress_match_element\fR; ... };
|
|
allow\-query\-on { \fIaddress_match_element\fR; ... };
|
|
allow\-transfer { \fIaddress_match_element\fR; ... };
|
|
allow\-update { \fIaddress_match_element\fR; ... };
|
|
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
|
|
update\-policy \fIlocal\fR | \fI {
|
|
( grant | deny ) \fR\fI\fIstring\fR\fR\fI
|
|
( name | subdomain | wildcard | self | selfsub | selfwild |
|
|
krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
|
|
tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
|
|
\fR\fI\fIrrtypelist\fR\fR\fI;
|
|
\fR\fI[...]\fR\fI
|
|
}\fR;
|
|
update\-check\-ksk \fIboolean\fR;
|
|
dnssec\-dnskey\-kskonly \fIboolean\fR;
|
|
masterfile\-format ( text | raw );
|
|
notify \fInotifytype\fR;
|
|
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
|
|
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
|
|
notify\-delay \fIseconds\fR;
|
|
notify\-to\-soa \fIboolean\fR;
|
|
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
|
|
[ port \fIinteger\fR ]; ... };
|
|
allow\-notify { \fIaddress_match_element\fR; ... };
|
|
forward ( first | only );
|
|
forwarders [ port \fIinteger\fR ] {
|
|
( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
|
|
};
|
|
max\-journal\-size \fIsize_no_default\fR;
|
|
max\-transfer\-time\-in \fIinteger\fR;
|
|
max\-transfer\-time\-out \fIinteger\fR;
|
|
max\-transfer\-idle\-in \fIinteger\fR;
|
|
max\-transfer\-idle\-out \fIinteger\fR;
|
|
max\-retry\-time \fIinteger\fR;
|
|
min\-retry\-time \fIinteger\fR;
|
|
max\-refresh\-time \fIinteger\fR;
|
|
min\-refresh\-time \fIinteger\fR;
|
|
multi\-master \fIboolean\fR;
|
|
sig\-validity\-interval \fIinteger\fR;
|
|
transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
alt\-transfer\-source ( \fIipv4_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
|
|
[ port ( \fIinteger\fR | * ) ];
|
|
use\-alt\-transfer\-source \fIboolean\fR;
|
|
zone\-statistics \fIboolean\fR;
|
|
try\-tcp\-refresh \fIboolean\fR;
|
|
key\-directory \fIquoted_string\fR;
|
|
nsec3\-test\-zone \fIboolean\fR; // testing only
|
|
ixfr\-base \fIquoted_string\fR; // obsolete
|
|
ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
|
|
maintain\-ixfr\-base \fIboolean\fR; // obsolete
|
|
max\-ixfr\-log\-size \fIsize\fR; // obsolete
|
|
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
|
|
};
|
|
.fi
|
|
.RE
|
|
.SH "FILES"
|
|
.PP
|
|
\fI/etc/named.conf\fR
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBnamed\fR(8),
|
|
\fBnamed\-checkconf\fR(8),
|
|
\fBrndc\fR(8),
|
|
BIND 9 Administrator Reference Manual.
|
|
.SH "COPYRIGHT"
|
|
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
|
|
.br
|