summaryrefslogtreecommitdiffstats
path: root/bin/named/named.conf.docbook
diff options
context:
space:
mode:
Diffstat (limited to 'bin/named/named.conf.docbook')
-rw-r--r--bin/named/named.conf.docbook629
1 files changed, 629 insertions, 0 deletions
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
new file mode 100644
index 0000000..a4a8044
--- /dev/null
+++ b/bin/named/named.conf.docbook
@@ -0,0 +1,629 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+ [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named.conf.docbook,v 1.39 2008/09/24 02:46:21 marka Exp $ -->
+<refentry>
+ <refentryinfo>
+ <date>Aug 13, 2004</date>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><filename>named.conf</filename></refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><filename>named.conf</filename></refname>
+ <refpurpose>configuration file for named</refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>named.conf</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para><filename>named.conf</filename> is the configuration file
+ for
+ <command>named</command>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </para>
+ <para>
+ C style: /* */
+ </para>
+ <para>
+ C++ style: // to end of line
+ </para>
+ <para>
+ Unix style: # to end of line
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>ACL</title>
+ <literallayout>
+acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
+
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>KEY</title>
+ <literallayout>
+key <replaceable>domain_name</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>MASTERS</title>
+ <literallayout>
+masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>SERVER</title>
+ <literallayout>
+server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
+ bogus <replaceable>boolean</replaceable>;
+ edns <replaceable>boolean</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ provide-ixfr <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ keys <replaceable>server_key</replaceable>;
+ transfers <replaceable>integer</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ support-ixfr <replaceable>boolean</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>TRUSTED-KEYS</title>
+ <literallayout>
+trusted-keys {
+ <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>CONTROLS</title>
+ <literallayout>
+controls {
+ inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+ allow { <replaceable>address_match_element</replaceable>; ... }
+ <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
+ unix <replaceable>unsupported</replaceable>; // not implemented
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>LOGGING</title>
+ <literallayout>
+logging {
+ channel <replaceable>string</replaceable> {
+ file <replaceable>log_file</replaceable>;
+ syslog <replaceable>optional_facility</replaceable>;
+ null;
+ stderr;
+ severity <replaceable>log_severity</replaceable>;
+ print-time <replaceable>boolean</replaceable>;
+ print-severity <replaceable>boolean</replaceable>;
+ print-category <replaceable>boolean</replaceable>;
+ };
+ category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>LWRES</title>
+ <literallayout>
+lwres {
+ listen-on <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
+ search { <replaceable>string</replaceable>; ... };
+ ndots <replaceable>integer</replaceable>;
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+ <literallayout>
+options {
+ avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
+ avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
+ blackhole { <replaceable>address_match_element</replaceable>; ... };
+ coresize <replaceable>size</replaceable>;
+ datasize <replaceable>size</replaceable>;
+ directory <replaceable>quoted_string</replaceable>;
+ dump-file <replaceable>quoted_string</replaceable>;
+ files <replaceable>size</replaceable>;
+ heartbeat-interval <replaceable>integer</replaceable>;
+ host-statistics <replaceable>boolean</replaceable>; // not implemented
+ host-statistics-max <replaceable>number</replaceable>; // not implemented
+ hostname ( <replaceable>quoted_string</replaceable> | none );
+ interface-interval <replaceable>integer</replaceable>;
+ listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+ listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+ match-mapped-addresses <replaceable>boolean</replaceable>;
+ memstatistics-file <replaceable>quoted_string</replaceable>;
+ pid-file ( <replaceable>quoted_string</replaceable> | none );
+ port <replaceable>integer</replaceable>;
+ querylog <replaceable>boolean</replaceable>;
+ recursing-file <replaceable>quoted_string</replaceable>;
+ reserved-sockets <replaceable>integer</replaceable>;
+ random-device <replaceable>quoted_string</replaceable>;
+ recursive-clients <replaceable>integer</replaceable>;
+ serial-query-rate <replaceable>integer</replaceable>;
+ server-id ( <replaceable>quoted_string</replaceable> | none |;
+ stacksize <replaceable>size</replaceable>;
+ statistics-file <replaceable>quoted_string</replaceable>;
+ statistics-interval <replaceable>integer</replaceable>; // not yet implemented
+ tcp-clients <replaceable>integer</replaceable>;
+ tcp-listen-queue <replaceable>integer</replaceable>;
+ tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
+ tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
+ tkey-domain <replaceable>quoted_string</replaceable>;
+ transfers-per-ns <replaceable>integer</replaceable>;
+ transfers-in <replaceable>integer</replaceable>;
+ transfers-out <replaceable>integer</replaceable>;
+ use-ixfr <replaceable>boolean</replaceable>;
+ version ( <replaceable>quoted_string</replaceable> | none );
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ minimal-responses <replaceable>boolean</replaceable>;
+ recursion <replaceable>boolean</replaceable>;
+ rrset-order {
+ <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
+ <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
+ };
+ provide-ixfr <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-queryport-pool <replaceable>boolean</replaceable>;
+ queryport-pool-ports <replaceable>integer</replaceable>;
+ queryport-pool-updateinterval <replaceable>integer</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ min-roots <replaceable>integer</replaceable>; // not implemented
+ lame-ttl <replaceable>integer</replaceable>;
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-cache-ttl <replaceable>integer</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ max-cache-size <replaceable>size</replaceable>;
+ max-acache-size <replaceable>size</replaceable>;
+ clients-per-query <replaceable>number</replaceable>;
+ max-clients-per-query <replaceable>number</replaceable>;
+ check-names ( master | slave | response )
+ ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ cache-file <replaceable>quoted_string</replaceable>; // test option
+ suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
+ preferred-glue <replaceable>string</replaceable>;
+ dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
+ };
+ edns-udp-size <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-validation <replaceable>boolean</replaceable>;
+ dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+
+ empty-server <replaceable>string</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ disable-empty-zone <replaceable>string</replaceable>;
+
+ dialup <replaceable>dialuptype</replaceable>;
+ ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
+
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ update-check-ksk <replaceable>boolean</replaceable>;
+
+ masterfile-format ( text | raw );
+ notify <replaceable>notifytype</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-delay <replaceable>seconds</replaceable>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+ <optional> port <replaceable>integer</replaceable> </optional>; ... };
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+
+ max-journal-size <replaceable>size_no_default</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+
+ sig-validity-interval <replaceable>integer</replaceable>;
+ sig-re-signing-interval <replaceable>integer</replaceable>;
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+
+ zone-statistics <replaceable>boolean</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+
+ nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
+
+ allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
+ deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
+ fake-iquery <replaceable>boolean</replaceable>; // obsolete
+ fetch-glue <replaceable>boolean</replaceable>; // obsolete
+ has-old-clients <replaceable>boolean</replaceable>; // obsolete
+ maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+ max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+ multiple-cnames <replaceable>boolean</replaceable>; // obsolete
+ named-xfer <replaceable>quoted_string</replaceable>; // obsolete
+ serial-queries <replaceable>integer</replaceable>; // obsolete
+ treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
+ use-id-pool <replaceable>boolean</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>VIEW</title>
+ <literallayout>
+view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+ match-clients { <replaceable>address_match_element</replaceable>; ... };
+ match-destinations { <replaceable>address_match_element</replaceable>; ... };
+ match-recursive-only <replaceable>boolean</replaceable>;
+
+ key <replaceable>string</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
+ };
+
+ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+ ...
+ };
+
+ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
+ ...
+ };
+
+ trusted-keys {
+ <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ...
+ };
+
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ minimal-responses <replaceable>boolean</replaceable>;
+ recursion <replaceable>boolean</replaceable>;
+ rrset-order {
+ <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
+ <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
+ };
+ provide-ixfr <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-queryport-pool <replaceable>boolean</replaceable>;
+ queryport-pool-ports <replaceable>integer</replaceable>;
+ queryport-pool-updateinterval <replaceable>integer</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ min-roots <replaceable>integer</replaceable>; // not implemented
+ lame-ttl <replaceable>integer</replaceable>;
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-cache-ttl <replaceable>integer</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ max-cache-size <replaceable>size</replaceable>;
+ max-acache-size <replaceable>size</replaceable>;
+ clients-per-query <replaceable>number</replaceable>;
+ max-clients-per-query <replaceable>number</replaceable>;
+ check-names ( master | slave | response )
+ ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ cache-file <replaceable>quoted_string</replaceable>; // test option
+ suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
+ preferred-glue <replaceable>string</replaceable>;
+ dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
+ };
+ edns-udp-size <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-validation <replaceable>boolean</replaceable>;
+ dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+
+ empty-server <replaceable>string</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ disable-empty-zone <replaceable>string</replaceable>;
+
+ dialup <replaceable>dialuptype</replaceable>;
+ ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
+
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ update-check-ksk <replaceable>boolean</replaceable>;
+
+ masterfile-format ( text | raw );
+ notify <replaceable>notifytype</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-delay <replaceable>seconds</replaceable>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+ <optional> port <replaceable>integer</replaceable> </optional>; ... };
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+
+ max-journal-size <replaceable>size_no_default</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable>;
+
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+
+ zone-statistics <replaceable>boolean</replaceable>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+
+ allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
+ fetch-glue <replaceable>boolean</replaceable>; // obsolete
+ maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+ max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>ZONE</title>
+ <literallayout>
+zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+ type ( master | slave | stub | hint |
+ forward | delegation-only );
+ file <replaceable>quoted_string</replaceable>;
+
+ masters <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+ <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
+ };
+
+ database <replaceable>string</replaceable>;
+ delegation-only <replaceable>boolean</replaceable>;
+ check-names ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ dialup <replaceable>dialuptype</replaceable>;
+ ixfr-from-differences <replaceable>boolean</replaceable>;
+ journal <replaceable>quoted_string</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ update-policy {
+ ( grant | deny ) <replaceable>string</replaceable>
+ ( name | subdomain | wildcard | self | selfsub | selfwild |
+ krb5-self | ms-self | krb5-subdomain | ms-subdomain |
+ tcp-self | 6to4-self ) <replaceable>string</replaceable>
+ <replaceable>rrtypelist</replaceable>; ...
+ };
+ update-check-ksk <replaceable>boolean</replaceable>;
+
+ masterfile-format ( text | raw );
+ notify <replaceable>notifytype</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ notify-delay <replaceable>seconds</replaceable>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+ <optional> port <replaceable>integer</replaceable> </optional>; ... };
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+ ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ };
+
+ max-journal-size <replaceable>size_no_default</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable>;
+
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+ <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+
+ zone-statistics <replaceable>boolean</replaceable>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+
+ nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
+
+ ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
+ ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
+ maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+ max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+ pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
+};
+</literallayout>
+ </refsect1>
+
+ <refsect1>
+ <title>FILES</title>
+ <para><filename>/etc/named.conf</filename>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para><citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsect1>
+
+</refentry><!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->
generated by cgit (git 2.34.1) at 2024-04-23 14:42:35 +0000