NAMED.CONF(5)                        BIND9                       NAMED.CONF(5)



NAME
       named.conf - configuration file for named

SYNOPSIS
       named.conf

DESCRIPTION
       named.conf is the configuration file for named. Statements are enclosed
       in braces and terminated with a semi-colon. Clauses in the statements
       are also semi-colon terminated. The usual comment styles are supported:

       C style: /* */

       C++ style: // to end of line

       Unix style: # to end of line

ACL
           acl string { address_match_element; ... };

CONTROLS
           controls {
                inet ( ipv4_address | ipv6_address |
                    * ) [ port ( integer | * ) ] allow
                    { address_match_element; ... } [
                    keys { string; ... } ] [ read-only
                    boolean ];
                unix quoted_string perm integer
                    owner integer group integer [
                    keys { string; ... } ] [ read-only
                    boolean ];
           };

DLZ
           dlz string {
                database string;
                search boolean;
           };

DYNDB
           dyndb string quoted_string {
               unspecified-text };

KEY
           key string {
                algorithm string;
                secret string;
           };

LOGGING
           logging {
                category string { string; ... };
                channel string {
                     buffered boolean;
                     file quoted_string [ versions ( unlimited | integer ) ]
                         [ size size ] [ suffix ( increment | timestamp ) ];
                     null;
                     print-category boolean;
                     print-severity boolean;
                     print-time ( iso8601 | iso8601-utc | local | boolean );
                     severity log_severity;
                     stderr;
                     syslog [ syslog_facility ];
                };
           };

MANAGED-KEYS
           managed-keys { string string integer
               integer integer quoted_string; ... };

MASTERS
           masters string [ port integer ] [ dscp
               integer ] { ( masters | ipv4_address [
               port integer ] | ipv6_address [ port
               integer ] ) [ key string ]; ... };

OPTIONS
           options {
                allow-new-zones boolean;
                allow-notify { address_match_element; ... };
                allow-query { address_match_element; ... };
                allow-query-cache { address_match_element; ... };
                allow-query-cache-on { address_match_element; ... };
                allow-query-on { address_match_element; ... };
                allow-recursion { address_match_element; ... };
                allow-recursion-on { address_match_element; ... };
                allow-transfer { address_match_element; ... };
                allow-update { address_match_element; ... };
                allow-update-forwarding { address_match_element; ... };
                also-notify [ port integer ] [ dscp integer ] { ( masters |
                    ipv4_address [ port integer ] | ipv6_address [ port
                    integer ] ) [ key string ]; ... };
                alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
                    * ) ] [ dscp integer ];
                answer-cookie boolean;
                attach-cache string;
                auth-nxdomain boolean; // default changed
                auto-dnssec ( allow | maintain | off );
                automatic-interface-scan boolean;
                avoid-v4-udp-ports { portrange; ... };
                avoid-v6-udp-ports { portrange; ... };
                bindkeys-file quoted_string;
                blackhole { address_match_element; ... };
                cache-file quoted_string;
                catalog-zones { zone quoted_string [ default-masters [ port
                    integer ] [ dscp integer ] { ( masters | ipv4_address [
                    port integer ] | ipv6_address [ port integer ] ) [ key
                    string ]; ... } ] [ zone-directory quoted_string ] [
                    in-memory boolean ] [ min-update-interval integer ]; ... };
                check-dup-records ( fail | warn | ignore );
                check-integrity boolean;
                check-mx ( fail | warn | ignore );
                check-mx-cname ( fail | warn | ignore );
                check-names ( master | slave | response
                    ) ( fail | warn | ignore );
                check-sibling boolean;
                check-spf ( warn | ignore );
                check-srv-cname ( fail | warn | ignore );
                check-wildcard boolean;
                cleaning-interval integer;
                clients-per-query integer;
                cookie-algorithm ( aes | sha1 | sha256 );
                cookie-secret string;
                coresize ( default | unlimited | sizeval );
                datasize ( default | unlimited | sizeval );
                deny-answer-addresses { address_match_element; ... } [
                    except-from { quoted_string; ... } ];
                deny-answer-aliases { quoted_string; ... } [ except-from {
                    quoted_string; ... } ];
                dialup ( notify | notify-passive | passive | refresh | boolean );
                directory quoted_string;
                disable-algorithms string { string;
                    ... };
                disable-ds-digests string { string;
                    ... };
                disable-empty-zone string;
                dns64 netprefix {
                     break-dnssec boolean;
                     clients { address_match_element; ... };
                     exclude { address_match_element; ... };
                     mapped { address_match_element; ... };
                     recursive-only boolean;
                     suffix ipv6_address;
                };
                dns64-contact string;
                dns64-server string;
                dnsrps-enable boolean;
                dnsrps-options { unspecified-text };
                dnssec-accept-expired boolean;
                dnssec-dnskey-kskonly boolean;
                dnssec-enable boolean;
                dnssec-loadkeys-interval integer;
                dnssec-lookaside ( string trust-anchor
                    string | auto | no );
                dnssec-must-be-secure string boolean;
                dnssec-secure-to-insecure boolean;
                dnssec-update-mode ( maintain | no-resign );
                dnssec-validation ( yes | no | auto );
                dnstap { ( all | auth | client | forwarder |
                    resolver ) [ ( query | response ) ]; ... };
                dnstap-identity ( quoted_string | none |
                    hostname );
                dnstap-output ( file | unix ) quoted_string [
                    size ( unlimited | size ) ] [ versions (
                    unlimited | integer ) ] [ suffix ( increment
                    | timestamp ) ];
                dnstap-version ( quoted_string | none );
                dscp integer;
                dual-stack-servers [ port integer ] { ( quoted_string [ port
                    integer ] [ dscp integer ] | ipv4_address [ port
                    integer ] [ dscp integer ] | ipv6_address [ port
                    integer ] [ dscp integer ] ); ... };
                dump-file quoted_string;
                edns-udp-size integer;
                empty-contact string;
                empty-server string;
                empty-zones-enable boolean;
                fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
                fetches-per-server integer [ ( drop | fail ) ];
                fetches-per-zone integer [ ( drop | fail ) ];
                files ( default | unlimited | sizeval );
                filter-aaaa { address_match_element; ... };
                filter-aaaa-on-v4 ( break-dnssec | boolean );
                filter-aaaa-on-v6 ( break-dnssec | boolean );
                flush-zones-on-shutdown boolean;
                forward ( first | only );
                forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
                    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
                fstrm-set-buffer-hint integer;
                fstrm-set-flush-timeout integer;
                fstrm-set-input-queue-size integer;
                fstrm-set-output-notify-threshold integer;
                fstrm-set-output-queue-model ( mpsc | spsc );
                fstrm-set-output-queue-size integer;
                fstrm-set-reopen-interval integer;
                geoip-directory ( quoted_string | none );
                geoip-use-ecs boolean;
                glue-cache boolean;
                heartbeat-interval integer;
                hostname ( quoted_string | none );
                inline-signing boolean;
                interface-interval integer;
                ixfr-from-differences ( master | slave | boolean );
                keep-response-order { address_match_element; ... };
                key-directory quoted_string;
                lame-ttl ttlval;
                listen-on [ port integer ] [ dscp
                    integer ] {
                    address_match_element; ... };
                listen-on-v6 [ port integer ] [ dscp
                    integer ] {
                    address_match_element; ... };
                lmdb-mapsize sizeval;
                lock-file ( quoted_string | none );
                managed-keys-directory quoted_string;
                masterfile-format ( map | raw | text );
                masterfile-style ( full | relative );
                match-mapped-addresses boolean;
                max-cache-size ( default | unlimited | sizeval | percentage );
                max-cache-ttl integer;
                max-clients-per-query integer;
                max-journal-size ( default | unlimited | sizeval );
                max-ncache-ttl integer;
                max-records integer;
                max-recursion-depth integer;
                max-recursion-queries integer;
                max-refresh-time integer;
                max-retry-time integer;
                max-rsa-exponent-size integer;
                max-stale-ttl ttlval;
                max-transfer-idle-in integer;
                max-transfer-idle-out integer;
                max-transfer-time-in integer;
                max-transfer-time-out integer;
                max-udp-size integer;
                max-zone-ttl ( unlimited | ttlval );
                memstatistics boolean;
                memstatistics-file quoted_string;
                message-compression boolean;
                min-refresh-time integer;
                min-retry-time integer;
                minimal-any boolean;
                minimal-responses ( no-auth | no-auth-recursive | boolean );
                multi-master boolean;
                new-zones-directory quoted_string;
                no-case-compress { address_match_element; ... };
                nocookie-udp-size integer;
                notify ( explicit | master-only | boolean );
                notify-delay integer;
                notify-rate integer;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                    [ dscp integer ];
                notify-to-soa boolean;
                nta-lifetime ttlval;
                nta-recheck ttlval;
                nxdomain-redirect string;
                pid-file ( quoted_string | none );
                port integer;
                preferred-glue string;
                prefetch integer [ integer ];
                provide-ixfr boolean;
                query-source ( ( [ address ] ( ipv4_address | * ) [ port (
                    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
                    port ( integer | * ) ) ) [ dscp integer ];
                query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
                    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
                    port ( integer | * ) ) ) [ dscp integer ];
                querylog boolean;
                random-device ( quoted_string | none );
                rate-limit {
                     all-per-second integer;
                     errors-per-second integer;
                     exempt-clients { address_match_element; ... };
                     ipv4-prefix-length integer;
                     ipv6-prefix-length integer;
                     log-only boolean;
                     max-table-size integer;
                     min-table-size integer;
                     nodata-per-second integer;
                     nxdomains-per-second integer;
                     qps-scale integer;
                     referrals-per-second integer;
                     responses-per-second integer;
                     slip integer;
                     window integer;
                };
                recursing-file quoted_string;
                recursion boolean;
                recursive-clients integer;
                request-expire boolean;
                request-ixfr boolean;
                request-nsid boolean;
                require-server-cookie boolean;
                reserved-sockets integer;
                resolver-nonbackoff-tries integer;
                resolver-query-timeout integer;
                resolver-retry-interval integer;
                response-padding { address_match_element; ... } block-size
                    integer;
                response-policy { zone quoted_string [ log boolean ] [
                    max-policy-ttl integer ] [ min-update-interval integer ] [
                    policy ( cname | disabled | drop | given | no-op | nodata |
                    nxdomain | passthru | tcp-only quoted_string ) ] [
                    recursive-only boolean ] [ nsip-enable boolean ] [
                    nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [
                    max-policy-ttl integer ] [ min-update-interval integer ] [
                    min-ns-dots integer ] [ nsip-wait-recurse boolean ] [
                    qname-wait-recurse boolean ] [ recursive-only boolean ] [
                    nsip-enable boolean ] [ nsdname-enable boolean ] [
                    dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
                    } ];
                root-delegation-only [ exclude { quoted_string; ... } ];
                root-key-sentinel boolean;
                rrset-order { [ class string ] [ type string ] [ name
                    quoted_string ] string string; ... };
                secroots-file quoted_string;
                send-cookie boolean;
                serial-query-rate integer;
                serial-update-method ( date | increment | unixtime );
                server-id ( quoted_string | none | hostname );
                servfail-ttl ttlval;
                session-keyalg string;
                session-keyfile ( quoted_string | none );
                session-keyname string;
                sig-signing-nodes integer;
                sig-signing-signatures integer;
                sig-signing-type integer;
                sig-validity-interval integer [ integer ];
                sortlist { address_match_element; ... };
                stacksize ( default | unlimited | sizeval );
                stale-answer-enable boolean;
                stale-answer-ttl ttlval;
                startup-notify-rate integer;
                statistics-file quoted_string;
                synth-from-dnssec boolean;
                tcp-advertised-timeout integer;
                tcp-clients integer;
                tcp-idle-timeout integer;
                tcp-initial-timeout integer;
                tcp-keepalive-timeout integer;
                tcp-listen-queue integer;
                tkey-dhkey quoted_string integer;
                tkey-domain quoted_string;
                tkey-gssapi-credential quoted_string;
                tkey-gssapi-keytab quoted_string;
                transfer-format ( many-answers | one-answer );
                transfer-message-size integer;
                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                transfers-in integer;
                transfers-out integer;
                transfers-per-ns integer;
                trust-anchor-telemetry boolean; // experimental
                try-tcp-refresh boolean;
                update-check-ksk boolean;
                use-alt-transfer-source boolean;
                use-v4-udp-ports { portrange; ... };
                use-v6-udp-ports { portrange; ... };
                v6-bias integer;
                version ( quoted_string | none );
                zero-no-soa-ttl boolean;
                zero-no-soa-ttl-cache boolean;
                zone-statistics ( full | terse | none | boolean );
           };

SERVER
           server netprefix {
                bogus boolean;
                edns boolean;
                edns-udp-size integer;
                edns-version integer;
                keys server_key;
                max-udp-size integer;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                    [ dscp integer ];
                padding integer;
                provide-ixfr boolean;
                query-source ( ( [ address ] ( ipv4_address | * ) [ port (
                    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
                    port ( integer | * ) ) ) [ dscp integer ];
                query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
                    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
                    port ( integer | * ) ) ) [ dscp integer ];
                request-expire boolean;
                request-ixfr boolean;
                request-nsid boolean;
                send-cookie boolean;
                tcp-keepalive boolean;
                tcp-only boolean;
                transfer-format ( many-answers | one-answer );
                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                transfers integer;
           };

STATISTICS-CHANNELS
           statistics-channels {
                inet ( ipv4_address | ipv6_address |
                    * ) [ port ( integer | * ) ] [
                    allow { address_match_element; ...
                    } ];
           };

TRUSTED-KEYS
           trusted-keys { string integer integer
               integer quoted_string; ... };

VIEW
           view string [ class ] {
                allow-new-zones boolean;
                allow-notify { address_match_element; ... };
                allow-query { address_match_element; ... };
                allow-query-cache { address_match_element; ... };
                allow-query-cache-on { address_match_element; ... };
                allow-query-on { address_match_element; ... };
                allow-recursion { address_match_element; ... };
                allow-recursion-on { address_match_element; ... };
                allow-transfer { address_match_element; ... };
                allow-update { address_match_element; ... };
                allow-update-forwarding { address_match_element; ... };
                also-notify [ port integer ] [ dscp integer ] { ( masters |
                    ipv4_address [ port integer ] | ipv6_address [ port
                    integer ] ) [ key string ]; ... };
                alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
                    * ) ] [ dscp integer ];
                attach-cache string;
                auth-nxdomain boolean; // default changed
                auto-dnssec ( allow | maintain | off );
                cache-file quoted_string;
                catalog-zones { zone quoted_string [ default-masters [ port
                    integer ] [ dscp integer ] { ( masters | ipv4_address [
                    port integer ] | ipv6_address [ port integer ] ) [ key
                    string ]; ... } ] [ zone-directory quoted_string ] [
                    in-memory boolean ] [ min-update-interval integer ]; ... };
                check-dup-records ( fail | warn | ignore );
                check-integrity boolean;
                check-mx ( fail | warn | ignore );
                check-mx-cname ( fail | warn | ignore );
                check-names ( master | slave | response
                    ) ( fail | warn | ignore );
                check-sibling boolean;
                check-spf ( warn | ignore );
                check-srv-cname ( fail | warn | ignore );
                check-wildcard boolean;
                cleaning-interval integer;
                clients-per-query integer;
                deny-answer-addresses { address_match_element; ... } [
                    except-from { quoted_string; ... } ];
                deny-answer-aliases { quoted_string; ... } [ except-from {
                    quoted_string; ... } ];
                dialup ( notify | notify-passive | passive | refresh | boolean );
                disable-algorithms string { string;
                    ... };
                disable-ds-digests string { string;
                    ... };
                disable-empty-zone string;
                dlz string {
                     database string;
                     search boolean;
                };
                dns64 netprefix {
                     break-dnssec boolean;
                     clients { address_match_element; ... };
                     exclude { address_match_element; ... };
                     mapped { address_match_element; ... };
                     recursive-only boolean;
                     suffix ipv6_address;
                };
                dns64-contact string;
                dns64-server string;
                dnsrps-enable boolean;
                dnsrps-options { unspecified-text };
                dnssec-accept-expired boolean;
                dnssec-dnskey-kskonly boolean;
                dnssec-enable boolean;
                dnssec-loadkeys-interval integer;
                dnssec-lookaside ( string trust-anchor
                    string | auto | no );
                dnssec-must-be-secure string boolean;
                dnssec-secure-to-insecure boolean;
                dnssec-update-mode ( maintain | no-resign );
                dnssec-validation ( yes | no | auto );
                dnstap { ( all | auth | client | forwarder |
                    resolver ) [ ( query | response ) ]; ... };
                dual-stack-servers [ port integer ] { ( quoted_string [ port
                    integer ] [ dscp integer ] | ipv4_address [ port
                    integer ] [ dscp integer ] | ipv6_address [ port
                    integer ] [ dscp integer ] ); ... };
                dyndb string quoted_string {
                    unspecified-text };
                edns-udp-size integer;
                empty-contact string;
                empty-server string;
                empty-zones-enable boolean;
                fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
                fetches-per-server integer [ ( drop | fail ) ];
                fetches-per-zone integer [ ( drop | fail ) ];
                filter-aaaa { address_match_element; ... };
                filter-aaaa-on-v4 ( break-dnssec | boolean );
                filter-aaaa-on-v6 ( break-dnssec | boolean );
                forward ( first | only );
                forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
                    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
                glue-cache boolean;
                inline-signing boolean;
                ixfr-from-differences ( master | slave | boolean );
                key string {
                     algorithm string;
                     secret string;
                };
                key-directory quoted_string;
                lame-ttl ttlval;
                lmdb-mapsize sizeval;
                managed-keys { string string
                    integer integer integer
                    quoted_string; ... };
                masterfile-format ( map | raw | text );
                masterfile-style ( full | relative );
                match-clients { address_match_element; ... };
                match-destinations { address_match_element; ... };
                match-recursive-only boolean;
                max-cache-size ( default | unlimited | sizeval | percentage );
                max-cache-ttl integer;
                max-clients-per-query integer;
                max-journal-size ( default | unlimited | sizeval );
                max-ncache-ttl integer;
                max-records integer;
                max-recursion-depth integer;
                max-recursion-queries integer;
                max-refresh-time integer;
                max-retry-time integer;
                max-stale-ttl ttlval;
                max-transfer-idle-in integer;
                max-transfer-idle-out integer;
                max-transfer-time-in integer;
                max-transfer-time-out integer;
                max-udp-size integer;
                max-zone-ttl ( unlimited | ttlval );
                message-compression boolean;
                min-refresh-time integer;
                min-retry-time integer;
                minimal-any boolean;
                minimal-responses ( no-auth | no-auth-recursive | boolean );
                multi-master boolean;
                new-zones-directory quoted_string;
                no-case-compress { address_match_element; ... };
                nocookie-udp-size integer;
                notify ( explicit | master-only | boolean );
                notify-delay integer;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                    [ dscp integer ];
                notify-to-soa boolean;
                nta-lifetime ttlval;
                nta-recheck ttlval;
                nxdomain-redirect string;
                preferred-glue string;
                prefetch integer [ integer ];
                provide-ixfr boolean;
                query-source ( ( [ address ] ( ipv4_address | * ) [ port (
                    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
                    port ( integer | * ) ) ) [ dscp integer ];
                query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
                    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
                    port ( integer | * ) ) ) [ dscp integer ];
                rate-limit {
                     all-per-second integer;
                     errors-per-second integer;
                     exempt-clients { address_match_element; ... };
                     ipv4-prefix-length integer;
                     ipv6-prefix-length integer;
                     log-only boolean;
                     max-table-size integer;
                     min-table-size integer;
                     nodata-per-second integer;
                     nxdomains-per-second integer;
                     qps-scale integer;
                     referrals-per-second integer;
                     responses-per-second integer;
                     slip integer;
                     window integer;
                };
                recursion boolean;
                request-expire boolean;
                request-ixfr boolean;
                request-nsid boolean;
                require-server-cookie boolean;
                resolver-nonbackoff-tries integer;
                resolver-query-timeout integer;
                resolver-retry-interval integer;
                response-padding { address_match_element; ... } block-size
                    integer;
                response-policy { zone quoted_string [ log boolean ] [
                    max-policy-ttl integer ] [ min-update-interval integer ] [
                    policy ( cname | disabled | drop | given | no-op | nodata |
                    nxdomain | passthru | tcp-only quoted_string ) ] [
                    recursive-only boolean ] [ nsip-enable boolean ] [
                    nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [
                    max-policy-ttl integer ] [ min-update-interval integer ] [
                    min-ns-dots integer ] [ nsip-wait-recurse boolean ] [
                    qname-wait-recurse boolean ] [ recursive-only boolean ] [
                    nsip-enable boolean ] [ nsdname-enable boolean ] [
                    dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
                    } ];
                root-delegation-only [ exclude { quoted_string; ... } ];
                root-key-sentinel boolean;
                rrset-order { [ class string ] [ type string ] [ name
                    quoted_string ] string string; ... };
                send-cookie boolean;
                serial-update-method ( date | increment | unixtime );
                server netprefix {
                     bogus boolean;
                     edns boolean;
                     edns-udp-size integer;
                     edns-version integer;
                     keys server_key;
                     max-udp-size integer;
                     notify-source ( ipv4_address | * ) [ port ( integer | *
                         ) ] [ dscp integer ];
                     notify-source-v6 ( ipv6_address | * ) [ port ( integer
                         | * ) ] [ dscp integer ];
                     padding integer;
                     provide-ixfr boolean;
                     query-source ( ( [ address ] ( ipv4_address | * ) [ port
                         ( integer | * ) ] ) | ( [ [ address ] (
                         ipv4_address | * ) ] port ( integer | * ) ) ) [
                         dscp integer ];
                     query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
                         port ( integer | * ) ] ) | ( [ [ address ] (
                         ipv6_address | * ) ] port ( integer | * ) ) ) [
                         dscp integer ];
                     request-expire boolean;
                     request-ixfr boolean;
                     request-nsid boolean;
                     send-cookie boolean;
                     tcp-keepalive boolean;
                     tcp-only boolean;
                     transfer-format ( many-answers | one-answer );
                     transfer-source ( ipv4_address | * ) [ port ( integer |
                         * ) ] [ dscp integer ];
                     transfer-source-v6 ( ipv6_address | * ) [ port (
                         integer | * ) ] [ dscp integer ];
                     transfers integer;
                };
                servfail-ttl ttlval;
                sig-signing-nodes integer;
                sig-signing-signatures integer;
                sig-signing-type integer;
                sig-validity-interval integer [ integer ];
                sortlist { address_match_element; ... };
                stale-answer-enable boolean;
                stale-answer-ttl ttlval;
                synth-from-dnssec boolean;
                transfer-format ( many-answers | one-answer );
                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                trust-anchor-telemetry boolean; // experimental
                trusted-keys { string integer
                    integer integer quoted_string;
                    ... };
                try-tcp-refresh boolean;
                update-check-ksk boolean;
                use-alt-transfer-source boolean;
                v6-bias integer;
                zero-no-soa-ttl boolean;
                zero-no-soa-ttl-cache boolean;
                zone string [ class ] {
                     allow-notify { address_match_element; ... };
                     allow-query { address_match_element; ... };
                     allow-query-on { address_match_element; ... };
                     allow-transfer { address_match_element; ... };
                     allow-update { address_match_element; ... };
                     allow-update-forwarding { address_match_element; ... };
                     also-notify [ port integer ] [ dscp integer ] { (
                         masters | ipv4_address [ port integer ] |
                         ipv6_address [ port integer ] ) [ key string ];
                         ... };
                     alt-transfer-source ( ipv4_address | * ) [ port (
                         integer | * ) ] [ dscp integer ];
                     alt-transfer-source-v6 ( ipv6_address | * ) [ port (
                         integer | * ) ] [ dscp integer ];
                     auto-dnssec ( allow | maintain | off );
                     check-dup-records ( fail | warn | ignore );
                     check-integrity boolean;
                     check-mx ( fail | warn | ignore );
                     check-mx-cname ( fail | warn | ignore );
                     check-names ( fail | warn | ignore );
                     check-sibling boolean;
                     check-spf ( warn | ignore );
                     check-srv-cname ( fail | warn | ignore );
                     check-wildcard boolean;
                     database string;
                     delegation-only boolean;
                     dialup ( notify | notify-passive | passive | refresh |
                         boolean );
                     dlz string;
                     dnssec-dnskey-kskonly boolean;
                     dnssec-loadkeys-interval integer;
                     dnssec-secure-to-insecure boolean;
                     dnssec-update-mode ( maintain | no-resign );
                     file quoted_string;
                     forward ( first | only );
                     forwarders [ port integer ] [ dscp integer ] { (
                         ipv4_address | ipv6_address ) [ port integer ] [
                         dscp integer ]; ... };
                     in-view string;
                     inline-signing boolean;
                     ixfr-from-differences boolean;
                     journal quoted_string;
                     key-directory quoted_string;
                     masterfile-format ( map | raw | text );
                     masterfile-style ( full | relative );
                     masters [ port integer ] [ dscp integer ] { ( masters
                         | ipv4_address [ port integer ] | ipv6_address [
                         port integer ] ) [ key string ]; ... };
                     max-ixfr-log-size ( default | unlimited |
                     max-journal-size ( default | unlimited | sizeval );
                     max-records integer;
                     max-refresh-time integer;
                     max-retry-time integer;
                     max-transfer-idle-in integer;
                     max-transfer-idle-out integer;
                     max-transfer-time-in integer;
                     max-transfer-time-out integer;
                     max-zone-ttl ( unlimited | ttlval );
                     min-refresh-time integer;
                     min-retry-time integer;
                     multi-master boolean;
                     notify ( explicit | master-only | boolean );
                     notify-delay integer;
                     notify-source ( ipv4_address | * ) [ port ( integer | *
                         ) ] [ dscp integer ];
                     notify-source-v6 ( ipv6_address | * ) [ port ( integer
                         | * ) ] [ dscp integer ];
                     notify-to-soa boolean;
                     pubkey integer
                         integer
                         integer
                     request-expire boolean;
                     request-ixfr boolean;
                     serial-update-method ( date | increment | unixtime );
                     server-addresses { ( ipv4_address | ipv6_address ) [
                         port integer ]; ... };
                     server-names { quoted_string; ... };
                     sig-signing-nodes integer;
                     sig-signing-signatures integer;
                     sig-signing-type integer;
                     sig-validity-interval integer [ integer ];
                     transfer-source ( ipv4_address | * ) [ port ( integer |
                         * ) ] [ dscp integer ];
                     transfer-source-v6 ( ipv6_address | * ) [ port (
                         integer | * ) ] [ dscp integer ];
                     try-tcp-refresh boolean;
                     type ( delegation-only | forward | hint | master | redirect
                         | slave | static-stub | stub );
                     update-check-ksk boolean;
                     update-policy ( local | { ( deny | grant ) string (
                         6to4-self | external | krb5-self | krb5-subdomain |
                         ms-self | ms-subdomain | name | self | selfsub |
                         selfwild | subdomain | tcp-self | wildcard | zonesub )
                         [ string ] rrtypelist; ... };
                     use-alt-transfer-source boolean;
                     zero-no-soa-ttl boolean;
                     zone-statistics ( full | terse | none | boolean );
                };
                zone-statistics ( full | terse | none | boolean );
           };

ZONE
           zone string [ class ] {
                allow-notify { address_match_element; ... };
                allow-query { address_match_element; ... };
                allow-query-on { address_match_element; ... };
                allow-transfer { address_match_element; ... };
                allow-update { address_match_element; ... };
                allow-update-forwarding { address_match_element; ... };
                also-notify [ port integer ] [ dscp integer ] { ( masters |
                    ipv4_address [ port integer ] | ipv6_address [ port
                    integer ] ) [ key string ]; ... };
                alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
                    * ) ] [ dscp integer ];
                auto-dnssec ( allow | maintain | off );
                check-dup-records ( fail | warn | ignore );
                check-integrity boolean;
                check-mx ( fail | warn | ignore );
                check-mx-cname ( fail | warn | ignore );
                check-names ( fail | warn | ignore );
                check-sibling boolean;
                check-spf ( warn | ignore );
                check-srv-cname ( fail | warn | ignore );
                check-wildcard boolean;
                database string;
                delegation-only boolean;
                dialup ( notify | notify-passive | passive | refresh | boolean );
                dlz string;
                dnssec-dnskey-kskonly boolean;
                dnssec-loadkeys-interval integer;
                dnssec-secure-to-insecure boolean;
                dnssec-update-mode ( maintain | no-resign );
                file quoted_string;
                forward ( first | only );
                forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
                    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
                in-view string;
                inline-signing boolean;
                ixfr-from-differences boolean;
                journal quoted_string;
                key-directory quoted_string;
                masterfile-format ( map | raw | text );
                masterfile-style ( full | relative );
                masters [ port integer ] [ dscp integer ] { ( masters |
                    ipv4_address [ port integer ] | ipv6_address [ port
                    integer ] ) [ key string ]; ... };
                max-journal-size ( default | unlimited | sizeval );
                max-records integer;
                max-refresh-time integer;
                max-retry-time integer;
                max-transfer-idle-in integer;
                max-transfer-idle-out integer;
                max-transfer-time-in integer;
                max-transfer-time-out integer;
                max-zone-ttl ( unlimited | ttlval );
                min-refresh-time integer;
                min-retry-time integer;
                multi-master boolean;
                notify ( explicit | master-only | boolean );
                notify-delay integer;
                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
                    [ dscp integer ];
                notify-to-soa boolean;
                pubkey integer integer
                request-expire boolean;
                request-ixfr boolean;
                serial-update-method ( date | increment | unixtime );
                server-addresses { ( ipv4_address | ipv6_address ) [ port
                    integer ]; ... };
                server-names { quoted_string; ... };
                sig-signing-nodes integer;
                sig-signing-signatures integer;
                sig-signing-type integer;
                sig-validity-interval integer [ integer ];
                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
                    dscp integer ];
                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
                    ] [ dscp integer ];
                try-tcp-refresh boolean;
                type ( delegation-only | forward | hint | master | redirect | slave
                    | static-stub | stub );
                update-check-ksk boolean;
                update-policy ( local | { ( deny | grant ) string ( 6to4-self |
                    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
                    | name | self | selfsub | selfwild | subdomain | tcp-self |
                    wildcard | zonesub ) [ string ] rrtypelist; ... };
                use-alt-transfer-source boolean;
                zero-no-soa-ttl boolean;
                zone-statistics ( full | terse | none | boolean );
           };

FILES
       /etc/named.conf

SEE ALSO
       ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-
       confgen(8), BIND 9 Administrator Reference Manual.

AUTHOR
       Internet Systems Consortium, Inc.

COPYRIGHT
       Copyright  2004-2018 Internet Systems Consortium, Inc. ("ISC")



ISC                               2018-06-21                     NAMED.CONF(5)

You can also request any man page by name and (optionally) by section:

Command: 
Section: 
Architecture: 
Collection: 
 

Use the DEFAULT collection to view manual pages for third-party software.


©1994 Man-cgi 1.15, Panagiotis Christias
©1996-2018 Modified for NetBSD by Kimmo Suominen