![[Go to CFHT Home Page]](/images/cfht-icon.gif){kind=icon}
Man Pages 
Back to Software Index 
Manpage Top Level
named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
acl string { address_match_element; ... };
key domain_name { algorithm string; secret string; };
masters string [ port integer ] { ( masters | ipv4_address [port integer] | ipv6_address [port integer] ) [ key string ]; ... };
server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) { bogus boolean; edns boolean; edns-udp-size integer; max-udp-size integer; provide-ixfr boolean; request-ixfr boolean; keys server_key; transfers integer; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; support-ixfr boolean; // obsolete };
trusted-keys { domain_name flags protocol algorithm key; ... };
managed-keys { domain_name initial-key flags protocol algorithm key; ... };
controls { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ]; unix unsupported; // not implemented };
logging { channel string { file log_file; syslog optional_facility; null; stderr; severity log_severity; print-time boolean; print-severity boolean; print-category boolean; }; category string { string; ... }; };
lwres { listen-on [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... }; view string optional_class; search { string; ... }; ndots integer; };
options { avoid-v4-udp-ports { port; ... }; avoid-v6-udp-ports { port; ... }; blackhole { address_match_element; ... }; coresize size; datasize size; directory quoted_string; dump-file quoted_string; files size; heartbeat-interval integer; host-statistics boolean; // not implemented host-statistics-max number; // not implemented hostname ( quoted_string | none ); interface-interval integer; listen-on [ port integer ] { address_match_element; ... }; listen-on-v6 [ port integer ] { address_match_element; ... }; match-mapped-addresses boolean; memstatistics-file quoted_string; pid-file ( quoted_string | none ); port integer; querylog boolean; recursing-file quoted_string; reserved-sockets integer; random-device quoted_string; recursive-clients integer; serial-query-rate integer; server-id ( quoted_string | hostname | none ); stacksize size; statistics-file quoted_string; statistics-interval integer; // not yet implemented tcp-clients integer; tcp-listen-queue integer; tkey-dhkey quoted_string integer; tkey-gssapi-credential quoted_string; tkey-gssapi-keytab quoted_string; tkey-domain quoted_string; transfers-per-ns integer; transfers-in integer; transfers-out integer; use-ixfr boolean; version ( quoted_string | none ); allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; sortlist { address_match_element; ... }; topology { address_match_element; ... }; // not implemented auth-nxdomain boolean; // default changed minimal-responses boolean; recursion boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; provide-ixfr boolean; request-ixfr boolean; rfc2308-type1 boolean; // not yet implemented additional-from-auth boolean; additional-from-cache boolean; query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ]; query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ]; use-queryport-pool boolean; queryport-pool-ports integer; queryport-pool-updateinterval integer; cleaning-interval integer; resolver-query-timeout integer; min-roots integer; // not implemented lame-ttl integer; max-ncache-ttl integer; max-cache-ttl integer; transfer-format ( many-answers | one-answer ); max-cache-size size; max-acache-size size; clients-per-query number; max-clients-per-query number; check-names ( master | slave | response ) ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity boolean; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); cache-file quoted_string; // test option suppress-initial-notify boolean; // not yet implemented preferred-glue string; dual-stack-servers [ port integer ] { ( quoted_string [port integer] | ipv4_address [port integer] | ipv6_address [port integer] ); ... }; edns-udp-size integer; max-udp-size integer; root-delegation-only [ exclude { quoted_string; ... } ]; disable-algorithms string { string; ... }; disable-ds-digests string { string; ... }; dnssec-enable boolean; dnssec-validation boolean; dnssec-lookaside ( auto | no | domain trust-anchor domain ); dnssec-must-be-secure string boolean; dnssec-accept-expired boolean; dns64-server string; dns64-contact string; dns64 prefix { clients { <replacable>acl</replacable>; }; exclude { <replacable>acl</replacable>; }; mapped { <replacable>acl</replacable>; }; break-dnssec boolean; recursive-only boolean; suffix ipv6_address; }; empty-server string; empty-contact string; empty-zones-enable boolean; disable-empty-zone string; dialup dialuptype; ixfr-from-differences ixfrdiff; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-query-cache { address_match_element; ... }; allow-query-cache-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; update-check-ksk boolean; dnssec-dnskey-kskonly boolean; masterfile-format ( text | raw | map ); notify notifytype; notify-source ( ipv4_address | * ) [ port ( integer | * ) ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; notify-delay seconds; notify-to-soa boolean; also-notify [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... [ key keyname ] ... }; allow-notify { address_match_element; ... }; forward ( first | only ); forwarders [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... }; max-journal-size size_no_default; max-transfer-time-in integer; max-transfer-time-out integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-retry-time integer; min-retry-time integer; max-refresh-time integer; min-refresh-time integer; multi-master boolean; sig-validity-interval integer; sig-re-signing-interval integer; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; use-alt-transfer-source boolean; zone-statistics boolean; key-directory quoted_string; managed-keys-directory quoted_string; auto-dnssec allow|maintain|off; try-tcp-refresh boolean; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; dnssec-secure-to-insecure boolean; deny-answer-addresses { address_match_list } [ except-from { namelist } ]; deny-answer-aliases { namelist } [ except-from { namelist } ]; nsec3-test-zone boolean; // testing only allow-v6-synthesis { address_match_element; ... }; // obsolete deallocate-on-exit boolean; // obsolete fake-iquery boolean; // obsolete fetch-glue boolean; // obsolete has-old-clients boolean; // obsolete maintain-ixfr-base boolean; // obsolete max-ixfr-log-size size; // obsolete multiple-cnames boolean; // obsolete named-xfer quoted_string; // obsolete serial-queries integer; // obsolete treat-cr-as-space boolean; // obsolete use-id-pool boolean; // obsolete };
view string optional_class { match-clients { address_match_element; ... }; match-destinations { address_match_element; ... }; match-recursive-only boolean; key string { algorithm string; secret string; }; zone string optional_class { ... }; server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) { ... }; trusted-keys { string integer integer integer quoted_string; [...] }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; sortlist { address_match_element; ... }; topology { address_match_element; ... }; // not implemented auth-nxdomain boolean; // default changed minimal-responses boolean; recursion boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; provide-ixfr boolean; request-ixfr boolean; rfc2308-type1 boolean; // not yet implemented additional-from-auth boolean; additional-from-cache boolean; query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ]; query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ]; use-queryport-pool boolean; queryport-pool-ports integer; queryport-pool-updateinterval integer; cleaning-interval integer; resolver-query-timeout integer; min-roots integer; // not implemented lame-ttl integer; max-ncache-ttl integer; max-cache-ttl integer; transfer-format ( many-answers | one-answer ); max-cache-size size; max-acache-size size; clients-per-query number; max-clients-per-query number; check-names ( master | slave | response ) ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity boolean; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); cache-file quoted_string; // test option suppress-initial-notify boolean; // not yet implemented preferred-glue string; dual-stack-servers [ port integer ] { ( quoted_string [port integer] | ipv4_address [port integer] | ipv6_address [port integer] ); ... }; edns-udp-size integer; max-udp-size integer; root-delegation-only [ exclude { quoted_string; ... } ]; disable-algorithms string { string; ... }; disable-ds-digests string { string; ... }; dnssec-enable boolean; dnssec-validation boolean; dnssec-lookaside ( auto | no | domain trust-anchor domain ); dnssec-must-be-secure string boolean; dnssec-accept-expired boolean; dns64-server string; dns64-contact string; dns64 prefix { clients { <replacable>acl</replacable>; }; exclude { <replacable>acl</replacable>; }; mapped { <replacable>acl</replacable>; }; break-dnssec boolean; recursive-only boolean; suffix ipv6_address; }; empty-server string; empty-contact string; empty-zones-enable boolean; disable-empty-zone string; dialup dialuptype; ixfr-from-differences ixfrdiff; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-query-cache { address_match_element; ... }; allow-query-cache-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; update-check-ksk boolean; dnssec-dnskey-kskonly boolean; masterfile-format ( text | raw | map ); notify notifytype; notify-source ( ipv4_address | * ) [ port ( integer | * ) ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; notify-delay seconds; notify-to-soa boolean; also-notify [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... [ key keyname ] ... }; allow-notify { address_match_element; ... }; forward ( first | only ); forwarders [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... }; max-journal-size size_no_default; max-transfer-time-in integer; max-transfer-time-out integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-retry-time integer; min-retry-time integer; max-refresh-time integer; min-refresh-time integer; multi-master boolean; sig-validity-interval integer; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; use-alt-transfer-source boolean; zone-statistics boolean; try-tcp-refresh boolean; key-directory quoted_string; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; dnssec-secure-to-insecure boolean; allow-v6-synthesis { address_match_element; ... }; // obsolete fetch-glue boolean; // obsolete maintain-ixfr-base boolean; // obsolete max-ixfr-log-size size; // obsolete };
zone string optional_class { type ( master | slave | stub | hint | redirect | forward | delegation-only ); file quoted_string; masters [ port integer ] { ( masters | ipv4_address [port integer] | ipv6_address [ port integer ] ) [ key string ]; ... }; database string; delegation-only boolean; check-names ( fail | warn | ignore ); check-mx ( fail | warn | ignore ); check-integrity boolean; check-mx-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore ); dialup dialuptype; ixfr-from-differences boolean; journal quoted_string; zero-no-soa-ttl boolean; dnssec-secure-to-insecure boolean; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; update-policy local | { ( grant | deny ) string ( name | subdomain | wildcard | self | selfsub | selfwild | krb5-self | ms-self | krb5-subdomain | ms-subdomain | tcp-self | zonesub | 6to4-self ) string rrtypelist; [...] }; update-check-ksk boolean; dnssec-dnskey-kskonly boolean; masterfile-format ( text | raw | map ); notify notifytype; notify-source ( ipv4_address | * ) [ port ( integer | * ) ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; notify-delay seconds; notify-to-soa boolean; also-notify [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... [ key keyname ] ... }; allow-notify { address_match_element; ... }; forward ( first | only ); forwarders [ port integer ] { ( ipv4_address | ipv6_address ) [ port integer ]; ... }; max-journal-size size_no_default; max-transfer-time-in integer; max-transfer-time-out integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-retry-time integer; min-retry-time integer; max-refresh-time integer; min-refresh-time integer; multi-master boolean; request-ixfr boolean; sig-validity-interval integer; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]; use-alt-transfer-source boolean; zone-statistics boolean; try-tcp-refresh boolean; key-directory quoted_string; nsec3-test-zone boolean; // testing only ixfr-base quoted_string; // obsolete ixfr-tmp-file quoted_string; // obsolete maintain-ixfr-base boolean; // obsolete max-ixfr-log-size size; // obsolete pubkey integer integer integer quoted_string; // obsolete };
/etc/named.conf
named(8) , named-checkconf(8) , rndc(8) , BIND 9 Administrator Reference Manual.