DESCRIPTION

2019-07-21 ISC Internet Systems Consortium, Inc. named.conf 5 BIND9 named.conf configuration file for named 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Internet Systems Consortium, Inc. ("ISC") named.conf DESCRIPTION named.conf is the configuration file for named. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported: C style: /* */ C++ style: // to end of line Unix style: # to end of line ACL acl string { address_match_element; ... }; CONTROLS controls { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ]; unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ]; }; DLZ dlz string { database string; search boolean; }; DYNDB dyndb string quoted_string { unspecified-text }; KEY key string { algorithm string; secret string; }; LOGGING logging { category string { string; ... }; channel string { buffered boolean; file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print-category boolean; print-severity boolean; print-time ( iso8601 | iso8601-utc | local | boolean ); severity log_severity; stderr; syslog [ syslog_facility ]; }; }; MANAGED-KEYS managed-keys { string string integer integer integer quoted_string; ... }; MASTERS masters string [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; OPTIONS options { allow-new-zones boolean; allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-cache { address_match_element; ... }; allow-query-cache-on { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer-cookie boolean; attach-cache string; auth-nxdomain boolean; // default changed auto-dnssec ( allow | maintain | off ); automatic-interface-scan boolean; avoid-v4-udp-ports { portrange; ... }; avoid-v6-udp-ports { portrange; ... }; bindkeys-file quoted_string; blackhole { address_match_element; ... }; cache-file quoted_string; catalog-zones { zone string [ default-masters [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; cleaning-interval integer; clients-per-query integer; cookie-algorithm ( aes | sha1 | sha256 | siphash24 ); cookie-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); directory quoted_string; disable-algorithms string { string; ... }; disable-ds-digests string { string; ... }; disable-empty-zone string; dns64 netprefix { break-dnssec boolean; clients { address_match_element; ... }; exclude { address_match_element; ... }; mapped { address_match_element; ... }; recursive-only boolean; suffix ipv6_address; }; dns64-contact string; dns64-server string; dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; dnssec-dnskey-kskonly boolean; dnssec-enable boolean; dnssec-loadkeys-interval integer; dnssec-lookaside ( string trust-anchor string | auto | no ); dnssec-must-be-secure string boolean; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap-identity ( quoted_string | none | hostname ); dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap-version ( quoted_string | none ); dscp integer; dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump-file quoted_string; edns-udp-size integer; empty-contact string; empty-server string; empty-zones-enable boolean; fetch-quota-params integer fixedpoint fixedpoint fixedpoint; fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; files ( default | unlimited | sizeval ); flush-zones-on-shutdown boolean; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm-set-buffer-hint integer; fstrm-set-flush-timeout integer; fstrm-set-input-queue-size integer; fstrm-set-output-notify-threshold integer; fstrm-set-output-queue-model ( mpsc | spsc ); fstrm-set-output-queue-size integer; fstrm-set-reopen-interval ttlval; geoip-directory ( quoted_string | none ); glue-cache boolean; heartbeat-interval integer; hostname ( quoted_string | none ); inline-signing boolean; interface-interval ttlval; ixfr-from-differences ( primary | master | secondary | slave | boolean ); keep-response-order { address_match_element; ... }; key-directory quoted_string; lame-ttl ttlval; listen-on [ port integer ] [ dscp integer ] { address_match_element; ... }; listen-on-v6 [ port integer ] [ dscp integer ] { address_match_element; ... }; lmdb-mapsize sizeval; lock-file ( quoted_string | none ); managed-keys-directory quoted_string; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); match-mapped-addresses boolean; max-cache-size ( default | unlimited | sizeval | percentage ); max-cache-ttl ttlval; max-clients-per-query integer; max-journal-size ( default | unlimited | sizeval ); max-ncache-ttl ttlval; max-records integer; max-recursion-depth integer; max-recursion-queries integer; max-refresh-time integer; max-retry-time integer; max-rsa-exponent-size integer; max-stale-ttl ttlval; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-udp-size integer; max-zone-ttl ( unlimited | ttlval ); memstatistics boolean; memstatistics-file quoted_string; message-compression boolean; min-cache-ttl ttlval; min-ncache-ttl ttlval; min-refresh-time integer; min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; nocookie-udp-size integer; notify ( explicit | master-only | boolean ); notify-delay integer; notify-rate integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime ttlval; nta-recheck ttlval; nxdomain-redirect string; pid-file ( quoted_string | none ); port integer; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random-device ( quoted_string | none ); rate-limit { all-per-second integer; errors-per-second integer; exempt-clients { address_match_element; ... }; ipv4-prefix-length integer; ipv6-prefix-length integer; log-only boolean; max-table-size integer; min-table-size integer; nodata-per-second integer; nxdomains-per-second integer; qps-scale integer; referrals-per-second integer; responses-per-second integer; slip integer; window integer; }; recursing-file quoted_string; recursion boolean; recursive-clients integer; request-expire boolean; request-ixfr boolean; request-nsid boolean; require-server-cookie boolean; reserved-sockets integer; resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots-file quoted_string; send-cookie boolean; serial-query-rate integer; serial-update-method ( date | increment | unixtime ); server-id ( quoted_string | none | hostname ); servfail-ttl ttlval; session-keyalg string; session-keyfile ( quoted_string | none ); session-keyname string; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; sortlist { address_match_element; ... }; stacksize ( default | unlimited | sizeval ); stale-answer-enable boolean; stale-answer-ttl ttlval; startup-notify-rate integer; statistics-file quoted_string; synth-from-dnssec boolean; tcp-advertised-timeout integer; tcp-clients integer; tcp-idle-timeout integer; tcp-initial-timeout integer; tcp-keepalive-timeout integer; tcp-listen-queue integer; tkey-dhkey quoted_string integer; tkey-domain quoted_string; tkey-gssapi-credential quoted_string; tkey-gssapi-keytab quoted_string; transfer-format ( many-answers | one-answer ); transfer-message-size integer; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers-in integer; transfers-out integer; transfers-per-ns integer; trust-anchor-telemetry boolean; // experimental try-tcp-refresh boolean; update-check-ksk boolean; use-alt-transfer-source boolean; use-v4-udp-ports { portrange; ... }; use-v6-udp-ports { portrange; ... }; v6-bias integer; validate-except { string; ... }; version ( quoted_string | none ); zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; zone-statistics ( full | terse | none | boolean ); }; PLUGIN plugin ( query ) string [ { unspecified-text } ]; SERVER server netprefix { bogus boolean; edns boolean; edns-udp-size integer; edns-version integer; keys server_key; max-udp-size integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; send-cookie boolean; tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; STATISTICS-CHANNELS statistics-channels { inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; }; TRUSTED-KEYS trusted-keys { string integer integer integer quoted_string; ... }; VIEW view string [ class ] { allow-new-zones boolean; allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-cache { address_match_element; ... }; allow-query-cache-on { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach-cache string; auth-nxdomain boolean; // default changed auto-dnssec ( allow | maintain | off ); cache-file quoted_string; catalog-zones { zone string [ default-masters [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; cleaning-interval integer; clients-per-query integer; deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); disable-algorithms string { string; ... }; disable-ds-digests string { string; ... }; disable-empty-zone string; dlz string { database string; search boolean; }; dns64 netprefix { break-dnssec boolean; clients { address_match_element; ... }; exclude { address_match_element; ... }; mapped { address_match_element; ... }; recursive-only boolean; suffix ipv6_address; }; dns64-contact string; dns64-server string; dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; dnssec-dnskey-kskonly boolean; dnssec-enable boolean; dnssec-loadkeys-interval integer; dnssec-lookaside ( string trust-anchor string | auto | no ); dnssec-must-be-secure string boolean; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dyndb string quoted_string { unspecified-text }; edns-udp-size integer; empty-contact string; empty-server string; empty-zones-enable boolean; fetch-quota-params integer fixedpoint fixedpoint fixedpoint; fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; glue-cache boolean; inline-signing boolean; ixfr-from-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; }; key-directory quoted_string; lame-ttl ttlval; lmdb-mapsize sizeval; managed-keys { string string integer integer integer quoted_string; ... }; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); match-clients { address_match_element; ... }; match-destinations { address_match_element; ... }; match-recursive-only boolean; max-cache-size ( default | unlimited | sizeval | percentage ); max-cache-ttl ttlval; max-clients-per-query integer; max-journal-size ( default | unlimited | sizeval ); max-ncache-ttl ttlval; max-records integer; max-recursion-depth integer; max-recursion-queries integer; max-refresh-time integer; max-retry-time integer; max-stale-ttl ttlval; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-udp-size integer; max-zone-ttl ( unlimited | ttlval ); message-compression boolean; min-cache-ttl ttlval; min-ncache-ttl ttlval; min-refresh-time integer; min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; nocookie-udp-size integer; notify ( explicit | master-only | boolean ); notify-delay integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime ttlval; nta-recheck ttlval; nxdomain-redirect string; plugin ( query ) string [ { unspecified-text } ]; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate-limit { all-per-second integer; errors-per-second integer; exempt-clients { address_match_element; ... }; ipv4-prefix-length integer; ipv6-prefix-length integer; log-only boolean; max-table-size integer; min-table-size integer; nodata-per-second integer; nxdomains-per-second integer; qps-scale integer; referrals-per-second integer; responses-per-second integer; slip integer; window integer; }; recursion boolean; request-expire boolean; request-ixfr boolean; request-nsid boolean; require-server-cookie boolean; resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; response-padding { address_match_element; ... } block-size integer; response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send-cookie boolean; serial-update-method ( date | increment | unixtime ); server netprefix { bogus boolean; edns boolean; edns-udp-size integer; edns-version integer; keys server_key; max-udp-size integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; send-cookie boolean; tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail-ttl ttlval; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; sortlist { address_match_element; ... }; stale-answer-enable boolean; stale-answer-ttl ttlval; synth-from-dnssec boolean; transfer-format ( many-answers | one-answer ); transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust-anchor-telemetry boolean; // experimental trusted-keys { string integer integer integer quoted_string; ... }; try-tcp-refresh boolean; update-check-ksk boolean; use-alt-transfer-source boolean; v6-bias integer; validate-except { string; ... }; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; zone string [ class ] { allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; auto-dnssec ( allow | maintain | off ); check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; database string; delegation-only boolean; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); file quoted_string; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; in-view string; inline-signing boolean; ixfr-from-differences boolean; journal quoted_string; key-directory quoted_string; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; max-ixfr-log-size ( default | unlimited | max-journal-size ( default | unlimited | sizeval ); max-records integer; max-refresh-time integer; max-retry-time integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-zone-ttl ( unlimited | ttlval ); min-refresh-time integer; min-retry-time integer; multi-master boolean; notify ( explicit | master-only | boolean ); notify-delay integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; pubkey integer integer integer request-expire boolean; request-ixfr boolean; serial-update-method ( date | increment | unixtime ); server-addresses { ( ipv4_address | ipv6_address ); ... }; server-names { string; ... }; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try-tcp-refresh boolean; type ( primary | master | secondary | slave | mirror | delegation-only | forward | hint | redirect | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; zone-statistics ( full | terse | none | boolean ); }; ZONE zone string [ class ] { allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; also-notify [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; auto-dnssec ( allow | maintain | off ); check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); check-names ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; database string; delegation-only boolean; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); file quoted_string; forward ( first | only ); forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; in-view string; inline-signing boolean; ixfr-from-differences boolean; journal quoted_string; key-directory quoted_string; masterfile-format ( map | raw | text ); masterfile-style ( full | relative ); masters [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; max-journal-size ( default | unlimited | sizeval ); max-records integer; max-refresh-time integer; max-retry-time integer; max-transfer-idle-in integer; max-transfer-idle-out integer; max-transfer-time-in integer; max-transfer-time-out integer; max-zone-ttl ( unlimited | ttlval ); min-refresh-time integer; min-retry-time integer; multi-master boolean; notify ( explicit | master-only | boolean ); notify-delay integer; notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; request-expire boolean; request-ixfr boolean; serial-update-method ( date | increment | unixtime ); server-addresses { ( ipv4_address | ipv6_address ); ... }; server-names { string; ... }; sig-signing-nodes integer; sig-signing-signatures integer; sig-signing-type integer; sig-validity-interval integer [ integer ]; transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try-tcp-refresh boolean; type ( primary | master | secondary | slave | mirror | delegation-only | forward | hint | redirect | static-stub | stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ string ] rrtypelist; ... }; use-alt-transfer-source boolean; zero-no-soa-ttl boolean; zone-statistics ( full | terse | none | boolean ); }; FILES /etc/named.conf SEE ALSO ddns-confgen8 , named8 , named-checkconf8 , rndc8 , rndc-confgen8 , BIND 9 Administrator Reference Manual.