Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
NAMED.CONF(5)			    BIND 9			 NAMED.CONF(5)

NAME
       named.conf - configuration file for **named**

SYNOPSIS
       named.conf

DESCRIPTION
       named.conf is the configuration file for	named. Statements are enclosed
       in braces and terminated	with a semi-colon. Clauses in  the  statements
       are  also  semi-colon  terminated.   The	 usual comment styles are sup-
       ported:

       C style:	/* */
	  C++ style: //	to end of line

       Unix style: # to	end of line

   ACL
	  acl string { address_match_element; ... };

   CONTROLS
	  controls {
		inet ( ipv4_address | ipv6_address |
		    * )	[ port ( integer | * ) ] allow
		    { address_match_element; ... } [
		    keys { string; ... } ] [ read-only
		    boolean ];
		unix quoted_string perm	integer
		    owner integer group	integer	[
		    keys { string; ... } ] [ read-only
		    boolean ];
	  };

   DLZ
	  dlz string {
		database string;
		search boolean;
	  };

   DNSSEC-POLICY
	  dnssec-policy	string {
		dnskey-ttl duration;
		keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
		    duration_or_unlimited algorithm string [ integer ];	... };
		max-zone-ttl duration;
		parent-ds-ttl duration;
		parent-propagation-delay duration;
		parent-registration-delay duration;
		publish-safety duration;
		retire-safety duration;
		signatures-refresh duration;
		signatures-validity duration;
		signatures-validity-dnskey duration;
		zone-propagation-delay duration;
	  };

   DYNDB
	  dyndb	string quoted_string {
	      unspecified-text };

   KEY
	  key string {
		algorithm string;
		secret string;
	  };

   LOGGING
	  logging {
		category string	{ string; ... };
		channel	string {
			buffered boolean;
			file quoted_string [ versions (	unlimited | integer ) ]
			    [ size size	] [ suffix ( increment | timestamp ) ];
			null;
			print-category boolean;
			print-severity boolean;
			print-time ( iso8601 | iso8601-utc | local | boolean );
			severity log_severity;
			stderr;
			syslog [ syslog_facility ];
		};
	  };

   MANAGED-KEYS
       See DNSSEC-KEYS.

	  managed-keys { string	( static-key
	      |	initial-key | static-ds	|
	      initial-ds ) integer integer
	      integer quoted_string; ... };, deprecated

   MASTERS
	  masters string [ port	integer	] [ dscp
	      integer ]	{ ( masters | ipv4_address [
	      port integer ] | ipv6_address [ port
	      integer ]	) [ key	string ]; ... };

   OPTIONS
	  options {
		allow-new-zones	boolean;
		allow-notify { address_match_element; ... };
		allow-query { address_match_element; ... };
		allow-query-cache { address_match_element; ... };
		allow-query-cache-on { address_match_element; ... };
		allow-query-on { address_match_element;	... };
		allow-recursion	{ address_match_element; ... };
		allow-recursion-on { address_match_element; ...	};
		allow-transfer { address_match_element;	... };
		allow-update { address_match_element; ... };
		allow-update-forwarding	{ address_match_element; ... };
		also-notify [ port integer ] [ dscp integer ] {	( masters |
		    ipv4_address [ port	integer	] | ipv6_address [ port
		    integer ] )	[ key string ];	... };
		alt-transfer-source ( ipv4_address | * ) [ port	( integer | * )
		    ] [	dscp integer ];
		alt-transfer-source-v6 ( ipv6_address |	* ) [ port ( integer |
		    * )	] [ dscp integer ];
		answer-cookie boolean;
		attach-cache string;
		auth-nxdomain boolean; // default changed
		auto-dnssec ( allow | maintain | off );
		automatic-interface-scan boolean;
		avoid-v4-udp-ports { portrange;	... };
		avoid-v6-udp-ports { portrange;	... };
		bindkeys-file quoted_string;
		blackhole { address_match_element; ... };
		cache-file quoted_string;
		catalog-zones {	zone string [ default-masters [	port integer ]
		    [ dscp integer ] { ( masters | ipv4_address	[ port
		    integer ] |	ipv6_address [ port integer ] )	[ key
		    string ]; ... } ] [	zone-directory quoted_string ] [
		    in-memory boolean ]	[ min-update-interval duration ]; ... };
		check-dup-records ( fail | warn	| ignore );
		check-integrity	boolean;
		check-mx ( fail	| warn | ignore	);
		check-mx-cname ( fail |	warn | ignore );
		check-names ( primary |	master |
		    secondary |	slave |	response ) (
		    fail | warn	| ignore );
		check-sibling boolean;
		check-spf ( warn | ignore );
		check-srv-cname	( fail | warn |	ignore );
		check-wildcard boolean;
		clients-per-query integer;
		cookie-algorithm ( aes | siphash24 );
		cookie-secret string;
		coresize ( default | unlimited | sizeval );
		datasize ( default | unlimited | sizeval );
		deny-answer-addresses {	address_match_element; ... } [
		    except-from	{ string; ... }	];
		deny-answer-aliases { string; ... } [ except-from { string; ...
		    } ];
		dialup ( notify	| notify-passive | passive | refresh | boolean );
		directory quoted_string;
		disable-algorithms string { string;
		    ...	};
		disable-ds-digests string { string;
		    ...	};
		disable-empty-zone string;
		dns64 netprefix	{
			break-dnssec boolean;
			clients	{ address_match_element; ... };
			exclude	{ address_match_element; ... };
			mapped { address_match_element;	... };
			recursive-only boolean;
			suffix ipv6_address;
		};
		dns64-contact string;
		dns64-server string;
		dnskey-sig-validity integer;
		dnsrps-enable boolean;
		dnsrps-options { unspecified-text };
		dnssec-accept-expired boolean;
		dnssec-dnskey-kskonly boolean;
		dnssec-loadkeys-interval integer;
		dnssec-must-be-secure string boolean;
		dnssec-policy string;
		dnssec-secure-to-insecure boolean;
		dnssec-update-mode ( maintain |	no-resign );
		dnssec-validation ( yes	| no | auto );
		dnstap { ( all | auth |	client | forwarder |
		    resolver | update )	[ ( query | response ) ];
		    ...	};
		dnstap-identity	( quoted_string	| none |
		    hostname );
		dnstap-output (	file | unix ) quoted_string [
		    size ( unlimited | size ) ]	[ versions (
		    unlimited |	integer	) ] [ suffix ( increment
		    | timestamp	) ];
		dnstap-version ( quoted_string | none );
		dscp integer;
		dual-stack-servers [ port integer ] { (	quoted_string [	port
		    integer ] [	dscp integer ] | ipv4_address [	port
		    integer ] [	dscp integer ] | ipv6_address [	port
		    integer ] [	dscp integer ] ); ... };
		dump-file quoted_string;
		edns-udp-size integer;
		empty-contact string;
		empty-server string;
		empty-zones-enable boolean;
		fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
		fetches-per-server integer [ ( drop | fail ) ];
		fetches-per-zone integer [ ( drop | fail ) ];
		files (	default	| unlimited | sizeval );
		flush-zones-on-shutdown	boolean;
		forward	( first	| only );
		forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
		    | ipv6_address ) [ port integer ] [	dscp integer ];	... };
		fstrm-set-buffer-hint integer;
		fstrm-set-flush-timeout	integer;
		fstrm-set-input-queue-size integer;
		fstrm-set-output-notify-threshold integer;
		fstrm-set-output-queue-model ( mpsc | spsc );
		fstrm-set-output-queue-size integer;
		fstrm-set-reopen-interval duration;
		geoip-directory	( quoted_string	| none );
		glue-cache boolean;
		heartbeat-interval integer;
		hostname ( quoted_string | none	);
		inline-signing boolean;
		interface-interval duration;
		ixfr-from-differences (	primary	| master | secondary | slave |
		    boolean );
		keep-response-order { address_match_element; ... };
		key-directory quoted_string;
		lame-ttl duration;
		listen-on [ port integer ] [ dscp
		    integer ] {
		    address_match_element; ... };
		listen-on-v6 [ port integer ] [	dscp
		    integer ] {
		    address_match_element; ... };
		lmdb-mapsize sizeval;
		lock-file ( quoted_string | none );
		managed-keys-directory quoted_string;
		masterfile-format ( map	| raw |	text );
		masterfile-style ( full	| relative );
		match-mapped-addresses boolean;
		max-cache-size ( default | unlimited | sizeval | percentage );
		max-cache-ttl duration;
		max-clients-per-query integer;
		max-journal-size ( default | unlimited | sizeval );
		max-ncache-ttl duration;
		max-records integer;
		max-recursion-depth integer;
		max-recursion-queries integer;
		max-refresh-time integer;
		max-retry-time integer;
		max-rsa-exponent-size integer;
		max-stale-ttl duration;
		max-transfer-idle-in integer;
		max-transfer-idle-out integer;
		max-transfer-time-in integer;
		max-transfer-time-out integer;
		max-udp-size integer;
		max-zone-ttl ( unlimited | duration );
		memstatistics boolean;
		memstatistics-file quoted_string;
		message-compression boolean;
		min-cache-ttl duration;
		min-ncache-ttl duration;
		min-refresh-time integer;
		min-retry-time integer;
		minimal-any boolean;
		minimal-responses ( no-auth | no-auth-recursive	| boolean );
		multi-master boolean;
		new-zones-directory quoted_string;
		no-case-compress { address_match_element; ... };
		nocookie-udp-size integer;
		notify ( explicit | master-only	| boolean );
		notify-delay integer;
		notify-rate integer;
		notify-source (	ipv4_address | * ) [ port ( integer | *	) ] [
		    dscp integer ];
		notify-source-v6 ( ipv6_address	| * ) [	port ( integer | * ) ]
		    [ dscp integer ];
		notify-to-soa boolean;
		nta-lifetime duration;
		nta-recheck duration;
		nxdomain-redirect string;
		pid-file ( quoted_string | none	);
		port integer;
		preferred-glue string;
		prefetch integer [ integer ];
		provide-ixfr boolean;
		qname-minimization ( strict | relaxed |	disabled | off );
		query-source ( ( [ address ] ( ipv4_address | *	) [ port (
		    integer | *	) ] ) |	( [ [ address ]	( ipv4_address | * ) ]
		    port ( integer | * ) ) ) [ dscp integer ];
		query-source-v6	( ( [ address ]	( ipv6_address | * ) [ port (
		    integer | *	) ] ) |	( [ [ address ]	( ipv6_address | * ) ]
		    port ( integer | * ) ) ) [ dscp integer ];
		querylog boolean;
		random-device (	quoted_string |	none );
		rate-limit {
			all-per-second integer;
			errors-per-second integer;
			exempt-clients { address_match_element;	... };
			ipv4-prefix-length integer;
			ipv6-prefix-length integer;
			log-only boolean;
			max-table-size integer;
			min-table-size integer;
			nodata-per-second integer;
			nxdomains-per-second integer;
			qps-scale integer;
			referrals-per-second integer;
			responses-per-second integer;
			slip integer;
			window integer;
		};
		recursing-file quoted_string;
		recursion boolean;
		recursive-clients integer;
		request-expire boolean;
		request-ixfr boolean;
		request-nsid boolean;
		require-server-cookie boolean;
		reserved-sockets integer;
		resolver-nonbackoff-tries integer;
		resolver-query-timeout integer;
		resolver-retry-interval	integer;
		response-padding { address_match_element; ... }	block-size
		    integer;
		response-policy	{ zone string [	add-soa	boolean	] [ log
		    boolean ] [	max-policy-ttl duration	] [ min-update-interval
		    duration ] [ policy	( cname	| disabled | drop | given | no-op
		    | nodata | nxdomain	| passthru | tcp-only quoted_string ) ]	[
		    recursive-only boolean ] [ nsip-enable boolean ] [
		    nsdname-enable boolean ]; ... } [ add-soa boolean ]	[
		    break-dnssec boolean ] [ max-policy-ttl duration ] [
		    min-update-interval	duration ] [ min-ns-dots integer ] [
		    nsip-wait-recurse boolean ]	[ qname-wait-recurse boolean ]
		    [ recursive-only boolean ] [ nsip-enable boolean ] [
		    nsdname-enable boolean ] [ dnsrps-enable boolean ] [
		    dnsrps-options { unspecified-text }	];
		root-delegation-only [ exclude { string; ... } ];
		root-key-sentinel boolean;
		rrset-order { [	class string ] [ type string ] [ name
		    quoted_string ] string string; ... };
		secroots-file quoted_string;
		send-cookie boolean;
		serial-query-rate integer;
		serial-update-method ( date | increment	| unixtime );
		server-id ( quoted_string | none | hostname );
		servfail-ttl duration;
		session-keyalg string;
		session-keyfile	( quoted_string	| none );
		session-keyname	string;
		sig-signing-nodes integer;
		sig-signing-signatures integer;
		sig-signing-type integer;
		sig-validity-interval integer [	integer	];
		sortlist { address_match_element; ... };
		stacksize ( default | unlimited	| sizeval );
		stale-answer-enable boolean;
		stale-answer-ttl duration;
		stale-cache-enable boolean;
		startup-notify-rate integer;
		statistics-file	quoted_string;
		synth-from-dnssec boolean;
		tcp-advertised-timeout integer;
		tcp-clients integer;
		tcp-idle-timeout integer;
		tcp-initial-timeout integer;
		tcp-keepalive-timeout integer;
		tcp-listen-queue integer;
		tkey-dhkey quoted_string integer;
		tkey-domain quoted_string;
		tkey-gssapi-credential quoted_string;
		tkey-gssapi-keytab quoted_string;
		transfer-format	( many-answers | one-answer );
		transfer-message-size integer;
		transfer-source	( ipv4_address | * ) [ port ( integer |	* ) ] [
		    dscp integer ];
		transfer-source-v6 ( ipv6_address | * )	[ port ( integer | * )
		    ] [	dscp integer ];
		transfers-in integer;
		transfers-out integer;
		transfers-per-ns integer;
		trust-anchor-telemetry boolean;	// experimental
		try-tcp-refresh	boolean;
		update-check-ksk boolean;
		use-alt-transfer-source	boolean;
		use-v4-udp-ports { portrange; ... };
		use-v6-udp-ports { portrange; ... };
		v6-bias	integer;
		validate-except	{ string; ... };
		version	( quoted_string	| none );
		zero-no-soa-ttl	boolean;
		zero-no-soa-ttl-cache boolean;
		zone-statistics	( full | terse | none |	boolean	);
	  };

   PLUGIN
	  plugin ( query ) string [ { unspecified-text
	      }	];

   SERVER
	  server netprefix {
		bogus boolean;
		edns boolean;
		edns-udp-size integer;
		edns-version integer;
		keys server_key;
		max-udp-size integer;
		notify-source (	ipv4_address | * ) [ port ( integer | *	) ] [
		    dscp integer ];
		notify-source-v6 ( ipv6_address	| * ) [	port ( integer | * ) ]
		    [ dscp integer ];
		padding	integer;
		provide-ixfr boolean;
		query-source ( ( [ address ] ( ipv4_address | *	) [ port (
		    integer | *	) ] ) |	( [ [ address ]	( ipv4_address | * ) ]
		    port ( integer | * ) ) ) [ dscp integer ];
		query-source-v6	( ( [ address ]	( ipv6_address | * ) [ port (
		    integer | *	) ] ) |	( [ [ address ]	( ipv6_address | * ) ]
		    port ( integer | * ) ) ) [ dscp integer ];
		request-expire boolean;
		request-ixfr boolean;
		request-nsid boolean;
		send-cookie boolean;
		tcp-keepalive boolean;
		tcp-only boolean;
		transfer-format	( many-answers | one-answer );
		transfer-source	( ipv4_address | * ) [ port ( integer |	* ) ] [
		    dscp integer ];
		transfer-source-v6 ( ipv6_address | * )	[ port ( integer | * )
		    ] [	dscp integer ];
		transfers integer;
	  };

   STATISTICS-CHANNELS
	  statistics-channels {
		inet ( ipv4_address | ipv6_address |
		    * )	[ port ( integer | * ) ] [
		    allow { address_match_element; ...
		    } ];
	  };

   TRUST-ANCHORS
	  trust-anchors	{ string ( static-key |
	      initial-key | static-ds |	initial-ds )
	      integer integer integer
	      quoted_string; ... };

   TRUSTED-KEYS
       Deprecated - see	DNSSEC-KEYS.

	  trusted-keys { string	integer
	      integer integer
	      quoted_string; ... };, deprecated

   VIEW
	  view string [	class ]	{
		allow-new-zones	boolean;
		allow-notify { address_match_element; ... };
		allow-query { address_match_element; ... };
		allow-query-cache { address_match_element; ... };
		allow-query-cache-on { address_match_element; ... };
		allow-query-on { address_match_element;	... };
		allow-recursion	{ address_match_element; ... };
		allow-recursion-on { address_match_element; ...	};
		allow-transfer { address_match_element;	... };
		allow-update { address_match_element; ... };
		allow-update-forwarding	{ address_match_element; ... };
		also-notify [ port integer ] [ dscp integer ] {	( masters |
		    ipv4_address [ port	integer	] | ipv6_address [ port
		    integer ] )	[ key string ];	... };
		alt-transfer-source ( ipv4_address | * ) [ port	( integer | * )
		    ] [	dscp integer ];
		alt-transfer-source-v6 ( ipv6_address |	* ) [ port ( integer |
		    * )	] [ dscp integer ];
		attach-cache string;
		auth-nxdomain boolean; // default changed
		auto-dnssec ( allow | maintain | off );
		cache-file quoted_string;
		catalog-zones {	zone string [ default-masters [	port integer ]
		    [ dscp integer ] { ( masters | ipv4_address	[ port
		    integer ] |	ipv6_address [ port integer ] )	[ key
		    string ]; ... } ] [	zone-directory quoted_string ] [
		    in-memory boolean ]	[ min-update-interval duration ]; ... };
		check-dup-records ( fail | warn	| ignore );
		check-integrity	boolean;
		check-mx ( fail	| warn | ignore	);
		check-mx-cname ( fail |	warn | ignore );
		check-names ( primary |	master |
		    secondary |	slave |	response ) (
		    fail | warn	| ignore );
		check-sibling boolean;
		check-spf ( warn | ignore );
		check-srv-cname	( fail | warn |	ignore );
		check-wildcard boolean;
		clients-per-query integer;
		deny-answer-addresses {	address_match_element; ... } [
		    except-from	{ string; ... }	];
		deny-answer-aliases { string; ... } [ except-from { string; ...
		    } ];
		dialup ( notify	| notify-passive | passive | refresh | boolean );
		disable-algorithms string { string;
		    ...	};
		disable-ds-digests string { string;
		    ...	};
		disable-empty-zone string;
		dlz string {
			database string;
			search boolean;
		};
		dns64 netprefix	{
			break-dnssec boolean;
			clients	{ address_match_element; ... };
			exclude	{ address_match_element; ... };
			mapped { address_match_element;	... };
			recursive-only boolean;
			suffix ipv6_address;
		};
		dns64-contact string;
		dns64-server string;
		dnskey-sig-validity integer;
		dnsrps-enable boolean;
		dnsrps-options { unspecified-text };
		dnssec-accept-expired boolean;
		dnssec-dnskey-kskonly boolean;
		dnssec-loadkeys-interval integer;
		dnssec-must-be-secure string boolean;
		dnssec-policy string;
		dnssec-secure-to-insecure boolean;
		dnssec-update-mode ( maintain |	no-resign );
		dnssec-validation ( yes	| no | auto );
		dnstap { ( all | auth |	client | forwarder |
		    resolver | update )	[ ( query | response ) ];
		    ...	};
		dual-stack-servers [ port integer ] { (	quoted_string [	port
		    integer ] [	dscp integer ] | ipv4_address [	port
		    integer ] [	dscp integer ] | ipv6_address [	port
		    integer ] [	dscp integer ] ); ... };
		dyndb string quoted_string {
		    unspecified-text };
		edns-udp-size integer;
		empty-contact string;
		empty-server string;
		empty-zones-enable boolean;
		fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
		fetches-per-server integer [ ( drop | fail ) ];
		fetches-per-zone integer [ ( drop | fail ) ];
		forward	( first	| only );
		forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
		    | ipv6_address ) [ port integer ] [	dscp integer ];	... };
		glue-cache boolean;
		inline-signing boolean;
		ixfr-from-differences (	primary	| master | secondary | slave |
		    boolean );
		key string {
			algorithm string;
			secret string;
		};
		key-directory quoted_string;
		lame-ttl duration;
		lmdb-mapsize sizeval;
		managed-keys { string (
		    static-key | initial-key
		    | static-ds	| initial-ds
		    ) integer integer
		    integer
		    quoted_string; ... };, deprecated
		masterfile-format ( map	| raw |	text );
		masterfile-style ( full	| relative );
		match-clients {	address_match_element; ... };
		match-destinations { address_match_element; ...	};
		match-recursive-only boolean;
		max-cache-size ( default | unlimited | sizeval | percentage );
		max-cache-ttl duration;
		max-clients-per-query integer;
		max-journal-size ( default | unlimited | sizeval );
		max-ncache-ttl duration;
		max-records integer;
		max-recursion-depth integer;
		max-recursion-queries integer;
		max-refresh-time integer;
		max-retry-time integer;
		max-stale-ttl duration;
		max-transfer-idle-in integer;
		max-transfer-idle-out integer;
		max-transfer-time-in integer;
		max-transfer-time-out integer;
		max-udp-size integer;
		max-zone-ttl ( unlimited | duration );
		message-compression boolean;
		min-cache-ttl duration;
		min-ncache-ttl duration;
		min-refresh-time integer;
		min-retry-time integer;
		minimal-any boolean;
		minimal-responses ( no-auth | no-auth-recursive	| boolean );
		multi-master boolean;
		new-zones-directory quoted_string;
		no-case-compress { address_match_element; ... };
		nocookie-udp-size integer;
		notify ( explicit | master-only	| boolean );
		notify-delay integer;
		notify-source (	ipv4_address | * ) [ port ( integer | *	) ] [
		    dscp integer ];
		notify-source-v6 ( ipv6_address	| * ) [	port ( integer | * ) ]
		    [ dscp integer ];
		notify-to-soa boolean;
		nta-lifetime duration;
		nta-recheck duration;
		nxdomain-redirect string;
		plugin ( query ) string	[ {
		    unspecified-text } ];
		preferred-glue string;
		prefetch integer [ integer ];
		provide-ixfr boolean;
		qname-minimization ( strict | relaxed |	disabled | off );
		query-source ( ( [ address ] ( ipv4_address | *	) [ port (
		    integer | *	) ] ) |	( [ [ address ]	( ipv4_address | * ) ]
		    port ( integer | * ) ) ) [ dscp integer ];
		query-source-v6	( ( [ address ]	( ipv6_address | * ) [ port (
		    integer | *	) ] ) |	( [ [ address ]	( ipv6_address | * ) ]
		    port ( integer | * ) ) ) [ dscp integer ];
		rate-limit {
			all-per-second integer;
			errors-per-second integer;
			exempt-clients { address_match_element;	... };
			ipv4-prefix-length integer;
			ipv6-prefix-length integer;
			log-only boolean;
			max-table-size integer;
			min-table-size integer;
			nodata-per-second integer;
			nxdomains-per-second integer;
			qps-scale integer;
			referrals-per-second integer;
			responses-per-second integer;
			slip integer;
			window integer;
		};
		recursion boolean;
		request-expire boolean;
		request-ixfr boolean;
		request-nsid boolean;
		require-server-cookie boolean;
		resolver-nonbackoff-tries integer;
		resolver-query-timeout integer;
		resolver-retry-interval	integer;
		response-padding { address_match_element; ... }	block-size
		    integer;
		response-policy	{ zone string [	add-soa	boolean	] [ log
		    boolean ] [	max-policy-ttl duration	] [ min-update-interval
		    duration ] [ policy	( cname	| disabled | drop | given | no-op
		    | nodata | nxdomain	| passthru | tcp-only quoted_string ) ]	[
		    recursive-only boolean ] [ nsip-enable boolean ] [
		    nsdname-enable boolean ]; ... } [ add-soa boolean ]	[
		    break-dnssec boolean ] [ max-policy-ttl duration ] [
		    min-update-interval	duration ] [ min-ns-dots integer ] [
		    nsip-wait-recurse boolean ]	[ qname-wait-recurse boolean ]
		    [ recursive-only boolean ] [ nsip-enable boolean ] [
		    nsdname-enable boolean ] [ dnsrps-enable boolean ] [
		    dnsrps-options { unspecified-text }	];
		root-delegation-only [ exclude { string; ... } ];
		root-key-sentinel boolean;
		rrset-order { [	class string ] [ type string ] [ name
		    quoted_string ] string string; ... };
		send-cookie boolean;
		serial-update-method ( date | increment	| unixtime );
		server netprefix {
			bogus boolean;
			edns boolean;
			edns-udp-size integer;
			edns-version integer;
			keys server_key;
			max-udp-size integer;
			notify-source (	ipv4_address | * ) [ port ( integer | *
			    ) ]	[ dscp integer ];
			notify-source-v6 ( ipv6_address	| * ) [	port ( integer
			    | *	) ] [ dscp integer ];
			padding	integer;
			provide-ixfr boolean;
			query-source ( ( [ address ] ( ipv4_address | *	) [ port
			    ( integer |	* ) ] )	| ( [ [	address	] (
			    ipv4_address | * ) ] port (	integer	| * ) )	) [
			    dscp integer ];
			query-source-v6	( ( [ address ]	( ipv6_address | * ) [
			    port ( integer | * ) ] ) | ( [ [ address ] (
			    ipv6_address | * ) ] port (	integer	| * ) )	) [
			    dscp integer ];
			request-expire boolean;
			request-ixfr boolean;
			request-nsid boolean;
			send-cookie boolean;
			tcp-keepalive boolean;
			tcp-only boolean;
			transfer-format	( many-answers | one-answer );
			transfer-source	( ipv4_address | * ) [ port ( integer |
			    * )	] [ dscp integer ];
			transfer-source-v6 ( ipv6_address | * )	[ port (
			    integer | *	) ] [ dscp integer ];
			transfers integer;
		};
		servfail-ttl duration;
		sig-signing-nodes integer;
		sig-signing-signatures integer;
		sig-signing-type integer;
		sig-validity-interval integer [	integer	];
		sortlist { address_match_element; ... };
		stale-answer-enable boolean;
		stale-answer-ttl duration;
		stale-cache-enable boolean;
		synth-from-dnssec boolean;
		transfer-format	( many-answers | one-answer );
		transfer-source	( ipv4_address | * ) [ port ( integer |	* ) ] [
		    dscp integer ];
		transfer-source-v6 ( ipv6_address | * )	[ port ( integer | * )
		    ] [	dscp integer ];
		trust-anchor-telemetry boolean;	// experimental
		trust-anchors {	string ( static-key |
		    initial-key	| static-ds | initial-ds
		    ) integer integer integer
		    quoted_string; ... };
		trusted-keys { string
		    integer integer
		    integer
		    quoted_string; ... };, deprecated
		try-tcp-refresh	boolean;
		update-check-ksk boolean;
		use-alt-transfer-source	boolean;
		v6-bias	integer;
		validate-except	{ string; ... };
		zero-no-soa-ttl	boolean;
		zero-no-soa-ttl-cache boolean;
		zone string [ class ] {
			allow-notify { address_match_element; ... };
			allow-query { address_match_element; ... };
			allow-query-on { address_match_element;	... };
			allow-transfer { address_match_element;	... };
			allow-update { address_match_element; ... };
			allow-update-forwarding	{ address_match_element; ... };
			also-notify [ port integer ] [ dscp integer ] {	(
			    masters | ipv4_address [ port integer ] |
			    ipv6_address [ port	integer	] ) [ key string ];
			    ...	};
			alt-transfer-source ( ipv4_address | * ) [ port	(
			    integer | *	) ] [ dscp integer ];
			alt-transfer-source-v6 ( ipv6_address |	* ) [ port (
			    integer | *	) ] [ dscp integer ];
			auto-dnssec ( allow | maintain | off );
			check-dup-records ( fail | warn	| ignore );
			check-integrity	boolean;
			check-mx ( fail	| warn | ignore	);
			check-mx-cname ( fail |	warn | ignore );
			check-names ( fail | warn | ignore );
			check-sibling boolean;
			check-spf ( warn | ignore );
			check-srv-cname	( fail | warn |	ignore );
			check-wildcard boolean;
			database string;
			delegation-only	boolean;
			dialup ( notify	| notify-passive | passive | refresh |
			    boolean );
			dlz string;
			dnskey-sig-validity integer;
			dnssec-dnskey-kskonly boolean;
			dnssec-loadkeys-interval integer;
			dnssec-policy string;
			dnssec-secure-to-insecure boolean;
			dnssec-update-mode ( maintain |	no-resign );
			file quoted_string;
			forward	( first	| only );
			forwarders [ port integer ] [ dscp integer ] { (
			    ipv4_address | ipv6_address	) [ port integer ] [
			    dscp integer ]; ...	};
			in-view	string;
			inline-signing boolean;
			ixfr-from-differences boolean;
			journal	quoted_string;
			key-directory quoted_string;
			masterfile-format ( map	| raw |	text );
			masterfile-style ( full	| relative );
			masters	[ port integer ] [ dscp	integer	] { ( masters
			    | ipv4_address [ port integer ] | ipv6_address [
			    port integer ] ) [ key string ]; ... };
			max-journal-size ( default | unlimited | sizeval );
			max-records integer;
			max-refresh-time integer;
			max-retry-time integer;
			max-transfer-idle-in integer;
			max-transfer-idle-out integer;
			max-transfer-time-in integer;
			max-transfer-time-out integer;
			max-zone-ttl ( unlimited | duration );
			min-refresh-time integer;
			min-retry-time integer;
			multi-master boolean;
			notify ( explicit | master-only	| boolean );
			notify-delay integer;
			notify-source (	ipv4_address | * ) [ port ( integer | *
			    ) ]	[ dscp integer ];
			notify-source-v6 ( ipv6_address	| * ) [	port ( integer
			    | *	) ] [ dscp integer ];
			notify-to-soa boolean;
			request-expire boolean;
			request-ixfr boolean;
			serial-update-method ( date | increment	| unixtime );
			server-addresses { ( ipv4_address | ipv6_address ); ...	};
			server-names { string; ... };
			sig-signing-nodes integer;
			sig-signing-signatures integer;
			sig-signing-type integer;
			sig-validity-interval integer [	integer	];
			transfer-source	( ipv4_address | * ) [ port ( integer |
			    * )	] [ dscp integer ];
			transfer-source-v6 ( ipv6_address | * )	[ port (
			    integer | *	) ] [ dscp integer ];
			try-tcp-refresh	boolean;
			type ( primary | master	| secondary | slave | mirror |
			    delegation-only | forward |	hint | redirect	|
			    static-stub	| stub );
			update-check-ksk boolean;
			update-policy (	local |	{ ( deny | grant ) string (
			    6to4-self |	external | krb5-self | krb5-selfsub |
			    krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
			    name | self	| selfsub | selfwild | subdomain | tcp-self
			    | wildcard | zonesub ) [ string ] rrtypelist; ... };
			use-alt-transfer-source	boolean;
			zero-no-soa-ttl	boolean;
			zone-statistics	( full | terse | none |	boolean	);
		};
		zone-statistics	( full | terse | none |	boolean	);
	  };

   ZONE
	  zone string [	class ]	{
		allow-notify { address_match_element; ... };
		allow-query { address_match_element; ... };
		allow-query-on { address_match_element;	... };
		allow-transfer { address_match_element;	... };
		allow-update { address_match_element; ... };
		allow-update-forwarding	{ address_match_element; ... };
		also-notify [ port integer ] [ dscp integer ] {	( masters |
		    ipv4_address [ port	integer	] | ipv6_address [ port
		    integer ] )	[ key string ];	... };
		alt-transfer-source ( ipv4_address | * ) [ port	( integer | * )
		    ] [	dscp integer ];
		alt-transfer-source-v6 ( ipv6_address |	* ) [ port ( integer |
		    * )	] [ dscp integer ];
		auto-dnssec ( allow | maintain | off );
		check-dup-records ( fail | warn	| ignore );
		check-integrity	boolean;
		check-mx ( fail	| warn | ignore	);
		check-mx-cname ( fail |	warn | ignore );
		check-names ( fail | warn | ignore );
		check-sibling boolean;
		check-spf ( warn | ignore );
		check-srv-cname	( fail | warn |	ignore );
		check-wildcard boolean;
		database string;
		delegation-only	boolean;
		dialup ( notify	| notify-passive | passive | refresh | boolean );
		dlz string;
		dnskey-sig-validity integer;
		dnssec-dnskey-kskonly boolean;
		dnssec-loadkeys-interval integer;
		dnssec-policy string;
		dnssec-secure-to-insecure boolean;
		dnssec-update-mode ( maintain |	no-resign );
		file quoted_string;
		forward	( first	| only );
		forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
		    | ipv6_address ) [ port integer ] [	dscp integer ];	... };
		in-view	string;
		inline-signing boolean;
		ixfr-from-differences boolean;
		journal	quoted_string;
		key-directory quoted_string;
		masterfile-format ( map	| raw |	text );
		masterfile-style ( full	| relative );
		masters	[ port integer ] [ dscp	integer	] { ( masters |
		    ipv4_address [ port	integer	] | ipv6_address [ port
		    integer ] )	[ key string ];	... };
		max-journal-size ( default | unlimited | sizeval );
		max-records integer;
		max-refresh-time integer;
		max-retry-time integer;
		max-transfer-idle-in integer;
		max-transfer-idle-out integer;
		max-transfer-time-in integer;
		max-transfer-time-out integer;
		max-zone-ttl ( unlimited | duration );
		min-refresh-time integer;
		min-retry-time integer;
		multi-master boolean;
		notify ( explicit | master-only	| boolean );
		notify-delay integer;
		notify-source (	ipv4_address | * ) [ port ( integer | *	) ] [
		    dscp integer ];
		notify-source-v6 ( ipv6_address	| * ) [	port ( integer | * ) ]
		    [ dscp integer ];
		notify-to-soa boolean;
		request-expire boolean;
		request-ixfr boolean;
		serial-update-method ( date | increment	| unixtime );
		server-addresses { ( ipv4_address | ipv6_address ); ...	};
		server-names { string; ... };
		sig-signing-nodes integer;
		sig-signing-signatures integer;
		sig-signing-type integer;
		sig-validity-interval integer [	integer	];
		transfer-source	( ipv4_address | * ) [ port ( integer |	* ) ] [
		    dscp integer ];
		transfer-source-v6 ( ipv6_address | * )	[ port ( integer | * )
		    ] [	dscp integer ];
		try-tcp-refresh	boolean;
		type ( primary | master	| secondary | slave | mirror |
		    delegation-only | forward |	hint | redirect	| static-stub |
		    stub );
		update-check-ksk boolean;
		update-policy (	local |	{ ( deny | grant ) string ( 6to4-self |
		    external | krb5-self | krb5-selfsub	| krb5-subdomain | ms-self
		    | ms-selfsub | ms-subdomain	| name | self |	selfsub	| selfwild
		    | subdomain	| tcp-self | wildcard |	zonesub	) [ string ]
		    rrtypelist;	... };
		use-alt-transfer-source	boolean;
		zero-no-soa-ttl	boolean;
		zone-statistics	( full | terse | none |	boolean	);
	  };

FILES
       /etc/named.conf

SEE ALSO
       ddns-confgen(8),	 named(8),  named-checkconf(8),	 rndc(8),   rndc-conf-
       gen(8), BIND 9 Administrator Reference Manual.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2020, Internet Systems Consortium

9.16.6				  2020-08-10			 NAMED.CONF(5)

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=named.conf&sektion=5&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help