.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "NAMED.CONF" "5" "2024-10-16" "9.20.3" "BIND 9" .SH NAME named.conf \- configuration file for **named** .SH SYNOPSIS .sp \fBnamed.conf\fP .SH DESCRIPTION .sp \fBnamed.conf\fP is the configuration file for \fI\%named\fP\&. .sp For complete documentation about the configuration statements, please refer to the Configuration Reference section in the BIND 9 Administrator Reference Manual. .sp Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .sp C style: /* */ .sp C++ style: // to end of line .sp Unix style: # to end of line .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C acl { ; ... }; // may occur multiple times controls { inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read\-only ]; // may occur multiple times unix perm owner group [ keys { ; ... } ] [ read\-only ]; // may occur multiple times }; // may occur multiple times dlz { database ; search ; }; // may occur multiple times dnssec\-policy { cdnskey ; cds\-digest\-types { ; ... }; dnskey\-ttl ; inline\-signing ; keys { ( csk | ksk | zsk ) [ key\-directory | key\-store ] lifetime algorithm [ tag\-range ] [ ]; ... }; max\-zone\-ttl ; nsec3param [ iterations ] [ optout ] [ salt\-length ]; offline\-ksk ; parent\-ds\-ttl ; parent\-propagation\-delay ; publish\-safety ; purge\-keys ; retire\-safety ; signatures\-jitter ; signatures\-refresh ; signatures\-validity ; signatures\-validity\-dnskey ; zone\-propagation\-delay ; }; // may occur multiple times dyndb { }; // may occur multiple times http { endpoints { ; ... }; listener\-clients ; streams\-per\-connection ; }; // may occur multiple times key { algorithm ; secret ; }; // may occur multiple times key\-store { directory ; pkcs11\-uri ; }; // may occur multiple times logging { category { ; ... }; // may occur multiple times channel { buffered ; file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; null; print\-category ; print\-severity ; print\-time ( iso8601 | iso8601\-utc | local | ); severity ; stderr; syslog [ ]; }; // may occur multiple times }; managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated options { allow\-new\-zones ; allow\-notify { ; ... }; allow\-proxy { ; ... }; // experimental allow\-proxy\-on { ; ... }; // experimental allow\-query { ; ... }; allow\-query\-cache { ; ... }; allow\-query\-cache\-on { ; ... }; allow\-query\-on { ; ... }; allow\-recursion { ; ... }; allow\-recursion\-on { ; ... }; allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; answer\-cookie ; attach\-cache ; auth\-nxdomain ; automatic\-interface\-scan ; avoid\-v4\-udp\-ports { ; ... }; // deprecated avoid\-v6\-udp\-ports { ; ... }; // deprecated bindkeys\-file ; // test only blackhole { ; ... }; catalog\-zones { zone [ default\-primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity ; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times check\-sibling ; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-svcb ; check\-wildcard ; clients\-per\-query ; cookie\-algorithm ( siphash24 ); cookie\-secret ; // may occur multiple times deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; dialup ( notify | notify\-passive | passive | refresh | ); // deprecated directory ; disable\-algorithms { ; ... }; // may occur multiple times disable\-ds\-digests { ; ... }; // may occur multiple times disable\-empty\-zone ; // may occur multiple times dns64 { break\-dnssec ; clients { ; ... }; exclude { ; ... }; mapped { ; ... }; recursive\-only ; suffix ; }; // may occur multiple times dns64\-contact ; dns64\-server ; dnskey\-sig\-validity ; // obsolete dnsrps\-enable ; // not configured dnsrps\-library ; // not configured dnsrps\-options { }; // not configured dnssec\-accept\-expired ; dnssec\-dnskey\-kskonly ; // obsolete dnssec\-loadkeys\-interval ; dnssec\-must\-be\-secure ; // may occur multiple times, deprecated dnssec\-policy ; dnssec\-secure\-to\-insecure ; // obsolete dnssec\-update\-mode ( maintain | no\-resign ); // obsolete dnssec\-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured dnstap\-identity ( | none | hostname ); // not configured dnstap\-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured dnstap\-version ( | none ); // not configured dual\-stack\-servers [ port ] { ( [ port ] | [ port ] | [ port ] ); ... }; dump\-file ; edns\-udp\-size ; empty\-contact ; empty\-server ; empty\-zones\-enable ; fetch\-quota\-params ; fetches\-per\-server [ ( drop | fail ) ]; fetches\-per\-zone [ ( drop | fail ) ]; flush\-zones\-on\-shutdown ; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; fstrm\-set\-buffer\-hint ; // not configured fstrm\-set\-flush\-timeout ; // not configured fstrm\-set\-input\-queue\-size ; // not configured fstrm\-set\-output\-notify\-threshold ; // not configured fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured fstrm\-set\-output\-queue\-size ; // not configured fstrm\-set\-reopen\-interval ; // not configured geoip\-directory ( | none ); heartbeat\-interval ; // deprecated hostname ( | none ); http\-listener\-clients ; http\-port ; http\-streams\-per\-connection ; https\-port ; interface\-interval ; ipv4only\-contact ; ipv4only\-enable ; ipv4only\-server ; ixfr\-from\-differences ( primary | master | secondary | slave | ); keep\-response\-order { ; ... }; // obsolete key\-directory ; lame\-ttl ; listen\-on [ port ] [ proxy ] [ tls ] [ http ] { ; ... }; // may occur multiple times listen\-on\-v6 [ port ] [ proxy ] [ tls ] [ http ] { ; ... }; // may occur multiple times lmdb\-mapsize ; managed\-keys\-directory ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); match\-mapped\-addresses ; max\-cache\-size ( default | unlimited | | ); max\-cache\-ttl ; max\-clients\-per\-query ; max\-ixfr\-ratio ( unlimited | ); max\-journal\-size ( default | unlimited | ); max\-ncache\-ttl ; max\-query\-restarts ; max\-records ; max\-records\-per\-type ; max\-recursion\-depth ; max\-recursion\-queries ; max\-refresh\-time ; max\-retry\-time ; max\-rsa\-exponent\-size ; max\-stale\-ttl ; max\-transfer\-idle\-in ; max\-transfer\-idle\-out ; max\-transfer\-time\-in ; max\-transfer\-time\-out ; max\-types\-per\-name ; max\-udp\-size ; max\-validation\-failures\-per\-fetch ; // experimental max\-validations\-per\-fetch ; // experimental max\-zone\-ttl ( unlimited | ); // deprecated memstatistics ; memstatistics\-file ; message\-compression ; min\-cache\-ttl ; min\-ncache\-ttl ; min\-refresh\-time ; min\-retry\-time ; minimal\-any ; minimal\-responses ( no\-auth | no\-auth\-recursive | ); multi\-master ; new\-zones\-directory ; no\-case\-compress { ; ... }; nocookie\-udp\-size ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; notify\-rate ; notify\-source ( | * ); notify\-source\-v6 ( | * ); notify\-to\-soa ; nsec3\-test\-zone ; // test only nta\-lifetime ; nta\-recheck ; nxdomain\-redirect ; parental\-source ( | * ); parental\-source\-v6 ( | * ); pid\-file ( | none ); port ; preferred\-glue ; prefetch [ ]; provide\-ixfr ; qname\-minimization ( strict | relaxed | disabled | off ); query\-source [ address ] ( | * ); query\-source\-v6 [ address ] ( | * ); querylog ; rate\-limit { all\-per\-second ; errors\-per\-second ; exempt\-clients { ; ... }; ipv4\-prefix\-length ; ipv6\-prefix\-length ; log\-only ; max\-table\-size ; min\-table\-size ; nodata\-per\-second ; nxdomains\-per\-second ; qps\-scale ; referrals\-per\-second ; responses\-per\-second ; slip ; window ; }; recursing\-file ; recursion ; recursive\-clients ; request\-expire ; request\-ixfr ; request\-nsid ; require\-server\-cookie ; resolver\-query\-timeout ; resolver\-use\-dns64 ; response\-padding { ; ... } block\-size ; response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ ede ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; responselog ; reuseport ; root\-key\-sentinel ; rrset\-order { [ class ] [ type ] [ name ] ; ... }; secroots\-file ; send\-cookie ; serial\-query\-rate ; serial\-update\-method ( date | increment | unixtime ); server\-id ( | none | hostname ); servfail\-ttl ; session\-keyalg ; session\-keyfile ( | none ); session\-keyname ; sig\-signing\-nodes ; sig\-signing\-signatures ; sig\-signing\-type ; sig\-validity\-interval [ ]; // obsolete sig0checks\-quota ; // experimental sig0checks\-quota\-exempt { ; ... }; // experimental sortlist { ; ... }; // deprecated stale\-answer\-client\-timeout ( disabled | off | ); stale\-answer\-enable ; stale\-answer\-ttl ; stale\-cache\-enable ; stale\-refresh\-time ; startup\-notify\-rate ; statistics\-file ; synth\-from\-dnssec ; tcp\-advertised\-timeout ; tcp\-clients ; tcp\-idle\-timeout ; tcp\-initial\-timeout ; tcp\-keepalive\-timeout ; tcp\-listen\-queue ; tcp\-receive\-buffer ; tcp\-send\-buffer ; tkey\-domain ; tkey\-gssapi\-credential ; tkey\-gssapi\-keytab ; tls\-port ; transfer\-format ( many\-answers | one\-answer ); transfer\-message\-size ; transfer\-source ( | * ); transfer\-source\-v6 ( | * ); transfers\-in ; transfers\-out ; transfers\-per\-ns ; trust\-anchor\-telemetry ; try\-tcp\-refresh ; udp\-receive\-buffer ; udp\-send\-buffer ; update\-check\-ksk ; // obsolete update\-quota ; use\-v4\-udp\-ports { ; ... }; // deprecated use\-v6\-udp\-ports { ; ... }; // deprecated v6\-bias ; validate\-except { ; ... }; version ( | none ); zero\-no\-soa\-ttl ; zero\-no\-soa\-ttl\-cache ; zone\-statistics ( full | terse | none | ); }; parental\-agents [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times plugin ( query ) [ { } ]; // may occur multiple times primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times server { bogus ; edns ; edns\-udp\-size ; edns\-version ; keys ; max\-udp\-size ; notify\-source ( | * ); notify\-source\-v6 ( | * ); padding ; provide\-ixfr ; query\-source [ address ] ( | * ); query\-source\-v6 [ address ] ( | * ); request\-expire ; request\-ixfr ; request\-nsid ; require\-cookie ; send\-cookie ; tcp\-keepalive ; tcp\-only ; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( | * ); transfer\-source\-v6 ( | * ); transfers ; }; // may occur multiple times statistics\-channels { inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times }; // may occur multiple times tls { ca\-file ; cert\-file ; cipher\-suites ; ciphers ; dhparam\-file ; key\-file ; prefer\-server\-ciphers ; protocols { ; ... }; remote\-hostname ; session\-tickets ; }; // may occur multiple times trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times trusted\-keys { ; ... }; // may occur multiple times, deprecated view [ ] { allow\-new\-zones ; allow\-notify { ; ... }; allow\-proxy { ; ... }; // experimental allow\-proxy\-on { ; ... }; // experimental allow\-query { ; ... }; allow\-query\-cache { ; ... }; allow\-query\-cache\-on { ; ... }; allow\-query\-on { ; ... }; allow\-recursion { ; ... }; allow\-recursion\-on { ; ... }; allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; attach\-cache ; auth\-nxdomain ; catalog\-zones { zone [ default\-primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity ; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times check\-sibling ; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-svcb ; check\-wildcard ; clients\-per\-query ; deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; dialup ( notify | notify\-passive | passive | refresh | ); // deprecated disable\-algorithms { ; ... }; // may occur multiple times disable\-ds\-digests { ; ... }; // may occur multiple times disable\-empty\-zone ; // may occur multiple times dlz { database ; search ; }; // may occur multiple times dns64 { break\-dnssec ; clients { ; ... }; exclude { ; ... }; mapped { ; ... }; recursive\-only ; suffix ; }; // may occur multiple times dns64\-contact ; dns64\-server ; dnskey\-sig\-validity ; // obsolete dnsrps\-enable ; // not configured dnsrps\-options { }; // not configured dnssec\-accept\-expired ; dnssec\-dnskey\-kskonly ; // obsolete dnssec\-loadkeys\-interval ; dnssec\-must\-be\-secure ; // may occur multiple times, deprecated dnssec\-policy ; dnssec\-secure\-to\-insecure ; // obsolete dnssec\-update\-mode ( maintain | no\-resign ); // obsolete dnssec\-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured dual\-stack\-servers [ port ] { ( [ port ] | [ port ] | [ port ] ); ... }; dyndb { }; // may occur multiple times edns\-udp\-size ; empty\-contact ; empty\-server ; empty\-zones\-enable ; fetch\-quota\-params ; fetches\-per\-server [ ( drop | fail ) ]; fetches\-per\-zone [ ( drop | fail ) ]; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; ipv4only\-contact ; ipv4only\-enable ; ipv4only\-server ; ixfr\-from\-differences ( primary | master | secondary | slave | ); key { algorithm ; secret ; }; // may occur multiple times key\-directory ; lame\-ttl ; lmdb\-mapsize ; managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); match\-clients { ; ... }; match\-destinations { ; ... }; match\-recursive\-only ; max\-cache\-size ( default | unlimited | | ); max\-cache\-ttl ; max\-clients\-per\-query ; max\-ixfr\-ratio ( unlimited | ); max\-journal\-size ( default | unlimited | ); max\-ncache\-ttl ; max\-query\-restarts ; max\-records ; max\-records\-per\-type ; max\-recursion\-depth ; max\-recursion\-queries ; max\-refresh\-time ; max\-retry\-time ; max\-stale\-ttl ; max\-transfer\-idle\-in ; max\-transfer\-idle\-out ; max\-transfer\-time\-in ; max\-transfer\-time\-out ; max\-types\-per\-name ; max\-udp\-size ; max\-validation\-failures\-per\-fetch ; // experimental max\-validations\-per\-fetch ; // experimental max\-zone\-ttl ( unlimited | ); // deprecated message\-compression ; min\-cache\-ttl ; min\-ncache\-ttl ; min\-refresh\-time ; min\-retry\-time ; minimal\-any ; minimal\-responses ( no\-auth | no\-auth\-recursive | ); multi\-master ; new\-zones\-directory ; no\-case\-compress { ; ... }; nocookie\-udp\-size ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; notify\-source ( | * ); notify\-source\-v6 ( | * ); notify\-to\-soa ; nsec3\-test\-zone ; // test only nta\-lifetime ; nta\-recheck ; nxdomain\-redirect ; parental\-source ( | * ); parental\-source\-v6 ( | * ); plugin ( query ) [ { } ]; // may occur multiple times preferred\-glue ; prefetch [ ]; provide\-ixfr ; qname\-minimization ( strict | relaxed | disabled | off ); query\-source [ address ] ( | * ); query\-source\-v6 [ address ] ( | * ); rate\-limit { all\-per\-second ; errors\-per\-second ; exempt\-clients { ; ... }; ipv4\-prefix\-length ; ipv6\-prefix\-length ; log\-only ; max\-table\-size ; min\-table\-size ; nodata\-per\-second ; nxdomains\-per\-second ; qps\-scale ; referrals\-per\-second ; responses\-per\-second ; slip ; window ; }; recursion ; request\-expire ; request\-ixfr ; request\-nsid ; require\-server\-cookie ; resolver\-query\-timeout ; resolver\-use\-dns64 ; response\-padding { ; ... } block\-size ; response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ ede ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; root\-key\-sentinel ; rrset\-order { [ class ] [ type ] [ name ] ; ... }; send\-cookie ; serial\-update\-method ( date | increment | unixtime ); server { bogus ; edns ; edns\-udp\-size ; edns\-version ; keys ; max\-udp\-size ; notify\-source ( | * ); notify\-source\-v6 ( | * ); padding ; provide\-ixfr ; query\-source [ address ] ( | * ); query\-source\-v6 [ address ] ( | * ); request\-expire ; request\-ixfr ; request\-nsid ; require\-cookie ; send\-cookie ; tcp\-keepalive ; tcp\-only ; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( | * ); transfer\-source\-v6 ( | * ); transfers ; }; // may occur multiple times servfail\-ttl ; sig\-signing\-nodes ; sig\-signing\-signatures ; sig\-signing\-type ; sig\-validity\-interval [ ]; // obsolete sortlist { ; ... }; // deprecated stale\-answer\-client\-timeout ( disabled | off | ); stale\-answer\-enable ; stale\-answer\-ttl ; stale\-cache\-enable ; stale\-refresh\-time ; synth\-from\-dnssec ; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( | * ); transfer\-source\-v6 ( | * ); trust\-anchor\-telemetry ; trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times trusted\-keys { ; ... }; // may occur multiple times, deprecated try\-tcp\-refresh ; update\-check\-ksk ; // obsolete v6\-bias ; validate\-except { ; ... }; zero\-no\-soa\-ttl ; zero\-no\-soa\-ttl\-cache ; zone\-statistics ( full | terse | none | ); }; // may occur multiple times .ft P .fi .UNINDENT .UNINDENT .sp Any of these zone statements can also be set inside the view statement. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type primary; allow\-query { ; ... }; allow\-query\-on { ; ... }; allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update { ; ... }; also\-notify [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity ; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); check\-sibling ; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-svcb ; check\-wildcard ; checkds ( explicit | ); database ; dialup ( notify | notify\-passive | passive | refresh | ); // deprecated dlz ; dnskey\-sig\-validity ; // obsolete dnssec\-dnskey\-kskonly ; // obsolete dnssec\-loadkeys\-interval ; dnssec\-policy ; dnssec\-secure\-to\-insecure ; // obsolete dnssec\-update\-mode ( maintain | no\-resign ); // obsolete file ; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; inline\-signing ; ixfr\-from\-differences ; journal ; key\-directory ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); max\-ixfr\-ratio ( unlimited | ); max\-journal\-size ( default | unlimited | ); max\-records ; max\-records\-per\-type ; max\-transfer\-idle\-out ; max\-transfer\-time\-out ; max\-types\-per\-name ; max\-zone\-ttl ( unlimited | ); // deprecated notify ( explicit | master\-only | primary\-only | ); notify\-delay ; notify\-source ( | * ); notify\-source\-v6 ( | * ); notify\-to\-soa ; nsec3\-test\-zone ; // test only parental\-agents [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental\-source ( | * ); parental\-source\-v6 ( | * ); serial\-update\-method ( date | increment | unixtime ); sig\-signing\-nodes ; sig\-signing\-signatures ; sig\-signing\-type ; sig\-validity\-interval [ ]; // obsolete update\-check\-ksk ; // obsolete update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... } ); zero\-no\-soa\-ttl ; zone\-statistics ( full | terse | none | ); }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type secondary; allow\-notify { ; ... }; allow\-query { ; ... }; allow\-query\-on { ; ... }; allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; check\-names ( fail | warn | ignore ); checkds ( explicit | ); database ; dialup ( notify | notify\-passive | passive | refresh | ); // deprecated dlz ; dnskey\-sig\-validity ; // obsolete dnssec\-dnskey\-kskonly ; // obsolete dnssec\-loadkeys\-interval ; dnssec\-policy ; dnssec\-update\-mode ( maintain | no\-resign ); // obsolete file ; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; inline\-signing ; ixfr\-from\-differences ; journal ; key\-directory ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); max\-ixfr\-ratio ( unlimited | ); max\-journal\-size ( default | unlimited | ); max\-records ; max\-records\-per\-type ; max\-refresh\-time ; max\-retry\-time ; max\-transfer\-idle\-in ; max\-transfer\-idle\-out ; max\-transfer\-time\-in ; max\-transfer\-time\-out ; max\-types\-per\-name ; min\-refresh\-time ; min\-retry\-time ; multi\-master ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; notify\-source ( | * ); notify\-source\-v6 ( | * ); notify\-to\-soa ; nsec3\-test\-zone ; // test only parental\-agents [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental\-source ( | * ); parental\-source\-v6 ( | * ); primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; request\-expire ; request\-ixfr ; sig\-signing\-nodes ; sig\-signing\-signatures ; sig\-signing\-type ; sig\-validity\-interval [ ]; // obsolete transfer\-source ( | * ); transfer\-source\-v6 ( | * ); try\-tcp\-refresh ; update\-check\-ksk ; // obsolete zero\-no\-soa\-ttl ; zone\-statistics ( full | terse | none | ); }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type mirror; allow\-notify { ; ... }; allow\-query { ; ... }; allow\-query\-on { ; ... }; allow\-transfer [ port ] [ transport ] { ; ... }; allow\-update\-forwarding { ; ... }; also\-notify [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; check\-names ( fail | warn | ignore ); database ; file ; ixfr\-from\-differences ; journal ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); max\-ixfr\-ratio ( unlimited | ); max\-journal\-size ( default | unlimited | ); max\-records ; max\-records\-per\-type ; max\-refresh\-time ; max\-retry\-time ; max\-transfer\-idle\-in ; max\-transfer\-idle\-out ; max\-transfer\-time\-in ; max\-transfer\-time\-out ; max\-types\-per\-name ; min\-refresh\-time ; min\-retry\-time ; multi\-master ; notify ( explicit | master\-only | primary\-only | ); notify\-delay ; notify\-source ( | * ); notify\-source\-v6 ( | * ); primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; request\-expire ; request\-ixfr ; transfer\-source ( | * ); transfer\-source\-v6 ( | * ); try\-tcp\-refresh ; zero\-no\-soa\-ttl ; zone\-statistics ( full | terse | none | ); }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type forward; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type hint; check\-names ( fail | warn | ignore ); file ; }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type redirect; allow\-query { ; ... }; allow\-query\-on { ; ... }; dlz ; file ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); max\-records ; max\-records\-per\-type ; max\-types\-per\-name ; max\-zone\-ttl ( unlimited | ); // deprecated primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; zone\-statistics ( full | terse | none | ); }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type static\-stub; allow\-query { ; ... }; allow\-query\-on { ; ... }; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; max\-records ; max\-records\-per\-type ; max\-types\-per\-name ; server\-addresses { ( | ); ... }; server\-names { ; ... }; zone\-statistics ( full | terse | none | ); }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { type stub; allow\-query { ; ... }; allow\-query\-on { ; ... }; check\-names ( fail | warn | ignore ); database ; dialup ( notify | notify\-passive | passive | refresh | ); // deprecated file ; forward ( first | only ); forwarders [ port ] [ tls ] { ( | ) [ port ] [ tls ]; ... }; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); max\-records ; max\-records\-per\-type ; max\-refresh\-time ; max\-retry\-time ; max\-transfer\-idle\-in ; max\-transfer\-time\-in ; max\-types\-per\-name ; min\-refresh\-time ; min\-retry\-time ; multi\-master ; primaries [ port ] [ source ( | * ) ] [ source\-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; transfer\-source ( | * ); transfer\-source\-v6 ( | * ); zone\-statistics ( full | terse | none | ); }; .ft P .fi .UNINDENT .UNINDENT .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C zone [ ] { in\-view ; }; .ft P .fi .UNINDENT .UNINDENT .SH FILES .sp \fB/etc/named.conf\fP .SH SEE ALSO .sp \fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fI\%tsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT 2024, Internet Systems Consortium .\" Generated by docutils manpage writer. .