man/orig/named.conf

Материал из Xgu.ru

Перейти к: навигация, поиск

Не указан параметр (1)


NAMED.CONF(5) BIND9 NAMED.CONF(5)


Содержание

[править] NAME

      named.conf - configuration file for named

[править] SYNOPSIS

      named.conf

[править] DESCRIPTION

      named.conf is the configuration file for named. Statements are enclosed
      in braces and terminated with a semi-colon. Clauses in the statements
      are also semi-colon terminated. The usual comment styles are supported:
      C style: /* */
      C++ style: // to end of line
      Unix style: # to end of line

[править] ACL

          acl string { address_match_element; ... };

[править] KEY

          key domain_name {
               algorithm string;
               secret string;
          };

[править] MASTERS

          masters string [ port integer ] {
               ( masters | ipv4_address [port integer] |
               ipv6_address [port integer] ) [ key string ]; ...
          };

[править] SERVER

          server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
               bogus boolean;
               edns boolean;
               edns-udp-size integer;
               max-udp-size integer;
               provide-ixfr boolean;
               request-ixfr boolean;
               keys server_key;
               transfers integer;
               transfer-format ( many-answers | one-answer );
               transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               support-ixfr boolean; // obsolete
          };

[править] TRUSTED-KEYS

          trusted-keys {
               domain_name flags protocol algorithm key; ...
          };

[править] MANAGED-KEYS

          managed-keys {
               domain_name initial-key flags protocol algorithm key; ...
          };

[править] CONTROLS

          controls {
               inet ( ipv4_address | ipv6_address | * )
                    [ port ( integer | * ) ]
                    allow { address_match_element; ... }
                    [ keys { string; ... } ];
               unix unsupported; // not implemented
          };

[править] LOGGING

          logging {
               channel string {
                    file log_file;
                    syslog optional_facility;
                    null;
                    stderr;
                    severity log_severity;
                    print-time boolean;
                    print-severity boolean;
                    print-category boolean;
               };
               category string { string; ... };
          };

[править] LWRES

          lwres {
               listen-on [ port integer ] {
                    ( ipv4_address | ipv6_address ) [ port integer ]; ...
               };
               view string optional_class;
               search { string; ... };
               ndots integer;
          };

[править] OPTIONS

          options {
               avoid-v4-udp-ports { port; ... };
               avoid-v6-udp-ports { port; ... };
               blackhole { address_match_element; ... };
               coresize size;
               datasize size;
               directory quoted_string;
               dump-file quoted_string;
               files size;
               heartbeat-interval integer;
               host-statistics boolean; // not implemented
               host-statistics-max number; // not implemented
               hostname ( quoted_string | none );
               interface-interval integer;
               listen-on [ port integer ] { address_match_element; ... };
               listen-on-v6 [ port integer ] { address_match_element; ... };
               match-mapped-addresses boolean;
               memstatistics-file quoted_string;
               pid-file ( quoted_string | none );
               port integer;
               querylog boolean;
               recursing-file quoted_string;
               reserved-sockets integer;
               random-device quoted_string;
               recursive-clients integer;
               serial-query-rate integer;
               server-id ( quoted_string | none |;
               stacksize size;
               statistics-file quoted_string;
               statistics-interval integer; // not yet implemented
               tcp-clients integer;
               tcp-listen-queue integer;
               tkey-dhkey quoted_string integer;
               tkey-gssapi-credential quoted_string;
               tkey-gssapi-keytab quoted_string;
               tkey-domain quoted_string;
               transfers-per-ns integer;
               transfers-in integer;
               transfers-out integer;
               use-ixfr boolean;
               version ( quoted_string | none );
               allow-recursion { address_match_element; ... };
               allow-recursion-on { address_match_element; ... };
               sortlist { address_match_element; ... };
               topology { address_match_element; ... }; // not implemented
               auth-nxdomain boolean; // default changed
               minimal-responses boolean;
               recursion boolean;
               rrset-order {
                    [ class string ] [ type string ]
                    [ name quoted_string ] string string; ...
               };
               provide-ixfr boolean;
               request-ixfr boolean;
               rfc2308-type1 boolean; // not yet implemented
               additional-from-auth boolean;
               additional-from-cache boolean;
               query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
               query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
               use-queryport-pool boolean;
               queryport-pool-ports integer;
               queryport-pool-updateinterval integer;
               cleaning-interval integer;
               resolver-query-timeout integer;
               min-roots integer; // not implemented
               lame-ttl integer;
               max-ncache-ttl integer;
               max-cache-ttl integer;
               transfer-format ( many-answers | one-answer );
               max-cache-size size;
               max-acache-size size;
               clients-per-query number;
               max-clients-per-query number;
               check-names ( master | slave | response )
                    ( fail | warn | ignore );
               check-mx ( fail | warn | ignore );
               check-integrity boolean;
               check-mx-cname ( fail | warn | ignore );
               check-srv-cname ( fail | warn | ignore );
               cache-file quoted_string; // test option
               suppress-initial-notify boolean; // not yet implemented
               preferred-glue string;
               dual-stack-servers [ port integer ] {
                    ( quoted_string [port integer] |
                    ipv4_address [port integer] |
                    ipv6_address [port integer] ); ...
               };
               edns-udp-size integer;
               max-udp-size integer;
               root-delegation-only [ exclude { quoted_string; ... } ];
               disable-algorithms string { string; ... };
               dnssec-enable boolean;
               dnssec-validation boolean;
               dnssec-lookaside ( auto | no | domain trust-anchor domain );
               dnssec-must-be-secure string boolean;
               dnssec-accept-expired boolean;
               dns64-server string;
               dns64-contact string;
               dns64 prefix {
                    clients { <replacable>acl</replacable>; };
                    exclude { <replacable>acl</replacable>; };
                    mapped { <replacable>acl</replacable>; };
                    break-dnssec boolean;
                    recursive-only boolean;
                    suffix ipv6_address;
               };
               empty-server string;
               empty-contact string;
               empty-zones-enable boolean;
               disable-empty-zone string;
               dialup dialuptype;
               ixfr-from-differences ixfrdiff;
               allow-query { address_match_element; ... };
               allow-query-on { address_match_element; ... };
               allow-query-cache { address_match_element; ... };
               allow-query-cache-on { address_match_element; ... };
               allow-transfer { address_match_element; ... };
               allow-update { address_match_element; ... };
               allow-update-forwarding { address_match_element; ... };
               update-check-ksk boolean;
               dnssec-dnskey-kskonly boolean;
               masterfile-format ( text | raw );
               notify notifytype;
               notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
               notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
               notify-delay seconds;
               notify-to-soa boolean;
               also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                    [ port integer ]; ...
                    [ key keyname ] ... };
               allow-notify { address_match_element; ... };
               forward ( first | only );
               forwarders [ port integer ] {
                    ( ipv4_address | ipv6_address ) [ port integer ]; ...
               };
               max-journal-size size_no_default;
               max-transfer-time-in integer;
               max-transfer-time-out integer;
               max-transfer-idle-in integer;
               max-transfer-idle-out integer;
               max-retry-time integer;
               min-retry-time integer;
               max-refresh-time integer;
               min-refresh-time integer;
               multi-master boolean;
               sig-validity-interval integer;
               sig-re-signing-interval integer;
               sig-signing-nodes integer;
               sig-signing-signatures integer;
               sig-signing-type integer;
               transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               alt-transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               alt-transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               use-alt-transfer-source boolean;
               zone-statistics boolean;
               key-directory quoted_string;
               managed-keys-directory quoted_string;
               auto-dnssec allow|maintain|create|off;
               try-tcp-refresh boolean;
               zero-no-soa-ttl boolean;
               zero-no-soa-ttl-cache boolean;
               dnssec-secure-to-insecure boolean;
               deny-answer-addresses {
                    address_match_list
               } [ except-from { namelist } ];
               deny-answer-aliases {
                    namelist
               } [ except-from { namelist } ];
               nsec3-test-zone boolean;  // testing only
               allow-v6-synthesis { address_match_element; ... }; // obsolete
               deallocate-on-exit boolean; // obsolete
               fake-iquery boolean; // obsolete
               fetch-glue boolean; // obsolete
               has-old-clients boolean; // obsolete
               maintain-ixfr-base boolean; // obsolete
               max-ixfr-log-size size; // obsolete
               multiple-cnames boolean; // obsolete
               named-xfer quoted_string; // obsolete
               serial-queries integer; // obsolete
               treat-cr-as-space boolean; // obsolete
               use-id-pool boolean; // obsolete
          };

[править] VIEW

          view string optional_class {
               match-clients { address_match_element; ... };
               match-destinations { address_match_element; ... };
               match-recursive-only boolean;
               key string {
                    algorithm string;
                    secret string;
               };
               zone string optional_class {
                    ...
               };
               server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
                    ...
               };
               trusted-keys {
                    string integer integer integer quoted_string;
                    [...]
               };
               allow-recursion { address_match_element; ... };
               allow-recursion-on { address_match_element; ... };
               sortlist { address_match_element; ... };
               topology { address_match_element; ... }; // not implemented
               auth-nxdomain boolean; // default changed
               minimal-responses boolean;
               recursion boolean;
               rrset-order {
                    [ class string ] [ type string ]
                    [ name quoted_string ] string string; ...
               };
               provide-ixfr boolean;
               request-ixfr boolean;
               rfc2308-type1 boolean; // not yet implemented
               additional-from-auth boolean;
               additional-from-cache boolean;
               query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
               query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
               use-queryport-pool boolean;
               queryport-pool-ports integer;
               queryport-pool-updateinterval integer;
               cleaning-interval integer;
               resolver-query-timeout integer;
               min-roots integer; // not implemented
               lame-ttl integer;
               max-ncache-ttl integer;
               max-cache-ttl integer;
               transfer-format ( many-answers | one-answer );
               max-cache-size size;
               max-acache-size size;
               clients-per-query number;
               max-clients-per-query number;
               check-names ( master | slave | response )
                    ( fail | warn | ignore );
               check-mx ( fail | warn | ignore );
               check-integrity boolean;
               check-mx-cname ( fail | warn | ignore );
               check-srv-cname ( fail | warn | ignore );
               cache-file quoted_string; // test option
               suppress-initial-notify boolean; // not yet implemented
               preferred-glue string;
               dual-stack-servers [ port integer ] {
                    ( quoted_string [port integer] |
                    ipv4_address [port integer] |
                    ipv6_address [port integer] ); ...
               };
               edns-udp-size integer;
               max-udp-size integer;
               root-delegation-only [ exclude { quoted_string; ... } ];
               disable-algorithms string { string; ... };
               dnssec-enable boolean;
               dnssec-validation boolean;
               dnssec-lookaside ( auto | no | domain trust-anchor domain );
               dnssec-must-be-secure string boolean;
               dnssec-accept-expired boolean;
               dns64-server string;
               dns64-contact string;
               dns64 prefix {
                    clients { <replacable>acl</replacable>; };
                    exclude { <replacable>acl</replacable>; };
                    mapped { <replacable>acl</replacable>; };
                    break-dnssec boolean;
                    recursive-only boolean;
                    suffix ipv6_address;
               };
               empty-server string;
               empty-contact string;
               empty-zones-enable boolean;
               disable-empty-zone string;
               dialup dialuptype;
               ixfr-from-differences ixfrdiff;
               allow-query { address_match_element; ... };
               allow-query-on { address_match_element; ... };
               allow-query-cache { address_match_element; ... };
               allow-query-cache-on { address_match_element; ... };
               allow-transfer { address_match_element; ... };
               allow-update { address_match_element; ... };
               allow-update-forwarding { address_match_element; ... };
               update-check-ksk boolean;
               dnssec-dnskey-kskonly boolean;
               masterfile-format ( text | raw );
               notify notifytype;
               notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
               notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
               notify-delay seconds;
               notify-to-soa boolean;
               also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                    [ port integer ]; ...
                    [ key keyname ] ... };
               allow-notify { address_match_element; ... };
               forward ( first | only );
               forwarders [ port integer ] {
                    ( ipv4_address | ipv6_address ) [ port integer ]; ...
               };
               max-journal-size size_no_default;
               max-transfer-time-in integer;
               max-transfer-time-out integer;
               max-transfer-idle-in integer;
               max-transfer-idle-out integer;
               max-retry-time integer;
               min-retry-time integer;
               max-refresh-time integer;
               min-refresh-time integer;
               multi-master boolean;
               sig-validity-interval integer;
               transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               alt-transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               alt-transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               use-alt-transfer-source boolean;
               zone-statistics boolean;
               try-tcp-refresh boolean;
               key-directory quoted_string;
               zero-no-soa-ttl boolean;
               zero-no-soa-ttl-cache boolean;
               dnssec-secure-to-insecure boolean;
               allow-v6-synthesis { address_match_element; ... }; // obsolete
               fetch-glue boolean; // obsolete
               maintain-ixfr-base boolean; // obsolete
               max-ixfr-log-size size; // obsolete
          };

[править] ZONE

          zone string optional_class {
               type ( master | slave | stub | hint | redirect |
                    forward | delegation-only );
               file quoted_string;
               masters [ port integer ] {
                    ( masters |
                    ipv4_address [port integer] |
                    ipv6_address [ port integer ] ) [ key string ]; ...
               };
               database string;
               delegation-only boolean;
               check-names ( fail | warn | ignore );
               check-mx ( fail | warn | ignore );
               check-integrity boolean;
               check-mx-cname ( fail | warn | ignore );
               check-srv-cname ( fail | warn | ignore );
               dialup dialuptype;
               ixfr-from-differences boolean;
               journal quoted_string;
               zero-no-soa-ttl boolean;
               dnssec-secure-to-insecure boolean;
               allow-query { address_match_element; ... };
               allow-query-on { address_match_element; ... };
               allow-transfer { address_match_element; ... };
               allow-update { address_match_element; ... };
               allow-update-forwarding { address_match_element; ... };
               update-policy local |  {
                    ( grant | deny ) string
                    ( name | subdomain | wildcard | self | selfsub | selfwild |
                            krb5-self | ms-self | krb5-subdomain | ms-subdomain |
                      tcp-self | zonesub | 6to4-self ) string
                    rrtypelist;
                    [...]
               };
               update-check-ksk boolean;
               dnssec-dnskey-kskonly boolean;
               masterfile-format ( text | raw );
               notify notifytype;
               notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
               notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
               notify-delay seconds;
               notify-to-soa boolean;
               also-notify [ port integer ] { ( ipv4_address | ipv6_address )
                    [ port integer ]; ...
                    [ key keyname ] ... };
               allow-notify { address_match_element; ... };
               forward ( first | only );
               forwarders [ port integer ] {
                    ( ipv4_address | ipv6_address ) [ port integer ]; ...
               };
               max-journal-size size_no_default;
               max-transfer-time-in integer;
               max-transfer-time-out integer;
               max-transfer-idle-in integer;
               max-transfer-idle-out integer;
               max-retry-time integer;
               min-retry-time integer;
               max-refresh-time integer;
               min-refresh-time integer;
               multi-master boolean;
               request-ixfr boolean;
               sig-validity-interval integer;
               transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               alt-transfer-source ( ipv4_address | * )
                    [ port ( integer | * ) ];
               alt-transfer-source-v6 ( ipv6_address | * )
                    [ port ( integer | * ) ];
               use-alt-transfer-source boolean;
               zone-statistics boolean;
               try-tcp-refresh boolean;
               key-directory quoted_string;
               nsec3-test-zone boolean;  // testing only
               ixfr-base quoted_string; // obsolete
               ixfr-tmp-file quoted_string; // obsolete
               maintain-ixfr-base boolean; // obsolete
               max-ixfr-log-size size; // obsolete
               pubkey integer integer integer quoted_string; // obsolete
          };

[править] FILES

/etc/named.conf

[править] SEE ALSO

named(8), named-checkconf(8), rndc(8), BIND 9 Administrator Reference Manual.

[править] COPYRIGHT

      Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")


BIND9 Aug 13, 2004 NAMED.CONF(5)