named.conf.docbook

非常好的dns解析软件

<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
	       [<!ENTITY mdash "&#8212;">]>
<!--
 - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
 -
 - Permission to use, copy, modify, and distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<!-- $Id: named.conf.docbook,v 1.1.2.25 2007/01/29 23:57:20 marka Exp $ -->
<refentry>
  <refentryinfo>
    <date>Aug 13, 2004</date>
  </refentryinfo>

  <refmeta>
    <refentrytitle><filename>named.conf</filename></refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo>BIND9</refmiscinfo>
  </refmeta>

  <refnamediv>
    <refname><filename>named.conf</filename></refname>
    <refpurpose>configuration file for named</refpurpose>
  </refnamediv>

  <docinfo>
    <copyright>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
  </docinfo>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>named.conf</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>DESCRIPTION</title>
    <para><filename>named.conf</filename> is the configuration file
      for
      <command>named</command>.  Statements are enclosed
      in braces and terminated with a semi-colon.  Clauses in
      the statements are also semi-colon terminated.  The usual
      comment styles are supported:
    </para>
    <para>
      C style: /* */
    </para>
    <para>
      C++ style: // to end of line
    </para>
    <para>
      Unix style: # to end of line
    </para>
  </refsect1>

  <refsect1>
    <title>ACL</title>
    <literallayout>
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };

</literallayout>
  </refsect1>

  <refsect1>
    <title>KEY</title>
    <literallayout>
key <replaceable>domain_name</replaceable> {
	algorithm <replaceable>string</replaceable>;
	secret <replaceable>string</replaceable>;
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>MASTERS</title>
    <literallayout>
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
	( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
	<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>SERVER</title>
    <literallayout>
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
	bogus <replaceable>boolean</replaceable>;
	edns <replaceable>boolean</replaceable>;
	edns-udp-size <replaceable>integer</replaceable>;
	max-udp-size <replaceable>integer</replaceable>;
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	keys <replaceable>server_key</replaceable>;
	transfers <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;

	support-ixfr <replaceable>boolean</replaceable>; // obsolete
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>TRUSTED-KEYS</title>
    <literallayout>
trusted-keys {
	<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>CONTROLS</title>
    <literallayout>
controls {
	inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
		allow { <replaceable>address_match_element</replaceable>; ... }
		<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
	unix <replaceable>unsupported</replaceable>; // not implemented
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>LOGGING</title>
    <literallayout>
logging {
	channel <replaceable>string</replaceable> {
		file <replaceable>log_file</replaceable>;
		syslog <replaceable>optional_facility</replaceable>;
		null;
		stderr;
		severity <replaceable>log_severity</replaceable>;
		print-time <replaceable>boolean</replaceable>;
		print-severity <replaceable>boolean</replaceable>;
		print-category <replaceable>boolean</replaceable>;
	};
	category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>LWRES</title>
    <literallayout>
lwres {
	listen-on <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
	};
	view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
	search { <replaceable>string</replaceable>; ... };
	ndots <replaceable>integer</replaceable>;
};
</literallayout>
  </refsect1>

  <refsect1>
    <title>OPTIONS</title>
    <literallayout>
options {
	avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
	avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
	blackhole { <replaceable>address_match_element</replaceable>; ... };
	coresize <replaceable>size</replaceable>;
	datasize <replaceable>size</replaceable>;
	directory <replaceable>quoted_string</replaceable>;
	dump-file <replaceable>quoted_string</replaceable>;
	files <replaceable>size</replaceable>;
	heartbeat-interval <replaceable>integer</replaceable>;
	host-statistics <replaceable>boolean</replaceable>; // not implemented
	host-statistics-max <replaceable>number</replaceable>; // not implemented
	hostname ( <replaceable>quoted_string</replaceable> | none );
	interface-interval <replaceable>integer</replaceable>;
	listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
	listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
	match-mapped-addresses <replaceable>boolean</replaceable>;
	memstatistics-file <replaceable>quoted_string</replaceable>;
	pid-file ( <replaceable>quoted_string</replaceable> | none );
	port <replaceable>integer</replaceable>;
	querylog <replaceable>boolean</replaceable>;
	recursing-file <replaceable>quoted_string</replaceable>;
	random-device <replaceable>quoted_string</replaceable>;
	recursive-clients <replaceable>integer</replaceable>;
	serial-query-rate <replaceable>integer</replaceable>;
	server-id ( <replaceable>quoted_string</replaceable> | none |;
	stacksize <replaceable>size</replaceable>;
	statistics-file <replaceable>quoted_string</replaceable>;
	statistics-interval <replaceable>integer</replaceable>; // not yet implemented
	tcp-clients <replaceable>integer</replaceable>;
	tcp-listen-queue <replaceable>integer</replaceable>;
	tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
	tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
	tkey-domain <replaceable>quoted_string</replaceable>;
	transfers-per-ns <replaceable>integer</replaceable>;
	transfers-in <replaceable>integer</replaceable>;
	transfers-out <replaceable>integer</replaceable>;
	use-ixfr <replaceable>boolean</replaceable>;
	version ( <replaceable>quoted_string</replaceable> | none );
	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
	sortlist { <replaceable>address_match_element</replaceable>; ... };
	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
	minimal-responses <replaceable>boolean</replaceable>;
	recursion <replaceable>boolean</replaceable>;
	rrset-order {
		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
	};
	provide-ixfr <replaceable>boolean</replaceable>;
	request-ixfr <replaceable>boolean</replaceable>;
	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
	additional-from-auth <replaceable>boolean</replaceable>;
	additional-from-cache <replaceable>boolean</replaceable>;
	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	cleaning-interval <replaceable>integer</replaceable>;
	min-roots <replaceable>integer</replaceable>; // not implemented
	lame-ttl <replaceable>integer</replaceable>;
	max-ncache-ttl <replaceable>integer</replaceable>;
	max-cache-ttl <replaceable>integer</replaceable>;
	transfer-format ( many-answers | one-answer );
	max-cache-size <replaceable>size_no_default</replaceable>;
	max-acache-size <replaceable>size_no_default</replaceable>;
	clients-per-query <replaceable>number</replaceable>;
	max-clients-per-query <replaceable>number</replaceable>;
	check-names ( master | slave | response )
		( fail | warn | ignore );
	check-mx ( fail | warn | ignore );
	check-integrity <replaceable>boolean</replaceable>;
	check-mx-cname ( fail | warn | ignore );
	check-srv-cname ( fail | warn | ignore );
	cache-file <replaceable>quoted_string</replaceable>; // test option
	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
	preferred-glue <replaceable>string</replaceable>;
	dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
		<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
	};
	edns-udp-size <replaceable>integer</replaceable>;
	max-udp-size <replaceable>integer</replaceable>;
	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
	disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
	dnssec-enable <replaceable>boolean</replaceable>;
	dnssec-validation <replaceable>boolean</replaceable>;
	dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
	dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
	dnssec-accept-expired <replaceable>boolean</replaceable>;

	empty-server <replaceable>string</replaceable>;
	empty-contact <replaceable>string</replaceable>;
	empty-zones-enable <replaceable>boolean</replaceable>;
	disable-empty-zone <replaceable>string</replaceable>;

	dialup <replaceable>dialuptype</replaceable>;
	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;

	allow-query { <replaceable>address_match_element</replaceable>; ... };
	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
	allow-update { <replaceable>address_match_element</replaceable>; ... };
	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
	update-check-ksk <replaceable>boolean</replaceable>;

	notify <replaceable>notifytype</replaceable>;
	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
	notify-delay <replaceable>seconds</replaceable>;
	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
		<optional> port <replaceable>integer</replaceable> </optional>; ... };
	allow-notify { <replaceable>address_match_element</replaceable>; ... };

	forward ( first | only );
	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...