System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Previous Next

The named.conf Options

The following list compares the named.conf options between BIND 8 and BIND 9. It also provides a brief description of the changes. An OK in the Changes column denotes the option works unchanged for the BIND 9 version of named.

Options {

Changes

[ version version_string; ]

OK

[ directory path_name; ]

OK

[ named-xfer path_name; ]

Obsolete1

[ dump-file path_name; ]

OK

[ memstatistics-file path_name; ]

Not Implemented

[ pid-file path_name; ]

OK

[ statistics-file path_name; ]

OK

[ auth-nxdomain yes_or_no; ]

OK2

[ dialup yes_or_no;

OK

[ fake-iquery yes_or_no; ]

Obsolete

[ fetch-glue yes_or_no; ]

Obsolete

[ has-old-clients yes_or_no; ]

Obsolete

[ host-statistics yes_or_no; ]

Not Implemented

[ host-statistics-max number; ]

Not Implemented

[ multiple-cnames yes_or_no; ]

Obsolete

[ notify yes_or_no | explicit; ]

OK

[ recursion yes_or_no; ]

OK

[ rfc2308-type1 yes_or_no; ]

Not Implemented

[ use-id-pool yes_or_no; ]

Obsolete

[ treat-cr-as-space yes_or_no; ]

Obsolete

[ also-notify yes_or_no; ]

Syntax Changed3

[ forward ( only | first ); ]

OK4

[ forwarders { [ in_addr ; \

[ in_addr ; ... ] ] }; ]

OK5

[ check-names ( master | slave | \

response ) ( warn | fail | ignore); ]

Not Implemented

[ allow-query { address_match_list }; ]

OK

[ allow-recursion { address_match_list }; ]

OK

[ allow-transfer { address_match_list }; ]

OK

[ blackhole { address_match_list }; ]

OK

[ listen-on [ port ip_port ] \

{ address_match_list }; ]

OK

[ query-source [ address ( ip_addr | * ) ] \

OK

[ port ( ip_port | * ) ] ; ]

[ lame-ttl number; ]

OK

[ max-transfer-time-in number; ]

OK

[ max-ncache-ttl number; ]

OK

[ min-roots number; ]

Not Implemented

[ transfer-format ( one-answer | \

many-answers ); ]

OK6

[ transfers-in number; ]

OK

[ transfers-out number; ]

OK

[ transfers-per-ns number; ]

OK

[ transfer-source ip_addr; ]

OK

[ maintain-ixfr-base yes_or_no; ]

Obsolete

[ max-ixfr-log-size number; ]

Obsolete7

[ coresize size_spec ; ]

OK

[ datasize size_spec ; ]

OK

[ files size_spec ; ]

OK

[ stacksize size_spec ; ]

OK

[ cleaning-interval number; ]

OK

[ heartbeat-interval number; ]

OK

[ interface-interval number; ]

OK

[ statistics-interval number; ]

Not Implemented

[ topology { address_match_list }; ]

Not Implemented

[ sortlist { address_match_list }; ]

OK

[ rrset-order { order_spec ; \

[ order_spec ; ... ] }; ]

Not Implemented

};

1Obsolete due to architectural differences.

2Default set to yes in BIND 8, no in BIND 9.

3Needs an IP address for yes.

4Doesn't work if no forwarder specified; Gives an error of no matching 'forwarders' statement in that case.

5See [ forward ] clause.

6Default set to one-answer in BIND 8 and many-answers in BIND 9.

7No need for this option as BIND 9 trims the size of its log file automatically.

Statements in BIND 9

This section describes any differences between BIND 8 and BIND 9 statements.

The Controls Statement

unix is the default for ndc and all of the arguments are compiled in. inet is the only option for rndc and nothing is compiled in.

  Syntax
     controls {
       [ inet ip_addr
         port ip_port
         allow { address_match_list; }; ]    OK
       [ unix path_name
         perm number
         owner number
         group number; ]            Not Implemented
     };

Logging syntax has changed significantly. See The named.conf Options for a list of named.conf options.

The Zone Statement

The syntax for the zone statement in the BIND 8 named.conf man page is.mostly supported for BIND 9 except for the following:

  [ pubkey number number number string; ]    Obsolete
  [ check-names ( warn | fail | ignore ); ]    Not Implemented
The ACL Statement

Works unchanged in BIND 9.

  Syntax
     acl name {
       address_match_list
     };
The Key Statement

Works unchanged in BIND 9.

  Syntax
     key key_id {
       algorithm algorithm_id;
       secret secret_string;
     };
The Trusted-Keys Statement

Works unchanged, however the code to use this statement has been turned off in BIND 9.2.4.

  Syntax
     trusted-keys {
       [ domain_name flags protocol algorithm key; ]
     };
The Server Statement

support-ixfr is obsolete, however all of the following options work unchanged in BIND 9. Note the default for transfer-format has changed.

  Syntax
     server ip_addr {
       [ bogus yes_or_no; ]
       [ transfers number; ]
       [ transfer-format ( one-answer | many-answers ); ]
       [ keys { key_id [ key_id ... ] }; ]
       [ edns yes_or_no; ]
     };
The Include Statement

Works unchanged in BIND 9.

  Syntax
     include path_name;

Summary of the named.conf Options

A detailed named.conf man page is not included with BIND 9.2.4. Following is a summary of the named.conf options that are supported in BIND 9.2.4.

options  {
        blackhole { <address_match_element>; ... };
        coresize <size>;
        datasize <size>;
        deallocate-on-exit <boolean>; // obsolete
        directory <quoted_string>;
        dump-file <quoted_string>;
        fake-iquery <boolean>; // obsolete
        files <size>;
        has-old-clients <boolean>; // obsolete
        heartbeat-interval <integer>;
        host-statistics <boolean>; // not implemented
        host-statistics-max <integer>; // not implemented
        interface-interval <integer>;
        listen-on [ port <integer> ] { <address_match_element>; ... };
        listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
        match-mapped-addresses <boolean>;
        memstatistics-file <quoted_string>; // not implemented
        multiple-cnames <boolean>; // obsolete
        named-xfer <quoted_string>; // obsolete
        pid-file <quoted_string>;
        port <integer>;
        random-device <quoted_string>;
        recursive-clients <integer>;
        rrset-order { [ class <string> ] [ type <string> ] [ name
            <quoted_string> ] <string> <string>; ... }; // not implemented
        serial-queries <integer>; // obsolete
        serial-query-rate <integer>;
        stacksize <size>;
        statistics-file <quoted_string>;
        statistics-interval <integer>; // not yet implemented
        tcp-clients <integer>;
        tkey-dhkey <quoted_string> <integer>;
        tkey-gssapi-credential <quoted_string>;
        tkey-domain <quoted_string>;
        transfers-per-ns <integer>;
        transfers-in <integer>;
        transfers-out <integer>;
        treat-cr-as-space <boolean>; // obsolete
        use-id-pool <boolean>; // obsolete
        use-ixfr <boolean>;
        version <quoted_string>;
        allow-recursion { <address_match_element>; ... };
        allow-v6-synthesis { <address_match_element>; ... };
        sortlist { <address_match_element>; ... };
        topology { <address_match_element>; ... }; // not implemented
        auth-nxdomain <boolean>; // default changed
        minimal-responses <boolean>;
        recursion <boolean>;
        provide-ixfr <boolean>;
        request-ixfr <boolean>;
        fetch-glue <boolean>; // obsolete
        rfc2308-type1 <boolean>; // not yet implemented
        additional-from-auth <boolean>;
        additional-from-cache <boolean>;
        query-source <querysource4>;
        query-source-v6 <querysource6>;
        cleaning-interval <integer>;
        min-roots <integer>; // not implemented
        lame-ttl <integer>;
        max-ncache-ttl <integer>;
        max-cache-ttl <integer>;
        transfer-format ( many-answers | one-answer );
        max-cache-size <size_no_default>;
        check-names <string> <string>; // not implemented
        cache-file <quoted_string>;
        allow-query { <address_match_element>; ... };
        allow-transfer { <address_match_element>; ... };
        allow-update-forwarding { <address_match_element>; ... };
        allow-notify { <address_match_element>; ... };
        notify <notifytype>;
        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
        also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
            ) [ port <integer> ]; ... };
        dialup <dialuptype>;
        forward ( first | only );
        forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
            [ port <integer> ]; ... };
        maintain-ixfr-base <boolean>; // obsolete
        max-ixfr-log-size <size>; // obsolete
        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
        max-transfer-time-in <integer>;
        max-transfer-time-out <integer>;
        max-transfer-idle-in <integer>;
        max-transfer-idle-out <integer>;
        max-retry-time <integer>;
        min-retry-time <integer>;
        max-refresh-time <integer>;
        min-refresh-time <integer>;
        sig-validity-interval <integer>;
        zone-statistics <boolean>;
};

controls {
        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
            ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ];
        unix <unsupported>; // not implemented
};

acl <string> { <address_match_element>; ... };

logging {
        channel <string> {
                file <logfile>;
                syslog <optional_facility>;
                null;
                stderr;
                severity <logseverity>;
                print-time <boolean>;
                print-severity <boolean>;
                print-category <boolean>;
        };
        category <string> { <string>; ... };
};

view <string> <optional_class> {
        match-clients { <address_match_element>; ... };
        match-destinations { <address_match_element>; ... };
        match-recursive-only <boolean>;
        key <string> {
                algorithm <string>;
                secret <string>;
        };
        zone <string> <optional_class> {
                type ( master | slave | stub | hint | forward );
                allow-update { <address_match_element>; ... };
                file <quoted_string>;
                ixfr-base <quoted_string>; // obsolete
                ixfr-tmp-file <quoted_string>; // obsolete
                masters [ port <integer> ] { ( <ipv4_address> |
                    <ipv6_address> ) [ port <integer> ] [ key <string> ]; ... };
                pubkey <integer> <integer> <integer> <quoted_string>; //
                    obsolete
                update-policy { ( grant | deny ) <string> ( name |
                    subdomain | wildcard | self ) <string> <rrtypelist>; ... };
                database <string>;
                check-names <string>; // not implemented
                allow-query { <address_match_element>; ... };
                allow-transfer { <address_match_element>; ... };
                allow-update-forwarding { <address_match_element>; ... };
                allow-notify { <address_match_element>; ... };
                notify <notifytype>;
                notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
                    ) ];
                notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
                    | * ) ];
                also-notify [ port <integer> ] { ( <ipv4_address> |
                    <ipv6_address> ) [ port <integer> ]; ... };
                dialup <dialuptype>;
                forward ( first | only );
                forwarders [ port <integer> ] { ( <ipv4_address> |
                    <ipv6_address> ) [ port <integer> ]; ... };
                maintain-ixfr-base <boolean>; // obsolete
                max-ixfr-log-size <size>; // obsolete
                transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
                    * ) ];
                transfer-source-v6 ( <ipv6_address> | * ) [ port (
                    <integer> | * ) ];
                max-transfer-time-in <integer>;
                max-transfer-time-out <integer>;
                max-transfer-idle-in <integer>;
                max-transfer-idle-out <integer>;
                max-retry-time <integer>;
                min-retry-time <integer>;
                max-refresh-time <integer>;
                min-refresh-time <integer>;
                sig-validity-interval <integer>;
                zone-statistics <boolean>;
        };
        server {
                bogus <boolean>;
                provide-ixfr <boolean>;
                request-ixfr <boolean>;
                support-ixfr <boolean>; // obsolete
                transfers <integer>;
                transfer-format ( many-answers | one-answer );
                keys <server_key>;
                edns <boolean>;
        };
        trusted-keys { <string> <integer> <integer> <integer>
            <quoted_string>; ... };
        allow-recursion { <address_match_element>; ... };
        allow-v6-synthesis { <address_match_element>; ... };
        sortlist { <address_match_element>; ... };
        topology { <address_match_element>; ... }; // not implemented
        auth-nxdomain <boolean>; // default changed
        minimal-responses <boolean>;
        recursion <boolean>;
        provide-ixfr <boolean>;
        request-ixfr <boolean>;
        fetch-glue <boolean>; // obsolete
        rfc2308-type1 <boolean>; // not yet implemented
        additional-from-auth <boolean>;
        additional-from-cache <boolean>;
        query-source <querysource4>;
        query-source-v6 <querysource6>;
        cleaning-interval <integer>;
        min-roots <integer>; // not implemented
        lame-ttl <integer>;
        max-ncache-ttl <integer>;
        max-cache-ttl <integer>;
        transfer-format ( many-answers | one-answer );
        max-cache-size <size_no_default>;
        check-names <string> <string>; // not implemented
        cache-file <quoted_string>;
        allow-query { <address_match_element>; ... };
        allow-transfer { <address_match_element>; ... };
        allow-update-forwarding { <address_match_element>; ... };
        allow-notify { <address_match_element>; ... };
        notify <notifytype>;
        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
        also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
            ) [ port <integer> ]; ... };
        dialup <dialuptype>;
        forward ( first | only );
        forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
            [ port <integer> ]; ... };
        maintain-ixfr-base <boolean>; // obsolete
        max-ixfr-log-size <size>; // obsolete
        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
        max-transfer-time-in <integer>;
        max-transfer-time-out <integer>;
        max-transfer-idle-in <integer>;
        max-transfer-idle-out <integer>;
        max-retry-time <integer>;
        min-retry-time <integer>;
        max-refresh-time <integer>;
        min-refresh-time <integer>;
        sig-validity-interval <integer>;
        zone-statistics <boolean>;
};

lwres {
        listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
            [ port <integer> ]; ... };
        view <string> <optional_class>;
        search { <string>; ... };
        ndots <integer>;
};

key <string> {
        algorithm <string>;
        secret <string>;
};

zone <string> <optional_class> {
        type ( master | slave | stub | hint | forward );
        allow-update { <address_match_element>; ... };
        file <quoted_string>;
        ixfr-base <quoted_string>; // obsolete
        ixfr-tmp-file <quoted_string>; // obsolete
        masters [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [
            port <integer> ] [ key <string> ]; ... };
        pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
        update-policy { ( grant | deny ) <string> ( name | subdomain |
            wildcard | self ) <string> <rrtypelist>; ... };
        database <string>;
        check-names <string>; // not implemented
        allow-query { <address_match_element>; ... };
        allow-transfer { <address_match_element>; ... };
        allow-update-forwarding { <address_match_element>; ... };
        allow-notify { <address_match_element>; ... };
        notify <notifytype>;
        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
        also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
            ) [ port <integer> ]; ... };
        dialup <dialuptype>;
        forward ( first | only );
        forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
            [ port <integer> ]; ... };
        maintain-ixfr-base <boolean>; // obsolete
        max-ixfr-log-size <size>; // obsolete
        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
        max-transfer-time-in <integer>;
        max-transfer-time-out <integer>;
        max-transfer-idle-in <integer>;
        max-transfer-idle-out <integer>;
        max-retry-time <integer>;
        min-retry-time <integer>;
        max-refresh-time <integer>;
        min-refresh-time <integer>;
        sig-validity-interval <integer>;
        zone-statistics <boolean>;
};

server {
        bogus <boolean>;
        provide-ixfr <boolean>;
        request-ixfr <boolean>;
        support-ixfr <boolean>; // obsolete
        transfers <integer>;
        transfer-format ( many-answers | one-answer );
        keys <server_key>;
        edns <boolean>;
};

trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
            
Previous Next