Deleted Added
sdiff udiff text old ( 1.1.1.8 ) new ( 1.1.1.9 )
full compact
options (1.1.1.8) options (1.1.1.9)
1
2This is a summary of the named.conf options supported by
3this version of BIND 9.
4
5acl <string> { <address_match_element>; ... }; // may occur multiple times
6
7controls {
8 inet ( <ipv4_address> | <ipv6_address> |
9 * ) [ port ( <integer> | * ) ] allow
10 { <address_match_element>; ... } [
11 keys { <string>; ... } ] [ read-only
12 <boolean> ]; // may occur multiple times
13 unix <quoted_string> perm <integer>
14 owner <integer> group <integer> [
15 keys { <string>; ... } ] [ read-only
16 <boolean> ]; // may occur multiple times
17}; // may occur multiple times
18
19dlz <string> {
20 database <string>;
21 search <boolean>;
22}; // may occur multiple times
23
24dnssec-policy <string> {
25 dnskey-ttl <duration>;
26 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
27 <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
28 max-zone-ttl <duration>;
29 nsec3param [ iterations <integer> ] [ optout <boolean> ] [
30 salt-length <integer> ];
31 parent-ds-ttl <duration>;
32 parent-propagation-delay <duration>;
33 parent-registration-delay <duration>; // obsolete
34 publish-safety <duration>;
1
2This is a summary of the named.conf options supported by
3this version of BIND 9.
4
5acl <string> { <address_match_element>; ... }; // may occur multiple times
6
7controls {
8 inet ( <ipv4_address> | <ipv6_address> |
9 * ) [ port ( <integer> | * ) ] allow
10 { <address_match_element>; ... } [
11 keys { <string>; ... } ] [ read-only
12 <boolean> ]; // may occur multiple times
13 unix <quoted_string> perm <integer>
14 owner <integer> group <integer> [
15 keys { <string>; ... } ] [ read-only
16 <boolean> ]; // may occur multiple times
17}; // may occur multiple times
18
19dlz <string> {
20 database <string>;
21 search <boolean>;
22}; // may occur multiple times
23
24dnssec-policy <string> {
25 dnskey-ttl <duration>;
26 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
27 <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
28 max-zone-ttl <duration>;
29 nsec3param [ iterations <integer> ] [ optout <boolean> ] [
30 salt-length <integer> ];
31 parent-ds-ttl <duration>;
32 parent-propagation-delay <duration>;
33 parent-registration-delay <duration>; // obsolete
34 publish-safety <duration>;
35 purge-keys <duration>;
35 retire-safety <duration>;
36 signatures-refresh <duration>;
37 signatures-validity <duration>;
38 signatures-validity-dnskey <duration>;
39 zone-propagation-delay <duration>;
40}; // may occur multiple times
41
42dyndb <string> <quoted_string> {
43 <unspecified-text> }; // may occur multiple times
44
45key <string> {
46 algorithm <string>;
47 secret <string>;
48}; // may occur multiple times
49
50logging {
51 category <string> { <string>; ... }; // may occur multiple times
52 channel <string> {
53 buffered <boolean>;
54 file <quoted_string> [ versions ( unlimited | <integer> ) ]
55 [ size <size> ] [ suffix ( increment | timestamp ) ];
56 null;
57 print-category <boolean>;
58 print-severity <boolean>;
59 print-time ( iso8601 | iso8601-utc | local | <boolean> );
60 severity <log_severity>;
61 stderr;
62 syslog [ <syslog_facility> ];
63 }; // may occur multiple times
64};
65
66lwres { <unspecified-text> }; // obsolete, may occur multiple times
67
68managed-keys { <string> ( static-key
69 | initial-key | static-ds |
70 initial-ds ) <integer> <integer>
71 <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
72
73masters <string> [ port <integer> ] [ dscp
74 <integer> ] { ( <primaries> | <ipv4_address>
75 [ port <integer> ] | <ipv6_address> [ port
76 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
77
78options {
79 acache-cleaning-interval <integer>; // obsolete
80 acache-enable <boolean>; // obsolete
81 additional-from-auth <boolean>; // obsolete
82 additional-from-cache <boolean>; // obsolete
83 allow-new-zones <boolean>;
84 allow-notify { <address_match_element>; ... };
85 allow-query { <address_match_element>; ... };
86 allow-query-cache { <address_match_element>; ... };
87 allow-query-cache-on { <address_match_element>; ... };
88 allow-query-on { <address_match_element>; ... };
89 allow-recursion { <address_match_element>; ... };
90 allow-recursion-on { <address_match_element>; ... };
91 allow-transfer { <address_match_element>; ... };
92 allow-update { <address_match_element>; ... };
93 allow-update-forwarding { <address_match_element>; ... };
94 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
95 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
96 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
97 <integer> ] ) [ key <string> ]; ... };
98 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
99 ] [ dscp <integer> ];
100 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
101 * ) ] [ dscp <integer> ];
102 answer-cookie <boolean>;
103 attach-cache <string>;
104 auth-nxdomain <boolean>; // default changed
105 auto-dnssec ( allow | maintain | off );
106 automatic-interface-scan <boolean>;
107 avoid-v4-udp-ports { <portrange>; ... };
108 avoid-v6-udp-ports { <portrange>; ... };
109 bindkeys-file <quoted_string>;
110 blackhole { <address_match_element>; ... };
111 cache-file <quoted_string>;
112 catalog-zones { zone <string> [ default-masters [ port <integer> ]
113 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
114 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
115 <string> ]; ... } ] [ zone-directory <quoted_string> ] [
116 in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
117 check-dup-records ( fail | warn | ignore );
118 check-integrity <boolean>;
119 check-mx ( fail | warn | ignore );
120 check-mx-cname ( fail | warn | ignore );
121 check-names ( primary | master |
122 secondary | slave | response ) (
123 fail | warn | ignore ); // may occur multiple times
124 check-sibling <boolean>;
125 check-spf ( warn | ignore );
126 check-srv-cname ( fail | warn | ignore );
127 check-wildcard <boolean>;
128 cleaning-interval <integer>; // obsolete
129 clients-per-query <integer>;
130 cookie-algorithm ( aes | siphash24 );
131 cookie-secret <string>; // may occur multiple times
132 coresize ( default | unlimited | <sizeval> );
133 datasize ( default | unlimited | <sizeval> );
134 deallocate-on-exit <boolean>; // ancient
135 deny-answer-addresses { <address_match_element>; ... } [
136 except-from { <string>; ... } ];
137 deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
138 } ];
139 dialup ( notify | notify-passive | passive | refresh | <boolean> );
140 directory <quoted_string>;
141 disable-algorithms <string> { <string>;
142 ... }; // may occur multiple times
143 disable-ds-digests <string> { <string>;
144 ... }; // may occur multiple times
145 disable-empty-zone <string>; // may occur multiple times
146 dns64 <netprefix> {
147 break-dnssec <boolean>;
148 clients { <address_match_element>; ... };
149 exclude { <address_match_element>; ... };
150 mapped { <address_match_element>; ... };
151 recursive-only <boolean>;
152 suffix <ipv6_address>;
153 }; // may occur multiple times
154 dns64-contact <string>;
155 dns64-server <string>;
156 dnskey-sig-validity <integer>;
157 dnsrps-enable <boolean>; // not configured
158 dnsrps-options { <unspecified-text> }; // not configured
159 dnssec-accept-expired <boolean>;
160 dnssec-dnskey-kskonly <boolean>;
161 dnssec-enable <boolean>; // obsolete
162 dnssec-loadkeys-interval <integer>;
163 dnssec-lookaside ( <string>
164 trust-anchor <string> |
165 auto | no ); // obsolete, may occur multiple times
166 dnssec-must-be-secure <string> <boolean>; // may occur multiple times
167 dnssec-policy <string>;
168 dnssec-secure-to-insecure <boolean>;
169 dnssec-update-mode ( maintain | no-resign );
170 dnssec-validation ( yes | no | auto );
171 dnstap { ( all | auth | client | forwarder |
172 resolver | update ) [ ( query | response ) ];
173 ... }; // not configured
174 dnstap-identity ( <quoted_string> | none |
175 hostname ); // not configured
176 dnstap-output ( file | unix ) <quoted_string> [
177 size ( unlimited | <size> ) ] [ versions (
178 unlimited | <integer> ) ] [ suffix ( increment
179 | timestamp ) ]; // not configured
180 dnstap-version ( <quoted_string> | none ); // not configured
181 dscp <integer>;
182 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
183 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
184 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
185 <integer> ] [ dscp <integer> ] ); ... };
186 dump-file <quoted_string>;
187 edns-udp-size <integer>;
188 empty-contact <string>;
189 empty-server <string>;
190 empty-zones-enable <boolean>;
191 fake-iquery <boolean>; // ancient
192 fetch-glue <boolean>; // ancient
193 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
194 fetches-per-server <integer> [ ( drop | fail ) ];
195 fetches-per-zone <integer> [ ( drop | fail ) ];
196 files ( default | unlimited | <sizeval> );
197 filter-aaaa { <address_match_element>; ... }; // obsolete
198 filter-aaaa-on-v4 <boolean>; // obsolete
199 filter-aaaa-on-v6 <boolean>; // obsolete
200 flush-zones-on-shutdown <boolean>;
201 forward ( first | only );
202 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
203 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
204 fstrm-set-buffer-hint <integer>; // not configured
205 fstrm-set-flush-timeout <integer>; // not configured
206 fstrm-set-input-queue-size <integer>; // not configured
207 fstrm-set-output-notify-threshold <integer>; // not configured
208 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
209 fstrm-set-output-queue-size <integer>; // not configured
210 fstrm-set-reopen-interval <duration>; // not configured
211 geoip-directory ( <quoted_string> | none );
212 geoip-use-ecs <boolean>; // obsolete
213 glue-cache <boolean>;
214 has-old-clients <boolean>; // ancient
215 heartbeat-interval <integer>;
216 host-statistics <boolean>; // ancient
217 host-statistics-max <integer>; // ancient
218 hostname ( <quoted_string> | none );
219 inline-signing <boolean>;
220 interface-interval <duration>;
221 ixfr-from-differences ( primary | master | secondary | slave |
222 <boolean> );
223 keep-response-order { <address_match_element>; ... };
224 key-directory <quoted_string>;
225 lame-ttl <duration>;
226 listen-on [ port <integer> ] [ dscp
227 <integer> ] {
228 <address_match_element>; ... }; // may occur multiple times
229 listen-on-v6 [ port <integer> ] [ dscp
230 <integer> ] {
231 <address_match_element>; ... }; // may occur multiple times
232 lmdb-mapsize <sizeval>;
233 lock-file ( <quoted_string> | none );
234 maintain-ixfr-base <boolean>; // ancient
235 managed-keys-directory <quoted_string>;
236 masterfile-format ( map | raw | text );
237 masterfile-style ( full | relative );
238 match-mapped-addresses <boolean>;
239 max-acache-size ( unlimited | <sizeval> ); // obsolete
240 max-cache-size ( default | unlimited | <sizeval> | <percentage> );
241 max-cache-ttl <duration>;
242 max-clients-per-query <integer>;
243 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
244 max-ixfr-ratio ( unlimited | <percentage> );
245 max-journal-size ( default | unlimited | <sizeval> );
246 max-ncache-ttl <duration>;
247 max-records <integer>;
248 max-recursion-depth <integer>;
249 max-recursion-queries <integer>;
250 max-refresh-time <integer>;
251 max-retry-time <integer>;
252 max-rsa-exponent-size <integer>;
253 max-stale-ttl <duration>;
254 max-transfer-idle-in <integer>;
255 max-transfer-idle-out <integer>;
256 max-transfer-time-in <integer>;
257 max-transfer-time-out <integer>;
258 max-udp-size <integer>;
259 max-zone-ttl ( unlimited | <duration> );
260 memstatistics <boolean>;
261 memstatistics-file <quoted_string>;
262 message-compression <boolean>;
263 min-cache-ttl <duration>;
264 min-ncache-ttl <duration>;
265 min-refresh-time <integer>;
266 min-retry-time <integer>;
267 min-roots <integer>; // ancient
268 minimal-any <boolean>;
269 minimal-responses ( no-auth | no-auth-recursive | <boolean> );
270 multi-master <boolean>;
271 multiple-cnames <boolean>; // ancient
272 named-xfer <quoted_string>; // ancient
273 new-zones-directory <quoted_string>;
274 no-case-compress { <address_match_element>; ... };
275 nocookie-udp-size <integer>;
276 nosit-udp-size <integer>; // obsolete
277 notify ( explicit | master-only | primary-only | <boolean> );
278 notify-delay <integer>;
279 notify-rate <integer>;
280 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
281 dscp <integer> ];
282 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
283 [ dscp <integer> ];
284 notify-to-soa <boolean>;
285 nsec3-test-zone <boolean>; // test only
286 nta-lifetime <duration>;
287 nta-recheck <duration>;
288 nxdomain-redirect <string>;
289 pid-file ( <quoted_string> | none );
290 port <integer>;
291 preferred-glue <string>;
292 prefetch <integer> [ <integer> ];
293 provide-ixfr <boolean>;
294 qname-minimization ( strict | relaxed | disabled | off );
295 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
296 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
297 port ( <integer> | * ) ) ) [ dscp <integer> ];
298 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
299 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
300 port ( <integer> | * ) ) ) [ dscp <integer> ];
301 querylog <boolean>;
302 queryport-pool-ports <integer>; // obsolete
303 queryport-pool-updateinterval <integer>; // obsolete
304 random-device ( <quoted_string> | none );
305 rate-limit {
306 all-per-second <integer>;
307 errors-per-second <integer>;
308 exempt-clients { <address_match_element>; ... };
309 ipv4-prefix-length <integer>;
310 ipv6-prefix-length <integer>;
311 log-only <boolean>;
312 max-table-size <integer>;
313 min-table-size <integer>;
314 nodata-per-second <integer>;
315 nxdomains-per-second <integer>;
316 qps-scale <integer>;
317 referrals-per-second <integer>;
318 responses-per-second <integer>;
319 slip <integer>;
320 window <integer>;
321 };
322 recursing-file <quoted_string>;
323 recursion <boolean>;
324 recursive-clients <integer>;
325 request-expire <boolean>;
326 request-ixfr <boolean>;
327 request-nsid <boolean>;
328 request-sit <boolean>; // obsolete
329 require-server-cookie <boolean>;
330 reserved-sockets <integer>;
331 resolver-nonbackoff-tries <integer>;
332 resolver-query-timeout <integer>;
333 resolver-retry-interval <integer>;
334 response-padding { <address_match_element>; ... } block-size
335 <integer>;
336 response-policy { zone <string> [ add-soa <boolean> ] [ log
337 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
338 <duration> ] [ policy ( cname | disabled | drop | given | no-op
339 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
340 recursive-only <boolean> ] [ nsip-enable <boolean> ] [
341 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
342 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
343 min-update-interval <duration> ] [ min-ns-dots <integer> ] [
344 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
345 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
346 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
347 dnsrps-options { <unspecified-text> } ];
348 rfc2308-type1 <boolean>; // ancient
349 root-delegation-only [ exclude { <string>; ... } ];
350 root-key-sentinel <boolean>;
351 rrset-order { [ class <string> ] [ type <string> ] [ name
352 <quoted_string> ] <string> <string>; ... };
353 secroots-file <quoted_string>;
354 send-cookie <boolean>;
355 serial-queries <integer>; // ancient
356 serial-query-rate <integer>;
357 serial-update-method ( date | increment | unixtime );
358 server-id ( <quoted_string> | none | hostname );
359 servfail-ttl <duration>;
360 session-keyalg <string>;
361 session-keyfile ( <quoted_string> | none );
362 session-keyname <string>;
363 sig-signing-nodes <integer>;
364 sig-signing-signatures <integer>;
365 sig-signing-type <integer>;
366 sig-validity-interval <integer> [ <integer> ];
367 sit-secret <string>; // obsolete
368 sortlist { <address_match_element>; ... };
369 stacksize ( default | unlimited | <sizeval> );
370 stale-answer-client-timeout ( disabled | off | <integer> );
371 stale-answer-enable <boolean>;
372 stale-answer-ttl <duration>;
373 stale-cache-enable <boolean>;
374 stale-refresh-time <duration>;
375 startup-notify-rate <integer>;
376 statistics-file <quoted_string>;
377 statistics-interval <integer>; // ancient
378 suppress-initial-notify <boolean>; // not yet implemented
379 synth-from-dnssec <boolean>;
380 tcp-advertised-timeout <integer>;
381 tcp-clients <integer>;
382 tcp-idle-timeout <integer>;
383 tcp-initial-timeout <integer>;
384 tcp-keepalive-timeout <integer>;
385 tcp-listen-queue <integer>;
386 tkey-dhkey <quoted_string> <integer>;
387 tkey-domain <quoted_string>;
388 tkey-gssapi-credential <quoted_string>;
389 tkey-gssapi-keytab <quoted_string>;
390 topology { <address_match_element>; ... }; // ancient
391 transfer-format ( many-answers | one-answer );
392 transfer-message-size <integer>;
393 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
394 dscp <integer> ];
395 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
396 ] [ dscp <integer> ];
397 transfers-in <integer>;
398 transfers-out <integer>;
399 transfers-per-ns <integer>;
400 treat-cr-as-space <boolean>; // ancient
401 trust-anchor-telemetry <boolean>; // experimental
402 try-tcp-refresh <boolean>;
403 update-check-ksk <boolean>;
404 use-alt-transfer-source <boolean>;
405 use-id-pool <boolean>; // ancient
406 use-ixfr <boolean>; // obsolete
407 use-queryport-pool <boolean>; // obsolete
408 use-v4-udp-ports { <portrange>; ... };
409 use-v6-udp-ports { <portrange>; ... };
410 v6-bias <integer>;
411 validate-except { <string>; ... };
412 version ( <quoted_string> | none );
413 zero-no-soa-ttl <boolean>;
414 zero-no-soa-ttl-cache <boolean>;
415 zone-statistics ( full | terse | none | <boolean> );
416};
417
418plugin ( query ) <string> [ { <unspecified-text>
419 } ]; // may occur multiple times
420
421primaries <string> [ port <integer> ] [ dscp
422 <integer> ] { ( <primaries> | <ipv4_address>
423 [ port <integer> ] | <ipv6_address> [ port
424 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
425
426server <netprefix> {
427 bogus <boolean>;
428 edns <boolean>;
429 edns-udp-size <integer>;
430 edns-version <integer>;
431 keys <server_key>;
432 max-udp-size <integer>;
433 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
434 dscp <integer> ];
435 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
436 [ dscp <integer> ];
437 padding <integer>;
438 provide-ixfr <boolean>;
439 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
440 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
441 port ( <integer> | * ) ) ) [ dscp <integer> ];
442 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
443 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
444 port ( <integer> | * ) ) ) [ dscp <integer> ];
445 request-expire <boolean>;
446 request-ixfr <boolean>;
447 request-nsid <boolean>;
448 request-sit <boolean>; // obsolete
449 send-cookie <boolean>;
450 support-ixfr <boolean>; // obsolete
451 tcp-keepalive <boolean>;
452 tcp-only <boolean>;
453 transfer-format ( many-answers | one-answer );
454 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
455 dscp <integer> ];
456 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
457 ] [ dscp <integer> ];
458 transfers <integer>;
459}; // may occur multiple times
460
461statistics-channels {
462 inet ( <ipv4_address> | <ipv6_address> |
463 * ) [ port ( <integer> | * ) ] [
464 allow { <address_match_element>; ...
465 } ]; // may occur multiple times
466}; // may occur multiple times
467
468trust-anchors { <string> ( static-key |
469 initial-key | static-ds | initial-ds )
470 <integer> <integer> <integer>
471 <quoted_string>; ... }; // may occur multiple times
472
473trusted-keys { <string> <integer>
474 <integer> <integer>
475 <quoted_string>; ... }; // may occur multiple times, deprecated
476
477view <string> [ <class> ] {
478 acache-cleaning-interval <integer>; // obsolete
479 acache-enable <boolean>; // obsolete
480 additional-from-auth <boolean>; // obsolete
481 additional-from-cache <boolean>; // obsolete
482 allow-new-zones <boolean>;
483 allow-notify { <address_match_element>; ... };
484 allow-query { <address_match_element>; ... };
485 allow-query-cache { <address_match_element>; ... };
486 allow-query-cache-on { <address_match_element>; ... };
487 allow-query-on { <address_match_element>; ... };
488 allow-recursion { <address_match_element>; ... };
489 allow-recursion-on { <address_match_element>; ... };
490 allow-transfer { <address_match_element>; ... };
491 allow-update { <address_match_element>; ... };
492 allow-update-forwarding { <address_match_element>; ... };
493 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
494 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
495 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
496 <integer> ] ) [ key <string> ]; ... };
497 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
498 ] [ dscp <integer> ];
499 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
500 * ) ] [ dscp <integer> ];
501 attach-cache <string>;
502 auth-nxdomain <boolean>; // default changed
503 auto-dnssec ( allow | maintain | off );
504 cache-file <quoted_string>;
505 catalog-zones { zone <string> [ default-masters [ port <integer> ]
506 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
507 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
508 <string> ]; ... } ] [ zone-directory <quoted_string> ] [
509 in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
510 check-dup-records ( fail | warn | ignore );
511 check-integrity <boolean>;
512 check-mx ( fail | warn | ignore );
513 check-mx-cname ( fail | warn | ignore );
514 check-names ( primary | master |
515 secondary | slave | response ) (
516 fail | warn | ignore ); // may occur multiple times
517 check-sibling <boolean>;
518 check-spf ( warn | ignore );
519 check-srv-cname ( fail | warn | ignore );
520 check-wildcard <boolean>;
521 cleaning-interval <integer>; // obsolete
522 clients-per-query <integer>;
523 deny-answer-addresses { <address_match_element>; ... } [
524 except-from { <string>; ... } ];
525 deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
526 } ];
527 dialup ( notify | notify-passive | passive | refresh | <boolean> );
528 disable-algorithms <string> { <string>;
529 ... }; // may occur multiple times
530 disable-ds-digests <string> { <string>;
531 ... }; // may occur multiple times
532 disable-empty-zone <string>; // may occur multiple times
533 dlz <string> {
534 database <string>;
535 search <boolean>;
536 }; // may occur multiple times
537 dns64 <netprefix> {
538 break-dnssec <boolean>;
539 clients { <address_match_element>; ... };
540 exclude { <address_match_element>; ... };
541 mapped { <address_match_element>; ... };
542 recursive-only <boolean>;
543 suffix <ipv6_address>;
544 }; // may occur multiple times
545 dns64-contact <string>;
546 dns64-server <string>;
547 dnskey-sig-validity <integer>;
548 dnsrps-enable <boolean>; // not configured
549 dnsrps-options { <unspecified-text> }; // not configured
550 dnssec-accept-expired <boolean>;
551 dnssec-dnskey-kskonly <boolean>;
552 dnssec-enable <boolean>; // obsolete
553 dnssec-loadkeys-interval <integer>;
554 dnssec-lookaside ( <string>
555 trust-anchor <string> |
556 auto | no ); // obsolete, may occur multiple times
557 dnssec-must-be-secure <string> <boolean>; // may occur multiple times
558 dnssec-policy <string>;
559 dnssec-secure-to-insecure <boolean>;
560 dnssec-update-mode ( maintain | no-resign );
561 dnssec-validation ( yes | no | auto );
562 dnstap { ( all | auth | client | forwarder |
563 resolver | update ) [ ( query | response ) ];
564 ... }; // not configured
565 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
566 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
567 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
568 <integer> ] [ dscp <integer> ] ); ... };
569 dyndb <string> <quoted_string> {
570 <unspecified-text> }; // may occur multiple times
571 edns-udp-size <integer>;
572 empty-contact <string>;
573 empty-server <string>;
574 empty-zones-enable <boolean>;
575 fetch-glue <boolean>; // ancient
576 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
577 fetches-per-server <integer> [ ( drop | fail ) ];
578 fetches-per-zone <integer> [ ( drop | fail ) ];
579 filter-aaaa { <address_match_element>; ... }; // obsolete
580 filter-aaaa-on-v4 <boolean>; // obsolete
581 filter-aaaa-on-v6 <boolean>; // obsolete
582 forward ( first | only );
583 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
584 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
585 glue-cache <boolean>;
586 inline-signing <boolean>;
587 ixfr-from-differences ( primary | master | secondary | slave |
588 <boolean> );
589 key <string> {
590 algorithm <string>;
591 secret <string>;
592 }; // may occur multiple times
593 key-directory <quoted_string>;
594 lame-ttl <duration>;
595 lmdb-mapsize <sizeval>;
596 maintain-ixfr-base <boolean>; // ancient
597 managed-keys { <string> (
598 static-key | initial-key
599 | static-ds | initial-ds
600 ) <integer> <integer>
601 <integer>
602 <quoted_string>; ... }; // may occur multiple times, deprecated
603 masterfile-format ( map | raw | text );
604 masterfile-style ( full | relative );
605 match-clients { <address_match_element>; ... };
606 match-destinations { <address_match_element>; ... };
607 match-recursive-only <boolean>;
608 max-acache-size ( unlimited | <sizeval> ); // obsolete
609 max-cache-size ( default | unlimited | <sizeval> | <percentage> );
610 max-cache-ttl <duration>;
611 max-clients-per-query <integer>;
612 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
613 max-ixfr-ratio ( unlimited | <percentage> );
614 max-journal-size ( default | unlimited | <sizeval> );
615 max-ncache-ttl <duration>;
616 max-records <integer>;
617 max-recursion-depth <integer>;
618 max-recursion-queries <integer>;
619 max-refresh-time <integer>;
620 max-retry-time <integer>;
621 max-stale-ttl <duration>;
622 max-transfer-idle-in <integer>;
623 max-transfer-idle-out <integer>;
624 max-transfer-time-in <integer>;
625 max-transfer-time-out <integer>;
626 max-udp-size <integer>;
627 max-zone-ttl ( unlimited | <duration> );
628 message-compression <boolean>;
629 min-cache-ttl <duration>;
630 min-ncache-ttl <duration>;
631 min-refresh-time <integer>;
632 min-retry-time <integer>;
633 min-roots <integer>; // ancient
634 minimal-any <boolean>;
635 minimal-responses ( no-auth | no-auth-recursive | <boolean> );
636 multi-master <boolean>;
637 new-zones-directory <quoted_string>;
638 no-case-compress { <address_match_element>; ... };
639 nocookie-udp-size <integer>;
640 nosit-udp-size <integer>; // obsolete
641 notify ( explicit | master-only | primary-only | <boolean> );
642 notify-delay <integer>;
643 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
644 dscp <integer> ];
645 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
646 [ dscp <integer> ];
647 notify-to-soa <boolean>;
648 nsec3-test-zone <boolean>; // test only
649 nta-lifetime <duration>;
650 nta-recheck <duration>;
651 nxdomain-redirect <string>;
652 plugin ( query ) <string> [ {
653 <unspecified-text> } ]; // may occur multiple times
654 preferred-glue <string>;
655 prefetch <integer> [ <integer> ];
656 provide-ixfr <boolean>;
657 qname-minimization ( strict | relaxed | disabled | off );
658 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
659 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
660 port ( <integer> | * ) ) ) [ dscp <integer> ];
661 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
662 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
663 port ( <integer> | * ) ) ) [ dscp <integer> ];
664 queryport-pool-ports <integer>; // obsolete
665 queryport-pool-updateinterval <integer>; // obsolete
666 rate-limit {
667 all-per-second <integer>;
668 errors-per-second <integer>;
669 exempt-clients { <address_match_element>; ... };
670 ipv4-prefix-length <integer>;
671 ipv6-prefix-length <integer>;
672 log-only <boolean>;
673 max-table-size <integer>;
674 min-table-size <integer>;
675 nodata-per-second <integer>;
676 nxdomains-per-second <integer>;
677 qps-scale <integer>;
678 referrals-per-second <integer>;
679 responses-per-second <integer>;
680 slip <integer>;
681 window <integer>;
682 };
683 recursion <boolean>;
684 request-expire <boolean>;
685 request-ixfr <boolean>;
686 request-nsid <boolean>;
687 request-sit <boolean>; // obsolete
688 require-server-cookie <boolean>;
689 resolver-nonbackoff-tries <integer>;
690 resolver-query-timeout <integer>;
691 resolver-retry-interval <integer>;
692 response-padding { <address_match_element>; ... } block-size
693 <integer>;
694 response-policy { zone <string> [ add-soa <boolean> ] [ log
695 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
696 <duration> ] [ policy ( cname | disabled | drop | given | no-op
697 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
698 recursive-only <boolean> ] [ nsip-enable <boolean> ] [
699 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
700 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
701 min-update-interval <duration> ] [ min-ns-dots <integer> ] [
702 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
703 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
704 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
705 dnsrps-options { <unspecified-text> } ];
706 rfc2308-type1 <boolean>; // ancient
707 root-delegation-only [ exclude { <string>; ... } ];
708 root-key-sentinel <boolean>;
709 rrset-order { [ class <string> ] [ type <string> ] [ name
710 <quoted_string> ] <string> <string>; ... };
711 send-cookie <boolean>;
712 serial-update-method ( date | increment | unixtime );
713 server <netprefix> {
714 bogus <boolean>;
715 edns <boolean>;
716 edns-udp-size <integer>;
717 edns-version <integer>;
718 keys <server_key>;
719 max-udp-size <integer>;
720 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
721 ) ] [ dscp <integer> ];
722 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
723 | * ) ] [ dscp <integer> ];
724 padding <integer>;
725 provide-ixfr <boolean>;
726 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
727 ( <integer> | * ) ] ) | ( [ [ address ] (
728 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
729 dscp <integer> ];
730 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
731 port ( <integer> | * ) ] ) | ( [ [ address ] (
732 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
733 dscp <integer> ];
734 request-expire <boolean>;
735 request-ixfr <boolean>;
736 request-nsid <boolean>;
737 request-sit <boolean>; // obsolete
738 send-cookie <boolean>;
739 support-ixfr <boolean>; // obsolete
740 tcp-keepalive <boolean>;
741 tcp-only <boolean>;
742 transfer-format ( many-answers | one-answer );
743 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
744 * ) ] [ dscp <integer> ];
745 transfer-source-v6 ( <ipv6_address> | * ) [ port (
746 <integer> | * ) ] [ dscp <integer> ];
747 transfers <integer>;
748 }; // may occur multiple times
749 servfail-ttl <duration>;
750 sig-signing-nodes <integer>;
751 sig-signing-signatures <integer>;
752 sig-signing-type <integer>;
753 sig-validity-interval <integer> [ <integer> ];
754 sortlist { <address_match_element>; ... };
755 stale-answer-client-timeout ( disabled | off | <integer> );
756 stale-answer-enable <boolean>;
757 stale-answer-ttl <duration>;
758 stale-cache-enable <boolean>;
759 stale-refresh-time <duration>;
760 suppress-initial-notify <boolean>; // not yet implemented
761 synth-from-dnssec <boolean>;
762 topology { <address_match_element>; ... }; // ancient
763 transfer-format ( many-answers | one-answer );
764 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
765 dscp <integer> ];
766 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
767 ] [ dscp <integer> ];
768 trust-anchor-telemetry <boolean>; // experimental
769 trust-anchors { <string> ( static-key |
770 initial-key | static-ds | initial-ds
771 ) <integer> <integer> <integer>
772 <quoted_string>; ... }; // may occur multiple times
773 trusted-keys { <string>
774 <integer> <integer>
775 <integer>
776 <quoted_string>; ... }; // may occur multiple times, deprecated
777 try-tcp-refresh <boolean>;
778 update-check-ksk <boolean>;
779 use-alt-transfer-source <boolean>;
780 use-queryport-pool <boolean>; // obsolete
781 v6-bias <integer>;
782 validate-except { <string>; ... };
783 zero-no-soa-ttl <boolean>;
784 zero-no-soa-ttl-cache <boolean>;
785 zone <string> [ <class> ] {
786 allow-notify { <address_match_element>; ... };
787 allow-query { <address_match_element>; ... };
788 allow-query-on { <address_match_element>; ... };
789 allow-transfer { <address_match_element>; ... };
790 allow-update { <address_match_element>; ... };
791 allow-update-forwarding { <address_match_element>; ... };
792 also-notify [ port <integer> ] [ dscp <integer> ] { (
793 <primaries> | <ipv4_address> [ port <integer> ] |
794 <ipv6_address> [ port <integer> ] ) [ key <string> ];
795 ... };
796 alt-transfer-source ( <ipv4_address> | * ) [ port (
797 <integer> | * ) ] [ dscp <integer> ];
798 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
799 <integer> | * ) ] [ dscp <integer> ];
800 auto-dnssec ( allow | maintain | off );
801 check-dup-records ( fail | warn | ignore );
802 check-integrity <boolean>;
803 check-mx ( fail | warn | ignore );
804 check-mx-cname ( fail | warn | ignore );
805 check-names ( fail | warn | ignore );
806 check-sibling <boolean>;
807 check-spf ( warn | ignore );
808 check-srv-cname ( fail | warn | ignore );
809 check-wildcard <boolean>;
810 database <string>;
811 delegation-only <boolean>;
812 dialup ( notify | notify-passive | passive | refresh |
813 <boolean> );
814 dlz <string>;
815 dnskey-sig-validity <integer>;
816 dnssec-dnskey-kskonly <boolean>;
817 dnssec-loadkeys-interval <integer>;
818 dnssec-policy <string>;
819 dnssec-secure-to-insecure <boolean>;
820 dnssec-update-mode ( maintain | no-resign );
821 file <quoted_string>;
822 forward ( first | only );
823 forwarders [ port <integer> ] [ dscp <integer> ] { (
824 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [
825 dscp <integer> ]; ... };
826 in-view <string>;
827 inline-signing <boolean>;
828 ixfr-base <quoted_string>; // ancient
829 ixfr-from-differences <boolean>;
830 ixfr-tmp-file <quoted_string>; // ancient
831 journal <quoted_string>;
832 key-directory <quoted_string>;
833 maintain-ixfr-base <boolean>; // ancient
834 masterfile-format ( map | raw | text );
835 masterfile-style ( full | relative );
836 masters [ port <integer> ] [ dscp <integer> ] { (
837 <primaries> | <ipv4_address> [ port <integer> ] |
838 <ipv6_address> [ port <integer> ] ) [ key <string> ];
839 ... };
840 max-ixfr-log-size ( default | unlimited |
841 <sizeval> ); // ancient
842 max-ixfr-ratio ( unlimited | <percentage> );
843 max-journal-size ( default | unlimited | <sizeval> );
844 max-records <integer>;
845 max-refresh-time <integer>;
846 max-retry-time <integer>;
847 max-transfer-idle-in <integer>;
848 max-transfer-idle-out <integer>;
849 max-transfer-time-in <integer>;
850 max-transfer-time-out <integer>;
851 max-zone-ttl ( unlimited | <duration> );
852 min-refresh-time <integer>;
853 min-retry-time <integer>;
854 multi-master <boolean>;
855 notify ( explicit | master-only | primary-only | <boolean> );
856 notify-delay <integer>;
857 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
858 ) ] [ dscp <integer> ];
859 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
860 | * ) ] [ dscp <integer> ];
861 notify-to-soa <boolean>;
862 nsec3-test-zone <boolean>; // test only
863 primaries [ port <integer> ] [ dscp <integer> ] { (
864 <primaries> | <ipv4_address> [ port <integer> ] |
865 <ipv6_address> [ port <integer> ] ) [ key <string> ];
866 ... };
867 pubkey <integer> <integer> <integer>
868 <quoted_string>; // ancient
869 request-expire <boolean>;
870 request-ixfr <boolean>;
871 serial-update-method ( date | increment | unixtime );
872 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
873 server-names { <string>; ... };
874 sig-signing-nodes <integer>;
875 sig-signing-signatures <integer>;
876 sig-signing-type <integer>;
877 sig-validity-interval <integer> [ <integer> ];
878 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
879 * ) ] [ dscp <integer> ];
880 transfer-source-v6 ( <ipv6_address> | * ) [ port (
881 <integer> | * ) ] [ dscp <integer> ];
882 try-tcp-refresh <boolean>;
883 type ( primary | master | secondary | slave | mirror |
884 delegation-only | forward | hint | redirect |
885 static-stub | stub );
886 update-check-ksk <boolean>;
887 update-policy ( local | { ( deny | grant ) <string> (
888 6to4-self | external | krb5-self | krb5-selfsub |
889 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
890 name | self | selfsub | selfwild | subdomain | tcp-self
891 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
892 use-alt-transfer-source <boolean>;
893 zero-no-soa-ttl <boolean>;
894 zone-statistics ( full | terse | none | <boolean> );
895 }; // may occur multiple times
896 zone-statistics ( full | terse | none | <boolean> );
897}; // may occur multiple times
898
899zone <string> [ <class> ] {
900 allow-notify { <address_match_element>; ... };
901 allow-query { <address_match_element>; ... };
902 allow-query-on { <address_match_element>; ... };
903 allow-transfer { <address_match_element>; ... };
904 allow-update { <address_match_element>; ... };
905 allow-update-forwarding { <address_match_element>; ... };
906 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
907 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
908 <integer> ] ) [ key <string> ]; ... };
909 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
910 ] [ dscp <integer> ];
911 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
912 * ) ] [ dscp <integer> ];
913 auto-dnssec ( allow | maintain | off );
914 check-dup-records ( fail | warn | ignore );
915 check-integrity <boolean>;
916 check-mx ( fail | warn | ignore );
917 check-mx-cname ( fail | warn | ignore );
918 check-names ( fail | warn | ignore );
919 check-sibling <boolean>;
920 check-spf ( warn | ignore );
921 check-srv-cname ( fail | warn | ignore );
922 check-wildcard <boolean>;
923 database <string>;
924 delegation-only <boolean>;
925 dialup ( notify | notify-passive | passive | refresh | <boolean> );
926 dlz <string>;
927 dnskey-sig-validity <integer>;
928 dnssec-dnskey-kskonly <boolean>;
929 dnssec-loadkeys-interval <integer>;
930 dnssec-policy <string>;
931 dnssec-secure-to-insecure <boolean>;
932 dnssec-update-mode ( maintain | no-resign );
933 file <quoted_string>;
934 forward ( first | only );
935 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
936 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
937 in-view <string>;
938 inline-signing <boolean>;
939 ixfr-base <quoted_string>; // ancient
940 ixfr-from-differences <boolean>;
941 ixfr-tmp-file <quoted_string>; // ancient
942 journal <quoted_string>;
943 key-directory <quoted_string>;
944 maintain-ixfr-base <boolean>; // ancient
945 masterfile-format ( map | raw | text );
946 masterfile-style ( full | relative );
947 masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
948 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
949 <integer> ] ) [ key <string> ]; ... };
950 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
951 max-ixfr-ratio ( unlimited | <percentage> );
952 max-journal-size ( default | unlimited | <sizeval> );
953 max-records <integer>;
954 max-refresh-time <integer>;
955 max-retry-time <integer>;
956 max-transfer-idle-in <integer>;
957 max-transfer-idle-out <integer>;
958 max-transfer-time-in <integer>;
959 max-transfer-time-out <integer>;
960 max-zone-ttl ( unlimited | <duration> );
961 min-refresh-time <integer>;
962 min-retry-time <integer>;
963 multi-master <boolean>;
964 notify ( explicit | master-only | primary-only | <boolean> );
965 notify-delay <integer>;
966 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
967 dscp <integer> ];
968 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
969 [ dscp <integer> ];
970 notify-to-soa <boolean>;
971 nsec3-test-zone <boolean>; // test only
972 primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
973 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
974 <integer> ] ) [ key <string> ]; ... };
975 pubkey <integer> <integer> <integer> <quoted_string>; // ancient
976 request-expire <boolean>;
977 request-ixfr <boolean>;
978 serial-update-method ( date | increment | unixtime );
979 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
980 server-names { <string>; ... };
981 sig-signing-nodes <integer>;
982 sig-signing-signatures <integer>;
983 sig-signing-type <integer>;
984 sig-validity-interval <integer> [ <integer> ];
985 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
986 dscp <integer> ];
987 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
988 ] [ dscp <integer> ];
989 try-tcp-refresh <boolean>;
990 type ( primary | master | secondary | slave | mirror |
991 delegation-only | forward | hint | redirect | static-stub |
992 stub );
993 update-check-ksk <boolean>;
994 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
995 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
996 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
997 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
998 <rrtypelist>; ... };
999 use-alt-transfer-source <boolean>;
1000 zero-no-soa-ttl <boolean>;
1001 zone-statistics ( full | terse | none | <boolean> );
1002}; // may occur multiple times
1003
36 retire-safety <duration>;
37 signatures-refresh <duration>;
38 signatures-validity <duration>;
39 signatures-validity-dnskey <duration>;
40 zone-propagation-delay <duration>;
41}; // may occur multiple times
42
43dyndb <string> <quoted_string> {
44 <unspecified-text> }; // may occur multiple times
45
46key <string> {
47 algorithm <string>;
48 secret <string>;
49}; // may occur multiple times
50
51logging {
52 category <string> { <string>; ... }; // may occur multiple times
53 channel <string> {
54 buffered <boolean>;
55 file <quoted_string> [ versions ( unlimited | <integer> ) ]
56 [ size <size> ] [ suffix ( increment | timestamp ) ];
57 null;
58 print-category <boolean>;
59 print-severity <boolean>;
60 print-time ( iso8601 | iso8601-utc | local | <boolean> );
61 severity <log_severity>;
62 stderr;
63 syslog [ <syslog_facility> ];
64 }; // may occur multiple times
65};
66
67lwres { <unspecified-text> }; // obsolete, may occur multiple times
68
69managed-keys { <string> ( static-key
70 | initial-key | static-ds |
71 initial-ds ) <integer> <integer>
72 <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
73
74masters <string> [ port <integer> ] [ dscp
75 <integer> ] { ( <primaries> | <ipv4_address>
76 [ port <integer> ] | <ipv6_address> [ port
77 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
78
79options {
80 acache-cleaning-interval <integer>; // obsolete
81 acache-enable <boolean>; // obsolete
82 additional-from-auth <boolean>; // obsolete
83 additional-from-cache <boolean>; // obsolete
84 allow-new-zones <boolean>;
85 allow-notify { <address_match_element>; ... };
86 allow-query { <address_match_element>; ... };
87 allow-query-cache { <address_match_element>; ... };
88 allow-query-cache-on { <address_match_element>; ... };
89 allow-query-on { <address_match_element>; ... };
90 allow-recursion { <address_match_element>; ... };
91 allow-recursion-on { <address_match_element>; ... };
92 allow-transfer { <address_match_element>; ... };
93 allow-update { <address_match_element>; ... };
94 allow-update-forwarding { <address_match_element>; ... };
95 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
96 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
97 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
98 <integer> ] ) [ key <string> ]; ... };
99 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
100 ] [ dscp <integer> ];
101 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
102 * ) ] [ dscp <integer> ];
103 answer-cookie <boolean>;
104 attach-cache <string>;
105 auth-nxdomain <boolean>; // default changed
106 auto-dnssec ( allow | maintain | off );
107 automatic-interface-scan <boolean>;
108 avoid-v4-udp-ports { <portrange>; ... };
109 avoid-v6-udp-ports { <portrange>; ... };
110 bindkeys-file <quoted_string>;
111 blackhole { <address_match_element>; ... };
112 cache-file <quoted_string>;
113 catalog-zones { zone <string> [ default-masters [ port <integer> ]
114 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
115 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
116 <string> ]; ... } ] [ zone-directory <quoted_string> ] [
117 in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
118 check-dup-records ( fail | warn | ignore );
119 check-integrity <boolean>;
120 check-mx ( fail | warn | ignore );
121 check-mx-cname ( fail | warn | ignore );
122 check-names ( primary | master |
123 secondary | slave | response ) (
124 fail | warn | ignore ); // may occur multiple times
125 check-sibling <boolean>;
126 check-spf ( warn | ignore );
127 check-srv-cname ( fail | warn | ignore );
128 check-wildcard <boolean>;
129 cleaning-interval <integer>; // obsolete
130 clients-per-query <integer>;
131 cookie-algorithm ( aes | siphash24 );
132 cookie-secret <string>; // may occur multiple times
133 coresize ( default | unlimited | <sizeval> );
134 datasize ( default | unlimited | <sizeval> );
135 deallocate-on-exit <boolean>; // ancient
136 deny-answer-addresses { <address_match_element>; ... } [
137 except-from { <string>; ... } ];
138 deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
139 } ];
140 dialup ( notify | notify-passive | passive | refresh | <boolean> );
141 directory <quoted_string>;
142 disable-algorithms <string> { <string>;
143 ... }; // may occur multiple times
144 disable-ds-digests <string> { <string>;
145 ... }; // may occur multiple times
146 disable-empty-zone <string>; // may occur multiple times
147 dns64 <netprefix> {
148 break-dnssec <boolean>;
149 clients { <address_match_element>; ... };
150 exclude { <address_match_element>; ... };
151 mapped { <address_match_element>; ... };
152 recursive-only <boolean>;
153 suffix <ipv6_address>;
154 }; // may occur multiple times
155 dns64-contact <string>;
156 dns64-server <string>;
157 dnskey-sig-validity <integer>;
158 dnsrps-enable <boolean>; // not configured
159 dnsrps-options { <unspecified-text> }; // not configured
160 dnssec-accept-expired <boolean>;
161 dnssec-dnskey-kskonly <boolean>;
162 dnssec-enable <boolean>; // obsolete
163 dnssec-loadkeys-interval <integer>;
164 dnssec-lookaside ( <string>
165 trust-anchor <string> |
166 auto | no ); // obsolete, may occur multiple times
167 dnssec-must-be-secure <string> <boolean>; // may occur multiple times
168 dnssec-policy <string>;
169 dnssec-secure-to-insecure <boolean>;
170 dnssec-update-mode ( maintain | no-resign );
171 dnssec-validation ( yes | no | auto );
172 dnstap { ( all | auth | client | forwarder |
173 resolver | update ) [ ( query | response ) ];
174 ... }; // not configured
175 dnstap-identity ( <quoted_string> | none |
176 hostname ); // not configured
177 dnstap-output ( file | unix ) <quoted_string> [
178 size ( unlimited | <size> ) ] [ versions (
179 unlimited | <integer> ) ] [ suffix ( increment
180 | timestamp ) ]; // not configured
181 dnstap-version ( <quoted_string> | none ); // not configured
182 dscp <integer>;
183 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
184 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
185 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
186 <integer> ] [ dscp <integer> ] ); ... };
187 dump-file <quoted_string>;
188 edns-udp-size <integer>;
189 empty-contact <string>;
190 empty-server <string>;
191 empty-zones-enable <boolean>;
192 fake-iquery <boolean>; // ancient
193 fetch-glue <boolean>; // ancient
194 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
195 fetches-per-server <integer> [ ( drop | fail ) ];
196 fetches-per-zone <integer> [ ( drop | fail ) ];
197 files ( default | unlimited | <sizeval> );
198 filter-aaaa { <address_match_element>; ... }; // obsolete
199 filter-aaaa-on-v4 <boolean>; // obsolete
200 filter-aaaa-on-v6 <boolean>; // obsolete
201 flush-zones-on-shutdown <boolean>;
202 forward ( first | only );
203 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
204 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
205 fstrm-set-buffer-hint <integer>; // not configured
206 fstrm-set-flush-timeout <integer>; // not configured
207 fstrm-set-input-queue-size <integer>; // not configured
208 fstrm-set-output-notify-threshold <integer>; // not configured
209 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
210 fstrm-set-output-queue-size <integer>; // not configured
211 fstrm-set-reopen-interval <duration>; // not configured
212 geoip-directory ( <quoted_string> | none );
213 geoip-use-ecs <boolean>; // obsolete
214 glue-cache <boolean>;
215 has-old-clients <boolean>; // ancient
216 heartbeat-interval <integer>;
217 host-statistics <boolean>; // ancient
218 host-statistics-max <integer>; // ancient
219 hostname ( <quoted_string> | none );
220 inline-signing <boolean>;
221 interface-interval <duration>;
222 ixfr-from-differences ( primary | master | secondary | slave |
223 <boolean> );
224 keep-response-order { <address_match_element>; ... };
225 key-directory <quoted_string>;
226 lame-ttl <duration>;
227 listen-on [ port <integer> ] [ dscp
228 <integer> ] {
229 <address_match_element>; ... }; // may occur multiple times
230 listen-on-v6 [ port <integer> ] [ dscp
231 <integer> ] {
232 <address_match_element>; ... }; // may occur multiple times
233 lmdb-mapsize <sizeval>;
234 lock-file ( <quoted_string> | none );
235 maintain-ixfr-base <boolean>; // ancient
236 managed-keys-directory <quoted_string>;
237 masterfile-format ( map | raw | text );
238 masterfile-style ( full | relative );
239 match-mapped-addresses <boolean>;
240 max-acache-size ( unlimited | <sizeval> ); // obsolete
241 max-cache-size ( default | unlimited | <sizeval> | <percentage> );
242 max-cache-ttl <duration>;
243 max-clients-per-query <integer>;
244 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
245 max-ixfr-ratio ( unlimited | <percentage> );
246 max-journal-size ( default | unlimited | <sizeval> );
247 max-ncache-ttl <duration>;
248 max-records <integer>;
249 max-recursion-depth <integer>;
250 max-recursion-queries <integer>;
251 max-refresh-time <integer>;
252 max-retry-time <integer>;
253 max-rsa-exponent-size <integer>;
254 max-stale-ttl <duration>;
255 max-transfer-idle-in <integer>;
256 max-transfer-idle-out <integer>;
257 max-transfer-time-in <integer>;
258 max-transfer-time-out <integer>;
259 max-udp-size <integer>;
260 max-zone-ttl ( unlimited | <duration> );
261 memstatistics <boolean>;
262 memstatistics-file <quoted_string>;
263 message-compression <boolean>;
264 min-cache-ttl <duration>;
265 min-ncache-ttl <duration>;
266 min-refresh-time <integer>;
267 min-retry-time <integer>;
268 min-roots <integer>; // ancient
269 minimal-any <boolean>;
270 minimal-responses ( no-auth | no-auth-recursive | <boolean> );
271 multi-master <boolean>;
272 multiple-cnames <boolean>; // ancient
273 named-xfer <quoted_string>; // ancient
274 new-zones-directory <quoted_string>;
275 no-case-compress { <address_match_element>; ... };
276 nocookie-udp-size <integer>;
277 nosit-udp-size <integer>; // obsolete
278 notify ( explicit | master-only | primary-only | <boolean> );
279 notify-delay <integer>;
280 notify-rate <integer>;
281 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
282 dscp <integer> ];
283 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
284 [ dscp <integer> ];
285 notify-to-soa <boolean>;
286 nsec3-test-zone <boolean>; // test only
287 nta-lifetime <duration>;
288 nta-recheck <duration>;
289 nxdomain-redirect <string>;
290 pid-file ( <quoted_string> | none );
291 port <integer>;
292 preferred-glue <string>;
293 prefetch <integer> [ <integer> ];
294 provide-ixfr <boolean>;
295 qname-minimization ( strict | relaxed | disabled | off );
296 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
297 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
298 port ( <integer> | * ) ) ) [ dscp <integer> ];
299 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
300 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
301 port ( <integer> | * ) ) ) [ dscp <integer> ];
302 querylog <boolean>;
303 queryport-pool-ports <integer>; // obsolete
304 queryport-pool-updateinterval <integer>; // obsolete
305 random-device ( <quoted_string> | none );
306 rate-limit {
307 all-per-second <integer>;
308 errors-per-second <integer>;
309 exempt-clients { <address_match_element>; ... };
310 ipv4-prefix-length <integer>;
311 ipv6-prefix-length <integer>;
312 log-only <boolean>;
313 max-table-size <integer>;
314 min-table-size <integer>;
315 nodata-per-second <integer>;
316 nxdomains-per-second <integer>;
317 qps-scale <integer>;
318 referrals-per-second <integer>;
319 responses-per-second <integer>;
320 slip <integer>;
321 window <integer>;
322 };
323 recursing-file <quoted_string>;
324 recursion <boolean>;
325 recursive-clients <integer>;
326 request-expire <boolean>;
327 request-ixfr <boolean>;
328 request-nsid <boolean>;
329 request-sit <boolean>; // obsolete
330 require-server-cookie <boolean>;
331 reserved-sockets <integer>;
332 resolver-nonbackoff-tries <integer>;
333 resolver-query-timeout <integer>;
334 resolver-retry-interval <integer>;
335 response-padding { <address_match_element>; ... } block-size
336 <integer>;
337 response-policy { zone <string> [ add-soa <boolean> ] [ log
338 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
339 <duration> ] [ policy ( cname | disabled | drop | given | no-op
340 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
341 recursive-only <boolean> ] [ nsip-enable <boolean> ] [
342 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
343 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
344 min-update-interval <duration> ] [ min-ns-dots <integer> ] [
345 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
346 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
347 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
348 dnsrps-options { <unspecified-text> } ];
349 rfc2308-type1 <boolean>; // ancient
350 root-delegation-only [ exclude { <string>; ... } ];
351 root-key-sentinel <boolean>;
352 rrset-order { [ class <string> ] [ type <string> ] [ name
353 <quoted_string> ] <string> <string>; ... };
354 secroots-file <quoted_string>;
355 send-cookie <boolean>;
356 serial-queries <integer>; // ancient
357 serial-query-rate <integer>;
358 serial-update-method ( date | increment | unixtime );
359 server-id ( <quoted_string> | none | hostname );
360 servfail-ttl <duration>;
361 session-keyalg <string>;
362 session-keyfile ( <quoted_string> | none );
363 session-keyname <string>;
364 sig-signing-nodes <integer>;
365 sig-signing-signatures <integer>;
366 sig-signing-type <integer>;
367 sig-validity-interval <integer> [ <integer> ];
368 sit-secret <string>; // obsolete
369 sortlist { <address_match_element>; ... };
370 stacksize ( default | unlimited | <sizeval> );
371 stale-answer-client-timeout ( disabled | off | <integer> );
372 stale-answer-enable <boolean>;
373 stale-answer-ttl <duration>;
374 stale-cache-enable <boolean>;
375 stale-refresh-time <duration>;
376 startup-notify-rate <integer>;
377 statistics-file <quoted_string>;
378 statistics-interval <integer>; // ancient
379 suppress-initial-notify <boolean>; // not yet implemented
380 synth-from-dnssec <boolean>;
381 tcp-advertised-timeout <integer>;
382 tcp-clients <integer>;
383 tcp-idle-timeout <integer>;
384 tcp-initial-timeout <integer>;
385 tcp-keepalive-timeout <integer>;
386 tcp-listen-queue <integer>;
387 tkey-dhkey <quoted_string> <integer>;
388 tkey-domain <quoted_string>;
389 tkey-gssapi-credential <quoted_string>;
390 tkey-gssapi-keytab <quoted_string>;
391 topology { <address_match_element>; ... }; // ancient
392 transfer-format ( many-answers | one-answer );
393 transfer-message-size <integer>;
394 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
395 dscp <integer> ];
396 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
397 ] [ dscp <integer> ];
398 transfers-in <integer>;
399 transfers-out <integer>;
400 transfers-per-ns <integer>;
401 treat-cr-as-space <boolean>; // ancient
402 trust-anchor-telemetry <boolean>; // experimental
403 try-tcp-refresh <boolean>;
404 update-check-ksk <boolean>;
405 use-alt-transfer-source <boolean>;
406 use-id-pool <boolean>; // ancient
407 use-ixfr <boolean>; // obsolete
408 use-queryport-pool <boolean>; // obsolete
409 use-v4-udp-ports { <portrange>; ... };
410 use-v6-udp-ports { <portrange>; ... };
411 v6-bias <integer>;
412 validate-except { <string>; ... };
413 version ( <quoted_string> | none );
414 zero-no-soa-ttl <boolean>;
415 zero-no-soa-ttl-cache <boolean>;
416 zone-statistics ( full | terse | none | <boolean> );
417};
418
419plugin ( query ) <string> [ { <unspecified-text>
420 } ]; // may occur multiple times
421
422primaries <string> [ port <integer> ] [ dscp
423 <integer> ] { ( <primaries> | <ipv4_address>
424 [ port <integer> ] | <ipv6_address> [ port
425 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
426
427server <netprefix> {
428 bogus <boolean>;
429 edns <boolean>;
430 edns-udp-size <integer>;
431 edns-version <integer>;
432 keys <server_key>;
433 max-udp-size <integer>;
434 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
435 dscp <integer> ];
436 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
437 [ dscp <integer> ];
438 padding <integer>;
439 provide-ixfr <boolean>;
440 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
441 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
442 port ( <integer> | * ) ) ) [ dscp <integer> ];
443 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
444 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
445 port ( <integer> | * ) ) ) [ dscp <integer> ];
446 request-expire <boolean>;
447 request-ixfr <boolean>;
448 request-nsid <boolean>;
449 request-sit <boolean>; // obsolete
450 send-cookie <boolean>;
451 support-ixfr <boolean>; // obsolete
452 tcp-keepalive <boolean>;
453 tcp-only <boolean>;
454 transfer-format ( many-answers | one-answer );
455 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
456 dscp <integer> ];
457 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
458 ] [ dscp <integer> ];
459 transfers <integer>;
460}; // may occur multiple times
461
462statistics-channels {
463 inet ( <ipv4_address> | <ipv6_address> |
464 * ) [ port ( <integer> | * ) ] [
465 allow { <address_match_element>; ...
466 } ]; // may occur multiple times
467}; // may occur multiple times
468
469trust-anchors { <string> ( static-key |
470 initial-key | static-ds | initial-ds )
471 <integer> <integer> <integer>
472 <quoted_string>; ... }; // may occur multiple times
473
474trusted-keys { <string> <integer>
475 <integer> <integer>
476 <quoted_string>; ... }; // may occur multiple times, deprecated
477
478view <string> [ <class> ] {
479 acache-cleaning-interval <integer>; // obsolete
480 acache-enable <boolean>; // obsolete
481 additional-from-auth <boolean>; // obsolete
482 additional-from-cache <boolean>; // obsolete
483 allow-new-zones <boolean>;
484 allow-notify { <address_match_element>; ... };
485 allow-query { <address_match_element>; ... };
486 allow-query-cache { <address_match_element>; ... };
487 allow-query-cache-on { <address_match_element>; ... };
488 allow-query-on { <address_match_element>; ... };
489 allow-recursion { <address_match_element>; ... };
490 allow-recursion-on { <address_match_element>; ... };
491 allow-transfer { <address_match_element>; ... };
492 allow-update { <address_match_element>; ... };
493 allow-update-forwarding { <address_match_element>; ... };
494 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
495 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
496 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
497 <integer> ] ) [ key <string> ]; ... };
498 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
499 ] [ dscp <integer> ];
500 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
501 * ) ] [ dscp <integer> ];
502 attach-cache <string>;
503 auth-nxdomain <boolean>; // default changed
504 auto-dnssec ( allow | maintain | off );
505 cache-file <quoted_string>;
506 catalog-zones { zone <string> [ default-masters [ port <integer> ]
507 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
508 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
509 <string> ]; ... } ] [ zone-directory <quoted_string> ] [
510 in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
511 check-dup-records ( fail | warn | ignore );
512 check-integrity <boolean>;
513 check-mx ( fail | warn | ignore );
514 check-mx-cname ( fail | warn | ignore );
515 check-names ( primary | master |
516 secondary | slave | response ) (
517 fail | warn | ignore ); // may occur multiple times
518 check-sibling <boolean>;
519 check-spf ( warn | ignore );
520 check-srv-cname ( fail | warn | ignore );
521 check-wildcard <boolean>;
522 cleaning-interval <integer>; // obsolete
523 clients-per-query <integer>;
524 deny-answer-addresses { <address_match_element>; ... } [
525 except-from { <string>; ... } ];
526 deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
527 } ];
528 dialup ( notify | notify-passive | passive | refresh | <boolean> );
529 disable-algorithms <string> { <string>;
530 ... }; // may occur multiple times
531 disable-ds-digests <string> { <string>;
532 ... }; // may occur multiple times
533 disable-empty-zone <string>; // may occur multiple times
534 dlz <string> {
535 database <string>;
536 search <boolean>;
537 }; // may occur multiple times
538 dns64 <netprefix> {
539 break-dnssec <boolean>;
540 clients { <address_match_element>; ... };
541 exclude { <address_match_element>; ... };
542 mapped { <address_match_element>; ... };
543 recursive-only <boolean>;
544 suffix <ipv6_address>;
545 }; // may occur multiple times
546 dns64-contact <string>;
547 dns64-server <string>;
548 dnskey-sig-validity <integer>;
549 dnsrps-enable <boolean>; // not configured
550 dnsrps-options { <unspecified-text> }; // not configured
551 dnssec-accept-expired <boolean>;
552 dnssec-dnskey-kskonly <boolean>;
553 dnssec-enable <boolean>; // obsolete
554 dnssec-loadkeys-interval <integer>;
555 dnssec-lookaside ( <string>
556 trust-anchor <string> |
557 auto | no ); // obsolete, may occur multiple times
558 dnssec-must-be-secure <string> <boolean>; // may occur multiple times
559 dnssec-policy <string>;
560 dnssec-secure-to-insecure <boolean>;
561 dnssec-update-mode ( maintain | no-resign );
562 dnssec-validation ( yes | no | auto );
563 dnstap { ( all | auth | client | forwarder |
564 resolver | update ) [ ( query | response ) ];
565 ... }; // not configured
566 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
567 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
568 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
569 <integer> ] [ dscp <integer> ] ); ... };
570 dyndb <string> <quoted_string> {
571 <unspecified-text> }; // may occur multiple times
572 edns-udp-size <integer>;
573 empty-contact <string>;
574 empty-server <string>;
575 empty-zones-enable <boolean>;
576 fetch-glue <boolean>; // ancient
577 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
578 fetches-per-server <integer> [ ( drop | fail ) ];
579 fetches-per-zone <integer> [ ( drop | fail ) ];
580 filter-aaaa { <address_match_element>; ... }; // obsolete
581 filter-aaaa-on-v4 <boolean>; // obsolete
582 filter-aaaa-on-v6 <boolean>; // obsolete
583 forward ( first | only );
584 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
585 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
586 glue-cache <boolean>;
587 inline-signing <boolean>;
588 ixfr-from-differences ( primary | master | secondary | slave |
589 <boolean> );
590 key <string> {
591 algorithm <string>;
592 secret <string>;
593 }; // may occur multiple times
594 key-directory <quoted_string>;
595 lame-ttl <duration>;
596 lmdb-mapsize <sizeval>;
597 maintain-ixfr-base <boolean>; // ancient
598 managed-keys { <string> (
599 static-key | initial-key
600 | static-ds | initial-ds
601 ) <integer> <integer>
602 <integer>
603 <quoted_string>; ... }; // may occur multiple times, deprecated
604 masterfile-format ( map | raw | text );
605 masterfile-style ( full | relative );
606 match-clients { <address_match_element>; ... };
607 match-destinations { <address_match_element>; ... };
608 match-recursive-only <boolean>;
609 max-acache-size ( unlimited | <sizeval> ); // obsolete
610 max-cache-size ( default | unlimited | <sizeval> | <percentage> );
611 max-cache-ttl <duration>;
612 max-clients-per-query <integer>;
613 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
614 max-ixfr-ratio ( unlimited | <percentage> );
615 max-journal-size ( default | unlimited | <sizeval> );
616 max-ncache-ttl <duration>;
617 max-records <integer>;
618 max-recursion-depth <integer>;
619 max-recursion-queries <integer>;
620 max-refresh-time <integer>;
621 max-retry-time <integer>;
622 max-stale-ttl <duration>;
623 max-transfer-idle-in <integer>;
624 max-transfer-idle-out <integer>;
625 max-transfer-time-in <integer>;
626 max-transfer-time-out <integer>;
627 max-udp-size <integer>;
628 max-zone-ttl ( unlimited | <duration> );
629 message-compression <boolean>;
630 min-cache-ttl <duration>;
631 min-ncache-ttl <duration>;
632 min-refresh-time <integer>;
633 min-retry-time <integer>;
634 min-roots <integer>; // ancient
635 minimal-any <boolean>;
636 minimal-responses ( no-auth | no-auth-recursive | <boolean> );
637 multi-master <boolean>;
638 new-zones-directory <quoted_string>;
639 no-case-compress { <address_match_element>; ... };
640 nocookie-udp-size <integer>;
641 nosit-udp-size <integer>; // obsolete
642 notify ( explicit | master-only | primary-only | <boolean> );
643 notify-delay <integer>;
644 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
645 dscp <integer> ];
646 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
647 [ dscp <integer> ];
648 notify-to-soa <boolean>;
649 nsec3-test-zone <boolean>; // test only
650 nta-lifetime <duration>;
651 nta-recheck <duration>;
652 nxdomain-redirect <string>;
653 plugin ( query ) <string> [ {
654 <unspecified-text> } ]; // may occur multiple times
655 preferred-glue <string>;
656 prefetch <integer> [ <integer> ];
657 provide-ixfr <boolean>;
658 qname-minimization ( strict | relaxed | disabled | off );
659 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
660 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
661 port ( <integer> | * ) ) ) [ dscp <integer> ];
662 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
663 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
664 port ( <integer> | * ) ) ) [ dscp <integer> ];
665 queryport-pool-ports <integer>; // obsolete
666 queryport-pool-updateinterval <integer>; // obsolete
667 rate-limit {
668 all-per-second <integer>;
669 errors-per-second <integer>;
670 exempt-clients { <address_match_element>; ... };
671 ipv4-prefix-length <integer>;
672 ipv6-prefix-length <integer>;
673 log-only <boolean>;
674 max-table-size <integer>;
675 min-table-size <integer>;
676 nodata-per-second <integer>;
677 nxdomains-per-second <integer>;
678 qps-scale <integer>;
679 referrals-per-second <integer>;
680 responses-per-second <integer>;
681 slip <integer>;
682 window <integer>;
683 };
684 recursion <boolean>;
685 request-expire <boolean>;
686 request-ixfr <boolean>;
687 request-nsid <boolean>;
688 request-sit <boolean>; // obsolete
689 require-server-cookie <boolean>;
690 resolver-nonbackoff-tries <integer>;
691 resolver-query-timeout <integer>;
692 resolver-retry-interval <integer>;
693 response-padding { <address_match_element>; ... } block-size
694 <integer>;
695 response-policy { zone <string> [ add-soa <boolean> ] [ log
696 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
697 <duration> ] [ policy ( cname | disabled | drop | given | no-op
698 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
699 recursive-only <boolean> ] [ nsip-enable <boolean> ] [
700 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
701 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
702 min-update-interval <duration> ] [ min-ns-dots <integer> ] [
703 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
704 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
705 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
706 dnsrps-options { <unspecified-text> } ];
707 rfc2308-type1 <boolean>; // ancient
708 root-delegation-only [ exclude { <string>; ... } ];
709 root-key-sentinel <boolean>;
710 rrset-order { [ class <string> ] [ type <string> ] [ name
711 <quoted_string> ] <string> <string>; ... };
712 send-cookie <boolean>;
713 serial-update-method ( date | increment | unixtime );
714 server <netprefix> {
715 bogus <boolean>;
716 edns <boolean>;
717 edns-udp-size <integer>;
718 edns-version <integer>;
719 keys <server_key>;
720 max-udp-size <integer>;
721 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
722 ) ] [ dscp <integer> ];
723 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
724 | * ) ] [ dscp <integer> ];
725 padding <integer>;
726 provide-ixfr <boolean>;
727 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
728 ( <integer> | * ) ] ) | ( [ [ address ] (
729 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
730 dscp <integer> ];
731 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
732 port ( <integer> | * ) ] ) | ( [ [ address ] (
733 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
734 dscp <integer> ];
735 request-expire <boolean>;
736 request-ixfr <boolean>;
737 request-nsid <boolean>;
738 request-sit <boolean>; // obsolete
739 send-cookie <boolean>;
740 support-ixfr <boolean>; // obsolete
741 tcp-keepalive <boolean>;
742 tcp-only <boolean>;
743 transfer-format ( many-answers | one-answer );
744 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
745 * ) ] [ dscp <integer> ];
746 transfer-source-v6 ( <ipv6_address> | * ) [ port (
747 <integer> | * ) ] [ dscp <integer> ];
748 transfers <integer>;
749 }; // may occur multiple times
750 servfail-ttl <duration>;
751 sig-signing-nodes <integer>;
752 sig-signing-signatures <integer>;
753 sig-signing-type <integer>;
754 sig-validity-interval <integer> [ <integer> ];
755 sortlist { <address_match_element>; ... };
756 stale-answer-client-timeout ( disabled | off | <integer> );
757 stale-answer-enable <boolean>;
758 stale-answer-ttl <duration>;
759 stale-cache-enable <boolean>;
760 stale-refresh-time <duration>;
761 suppress-initial-notify <boolean>; // not yet implemented
762 synth-from-dnssec <boolean>;
763 topology { <address_match_element>; ... }; // ancient
764 transfer-format ( many-answers | one-answer );
765 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
766 dscp <integer> ];
767 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
768 ] [ dscp <integer> ];
769 trust-anchor-telemetry <boolean>; // experimental
770 trust-anchors { <string> ( static-key |
771 initial-key | static-ds | initial-ds
772 ) <integer> <integer> <integer>
773 <quoted_string>; ... }; // may occur multiple times
774 trusted-keys { <string>
775 <integer> <integer>
776 <integer>
777 <quoted_string>; ... }; // may occur multiple times, deprecated
778 try-tcp-refresh <boolean>;
779 update-check-ksk <boolean>;
780 use-alt-transfer-source <boolean>;
781 use-queryport-pool <boolean>; // obsolete
782 v6-bias <integer>;
783 validate-except { <string>; ... };
784 zero-no-soa-ttl <boolean>;
785 zero-no-soa-ttl-cache <boolean>;
786 zone <string> [ <class> ] {
787 allow-notify { <address_match_element>; ... };
788 allow-query { <address_match_element>; ... };
789 allow-query-on { <address_match_element>; ... };
790 allow-transfer { <address_match_element>; ... };
791 allow-update { <address_match_element>; ... };
792 allow-update-forwarding { <address_match_element>; ... };
793 also-notify [ port <integer> ] [ dscp <integer> ] { (
794 <primaries> | <ipv4_address> [ port <integer> ] |
795 <ipv6_address> [ port <integer> ] ) [ key <string> ];
796 ... };
797 alt-transfer-source ( <ipv4_address> | * ) [ port (
798 <integer> | * ) ] [ dscp <integer> ];
799 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
800 <integer> | * ) ] [ dscp <integer> ];
801 auto-dnssec ( allow | maintain | off );
802 check-dup-records ( fail | warn | ignore );
803 check-integrity <boolean>;
804 check-mx ( fail | warn | ignore );
805 check-mx-cname ( fail | warn | ignore );
806 check-names ( fail | warn | ignore );
807 check-sibling <boolean>;
808 check-spf ( warn | ignore );
809 check-srv-cname ( fail | warn | ignore );
810 check-wildcard <boolean>;
811 database <string>;
812 delegation-only <boolean>;
813 dialup ( notify | notify-passive | passive | refresh |
814 <boolean> );
815 dlz <string>;
816 dnskey-sig-validity <integer>;
817 dnssec-dnskey-kskonly <boolean>;
818 dnssec-loadkeys-interval <integer>;
819 dnssec-policy <string>;
820 dnssec-secure-to-insecure <boolean>;
821 dnssec-update-mode ( maintain | no-resign );
822 file <quoted_string>;
823 forward ( first | only );
824 forwarders [ port <integer> ] [ dscp <integer> ] { (
825 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [
826 dscp <integer> ]; ... };
827 in-view <string>;
828 inline-signing <boolean>;
829 ixfr-base <quoted_string>; // ancient
830 ixfr-from-differences <boolean>;
831 ixfr-tmp-file <quoted_string>; // ancient
832 journal <quoted_string>;
833 key-directory <quoted_string>;
834 maintain-ixfr-base <boolean>; // ancient
835 masterfile-format ( map | raw | text );
836 masterfile-style ( full | relative );
837 masters [ port <integer> ] [ dscp <integer> ] { (
838 <primaries> | <ipv4_address> [ port <integer> ] |
839 <ipv6_address> [ port <integer> ] ) [ key <string> ];
840 ... };
841 max-ixfr-log-size ( default | unlimited |
842 <sizeval> ); // ancient
843 max-ixfr-ratio ( unlimited | <percentage> );
844 max-journal-size ( default | unlimited | <sizeval> );
845 max-records <integer>;
846 max-refresh-time <integer>;
847 max-retry-time <integer>;
848 max-transfer-idle-in <integer>;
849 max-transfer-idle-out <integer>;
850 max-transfer-time-in <integer>;
851 max-transfer-time-out <integer>;
852 max-zone-ttl ( unlimited | <duration> );
853 min-refresh-time <integer>;
854 min-retry-time <integer>;
855 multi-master <boolean>;
856 notify ( explicit | master-only | primary-only | <boolean> );
857 notify-delay <integer>;
858 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
859 ) ] [ dscp <integer> ];
860 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
861 | * ) ] [ dscp <integer> ];
862 notify-to-soa <boolean>;
863 nsec3-test-zone <boolean>; // test only
864 primaries [ port <integer> ] [ dscp <integer> ] { (
865 <primaries> | <ipv4_address> [ port <integer> ] |
866 <ipv6_address> [ port <integer> ] ) [ key <string> ];
867 ... };
868 pubkey <integer> <integer> <integer>
869 <quoted_string>; // ancient
870 request-expire <boolean>;
871 request-ixfr <boolean>;
872 serial-update-method ( date | increment | unixtime );
873 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
874 server-names { <string>; ... };
875 sig-signing-nodes <integer>;
876 sig-signing-signatures <integer>;
877 sig-signing-type <integer>;
878 sig-validity-interval <integer> [ <integer> ];
879 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
880 * ) ] [ dscp <integer> ];
881 transfer-source-v6 ( <ipv6_address> | * ) [ port (
882 <integer> | * ) ] [ dscp <integer> ];
883 try-tcp-refresh <boolean>;
884 type ( primary | master | secondary | slave | mirror |
885 delegation-only | forward | hint | redirect |
886 static-stub | stub );
887 update-check-ksk <boolean>;
888 update-policy ( local | { ( deny | grant ) <string> (
889 6to4-self | external | krb5-self | krb5-selfsub |
890 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
891 name | self | selfsub | selfwild | subdomain | tcp-self
892 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
893 use-alt-transfer-source <boolean>;
894 zero-no-soa-ttl <boolean>;
895 zone-statistics ( full | terse | none | <boolean> );
896 }; // may occur multiple times
897 zone-statistics ( full | terse | none | <boolean> );
898}; // may occur multiple times
899
900zone <string> [ <class> ] {
901 allow-notify { <address_match_element>; ... };
902 allow-query { <address_match_element>; ... };
903 allow-query-on { <address_match_element>; ... };
904 allow-transfer { <address_match_element>; ... };
905 allow-update { <address_match_element>; ... };
906 allow-update-forwarding { <address_match_element>; ... };
907 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
908 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
909 <integer> ] ) [ key <string> ]; ... };
910 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
911 ] [ dscp <integer> ];
912 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
913 * ) ] [ dscp <integer> ];
914 auto-dnssec ( allow | maintain | off );
915 check-dup-records ( fail | warn | ignore );
916 check-integrity <boolean>;
917 check-mx ( fail | warn | ignore );
918 check-mx-cname ( fail | warn | ignore );
919 check-names ( fail | warn | ignore );
920 check-sibling <boolean>;
921 check-spf ( warn | ignore );
922 check-srv-cname ( fail | warn | ignore );
923 check-wildcard <boolean>;
924 database <string>;
925 delegation-only <boolean>;
926 dialup ( notify | notify-passive | passive | refresh | <boolean> );
927 dlz <string>;
928 dnskey-sig-validity <integer>;
929 dnssec-dnskey-kskonly <boolean>;
930 dnssec-loadkeys-interval <integer>;
931 dnssec-policy <string>;
932 dnssec-secure-to-insecure <boolean>;
933 dnssec-update-mode ( maintain | no-resign );
934 file <quoted_string>;
935 forward ( first | only );
936 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
937 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
938 in-view <string>;
939 inline-signing <boolean>;
940 ixfr-base <quoted_string>; // ancient
941 ixfr-from-differences <boolean>;
942 ixfr-tmp-file <quoted_string>; // ancient
943 journal <quoted_string>;
944 key-directory <quoted_string>;
945 maintain-ixfr-base <boolean>; // ancient
946 masterfile-format ( map | raw | text );
947 masterfile-style ( full | relative );
948 masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
949 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
950 <integer> ] ) [ key <string> ]; ... };
951 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
952 max-ixfr-ratio ( unlimited | <percentage> );
953 max-journal-size ( default | unlimited | <sizeval> );
954 max-records <integer>;
955 max-refresh-time <integer>;
956 max-retry-time <integer>;
957 max-transfer-idle-in <integer>;
958 max-transfer-idle-out <integer>;
959 max-transfer-time-in <integer>;
960 max-transfer-time-out <integer>;
961 max-zone-ttl ( unlimited | <duration> );
962 min-refresh-time <integer>;
963 min-retry-time <integer>;
964 multi-master <boolean>;
965 notify ( explicit | master-only | primary-only | <boolean> );
966 notify-delay <integer>;
967 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
968 dscp <integer> ];
969 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
970 [ dscp <integer> ];
971 notify-to-soa <boolean>;
972 nsec3-test-zone <boolean>; // test only
973 primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
974 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
975 <integer> ] ) [ key <string> ]; ... };
976 pubkey <integer> <integer> <integer> <quoted_string>; // ancient
977 request-expire <boolean>;
978 request-ixfr <boolean>;
979 serial-update-method ( date | increment | unixtime );
980 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
981 server-names { <string>; ... };
982 sig-signing-nodes <integer>;
983 sig-signing-signatures <integer>;
984 sig-signing-type <integer>;
985 sig-validity-interval <integer> [ <integer> ];
986 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
987 dscp <integer> ];
988 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
989 ] [ dscp <integer> ];
990 try-tcp-refresh <boolean>;
991 type ( primary | master | secondary | slave | mirror |
992 delegation-only | forward | hint | redirect | static-stub |
993 stub );
994 update-check-ksk <boolean>;
995 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
996 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
997 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
998 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
999 <rrtypelist>; ... };
1000 use-alt-transfer-source <boolean>;
1001 zero-no-soa-ttl <boolean>;
1002 zone-statistics ( full | terse | none | <boolean> );
1003}; // may occur multiple times
1004