options revision 1.1.1.1
1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dyndb <string> <quoted_string> { 25 <unspecified-text> }; // may occur multiple times 26 27key <string> { 28 algorithm <string>; 29 secret <string>; 30}; // may occur multiple times 31 32logging { 33 category <string> { <string>; ... }; // may occur multiple times 34 channel <string> { 35 buffered <boolean>; 36 file <quoted_string> [ versions ( unlimited | <integer> ) ] 37 [ size <size> ] [ suffix ( increment | timestamp ) ]; 38 null; 39 print-category <boolean>; 40 print-severity <boolean>; 41 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 42 severity <log_severity>; 43 stderr; 44 syslog [ <syslog_facility> ]; 45 }; // may occur multiple times 46}; 47 48lwres { <unspecified-text> }; // obsolete, may occur multiple times 49 50managed-keys { <string> <string> <integer> 51 <integer> <integer> <quoted_string>; ... }; // may occur multiple times 52 53masters <string> [ port <integer> ] [ dscp 54 <integer> ] { ( <masters> | <ipv4_address> [ 55 port <integer> ] | <ipv6_address> [ port 56 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 57 58options { 59 acache-cleaning-interval <integer>; // obsolete 60 acache-enable <boolean>; // obsolete 61 additional-from-auth <boolean>; // obsolete 62 additional-from-cache <boolean>; // obsolete 63 allow-new-zones <boolean>; 64 allow-notify { <address_match_element>; ... }; 65 allow-query { <address_match_element>; ... }; 66 allow-query-cache { <address_match_element>; ... }; 67 allow-query-cache-on { <address_match_element>; ... }; 68 allow-query-on { <address_match_element>; ... }; 69 allow-recursion { <address_match_element>; ... }; 70 allow-recursion-on { <address_match_element>; ... }; 71 allow-transfer { <address_match_element>; ... }; 72 allow-update { <address_match_element>; ... }; 73 allow-update-forwarding { <address_match_element>; ... }; 74 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 75 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 76 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 77 <integer> ] ) [ key <string> ]; ... }; 78 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 79 ] [ dscp <integer> ]; 80 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 81 * ) ] [ dscp <integer> ]; 82 answer-cookie <boolean>; 83 attach-cache <string>; 84 auth-nxdomain <boolean>; // default changed 85 auto-dnssec ( allow | maintain | off ); 86 automatic-interface-scan <boolean>; 87 avoid-v4-udp-ports { <portrange>; ... }; 88 avoid-v6-udp-ports { <portrange>; ... }; 89 bindkeys-file <quoted_string>; 90 blackhole { <address_match_element>; ... }; 91 cache-file <quoted_string>; 92 catalog-zones { zone <quoted_string> [ default-masters [ port 93 <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [ 94 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 95 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 96 in-memory <boolean> ] [ min-update-interval <integer> ]; ... }; 97 check-dup-records ( fail | warn | ignore ); 98 check-integrity <boolean>; 99 check-mx ( fail | warn | ignore ); 100 check-mx-cname ( fail | warn | ignore ); 101 check-names ( master | slave | response 102 ) ( fail | warn | ignore ); // may occur multiple times 103 check-sibling <boolean>; 104 check-spf ( warn | ignore ); 105 check-srv-cname ( fail | warn | ignore ); 106 check-wildcard <boolean>; 107 cleaning-interval <integer>; 108 clients-per-query <integer>; 109 cookie-algorithm ( aes | sha1 | sha256 ); 110 cookie-secret <string>; // may occur multiple times 111 coresize ( default | unlimited | <sizeval> ); 112 datasize ( default | unlimited | <sizeval> ); 113 deallocate-on-exit <boolean>; // obsolete 114 deny-answer-addresses { <address_match_element>; ... } [ 115 except-from { <quoted_string>; ... } ]; 116 deny-answer-aliases { <quoted_string>; ... } [ except-from { 117 <quoted_string>; ... } ]; 118 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 119 directory <quoted_string>; 120 disable-algorithms <string> { <string>; 121 ... }; // may occur multiple times 122 disable-ds-digests <string> { <string>; 123 ... }; // may occur multiple times 124 disable-empty-zone <string>; // may occur multiple times 125 dns64 <netprefix> { 126 break-dnssec <boolean>; 127 clients { <address_match_element>; ... }; 128 exclude { <address_match_element>; ... }; 129 mapped { <address_match_element>; ... }; 130 recursive-only <boolean>; 131 suffix <ipv6_address>; 132 }; // may occur multiple times 133 dns64-contact <string>; 134 dns64-server <string>; 135 dnsrps-enable <boolean>; // not configured 136 dnsrps-options { <unspecified-text> }; // not configured 137 dnssec-accept-expired <boolean>; 138 dnssec-dnskey-kskonly <boolean>; 139 dnssec-enable <boolean>; 140 dnssec-loadkeys-interval <integer>; 141 dnssec-lookaside ( <string> trust-anchor 142 <string> | auto | no ); // may occur multiple times 143 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 144 dnssec-secure-to-insecure <boolean>; 145 dnssec-update-mode ( maintain | no-resign ); 146 dnssec-validation ( yes | no | auto ); 147 dnstap { ( all | auth | client | forwarder | 148 resolver ) [ ( query | response ) ]; ... }; // not configured 149 dnstap-identity ( <quoted_string> | none | 150 hostname ); // not configured 151 dnstap-output ( file | unix ) <quoted_string> [ 152 size ( unlimited | <size> ) ] [ versions ( 153 unlimited | <integer> ) ] [ suffix ( increment 154 | timestamp ) ]; // not configured 155 dnstap-version ( <quoted_string> | none ); // not configured 156 dscp <integer>; 157 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 158 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 159 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 160 <integer> ] [ dscp <integer> ] ); ... }; 161 dump-file <quoted_string>; 162 edns-udp-size <integer>; 163 empty-contact <string>; 164 empty-server <string>; 165 empty-zones-enable <boolean>; 166 fake-iquery <boolean>; // obsolete 167 fetch-glue <boolean>; // obsolete 168 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 169 fetches-per-server <integer> [ ( drop | fail ) ]; 170 fetches-per-zone <integer> [ ( drop | fail ) ]; 171 files ( default | unlimited | <sizeval> ); 172 filter-aaaa { <address_match_element>; ... }; 173 filter-aaaa-on-v4 ( break-dnssec | <boolean> ); 174 filter-aaaa-on-v6 ( break-dnssec | <boolean> ); 175 flush-zones-on-shutdown <boolean>; 176 forward ( first | only ); 177 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 178 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 179 fstrm-set-buffer-hint <integer>; // not configured 180 fstrm-set-flush-timeout <integer>; // not configured 181 fstrm-set-input-queue-size <integer>; // not configured 182 fstrm-set-output-notify-threshold <integer>; // not configured 183 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 184 fstrm-set-output-queue-size <integer>; // not configured 185 fstrm-set-reopen-interval <integer>; // not configured 186 geoip-directory ( <quoted_string> | none ); // not configured 187 geoip-use-ecs <boolean>; // not configured 188 glue-cache <boolean>; 189 has-old-clients <boolean>; // obsolete 190 heartbeat-interval <integer>; 191 host-statistics <boolean>; // not implemented 192 host-statistics-max <integer>; // not implemented 193 hostname ( <quoted_string> | none ); 194 inline-signing <boolean>; 195 interface-interval <integer>; 196 ixfr-from-differences ( master | slave | <boolean> ); 197 keep-response-order { <address_match_element>; ... }; 198 key-directory <quoted_string>; 199 lame-ttl <ttlval>; 200 listen-on [ port <integer> ] [ dscp 201 <integer> ] { 202 <address_match_element>; ... }; // may occur multiple times 203 listen-on-v6 [ port <integer> ] [ dscp 204 <integer> ] { 205 <address_match_element>; ... }; // may occur multiple times 206 lmdb-mapsize <sizeval>; // non-operational 207 lock-file ( <quoted_string> | none ); 208 maintain-ixfr-base <boolean>; // obsolete 209 managed-keys-directory <quoted_string>; 210 masterfile-format ( map | raw | text ); 211 masterfile-style ( full | relative ); 212 match-mapped-addresses <boolean>; 213 max-acache-size ( unlimited | <sizeval> ); // obsolete 214 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 215 max-cache-ttl <integer>; 216 max-clients-per-query <integer>; 217 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 218 max-journal-size ( default | unlimited | <sizeval> ); 219 max-ncache-ttl <integer>; 220 max-records <integer>; 221 max-recursion-depth <integer>; 222 max-recursion-queries <integer>; 223 max-refresh-time <integer>; 224 max-retry-time <integer>; 225 max-rsa-exponent-size <integer>; 226 max-stale-ttl <ttlval>; 227 max-transfer-idle-in <integer>; 228 max-transfer-idle-out <integer>; 229 max-transfer-time-in <integer>; 230 max-transfer-time-out <integer>; 231 max-udp-size <integer>; 232 max-zone-ttl ( unlimited | <ttlval> ); 233 memstatistics <boolean>; 234 memstatistics-file <quoted_string>; 235 message-compression <boolean>; 236 min-refresh-time <integer>; 237 min-retry-time <integer>; 238 min-roots <integer>; // not implemented 239 minimal-any <boolean>; 240 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 241 multi-master <boolean>; 242 multiple-cnames <boolean>; // obsolete 243 named-xfer <quoted_string>; // obsolete 244 new-zones-directory <quoted_string>; 245 no-case-compress { <address_match_element>; ... }; 246 nocookie-udp-size <integer>; 247 nosit-udp-size <integer>; // obsolete 248 notify ( explicit | master-only | <boolean> ); 249 notify-delay <integer>; 250 notify-rate <integer>; 251 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 252 dscp <integer> ]; 253 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 254 [ dscp <integer> ]; 255 notify-to-soa <boolean>; 256 nsec3-test-zone <boolean>; // test only 257 nta-lifetime <ttlval>; 258 nta-recheck <ttlval>; 259 nxdomain-redirect <string>; 260 pid-file ( <quoted_string> | none ); 261 port <integer>; 262 preferred-glue <string>; 263 prefetch <integer> [ <integer> ]; 264 provide-ixfr <boolean>; 265 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 266 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 267 port ( <integer> | * ) ) ) [ dscp <integer> ]; 268 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 269 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 270 port ( <integer> | * ) ) ) [ dscp <integer> ]; 271 querylog <boolean>; 272 queryport-pool-ports <integer>; // obsolete 273 queryport-pool-updateinterval <integer>; // obsolete 274 random-device ( <quoted_string> | none ); 275 rate-limit { 276 all-per-second <integer>; 277 errors-per-second <integer>; 278 exempt-clients { <address_match_element>; ... }; 279 ipv4-prefix-length <integer>; 280 ipv6-prefix-length <integer>; 281 log-only <boolean>; 282 max-table-size <integer>; 283 min-table-size <integer>; 284 nodata-per-second <integer>; 285 nxdomains-per-second <integer>; 286 qps-scale <integer>; 287 referrals-per-second <integer>; 288 responses-per-second <integer>; 289 slip <integer>; 290 window <integer>; 291 }; 292 recursing-file <quoted_string>; 293 recursion <boolean>; 294 recursive-clients <integer>; 295 request-expire <boolean>; 296 request-ixfr <boolean>; 297 request-nsid <boolean>; 298 request-sit <boolean>; // obsolete 299 require-server-cookie <boolean>; 300 reserved-sockets <integer>; 301 resolver-nonbackoff-tries <integer>; 302 resolver-query-timeout <integer>; 303 resolver-retry-interval <integer>; 304 response-padding { <address_match_element>; ... } block-size 305 <integer>; 306 response-policy { zone <quoted_string> [ log <boolean> ] [ 307 max-policy-ttl <integer> ] [ min-update-interval <integer> ] [ 308 policy ( cname | disabled | drop | given | no-op | nodata | 309 nxdomain | passthru | tcp-only <quoted_string> ) ] [ 310 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 311 nsdname-enable <boolean> ]; ... } [ break-dnssec <boolean> ] [ 312 max-policy-ttl <integer> ] [ min-update-interval <integer> ] [ 313 min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ 314 qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ 315 nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ 316 dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> 317 } ]; 318 rfc2308-type1 <boolean>; // not yet implemented 319 root-delegation-only [ exclude { <quoted_string>; ... } ]; 320 root-key-sentinel <boolean>; 321 rrset-order { [ class <string> ] [ type <string> ] [ name 322 <quoted_string> ] <string> <string>; ... }; 323 secroots-file <quoted_string>; 324 send-cookie <boolean>; 325 serial-queries <integer>; // obsolete 326 serial-query-rate <integer>; 327 serial-update-method ( date | increment | unixtime ); 328 server-id ( <quoted_string> | none | hostname ); 329 servfail-ttl <ttlval>; 330 session-keyalg <string>; 331 session-keyfile ( <quoted_string> | none ); 332 session-keyname <string>; 333 sig-signing-nodes <integer>; 334 sig-signing-signatures <integer>; 335 sig-signing-type <integer>; 336 sig-validity-interval <integer> [ <integer> ]; 337 sit-secret <string>; // obsolete 338 sortlist { <address_match_element>; ... }; 339 stacksize ( default | unlimited | <sizeval> ); 340 stale-answer-enable <boolean>; 341 stale-answer-ttl <ttlval>; 342 startup-notify-rate <integer>; 343 statistics-file <quoted_string>; 344 statistics-interval <integer>; // not yet implemented 345 suppress-initial-notify <boolean>; // not yet implemented 346 synth-from-dnssec <boolean>; 347 tcp-advertised-timeout <integer>; 348 tcp-clients <integer>; 349 tcp-idle-timeout <integer>; 350 tcp-initial-timeout <integer>; 351 tcp-keepalive-timeout <integer>; 352 tcp-listen-queue <integer>; 353 tkey-dhkey <quoted_string> <integer>; 354 tkey-domain <quoted_string>; 355 tkey-gssapi-credential <quoted_string>; 356 tkey-gssapi-keytab <quoted_string>; 357 topology { <address_match_element>; ... }; // not implemented 358 transfer-format ( many-answers | one-answer ); 359 transfer-message-size <integer>; 360 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 361 dscp <integer> ]; 362 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 363 ] [ dscp <integer> ]; 364 transfers-in <integer>; 365 transfers-out <integer>; 366 transfers-per-ns <integer>; 367 treat-cr-as-space <boolean>; // obsolete 368 trust-anchor-telemetry <boolean>; // experimental 369 try-tcp-refresh <boolean>; 370 update-check-ksk <boolean>; 371 use-alt-transfer-source <boolean>; 372 use-id-pool <boolean>; // obsolete 373 use-ixfr <boolean>; // obsolete 374 use-queryport-pool <boolean>; // obsolete 375 use-v4-udp-ports { <portrange>; ... }; 376 use-v6-udp-ports { <portrange>; ... }; 377 v6-bias <integer>; 378 version ( <quoted_string> | none ); 379 zero-no-soa-ttl <boolean>; 380 zero-no-soa-ttl-cache <boolean>; 381 zone-statistics ( full | terse | none | <boolean> ); 382}; 383 384server <netprefix> { 385 bogus <boolean>; 386 edns <boolean>; 387 edns-udp-size <integer>; 388 edns-version <integer>; 389 keys <server_key>; 390 max-udp-size <integer>; 391 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 392 dscp <integer> ]; 393 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 394 [ dscp <integer> ]; 395 padding <integer>; 396 provide-ixfr <boolean>; 397 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 398 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 399 port ( <integer> | * ) ) ) [ dscp <integer> ]; 400 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 401 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 402 port ( <integer> | * ) ) ) [ dscp <integer> ]; 403 request-expire <boolean>; 404 request-ixfr <boolean>; 405 request-nsid <boolean>; 406 request-sit <boolean>; // obsolete 407 send-cookie <boolean>; 408 support-ixfr <boolean>; // obsolete 409 tcp-keepalive <boolean>; 410 tcp-only <boolean>; 411 transfer-format ( many-answers | one-answer ); 412 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 413 dscp <integer> ]; 414 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 415 ] [ dscp <integer> ]; 416 transfers <integer>; 417}; // may occur multiple times 418 419statistics-channels { 420 inet ( <ipv4_address> | <ipv6_address> | 421 * ) [ port ( <integer> | * ) ] [ 422 allow { <address_match_element>; ... 423 } ]; // may occur multiple times 424}; // may occur multiple times 425 426trusted-keys { <string> <integer> <integer> 427 <integer> <quoted_string>; ... }; // may occur multiple times 428 429view <string> [ <class> ] { 430 acache-cleaning-interval <integer>; // obsolete 431 acache-enable <boolean>; // obsolete 432 additional-from-auth <boolean>; // obsolete 433 additional-from-cache <boolean>; // obsolete 434 allow-new-zones <boolean>; 435 allow-notify { <address_match_element>; ... }; 436 allow-query { <address_match_element>; ... }; 437 allow-query-cache { <address_match_element>; ... }; 438 allow-query-cache-on { <address_match_element>; ... }; 439 allow-query-on { <address_match_element>; ... }; 440 allow-recursion { <address_match_element>; ... }; 441 allow-recursion-on { <address_match_element>; ... }; 442 allow-transfer { <address_match_element>; ... }; 443 allow-update { <address_match_element>; ... }; 444 allow-update-forwarding { <address_match_element>; ... }; 445 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 446 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 447 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 448 <integer> ] ) [ key <string> ]; ... }; 449 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 450 ] [ dscp <integer> ]; 451 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 452 * ) ] [ dscp <integer> ]; 453 attach-cache <string>; 454 auth-nxdomain <boolean>; // default changed 455 auto-dnssec ( allow | maintain | off ); 456 cache-file <quoted_string>; 457 catalog-zones { zone <quoted_string> [ default-masters [ port 458 <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [ 459 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 460 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 461 in-memory <boolean> ] [ min-update-interval <integer> ]; ... }; 462 check-dup-records ( fail | warn | ignore ); 463 check-integrity <boolean>; 464 check-mx ( fail | warn | ignore ); 465 check-mx-cname ( fail | warn | ignore ); 466 check-names ( master | slave | response 467 ) ( fail | warn | ignore ); // may occur multiple times 468 check-sibling <boolean>; 469 check-spf ( warn | ignore ); 470 check-srv-cname ( fail | warn | ignore ); 471 check-wildcard <boolean>; 472 cleaning-interval <integer>; 473 clients-per-query <integer>; 474 deny-answer-addresses { <address_match_element>; ... } [ 475 except-from { <quoted_string>; ... } ]; 476 deny-answer-aliases { <quoted_string>; ... } [ except-from { 477 <quoted_string>; ... } ]; 478 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 479 disable-algorithms <string> { <string>; 480 ... }; // may occur multiple times 481 disable-ds-digests <string> { <string>; 482 ... }; // may occur multiple times 483 disable-empty-zone <string>; // may occur multiple times 484 dlz <string> { 485 database <string>; 486 search <boolean>; 487 }; // may occur multiple times 488 dns64 <netprefix> { 489 break-dnssec <boolean>; 490 clients { <address_match_element>; ... }; 491 exclude { <address_match_element>; ... }; 492 mapped { <address_match_element>; ... }; 493 recursive-only <boolean>; 494 suffix <ipv6_address>; 495 }; // may occur multiple times 496 dns64-contact <string>; 497 dns64-server <string>; 498 dnsrps-enable <boolean>; // not configured 499 dnsrps-options { <unspecified-text> }; // not configured 500 dnssec-accept-expired <boolean>; 501 dnssec-dnskey-kskonly <boolean>; 502 dnssec-enable <boolean>; 503 dnssec-loadkeys-interval <integer>; 504 dnssec-lookaside ( <string> trust-anchor 505 <string> | auto | no ); // may occur multiple times 506 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 507 dnssec-secure-to-insecure <boolean>; 508 dnssec-update-mode ( maintain | no-resign ); 509 dnssec-validation ( yes | no | auto ); 510 dnstap { ( all | auth | client | forwarder | 511 resolver ) [ ( query | response ) ]; ... }; // not configured 512 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 513 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 514 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 515 <integer> ] [ dscp <integer> ] ); ... }; 516 dyndb <string> <quoted_string> { 517 <unspecified-text> }; // may occur multiple times 518 edns-udp-size <integer>; 519 empty-contact <string>; 520 empty-server <string>; 521 empty-zones-enable <boolean>; 522 fetch-glue <boolean>; // obsolete 523 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 524 fetches-per-server <integer> [ ( drop | fail ) ]; 525 fetches-per-zone <integer> [ ( drop | fail ) ]; 526 filter-aaaa { <address_match_element>; ... }; 527 filter-aaaa-on-v4 ( break-dnssec | <boolean> ); 528 filter-aaaa-on-v6 ( break-dnssec | <boolean> ); 529 forward ( first | only ); 530 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 531 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 532 glue-cache <boolean>; 533 inline-signing <boolean>; 534 ixfr-from-differences ( master | slave | <boolean> ); 535 key <string> { 536 algorithm <string>; 537 secret <string>; 538 }; // may occur multiple times 539 key-directory <quoted_string>; 540 lame-ttl <ttlval>; 541 lmdb-mapsize <sizeval>; // non-operational 542 maintain-ixfr-base <boolean>; // obsolete 543 managed-keys { <string> <string> 544 <integer> <integer> <integer> 545 <quoted_string>; ... }; // may occur multiple times 546 masterfile-format ( map | raw | text ); 547 masterfile-style ( full | relative ); 548 match-clients { <address_match_element>; ... }; 549 match-destinations { <address_match_element>; ... }; 550 match-recursive-only <boolean>; 551 max-acache-size ( unlimited | <sizeval> ); // obsolete 552 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 553 max-cache-ttl <integer>; 554 max-clients-per-query <integer>; 555 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 556 max-journal-size ( default | unlimited | <sizeval> ); 557 max-ncache-ttl <integer>; 558 max-records <integer>; 559 max-recursion-depth <integer>; 560 max-recursion-queries <integer>; 561 max-refresh-time <integer>; 562 max-retry-time <integer>; 563 max-stale-ttl <ttlval>; 564 max-transfer-idle-in <integer>; 565 max-transfer-idle-out <integer>; 566 max-transfer-time-in <integer>; 567 max-transfer-time-out <integer>; 568 max-udp-size <integer>; 569 max-zone-ttl ( unlimited | <ttlval> ); 570 message-compression <boolean>; 571 min-refresh-time <integer>; 572 min-retry-time <integer>; 573 min-roots <integer>; // not implemented 574 minimal-any <boolean>; 575 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 576 multi-master <boolean>; 577 new-zones-directory <quoted_string>; 578 no-case-compress { <address_match_element>; ... }; 579 nocookie-udp-size <integer>; 580 nosit-udp-size <integer>; // obsolete 581 notify ( explicit | master-only | <boolean> ); 582 notify-delay <integer>; 583 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 584 dscp <integer> ]; 585 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 586 [ dscp <integer> ]; 587 notify-to-soa <boolean>; 588 nsec3-test-zone <boolean>; // test only 589 nta-lifetime <ttlval>; 590 nta-recheck <ttlval>; 591 nxdomain-redirect <string>; 592 preferred-glue <string>; 593 prefetch <integer> [ <integer> ]; 594 provide-ixfr <boolean>; 595 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 596 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 597 port ( <integer> | * ) ) ) [ dscp <integer> ]; 598 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 599 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 600 port ( <integer> | * ) ) ) [ dscp <integer> ]; 601 queryport-pool-ports <integer>; // obsolete 602 queryport-pool-updateinterval <integer>; // obsolete 603 rate-limit { 604 all-per-second <integer>; 605 errors-per-second <integer>; 606 exempt-clients { <address_match_element>; ... }; 607 ipv4-prefix-length <integer>; 608 ipv6-prefix-length <integer>; 609 log-only <boolean>; 610 max-table-size <integer>; 611 min-table-size <integer>; 612 nodata-per-second <integer>; 613 nxdomains-per-second <integer>; 614 qps-scale <integer>; 615 referrals-per-second <integer>; 616 responses-per-second <integer>; 617 slip <integer>; 618 window <integer>; 619 }; 620 recursion <boolean>; 621 request-expire <boolean>; 622 request-ixfr <boolean>; 623 request-nsid <boolean>; 624 request-sit <boolean>; // obsolete 625 require-server-cookie <boolean>; 626 resolver-nonbackoff-tries <integer>; 627 resolver-query-timeout <integer>; 628 resolver-retry-interval <integer>; 629 response-padding { <address_match_element>; ... } block-size 630 <integer>; 631 response-policy { zone <quoted_string> [ log <boolean> ] [ 632 max-policy-ttl <integer> ] [ min-update-interval <integer> ] [ 633 policy ( cname | disabled | drop | given | no-op | nodata | 634 nxdomain | passthru | tcp-only <quoted_string> ) ] [ 635 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 636 nsdname-enable <boolean> ]; ... } [ break-dnssec <boolean> ] [ 637 max-policy-ttl <integer> ] [ min-update-interval <integer> ] [ 638 min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ 639 qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ 640 nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ 641 dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> 642 } ]; 643 rfc2308-type1 <boolean>; // not yet implemented 644 root-delegation-only [ exclude { <quoted_string>; ... } ]; 645 root-key-sentinel <boolean>; 646 rrset-order { [ class <string> ] [ type <string> ] [ name 647 <quoted_string> ] <string> <string>; ... }; 648 send-cookie <boolean>; 649 serial-update-method ( date | increment | unixtime ); 650 server <netprefix> { 651 bogus <boolean>; 652 edns <boolean>; 653 edns-udp-size <integer>; 654 edns-version <integer>; 655 keys <server_key>; 656 max-udp-size <integer>; 657 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 658 ) ] [ dscp <integer> ]; 659 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 660 | * ) ] [ dscp <integer> ]; 661 padding <integer>; 662 provide-ixfr <boolean>; 663 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 664 ( <integer> | * ) ] ) | ( [ [ address ] ( 665 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 666 dscp <integer> ]; 667 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 668 port ( <integer> | * ) ] ) | ( [ [ address ] ( 669 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 670 dscp <integer> ]; 671 request-expire <boolean>; 672 request-ixfr <boolean>; 673 request-nsid <boolean>; 674 request-sit <boolean>; // obsolete 675 send-cookie <boolean>; 676 support-ixfr <boolean>; // obsolete 677 tcp-keepalive <boolean>; 678 tcp-only <boolean>; 679 transfer-format ( many-answers | one-answer ); 680 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 681 * ) ] [ dscp <integer> ]; 682 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 683 <integer> | * ) ] [ dscp <integer> ]; 684 transfers <integer>; 685 }; // may occur multiple times 686 servfail-ttl <ttlval>; 687 sig-signing-nodes <integer>; 688 sig-signing-signatures <integer>; 689 sig-signing-type <integer>; 690 sig-validity-interval <integer> [ <integer> ]; 691 sortlist { <address_match_element>; ... }; 692 stale-answer-enable <boolean>; 693 stale-answer-ttl <ttlval>; 694 suppress-initial-notify <boolean>; // not yet implemented 695 synth-from-dnssec <boolean>; 696 topology { <address_match_element>; ... }; // not implemented 697 transfer-format ( many-answers | one-answer ); 698 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 699 dscp <integer> ]; 700 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 701 ] [ dscp <integer> ]; 702 trust-anchor-telemetry <boolean>; // experimental 703 trusted-keys { <string> <integer> 704 <integer> <integer> <quoted_string>; 705 ... }; // may occur multiple times 706 try-tcp-refresh <boolean>; 707 update-check-ksk <boolean>; 708 use-alt-transfer-source <boolean>; 709 use-queryport-pool <boolean>; // obsolete 710 v6-bias <integer>; 711 zero-no-soa-ttl <boolean>; 712 zero-no-soa-ttl-cache <boolean>; 713 zone <string> [ <class> ] { 714 allow-notify { <address_match_element>; ... }; 715 allow-query { <address_match_element>; ... }; 716 allow-query-on { <address_match_element>; ... }; 717 allow-transfer { <address_match_element>; ... }; 718 allow-update { <address_match_element>; ... }; 719 allow-update-forwarding { <address_match_element>; ... }; 720 also-notify [ port <integer> ] [ dscp <integer> ] { ( 721 <masters> | <ipv4_address> [ port <integer> ] | 722 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 723 ... }; 724 alt-transfer-source ( <ipv4_address> | * ) [ port ( 725 <integer> | * ) ] [ dscp <integer> ]; 726 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 727 <integer> | * ) ] [ dscp <integer> ]; 728 auto-dnssec ( allow | maintain | off ); 729 check-dup-records ( fail | warn | ignore ); 730 check-integrity <boolean>; 731 check-mx ( fail | warn | ignore ); 732 check-mx-cname ( fail | warn | ignore ); 733 check-names ( fail | warn | ignore ); 734 check-sibling <boolean>; 735 check-spf ( warn | ignore ); 736 check-srv-cname ( fail | warn | ignore ); 737 check-wildcard <boolean>; 738 database <string>; 739 delegation-only <boolean>; 740 dialup ( notify | notify-passive | passive | refresh | 741 <boolean> ); 742 dlz <string>; 743 dnssec-dnskey-kskonly <boolean>; 744 dnssec-loadkeys-interval <integer>; 745 dnssec-secure-to-insecure <boolean>; 746 dnssec-update-mode ( maintain | no-resign ); 747 file <quoted_string>; 748 forward ( first | only ); 749 forwarders [ port <integer> ] [ dscp <integer> ] { ( 750 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 751 dscp <integer> ]; ... }; 752 in-view <string>; 753 inline-signing <boolean>; 754 ixfr-base <quoted_string>; // obsolete 755 ixfr-from-differences <boolean>; 756 ixfr-tmp-file <quoted_string>; // obsolete 757 journal <quoted_string>; 758 key-directory <quoted_string>; 759 maintain-ixfr-base <boolean>; // obsolete 760 masterfile-format ( map | raw | text ); 761 masterfile-style ( full | relative ); 762 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 763 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 764 port <integer> ] ) [ key <string> ]; ... }; 765 max-ixfr-log-size ( default | unlimited | 766 <sizeval> ); // obsolete 767 max-journal-size ( default | unlimited | <sizeval> ); 768 max-records <integer>; 769 max-refresh-time <integer>; 770 max-retry-time <integer>; 771 max-transfer-idle-in <integer>; 772 max-transfer-idle-out <integer>; 773 max-transfer-time-in <integer>; 774 max-transfer-time-out <integer>; 775 max-zone-ttl ( unlimited | <ttlval> ); 776 min-refresh-time <integer>; 777 min-retry-time <integer>; 778 multi-master <boolean>; 779 notify ( explicit | master-only | <boolean> ); 780 notify-delay <integer>; 781 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 782 ) ] [ dscp <integer> ]; 783 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 784 | * ) ] [ dscp <integer> ]; 785 notify-to-soa <boolean>; 786 nsec3-test-zone <boolean>; // test only 787 pubkey <integer> 788 <integer> 789 <integer> 790 <quoted_string>; // obsolete, may occur multiple times 791 request-expire <boolean>; 792 request-ixfr <boolean>; 793 serial-update-method ( date | increment | unixtime ); 794 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ 795 port <integer> ]; ... }; 796 server-names { <quoted_string>; ... }; 797 sig-signing-nodes <integer>; 798 sig-signing-signatures <integer>; 799 sig-signing-type <integer>; 800 sig-validity-interval <integer> [ <integer> ]; 801 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 802 * ) ] [ dscp <integer> ]; 803 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 804 <integer> | * ) ] [ dscp <integer> ]; 805 try-tcp-refresh <boolean>; 806 type ( delegation-only | forward | hint | master | redirect 807 | slave | static-stub | stub ); 808 update-check-ksk <boolean>; 809 update-policy ( local | { ( deny | grant ) <string> ( 810 6to4-self | external | krb5-self | krb5-subdomain | 811 ms-self | ms-subdomain | name | self | selfsub | 812 selfwild | subdomain | tcp-self | wildcard | zonesub ) 813 [ <string> ] <rrtypelist>; ... }; 814 use-alt-transfer-source <boolean>; 815 zero-no-soa-ttl <boolean>; 816 zone-statistics ( full | terse | none | <boolean> ); 817 }; // may occur multiple times 818 zone-statistics ( full | terse | none | <boolean> ); 819}; // may occur multiple times 820 821zone <string> [ <class> ] { 822 allow-notify { <address_match_element>; ... }; 823 allow-query { <address_match_element>; ... }; 824 allow-query-on { <address_match_element>; ... }; 825 allow-transfer { <address_match_element>; ... }; 826 allow-update { <address_match_element>; ... }; 827 allow-update-forwarding { <address_match_element>; ... }; 828 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 829 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 830 <integer> ] ) [ key <string> ]; ... }; 831 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 832 ] [ dscp <integer> ]; 833 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 834 * ) ] [ dscp <integer> ]; 835 auto-dnssec ( allow | maintain | off ); 836 check-dup-records ( fail | warn | ignore ); 837 check-integrity <boolean>; 838 check-mx ( fail | warn | ignore ); 839 check-mx-cname ( fail | warn | ignore ); 840 check-names ( fail | warn | ignore ); 841 check-sibling <boolean>; 842 check-spf ( warn | ignore ); 843 check-srv-cname ( fail | warn | ignore ); 844 check-wildcard <boolean>; 845 database <string>; 846 delegation-only <boolean>; 847 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 848 dlz <string>; 849 dnssec-dnskey-kskonly <boolean>; 850 dnssec-loadkeys-interval <integer>; 851 dnssec-secure-to-insecure <boolean>; 852 dnssec-update-mode ( maintain | no-resign ); 853 file <quoted_string>; 854 forward ( first | only ); 855 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 856 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 857 in-view <string>; 858 inline-signing <boolean>; 859 ixfr-base <quoted_string>; // obsolete 860 ixfr-from-differences <boolean>; 861 ixfr-tmp-file <quoted_string>; // obsolete 862 journal <quoted_string>; 863 key-directory <quoted_string>; 864 maintain-ixfr-base <boolean>; // obsolete 865 masterfile-format ( map | raw | text ); 866 masterfile-style ( full | relative ); 867 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 868 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 869 <integer> ] ) [ key <string> ]; ... }; 870 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 871 max-journal-size ( default | unlimited | <sizeval> ); 872 max-records <integer>; 873 max-refresh-time <integer>; 874 max-retry-time <integer>; 875 max-transfer-idle-in <integer>; 876 max-transfer-idle-out <integer>; 877 max-transfer-time-in <integer>; 878 max-transfer-time-out <integer>; 879 max-zone-ttl ( unlimited | <ttlval> ); 880 min-refresh-time <integer>; 881 min-retry-time <integer>; 882 multi-master <boolean>; 883 notify ( explicit | master-only | <boolean> ); 884 notify-delay <integer>; 885 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 886 dscp <integer> ]; 887 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 888 [ dscp <integer> ]; 889 notify-to-soa <boolean>; 890 nsec3-test-zone <boolean>; // test only 891 pubkey <integer> <integer> 892 <integer> <quoted_string>; // obsolete, may occur multiple times 893 request-expire <boolean>; 894 request-ixfr <boolean>; 895 serial-update-method ( date | increment | unixtime ); 896 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port 897 <integer> ]; ... }; 898 server-names { <quoted_string>; ... }; 899 sig-signing-nodes <integer>; 900 sig-signing-signatures <integer>; 901 sig-signing-type <integer>; 902 sig-validity-interval <integer> [ <integer> ]; 903 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 904 dscp <integer> ]; 905 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 906 ] [ dscp <integer> ]; 907 try-tcp-refresh <boolean>; 908 type ( delegation-only | forward | hint | master | redirect | slave 909 | static-stub | stub ); 910 update-check-ksk <boolean>; 911 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 912 external | krb5-self | krb5-subdomain | ms-self | ms-subdomain 913 | name | self | selfsub | selfwild | subdomain | tcp-self | 914 wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 915 use-alt-transfer-source <boolean>; 916 zero-no-soa-ttl <boolean>; 917 zone-statistics ( full | terse | none | <boolean> ); 918}; // may occur multiple times 919 920