options revision 1.1.1.2
1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dyndb <string> <quoted_string> { 25 <unspecified-text> }; // may occur multiple times 26 27key <string> { 28 algorithm <string>; 29 secret <string>; 30}; // may occur multiple times 31 32logging { 33 category <string> { <string>; ... }; // may occur multiple times 34 channel <string> { 35 buffered <boolean>; 36 file <quoted_string> [ versions ( unlimited | <integer> ) ] 37 [ size <size> ] [ suffix ( increment | timestamp ) ]; 38 null; 39 print-category <boolean>; 40 print-severity <boolean>; 41 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 42 severity <log_severity>; 43 stderr; 44 syslog [ <syslog_facility> ]; 45 }; // may occur multiple times 46}; 47 48lwres { <unspecified-text> }; // obsolete, may occur multiple times 49 50managed-keys { <string> <string> <integer> 51 <integer> <integer> <quoted_string>; ... }; // may occur multiple times 52 53masters <string> [ port <integer> ] [ dscp 54 <integer> ] { ( <masters> | <ipv4_address> [ 55 port <integer> ] | <ipv6_address> [ port 56 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 57 58options { 59 acache-cleaning-interval <integer>; // obsolete 60 acache-enable <boolean>; // obsolete 61 additional-from-auth <boolean>; // obsolete 62 additional-from-cache <boolean>; // obsolete 63 allow-new-zones <boolean>; 64 allow-notify { <address_match_element>; ... }; 65 allow-query { <address_match_element>; ... }; 66 allow-query-cache { <address_match_element>; ... }; 67 allow-query-cache-on { <address_match_element>; ... }; 68 allow-query-on { <address_match_element>; ... }; 69 allow-recursion { <address_match_element>; ... }; 70 allow-recursion-on { <address_match_element>; ... }; 71 allow-transfer { <address_match_element>; ... }; 72 allow-update { <address_match_element>; ... }; 73 allow-update-forwarding { <address_match_element>; ... }; 74 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 75 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 76 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 77 <integer> ] ) [ key <string> ]; ... }; 78 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 79 ] [ dscp <integer> ]; 80 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 81 * ) ] [ dscp <integer> ]; 82 answer-cookie <boolean>; 83 attach-cache <string>; 84 auth-nxdomain <boolean>; // default changed 85 auto-dnssec ( allow | maintain | off ); 86 automatic-interface-scan <boolean>; 87 avoid-v4-udp-ports { <portrange>; ... }; 88 avoid-v6-udp-ports { <portrange>; ... }; 89 bindkeys-file <quoted_string>; 90 blackhole { <address_match_element>; ... }; 91 cache-file <quoted_string>; 92 catalog-zones { zone <string> [ default-masters [ port <integer> ] 93 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 94 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 95 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 96 in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... }; 97 check-dup-records ( fail | warn | ignore ); 98 check-integrity <boolean>; 99 check-mx ( fail | warn | ignore ); 100 check-mx-cname ( fail | warn | ignore ); 101 check-names ( primary | master | 102 secondary | slave | response ) ( 103 fail | warn | ignore ); // may occur multiple times 104 check-sibling <boolean>; 105 check-spf ( warn | ignore ); 106 check-srv-cname ( fail | warn | ignore ); 107 check-wildcard <boolean>; 108 cleaning-interval <integer>; 109 clients-per-query <integer>; 110 cookie-algorithm ( aes | sha1 | sha256 ); 111 cookie-secret <string>; // may occur multiple times 112 coresize ( default | unlimited | <sizeval> ); 113 datasize ( default | unlimited | <sizeval> ); 114 deallocate-on-exit <boolean>; // obsolete 115 deny-answer-addresses { <address_match_element>; ... } [ 116 except-from { <string>; ... } ]; 117 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 118 } ]; 119 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 120 directory <quoted_string>; 121 disable-algorithms <string> { <string>; 122 ... }; // may occur multiple times 123 disable-ds-digests <string> { <string>; 124 ... }; // may occur multiple times 125 disable-empty-zone <string>; // may occur multiple times 126 dns64 <netprefix> { 127 break-dnssec <boolean>; 128 clients { <address_match_element>; ... }; 129 exclude { <address_match_element>; ... }; 130 mapped { <address_match_element>; ... }; 131 recursive-only <boolean>; 132 suffix <ipv6_address>; 133 }; // may occur multiple times 134 dns64-contact <string>; 135 dns64-server <string>; 136 dnskey-sig-validity <integer>; 137 dnsrps-enable <boolean>; // not configured 138 dnsrps-options { <unspecified-text> }; // not configured 139 dnssec-accept-expired <boolean>; 140 dnssec-dnskey-kskonly <boolean>; 141 dnssec-enable <boolean>; 142 dnssec-loadkeys-interval <integer>; 143 dnssec-lookaside ( <string> trust-anchor 144 <string> | auto | no ); // may occur multiple times 145 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 146 dnssec-secure-to-insecure <boolean>; 147 dnssec-update-mode ( maintain | no-resign ); 148 dnssec-validation ( yes | no | auto ); 149 dnstap { ( all | auth | client | forwarder | 150 resolver | update ) [ ( query | response ) ]; 151 ... }; // not configured 152 dnstap-identity ( <quoted_string> | none | 153 hostname ); // not configured 154 dnstap-output ( file | unix ) <quoted_string> [ 155 size ( unlimited | <size> ) ] [ versions ( 156 unlimited | <integer> ) ] [ suffix ( increment 157 | timestamp ) ]; // not configured 158 dnstap-version ( <quoted_string> | none ); // not configured 159 dscp <integer>; 160 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 161 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 162 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 163 <integer> ] [ dscp <integer> ] ); ... }; 164 dump-file <quoted_string>; 165 edns-udp-size <integer>; 166 empty-contact <string>; 167 empty-server <string>; 168 empty-zones-enable <boolean>; 169 fake-iquery <boolean>; // obsolete 170 fetch-glue <boolean>; // obsolete 171 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 172 fetches-per-server <integer> [ ( drop | fail ) ]; 173 fetches-per-zone <integer> [ ( drop | fail ) ]; 174 files ( default | unlimited | <sizeval> ); 175 filter-aaaa { <address_match_element>; ... }; // obsolete 176 filter-aaaa-on-v4 <boolean>; // obsolete 177 filter-aaaa-on-v6 <boolean>; // obsolete 178 flush-zones-on-shutdown <boolean>; 179 forward ( first | only ); 180 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 181 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 182 fstrm-set-buffer-hint <integer>; // not configured 183 fstrm-set-flush-timeout <integer>; // not configured 184 fstrm-set-input-queue-size <integer>; // not configured 185 fstrm-set-output-notify-threshold <integer>; // not configured 186 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 187 fstrm-set-output-queue-size <integer>; // not configured 188 fstrm-set-reopen-interval <ttlval>; // not configured 189 geoip-directory ( <quoted_string> | none ); // not configured 190 geoip-use-ecs <boolean>; // obsolete 191 glue-cache <boolean>; 192 has-old-clients <boolean>; // obsolete 193 heartbeat-interval <integer>; 194 host-statistics <boolean>; // not implemented 195 host-statistics-max <integer>; // not implemented 196 hostname ( <quoted_string> | none ); 197 inline-signing <boolean>; 198 interface-interval <ttlval>; 199 ixfr-from-differences ( primary | master | secondary | slave | 200 <boolean> ); 201 keep-response-order { <address_match_element>; ... }; 202 key-directory <quoted_string>; 203 lame-ttl <ttlval>; 204 listen-on [ port <integer> ] [ dscp 205 <integer> ] { 206 <address_match_element>; ... }; // may occur multiple times 207 listen-on-v6 [ port <integer> ] [ dscp 208 <integer> ] { 209 <address_match_element>; ... }; // may occur multiple times 210 lmdb-mapsize <sizeval>; // non-operational 211 lock-file ( <quoted_string> | none ); 212 maintain-ixfr-base <boolean>; // obsolete 213 managed-keys-directory <quoted_string>; 214 masterfile-format ( map | raw | text ); 215 masterfile-style ( full | relative ); 216 match-mapped-addresses <boolean>; 217 max-acache-size ( unlimited | <sizeval> ); // obsolete 218 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 219 max-cache-ttl <ttlval>; 220 max-clients-per-query <integer>; 221 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 222 max-journal-size ( default | unlimited | <sizeval> ); 223 max-ncache-ttl <ttlval>; 224 max-records <integer>; 225 max-recursion-depth <integer>; 226 max-recursion-queries <integer>; 227 max-refresh-time <integer>; 228 max-retry-time <integer>; 229 max-rsa-exponent-size <integer>; 230 max-stale-ttl <ttlval>; 231 max-transfer-idle-in <integer>; 232 max-transfer-idle-out <integer>; 233 max-transfer-time-in <integer>; 234 max-transfer-time-out <integer>; 235 max-udp-size <integer>; 236 max-zone-ttl ( unlimited | <ttlval> ); 237 memstatistics <boolean>; 238 memstatistics-file <quoted_string>; 239 message-compression <boolean>; 240 min-cache-ttl <ttlval>; 241 min-ncache-ttl <ttlval>; 242 min-refresh-time <integer>; 243 min-retry-time <integer>; 244 min-roots <integer>; // not implemented 245 minimal-any <boolean>; 246 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 247 multi-master <boolean>; 248 multiple-cnames <boolean>; // obsolete 249 named-xfer <quoted_string>; // obsolete 250 new-zones-directory <quoted_string>; 251 no-case-compress { <address_match_element>; ... }; 252 nocookie-udp-size <integer>; 253 nosit-udp-size <integer>; // obsolete 254 notify ( explicit | master-only | <boolean> ); 255 notify-delay <integer>; 256 notify-rate <integer>; 257 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 258 dscp <integer> ]; 259 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 260 [ dscp <integer> ]; 261 notify-to-soa <boolean>; 262 nsec3-test-zone <boolean>; // test only 263 nta-lifetime <ttlval>; 264 nta-recheck <ttlval>; 265 nxdomain-redirect <string>; 266 pid-file ( <quoted_string> | none ); 267 port <integer>; 268 preferred-glue <string>; 269 prefetch <integer> [ <integer> ]; 270 provide-ixfr <boolean>; 271 qname-minimization ( strict | relaxed | disabled | off ); 272 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 273 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 274 port ( <integer> | * ) ) ) [ dscp <integer> ]; 275 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 276 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 277 port ( <integer> | * ) ) ) [ dscp <integer> ]; 278 querylog <boolean>; 279 queryport-pool-ports <integer>; // obsolete 280 queryport-pool-updateinterval <integer>; // obsolete 281 random-device ( <quoted_string> | none ); 282 rate-limit { 283 all-per-second <integer>; 284 errors-per-second <integer>; 285 exempt-clients { <address_match_element>; ... }; 286 ipv4-prefix-length <integer>; 287 ipv6-prefix-length <integer>; 288 log-only <boolean>; 289 max-table-size <integer>; 290 min-table-size <integer>; 291 nodata-per-second <integer>; 292 nxdomains-per-second <integer>; 293 qps-scale <integer>; 294 referrals-per-second <integer>; 295 responses-per-second <integer>; 296 slip <integer>; 297 window <integer>; 298 }; 299 recursing-file <quoted_string>; 300 recursion <boolean>; 301 recursive-clients <integer>; 302 request-expire <boolean>; 303 request-ixfr <boolean>; 304 request-nsid <boolean>; 305 request-sit <boolean>; // obsolete 306 require-server-cookie <boolean>; 307 reserved-sockets <integer>; 308 resolver-nonbackoff-tries <integer>; 309 resolver-query-timeout <integer>; 310 resolver-retry-interval <integer>; 311 response-padding { <address_match_element>; ... } block-size 312 <integer>; 313 response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl 314 <ttlval> ] [ min-update-interval <ttlval> ] [ policy ( cname | 315 disabled | drop | given | no-op | nodata | nxdomain | passthru 316 | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ 317 nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ 318 break-dnssec <boolean> ] [ max-policy-ttl <ttlval> ] [ 319 min-update-interval <ttlval> ] [ min-ns-dots <integer> ] [ 320 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 321 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 322 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 323 dnsrps-options { <unspecified-text> } ]; 324 rfc2308-type1 <boolean>; // not yet implemented 325 root-delegation-only [ exclude { <string>; ... } ]; 326 root-key-sentinel <boolean>; 327 rrset-order { [ class <string> ] [ type <string> ] [ name 328 <quoted_string> ] <string> <string>; ... }; 329 secroots-file <quoted_string>; 330 send-cookie <boolean>; 331 serial-queries <integer>; // obsolete 332 serial-query-rate <integer>; 333 serial-update-method ( date | increment | unixtime ); 334 server-id ( <quoted_string> | none | hostname ); 335 servfail-ttl <ttlval>; 336 session-keyalg <string>; 337 session-keyfile ( <quoted_string> | none ); 338 session-keyname <string>; 339 sig-signing-nodes <integer>; 340 sig-signing-signatures <integer>; 341 sig-signing-type <integer>; 342 sig-validity-interval <integer> [ <integer> ]; 343 sit-secret <string>; // obsolete 344 sortlist { <address_match_element>; ... }; 345 stacksize ( default | unlimited | <sizeval> ); 346 stale-answer-enable <boolean>; 347 stale-answer-ttl <ttlval>; 348 startup-notify-rate <integer>; 349 statistics-file <quoted_string>; 350 statistics-interval <integer>; // not yet implemented 351 suppress-initial-notify <boolean>; // not yet implemented 352 synth-from-dnssec <boolean>; 353 tcp-advertised-timeout <integer>; 354 tcp-clients <integer>; 355 tcp-idle-timeout <integer>; 356 tcp-initial-timeout <integer>; 357 tcp-keepalive-timeout <integer>; 358 tcp-listen-queue <integer>; 359 tkey-dhkey <quoted_string> <integer>; 360 tkey-domain <quoted_string>; 361 tkey-gssapi-credential <quoted_string>; 362 tkey-gssapi-keytab <quoted_string>; 363 topology { <address_match_element>; ... }; // not implemented 364 transfer-format ( many-answers | one-answer ); 365 transfer-message-size <integer>; 366 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 367 dscp <integer> ]; 368 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 369 ] [ dscp <integer> ]; 370 transfers-in <integer>; 371 transfers-out <integer>; 372 transfers-per-ns <integer>; 373 treat-cr-as-space <boolean>; // obsolete 374 trust-anchor-telemetry <boolean>; // experimental 375 try-tcp-refresh <boolean>; 376 update-check-ksk <boolean>; 377 use-alt-transfer-source <boolean>; 378 use-id-pool <boolean>; // obsolete 379 use-ixfr <boolean>; // obsolete 380 use-queryport-pool <boolean>; // obsolete 381 use-v4-udp-ports { <portrange>; ... }; 382 use-v6-udp-ports { <portrange>; ... }; 383 v6-bias <integer>; 384 validate-except { <string>; ... }; 385 version ( <quoted_string> | none ); 386 zero-no-soa-ttl <boolean>; 387 zero-no-soa-ttl-cache <boolean>; 388 zone-statistics ( full | terse | none | <boolean> ); 389}; 390 391plugin ( query ) <string> [ { <unspecified-text> 392 } ]; // may occur multiple times 393 394server <netprefix> { 395 bogus <boolean>; 396 edns <boolean>; 397 edns-udp-size <integer>; 398 edns-version <integer>; 399 keys <server_key>; 400 max-udp-size <integer>; 401 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 402 dscp <integer> ]; 403 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 404 [ dscp <integer> ]; 405 padding <integer>; 406 provide-ixfr <boolean>; 407 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 408 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 409 port ( <integer> | * ) ) ) [ dscp <integer> ]; 410 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 411 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 412 port ( <integer> | * ) ) ) [ dscp <integer> ]; 413 request-expire <boolean>; 414 request-ixfr <boolean>; 415 request-nsid <boolean>; 416 request-sit <boolean>; // obsolete 417 send-cookie <boolean>; 418 support-ixfr <boolean>; // obsolete 419 tcp-keepalive <boolean>; 420 tcp-only <boolean>; 421 transfer-format ( many-answers | one-answer ); 422 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 423 dscp <integer> ]; 424 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 425 ] [ dscp <integer> ]; 426 transfers <integer>; 427}; // may occur multiple times 428 429statistics-channels { 430 inet ( <ipv4_address> | <ipv6_address> | 431 * ) [ port ( <integer> | * ) ] [ 432 allow { <address_match_element>; ... 433 } ]; // may occur multiple times 434}; // may occur multiple times 435 436trusted-keys { <string> <integer> <integer> 437 <integer> <quoted_string>; ... }; // may occur multiple times 438 439view <string> [ <class> ] { 440 acache-cleaning-interval <integer>; // obsolete 441 acache-enable <boolean>; // obsolete 442 additional-from-auth <boolean>; // obsolete 443 additional-from-cache <boolean>; // obsolete 444 allow-new-zones <boolean>; 445 allow-notify { <address_match_element>; ... }; 446 allow-query { <address_match_element>; ... }; 447 allow-query-cache { <address_match_element>; ... }; 448 allow-query-cache-on { <address_match_element>; ... }; 449 allow-query-on { <address_match_element>; ... }; 450 allow-recursion { <address_match_element>; ... }; 451 allow-recursion-on { <address_match_element>; ... }; 452 allow-transfer { <address_match_element>; ... }; 453 allow-update { <address_match_element>; ... }; 454 allow-update-forwarding { <address_match_element>; ... }; 455 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 456 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 457 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 458 <integer> ] ) [ key <string> ]; ... }; 459 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 460 ] [ dscp <integer> ]; 461 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 462 * ) ] [ dscp <integer> ]; 463 attach-cache <string>; 464 auth-nxdomain <boolean>; // default changed 465 auto-dnssec ( allow | maintain | off ); 466 cache-file <quoted_string>; 467 catalog-zones { zone <string> [ default-masters [ port <integer> ] 468 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 469 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 470 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 471 in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... }; 472 check-dup-records ( fail | warn | ignore ); 473 check-integrity <boolean>; 474 check-mx ( fail | warn | ignore ); 475 check-mx-cname ( fail | warn | ignore ); 476 check-names ( primary | master | 477 secondary | slave | response ) ( 478 fail | warn | ignore ); // may occur multiple times 479 check-sibling <boolean>; 480 check-spf ( warn | ignore ); 481 check-srv-cname ( fail | warn | ignore ); 482 check-wildcard <boolean>; 483 cleaning-interval <integer>; 484 clients-per-query <integer>; 485 deny-answer-addresses { <address_match_element>; ... } [ 486 except-from { <string>; ... } ]; 487 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 488 } ]; 489 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 490 disable-algorithms <string> { <string>; 491 ... }; // may occur multiple times 492 disable-ds-digests <string> { <string>; 493 ... }; // may occur multiple times 494 disable-empty-zone <string>; // may occur multiple times 495 dlz <string> { 496 database <string>; 497 search <boolean>; 498 }; // may occur multiple times 499 dns64 <netprefix> { 500 break-dnssec <boolean>; 501 clients { <address_match_element>; ... }; 502 exclude { <address_match_element>; ... }; 503 mapped { <address_match_element>; ... }; 504 recursive-only <boolean>; 505 suffix <ipv6_address>; 506 }; // may occur multiple times 507 dns64-contact <string>; 508 dns64-server <string>; 509 dnskey-sig-validity <integer>; 510 dnsrps-enable <boolean>; // not configured 511 dnsrps-options { <unspecified-text> }; // not configured 512 dnssec-accept-expired <boolean>; 513 dnssec-dnskey-kskonly <boolean>; 514 dnssec-enable <boolean>; 515 dnssec-loadkeys-interval <integer>; 516 dnssec-lookaside ( <string> trust-anchor 517 <string> | auto | no ); // may occur multiple times 518 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 519 dnssec-secure-to-insecure <boolean>; 520 dnssec-update-mode ( maintain | no-resign ); 521 dnssec-validation ( yes | no | auto ); 522 dnstap { ( all | auth | client | forwarder | 523 resolver | update ) [ ( query | response ) ]; 524 ... }; // not configured 525 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 526 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 527 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 528 <integer> ] [ dscp <integer> ] ); ... }; 529 dyndb <string> <quoted_string> { 530 <unspecified-text> }; // may occur multiple times 531 edns-udp-size <integer>; 532 empty-contact <string>; 533 empty-server <string>; 534 empty-zones-enable <boolean>; 535 fetch-glue <boolean>; // obsolete 536 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 537 fetches-per-server <integer> [ ( drop | fail ) ]; 538 fetches-per-zone <integer> [ ( drop | fail ) ]; 539 filter-aaaa { <address_match_element>; ... }; // obsolete 540 filter-aaaa-on-v4 <boolean>; // obsolete 541 filter-aaaa-on-v6 <boolean>; // obsolete 542 forward ( first | only ); 543 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 544 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 545 glue-cache <boolean>; 546 inline-signing <boolean>; 547 ixfr-from-differences ( primary | master | secondary | slave | 548 <boolean> ); 549 key <string> { 550 algorithm <string>; 551 secret <string>; 552 }; // may occur multiple times 553 key-directory <quoted_string>; 554 lame-ttl <ttlval>; 555 lmdb-mapsize <sizeval>; // non-operational 556 maintain-ixfr-base <boolean>; // obsolete 557 managed-keys { <string> <string> 558 <integer> <integer> <integer> 559 <quoted_string>; ... }; // may occur multiple times 560 masterfile-format ( map | raw | text ); 561 masterfile-style ( full | relative ); 562 match-clients { <address_match_element>; ... }; 563 match-destinations { <address_match_element>; ... }; 564 match-recursive-only <boolean>; 565 max-acache-size ( unlimited | <sizeval> ); // obsolete 566 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 567 max-cache-ttl <ttlval>; 568 max-clients-per-query <integer>; 569 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 570 max-journal-size ( default | unlimited | <sizeval> ); 571 max-ncache-ttl <ttlval>; 572 max-records <integer>; 573 max-recursion-depth <integer>; 574 max-recursion-queries <integer>; 575 max-refresh-time <integer>; 576 max-retry-time <integer>; 577 max-stale-ttl <ttlval>; 578 max-transfer-idle-in <integer>; 579 max-transfer-idle-out <integer>; 580 max-transfer-time-in <integer>; 581 max-transfer-time-out <integer>; 582 max-udp-size <integer>; 583 max-zone-ttl ( unlimited | <ttlval> ); 584 message-compression <boolean>; 585 min-cache-ttl <ttlval>; 586 min-ncache-ttl <ttlval>; 587 min-refresh-time <integer>; 588 min-retry-time <integer>; 589 min-roots <integer>; // not implemented 590 minimal-any <boolean>; 591 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 592 multi-master <boolean>; 593 new-zones-directory <quoted_string>; 594 no-case-compress { <address_match_element>; ... }; 595 nocookie-udp-size <integer>; 596 nosit-udp-size <integer>; // obsolete 597 notify ( explicit | master-only | <boolean> ); 598 notify-delay <integer>; 599 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 600 dscp <integer> ]; 601 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 602 [ dscp <integer> ]; 603 notify-to-soa <boolean>; 604 nsec3-test-zone <boolean>; // test only 605 nta-lifetime <ttlval>; 606 nta-recheck <ttlval>; 607 nxdomain-redirect <string>; 608 plugin ( query ) <string> [ { 609 <unspecified-text> } ]; // may occur multiple times 610 preferred-glue <string>; 611 prefetch <integer> [ <integer> ]; 612 provide-ixfr <boolean>; 613 qname-minimization ( strict | relaxed | disabled | off ); 614 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 615 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 616 port ( <integer> | * ) ) ) [ dscp <integer> ]; 617 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 618 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 619 port ( <integer> | * ) ) ) [ dscp <integer> ]; 620 queryport-pool-ports <integer>; // obsolete 621 queryport-pool-updateinterval <integer>; // obsolete 622 rate-limit { 623 all-per-second <integer>; 624 errors-per-second <integer>; 625 exempt-clients { <address_match_element>; ... }; 626 ipv4-prefix-length <integer>; 627 ipv6-prefix-length <integer>; 628 log-only <boolean>; 629 max-table-size <integer>; 630 min-table-size <integer>; 631 nodata-per-second <integer>; 632 nxdomains-per-second <integer>; 633 qps-scale <integer>; 634 referrals-per-second <integer>; 635 responses-per-second <integer>; 636 slip <integer>; 637 window <integer>; 638 }; 639 recursion <boolean>; 640 request-expire <boolean>; 641 request-ixfr <boolean>; 642 request-nsid <boolean>; 643 request-sit <boolean>; // obsolete 644 require-server-cookie <boolean>; 645 resolver-nonbackoff-tries <integer>; 646 resolver-query-timeout <integer>; 647 resolver-retry-interval <integer>; 648 response-padding { <address_match_element>; ... } block-size 649 <integer>; 650 response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl 651 <ttlval> ] [ min-update-interval <ttlval> ] [ policy ( cname | 652 disabled | drop | given | no-op | nodata | nxdomain | passthru 653 | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ 654 nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ 655 break-dnssec <boolean> ] [ max-policy-ttl <ttlval> ] [ 656 min-update-interval <ttlval> ] [ min-ns-dots <integer> ] [ 657 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 658 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 659 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 660 dnsrps-options { <unspecified-text> } ]; 661 rfc2308-type1 <boolean>; // not yet implemented 662 root-delegation-only [ exclude { <string>; ... } ]; 663 root-key-sentinel <boolean>; 664 rrset-order { [ class <string> ] [ type <string> ] [ name 665 <quoted_string> ] <string> <string>; ... }; 666 send-cookie <boolean>; 667 serial-update-method ( date | increment | unixtime ); 668 server <netprefix> { 669 bogus <boolean>; 670 edns <boolean>; 671 edns-udp-size <integer>; 672 edns-version <integer>; 673 keys <server_key>; 674 max-udp-size <integer>; 675 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 676 ) ] [ dscp <integer> ]; 677 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 678 | * ) ] [ dscp <integer> ]; 679 padding <integer>; 680 provide-ixfr <boolean>; 681 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 682 ( <integer> | * ) ] ) | ( [ [ address ] ( 683 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 684 dscp <integer> ]; 685 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 686 port ( <integer> | * ) ] ) | ( [ [ address ] ( 687 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 688 dscp <integer> ]; 689 request-expire <boolean>; 690 request-ixfr <boolean>; 691 request-nsid <boolean>; 692 request-sit <boolean>; // obsolete 693 send-cookie <boolean>; 694 support-ixfr <boolean>; // obsolete 695 tcp-keepalive <boolean>; 696 tcp-only <boolean>; 697 transfer-format ( many-answers | one-answer ); 698 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 699 * ) ] [ dscp <integer> ]; 700 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 701 <integer> | * ) ] [ dscp <integer> ]; 702 transfers <integer>; 703 }; // may occur multiple times 704 servfail-ttl <ttlval>; 705 sig-signing-nodes <integer>; 706 sig-signing-signatures <integer>; 707 sig-signing-type <integer>; 708 sig-validity-interval <integer> [ <integer> ]; 709 sortlist { <address_match_element>; ... }; 710 stale-answer-enable <boolean>; 711 stale-answer-ttl <ttlval>; 712 suppress-initial-notify <boolean>; // not yet implemented 713 synth-from-dnssec <boolean>; 714 topology { <address_match_element>; ... }; // not implemented 715 transfer-format ( many-answers | one-answer ); 716 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 717 dscp <integer> ]; 718 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 719 ] [ dscp <integer> ]; 720 trust-anchor-telemetry <boolean>; // experimental 721 trusted-keys { <string> <integer> 722 <integer> <integer> <quoted_string>; 723 ... }; // may occur multiple times 724 try-tcp-refresh <boolean>; 725 update-check-ksk <boolean>; 726 use-alt-transfer-source <boolean>; 727 use-queryport-pool <boolean>; // obsolete 728 v6-bias <integer>; 729 validate-except { <string>; ... }; 730 zero-no-soa-ttl <boolean>; 731 zero-no-soa-ttl-cache <boolean>; 732 zone <string> [ <class> ] { 733 allow-notify { <address_match_element>; ... }; 734 allow-query { <address_match_element>; ... }; 735 allow-query-on { <address_match_element>; ... }; 736 allow-transfer { <address_match_element>; ... }; 737 allow-update { <address_match_element>; ... }; 738 allow-update-forwarding { <address_match_element>; ... }; 739 also-notify [ port <integer> ] [ dscp <integer> ] { ( 740 <masters> | <ipv4_address> [ port <integer> ] | 741 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 742 ... }; 743 alt-transfer-source ( <ipv4_address> | * ) [ port ( 744 <integer> | * ) ] [ dscp <integer> ]; 745 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 746 <integer> | * ) ] [ dscp <integer> ]; 747 auto-dnssec ( allow | maintain | off ); 748 check-dup-records ( fail | warn | ignore ); 749 check-integrity <boolean>; 750 check-mx ( fail | warn | ignore ); 751 check-mx-cname ( fail | warn | ignore ); 752 check-names ( fail | warn | ignore ); 753 check-sibling <boolean>; 754 check-spf ( warn | ignore ); 755 check-srv-cname ( fail | warn | ignore ); 756 check-wildcard <boolean>; 757 database <string>; 758 delegation-only <boolean>; 759 dialup ( notify | notify-passive | passive | refresh | 760 <boolean> ); 761 dlz <string>; 762 dnskey-sig-validity <integer>; 763 dnssec-dnskey-kskonly <boolean>; 764 dnssec-loadkeys-interval <integer>; 765 dnssec-secure-to-insecure <boolean>; 766 dnssec-update-mode ( maintain | no-resign ); 767 file <quoted_string>; 768 forward ( first | only ); 769 forwarders [ port <integer> ] [ dscp <integer> ] { ( 770 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 771 dscp <integer> ]; ... }; 772 in-view <string>; 773 inline-signing <boolean>; 774 ixfr-base <quoted_string>; // obsolete 775 ixfr-from-differences <boolean>; 776 ixfr-tmp-file <quoted_string>; // obsolete 777 journal <quoted_string>; 778 key-directory <quoted_string>; 779 maintain-ixfr-base <boolean>; // obsolete 780 masterfile-format ( map | raw | text ); 781 masterfile-style ( full | relative ); 782 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 783 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 784 port <integer> ] ) [ key <string> ]; ... }; 785 max-ixfr-log-size ( default | unlimited | 786 <sizeval> ); // obsolete 787 max-journal-size ( default | unlimited | <sizeval> ); 788 max-records <integer>; 789 max-refresh-time <integer>; 790 max-retry-time <integer>; 791 max-transfer-idle-in <integer>; 792 max-transfer-idle-out <integer>; 793 max-transfer-time-in <integer>; 794 max-transfer-time-out <integer>; 795 max-zone-ttl ( unlimited | <ttlval> ); 796 min-refresh-time <integer>; 797 min-retry-time <integer>; 798 multi-master <boolean>; 799 notify ( explicit | master-only | <boolean> ); 800 notify-delay <integer>; 801 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 802 ) ] [ dscp <integer> ]; 803 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 804 | * ) ] [ dscp <integer> ]; 805 notify-to-soa <boolean>; 806 nsec3-test-zone <boolean>; // test only 807 pubkey <integer> 808 <integer> 809 <integer> 810 <quoted_string>; // obsolete, may occur multiple times 811 request-expire <boolean>; 812 request-ixfr <boolean>; 813 serial-update-method ( date | increment | unixtime ); 814 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 815 server-names { <string>; ... }; 816 sig-signing-nodes <integer>; 817 sig-signing-signatures <integer>; 818 sig-signing-type <integer>; 819 sig-validity-interval <integer> [ <integer> ]; 820 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 821 * ) ] [ dscp <integer> ]; 822 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 823 <integer> | * ) ] [ dscp <integer> ]; 824 try-tcp-refresh <boolean>; 825 type ( primary | master | secondary | slave | mirror | 826 delegation-only | forward | hint | redirect | 827 static-stub | stub ); 828 update-check-ksk <boolean>; 829 update-policy ( local | { ( deny | grant ) <string> ( 830 6to4-self | external | krb5-self | krb5-selfsub | 831 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 832 name | self | selfsub | selfwild | subdomain | tcp-self 833 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 834 use-alt-transfer-source <boolean>; 835 zero-no-soa-ttl <boolean>; 836 zone-statistics ( full | terse | none | <boolean> ); 837 }; // may occur multiple times 838 zone-statistics ( full | terse | none | <boolean> ); 839}; // may occur multiple times 840 841zone <string> [ <class> ] { 842 allow-notify { <address_match_element>; ... }; 843 allow-query { <address_match_element>; ... }; 844 allow-query-on { <address_match_element>; ... }; 845 allow-transfer { <address_match_element>; ... }; 846 allow-update { <address_match_element>; ... }; 847 allow-update-forwarding { <address_match_element>; ... }; 848 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 849 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 850 <integer> ] ) [ key <string> ]; ... }; 851 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 852 ] [ dscp <integer> ]; 853 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 854 * ) ] [ dscp <integer> ]; 855 auto-dnssec ( allow | maintain | off ); 856 check-dup-records ( fail | warn | ignore ); 857 check-integrity <boolean>; 858 check-mx ( fail | warn | ignore ); 859 check-mx-cname ( fail | warn | ignore ); 860 check-names ( fail | warn | ignore ); 861 check-sibling <boolean>; 862 check-spf ( warn | ignore ); 863 check-srv-cname ( fail | warn | ignore ); 864 check-wildcard <boolean>; 865 database <string>; 866 delegation-only <boolean>; 867 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 868 dlz <string>; 869 dnskey-sig-validity <integer>; 870 dnssec-dnskey-kskonly <boolean>; 871 dnssec-loadkeys-interval <integer>; 872 dnssec-secure-to-insecure <boolean>; 873 dnssec-update-mode ( maintain | no-resign ); 874 file <quoted_string>; 875 forward ( first | only ); 876 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 877 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 878 in-view <string>; 879 inline-signing <boolean>; 880 ixfr-base <quoted_string>; // obsolete 881 ixfr-from-differences <boolean>; 882 ixfr-tmp-file <quoted_string>; // obsolete 883 journal <quoted_string>; 884 key-directory <quoted_string>; 885 maintain-ixfr-base <boolean>; // obsolete 886 masterfile-format ( map | raw | text ); 887 masterfile-style ( full | relative ); 888 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 889 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 890 <integer> ] ) [ key <string> ]; ... }; 891 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 892 max-journal-size ( default | unlimited | <sizeval> ); 893 max-records <integer>; 894 max-refresh-time <integer>; 895 max-retry-time <integer>; 896 max-transfer-idle-in <integer>; 897 max-transfer-idle-out <integer>; 898 max-transfer-time-in <integer>; 899 max-transfer-time-out <integer>; 900 max-zone-ttl ( unlimited | <ttlval> ); 901 min-refresh-time <integer>; 902 min-retry-time <integer>; 903 multi-master <boolean>; 904 notify ( explicit | master-only | <boolean> ); 905 notify-delay <integer>; 906 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 907 dscp <integer> ]; 908 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 909 [ dscp <integer> ]; 910 notify-to-soa <boolean>; 911 nsec3-test-zone <boolean>; // test only 912 pubkey <integer> <integer> 913 <integer> <quoted_string>; // obsolete, may occur multiple times 914 request-expire <boolean>; 915 request-ixfr <boolean>; 916 serial-update-method ( date | increment | unixtime ); 917 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 918 server-names { <string>; ... }; 919 sig-signing-nodes <integer>; 920 sig-signing-signatures <integer>; 921 sig-signing-type <integer>; 922 sig-validity-interval <integer> [ <integer> ]; 923 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 924 dscp <integer> ]; 925 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 926 ] [ dscp <integer> ]; 927 try-tcp-refresh <boolean>; 928 type ( primary | master | secondary | slave | mirror | 929 delegation-only | forward | hint | redirect | static-stub | 930 stub ); 931 update-check-ksk <boolean>; 932 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 933 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 934 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 935 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 936 <rrtypelist>; ... }; 937 use-alt-transfer-source <boolean>; 938 zero-no-soa-ttl <boolean>; 939 zone-statistics ( full | terse | none | <boolean> ); 940}; // may occur multiple times 941 942