options revision 1.1.1.5
1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dyndb <string> <quoted_string> { 25 <unspecified-text> }; // may occur multiple times 26 27key <string> { 28 algorithm <string>; 29 secret <string>; 30}; // may occur multiple times 31 32logging { 33 category <string> { <string>; ... }; // may occur multiple times 34 channel <string> { 35 buffered <boolean>; 36 file <quoted_string> [ versions ( unlimited | <integer> ) ] 37 [ size <size> ] [ suffix ( increment | timestamp ) ]; 38 null; 39 print-category <boolean>; 40 print-severity <boolean>; 41 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 42 severity <log_severity>; 43 stderr; 44 syslog [ <syslog_facility> ]; 45 }; // may occur multiple times 46}; 47 48lwres { <unspecified-text> }; // obsolete, may occur multiple times 49 50managed-keys { <string> <string> <integer> 51 <integer> <integer> <quoted_string>; ... }; // may occur multiple times 52 53masters <string> [ port <integer> ] [ dscp 54 <integer> ] { ( <masters> | <ipv4_address> [ 55 port <integer> ] | <ipv6_address> [ port 56 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 57 58options { 59 acache-cleaning-interval <integer>; // obsolete 60 acache-enable <boolean>; // obsolete 61 additional-from-auth <boolean>; // obsolete 62 additional-from-cache <boolean>; // obsolete 63 allow-new-zones <boolean>; 64 allow-notify { <address_match_element>; ... }; 65 allow-query { <address_match_element>; ... }; 66 allow-query-cache { <address_match_element>; ... }; 67 allow-query-cache-on { <address_match_element>; ... }; 68 allow-query-on { <address_match_element>; ... }; 69 allow-recursion { <address_match_element>; ... }; 70 allow-recursion-on { <address_match_element>; ... }; 71 allow-transfer { <address_match_element>; ... }; 72 allow-update { <address_match_element>; ... }; 73 allow-update-forwarding { <address_match_element>; ... }; 74 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 75 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 76 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 77 <integer> ] ) [ key <string> ]; ... }; 78 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 79 ] [ dscp <integer> ]; 80 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 81 * ) ] [ dscp <integer> ]; 82 answer-cookie <boolean>; 83 attach-cache <string>; 84 auth-nxdomain <boolean>; // default changed 85 auto-dnssec ( allow | maintain | off ); 86 automatic-interface-scan <boolean>; 87 avoid-v4-udp-ports { <portrange>; ... }; 88 avoid-v6-udp-ports { <portrange>; ... }; 89 bindkeys-file <quoted_string>; 90 blackhole { <address_match_element>; ... }; 91 cache-file <quoted_string>; 92 catalog-zones { zone <string> [ default-masters [ port <integer> ] 93 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 94 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 95 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 96 in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... }; 97 check-dup-records ( fail | warn | ignore ); 98 check-integrity <boolean>; 99 check-mx ( fail | warn | ignore ); 100 check-mx-cname ( fail | warn | ignore ); 101 check-names ( primary | master | 102 secondary | slave | response ) ( 103 fail | warn | ignore ); // may occur multiple times 104 check-sibling <boolean>; 105 check-spf ( warn | ignore ); 106 check-srv-cname ( fail | warn | ignore ); 107 check-wildcard <boolean>; 108 cleaning-interval <integer>; 109 clients-per-query <integer>; 110 cookie-algorithm ( aes | sha1 | sha256 | siphash24 ); 111 cookie-secret <string>; // may occur multiple times 112 coresize ( default | unlimited | <sizeval> ); 113 datasize ( default | unlimited | <sizeval> ); 114 deallocate-on-exit <boolean>; // ancient 115 deny-answer-addresses { <address_match_element>; ... } [ 116 except-from { <string>; ... } ]; 117 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 118 } ]; 119 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 120 directory <quoted_string>; 121 disable-algorithms <string> { <string>; 122 ... }; // may occur multiple times 123 disable-ds-digests <string> { <string>; 124 ... }; // may occur multiple times 125 disable-empty-zone <string>; // may occur multiple times 126 dns64 <netprefix> { 127 break-dnssec <boolean>; 128 clients { <address_match_element>; ... }; 129 exclude { <address_match_element>; ... }; 130 mapped { <address_match_element>; ... }; 131 recursive-only <boolean>; 132 suffix <ipv6_address>; 133 }; // may occur multiple times 134 dns64-contact <string>; 135 dns64-server <string>; 136 dnskey-sig-validity <integer>; 137 dnsrps-enable <boolean>; // not configured 138 dnsrps-options { <unspecified-text> }; // not configured 139 dnssec-accept-expired <boolean>; 140 dnssec-dnskey-kskonly <boolean>; 141 dnssec-enable <boolean>; 142 dnssec-loadkeys-interval <integer>; 143 dnssec-lookaside ( <string> trust-anchor 144 <string> | auto | no ); // may occur multiple times 145 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 146 dnssec-secure-to-insecure <boolean>; 147 dnssec-update-mode ( maintain | no-resign ); 148 dnssec-validation ( yes | no | auto ); 149 dnstap { ( all | auth | client | forwarder | 150 resolver | update ) [ ( query | response ) ]; 151 ... }; // not configured 152 dnstap-identity ( <quoted_string> | none | 153 hostname ); // not configured 154 dnstap-output ( file | unix ) <quoted_string> [ 155 size ( unlimited | <size> ) ] [ versions ( 156 unlimited | <integer> ) ] [ suffix ( increment 157 | timestamp ) ]; // not configured 158 dnstap-version ( <quoted_string> | none ); // not configured 159 dscp <integer>; 160 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 161 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 162 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 163 <integer> ] [ dscp <integer> ] ); ... }; 164 dump-file <quoted_string>; 165 edns-udp-size <integer>; 166 empty-contact <string>; 167 empty-server <string>; 168 empty-zones-enable <boolean>; 169 fake-iquery <boolean>; // ancient 170 fetch-glue <boolean>; // ancient 171 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 172 fetches-per-server <integer> [ ( drop | fail ) ]; 173 fetches-per-zone <integer> [ ( drop | fail ) ]; 174 files ( default | unlimited | <sizeval> ); 175 filter-aaaa { <address_match_element>; ... }; // obsolete 176 filter-aaaa-on-v4 <boolean>; // obsolete 177 filter-aaaa-on-v6 <boolean>; // obsolete 178 flush-zones-on-shutdown <boolean>; 179 forward ( first | only ); 180 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 181 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 182 fstrm-set-buffer-hint <integer>; // not configured 183 fstrm-set-flush-timeout <integer>; // not configured 184 fstrm-set-input-queue-size <integer>; // not configured 185 fstrm-set-output-notify-threshold <integer>; // not configured 186 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 187 fstrm-set-output-queue-size <integer>; // not configured 188 fstrm-set-reopen-interval <ttlval>; // not configured 189 geoip-directory ( <quoted_string> | none ); // not configured 190 geoip-use-ecs <boolean>; // obsolete 191 glue-cache <boolean>; 192 has-old-clients <boolean>; // ancient 193 heartbeat-interval <integer>; 194 host-statistics <boolean>; // ancient 195 host-statistics-max <integer>; // ancient 196 hostname ( <quoted_string> | none ); 197 inline-signing <boolean>; 198 interface-interval <ttlval>; 199 ixfr-from-differences ( primary | master | secondary | slave | 200 <boolean> ); 201 keep-response-order { <address_match_element>; ... }; 202 key-directory <quoted_string>; 203 lame-ttl <ttlval>; 204 listen-on [ port <integer> ] [ dscp 205 <integer> ] { 206 <address_match_element>; ... }; // may occur multiple times 207 listen-on-v6 [ port <integer> ] [ dscp 208 <integer> ] { 209 <address_match_element>; ... }; // may occur multiple times 210 lmdb-mapsize <sizeval>; // non-operational 211 lock-file ( <quoted_string> | none ); 212 maintain-ixfr-base <boolean>; // ancient 213 managed-keys-directory <quoted_string>; 214 masterfile-format ( map | raw | text ); 215 masterfile-style ( full | relative ); 216 match-mapped-addresses <boolean>; 217 max-acache-size ( unlimited | <sizeval> ); // obsolete 218 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 219 max-cache-ttl <ttlval>; 220 max-clients-per-query <integer>; 221 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 222 max-journal-size ( default | unlimited | <sizeval> ); 223 max-ncache-ttl <ttlval>; 224 max-records <integer>; 225 max-recursion-depth <integer>; 226 max-recursion-queries <integer>; 227 max-refresh-time <integer>; 228 max-retry-time <integer>; 229 max-rsa-exponent-size <integer>; 230 max-stale-ttl <ttlval>; 231 max-transfer-idle-in <integer>; 232 max-transfer-idle-out <integer>; 233 max-transfer-time-in <integer>; 234 max-transfer-time-out <integer>; 235 max-udp-size <integer>; 236 max-zone-ttl ( unlimited | <ttlval> ); 237 memstatistics <boolean>; 238 memstatistics-file <quoted_string>; 239 message-compression <boolean>; 240 min-cache-ttl <ttlval>; 241 min-ncache-ttl <ttlval>; 242 min-refresh-time <integer>; 243 min-retry-time <integer>; 244 min-roots <integer>; // ancient 245 minimal-any <boolean>; 246 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 247 multi-master <boolean>; 248 multiple-cnames <boolean>; // ancient 249 named-xfer <quoted_string>; // ancient 250 new-zones-directory <quoted_string>; 251 no-case-compress { <address_match_element>; ... }; 252 nocookie-udp-size <integer>; 253 nosit-udp-size <integer>; // obsolete 254 notify ( explicit | master-only | <boolean> ); 255 notify-delay <integer>; 256 notify-rate <integer>; 257 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 258 dscp <integer> ]; 259 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 260 [ dscp <integer> ]; 261 notify-to-soa <boolean>; 262 nsec3-test-zone <boolean>; // test only 263 nta-lifetime <ttlval>; 264 nta-recheck <ttlval>; 265 nxdomain-redirect <string>; 266 pid-file ( <quoted_string> | none ); 267 port <integer>; 268 preferred-glue <string>; 269 prefetch <integer> [ <integer> ]; 270 provide-ixfr <boolean>; 271 qname-minimization ( strict | relaxed | disabled | off ); 272 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 273 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 274 port ( <integer> | * ) ) ) [ dscp <integer> ]; 275 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 276 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 277 port ( <integer> | * ) ) ) [ dscp <integer> ]; 278 querylog <boolean>; 279 queryport-pool-ports <integer>; // obsolete 280 queryport-pool-updateinterval <integer>; // obsolete 281 random-device ( <quoted_string> | none ); 282 rate-limit { 283 all-per-second <integer>; 284 errors-per-second <integer>; 285 exempt-clients { <address_match_element>; ... }; 286 ipv4-prefix-length <integer>; 287 ipv6-prefix-length <integer>; 288 log-only <boolean>; 289 max-table-size <integer>; 290 min-table-size <integer>; 291 nodata-per-second <integer>; 292 nxdomains-per-second <integer>; 293 qps-scale <integer>; 294 referrals-per-second <integer>; 295 responses-per-second <integer>; 296 slip <integer>; 297 window <integer>; 298 }; 299 recursing-file <quoted_string>; 300 recursion <boolean>; 301 recursive-clients <integer>; 302 request-expire <boolean>; 303 request-ixfr <boolean>; 304 request-nsid <boolean>; 305 request-sit <boolean>; // obsolete 306 require-server-cookie <boolean>; 307 reserved-sockets <integer>; 308 resolver-nonbackoff-tries <integer>; 309 resolver-query-timeout <integer>; 310 resolver-retry-interval <integer>; 311 response-padding { <address_match_element>; ... } block-size 312 <integer>; 313 response-policy { zone <string> [ add-soa <boolean> ] [ log 314 <boolean> ] [ max-policy-ttl <ttlval> ] [ min-update-interval 315 <ttlval> ] [ policy ( cname | disabled | drop | given | no-op | 316 nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 317 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 318 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 319 break-dnssec <boolean> ] [ max-policy-ttl <ttlval> ] [ 320 min-update-interval <ttlval> ] [ min-ns-dots <integer> ] [ 321 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 322 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 323 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 324 dnsrps-options { <unspecified-text> } ]; 325 rfc2308-type1 <boolean>; // ancient 326 root-delegation-only [ exclude { <string>; ... } ]; 327 root-key-sentinel <boolean>; 328 rrset-order { [ class <string> ] [ type <string> ] [ name 329 <quoted_string> ] <string> <string>; ... }; 330 secroots-file <quoted_string>; 331 send-cookie <boolean>; 332 serial-queries <integer>; // ancient 333 serial-query-rate <integer>; 334 serial-update-method ( date | increment | unixtime ); 335 server-id ( <quoted_string> | none | hostname ); 336 servfail-ttl <ttlval>; 337 session-keyalg <string>; 338 session-keyfile ( <quoted_string> | none ); 339 session-keyname <string>; 340 sig-signing-nodes <integer>; 341 sig-signing-signatures <integer>; 342 sig-signing-type <integer>; 343 sig-validity-interval <integer> [ <integer> ]; 344 sit-secret <string>; // obsolete 345 sortlist { <address_match_element>; ... }; 346 stacksize ( default | unlimited | <sizeval> ); 347 stale-answer-enable <boolean>; 348 stale-answer-ttl <ttlval>; 349 startup-notify-rate <integer>; 350 statistics-file <quoted_string>; 351 statistics-interval <integer>; // ancient 352 suppress-initial-notify <boolean>; // not yet implemented 353 synth-from-dnssec <boolean>; 354 tcp-advertised-timeout <integer>; 355 tcp-clients <integer>; 356 tcp-idle-timeout <integer>; 357 tcp-initial-timeout <integer>; 358 tcp-keepalive-timeout <integer>; 359 tcp-listen-queue <integer>; 360 tkey-dhkey <quoted_string> <integer>; 361 tkey-domain <quoted_string>; 362 tkey-gssapi-credential <quoted_string>; 363 tkey-gssapi-keytab <quoted_string>; 364 topology { <address_match_element>; ... }; // ancient 365 transfer-format ( many-answers | one-answer ); 366 transfer-message-size <integer>; 367 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 368 dscp <integer> ]; 369 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 370 ] [ dscp <integer> ]; 371 transfers-in <integer>; 372 transfers-out <integer>; 373 transfers-per-ns <integer>; 374 treat-cr-as-space <boolean>; // ancient 375 trust-anchor-telemetry <boolean>; // experimental 376 try-tcp-refresh <boolean>; 377 update-check-ksk <boolean>; 378 use-alt-transfer-source <boolean>; 379 use-id-pool <boolean>; // ancient 380 use-ixfr <boolean>; // obsolete 381 use-queryport-pool <boolean>; // obsolete 382 use-v4-udp-ports { <portrange>; ... }; 383 use-v6-udp-ports { <portrange>; ... }; 384 v6-bias <integer>; 385 validate-except { <string>; ... }; 386 version ( <quoted_string> | none ); 387 zero-no-soa-ttl <boolean>; 388 zero-no-soa-ttl-cache <boolean>; 389 zone-statistics ( full | terse | none | <boolean> ); 390}; 391 392plugin ( query ) <string> [ { <unspecified-text> 393 } ]; // may occur multiple times 394 395server <netprefix> { 396 bogus <boolean>; 397 edns <boolean>; 398 edns-udp-size <integer>; 399 edns-version <integer>; 400 keys <server_key>; 401 max-udp-size <integer>; 402 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 403 dscp <integer> ]; 404 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 405 [ dscp <integer> ]; 406 padding <integer>; 407 provide-ixfr <boolean>; 408 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 409 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 410 port ( <integer> | * ) ) ) [ dscp <integer> ]; 411 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 412 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 413 port ( <integer> | * ) ) ) [ dscp <integer> ]; 414 request-expire <boolean>; 415 request-ixfr <boolean>; 416 request-nsid <boolean>; 417 request-sit <boolean>; // obsolete 418 send-cookie <boolean>; 419 support-ixfr <boolean>; // obsolete 420 tcp-keepalive <boolean>; 421 tcp-only <boolean>; 422 transfer-format ( many-answers | one-answer ); 423 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 424 dscp <integer> ]; 425 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 426 ] [ dscp <integer> ]; 427 transfers <integer>; 428}; // may occur multiple times 429 430statistics-channels { 431 inet ( <ipv4_address> | <ipv6_address> | 432 * ) [ port ( <integer> | * ) ] [ 433 allow { <address_match_element>; ... 434 } ]; // may occur multiple times 435}; // may occur multiple times 436 437trusted-keys { <string> <integer> <integer> 438 <integer> <quoted_string>; ... }; // may occur multiple times 439 440view <string> [ <class> ] { 441 acache-cleaning-interval <integer>; // obsolete 442 acache-enable <boolean>; // obsolete 443 additional-from-auth <boolean>; // obsolete 444 additional-from-cache <boolean>; // obsolete 445 allow-new-zones <boolean>; 446 allow-notify { <address_match_element>; ... }; 447 allow-query { <address_match_element>; ... }; 448 allow-query-cache { <address_match_element>; ... }; 449 allow-query-cache-on { <address_match_element>; ... }; 450 allow-query-on { <address_match_element>; ... }; 451 allow-recursion { <address_match_element>; ... }; 452 allow-recursion-on { <address_match_element>; ... }; 453 allow-transfer { <address_match_element>; ... }; 454 allow-update { <address_match_element>; ... }; 455 allow-update-forwarding { <address_match_element>; ... }; 456 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 457 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 458 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 459 <integer> ] ) [ key <string> ]; ... }; 460 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 461 ] [ dscp <integer> ]; 462 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 463 * ) ] [ dscp <integer> ]; 464 attach-cache <string>; 465 auth-nxdomain <boolean>; // default changed 466 auto-dnssec ( allow | maintain | off ); 467 cache-file <quoted_string>; 468 catalog-zones { zone <string> [ default-masters [ port <integer> ] 469 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 470 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 471 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 472 in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... }; 473 check-dup-records ( fail | warn | ignore ); 474 check-integrity <boolean>; 475 check-mx ( fail | warn | ignore ); 476 check-mx-cname ( fail | warn | ignore ); 477 check-names ( primary | master | 478 secondary | slave | response ) ( 479 fail | warn | ignore ); // may occur multiple times 480 check-sibling <boolean>; 481 check-spf ( warn | ignore ); 482 check-srv-cname ( fail | warn | ignore ); 483 check-wildcard <boolean>; 484 cleaning-interval <integer>; 485 clients-per-query <integer>; 486 deny-answer-addresses { <address_match_element>; ... } [ 487 except-from { <string>; ... } ]; 488 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 489 } ]; 490 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 491 disable-algorithms <string> { <string>; 492 ... }; // may occur multiple times 493 disable-ds-digests <string> { <string>; 494 ... }; // may occur multiple times 495 disable-empty-zone <string>; // may occur multiple times 496 dlz <string> { 497 database <string>; 498 search <boolean>; 499 }; // may occur multiple times 500 dns64 <netprefix> { 501 break-dnssec <boolean>; 502 clients { <address_match_element>; ... }; 503 exclude { <address_match_element>; ... }; 504 mapped { <address_match_element>; ... }; 505 recursive-only <boolean>; 506 suffix <ipv6_address>; 507 }; // may occur multiple times 508 dns64-contact <string>; 509 dns64-server <string>; 510 dnskey-sig-validity <integer>; 511 dnsrps-enable <boolean>; // not configured 512 dnsrps-options { <unspecified-text> }; // not configured 513 dnssec-accept-expired <boolean>; 514 dnssec-dnskey-kskonly <boolean>; 515 dnssec-enable <boolean>; 516 dnssec-loadkeys-interval <integer>; 517 dnssec-lookaside ( <string> trust-anchor 518 <string> | auto | no ); // may occur multiple times 519 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 520 dnssec-secure-to-insecure <boolean>; 521 dnssec-update-mode ( maintain | no-resign ); 522 dnssec-validation ( yes | no | auto ); 523 dnstap { ( all | auth | client | forwarder | 524 resolver | update ) [ ( query | response ) ]; 525 ... }; // not configured 526 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 527 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 528 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 529 <integer> ] [ dscp <integer> ] ); ... }; 530 dyndb <string> <quoted_string> { 531 <unspecified-text> }; // may occur multiple times 532 edns-udp-size <integer>; 533 empty-contact <string>; 534 empty-server <string>; 535 empty-zones-enable <boolean>; 536 fetch-glue <boolean>; // ancient 537 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 538 fetches-per-server <integer> [ ( drop | fail ) ]; 539 fetches-per-zone <integer> [ ( drop | fail ) ]; 540 filter-aaaa { <address_match_element>; ... }; // obsolete 541 filter-aaaa-on-v4 <boolean>; // obsolete 542 filter-aaaa-on-v6 <boolean>; // obsolete 543 forward ( first | only ); 544 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 545 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 546 glue-cache <boolean>; 547 inline-signing <boolean>; 548 ixfr-from-differences ( primary | master | secondary | slave | 549 <boolean> ); 550 key <string> { 551 algorithm <string>; 552 secret <string>; 553 }; // may occur multiple times 554 key-directory <quoted_string>; 555 lame-ttl <ttlval>; 556 lmdb-mapsize <sizeval>; // non-operational 557 maintain-ixfr-base <boolean>; // ancient 558 managed-keys { <string> <string> 559 <integer> <integer> <integer> 560 <quoted_string>; ... }; // may occur multiple times 561 masterfile-format ( map | raw | text ); 562 masterfile-style ( full | relative ); 563 match-clients { <address_match_element>; ... }; 564 match-destinations { <address_match_element>; ... }; 565 match-recursive-only <boolean>; 566 max-acache-size ( unlimited | <sizeval> ); // obsolete 567 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 568 max-cache-ttl <ttlval>; 569 max-clients-per-query <integer>; 570 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 571 max-journal-size ( default | unlimited | <sizeval> ); 572 max-ncache-ttl <ttlval>; 573 max-records <integer>; 574 max-recursion-depth <integer>; 575 max-recursion-queries <integer>; 576 max-refresh-time <integer>; 577 max-retry-time <integer>; 578 max-stale-ttl <ttlval>; 579 max-transfer-idle-in <integer>; 580 max-transfer-idle-out <integer>; 581 max-transfer-time-in <integer>; 582 max-transfer-time-out <integer>; 583 max-udp-size <integer>; 584 max-zone-ttl ( unlimited | <ttlval> ); 585 message-compression <boolean>; 586 min-cache-ttl <ttlval>; 587 min-ncache-ttl <ttlval>; 588 min-refresh-time <integer>; 589 min-retry-time <integer>; 590 min-roots <integer>; // ancient 591 minimal-any <boolean>; 592 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 593 multi-master <boolean>; 594 new-zones-directory <quoted_string>; 595 no-case-compress { <address_match_element>; ... }; 596 nocookie-udp-size <integer>; 597 nosit-udp-size <integer>; // obsolete 598 notify ( explicit | master-only | <boolean> ); 599 notify-delay <integer>; 600 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 601 dscp <integer> ]; 602 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 603 [ dscp <integer> ]; 604 notify-to-soa <boolean>; 605 nsec3-test-zone <boolean>; // test only 606 nta-lifetime <ttlval>; 607 nta-recheck <ttlval>; 608 nxdomain-redirect <string>; 609 plugin ( query ) <string> [ { 610 <unspecified-text> } ]; // may occur multiple times 611 preferred-glue <string>; 612 prefetch <integer> [ <integer> ]; 613 provide-ixfr <boolean>; 614 qname-minimization ( strict | relaxed | disabled | off ); 615 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 616 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 617 port ( <integer> | * ) ) ) [ dscp <integer> ]; 618 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 619 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 620 port ( <integer> | * ) ) ) [ dscp <integer> ]; 621 queryport-pool-ports <integer>; // obsolete 622 queryport-pool-updateinterval <integer>; // obsolete 623 rate-limit { 624 all-per-second <integer>; 625 errors-per-second <integer>; 626 exempt-clients { <address_match_element>; ... }; 627 ipv4-prefix-length <integer>; 628 ipv6-prefix-length <integer>; 629 log-only <boolean>; 630 max-table-size <integer>; 631 min-table-size <integer>; 632 nodata-per-second <integer>; 633 nxdomains-per-second <integer>; 634 qps-scale <integer>; 635 referrals-per-second <integer>; 636 responses-per-second <integer>; 637 slip <integer>; 638 window <integer>; 639 }; 640 recursion <boolean>; 641 request-expire <boolean>; 642 request-ixfr <boolean>; 643 request-nsid <boolean>; 644 request-sit <boolean>; // obsolete 645 require-server-cookie <boolean>; 646 resolver-nonbackoff-tries <integer>; 647 resolver-query-timeout <integer>; 648 resolver-retry-interval <integer>; 649 response-padding { <address_match_element>; ... } block-size 650 <integer>; 651 response-policy { zone <string> [ add-soa <boolean> ] [ log 652 <boolean> ] [ max-policy-ttl <ttlval> ] [ min-update-interval 653 <ttlval> ] [ policy ( cname | disabled | drop | given | no-op | 654 nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 655 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 656 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 657 break-dnssec <boolean> ] [ max-policy-ttl <ttlval> ] [ 658 min-update-interval <ttlval> ] [ min-ns-dots <integer> ] [ 659 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 660 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 661 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 662 dnsrps-options { <unspecified-text> } ]; 663 rfc2308-type1 <boolean>; // ancient 664 root-delegation-only [ exclude { <string>; ... } ]; 665 root-key-sentinel <boolean>; 666 rrset-order { [ class <string> ] [ type <string> ] [ name 667 <quoted_string> ] <string> <string>; ... }; 668 send-cookie <boolean>; 669 serial-update-method ( date | increment | unixtime ); 670 server <netprefix> { 671 bogus <boolean>; 672 edns <boolean>; 673 edns-udp-size <integer>; 674 edns-version <integer>; 675 keys <server_key>; 676 max-udp-size <integer>; 677 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 678 ) ] [ dscp <integer> ]; 679 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 680 | * ) ] [ dscp <integer> ]; 681 padding <integer>; 682 provide-ixfr <boolean>; 683 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 684 ( <integer> | * ) ] ) | ( [ [ address ] ( 685 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 686 dscp <integer> ]; 687 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 688 port ( <integer> | * ) ] ) | ( [ [ address ] ( 689 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 690 dscp <integer> ]; 691 request-expire <boolean>; 692 request-ixfr <boolean>; 693 request-nsid <boolean>; 694 request-sit <boolean>; // obsolete 695 send-cookie <boolean>; 696 support-ixfr <boolean>; // obsolete 697 tcp-keepalive <boolean>; 698 tcp-only <boolean>; 699 transfer-format ( many-answers | one-answer ); 700 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 701 * ) ] [ dscp <integer> ]; 702 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 703 <integer> | * ) ] [ dscp <integer> ]; 704 transfers <integer>; 705 }; // may occur multiple times 706 servfail-ttl <ttlval>; 707 sig-signing-nodes <integer>; 708 sig-signing-signatures <integer>; 709 sig-signing-type <integer>; 710 sig-validity-interval <integer> [ <integer> ]; 711 sortlist { <address_match_element>; ... }; 712 stale-answer-enable <boolean>; 713 stale-answer-ttl <ttlval>; 714 suppress-initial-notify <boolean>; // not yet implemented 715 synth-from-dnssec <boolean>; 716 topology { <address_match_element>; ... }; // ancient 717 transfer-format ( many-answers | one-answer ); 718 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 719 dscp <integer> ]; 720 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 721 ] [ dscp <integer> ]; 722 trust-anchor-telemetry <boolean>; // experimental 723 trusted-keys { <string> <integer> 724 <integer> <integer> <quoted_string>; 725 ... }; // may occur multiple times 726 try-tcp-refresh <boolean>; 727 update-check-ksk <boolean>; 728 use-alt-transfer-source <boolean>; 729 use-queryport-pool <boolean>; // obsolete 730 v6-bias <integer>; 731 validate-except { <string>; ... }; 732 zero-no-soa-ttl <boolean>; 733 zero-no-soa-ttl-cache <boolean>; 734 zone <string> [ <class> ] { 735 allow-notify { <address_match_element>; ... }; 736 allow-query { <address_match_element>; ... }; 737 allow-query-on { <address_match_element>; ... }; 738 allow-transfer { <address_match_element>; ... }; 739 allow-update { <address_match_element>; ... }; 740 allow-update-forwarding { <address_match_element>; ... }; 741 also-notify [ port <integer> ] [ dscp <integer> ] { ( 742 <masters> | <ipv4_address> [ port <integer> ] | 743 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 744 ... }; 745 alt-transfer-source ( <ipv4_address> | * ) [ port ( 746 <integer> | * ) ] [ dscp <integer> ]; 747 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 748 <integer> | * ) ] [ dscp <integer> ]; 749 auto-dnssec ( allow | maintain | off ); 750 check-dup-records ( fail | warn | ignore ); 751 check-integrity <boolean>; 752 check-mx ( fail | warn | ignore ); 753 check-mx-cname ( fail | warn | ignore ); 754 check-names ( fail | warn | ignore ); 755 check-sibling <boolean>; 756 check-spf ( warn | ignore ); 757 check-srv-cname ( fail | warn | ignore ); 758 check-wildcard <boolean>; 759 database <string>; 760 delegation-only <boolean>; 761 dialup ( notify | notify-passive | passive | refresh | 762 <boolean> ); 763 dlz <string>; 764 dnskey-sig-validity <integer>; 765 dnssec-dnskey-kskonly <boolean>; 766 dnssec-loadkeys-interval <integer>; 767 dnssec-secure-to-insecure <boolean>; 768 dnssec-update-mode ( maintain | no-resign ); 769 file <quoted_string>; 770 forward ( first | only ); 771 forwarders [ port <integer> ] [ dscp <integer> ] { ( 772 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 773 dscp <integer> ]; ... }; 774 in-view <string>; 775 inline-signing <boolean>; 776 ixfr-base <quoted_string>; // ancient 777 ixfr-from-differences <boolean>; 778 ixfr-tmp-file <quoted_string>; // ancient 779 journal <quoted_string>; 780 key-directory <quoted_string>; 781 maintain-ixfr-base <boolean>; // ancient 782 masterfile-format ( map | raw | text ); 783 masterfile-style ( full | relative ); 784 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 785 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 786 port <integer> ] ) [ key <string> ]; ... }; 787 max-ixfr-log-size ( default | unlimited | 788 <sizeval> ); // ancient 789 max-journal-size ( default | unlimited | <sizeval> ); 790 max-records <integer>; 791 max-refresh-time <integer>; 792 max-retry-time <integer>; 793 max-transfer-idle-in <integer>; 794 max-transfer-idle-out <integer>; 795 max-transfer-time-in <integer>; 796 max-transfer-time-out <integer>; 797 max-zone-ttl ( unlimited | <ttlval> ); 798 min-refresh-time <integer>; 799 min-retry-time <integer>; 800 multi-master <boolean>; 801 notify ( explicit | master-only | <boolean> ); 802 notify-delay <integer>; 803 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 804 ) ] [ dscp <integer> ]; 805 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 806 | * ) ] [ dscp <integer> ]; 807 notify-to-soa <boolean>; 808 nsec3-test-zone <boolean>; // test only 809 pubkey <integer> <integer> <integer> 810 <quoted_string>; // ancient 811 request-expire <boolean>; 812 request-ixfr <boolean>; 813 serial-update-method ( date | increment | unixtime ); 814 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 815 server-names { <string>; ... }; 816 sig-signing-nodes <integer>; 817 sig-signing-signatures <integer>; 818 sig-signing-type <integer>; 819 sig-validity-interval <integer> [ <integer> ]; 820 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 821 * ) ] [ dscp <integer> ]; 822 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 823 <integer> | * ) ] [ dscp <integer> ]; 824 try-tcp-refresh <boolean>; 825 type ( primary | master | secondary | slave | mirror | 826 delegation-only | forward | hint | redirect | 827 static-stub | stub ); 828 update-check-ksk <boolean>; 829 update-policy ( local | { ( deny | grant ) <string> ( 830 6to4-self | external | krb5-self | krb5-selfsub | 831 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 832 name | self | selfsub | selfwild | subdomain | tcp-self 833 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 834 use-alt-transfer-source <boolean>; 835 zero-no-soa-ttl <boolean>; 836 zone-statistics ( full | terse | none | <boolean> ); 837 }; // may occur multiple times 838 zone-statistics ( full | terse | none | <boolean> ); 839}; // may occur multiple times 840 841zone <string> [ <class> ] { 842 allow-notify { <address_match_element>; ... }; 843 allow-query { <address_match_element>; ... }; 844 allow-query-on { <address_match_element>; ... }; 845 allow-transfer { <address_match_element>; ... }; 846 allow-update { <address_match_element>; ... }; 847 allow-update-forwarding { <address_match_element>; ... }; 848 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 849 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 850 <integer> ] ) [ key <string> ]; ... }; 851 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 852 ] [ dscp <integer> ]; 853 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 854 * ) ] [ dscp <integer> ]; 855 auto-dnssec ( allow | maintain | off ); 856 check-dup-records ( fail | warn | ignore ); 857 check-integrity <boolean>; 858 check-mx ( fail | warn | ignore ); 859 check-mx-cname ( fail | warn | ignore ); 860 check-names ( fail | warn | ignore ); 861 check-sibling <boolean>; 862 check-spf ( warn | ignore ); 863 check-srv-cname ( fail | warn | ignore ); 864 check-wildcard <boolean>; 865 database <string>; 866 delegation-only <boolean>; 867 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 868 dlz <string>; 869 dnskey-sig-validity <integer>; 870 dnssec-dnskey-kskonly <boolean>; 871 dnssec-loadkeys-interval <integer>; 872 dnssec-secure-to-insecure <boolean>; 873 dnssec-update-mode ( maintain | no-resign ); 874 file <quoted_string>; 875 forward ( first | only ); 876 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 877 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 878 in-view <string>; 879 inline-signing <boolean>; 880 ixfr-base <quoted_string>; // ancient 881 ixfr-from-differences <boolean>; 882 ixfr-tmp-file <quoted_string>; // ancient 883 journal <quoted_string>; 884 key-directory <quoted_string>; 885 maintain-ixfr-base <boolean>; // ancient 886 masterfile-format ( map | raw | text ); 887 masterfile-style ( full | relative ); 888 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 889 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 890 <integer> ] ) [ key <string> ]; ... }; 891 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 892 max-journal-size ( default | unlimited | <sizeval> ); 893 max-records <integer>; 894 max-refresh-time <integer>; 895 max-retry-time <integer>; 896 max-transfer-idle-in <integer>; 897 max-transfer-idle-out <integer>; 898 max-transfer-time-in <integer>; 899 max-transfer-time-out <integer>; 900 max-zone-ttl ( unlimited | <ttlval> ); 901 min-refresh-time <integer>; 902 min-retry-time <integer>; 903 multi-master <boolean>; 904 notify ( explicit | master-only | <boolean> ); 905 notify-delay <integer>; 906 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 907 dscp <integer> ]; 908 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 909 [ dscp <integer> ]; 910 notify-to-soa <boolean>; 911 nsec3-test-zone <boolean>; // test only 912 pubkey <integer> <integer> <integer> <quoted_string>; // ancient 913 request-expire <boolean>; 914 request-ixfr <boolean>; 915 serial-update-method ( date | increment | unixtime ); 916 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 917 server-names { <string>; ... }; 918 sig-signing-nodes <integer>; 919 sig-signing-signatures <integer>; 920 sig-signing-type <integer>; 921 sig-validity-interval <integer> [ <integer> ]; 922 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 923 dscp <integer> ]; 924 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 925 ] [ dscp <integer> ]; 926 try-tcp-refresh <boolean>; 927 type ( primary | master | secondary | slave | mirror | 928 delegation-only | forward | hint | redirect | static-stub | 929 stub ); 930 update-check-ksk <boolean>; 931 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 932 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 933 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 934 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 935 <rrtypelist>; ... }; 936 use-alt-transfer-source <boolean>; 937 zero-no-soa-ttl <boolean>; 938 zone-statistics ( full | terse | none | <boolean> ); 939}; // may occur multiple times 940 941