options revision 1.1.1.8
1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dnssec-policy <string> { 25 dnskey-ttl <duration>; 26 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 27 <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; 28 max-zone-ttl <duration>; 29 nsec3param [ iterations <integer> ] [ optout <boolean> ] [ 30 salt-length <integer> ]; 31 parent-ds-ttl <duration>; 32 parent-propagation-delay <duration>; 33 parent-registration-delay <duration>; // obsolete 34 publish-safety <duration>; 35 retire-safety <duration>; 36 signatures-refresh <duration>; 37 signatures-validity <duration>; 38 signatures-validity-dnskey <duration>; 39 zone-propagation-delay <duration>; 40}; // may occur multiple times 41 42dyndb <string> <quoted_string> { 43 <unspecified-text> }; // may occur multiple times 44 45key <string> { 46 algorithm <string>; 47 secret <string>; 48}; // may occur multiple times 49 50logging { 51 category <string> { <string>; ... }; // may occur multiple times 52 channel <string> { 53 buffered <boolean>; 54 file <quoted_string> [ versions ( unlimited | <integer> ) ] 55 [ size <size> ] [ suffix ( increment | timestamp ) ]; 56 null; 57 print-category <boolean>; 58 print-severity <boolean>; 59 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 60 severity <log_severity>; 61 stderr; 62 syslog [ <syslog_facility> ]; 63 }; // may occur multiple times 64}; 65 66lwres { <unspecified-text> }; // obsolete, may occur multiple times 67 68managed-keys { <string> ( static-key 69 | initial-key | static-ds | 70 initial-ds ) <integer> <integer> 71 <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 72 73masters <string> [ port <integer> ] [ dscp 74 <integer> ] { ( <primaries> | <ipv4_address> 75 [ port <integer> ] | <ipv6_address> [ port 76 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 77 78options { 79 acache-cleaning-interval <integer>; // obsolete 80 acache-enable <boolean>; // obsolete 81 additional-from-auth <boolean>; // obsolete 82 additional-from-cache <boolean>; // obsolete 83 allow-new-zones <boolean>; 84 allow-notify { <address_match_element>; ... }; 85 allow-query { <address_match_element>; ... }; 86 allow-query-cache { <address_match_element>; ... }; 87 allow-query-cache-on { <address_match_element>; ... }; 88 allow-query-on { <address_match_element>; ... }; 89 allow-recursion { <address_match_element>; ... }; 90 allow-recursion-on { <address_match_element>; ... }; 91 allow-transfer { <address_match_element>; ... }; 92 allow-update { <address_match_element>; ... }; 93 allow-update-forwarding { <address_match_element>; ... }; 94 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 95 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 96 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 97 <integer> ] ) [ key <string> ]; ... }; 98 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 99 ] [ dscp <integer> ]; 100 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 101 * ) ] [ dscp <integer> ]; 102 answer-cookie <boolean>; 103 attach-cache <string>; 104 auth-nxdomain <boolean>; // default changed 105 auto-dnssec ( allow | maintain | off ); 106 automatic-interface-scan <boolean>; 107 avoid-v4-udp-ports { <portrange>; ... }; 108 avoid-v6-udp-ports { <portrange>; ... }; 109 bindkeys-file <quoted_string>; 110 blackhole { <address_match_element>; ... }; 111 cache-file <quoted_string>; 112 catalog-zones { zone <string> [ default-masters [ port <integer> ] 113 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port 114 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 115 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 116 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 117 check-dup-records ( fail | warn | ignore ); 118 check-integrity <boolean>; 119 check-mx ( fail | warn | ignore ); 120 check-mx-cname ( fail | warn | ignore ); 121 check-names ( primary | master | 122 secondary | slave | response ) ( 123 fail | warn | ignore ); // may occur multiple times 124 check-sibling <boolean>; 125 check-spf ( warn | ignore ); 126 check-srv-cname ( fail | warn | ignore ); 127 check-wildcard <boolean>; 128 cleaning-interval <integer>; // obsolete 129 clients-per-query <integer>; 130 cookie-algorithm ( aes | siphash24 ); 131 cookie-secret <string>; // may occur multiple times 132 coresize ( default | unlimited | <sizeval> ); 133 datasize ( default | unlimited | <sizeval> ); 134 deallocate-on-exit <boolean>; // ancient 135 deny-answer-addresses { <address_match_element>; ... } [ 136 except-from { <string>; ... } ]; 137 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 138 } ]; 139 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 140 directory <quoted_string>; 141 disable-algorithms <string> { <string>; 142 ... }; // may occur multiple times 143 disable-ds-digests <string> { <string>; 144 ... }; // may occur multiple times 145 disable-empty-zone <string>; // may occur multiple times 146 dns64 <netprefix> { 147 break-dnssec <boolean>; 148 clients { <address_match_element>; ... }; 149 exclude { <address_match_element>; ... }; 150 mapped { <address_match_element>; ... }; 151 recursive-only <boolean>; 152 suffix <ipv6_address>; 153 }; // may occur multiple times 154 dns64-contact <string>; 155 dns64-server <string>; 156 dnskey-sig-validity <integer>; 157 dnsrps-enable <boolean>; // not configured 158 dnsrps-options { <unspecified-text> }; // not configured 159 dnssec-accept-expired <boolean>; 160 dnssec-dnskey-kskonly <boolean>; 161 dnssec-enable <boolean>; // obsolete 162 dnssec-loadkeys-interval <integer>; 163 dnssec-lookaside ( <string> 164 trust-anchor <string> | 165 auto | no ); // obsolete, may occur multiple times 166 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 167 dnssec-policy <string>; 168 dnssec-secure-to-insecure <boolean>; 169 dnssec-update-mode ( maintain | no-resign ); 170 dnssec-validation ( yes | no | auto ); 171 dnstap { ( all | auth | client | forwarder | 172 resolver | update ) [ ( query | response ) ]; 173 ... }; // not configured 174 dnstap-identity ( <quoted_string> | none | 175 hostname ); // not configured 176 dnstap-output ( file | unix ) <quoted_string> [ 177 size ( unlimited | <size> ) ] [ versions ( 178 unlimited | <integer> ) ] [ suffix ( increment 179 | timestamp ) ]; // not configured 180 dnstap-version ( <quoted_string> | none ); // not configured 181 dscp <integer>; 182 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 183 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 184 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 185 <integer> ] [ dscp <integer> ] ); ... }; 186 dump-file <quoted_string>; 187 edns-udp-size <integer>; 188 empty-contact <string>; 189 empty-server <string>; 190 empty-zones-enable <boolean>; 191 fake-iquery <boolean>; // ancient 192 fetch-glue <boolean>; // ancient 193 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 194 fetches-per-server <integer> [ ( drop | fail ) ]; 195 fetches-per-zone <integer> [ ( drop | fail ) ]; 196 files ( default | unlimited | <sizeval> ); 197 filter-aaaa { <address_match_element>; ... }; // obsolete 198 filter-aaaa-on-v4 <boolean>; // obsolete 199 filter-aaaa-on-v6 <boolean>; // obsolete 200 flush-zones-on-shutdown <boolean>; 201 forward ( first | only ); 202 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 203 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 204 fstrm-set-buffer-hint <integer>; // not configured 205 fstrm-set-flush-timeout <integer>; // not configured 206 fstrm-set-input-queue-size <integer>; // not configured 207 fstrm-set-output-notify-threshold <integer>; // not configured 208 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 209 fstrm-set-output-queue-size <integer>; // not configured 210 fstrm-set-reopen-interval <duration>; // not configured 211 geoip-directory ( <quoted_string> | none ); 212 geoip-use-ecs <boolean>; // obsolete 213 glue-cache <boolean>; 214 has-old-clients <boolean>; // ancient 215 heartbeat-interval <integer>; 216 host-statistics <boolean>; // ancient 217 host-statistics-max <integer>; // ancient 218 hostname ( <quoted_string> | none ); 219 inline-signing <boolean>; 220 interface-interval <duration>; 221 ixfr-from-differences ( primary | master | secondary | slave | 222 <boolean> ); 223 keep-response-order { <address_match_element>; ... }; 224 key-directory <quoted_string>; 225 lame-ttl <duration>; 226 listen-on [ port <integer> ] [ dscp 227 <integer> ] { 228 <address_match_element>; ... }; // may occur multiple times 229 listen-on-v6 [ port <integer> ] [ dscp 230 <integer> ] { 231 <address_match_element>; ... }; // may occur multiple times 232 lmdb-mapsize <sizeval>; 233 lock-file ( <quoted_string> | none ); 234 maintain-ixfr-base <boolean>; // ancient 235 managed-keys-directory <quoted_string>; 236 masterfile-format ( map | raw | text ); 237 masterfile-style ( full | relative ); 238 match-mapped-addresses <boolean>; 239 max-acache-size ( unlimited | <sizeval> ); // obsolete 240 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 241 max-cache-ttl <duration>; 242 max-clients-per-query <integer>; 243 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 244 max-ixfr-ratio ( unlimited | <percentage> ); 245 max-journal-size ( default | unlimited | <sizeval> ); 246 max-ncache-ttl <duration>; 247 max-records <integer>; 248 max-recursion-depth <integer>; 249 max-recursion-queries <integer>; 250 max-refresh-time <integer>; 251 max-retry-time <integer>; 252 max-rsa-exponent-size <integer>; 253 max-stale-ttl <duration>; 254 max-transfer-idle-in <integer>; 255 max-transfer-idle-out <integer>; 256 max-transfer-time-in <integer>; 257 max-transfer-time-out <integer>; 258 max-udp-size <integer>; 259 max-zone-ttl ( unlimited | <duration> ); 260 memstatistics <boolean>; 261 memstatistics-file <quoted_string>; 262 message-compression <boolean>; 263 min-cache-ttl <duration>; 264 min-ncache-ttl <duration>; 265 min-refresh-time <integer>; 266 min-retry-time <integer>; 267 min-roots <integer>; // ancient 268 minimal-any <boolean>; 269 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 270 multi-master <boolean>; 271 multiple-cnames <boolean>; // ancient 272 named-xfer <quoted_string>; // ancient 273 new-zones-directory <quoted_string>; 274 no-case-compress { <address_match_element>; ... }; 275 nocookie-udp-size <integer>; 276 nosit-udp-size <integer>; // obsolete 277 notify ( explicit | master-only | primary-only | <boolean> ); 278 notify-delay <integer>; 279 notify-rate <integer>; 280 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 281 dscp <integer> ]; 282 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 283 [ dscp <integer> ]; 284 notify-to-soa <boolean>; 285 nsec3-test-zone <boolean>; // test only 286 nta-lifetime <duration>; 287 nta-recheck <duration>; 288 nxdomain-redirect <string>; 289 pid-file ( <quoted_string> | none ); 290 port <integer>; 291 preferred-glue <string>; 292 prefetch <integer> [ <integer> ]; 293 provide-ixfr <boolean>; 294 qname-minimization ( strict | relaxed | disabled | off ); 295 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 296 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 297 port ( <integer> | * ) ) ) [ dscp <integer> ]; 298 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 299 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 300 port ( <integer> | * ) ) ) [ dscp <integer> ]; 301 querylog <boolean>; 302 queryport-pool-ports <integer>; // obsolete 303 queryport-pool-updateinterval <integer>; // obsolete 304 random-device ( <quoted_string> | none ); 305 rate-limit { 306 all-per-second <integer>; 307 errors-per-second <integer>; 308 exempt-clients { <address_match_element>; ... }; 309 ipv4-prefix-length <integer>; 310 ipv6-prefix-length <integer>; 311 log-only <boolean>; 312 max-table-size <integer>; 313 min-table-size <integer>; 314 nodata-per-second <integer>; 315 nxdomains-per-second <integer>; 316 qps-scale <integer>; 317 referrals-per-second <integer>; 318 responses-per-second <integer>; 319 slip <integer>; 320 window <integer>; 321 }; 322 recursing-file <quoted_string>; 323 recursion <boolean>; 324 recursive-clients <integer>; 325 request-expire <boolean>; 326 request-ixfr <boolean>; 327 request-nsid <boolean>; 328 request-sit <boolean>; // obsolete 329 require-server-cookie <boolean>; 330 reserved-sockets <integer>; 331 resolver-nonbackoff-tries <integer>; 332 resolver-query-timeout <integer>; 333 resolver-retry-interval <integer>; 334 response-padding { <address_match_element>; ... } block-size 335 <integer>; 336 response-policy { zone <string> [ add-soa <boolean> ] [ log 337 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 338 <duration> ] [ policy ( cname | disabled | drop | given | no-op 339 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 340 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 341 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 342 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 343 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 344 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 345 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 346 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 347 dnsrps-options { <unspecified-text> } ]; 348 rfc2308-type1 <boolean>; // ancient 349 root-delegation-only [ exclude { <string>; ... } ]; 350 root-key-sentinel <boolean>; 351 rrset-order { [ class <string> ] [ type <string> ] [ name 352 <quoted_string> ] <string> <string>; ... }; 353 secroots-file <quoted_string>; 354 send-cookie <boolean>; 355 serial-queries <integer>; // ancient 356 serial-query-rate <integer>; 357 serial-update-method ( date | increment | unixtime ); 358 server-id ( <quoted_string> | none | hostname ); 359 servfail-ttl <duration>; 360 session-keyalg <string>; 361 session-keyfile ( <quoted_string> | none ); 362 session-keyname <string>; 363 sig-signing-nodes <integer>; 364 sig-signing-signatures <integer>; 365 sig-signing-type <integer>; 366 sig-validity-interval <integer> [ <integer> ]; 367 sit-secret <string>; // obsolete 368 sortlist { <address_match_element>; ... }; 369 stacksize ( default | unlimited | <sizeval> ); 370 stale-answer-client-timeout ( disabled | off | <integer> ); 371 stale-answer-enable <boolean>; 372 stale-answer-ttl <duration>; 373 stale-cache-enable <boolean>; 374 stale-refresh-time <duration>; 375 startup-notify-rate <integer>; 376 statistics-file <quoted_string>; 377 statistics-interval <integer>; // ancient 378 suppress-initial-notify <boolean>; // not yet implemented 379 synth-from-dnssec <boolean>; 380 tcp-advertised-timeout <integer>; 381 tcp-clients <integer>; 382 tcp-idle-timeout <integer>; 383 tcp-initial-timeout <integer>; 384 tcp-keepalive-timeout <integer>; 385 tcp-listen-queue <integer>; 386 tkey-dhkey <quoted_string> <integer>; 387 tkey-domain <quoted_string>; 388 tkey-gssapi-credential <quoted_string>; 389 tkey-gssapi-keytab <quoted_string>; 390 topology { <address_match_element>; ... }; // ancient 391 transfer-format ( many-answers | one-answer ); 392 transfer-message-size <integer>; 393 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 394 dscp <integer> ]; 395 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 396 ] [ dscp <integer> ]; 397 transfers-in <integer>; 398 transfers-out <integer>; 399 transfers-per-ns <integer>; 400 treat-cr-as-space <boolean>; // ancient 401 trust-anchor-telemetry <boolean>; // experimental 402 try-tcp-refresh <boolean>; 403 update-check-ksk <boolean>; 404 use-alt-transfer-source <boolean>; 405 use-id-pool <boolean>; // ancient 406 use-ixfr <boolean>; // obsolete 407 use-queryport-pool <boolean>; // obsolete 408 use-v4-udp-ports { <portrange>; ... }; 409 use-v6-udp-ports { <portrange>; ... }; 410 v6-bias <integer>; 411 validate-except { <string>; ... }; 412 version ( <quoted_string> | none ); 413 zero-no-soa-ttl <boolean>; 414 zero-no-soa-ttl-cache <boolean>; 415 zone-statistics ( full | terse | none | <boolean> ); 416}; 417 418plugin ( query ) <string> [ { <unspecified-text> 419 } ]; // may occur multiple times 420 421primaries <string> [ port <integer> ] [ dscp 422 <integer> ] { ( <primaries> | <ipv4_address> 423 [ port <integer> ] | <ipv6_address> [ port 424 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 425 426server <netprefix> { 427 bogus <boolean>; 428 edns <boolean>; 429 edns-udp-size <integer>; 430 edns-version <integer>; 431 keys <server_key>; 432 max-udp-size <integer>; 433 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 434 dscp <integer> ]; 435 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 436 [ dscp <integer> ]; 437 padding <integer>; 438 provide-ixfr <boolean>; 439 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 440 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 441 port ( <integer> | * ) ) ) [ dscp <integer> ]; 442 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 443 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 444 port ( <integer> | * ) ) ) [ dscp <integer> ]; 445 request-expire <boolean>; 446 request-ixfr <boolean>; 447 request-nsid <boolean>; 448 request-sit <boolean>; // obsolete 449 send-cookie <boolean>; 450 support-ixfr <boolean>; // obsolete 451 tcp-keepalive <boolean>; 452 tcp-only <boolean>; 453 transfer-format ( many-answers | one-answer ); 454 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 455 dscp <integer> ]; 456 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 457 ] [ dscp <integer> ]; 458 transfers <integer>; 459}; // may occur multiple times 460 461statistics-channels { 462 inet ( <ipv4_address> | <ipv6_address> | 463 * ) [ port ( <integer> | * ) ] [ 464 allow { <address_match_element>; ... 465 } ]; // may occur multiple times 466}; // may occur multiple times 467 468trust-anchors { <string> ( static-key | 469 initial-key | static-ds | initial-ds ) 470 <integer> <integer> <integer> 471 <quoted_string>; ... }; // may occur multiple times 472 473trusted-keys { <string> <integer> 474 <integer> <integer> 475 <quoted_string>; ... }; // may occur multiple times, deprecated 476 477view <string> [ <class> ] { 478 acache-cleaning-interval <integer>; // obsolete 479 acache-enable <boolean>; // obsolete 480 additional-from-auth <boolean>; // obsolete 481 additional-from-cache <boolean>; // obsolete 482 allow-new-zones <boolean>; 483 allow-notify { <address_match_element>; ... }; 484 allow-query { <address_match_element>; ... }; 485 allow-query-cache { <address_match_element>; ... }; 486 allow-query-cache-on { <address_match_element>; ... }; 487 allow-query-on { <address_match_element>; ... }; 488 allow-recursion { <address_match_element>; ... }; 489 allow-recursion-on { <address_match_element>; ... }; 490 allow-transfer { <address_match_element>; ... }; 491 allow-update { <address_match_element>; ... }; 492 allow-update-forwarding { <address_match_element>; ... }; 493 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 494 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 495 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 496 <integer> ] ) [ key <string> ]; ... }; 497 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 498 ] [ dscp <integer> ]; 499 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 500 * ) ] [ dscp <integer> ]; 501 attach-cache <string>; 502 auth-nxdomain <boolean>; // default changed 503 auto-dnssec ( allow | maintain | off ); 504 cache-file <quoted_string>; 505 catalog-zones { zone <string> [ default-masters [ port <integer> ] 506 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port 507 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 508 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 509 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 510 check-dup-records ( fail | warn | ignore ); 511 check-integrity <boolean>; 512 check-mx ( fail | warn | ignore ); 513 check-mx-cname ( fail | warn | ignore ); 514 check-names ( primary | master | 515 secondary | slave | response ) ( 516 fail | warn | ignore ); // may occur multiple times 517 check-sibling <boolean>; 518 check-spf ( warn | ignore ); 519 check-srv-cname ( fail | warn | ignore ); 520 check-wildcard <boolean>; 521 cleaning-interval <integer>; // obsolete 522 clients-per-query <integer>; 523 deny-answer-addresses { <address_match_element>; ... } [ 524 except-from { <string>; ... } ]; 525 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 526 } ]; 527 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 528 disable-algorithms <string> { <string>; 529 ... }; // may occur multiple times 530 disable-ds-digests <string> { <string>; 531 ... }; // may occur multiple times 532 disable-empty-zone <string>; // may occur multiple times 533 dlz <string> { 534 database <string>; 535 search <boolean>; 536 }; // may occur multiple times 537 dns64 <netprefix> { 538 break-dnssec <boolean>; 539 clients { <address_match_element>; ... }; 540 exclude { <address_match_element>; ... }; 541 mapped { <address_match_element>; ... }; 542 recursive-only <boolean>; 543 suffix <ipv6_address>; 544 }; // may occur multiple times 545 dns64-contact <string>; 546 dns64-server <string>; 547 dnskey-sig-validity <integer>; 548 dnsrps-enable <boolean>; // not configured 549 dnsrps-options { <unspecified-text> }; // not configured 550 dnssec-accept-expired <boolean>; 551 dnssec-dnskey-kskonly <boolean>; 552 dnssec-enable <boolean>; // obsolete 553 dnssec-loadkeys-interval <integer>; 554 dnssec-lookaside ( <string> 555 trust-anchor <string> | 556 auto | no ); // obsolete, may occur multiple times 557 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 558 dnssec-policy <string>; 559 dnssec-secure-to-insecure <boolean>; 560 dnssec-update-mode ( maintain | no-resign ); 561 dnssec-validation ( yes | no | auto ); 562 dnstap { ( all | auth | client | forwarder | 563 resolver | update ) [ ( query | response ) ]; 564 ... }; // not configured 565 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 566 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 567 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 568 <integer> ] [ dscp <integer> ] ); ... }; 569 dyndb <string> <quoted_string> { 570 <unspecified-text> }; // may occur multiple times 571 edns-udp-size <integer>; 572 empty-contact <string>; 573 empty-server <string>; 574 empty-zones-enable <boolean>; 575 fetch-glue <boolean>; // ancient 576 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 577 fetches-per-server <integer> [ ( drop | fail ) ]; 578 fetches-per-zone <integer> [ ( drop | fail ) ]; 579 filter-aaaa { <address_match_element>; ... }; // obsolete 580 filter-aaaa-on-v4 <boolean>; // obsolete 581 filter-aaaa-on-v6 <boolean>; // obsolete 582 forward ( first | only ); 583 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 584 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 585 glue-cache <boolean>; 586 inline-signing <boolean>; 587 ixfr-from-differences ( primary | master | secondary | slave | 588 <boolean> ); 589 key <string> { 590 algorithm <string>; 591 secret <string>; 592 }; // may occur multiple times 593 key-directory <quoted_string>; 594 lame-ttl <duration>; 595 lmdb-mapsize <sizeval>; 596 maintain-ixfr-base <boolean>; // ancient 597 managed-keys { <string> ( 598 static-key | initial-key 599 | static-ds | initial-ds 600 ) <integer> <integer> 601 <integer> 602 <quoted_string>; ... }; // may occur multiple times, deprecated 603 masterfile-format ( map | raw | text ); 604 masterfile-style ( full | relative ); 605 match-clients { <address_match_element>; ... }; 606 match-destinations { <address_match_element>; ... }; 607 match-recursive-only <boolean>; 608 max-acache-size ( unlimited | <sizeval> ); // obsolete 609 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 610 max-cache-ttl <duration>; 611 max-clients-per-query <integer>; 612 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 613 max-ixfr-ratio ( unlimited | <percentage> ); 614 max-journal-size ( default | unlimited | <sizeval> ); 615 max-ncache-ttl <duration>; 616 max-records <integer>; 617 max-recursion-depth <integer>; 618 max-recursion-queries <integer>; 619 max-refresh-time <integer>; 620 max-retry-time <integer>; 621 max-stale-ttl <duration>; 622 max-transfer-idle-in <integer>; 623 max-transfer-idle-out <integer>; 624 max-transfer-time-in <integer>; 625 max-transfer-time-out <integer>; 626 max-udp-size <integer>; 627 max-zone-ttl ( unlimited | <duration> ); 628 message-compression <boolean>; 629 min-cache-ttl <duration>; 630 min-ncache-ttl <duration>; 631 min-refresh-time <integer>; 632 min-retry-time <integer>; 633 min-roots <integer>; // ancient 634 minimal-any <boolean>; 635 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 636 multi-master <boolean>; 637 new-zones-directory <quoted_string>; 638 no-case-compress { <address_match_element>; ... }; 639 nocookie-udp-size <integer>; 640 nosit-udp-size <integer>; // obsolete 641 notify ( explicit | master-only | primary-only | <boolean> ); 642 notify-delay <integer>; 643 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 644 dscp <integer> ]; 645 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 646 [ dscp <integer> ]; 647 notify-to-soa <boolean>; 648 nsec3-test-zone <boolean>; // test only 649 nta-lifetime <duration>; 650 nta-recheck <duration>; 651 nxdomain-redirect <string>; 652 plugin ( query ) <string> [ { 653 <unspecified-text> } ]; // may occur multiple times 654 preferred-glue <string>; 655 prefetch <integer> [ <integer> ]; 656 provide-ixfr <boolean>; 657 qname-minimization ( strict | relaxed | disabled | off ); 658 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 659 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 660 port ( <integer> | * ) ) ) [ dscp <integer> ]; 661 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 662 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 663 port ( <integer> | * ) ) ) [ dscp <integer> ]; 664 queryport-pool-ports <integer>; // obsolete 665 queryport-pool-updateinterval <integer>; // obsolete 666 rate-limit { 667 all-per-second <integer>; 668 errors-per-second <integer>; 669 exempt-clients { <address_match_element>; ... }; 670 ipv4-prefix-length <integer>; 671 ipv6-prefix-length <integer>; 672 log-only <boolean>; 673 max-table-size <integer>; 674 min-table-size <integer>; 675 nodata-per-second <integer>; 676 nxdomains-per-second <integer>; 677 qps-scale <integer>; 678 referrals-per-second <integer>; 679 responses-per-second <integer>; 680 slip <integer>; 681 window <integer>; 682 }; 683 recursion <boolean>; 684 request-expire <boolean>; 685 request-ixfr <boolean>; 686 request-nsid <boolean>; 687 request-sit <boolean>; // obsolete 688 require-server-cookie <boolean>; 689 resolver-nonbackoff-tries <integer>; 690 resolver-query-timeout <integer>; 691 resolver-retry-interval <integer>; 692 response-padding { <address_match_element>; ... } block-size 693 <integer>; 694 response-policy { zone <string> [ add-soa <boolean> ] [ log 695 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 696 <duration> ] [ policy ( cname | disabled | drop | given | no-op 697 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 698 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 699 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 700 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 701 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 702 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 703 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 704 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 705 dnsrps-options { <unspecified-text> } ]; 706 rfc2308-type1 <boolean>; // ancient 707 root-delegation-only [ exclude { <string>; ... } ]; 708 root-key-sentinel <boolean>; 709 rrset-order { [ class <string> ] [ type <string> ] [ name 710 <quoted_string> ] <string> <string>; ... }; 711 send-cookie <boolean>; 712 serial-update-method ( date | increment | unixtime ); 713 server <netprefix> { 714 bogus <boolean>; 715 edns <boolean>; 716 edns-udp-size <integer>; 717 edns-version <integer>; 718 keys <server_key>; 719 max-udp-size <integer>; 720 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 721 ) ] [ dscp <integer> ]; 722 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 723 | * ) ] [ dscp <integer> ]; 724 padding <integer>; 725 provide-ixfr <boolean>; 726 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 727 ( <integer> | * ) ] ) | ( [ [ address ] ( 728 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 729 dscp <integer> ]; 730 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 731 port ( <integer> | * ) ] ) | ( [ [ address ] ( 732 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 733 dscp <integer> ]; 734 request-expire <boolean>; 735 request-ixfr <boolean>; 736 request-nsid <boolean>; 737 request-sit <boolean>; // obsolete 738 send-cookie <boolean>; 739 support-ixfr <boolean>; // obsolete 740 tcp-keepalive <boolean>; 741 tcp-only <boolean>; 742 transfer-format ( many-answers | one-answer ); 743 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 744 * ) ] [ dscp <integer> ]; 745 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 746 <integer> | * ) ] [ dscp <integer> ]; 747 transfers <integer>; 748 }; // may occur multiple times 749 servfail-ttl <duration>; 750 sig-signing-nodes <integer>; 751 sig-signing-signatures <integer>; 752 sig-signing-type <integer>; 753 sig-validity-interval <integer> [ <integer> ]; 754 sortlist { <address_match_element>; ... }; 755 stale-answer-client-timeout ( disabled | off | <integer> ); 756 stale-answer-enable <boolean>; 757 stale-answer-ttl <duration>; 758 stale-cache-enable <boolean>; 759 stale-refresh-time <duration>; 760 suppress-initial-notify <boolean>; // not yet implemented 761 synth-from-dnssec <boolean>; 762 topology { <address_match_element>; ... }; // ancient 763 transfer-format ( many-answers | one-answer ); 764 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 765 dscp <integer> ]; 766 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 767 ] [ dscp <integer> ]; 768 trust-anchor-telemetry <boolean>; // experimental 769 trust-anchors { <string> ( static-key | 770 initial-key | static-ds | initial-ds 771 ) <integer> <integer> <integer> 772 <quoted_string>; ... }; // may occur multiple times 773 trusted-keys { <string> 774 <integer> <integer> 775 <integer> 776 <quoted_string>; ... }; // may occur multiple times, deprecated 777 try-tcp-refresh <boolean>; 778 update-check-ksk <boolean>; 779 use-alt-transfer-source <boolean>; 780 use-queryport-pool <boolean>; // obsolete 781 v6-bias <integer>; 782 validate-except { <string>; ... }; 783 zero-no-soa-ttl <boolean>; 784 zero-no-soa-ttl-cache <boolean>; 785 zone <string> [ <class> ] { 786 allow-notify { <address_match_element>; ... }; 787 allow-query { <address_match_element>; ... }; 788 allow-query-on { <address_match_element>; ... }; 789 allow-transfer { <address_match_element>; ... }; 790 allow-update { <address_match_element>; ... }; 791 allow-update-forwarding { <address_match_element>; ... }; 792 also-notify [ port <integer> ] [ dscp <integer> ] { ( 793 <primaries> | <ipv4_address> [ port <integer> ] | 794 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 795 ... }; 796 alt-transfer-source ( <ipv4_address> | * ) [ port ( 797 <integer> | * ) ] [ dscp <integer> ]; 798 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 799 <integer> | * ) ] [ dscp <integer> ]; 800 auto-dnssec ( allow | maintain | off ); 801 check-dup-records ( fail | warn | ignore ); 802 check-integrity <boolean>; 803 check-mx ( fail | warn | ignore ); 804 check-mx-cname ( fail | warn | ignore ); 805 check-names ( fail | warn | ignore ); 806 check-sibling <boolean>; 807 check-spf ( warn | ignore ); 808 check-srv-cname ( fail | warn | ignore ); 809 check-wildcard <boolean>; 810 database <string>; 811 delegation-only <boolean>; 812 dialup ( notify | notify-passive | passive | refresh | 813 <boolean> ); 814 dlz <string>; 815 dnskey-sig-validity <integer>; 816 dnssec-dnskey-kskonly <boolean>; 817 dnssec-loadkeys-interval <integer>; 818 dnssec-policy <string>; 819 dnssec-secure-to-insecure <boolean>; 820 dnssec-update-mode ( maintain | no-resign ); 821 file <quoted_string>; 822 forward ( first | only ); 823 forwarders [ port <integer> ] [ dscp <integer> ] { ( 824 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 825 dscp <integer> ]; ... }; 826 in-view <string>; 827 inline-signing <boolean>; 828 ixfr-base <quoted_string>; // ancient 829 ixfr-from-differences <boolean>; 830 ixfr-tmp-file <quoted_string>; // ancient 831 journal <quoted_string>; 832 key-directory <quoted_string>; 833 maintain-ixfr-base <boolean>; // ancient 834 masterfile-format ( map | raw | text ); 835 masterfile-style ( full | relative ); 836 masters [ port <integer> ] [ dscp <integer> ] { ( 837 <primaries> | <ipv4_address> [ port <integer> ] | 838 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 839 ... }; 840 max-ixfr-log-size ( default | unlimited | 841 <sizeval> ); // ancient 842 max-ixfr-ratio ( unlimited | <percentage> ); 843 max-journal-size ( default | unlimited | <sizeval> ); 844 max-records <integer>; 845 max-refresh-time <integer>; 846 max-retry-time <integer>; 847 max-transfer-idle-in <integer>; 848 max-transfer-idle-out <integer>; 849 max-transfer-time-in <integer>; 850 max-transfer-time-out <integer>; 851 max-zone-ttl ( unlimited | <duration> ); 852 min-refresh-time <integer>; 853 min-retry-time <integer>; 854 multi-master <boolean>; 855 notify ( explicit | master-only | primary-only | <boolean> ); 856 notify-delay <integer>; 857 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 858 ) ] [ dscp <integer> ]; 859 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 860 | * ) ] [ dscp <integer> ]; 861 notify-to-soa <boolean>; 862 nsec3-test-zone <boolean>; // test only 863 primaries [ port <integer> ] [ dscp <integer> ] { ( 864 <primaries> | <ipv4_address> [ port <integer> ] | 865 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 866 ... }; 867 pubkey <integer> <integer> <integer> 868 <quoted_string>; // ancient 869 request-expire <boolean>; 870 request-ixfr <boolean>; 871 serial-update-method ( date | increment | unixtime ); 872 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 873 server-names { <string>; ... }; 874 sig-signing-nodes <integer>; 875 sig-signing-signatures <integer>; 876 sig-signing-type <integer>; 877 sig-validity-interval <integer> [ <integer> ]; 878 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 879 * ) ] [ dscp <integer> ]; 880 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 881 <integer> | * ) ] [ dscp <integer> ]; 882 try-tcp-refresh <boolean>; 883 type ( primary | master | secondary | slave | mirror | 884 delegation-only | forward | hint | redirect | 885 static-stub | stub ); 886 update-check-ksk <boolean>; 887 update-policy ( local | { ( deny | grant ) <string> ( 888 6to4-self | external | krb5-self | krb5-selfsub | 889 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 890 name | self | selfsub | selfwild | subdomain | tcp-self 891 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 892 use-alt-transfer-source <boolean>; 893 zero-no-soa-ttl <boolean>; 894 zone-statistics ( full | terse | none | <boolean> ); 895 }; // may occur multiple times 896 zone-statistics ( full | terse | none | <boolean> ); 897}; // may occur multiple times 898 899zone <string> [ <class> ] { 900 allow-notify { <address_match_element>; ... }; 901 allow-query { <address_match_element>; ... }; 902 allow-query-on { <address_match_element>; ... }; 903 allow-transfer { <address_match_element>; ... }; 904 allow-update { <address_match_element>; ... }; 905 allow-update-forwarding { <address_match_element>; ... }; 906 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 907 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 908 <integer> ] ) [ key <string> ]; ... }; 909 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 910 ] [ dscp <integer> ]; 911 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 912 * ) ] [ dscp <integer> ]; 913 auto-dnssec ( allow | maintain | off ); 914 check-dup-records ( fail | warn | ignore ); 915 check-integrity <boolean>; 916 check-mx ( fail | warn | ignore ); 917 check-mx-cname ( fail | warn | ignore ); 918 check-names ( fail | warn | ignore ); 919 check-sibling <boolean>; 920 check-spf ( warn | ignore ); 921 check-srv-cname ( fail | warn | ignore ); 922 check-wildcard <boolean>; 923 database <string>; 924 delegation-only <boolean>; 925 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 926 dlz <string>; 927 dnskey-sig-validity <integer>; 928 dnssec-dnskey-kskonly <boolean>; 929 dnssec-loadkeys-interval <integer>; 930 dnssec-policy <string>; 931 dnssec-secure-to-insecure <boolean>; 932 dnssec-update-mode ( maintain | no-resign ); 933 file <quoted_string>; 934 forward ( first | only ); 935 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 936 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 937 in-view <string>; 938 inline-signing <boolean>; 939 ixfr-base <quoted_string>; // ancient 940 ixfr-from-differences <boolean>; 941 ixfr-tmp-file <quoted_string>; // ancient 942 journal <quoted_string>; 943 key-directory <quoted_string>; 944 maintain-ixfr-base <boolean>; // ancient 945 masterfile-format ( map | raw | text ); 946 masterfile-style ( full | relative ); 947 masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 948 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 949 <integer> ] ) [ key <string> ]; ... }; 950 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 951 max-ixfr-ratio ( unlimited | <percentage> ); 952 max-journal-size ( default | unlimited | <sizeval> ); 953 max-records <integer>; 954 max-refresh-time <integer>; 955 max-retry-time <integer>; 956 max-transfer-idle-in <integer>; 957 max-transfer-idle-out <integer>; 958 max-transfer-time-in <integer>; 959 max-transfer-time-out <integer>; 960 max-zone-ttl ( unlimited | <duration> ); 961 min-refresh-time <integer>; 962 min-retry-time <integer>; 963 multi-master <boolean>; 964 notify ( explicit | master-only | primary-only | <boolean> ); 965 notify-delay <integer>; 966 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 967 dscp <integer> ]; 968 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 969 [ dscp <integer> ]; 970 notify-to-soa <boolean>; 971 nsec3-test-zone <boolean>; // test only 972 primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 973 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 974 <integer> ] ) [ key <string> ]; ... }; 975 pubkey <integer> <integer> <integer> <quoted_string>; // ancient 976 request-expire <boolean>; 977 request-ixfr <boolean>; 978 serial-update-method ( date | increment | unixtime ); 979 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 980 server-names { <string>; ... }; 981 sig-signing-nodes <integer>; 982 sig-signing-signatures <integer>; 983 sig-signing-type <integer>; 984 sig-validity-interval <integer> [ <integer> ]; 985 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 986 dscp <integer> ]; 987 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 988 ] [ dscp <integer> ]; 989 try-tcp-refresh <boolean>; 990 type ( primary | master | secondary | slave | mirror | 991 delegation-only | forward | hint | redirect | static-stub | 992 stub ); 993 update-check-ksk <boolean>; 994 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 995 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 996 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 997 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 998 <rrtypelist>; ... }; 999 use-alt-transfer-source <boolean>; 1000 zero-no-soa-ttl <boolean>; 1001 zone-statistics ( full | terse | none | <boolean> ); 1002}; // may occur multiple times 1003 1004