options revision 1.1.1.9
1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dnssec-policy <string> { 25 dnskey-ttl <duration>; 26 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 27 <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; 28 max-zone-ttl <duration>; 29 nsec3param [ iterations <integer> ] [ optout <boolean> ] [ 30 salt-length <integer> ]; 31 parent-ds-ttl <duration>; 32 parent-propagation-delay <duration>; 33 parent-registration-delay <duration>; // obsolete 34 publish-safety <duration>; 35 purge-keys <duration>; 36 retire-safety <duration>; 37 signatures-refresh <duration>; 38 signatures-validity <duration>; 39 signatures-validity-dnskey <duration>; 40 zone-propagation-delay <duration>; 41}; // may occur multiple times 42 43dyndb <string> <quoted_string> { 44 <unspecified-text> }; // may occur multiple times 45 46key <string> { 47 algorithm <string>; 48 secret <string>; 49}; // may occur multiple times 50 51logging { 52 category <string> { <string>; ... }; // may occur multiple times 53 channel <string> { 54 buffered <boolean>; 55 file <quoted_string> [ versions ( unlimited | <integer> ) ] 56 [ size <size> ] [ suffix ( increment | timestamp ) ]; 57 null; 58 print-category <boolean>; 59 print-severity <boolean>; 60 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 61 severity <log_severity>; 62 stderr; 63 syslog [ <syslog_facility> ]; 64 }; // may occur multiple times 65}; 66 67lwres { <unspecified-text> }; // obsolete, may occur multiple times 68 69managed-keys { <string> ( static-key 70 | initial-key | static-ds | 71 initial-ds ) <integer> <integer> 72 <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 73 74masters <string> [ port <integer> ] [ dscp 75 <integer> ] { ( <primaries> | <ipv4_address> 76 [ port <integer> ] | <ipv6_address> [ port 77 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 78 79options { 80 acache-cleaning-interval <integer>; // obsolete 81 acache-enable <boolean>; // obsolete 82 additional-from-auth <boolean>; // obsolete 83 additional-from-cache <boolean>; // obsolete 84 allow-new-zones <boolean>; 85 allow-notify { <address_match_element>; ... }; 86 allow-query { <address_match_element>; ... }; 87 allow-query-cache { <address_match_element>; ... }; 88 allow-query-cache-on { <address_match_element>; ... }; 89 allow-query-on { <address_match_element>; ... }; 90 allow-recursion { <address_match_element>; ... }; 91 allow-recursion-on { <address_match_element>; ... }; 92 allow-transfer { <address_match_element>; ... }; 93 allow-update { <address_match_element>; ... }; 94 allow-update-forwarding { <address_match_element>; ... }; 95 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 96 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 97 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 98 <integer> ] ) [ key <string> ]; ... }; 99 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 100 ] [ dscp <integer> ]; 101 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 102 * ) ] [ dscp <integer> ]; 103 answer-cookie <boolean>; 104 attach-cache <string>; 105 auth-nxdomain <boolean>; // default changed 106 auto-dnssec ( allow | maintain | off ); 107 automatic-interface-scan <boolean>; 108 avoid-v4-udp-ports { <portrange>; ... }; 109 avoid-v6-udp-ports { <portrange>; ... }; 110 bindkeys-file <quoted_string>; 111 blackhole { <address_match_element>; ... }; 112 cache-file <quoted_string>; 113 catalog-zones { zone <string> [ default-masters [ port <integer> ] 114 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port 115 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 116 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 117 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 118 check-dup-records ( fail | warn | ignore ); 119 check-integrity <boolean>; 120 check-mx ( fail | warn | ignore ); 121 check-mx-cname ( fail | warn | ignore ); 122 check-names ( primary | master | 123 secondary | slave | response ) ( 124 fail | warn | ignore ); // may occur multiple times 125 check-sibling <boolean>; 126 check-spf ( warn | ignore ); 127 check-srv-cname ( fail | warn | ignore ); 128 check-wildcard <boolean>; 129 cleaning-interval <integer>; // obsolete 130 clients-per-query <integer>; 131 cookie-algorithm ( aes | siphash24 ); 132 cookie-secret <string>; // may occur multiple times 133 coresize ( default | unlimited | <sizeval> ); 134 datasize ( default | unlimited | <sizeval> ); 135 deallocate-on-exit <boolean>; // ancient 136 deny-answer-addresses { <address_match_element>; ... } [ 137 except-from { <string>; ... } ]; 138 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 139 } ]; 140 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 141 directory <quoted_string>; 142 disable-algorithms <string> { <string>; 143 ... }; // may occur multiple times 144 disable-ds-digests <string> { <string>; 145 ... }; // may occur multiple times 146 disable-empty-zone <string>; // may occur multiple times 147 dns64 <netprefix> { 148 break-dnssec <boolean>; 149 clients { <address_match_element>; ... }; 150 exclude { <address_match_element>; ... }; 151 mapped { <address_match_element>; ... }; 152 recursive-only <boolean>; 153 suffix <ipv6_address>; 154 }; // may occur multiple times 155 dns64-contact <string>; 156 dns64-server <string>; 157 dnskey-sig-validity <integer>; 158 dnsrps-enable <boolean>; // not configured 159 dnsrps-options { <unspecified-text> }; // not configured 160 dnssec-accept-expired <boolean>; 161 dnssec-dnskey-kskonly <boolean>; 162 dnssec-enable <boolean>; // obsolete 163 dnssec-loadkeys-interval <integer>; 164 dnssec-lookaside ( <string> 165 trust-anchor <string> | 166 auto | no ); // obsolete, may occur multiple times 167 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 168 dnssec-policy <string>; 169 dnssec-secure-to-insecure <boolean>; 170 dnssec-update-mode ( maintain | no-resign ); 171 dnssec-validation ( yes | no | auto ); 172 dnstap { ( all | auth | client | forwarder | 173 resolver | update ) [ ( query | response ) ]; 174 ... }; // not configured 175 dnstap-identity ( <quoted_string> | none | 176 hostname ); // not configured 177 dnstap-output ( file | unix ) <quoted_string> [ 178 size ( unlimited | <size> ) ] [ versions ( 179 unlimited | <integer> ) ] [ suffix ( increment 180 | timestamp ) ]; // not configured 181 dnstap-version ( <quoted_string> | none ); // not configured 182 dscp <integer>; 183 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 184 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 185 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 186 <integer> ] [ dscp <integer> ] ); ... }; 187 dump-file <quoted_string>; 188 edns-udp-size <integer>; 189 empty-contact <string>; 190 empty-server <string>; 191 empty-zones-enable <boolean>; 192 fake-iquery <boolean>; // ancient 193 fetch-glue <boolean>; // ancient 194 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 195 fetches-per-server <integer> [ ( drop | fail ) ]; 196 fetches-per-zone <integer> [ ( drop | fail ) ]; 197 files ( default | unlimited | <sizeval> ); 198 filter-aaaa { <address_match_element>; ... }; // obsolete 199 filter-aaaa-on-v4 <boolean>; // obsolete 200 filter-aaaa-on-v6 <boolean>; // obsolete 201 flush-zones-on-shutdown <boolean>; 202 forward ( first | only ); 203 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 204 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 205 fstrm-set-buffer-hint <integer>; // not configured 206 fstrm-set-flush-timeout <integer>; // not configured 207 fstrm-set-input-queue-size <integer>; // not configured 208 fstrm-set-output-notify-threshold <integer>; // not configured 209 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 210 fstrm-set-output-queue-size <integer>; // not configured 211 fstrm-set-reopen-interval <duration>; // not configured 212 geoip-directory ( <quoted_string> | none ); 213 geoip-use-ecs <boolean>; // obsolete 214 glue-cache <boolean>; 215 has-old-clients <boolean>; // ancient 216 heartbeat-interval <integer>; 217 host-statistics <boolean>; // ancient 218 host-statistics-max <integer>; // ancient 219 hostname ( <quoted_string> | none ); 220 inline-signing <boolean>; 221 interface-interval <duration>; 222 ixfr-from-differences ( primary | master | secondary | slave | 223 <boolean> ); 224 keep-response-order { <address_match_element>; ... }; 225 key-directory <quoted_string>; 226 lame-ttl <duration>; 227 listen-on [ port <integer> ] [ dscp 228 <integer> ] { 229 <address_match_element>; ... }; // may occur multiple times 230 listen-on-v6 [ port <integer> ] [ dscp 231 <integer> ] { 232 <address_match_element>; ... }; // may occur multiple times 233 lmdb-mapsize <sizeval>; 234 lock-file ( <quoted_string> | none ); 235 maintain-ixfr-base <boolean>; // ancient 236 managed-keys-directory <quoted_string>; 237 masterfile-format ( map | raw | text ); 238 masterfile-style ( full | relative ); 239 match-mapped-addresses <boolean>; 240 max-acache-size ( unlimited | <sizeval> ); // obsolete 241 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 242 max-cache-ttl <duration>; 243 max-clients-per-query <integer>; 244 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 245 max-ixfr-ratio ( unlimited | <percentage> ); 246 max-journal-size ( default | unlimited | <sizeval> ); 247 max-ncache-ttl <duration>; 248 max-records <integer>; 249 max-recursion-depth <integer>; 250 max-recursion-queries <integer>; 251 max-refresh-time <integer>; 252 max-retry-time <integer>; 253 max-rsa-exponent-size <integer>; 254 max-stale-ttl <duration>; 255 max-transfer-idle-in <integer>; 256 max-transfer-idle-out <integer>; 257 max-transfer-time-in <integer>; 258 max-transfer-time-out <integer>; 259 max-udp-size <integer>; 260 max-zone-ttl ( unlimited | <duration> ); 261 memstatistics <boolean>; 262 memstatistics-file <quoted_string>; 263 message-compression <boolean>; 264 min-cache-ttl <duration>; 265 min-ncache-ttl <duration>; 266 min-refresh-time <integer>; 267 min-retry-time <integer>; 268 min-roots <integer>; // ancient 269 minimal-any <boolean>; 270 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 271 multi-master <boolean>; 272 multiple-cnames <boolean>; // ancient 273 named-xfer <quoted_string>; // ancient 274 new-zones-directory <quoted_string>; 275 no-case-compress { <address_match_element>; ... }; 276 nocookie-udp-size <integer>; 277 nosit-udp-size <integer>; // obsolete 278 notify ( explicit | master-only | primary-only | <boolean> ); 279 notify-delay <integer>; 280 notify-rate <integer>; 281 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 282 dscp <integer> ]; 283 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 284 [ dscp <integer> ]; 285 notify-to-soa <boolean>; 286 nsec3-test-zone <boolean>; // test only 287 nta-lifetime <duration>; 288 nta-recheck <duration>; 289 nxdomain-redirect <string>; 290 pid-file ( <quoted_string> | none ); 291 port <integer>; 292 preferred-glue <string>; 293 prefetch <integer> [ <integer> ]; 294 provide-ixfr <boolean>; 295 qname-minimization ( strict | relaxed | disabled | off ); 296 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 297 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 298 port ( <integer> | * ) ) ) [ dscp <integer> ]; 299 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 300 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 301 port ( <integer> | * ) ) ) [ dscp <integer> ]; 302 querylog <boolean>; 303 queryport-pool-ports <integer>; // obsolete 304 queryport-pool-updateinterval <integer>; // obsolete 305 random-device ( <quoted_string> | none ); 306 rate-limit { 307 all-per-second <integer>; 308 errors-per-second <integer>; 309 exempt-clients { <address_match_element>; ... }; 310 ipv4-prefix-length <integer>; 311 ipv6-prefix-length <integer>; 312 log-only <boolean>; 313 max-table-size <integer>; 314 min-table-size <integer>; 315 nodata-per-second <integer>; 316 nxdomains-per-second <integer>; 317 qps-scale <integer>; 318 referrals-per-second <integer>; 319 responses-per-second <integer>; 320 slip <integer>; 321 window <integer>; 322 }; 323 recursing-file <quoted_string>; 324 recursion <boolean>; 325 recursive-clients <integer>; 326 request-expire <boolean>; 327 request-ixfr <boolean>; 328 request-nsid <boolean>; 329 request-sit <boolean>; // obsolete 330 require-server-cookie <boolean>; 331 reserved-sockets <integer>; 332 resolver-nonbackoff-tries <integer>; 333 resolver-query-timeout <integer>; 334 resolver-retry-interval <integer>; 335 response-padding { <address_match_element>; ... } block-size 336 <integer>; 337 response-policy { zone <string> [ add-soa <boolean> ] [ log 338 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 339 <duration> ] [ policy ( cname | disabled | drop | given | no-op 340 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 341 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 342 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 343 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 344 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 345 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 346 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 347 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 348 dnsrps-options { <unspecified-text> } ]; 349 rfc2308-type1 <boolean>; // ancient 350 root-delegation-only [ exclude { <string>; ... } ]; 351 root-key-sentinel <boolean>; 352 rrset-order { [ class <string> ] [ type <string> ] [ name 353 <quoted_string> ] <string> <string>; ... }; 354 secroots-file <quoted_string>; 355 send-cookie <boolean>; 356 serial-queries <integer>; // ancient 357 serial-query-rate <integer>; 358 serial-update-method ( date | increment | unixtime ); 359 server-id ( <quoted_string> | none | hostname ); 360 servfail-ttl <duration>; 361 session-keyalg <string>; 362 session-keyfile ( <quoted_string> | none ); 363 session-keyname <string>; 364 sig-signing-nodes <integer>; 365 sig-signing-signatures <integer>; 366 sig-signing-type <integer>; 367 sig-validity-interval <integer> [ <integer> ]; 368 sit-secret <string>; // obsolete 369 sortlist { <address_match_element>; ... }; 370 stacksize ( default | unlimited | <sizeval> ); 371 stale-answer-client-timeout ( disabled | off | <integer> ); 372 stale-answer-enable <boolean>; 373 stale-answer-ttl <duration>; 374 stale-cache-enable <boolean>; 375 stale-refresh-time <duration>; 376 startup-notify-rate <integer>; 377 statistics-file <quoted_string>; 378 statistics-interval <integer>; // ancient 379 suppress-initial-notify <boolean>; // not yet implemented 380 synth-from-dnssec <boolean>; 381 tcp-advertised-timeout <integer>; 382 tcp-clients <integer>; 383 tcp-idle-timeout <integer>; 384 tcp-initial-timeout <integer>; 385 tcp-keepalive-timeout <integer>; 386 tcp-listen-queue <integer>; 387 tkey-dhkey <quoted_string> <integer>; 388 tkey-domain <quoted_string>; 389 tkey-gssapi-credential <quoted_string>; 390 tkey-gssapi-keytab <quoted_string>; 391 topology { <address_match_element>; ... }; // ancient 392 transfer-format ( many-answers | one-answer ); 393 transfer-message-size <integer>; 394 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 395 dscp <integer> ]; 396 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 397 ] [ dscp <integer> ]; 398 transfers-in <integer>; 399 transfers-out <integer>; 400 transfers-per-ns <integer>; 401 treat-cr-as-space <boolean>; // ancient 402 trust-anchor-telemetry <boolean>; // experimental 403 try-tcp-refresh <boolean>; 404 update-check-ksk <boolean>; 405 use-alt-transfer-source <boolean>; 406 use-id-pool <boolean>; // ancient 407 use-ixfr <boolean>; // obsolete 408 use-queryport-pool <boolean>; // obsolete 409 use-v4-udp-ports { <portrange>; ... }; 410 use-v6-udp-ports { <portrange>; ... }; 411 v6-bias <integer>; 412 validate-except { <string>; ... }; 413 version ( <quoted_string> | none ); 414 zero-no-soa-ttl <boolean>; 415 zero-no-soa-ttl-cache <boolean>; 416 zone-statistics ( full | terse | none | <boolean> ); 417}; 418 419plugin ( query ) <string> [ { <unspecified-text> 420 } ]; // may occur multiple times 421 422primaries <string> [ port <integer> ] [ dscp 423 <integer> ] { ( <primaries> | <ipv4_address> 424 [ port <integer> ] | <ipv6_address> [ port 425 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 426 427server <netprefix> { 428 bogus <boolean>; 429 edns <boolean>; 430 edns-udp-size <integer>; 431 edns-version <integer>; 432 keys <server_key>; 433 max-udp-size <integer>; 434 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 435 dscp <integer> ]; 436 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 437 [ dscp <integer> ]; 438 padding <integer>; 439 provide-ixfr <boolean>; 440 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 441 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 442 port ( <integer> | * ) ) ) [ dscp <integer> ]; 443 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 444 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 445 port ( <integer> | * ) ) ) [ dscp <integer> ]; 446 request-expire <boolean>; 447 request-ixfr <boolean>; 448 request-nsid <boolean>; 449 request-sit <boolean>; // obsolete 450 send-cookie <boolean>; 451 support-ixfr <boolean>; // obsolete 452 tcp-keepalive <boolean>; 453 tcp-only <boolean>; 454 transfer-format ( many-answers | one-answer ); 455 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 456 dscp <integer> ]; 457 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 458 ] [ dscp <integer> ]; 459 transfers <integer>; 460}; // may occur multiple times 461 462statistics-channels { 463 inet ( <ipv4_address> | <ipv6_address> | 464 * ) [ port ( <integer> | * ) ] [ 465 allow { <address_match_element>; ... 466 } ]; // may occur multiple times 467}; // may occur multiple times 468 469trust-anchors { <string> ( static-key | 470 initial-key | static-ds | initial-ds ) 471 <integer> <integer> <integer> 472 <quoted_string>; ... }; // may occur multiple times 473 474trusted-keys { <string> <integer> 475 <integer> <integer> 476 <quoted_string>; ... }; // may occur multiple times, deprecated 477 478view <string> [ <class> ] { 479 acache-cleaning-interval <integer>; // obsolete 480 acache-enable <boolean>; // obsolete 481 additional-from-auth <boolean>; // obsolete 482 additional-from-cache <boolean>; // obsolete 483 allow-new-zones <boolean>; 484 allow-notify { <address_match_element>; ... }; 485 allow-query { <address_match_element>; ... }; 486 allow-query-cache { <address_match_element>; ... }; 487 allow-query-cache-on { <address_match_element>; ... }; 488 allow-query-on { <address_match_element>; ... }; 489 allow-recursion { <address_match_element>; ... }; 490 allow-recursion-on { <address_match_element>; ... }; 491 allow-transfer { <address_match_element>; ... }; 492 allow-update { <address_match_element>; ... }; 493 allow-update-forwarding { <address_match_element>; ... }; 494 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 495 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 496 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 497 <integer> ] ) [ key <string> ]; ... }; 498 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 499 ] [ dscp <integer> ]; 500 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 501 * ) ] [ dscp <integer> ]; 502 attach-cache <string>; 503 auth-nxdomain <boolean>; // default changed 504 auto-dnssec ( allow | maintain | off ); 505 cache-file <quoted_string>; 506 catalog-zones { zone <string> [ default-masters [ port <integer> ] 507 [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port 508 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 509 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 510 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 511 check-dup-records ( fail | warn | ignore ); 512 check-integrity <boolean>; 513 check-mx ( fail | warn | ignore ); 514 check-mx-cname ( fail | warn | ignore ); 515 check-names ( primary | master | 516 secondary | slave | response ) ( 517 fail | warn | ignore ); // may occur multiple times 518 check-sibling <boolean>; 519 check-spf ( warn | ignore ); 520 check-srv-cname ( fail | warn | ignore ); 521 check-wildcard <boolean>; 522 cleaning-interval <integer>; // obsolete 523 clients-per-query <integer>; 524 deny-answer-addresses { <address_match_element>; ... } [ 525 except-from { <string>; ... } ]; 526 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 527 } ]; 528 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 529 disable-algorithms <string> { <string>; 530 ... }; // may occur multiple times 531 disable-ds-digests <string> { <string>; 532 ... }; // may occur multiple times 533 disable-empty-zone <string>; // may occur multiple times 534 dlz <string> { 535 database <string>; 536 search <boolean>; 537 }; // may occur multiple times 538 dns64 <netprefix> { 539 break-dnssec <boolean>; 540 clients { <address_match_element>; ... }; 541 exclude { <address_match_element>; ... }; 542 mapped { <address_match_element>; ... }; 543 recursive-only <boolean>; 544 suffix <ipv6_address>; 545 }; // may occur multiple times 546 dns64-contact <string>; 547 dns64-server <string>; 548 dnskey-sig-validity <integer>; 549 dnsrps-enable <boolean>; // not configured 550 dnsrps-options { <unspecified-text> }; // not configured 551 dnssec-accept-expired <boolean>; 552 dnssec-dnskey-kskonly <boolean>; 553 dnssec-enable <boolean>; // obsolete 554 dnssec-loadkeys-interval <integer>; 555 dnssec-lookaside ( <string> 556 trust-anchor <string> | 557 auto | no ); // obsolete, may occur multiple times 558 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 559 dnssec-policy <string>; 560 dnssec-secure-to-insecure <boolean>; 561 dnssec-update-mode ( maintain | no-resign ); 562 dnssec-validation ( yes | no | auto ); 563 dnstap { ( all | auth | client | forwarder | 564 resolver | update ) [ ( query | response ) ]; 565 ... }; // not configured 566 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 567 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 568 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 569 <integer> ] [ dscp <integer> ] ); ... }; 570 dyndb <string> <quoted_string> { 571 <unspecified-text> }; // may occur multiple times 572 edns-udp-size <integer>; 573 empty-contact <string>; 574 empty-server <string>; 575 empty-zones-enable <boolean>; 576 fetch-glue <boolean>; // ancient 577 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 578 fetches-per-server <integer> [ ( drop | fail ) ]; 579 fetches-per-zone <integer> [ ( drop | fail ) ]; 580 filter-aaaa { <address_match_element>; ... }; // obsolete 581 filter-aaaa-on-v4 <boolean>; // obsolete 582 filter-aaaa-on-v6 <boolean>; // obsolete 583 forward ( first | only ); 584 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 585 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 586 glue-cache <boolean>; 587 inline-signing <boolean>; 588 ixfr-from-differences ( primary | master | secondary | slave | 589 <boolean> ); 590 key <string> { 591 algorithm <string>; 592 secret <string>; 593 }; // may occur multiple times 594 key-directory <quoted_string>; 595 lame-ttl <duration>; 596 lmdb-mapsize <sizeval>; 597 maintain-ixfr-base <boolean>; // ancient 598 managed-keys { <string> ( 599 static-key | initial-key 600 | static-ds | initial-ds 601 ) <integer> <integer> 602 <integer> 603 <quoted_string>; ... }; // may occur multiple times, deprecated 604 masterfile-format ( map | raw | text ); 605 masterfile-style ( full | relative ); 606 match-clients { <address_match_element>; ... }; 607 match-destinations { <address_match_element>; ... }; 608 match-recursive-only <boolean>; 609 max-acache-size ( unlimited | <sizeval> ); // obsolete 610 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 611 max-cache-ttl <duration>; 612 max-clients-per-query <integer>; 613 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 614 max-ixfr-ratio ( unlimited | <percentage> ); 615 max-journal-size ( default | unlimited | <sizeval> ); 616 max-ncache-ttl <duration>; 617 max-records <integer>; 618 max-recursion-depth <integer>; 619 max-recursion-queries <integer>; 620 max-refresh-time <integer>; 621 max-retry-time <integer>; 622 max-stale-ttl <duration>; 623 max-transfer-idle-in <integer>; 624 max-transfer-idle-out <integer>; 625 max-transfer-time-in <integer>; 626 max-transfer-time-out <integer>; 627 max-udp-size <integer>; 628 max-zone-ttl ( unlimited | <duration> ); 629 message-compression <boolean>; 630 min-cache-ttl <duration>; 631 min-ncache-ttl <duration>; 632 min-refresh-time <integer>; 633 min-retry-time <integer>; 634 min-roots <integer>; // ancient 635 minimal-any <boolean>; 636 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 637 multi-master <boolean>; 638 new-zones-directory <quoted_string>; 639 no-case-compress { <address_match_element>; ... }; 640 nocookie-udp-size <integer>; 641 nosit-udp-size <integer>; // obsolete 642 notify ( explicit | master-only | primary-only | <boolean> ); 643 notify-delay <integer>; 644 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 645 dscp <integer> ]; 646 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 647 [ dscp <integer> ]; 648 notify-to-soa <boolean>; 649 nsec3-test-zone <boolean>; // test only 650 nta-lifetime <duration>; 651 nta-recheck <duration>; 652 nxdomain-redirect <string>; 653 plugin ( query ) <string> [ { 654 <unspecified-text> } ]; // may occur multiple times 655 preferred-glue <string>; 656 prefetch <integer> [ <integer> ]; 657 provide-ixfr <boolean>; 658 qname-minimization ( strict | relaxed | disabled | off ); 659 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 660 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 661 port ( <integer> | * ) ) ) [ dscp <integer> ]; 662 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 663 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 664 port ( <integer> | * ) ) ) [ dscp <integer> ]; 665 queryport-pool-ports <integer>; // obsolete 666 queryport-pool-updateinterval <integer>; // obsolete 667 rate-limit { 668 all-per-second <integer>; 669 errors-per-second <integer>; 670 exempt-clients { <address_match_element>; ... }; 671 ipv4-prefix-length <integer>; 672 ipv6-prefix-length <integer>; 673 log-only <boolean>; 674 max-table-size <integer>; 675 min-table-size <integer>; 676 nodata-per-second <integer>; 677 nxdomains-per-second <integer>; 678 qps-scale <integer>; 679 referrals-per-second <integer>; 680 responses-per-second <integer>; 681 slip <integer>; 682 window <integer>; 683 }; 684 recursion <boolean>; 685 request-expire <boolean>; 686 request-ixfr <boolean>; 687 request-nsid <boolean>; 688 request-sit <boolean>; // obsolete 689 require-server-cookie <boolean>; 690 resolver-nonbackoff-tries <integer>; 691 resolver-query-timeout <integer>; 692 resolver-retry-interval <integer>; 693 response-padding { <address_match_element>; ... } block-size 694 <integer>; 695 response-policy { zone <string> [ add-soa <boolean> ] [ log 696 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 697 <duration> ] [ policy ( cname | disabled | drop | given | no-op 698 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 699 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 700 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 701 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 702 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 703 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 704 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 705 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 706 dnsrps-options { <unspecified-text> } ]; 707 rfc2308-type1 <boolean>; // ancient 708 root-delegation-only [ exclude { <string>; ... } ]; 709 root-key-sentinel <boolean>; 710 rrset-order { [ class <string> ] [ type <string> ] [ name 711 <quoted_string> ] <string> <string>; ... }; 712 send-cookie <boolean>; 713 serial-update-method ( date | increment | unixtime ); 714 server <netprefix> { 715 bogus <boolean>; 716 edns <boolean>; 717 edns-udp-size <integer>; 718 edns-version <integer>; 719 keys <server_key>; 720 max-udp-size <integer>; 721 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 722 ) ] [ dscp <integer> ]; 723 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 724 | * ) ] [ dscp <integer> ]; 725 padding <integer>; 726 provide-ixfr <boolean>; 727 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 728 ( <integer> | * ) ] ) | ( [ [ address ] ( 729 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 730 dscp <integer> ]; 731 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 732 port ( <integer> | * ) ] ) | ( [ [ address ] ( 733 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 734 dscp <integer> ]; 735 request-expire <boolean>; 736 request-ixfr <boolean>; 737 request-nsid <boolean>; 738 request-sit <boolean>; // obsolete 739 send-cookie <boolean>; 740 support-ixfr <boolean>; // obsolete 741 tcp-keepalive <boolean>; 742 tcp-only <boolean>; 743 transfer-format ( many-answers | one-answer ); 744 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 745 * ) ] [ dscp <integer> ]; 746 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 747 <integer> | * ) ] [ dscp <integer> ]; 748 transfers <integer>; 749 }; // may occur multiple times 750 servfail-ttl <duration>; 751 sig-signing-nodes <integer>; 752 sig-signing-signatures <integer>; 753 sig-signing-type <integer>; 754 sig-validity-interval <integer> [ <integer> ]; 755 sortlist { <address_match_element>; ... }; 756 stale-answer-client-timeout ( disabled | off | <integer> ); 757 stale-answer-enable <boolean>; 758 stale-answer-ttl <duration>; 759 stale-cache-enable <boolean>; 760 stale-refresh-time <duration>; 761 suppress-initial-notify <boolean>; // not yet implemented 762 synth-from-dnssec <boolean>; 763 topology { <address_match_element>; ... }; // ancient 764 transfer-format ( many-answers | one-answer ); 765 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 766 dscp <integer> ]; 767 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 768 ] [ dscp <integer> ]; 769 trust-anchor-telemetry <boolean>; // experimental 770 trust-anchors { <string> ( static-key | 771 initial-key | static-ds | initial-ds 772 ) <integer> <integer> <integer> 773 <quoted_string>; ... }; // may occur multiple times 774 trusted-keys { <string> 775 <integer> <integer> 776 <integer> 777 <quoted_string>; ... }; // may occur multiple times, deprecated 778 try-tcp-refresh <boolean>; 779 update-check-ksk <boolean>; 780 use-alt-transfer-source <boolean>; 781 use-queryport-pool <boolean>; // obsolete 782 v6-bias <integer>; 783 validate-except { <string>; ... }; 784 zero-no-soa-ttl <boolean>; 785 zero-no-soa-ttl-cache <boolean>; 786 zone <string> [ <class> ] { 787 allow-notify { <address_match_element>; ... }; 788 allow-query { <address_match_element>; ... }; 789 allow-query-on { <address_match_element>; ... }; 790 allow-transfer { <address_match_element>; ... }; 791 allow-update { <address_match_element>; ... }; 792 allow-update-forwarding { <address_match_element>; ... }; 793 also-notify [ port <integer> ] [ dscp <integer> ] { ( 794 <primaries> | <ipv4_address> [ port <integer> ] | 795 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 796 ... }; 797 alt-transfer-source ( <ipv4_address> | * ) [ port ( 798 <integer> | * ) ] [ dscp <integer> ]; 799 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 800 <integer> | * ) ] [ dscp <integer> ]; 801 auto-dnssec ( allow | maintain | off ); 802 check-dup-records ( fail | warn | ignore ); 803 check-integrity <boolean>; 804 check-mx ( fail | warn | ignore ); 805 check-mx-cname ( fail | warn | ignore ); 806 check-names ( fail | warn | ignore ); 807 check-sibling <boolean>; 808 check-spf ( warn | ignore ); 809 check-srv-cname ( fail | warn | ignore ); 810 check-wildcard <boolean>; 811 database <string>; 812 delegation-only <boolean>; 813 dialup ( notify | notify-passive | passive | refresh | 814 <boolean> ); 815 dlz <string>; 816 dnskey-sig-validity <integer>; 817 dnssec-dnskey-kskonly <boolean>; 818 dnssec-loadkeys-interval <integer>; 819 dnssec-policy <string>; 820 dnssec-secure-to-insecure <boolean>; 821 dnssec-update-mode ( maintain | no-resign ); 822 file <quoted_string>; 823 forward ( first | only ); 824 forwarders [ port <integer> ] [ dscp <integer> ] { ( 825 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 826 dscp <integer> ]; ... }; 827 in-view <string>; 828 inline-signing <boolean>; 829 ixfr-base <quoted_string>; // ancient 830 ixfr-from-differences <boolean>; 831 ixfr-tmp-file <quoted_string>; // ancient 832 journal <quoted_string>; 833 key-directory <quoted_string>; 834 maintain-ixfr-base <boolean>; // ancient 835 masterfile-format ( map | raw | text ); 836 masterfile-style ( full | relative ); 837 masters [ port <integer> ] [ dscp <integer> ] { ( 838 <primaries> | <ipv4_address> [ port <integer> ] | 839 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 840 ... }; 841 max-ixfr-log-size ( default | unlimited | 842 <sizeval> ); // ancient 843 max-ixfr-ratio ( unlimited | <percentage> ); 844 max-journal-size ( default | unlimited | <sizeval> ); 845 max-records <integer>; 846 max-refresh-time <integer>; 847 max-retry-time <integer>; 848 max-transfer-idle-in <integer>; 849 max-transfer-idle-out <integer>; 850 max-transfer-time-in <integer>; 851 max-transfer-time-out <integer>; 852 max-zone-ttl ( unlimited | <duration> ); 853 min-refresh-time <integer>; 854 min-retry-time <integer>; 855 multi-master <boolean>; 856 notify ( explicit | master-only | primary-only | <boolean> ); 857 notify-delay <integer>; 858 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 859 ) ] [ dscp <integer> ]; 860 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 861 | * ) ] [ dscp <integer> ]; 862 notify-to-soa <boolean>; 863 nsec3-test-zone <boolean>; // test only 864 primaries [ port <integer> ] [ dscp <integer> ] { ( 865 <primaries> | <ipv4_address> [ port <integer> ] | 866 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 867 ... }; 868 pubkey <integer> <integer> <integer> 869 <quoted_string>; // ancient 870 request-expire <boolean>; 871 request-ixfr <boolean>; 872 serial-update-method ( date | increment | unixtime ); 873 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 874 server-names { <string>; ... }; 875 sig-signing-nodes <integer>; 876 sig-signing-signatures <integer>; 877 sig-signing-type <integer>; 878 sig-validity-interval <integer> [ <integer> ]; 879 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 880 * ) ] [ dscp <integer> ]; 881 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 882 <integer> | * ) ] [ dscp <integer> ]; 883 try-tcp-refresh <boolean>; 884 type ( primary | master | secondary | slave | mirror | 885 delegation-only | forward | hint | redirect | 886 static-stub | stub ); 887 update-check-ksk <boolean>; 888 update-policy ( local | { ( deny | grant ) <string> ( 889 6to4-self | external | krb5-self | krb5-selfsub | 890 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 891 name | self | selfsub | selfwild | subdomain | tcp-self 892 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 893 use-alt-transfer-source <boolean>; 894 zero-no-soa-ttl <boolean>; 895 zone-statistics ( full | terse | none | <boolean> ); 896 }; // may occur multiple times 897 zone-statistics ( full | terse | none | <boolean> ); 898}; // may occur multiple times 899 900zone <string> [ <class> ] { 901 allow-notify { <address_match_element>; ... }; 902 allow-query { <address_match_element>; ... }; 903 allow-query-on { <address_match_element>; ... }; 904 allow-transfer { <address_match_element>; ... }; 905 allow-update { <address_match_element>; ... }; 906 allow-update-forwarding { <address_match_element>; ... }; 907 also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 908 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 909 <integer> ] ) [ key <string> ]; ... }; 910 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 911 ] [ dscp <integer> ]; 912 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 913 * ) ] [ dscp <integer> ]; 914 auto-dnssec ( allow | maintain | off ); 915 check-dup-records ( fail | warn | ignore ); 916 check-integrity <boolean>; 917 check-mx ( fail | warn | ignore ); 918 check-mx-cname ( fail | warn | ignore ); 919 check-names ( fail | warn | ignore ); 920 check-sibling <boolean>; 921 check-spf ( warn | ignore ); 922 check-srv-cname ( fail | warn | ignore ); 923 check-wildcard <boolean>; 924 database <string>; 925 delegation-only <boolean>; 926 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 927 dlz <string>; 928 dnskey-sig-validity <integer>; 929 dnssec-dnskey-kskonly <boolean>; 930 dnssec-loadkeys-interval <integer>; 931 dnssec-policy <string>; 932 dnssec-secure-to-insecure <boolean>; 933 dnssec-update-mode ( maintain | no-resign ); 934 file <quoted_string>; 935 forward ( first | only ); 936 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 937 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 938 in-view <string>; 939 inline-signing <boolean>; 940 ixfr-base <quoted_string>; // ancient 941 ixfr-from-differences <boolean>; 942 ixfr-tmp-file <quoted_string>; // ancient 943 journal <quoted_string>; 944 key-directory <quoted_string>; 945 maintain-ixfr-base <boolean>; // ancient 946 masterfile-format ( map | raw | text ); 947 masterfile-style ( full | relative ); 948 masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 949 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 950 <integer> ] ) [ key <string> ]; ... }; 951 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 952 max-ixfr-ratio ( unlimited | <percentage> ); 953 max-journal-size ( default | unlimited | <sizeval> ); 954 max-records <integer>; 955 max-refresh-time <integer>; 956 max-retry-time <integer>; 957 max-transfer-idle-in <integer>; 958 max-transfer-idle-out <integer>; 959 max-transfer-time-in <integer>; 960 max-transfer-time-out <integer>; 961 max-zone-ttl ( unlimited | <duration> ); 962 min-refresh-time <integer>; 963 min-retry-time <integer>; 964 multi-master <boolean>; 965 notify ( explicit | master-only | primary-only | <boolean> ); 966 notify-delay <integer>; 967 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 968 dscp <integer> ]; 969 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 970 [ dscp <integer> ]; 971 notify-to-soa <boolean>; 972 nsec3-test-zone <boolean>; // test only 973 primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> | 974 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 975 <integer> ] ) [ key <string> ]; ... }; 976 pubkey <integer> <integer> <integer> <quoted_string>; // ancient 977 request-expire <boolean>; 978 request-ixfr <boolean>; 979 serial-update-method ( date | increment | unixtime ); 980 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 981 server-names { <string>; ... }; 982 sig-signing-nodes <integer>; 983 sig-signing-signatures <integer>; 984 sig-signing-type <integer>; 985 sig-validity-interval <integer> [ <integer> ]; 986 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 987 dscp <integer> ]; 988 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 989 ] [ dscp <integer> ]; 990 try-tcp-refresh <boolean>; 991 type ( primary | master | secondary | slave | mirror | 992 delegation-only | forward | hint | redirect | static-stub | 993 stub ); 994 update-check-ksk <boolean>; 995 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 996 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 997 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 998 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 999 <rrtypelist>; ... }; 1000 use-alt-transfer-source <boolean>; 1001 zero-no-soa-ttl <boolean>; 1002 zone-statistics ( full | terse | none | <boolean> ); 1003}; // may occur multiple times 1004 1005