"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/doc/misc/options" (7 Sep 2020, 41880 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "options": 9.17.4_vs_9.17.5.

    1 
    2 This is a summary of the named.conf options supported by 
    3 this version of BIND 9.
    4 
    5 acl <string> { <address_match_element>; ... }; // may occur multiple times
    6 
    7 controls {
    8         inet ( <ipv4_address> | <ipv6_address> |
    9             * ) [ port ( <integer> | * ) ] allow
   10             { <address_match_element>; ... } [
   11             keys { <string>; ... } ] [ read-only
   12             <boolean> ]; // may occur multiple times
   13         unix <quoted_string> perm <integer>
   14             owner <integer> group <integer> [
   15             keys { <string>; ... } ] [ read-only
   16             <boolean> ]; // may occur multiple times
   17 }; // may occur multiple times
   18 
   19 dlz <string> {
   20         database <string>;
   21         search <boolean>;
   22 }; // may occur multiple times
   23 
   24 dyndb <string> <quoted_string> {
   25     <unspecified-text> }; // may occur multiple times
   26 
   27 key <string> {
   28         algorithm <string>;
   29         secret <string>;
   30 }; // may occur multiple times
   31 
   32 logging {
   33         category <string> { <string>; ... }; // may occur multiple times
   34         channel <string> {
   35                 buffered <boolean>;
   36                 file <quoted_string> [ versions ( "unlimited" | <integer> )
   37                     ] [ size <size> ];
   38                 null;
   39                 print-category <boolean>;
   40                 print-severity <boolean>;
   41                 print-time <boolean>;
   42                 severity <log_severity>;
   43                 stderr;
   44                 syslog [ <syslog_facility> ];
   45         }; // may occur multiple times
   46 };
   47 
   48 lwres {
   49         listen-on [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
   50             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
   51         lwres-clients <integer>;
   52         lwres-tasks <integer>;
   53         ndots <integer>;
   54         search { <string>; ... };
   55         view <string> [ <class> ];
   56 }; // may occur multiple times
   57 
   58 managed-keys { <string> <string> <integer>
   59     <integer> <integer> <quoted_string>; ... }; // may occur multiple times
   60 
   61 masters <string> [ port <integer> ] [ dscp
   62     <integer> ] { ( <masters> | <ipv4_address> [
   63     port <integer> ] | <ipv6_address> [ port
   64     <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
   65 
   66 options {
   67         acache-cleaning-interval <integer>;
   68         acache-enable <boolean>;
   69         additional-from-auth <boolean>;
   70         additional-from-cache <boolean>;
   71         allow-new-zones <boolean>;
   72         allow-notify { <address_match_element>; ... };
   73         allow-query { <address_match_element>; ... };
   74         allow-query-cache { <address_match_element>; ... };
   75         allow-query-cache-on { <address_match_element>; ... };
   76         allow-query-on { <address_match_element>; ... };
   77         allow-recursion { <address_match_element>; ... };
   78         allow-recursion-on { <address_match_element>; ... };
   79         allow-transfer { <address_match_element>; ... };
   80         allow-update { <address_match_element>; ... };
   81         allow-update-forwarding { <address_match_element>; ... };
   82         allow-v6-synthesis { <address_match_element>; ... }; // obsolete
   83         also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
   84             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
   85             <integer> ] ) [ key <string> ]; ... };
   86         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
   87             ] [ dscp <integer> ];
   88         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
   89             * ) ] [ dscp <integer> ];
   90         answer-cookie <boolean>;
   91         attach-cache <string>;
   92         auth-nxdomain <boolean>; // default changed
   93         auto-dnssec ( allow | maintain | off );
   94         automatic-interface-scan <boolean>;
   95         avoid-v4-udp-ports { <portrange>; ... };
   96         avoid-v6-udp-ports { <portrange>; ... };
   97         bindkeys-file <quoted_string>;
   98         blackhole { <address_match_element>; ... };
   99         cache-file <quoted_string>;
  100         catalog-zones { zone <string> [ default-masters [ port <integer> ]
  101             [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port
  102             <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
  103             <string> ]; ... } ] [ zone-directory <quoted_string> ] [
  104             in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
  105         check-dup-records ( fail | warn | ignore );
  106         check-integrity <boolean>;
  107         check-mx ( fail | warn | ignore );
  108         check-mx-cname ( fail | warn | ignore );
  109         check-names ( master | slave | response
  110             ) ( fail | warn | ignore ); // may occur multiple times
  111         check-sibling <boolean>;
  112         check-spf ( warn | ignore );
  113         check-srv-cname ( fail | warn | ignore );
  114         check-wildcard <boolean>;
  115         cleaning-interval <integer>;
  116         clients-per-query <integer>;
  117         cookie-algorithm ( aes | sha1 | sha256 | siphash24 );
  118         cookie-secret <string>; // may occur multiple times
  119         coresize ( default | unlimited | <sizeval> );
  120         datasize ( default | unlimited | <sizeval> );
  121         deallocate-on-exit <boolean>; // obsolete
  122         deny-answer-addresses { <address_match_element>; ... } [
  123             except-from { <quoted_string>; ... } ];
  124         deny-answer-aliases { <quoted_string>; ... } [ except-from {
  125             <quoted_string>; ... } ];
  126         dialup ( notify | notify-passive | passive | refresh | <boolean> );
  127         directory <quoted_string>;
  128         disable-algorithms <string> { <string>;
  129             ... }; // may occur multiple times
  130         disable-ds-digests <string> { <string>;
  131             ... }; // may occur multiple times
  132         disable-empty-zone <string>; // may occur multiple times
  133         dns64 <netprefix> {
  134                 break-dnssec <boolean>;
  135                 clients { <address_match_element>; ... };
  136                 exclude { <address_match_element>; ... };
  137                 mapped { <address_match_element>; ... };
  138                 recursive-only <boolean>;
  139                 suffix <ipv6_address>;
  140         }; // may occur multiple times
  141         dns64-contact <string>;
  142         dns64-server <string>;
  143         dnssec-accept-expired <boolean>;
  144         dnssec-dnskey-kskonly <boolean>;
  145         dnssec-enable <boolean>;
  146         dnssec-loadkeys-interval <integer>;
  147         dnssec-lookaside ( <string> trust-anchor
  148             <string> | auto | no ); // may occur multiple times
  149         dnssec-must-be-secure <string> <boolean>; // may occur multiple times
  150         dnssec-secure-to-insecure <boolean>;
  151         dnssec-update-mode ( maintain | no-resign );
  152         dnssec-validation ( yes | no | auto );
  153         dnstap { ( all | auth | client | forwarder |
  154             resolver ) [ ( query | response ) ]; ... }; // not configured
  155         dnstap-identity ( <quoted_string> | none |
  156             hostname ); // not configured
  157         dnstap-output ( file | unix ) <quoted_string>; // not configured
  158         dnstap-version ( <quoted_string> | none ); // not configured
  159         dscp <integer>;
  160         dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
  161             <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
  162             <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
  163             <integer> ] [ dscp <integer> ] ); ... };
  164         dump-file <quoted_string>;
  165         edns-udp-size <integer>;
  166         empty-contact <string>;
  167         empty-server <string>;
  168         empty-zones-enable <boolean>;
  169         fake-iquery <boolean>; // obsolete
  170         fetch-glue <boolean>; // obsolete
  171         fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
  172         fetches-per-server <integer> [ ( drop | fail ) ];
  173         fetches-per-zone <integer> [ ( drop | fail ) ];
  174         files ( default | unlimited | <sizeval> );
  175         filter-aaaa { <address_match_element>; ... }; // not configured
  176         filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
  177         filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
  178         flush-zones-on-shutdown <boolean>;
  179         forward ( first | only );
  180         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
  181             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
  182         fstrm-set-buffer-hint <integer>; // not configured
  183         fstrm-set-flush-timeout <integer>; // not configured
  184         fstrm-set-input-queue-size <integer>; // not configured
  185         fstrm-set-output-notify-threshold <integer>; // not configured
  186         fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
  187         fstrm-set-output-queue-size <integer>; // not configured
  188         fstrm-set-reopen-interval <integer>; // not configured
  189         geoip-directory ( <quoted_string> | none ); // not configured
  190         geoip-use-ecs <boolean>; // not configured
  191         has-old-clients <boolean>; // obsolete
  192         heartbeat-interval <integer>;
  193         host-statistics <boolean>; // not implemented
  194         host-statistics-max <integer>; // not implemented
  195         hostname ( <quoted_string> | none );
  196         inline-signing <boolean>;
  197         interface-interval <integer>;
  198         ixfr-from-differences ( master | slave | <boolean> );
  199         keep-response-order { <address_match_element>; ... };
  200         key-directory <quoted_string>;
  201         lame-ttl <ttlval>;
  202         listen-on [ port <integer> ] [ dscp
  203             <integer> ] {
  204             <address_match_element>; ... }; // may occur multiple times
  205         listen-on-v6 [ port <integer> ] [ dscp
  206             <integer> ] {
  207             <address_match_element>; ... }; // may occur multiple times
  208         lmdb-mapsize <sizeval>; // non-operational
  209         lock-file ( <quoted_string> | none );
  210         maintain-ixfr-base <boolean>; // obsolete
  211         managed-keys-directory <quoted_string>;
  212         masterfile-format ( map | raw | text );
  213         masterfile-style ( full | relative );
  214         match-mapped-addresses <boolean>;
  215         max-acache-size ( unlimited | <sizeval> );
  216         max-cache-size ( default | unlimited | <sizeval> | <percentage> );
  217         max-cache-ttl <integer>;
  218         max-clients-per-query <integer>;
  219         max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
  220         max-journal-size ( unlimited | <sizeval> );
  221         max-ncache-ttl <integer>;
  222         max-records <integer>;
  223         max-recursion-depth <integer>;
  224         max-recursion-queries <integer>;
  225         max-refresh-time <integer>;
  226         max-retry-time <integer>;
  227         max-rsa-exponent-size <integer>;
  228         max-transfer-idle-in <integer>;
  229         max-transfer-idle-out <integer>;
  230         max-transfer-time-in <integer>;
  231         max-transfer-time-out <integer>;
  232         max-udp-size <integer>;
  233         max-zone-ttl ( unlimited | <ttlval> );
  234         memstatistics <boolean>;
  235         memstatistics-file <quoted_string>;
  236         message-compression <boolean>;
  237         min-refresh-time <integer>;
  238         min-retry-time <integer>;
  239         min-roots <integer>; // not implemented
  240         minimal-any <boolean>;
  241         minimal-responses ( no-auth | no-auth-recursive | <boolean> );
  242         multi-master <boolean>;
  243         multiple-cnames <boolean>; // obsolete
  244         named-xfer <quoted_string>; // obsolete
  245         no-case-compress { <address_match_element>; ... };
  246         nocookie-udp-size <integer>;
  247         nosit-udp-size <integer>; // obsolete
  248         notify ( explicit | master-only | <boolean> );
  249         notify-delay <integer>;
  250         notify-rate <integer>;
  251         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  252             dscp <integer> ];
  253         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  254             [ dscp <integer> ];
  255         notify-to-soa <boolean>;
  256         nsec3-test-zone <boolean>; // test only
  257         nta-lifetime <ttlval>;
  258         nta-recheck <ttlval>;
  259         nxdomain-redirect <string>;
  260         pid-file ( <quoted_string> | none );
  261         port <integer>;
  262         preferred-glue <string>;
  263         prefetch <integer> [ <integer> ];
  264         provide-ixfr <boolean>;
  265         query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
  266             <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
  267             port ( <integer> | * ) ) ) [ dscp <integer> ];
  268         query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
  269             <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
  270             port ( <integer> | * ) ) ) [ dscp <integer> ];
  271         querylog <boolean>;
  272         queryport-pool-ports <integer>; // obsolete
  273         queryport-pool-updateinterval <integer>; // obsolete
  274         random-device <quoted_string>;
  275         rate-limit {
  276                 all-per-second <integer>;
  277                 errors-per-second <integer>;
  278                 exempt-clients { <address_match_element>; ... };
  279                 ipv4-prefix-length <integer>;
  280                 ipv6-prefix-length <integer>;
  281                 log-only <boolean>;
  282                 max-table-size <integer>;
  283                 min-table-size <integer>;
  284                 nodata-per-second <integer>;
  285                 nxdomains-per-second <integer>;
  286                 qps-scale <integer>;
  287                 referrals-per-second <integer>;
  288                 responses-per-second <integer>;
  289                 slip <integer>;
  290                 window <integer>;
  291         };
  292         recursing-file <quoted_string>;
  293         recursion <boolean>;
  294         recursive-clients <integer>;
  295         request-expire <boolean>;
  296         request-ixfr <boolean>;
  297         request-nsid <boolean>;
  298         request-sit <boolean>; // obsolete
  299         require-server-cookie <boolean>;
  300         reserved-sockets <integer>;
  301         resolver-query-timeout <integer>;
  302         response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl
  303             <integer> ] [ policy ( cname | disabled | drop | given | no-op
  304             | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
  305             recursive-only <boolean> ]; ... } [ break-dnssec <boolean> ] [
  306             max-policy-ttl <integer> ] [ min-ns-dots <integer> ] [
  307             nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
  308             [ recursive-only <boolean> ];
  309         rfc2308-type1 <boolean>; // not yet implemented
  310         root-delegation-only [ exclude { <quoted_string>; ... } ];
  311         root-key-sentinel <boolean>;
  312         rrset-order { [ class <string> ] [ type <string> ] [ name
  313             <quoted_string> ] <string> <string>; ... };
  314         secroots-file <quoted_string>;
  315         send-cookie <boolean>;
  316         serial-queries <integer>; // obsolete
  317         serial-query-rate <integer>;
  318         serial-update-method ( date | increment | unixtime );
  319         server-id ( <quoted_string> | none | hostname );
  320         servfail-ttl <ttlval>;
  321         session-keyalg <string>;
  322         session-keyfile ( <quoted_string> | none );
  323         session-keyname <string>;
  324         sig-signing-nodes <integer>;
  325         sig-signing-signatures <integer>;
  326         sig-signing-type <integer>;
  327         sig-validity-interval <integer> [ <integer> ];
  328         sit-secret <string>; // obsolete
  329         sortlist { <address_match_element>; ... };
  330         stacksize ( default | unlimited | <sizeval> );
  331         startup-notify-rate <integer>;
  332         statistics-file <quoted_string>;
  333         statistics-interval <integer>; // not yet implemented
  334         suppress-initial-notify <boolean>; // not yet implemented
  335         tcp-clients <integer>;
  336         tcp-listen-queue <integer>;
  337         tkey-dhkey <quoted_string> <integer>;
  338         tkey-domain <quoted_string>;
  339         tkey-gssapi-credential <quoted_string>;
  340         tkey-gssapi-keytab <quoted_string>;
  341         topology { <address_match_element>; ... }; // not implemented
  342         transfer-format ( many-answers | one-answer );
  343         transfer-message-size <integer>;
  344         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  345             dscp <integer> ];
  346         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  347             ] [ dscp <integer> ];
  348         transfers-in <integer>;
  349         transfers-out <integer>;
  350         transfers-per-ns <integer>;
  351         treat-cr-as-space <boolean>; // obsolete
  352         trust-anchor-telemetry <boolean>; // experimental
  353         try-tcp-refresh <boolean>;
  354         update-check-ksk <boolean>;
  355         use-alt-transfer-source <boolean>;
  356         use-id-pool <boolean>; // obsolete
  357         use-ixfr <boolean>; // obsolete
  358         use-queryport-pool <boolean>; // obsolete
  359         use-v4-udp-ports { <portrange>; ... };
  360         use-v6-udp-ports { <portrange>; ... };
  361         v6-bias <integer>;
  362         version ( <quoted_string> | none );
  363         zero-no-soa-ttl <boolean>;
  364         zero-no-soa-ttl-cache <boolean>;
  365         zone-statistics ( full | terse | none | <boolean> );
  366 };
  367 
  368 server <netprefix> {
  369         bogus <boolean>;
  370         edns <boolean>;
  371         edns-udp-size <integer>;
  372         edns-version <integer>;
  373         keys <server_key>;
  374         max-udp-size <integer>;
  375         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  376             dscp <integer> ];
  377         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  378             [ dscp <integer> ];
  379         provide-ixfr <boolean>;
  380         query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
  381             <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
  382             port ( <integer> | * ) ) ) [ dscp <integer> ];
  383         query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
  384             <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
  385             port ( <integer> | * ) ) ) [ dscp <integer> ];
  386         request-expire <boolean>;
  387         request-ixfr <boolean>;
  388         request-nsid <boolean>;
  389         request-sit <boolean>; // obsolete
  390         send-cookie <boolean>;
  391         support-ixfr <boolean>; // obsolete
  392         tcp-only <boolean>;
  393         transfer-format ( many-answers | one-answer );
  394         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  395             dscp <integer> ];
  396         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  397             ] [ dscp <integer> ];
  398         transfers <integer>;
  399 }; // may occur multiple times
  400 
  401 statistics-channels {
  402         inet ( <ipv4_address> | <ipv6_address> |
  403             * ) [ port ( <integer> | * ) ] [
  404             allow { <address_match_element>; ...
  405             } ]; // may occur multiple times
  406 }; // may occur multiple times
  407 
  408 trusted-keys { <string> <integer> <integer>
  409     <integer> <quoted_string>; ... }; // may occur multiple times
  410 
  411 view <string> [ <class> ] {
  412         acache-cleaning-interval <integer>;
  413         acache-enable <boolean>;
  414         additional-from-auth <boolean>;
  415         additional-from-cache <boolean>;
  416         allow-new-zones <boolean>;
  417         allow-notify { <address_match_element>; ... };
  418         allow-query { <address_match_element>; ... };
  419         allow-query-cache { <address_match_element>; ... };
  420         allow-query-cache-on { <address_match_element>; ... };
  421         allow-query-on { <address_match_element>; ... };
  422         allow-recursion { <address_match_element>; ... };
  423         allow-recursion-on { <address_match_element>; ... };
  424         allow-transfer { <address_match_element>; ... };
  425         allow-update { <address_match_element>; ... };
  426         allow-update-forwarding { <address_match_element>; ... };
  427         allow-v6-synthesis { <address_match_element>; ... }; // obsolete
  428         also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
  429             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  430             <integer> ] ) [ key <string> ]; ... };
  431         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
  432             ] [ dscp <integer> ];
  433         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  434             * ) ] [ dscp <integer> ];
  435         attach-cache <string>;
  436         auth-nxdomain <boolean>; // default changed
  437         auto-dnssec ( allow | maintain | off );
  438         cache-file <quoted_string>;
  439         catalog-zones { zone <string> [ default-masters [ port <integer> ]
  440             [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port
  441             <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
  442             <string> ]; ... } ] [ zone-directory <quoted_string> ] [
  443             in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
  444         check-dup-records ( fail | warn | ignore );
  445         check-integrity <boolean>;
  446         check-mx ( fail | warn | ignore );
  447         check-mx-cname ( fail | warn | ignore );
  448         check-names ( master | slave | response
  449             ) ( fail | warn | ignore ); // may occur multiple times
  450         check-sibling <boolean>;
  451         check-spf ( warn | ignore );
  452         check-srv-cname ( fail | warn | ignore );
  453         check-wildcard <boolean>;
  454         cleaning-interval <integer>;
  455         clients-per-query <integer>;
  456         deny-answer-addresses { <address_match_element>; ... } [
  457             except-from { <quoted_string>; ... } ];
  458         deny-answer-aliases { <quoted_string>; ... } [ except-from {
  459             <quoted_string>; ... } ];
  460         dialup ( notify | notify-passive | passive | refresh | <boolean> );
  461         disable-algorithms <string> { <string>;
  462             ... }; // may occur multiple times
  463         disable-ds-digests <string> { <string>;
  464             ... }; // may occur multiple times
  465         disable-empty-zone <string>; // may occur multiple times
  466         dlz <string> {
  467                 database <string>;
  468                 search <boolean>;
  469         }; // may occur multiple times
  470         dns64 <netprefix> {
  471                 break-dnssec <boolean>;
  472                 clients { <address_match_element>; ... };
  473                 exclude { <address_match_element>; ... };
  474                 mapped { <address_match_element>; ... };
  475                 recursive-only <boolean>;
  476                 suffix <ipv6_address>;
  477         }; // may occur multiple times
  478         dns64-contact <string>;
  479         dns64-server <string>;
  480         dnssec-accept-expired <boolean>;
  481         dnssec-dnskey-kskonly <boolean>;
  482         dnssec-enable <boolean>;
  483         dnssec-loadkeys-interval <integer>;
  484         dnssec-lookaside ( <string> trust-anchor
  485             <string> | auto | no ); // may occur multiple times
  486         dnssec-must-be-secure <string> <boolean>; // may occur multiple times
  487         dnssec-secure-to-insecure <boolean>;
  488         dnssec-update-mode ( maintain | no-resign );
  489         dnssec-validation ( yes | no | auto );
  490         dnstap { ( all | auth | client | forwarder |
  491             resolver ) [ ( query | response ) ]; ... }; // not configured
  492         dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
  493             <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
  494             <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
  495             <integer> ] [ dscp <integer> ] ); ... };
  496         dyndb <string> <quoted_string> {
  497             <unspecified-text> }; // may occur multiple times
  498         edns-udp-size <integer>;
  499         empty-contact <string>;
  500         empty-server <string>;
  501         empty-zones-enable <boolean>;
  502         fetch-glue <boolean>; // obsolete
  503         fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
  504         fetches-per-server <integer> [ ( drop | fail ) ];
  505         fetches-per-zone <integer> [ ( drop | fail ) ];
  506         filter-aaaa { <address_match_element>; ... }; // not configured
  507         filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
  508         filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
  509         forward ( first | only );
  510         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
  511             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
  512         inline-signing <boolean>;
  513         ixfr-from-differences ( master | slave | <boolean> );
  514         key <string> {
  515                 algorithm <string>;
  516                 secret <string>;
  517         }; // may occur multiple times
  518         key-directory <quoted_string>;
  519         lame-ttl <ttlval>;
  520         lmdb-mapsize <sizeval>; // non-operational
  521         maintain-ixfr-base <boolean>; // obsolete
  522         managed-keys { <string> <string>
  523             <integer> <integer> <integer>
  524             <quoted_string>; ... }; // may occur multiple times
  525         masterfile-format ( map | raw | text );
  526         masterfile-style ( full | relative );
  527         match-clients { <address_match_element>; ... };
  528         match-destinations { <address_match_element>; ... };
  529         match-recursive-only <boolean>;
  530         max-acache-size ( unlimited | <sizeval> );
  531         max-cache-size ( default | unlimited | <sizeval> | <percentage> );
  532         max-cache-ttl <integer>;
  533         max-clients-per-query <integer>;
  534         max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
  535         max-journal-size ( unlimited | <sizeval> );
  536         max-ncache-ttl <integer>;
  537         max-records <integer>;
  538         max-recursion-depth <integer>;
  539         max-recursion-queries <integer>;
  540         max-refresh-time <integer>;
  541         max-retry-time <integer>;
  542         max-transfer-idle-in <integer>;
  543         max-transfer-idle-out <integer>;
  544         max-transfer-time-in <integer>;
  545         max-transfer-time-out <integer>;
  546         max-udp-size <integer>;
  547         max-zone-ttl ( unlimited | <ttlval> );
  548         message-compression <boolean>;
  549         min-refresh-time <integer>;
  550         min-retry-time <integer>;
  551         min-roots <integer>; // not implemented
  552         minimal-any <boolean>;
  553         minimal-responses ( no-auth | no-auth-recursive | <boolean> );
  554         multi-master <boolean>;
  555         no-case-compress { <address_match_element>; ... };
  556         nocookie-udp-size <integer>;
  557         nosit-udp-size <integer>; // obsolete
  558         notify ( explicit | master-only | <boolean> );
  559         notify-delay <integer>;
  560         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  561             dscp <integer> ];
  562         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  563             [ dscp <integer> ];
  564         notify-to-soa <boolean>;
  565         nsec3-test-zone <boolean>; // test only
  566         nta-lifetime <ttlval>;
  567         nta-recheck <ttlval>;
  568         nxdomain-redirect <string>;
  569         preferred-glue <string>;
  570         prefetch <integer> [ <integer> ];
  571         provide-ixfr <boolean>;
  572         query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
  573             <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
  574             port ( <integer> | * ) ) ) [ dscp <integer> ];
  575         query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
  576             <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
  577             port ( <integer> | * ) ) ) [ dscp <integer> ];
  578         queryport-pool-ports <integer>; // obsolete
  579         queryport-pool-updateinterval <integer>; // obsolete
  580         rate-limit {
  581                 all-per-second <integer>;
  582                 errors-per-second <integer>;
  583                 exempt-clients { <address_match_element>; ... };
  584                 ipv4-prefix-length <integer>;
  585                 ipv6-prefix-length <integer>;
  586                 log-only <boolean>;
  587                 max-table-size <integer>;
  588                 min-table-size <integer>;
  589                 nodata-per-second <integer>;
  590                 nxdomains-per-second <integer>;
  591                 qps-scale <integer>;
  592                 referrals-per-second <integer>;
  593                 responses-per-second <integer>;
  594                 slip <integer>;
  595                 window <integer>;
  596         };
  597         recursion <boolean>;
  598         request-expire <boolean>;
  599         request-ixfr <boolean>;
  600         request-nsid <boolean>;
  601         request-sit <boolean>; // obsolete
  602         require-server-cookie <boolean>;
  603         resolver-query-timeout <integer>;
  604         response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl
  605             <integer> ] [ policy ( cname | disabled | drop | given | no-op
  606             | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
  607             recursive-only <boolean> ]; ... } [ break-dnssec <boolean> ] [
  608             max-policy-ttl <integer> ] [ min-ns-dots <integer> ] [
  609             nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
  610             [ recursive-only <boolean> ];
  611         rfc2308-type1 <boolean>; // not yet implemented
  612         root-delegation-only [ exclude { <quoted_string>; ... } ];
  613         root-key-sentinel <boolean>;
  614         rrset-order { [ class <string> ] [ type <string> ] [ name
  615             <quoted_string> ] <string> <string>; ... };
  616         send-cookie <boolean>;
  617         serial-update-method ( date | increment | unixtime );
  618         server <netprefix> {
  619                 bogus <boolean>;
  620                 edns <boolean>;
  621                 edns-udp-size <integer>;
  622                 edns-version <integer>;
  623                 keys <server_key>;
  624                 max-udp-size <integer>;
  625                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
  626                     ) ] [ dscp <integer> ];
  627                 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
  628                     | * ) ] [ dscp <integer> ];
  629                 provide-ixfr <boolean>;
  630                 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
  631                     ( <integer> | * ) ] ) | ( [ [ address ] (
  632                     <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
  633                     dscp <integer> ];
  634                 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
  635                     port ( <integer> | * ) ] ) | ( [ [ address ] (
  636                     <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
  637                     dscp <integer> ];
  638                 request-expire <boolean>;
  639                 request-ixfr <boolean>;
  640                 request-nsid <boolean>;
  641                 request-sit <boolean>; // obsolete
  642                 send-cookie <boolean>;
  643                 support-ixfr <boolean>; // obsolete
  644                 tcp-only <boolean>;
  645                 transfer-format ( many-answers | one-answer );
  646                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
  647                     * ) ] [ dscp <integer> ];
  648                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
  649                     <integer> | * ) ] [ dscp <integer> ];
  650                 transfers <integer>;
  651         }; // may occur multiple times
  652         servfail-ttl <ttlval>;
  653         sig-signing-nodes <integer>;
  654         sig-signing-signatures <integer>;
  655         sig-signing-type <integer>;
  656         sig-validity-interval <integer> [ <integer> ];
  657         sortlist { <address_match_element>; ... };
  658         suppress-initial-notify <boolean>; // not yet implemented
  659         topology { <address_match_element>; ... }; // not implemented
  660         transfer-format ( many-answers | one-answer );
  661         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  662             dscp <integer> ];
  663         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  664             ] [ dscp <integer> ];
  665         trust-anchor-telemetry <boolean>; // experimental
  666         trusted-keys { <string> <integer>
  667             <integer> <integer> <quoted_string>;
  668             ... }; // may occur multiple times
  669         try-tcp-refresh <boolean>;
  670         update-check-ksk <boolean>;
  671         use-alt-transfer-source <boolean>;
  672         use-queryport-pool <boolean>; // obsolete
  673         v6-bias <integer>;
  674         zero-no-soa-ttl <boolean>;
  675         zero-no-soa-ttl-cache <boolean>;
  676         zone <string> [ <class> ] {
  677                 allow-notify { <address_match_element>; ... };
  678                 allow-query { <address_match_element>; ... };
  679                 allow-query-on { <address_match_element>; ... };
  680                 allow-transfer { <address_match_element>; ... };
  681                 allow-update { <address_match_element>; ... };
  682                 allow-update-forwarding { <address_match_element>; ... };
  683                 also-notify [ port <integer> ] [ dscp <integer> ] { (
  684                     <masters> | <ipv4_address> [ port <integer> ] |
  685                     <ipv6_address> [ port <integer> ] ) [ key <string> ];
  686                     ... };
  687                 alt-transfer-source ( <ipv4_address> | * ) [ port (
  688                     <integer> | * ) ] [ dscp <integer> ];
  689                 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
  690                     <integer> | * ) ] [ dscp <integer> ];
  691                 auto-dnssec ( allow | maintain | off );
  692                 check-dup-records ( fail | warn | ignore );
  693                 check-integrity <boolean>;
  694                 check-mx ( fail | warn | ignore );
  695                 check-mx-cname ( fail | warn | ignore );
  696                 check-names ( fail | warn | ignore );
  697                 check-sibling <boolean>;
  698                 check-spf ( warn | ignore );
  699                 check-srv-cname ( fail | warn | ignore );
  700                 check-wildcard <boolean>;
  701                 database <string>;
  702                 delegation-only <boolean>;
  703                 dialup ( notify | notify-passive | passive | refresh |
  704                     <boolean> );
  705                 dlz <string>;
  706                 dnssec-dnskey-kskonly <boolean>;
  707                 dnssec-loadkeys-interval <integer>;
  708                 dnssec-secure-to-insecure <boolean>;
  709                 dnssec-update-mode ( maintain | no-resign );
  710                 file <quoted_string>;
  711                 forward ( first | only );
  712                 forwarders [ port <integer> ] [ dscp <integer> ] { (
  713                     <ipv4_address> | <ipv6_address> ) [ port <integer> ] [
  714                     dscp <integer> ]; ... };
  715                 in-view <string>;
  716                 inline-signing <boolean>;
  717                 ixfr-base <quoted_string>; // obsolete
  718                 ixfr-from-differences <boolean>;
  719                 ixfr-tmp-file <quoted_string>; // obsolete
  720                 journal <quoted_string>;
  721                 key-directory <quoted_string>;
  722                 maintain-ixfr-base <boolean>; // obsolete
  723                 masterfile-format ( map | raw | text );
  724                 masterfile-style ( full | relative );
  725                 masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
  726                     | <ipv4_address> [ port <integer> ] | <ipv6_address> [
  727                     port <integer> ] ) [ key <string> ]; ... };
  728                 max-ixfr-log-size ( default | unlimited |
  729                     <sizeval> ); // obsolete
  730                 max-journal-size ( unlimited | <sizeval> );
  731                 max-records <integer>;
  732                 max-refresh-time <integer>;
  733                 max-retry-time <integer>;
  734                 max-transfer-idle-in <integer>;
  735                 max-transfer-idle-out <integer>;
  736                 max-transfer-time-in <integer>;
  737                 max-transfer-time-out <integer>;
  738                 max-zone-ttl ( unlimited | <ttlval> );
  739                 min-refresh-time <integer>;
  740                 min-retry-time <integer>;
  741                 multi-master <boolean>;
  742                 notify ( explicit | master-only | <boolean> );
  743                 notify-delay <integer>;
  744                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
  745                     ) ] [ dscp <integer> ];
  746                 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
  747                     | * ) ] [ dscp <integer> ];
  748                 notify-to-soa <boolean>;
  749                 nsec3-test-zone <boolean>; // test only
  750                 pubkey <integer>
  751                     <integer>
  752                     <integer>
  753                     <quoted_string>; // obsolete, may occur multiple times
  754                 request-expire <boolean>;
  755                 request-ixfr <boolean>;
  756                 serial-update-method ( date | increment | unixtime );
  757                 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
  758                 server-names { <quoted_string>; ... };
  759                 sig-signing-nodes <integer>;
  760                 sig-signing-signatures <integer>;
  761                 sig-signing-type <integer>;
  762                 sig-validity-interval <integer> [ <integer> ];
  763                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
  764                     * ) ] [ dscp <integer> ];
  765                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
  766                     <integer> | * ) ] [ dscp <integer> ];
  767                 try-tcp-refresh <boolean>;
  768                 type ( delegation-only | forward | hint | master | redirect
  769                     | slave | static-stub | stub );
  770                 update-check-ksk <boolean>;
  771                 update-policy ( local | { ( deny | grant ) <string> (
  772                     6to4-self | external | krb5-self | krb5-selfsub |
  773                     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
  774                     name | self | selfsub | selfwild | subdomain | tcp-self
  775                     | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
  776                 use-alt-transfer-source <boolean>;
  777                 zero-no-soa-ttl <boolean>;
  778                 zone-statistics ( full | terse | none | <boolean> );
  779         }; // may occur multiple times
  780         zone-statistics ( full | terse | none | <boolean> );
  781 }; // may occur multiple times
  782 
  783 zone <string> [ <class> ] {
  784         allow-notify { <address_match_element>; ... };
  785         allow-query { <address_match_element>; ... };
  786         allow-query-on { <address_match_element>; ... };
  787         allow-transfer { <address_match_element>; ... };
  788         allow-update { <address_match_element>; ... };
  789         allow-update-forwarding { <address_match_element>; ... };
  790         also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
  791             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  792             <integer> ] ) [ key <string> ]; ... };
  793         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
  794             ] [ dscp <integer> ];
  795         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  796             * ) ] [ dscp <integer> ];
  797         auto-dnssec ( allow | maintain | off );
  798         check-dup-records ( fail | warn | ignore );
  799         check-integrity <boolean>;
  800         check-mx ( fail | warn | ignore );
  801         check-mx-cname ( fail | warn | ignore );
  802         check-names ( fail | warn | ignore );
  803         check-sibling <boolean>;
  804         check-spf ( warn | ignore );
  805         check-srv-cname ( fail | warn | ignore );
  806         check-wildcard <boolean>;
  807         database <string>;
  808         delegation-only <boolean>;
  809         dialup ( notify | notify-passive | passive | refresh | <boolean> );
  810         dlz <string>;
  811         dnssec-dnskey-kskonly <boolean>;
  812         dnssec-loadkeys-interval <integer>;
  813         dnssec-secure-to-insecure <boolean>;
  814         dnssec-update-mode ( maintain | no-resign );
  815         file <quoted_string>;
  816         forward ( first | only );
  817         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
  818             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
  819         in-view <string>;
  820         inline-signing <boolean>;
  821         ixfr-base <quoted_string>; // obsolete
  822         ixfr-from-differences <boolean>;
  823         ixfr-tmp-file <quoted_string>; // obsolete
  824         journal <quoted_string>;
  825         key-directory <quoted_string>;
  826         maintain-ixfr-base <boolean>; // obsolete
  827         masterfile-format ( map | raw | text );
  828         masterfile-style ( full | relative );
  829         masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
  830             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  831             <integer> ] ) [ key <string> ]; ... };
  832         max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
  833         max-journal-size ( unlimited | <sizeval> );
  834         max-records <integer>;
  835         max-refresh-time <integer>;
  836         max-retry-time <integer>;
  837         max-transfer-idle-in <integer>;
  838         max-transfer-idle-out <integer>;
  839         max-transfer-time-in <integer>;
  840         max-transfer-time-out <integer>;
  841         max-zone-ttl ( unlimited | <ttlval> );
  842         min-refresh-time <integer>;
  843         min-retry-time <integer>;
  844         multi-master <boolean>;
  845         notify ( explicit | master-only | <boolean> );
  846         notify-delay <integer>;
  847         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  848             dscp <integer> ];
  849         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  850             [ dscp <integer> ];
  851         notify-to-soa <boolean>;
  852         nsec3-test-zone <boolean>; // test only
  853         pubkey <integer> <integer>
  854             <integer> <quoted_string>; // obsolete, may occur multiple times
  855         request-expire <boolean>;
  856         request-ixfr <boolean>;
  857         serial-update-method ( date | increment | unixtime );
  858         server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
  859         server-names { <quoted_string>; ... };
  860         sig-signing-nodes <integer>;
  861         sig-signing-signatures <integer>;
  862         sig-signing-type <integer>;
  863         sig-validity-interval <integer> [ <integer> ];
  864         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  865             dscp <integer> ];
  866         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  867             ] [ dscp <integer> ];
  868         try-tcp-refresh <boolean>;
  869         type ( delegation-only | forward | hint | master | redirect | slave
  870             | static-stub | stub );
  871         update-check-ksk <boolean>;
  872         update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
  873             external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
  874             | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
  875             | subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
  876             <rrtypelist>; ... };
  877         use-alt-transfer-source <boolean>;
  878         zero-no-soa-ttl <boolean>;
  879         zone-statistics ( full | terse | none | <boolean> );
  880 }; // may occur multiple times
  881