"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.17.5/doc/misc/options" (4 Sep 2020, 46810 Bytes) of package /linux/misc/dns/bind9/9.17.5/bind-9.17.5.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "options": 9.17.4_vs_9.17.5.

    1 
    2 This is a summary of the named.conf options supported by
    3 this version of BIND 9.
    4 
    5 acl <string> { <address_match_element>; ... }; // may occur multiple times
    6 
    7 controls {
    8         inet ( <ipv4_address> | <ipv6_address> |
    9             * ) [ port ( <integer> | * ) ] allow
   10             { <address_match_element>; ... } [
   11             keys { <string>; ... } ] [ read-only
   12             <boolean> ]; // may occur multiple times
   13         unix <quoted_string> perm <integer>
   14             owner <integer> group <integer> [
   15             keys { <string>; ... } ] [ read-only
   16             <boolean> ]; // may occur multiple times
   17 }; // may occur multiple times
   18 
   19 dlz <string> {
   20         database <string>;
   21         search <boolean>;
   22 }; // may occur multiple times
   23 
   24 dnssec-policy <string> {
   25         dnskey-ttl <duration>;
   26         keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
   27             <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
   28         max-zone-ttl <duration>;
   29         parent-ds-ttl <duration>;
   30         parent-propagation-delay <duration>;
   31         parent-registration-delay <duration>; // obsolete
   32         publish-safety <duration>;
   33         retire-safety <duration>;
   34         signatures-refresh <duration>;
   35         signatures-validity <duration>;
   36         signatures-validity-dnskey <duration>;
   37         zone-propagation-delay <duration>;
   38 }; // may occur multiple times
   39 
   40 dyndb <string> <quoted_string> {
   41     <unspecified-text> }; // may occur multiple times
   42 
   43 key <string> {
   44         algorithm <string>;
   45         secret <string>;
   46 }; // may occur multiple times
   47 
   48 logging {
   49         category <string> { <string>; ... }; // may occur multiple times
   50         channel <string> {
   51                 buffered <boolean>;
   52                 file <quoted_string> [ versions ( unlimited | <integer> ) ]
   53                     [ size <size> ] [ suffix ( increment | timestamp ) ];
   54                 null;
   55                 print-category <boolean>;
   56                 print-severity <boolean>;
   57                 print-time ( iso8601 | iso8601-utc | local | <boolean> );
   58                 severity <log_severity>;
   59                 stderr;
   60                 syslog [ <syslog_facility> ];
   61         }; // may occur multiple times
   62 };
   63 
   64 lwres { <unspecified-text> }; // obsolete, may occur multiple times
   65 
   66 managed-keys { <string> ( static-key
   67     | initial-key | static-ds |
   68     initial-ds ) <integer> <integer>
   69     <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
   70 
   71 masters <string> [ port <integer> ] [ dscp
   72     <integer> ] { ( <primaries> | <ipv4_address>
   73     [ port <integer> ] | <ipv6_address> [ port
   74     <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
   75 
   76 options {
   77         acache-cleaning-interval <integer>; // obsolete
   78         acache-enable <boolean>; // obsolete
   79         additional-from-auth <boolean>; // obsolete
   80         additional-from-cache <boolean>; // obsolete
   81         allow-new-zones <boolean>;
   82         allow-notify { <address_match_element>; ... };
   83         allow-query { <address_match_element>; ... };
   84         allow-query-cache { <address_match_element>; ... };
   85         allow-query-cache-on { <address_match_element>; ... };
   86         allow-query-on { <address_match_element>; ... };
   87         allow-recursion { <address_match_element>; ... };
   88         allow-recursion-on { <address_match_element>; ... };
   89         allow-transfer { <address_match_element>; ... };
   90         allow-update { <address_match_element>; ... };
   91         allow-update-forwarding { <address_match_element>; ... };
   92         allow-v6-synthesis { <address_match_element>; ... }; // obsolete
   93         also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
   94             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
   95             <integer> ] ) [ key <string> ]; ... };
   96         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
   97             ] [ dscp <integer> ];
   98         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
   99             * ) ] [ dscp <integer> ];
  100         answer-cookie <boolean>;
  101         attach-cache <string>;
  102         auth-nxdomain <boolean>; // default changed
  103         auto-dnssec ( allow | maintain | off );
  104         automatic-interface-scan <boolean>;
  105         avoid-v4-udp-ports { <portrange>; ... };
  106         avoid-v6-udp-ports { <portrange>; ... };
  107         bindkeys-file <quoted_string>;
  108         blackhole { <address_match_element>; ... };
  109         cache-file <quoted_string>;
  110         catalog-zones { zone <string> [ default-masters [ port <integer> ]
  111             [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
  112             <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
  113             <string> ]; ... } ] [ zone-directory <quoted_string> ] [
  114             in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
  115         check-dup-records ( fail | warn | ignore );
  116         check-integrity <boolean>;
  117         check-mx ( fail | warn | ignore );
  118         check-mx-cname ( fail | warn | ignore );
  119         check-names ( primary | master |
  120             secondary | slave | response ) (
  121             fail | warn | ignore ); // may occur multiple times
  122         check-sibling <boolean>;
  123         check-spf ( warn | ignore );
  124         check-srv-cname ( fail | warn | ignore );
  125         check-wildcard <boolean>;
  126         cleaning-interval <integer>; // obsolete
  127         clients-per-query <integer>;
  128         cookie-algorithm ( aes | siphash24 );
  129         cookie-secret <string>; // may occur multiple times
  130         coresize ( default | unlimited | <sizeval> );
  131         datasize ( default | unlimited | <sizeval> );
  132         deallocate-on-exit <boolean>; // ancient
  133         deny-answer-addresses { <address_match_element>; ... } [
  134             except-from { <string>; ... } ];
  135         deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
  136             } ];
  137         dialup ( notify | notify-passive | passive | refresh | <boolean> );
  138         directory <quoted_string>;
  139         disable-algorithms <string> { <string>;
  140             ... }; // may occur multiple times
  141         disable-ds-digests <string> { <string>;
  142             ... }; // may occur multiple times
  143         disable-empty-zone <string>; // may occur multiple times
  144         dns64 <netprefix> {
  145                 break-dnssec <boolean>;
  146                 clients { <address_match_element>; ... };
  147                 exclude { <address_match_element>; ... };
  148                 mapped { <address_match_element>; ... };
  149                 recursive-only <boolean>;
  150                 suffix <ipv6_address>;
  151         }; // may occur multiple times
  152         dns64-contact <string>;
  153         dns64-server <string>;
  154         dnskey-sig-validity <integer>;
  155         dnsrps-enable <boolean>;
  156         dnsrps-options { <unspecified-text> };
  157         dnssec-accept-expired <boolean>;
  158         dnssec-dnskey-kskonly <boolean>;
  159         dnssec-enable <boolean>; // obsolete
  160         dnssec-loadkeys-interval <integer>;
  161         dnssec-lookaside ( <string>
  162             trust-anchor <string> |
  163             auto | no ); // obsolete, may occur multiple times
  164         dnssec-must-be-secure <string> <boolean>; // may occur multiple times
  165         dnssec-policy <string>;
  166         dnssec-secure-to-insecure <boolean>;
  167         dnssec-update-mode ( maintain | no-resign );
  168         dnssec-validation ( yes | no | auto );
  169         dnstap { ( all | auth | client | forwarder | resolver | update ) [
  170             ( query | response ) ]; ... };
  171         dnstap-identity ( <quoted_string> | none | hostname );
  172         dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited |
  173             <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix (
  174             increment | timestamp ) ];
  175         dnstap-version ( <quoted_string> | none );
  176         dscp <integer>;
  177         dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
  178             <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
  179             <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
  180             <integer> ] [ dscp <integer> ] ); ... };
  181         dump-file <quoted_string>;
  182         edns-udp-size <integer>;
  183         empty-contact <string>;
  184         empty-server <string>;
  185         empty-zones-enable <boolean>;
  186         fake-iquery <boolean>; // ancient
  187         fetch-glue <boolean>; // ancient
  188         fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
  189         fetches-per-server <integer> [ ( drop | fail ) ];
  190         fetches-per-zone <integer> [ ( drop | fail ) ];
  191         files ( default | unlimited | <sizeval> );
  192         filter-aaaa { <address_match_element>; ... }; // obsolete
  193         filter-aaaa-on-v4 <boolean>; // obsolete
  194         filter-aaaa-on-v6 <boolean>; // obsolete
  195         flush-zones-on-shutdown <boolean>;
  196         forward ( first | only );
  197         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
  198             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
  199         fstrm-set-buffer-hint <integer>;
  200         fstrm-set-flush-timeout <integer>;
  201         fstrm-set-input-queue-size <integer>;
  202         fstrm-set-output-notify-threshold <integer>;
  203         fstrm-set-output-queue-model ( mpsc | spsc );
  204         fstrm-set-output-queue-size <integer>;
  205         fstrm-set-reopen-interval <duration>;
  206         geoip-directory ( <quoted_string> | none );
  207         geoip-use-ecs <boolean>; // obsolete
  208         glue-cache <boolean>;
  209         has-old-clients <boolean>; // ancient
  210         heartbeat-interval <integer>;
  211         host-statistics <boolean>; // ancient
  212         host-statistics-max <integer>; // ancient
  213         hostname ( <quoted_string> | none );
  214         inline-signing <boolean>;
  215         interface-interval <duration>;
  216         ixfr-from-differences ( primary | master | secondary | slave |
  217             <boolean> );
  218         keep-response-order { <address_match_element>; ... };
  219         key-directory <quoted_string>;
  220         lame-ttl <duration>;
  221         listen-on [ port <integer> ] [ dscp
  222             <integer> ] {
  223             <address_match_element>; ... }; // may occur multiple times
  224         listen-on-v6 [ port <integer> ] [ dscp
  225             <integer> ] {
  226             <address_match_element>; ... }; // may occur multiple times
  227         lmdb-mapsize <sizeval>;
  228         lock-file ( <quoted_string> | none );
  229         maintain-ixfr-base <boolean>; // ancient
  230         managed-keys-directory <quoted_string>;
  231         masterfile-format ( map | raw | text );
  232         masterfile-style ( full | relative );
  233         match-mapped-addresses <boolean>;
  234         max-acache-size ( unlimited | <sizeval> ); // obsolete
  235         max-cache-size ( default | unlimited | <sizeval> | <percentage> );
  236         max-cache-ttl <duration>;
  237         max-clients-per-query <integer>;
  238         max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
  239         max-ixfr-ratio ( unlimited | <percentage> );
  240         max-journal-size ( default | unlimited | <sizeval> );
  241         max-ncache-ttl <duration>;
  242         max-records <integer>;
  243         max-recursion-depth <integer>;
  244         max-recursion-queries <integer>;
  245         max-refresh-time <integer>;
  246         max-retry-time <integer>;
  247         max-rsa-exponent-size <integer>;
  248         max-stale-ttl <duration>;
  249         max-transfer-idle-in <integer>;
  250         max-transfer-idle-out <integer>;
  251         max-transfer-time-in <integer>;
  252         max-transfer-time-out <integer>;
  253         max-udp-size <integer>;
  254         max-zone-ttl ( unlimited | <duration> );
  255         memstatistics <boolean>;
  256         memstatistics-file <quoted_string>;
  257         message-compression <boolean>;
  258         min-cache-ttl <duration>;
  259         min-ncache-ttl <duration>;
  260         min-refresh-time <integer>;
  261         min-retry-time <integer>;
  262         min-roots <integer>; // ancient
  263         minimal-any <boolean>;
  264         minimal-responses ( no-auth | no-auth-recursive | <boolean> );
  265         multi-master <boolean>;
  266         multiple-cnames <boolean>; // ancient
  267         named-xfer <quoted_string>; // ancient
  268         new-zones-directory <quoted_string>;
  269         no-case-compress { <address_match_element>; ... };
  270         nocookie-udp-size <integer>;
  271         nosit-udp-size <integer>; // obsolete
  272         notify ( explicit | master-only | primary-only | <boolean> );
  273         notify-delay <integer>;
  274         notify-rate <integer>;
  275         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  276             dscp <integer> ];
  277         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  278             [ dscp <integer> ];
  279         notify-to-soa <boolean>;
  280         nsec3-test-zone <boolean>; // test only
  281         nta-lifetime <duration>;
  282         nta-recheck <duration>;
  283         nxdomain-redirect <string>;
  284         pid-file ( <quoted_string> | none );
  285         port <integer>;
  286         preferred-glue <string>;
  287         prefetch <integer> [ <integer> ];
  288         provide-ixfr <boolean>;
  289         qname-minimization ( strict | relaxed | disabled | off );
  290         query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
  291             <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
  292             port ( <integer> | * ) ) ) [ dscp <integer> ];
  293         query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
  294             <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
  295             port ( <integer> | * ) ) ) [ dscp <integer> ];
  296         querylog <boolean>;
  297         queryport-pool-ports <integer>; // obsolete
  298         queryport-pool-updateinterval <integer>; // obsolete
  299         random-device ( <quoted_string> | none );
  300         rate-limit {
  301                 all-per-second <integer>;
  302                 errors-per-second <integer>;
  303                 exempt-clients { <address_match_element>; ... };
  304                 ipv4-prefix-length <integer>;
  305                 ipv6-prefix-length <integer>;
  306                 log-only <boolean>;
  307                 max-table-size <integer>;
  308                 min-table-size <integer>;
  309                 nodata-per-second <integer>;
  310                 nxdomains-per-second <integer>;
  311                 qps-scale <integer>;
  312                 referrals-per-second <integer>;
  313                 responses-per-second <integer>;
  314                 slip <integer>;
  315                 window <integer>;
  316         };
  317         recursing-file <quoted_string>;
  318         recursion <boolean>;
  319         recursive-clients <integer>;
  320         request-expire <boolean>;
  321         request-ixfr <boolean>;
  322         request-nsid <boolean>;
  323         request-sit <boolean>; // obsolete
  324         require-server-cookie <boolean>;
  325         reserved-sockets <integer>;
  326         resolver-nonbackoff-tries <integer>;
  327         resolver-query-timeout <integer>;
  328         resolver-retry-interval <integer>;
  329         response-padding { <address_match_element>; ... } block-size
  330             <integer>;
  331         response-policy { zone <string> [ add-soa <boolean> ] [ log
  332             <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
  333             <duration> ] [ policy ( cname | disabled | drop | given | no-op
  334             | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
  335             recursive-only <boolean> ] [ nsip-enable <boolean> ] [
  336             nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
  337             break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
  338             min-update-interval <duration> ] [ min-ns-dots <integer> ] [
  339             nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
  340             ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
  341             [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
  342             dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
  343             } ];
  344         rfc2308-type1 <boolean>; // ancient
  345         root-delegation-only [ exclude { <string>; ... } ];
  346         root-key-sentinel <boolean>;
  347         rrset-order { [ class <string> ] [ type <string> ] [ name
  348             <quoted_string> ] <string> <string>; ... };
  349         secroots-file <quoted_string>;
  350         send-cookie <boolean>;
  351         serial-queries <integer>; // ancient
  352         serial-query-rate <integer>;
  353         serial-update-method ( date | increment | unixtime );
  354         server-id ( <quoted_string> | none | hostname );
  355         servfail-ttl <duration>;
  356         session-keyalg <string>;
  357         session-keyfile ( <quoted_string> | none );
  358         session-keyname <string>;
  359         sig-signing-nodes <integer>;
  360         sig-signing-signatures <integer>;
  361         sig-signing-type <integer>;
  362         sig-validity-interval <integer> [ <integer> ];
  363         sit-secret <string>; // obsolete
  364         sortlist { <address_match_element>; ... };
  365         stacksize ( default | unlimited | <sizeval> );
  366         stale-answer-enable <boolean>;
  367         stale-answer-ttl <duration>;
  368         stale-cache-enable <boolean>;
  369         startup-notify-rate <integer>;
  370         statistics-file <quoted_string>;
  371         statistics-interval <integer>; // ancient
  372         suppress-initial-notify <boolean>; // not yet implemented
  373         synth-from-dnssec <boolean>;
  374         tcp-advertised-timeout <integer>;
  375         tcp-clients <integer>;
  376         tcp-idle-timeout <integer>;
  377         tcp-initial-timeout <integer>;
  378         tcp-keepalive-timeout <integer>;
  379         tcp-listen-queue <integer>;
  380         tkey-dhkey <quoted_string> <integer>;
  381         tkey-domain <quoted_string>;
  382         tkey-gssapi-credential <quoted_string>;
  383         tkey-gssapi-keytab <quoted_string>;
  384         topology { <address_match_element>; ... }; // ancient
  385         transfer-format ( many-answers | one-answer );
  386         transfer-message-size <integer>;
  387         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  388             dscp <integer> ];
  389         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  390             ] [ dscp <integer> ];
  391         transfers-in <integer>;
  392         transfers-out <integer>;
  393         transfers-per-ns <integer>;
  394         treat-cr-as-space <boolean>; // ancient
  395         trust-anchor-telemetry <boolean>; // experimental
  396         try-tcp-refresh <boolean>;
  397         update-check-ksk <boolean>;
  398         use-alt-transfer-source <boolean>;
  399         use-id-pool <boolean>; // ancient
  400         use-ixfr <boolean>; // obsolete
  401         use-queryport-pool <boolean>; // obsolete
  402         use-v4-udp-ports { <portrange>; ... };
  403         use-v6-udp-ports { <portrange>; ... };
  404         v6-bias <integer>;
  405         validate-except { <string>; ... };
  406         version ( <quoted_string> | none );
  407         zero-no-soa-ttl <boolean>;
  408         zero-no-soa-ttl-cache <boolean>;
  409         zone-statistics ( full | terse | none | <boolean> );
  410 };
  411 
  412 plugin ( query ) <string> [ { <unspecified-text>
  413     } ]; // may occur multiple times
  414 
  415 primaries <string> [ port <integer> ] [ dscp
  416     <integer> ] { ( <primaries> | <ipv4_address>
  417     [ port <integer> ] | <ipv6_address> [ port
  418     <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
  419 
  420 server <netprefix> {
  421         bogus <boolean>;
  422         edns <boolean>;
  423         edns-udp-size <integer>;
  424         edns-version <integer>;
  425         keys <server_key>;
  426         max-udp-size <integer>;
  427         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  428             dscp <integer> ];
  429         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  430             [ dscp <integer> ];
  431         padding <integer>;
  432         provide-ixfr <boolean>;
  433         query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
  434             <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
  435             port ( <integer> | * ) ) ) [ dscp <integer> ];
  436         query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
  437             <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
  438             port ( <integer> | * ) ) ) [ dscp <integer> ];
  439         request-expire <boolean>;
  440         request-ixfr <boolean>;
  441         request-nsid <boolean>;
  442         request-sit <boolean>; // obsolete
  443         send-cookie <boolean>;
  444         support-ixfr <boolean>; // obsolete
  445         tcp-keepalive <boolean>;
  446         tcp-only <boolean>;
  447         transfer-format ( many-answers | one-answer );
  448         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  449             dscp <integer> ];
  450         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  451             ] [ dscp <integer> ];
  452         transfers <integer>;
  453 }; // may occur multiple times
  454 
  455 statistics-channels {
  456         inet ( <ipv4_address> | <ipv6_address> |
  457             * ) [ port ( <integer> | * ) ] [
  458             allow { <address_match_element>; ...
  459             } ]; // may occur multiple times
  460 }; // may occur multiple times
  461 
  462 trust-anchors { <string> ( static-key |
  463     initial-key | static-ds | initial-ds )
  464     <integer> <integer> <integer>
  465     <quoted_string>; ... }; // may occur multiple times
  466 
  467 trusted-keys { <string> <integer>
  468     <integer> <integer>
  469     <quoted_string>; ... }; // may occur multiple times, deprecated
  470 
  471 view <string> [ <class> ] {
  472         acache-cleaning-interval <integer>; // obsolete
  473         acache-enable <boolean>; // obsolete
  474         additional-from-auth <boolean>; // obsolete
  475         additional-from-cache <boolean>; // obsolete
  476         allow-new-zones <boolean>;
  477         allow-notify { <address_match_element>; ... };
  478         allow-query { <address_match_element>; ... };
  479         allow-query-cache { <address_match_element>; ... };
  480         allow-query-cache-on { <address_match_element>; ... };
  481         allow-query-on { <address_match_element>; ... };
  482         allow-recursion { <address_match_element>; ... };
  483         allow-recursion-on { <address_match_element>; ... };
  484         allow-transfer { <address_match_element>; ... };
  485         allow-update { <address_match_element>; ... };
  486         allow-update-forwarding { <address_match_element>; ... };
  487         allow-v6-synthesis { <address_match_element>; ... }; // obsolete
  488         also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
  489             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  490             <integer> ] ) [ key <string> ]; ... };
  491         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
  492             ] [ dscp <integer> ];
  493         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  494             * ) ] [ dscp <integer> ];
  495         attach-cache <string>;
  496         auth-nxdomain <boolean>; // default changed
  497         auto-dnssec ( allow | maintain | off );
  498         cache-file <quoted_string>;
  499         catalog-zones { zone <string> [ default-masters [ port <integer> ]
  500             [ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
  501             <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
  502             <string> ]; ... } ] [ zone-directory <quoted_string> ] [
  503             in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
  504         check-dup-records ( fail | warn | ignore );
  505         check-integrity <boolean>;
  506         check-mx ( fail | warn | ignore );
  507         check-mx-cname ( fail | warn | ignore );
  508         check-names ( primary | master |
  509             secondary | slave | response ) (
  510             fail | warn | ignore ); // may occur multiple times
  511         check-sibling <boolean>;
  512         check-spf ( warn | ignore );
  513         check-srv-cname ( fail | warn | ignore );
  514         check-wildcard <boolean>;
  515         cleaning-interval <integer>; // obsolete
  516         clients-per-query <integer>;
  517         deny-answer-addresses { <address_match_element>; ... } [
  518             except-from { <string>; ... } ];
  519         deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
  520             } ];
  521         dialup ( notify | notify-passive | passive | refresh | <boolean> );
  522         disable-algorithms <string> { <string>;
  523             ... }; // may occur multiple times
  524         disable-ds-digests <string> { <string>;
  525             ... }; // may occur multiple times
  526         disable-empty-zone <string>; // may occur multiple times
  527         dlz <string> {
  528                 database <string>;
  529                 search <boolean>;
  530         }; // may occur multiple times
  531         dns64 <netprefix> {
  532                 break-dnssec <boolean>;
  533                 clients { <address_match_element>; ... };
  534                 exclude { <address_match_element>; ... };
  535                 mapped { <address_match_element>; ... };
  536                 recursive-only <boolean>;
  537                 suffix <ipv6_address>;
  538         }; // may occur multiple times
  539         dns64-contact <string>;
  540         dns64-server <string>;
  541         dnskey-sig-validity <integer>;
  542         dnsrps-enable <boolean>;
  543         dnsrps-options { <unspecified-text> };
  544         dnssec-accept-expired <boolean>;
  545         dnssec-dnskey-kskonly <boolean>;
  546         dnssec-enable <boolean>; // obsolete
  547         dnssec-loadkeys-interval <integer>;
  548         dnssec-lookaside ( <string>
  549             trust-anchor <string> |
  550             auto | no ); // obsolete, may occur multiple times
  551         dnssec-must-be-secure <string> <boolean>; // may occur multiple times
  552         dnssec-policy <string>;
  553         dnssec-secure-to-insecure <boolean>;
  554         dnssec-update-mode ( maintain | no-resign );
  555         dnssec-validation ( yes | no | auto );
  556         dnstap { ( all | auth | client | forwarder | resolver | update ) [
  557             ( query | response ) ]; ... };
  558         dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
  559             <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
  560             <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
  561             <integer> ] [ dscp <integer> ] ); ... };
  562         dyndb <string> <quoted_string> {
  563             <unspecified-text> }; // may occur multiple times
  564         edns-udp-size <integer>;
  565         empty-contact <string>;
  566         empty-server <string>;
  567         empty-zones-enable <boolean>;
  568         fetch-glue <boolean>; // ancient
  569         fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
  570         fetches-per-server <integer> [ ( drop | fail ) ];
  571         fetches-per-zone <integer> [ ( drop | fail ) ];
  572         filter-aaaa { <address_match_element>; ... }; // obsolete
  573         filter-aaaa-on-v4 <boolean>; // obsolete
  574         filter-aaaa-on-v6 <boolean>; // obsolete
  575         forward ( first | only );
  576         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
  577             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
  578         glue-cache <boolean>;
  579         inline-signing <boolean>;
  580         ixfr-from-differences ( primary | master | secondary | slave |
  581             <boolean> );
  582         key <string> {
  583                 algorithm <string>;
  584                 secret <string>;
  585         }; // may occur multiple times
  586         key-directory <quoted_string>;
  587         lame-ttl <duration>;
  588         lmdb-mapsize <sizeval>;
  589         maintain-ixfr-base <boolean>; // ancient
  590         managed-keys { <string> (
  591             static-key | initial-key
  592             | static-ds | initial-ds
  593             ) <integer> <integer>
  594             <integer>
  595             <quoted_string>; ... }; // may occur multiple times, deprecated
  596         masterfile-format ( map | raw | text );
  597         masterfile-style ( full | relative );
  598         match-clients { <address_match_element>; ... };
  599         match-destinations { <address_match_element>; ... };
  600         match-recursive-only <boolean>;
  601         max-acache-size ( unlimited | <sizeval> ); // obsolete
  602         max-cache-size ( default | unlimited | <sizeval> | <percentage> );
  603         max-cache-ttl <duration>;
  604         max-clients-per-query <integer>;
  605         max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
  606         max-ixfr-ratio ( unlimited | <percentage> );
  607         max-journal-size ( default | unlimited | <sizeval> );
  608         max-ncache-ttl <duration>;
  609         max-records <integer>;
  610         max-recursion-depth <integer>;
  611         max-recursion-queries <integer>;
  612         max-refresh-time <integer>;
  613         max-retry-time <integer>;
  614         max-stale-ttl <duration>;
  615         max-transfer-idle-in <integer>;
  616         max-transfer-idle-out <integer>;
  617         max-transfer-time-in <integer>;
  618         max-transfer-time-out <integer>;
  619         max-udp-size <integer>;
  620         max-zone-ttl ( unlimited | <duration> );
  621         message-compression <boolean>;
  622         min-cache-ttl <duration>;
  623         min-ncache-ttl <duration>;
  624         min-refresh-time <integer>;
  625         min-retry-time <integer>;
  626         min-roots <integer>; // ancient
  627         minimal-any <boolean>;
  628         minimal-responses ( no-auth | no-auth-recursive | <boolean> );
  629         multi-master <boolean>;
  630         new-zones-directory <quoted_string>;
  631         no-case-compress { <address_match_element>; ... };
  632         nocookie-udp-size <integer>;
  633         nosit-udp-size <integer>; // obsolete
  634         notify ( explicit | master-only | primary-only | <boolean> );
  635         notify-delay <integer>;
  636         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  637             dscp <integer> ];
  638         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  639             [ dscp <integer> ];
  640         notify-to-soa <boolean>;
  641         nsec3-test-zone <boolean>; // test only
  642         nta-lifetime <duration>;
  643         nta-recheck <duration>;
  644         nxdomain-redirect <string>;
  645         plugin ( query ) <string> [ {
  646             <unspecified-text> } ]; // may occur multiple times
  647         preferred-glue <string>;
  648         prefetch <integer> [ <integer> ];
  649         provide-ixfr <boolean>;
  650         qname-minimization ( strict | relaxed | disabled | off );
  651         query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
  652             <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
  653             port ( <integer> | * ) ) ) [ dscp <integer> ];
  654         query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
  655             <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
  656             port ( <integer> | * ) ) ) [ dscp <integer> ];
  657         queryport-pool-ports <integer>; // obsolete
  658         queryport-pool-updateinterval <integer>; // obsolete
  659         rate-limit {
  660                 all-per-second <integer>;
  661                 errors-per-second <integer>;
  662                 exempt-clients { <address_match_element>; ... };
  663                 ipv4-prefix-length <integer>;
  664                 ipv6-prefix-length <integer>;
  665                 log-only <boolean>;
  666                 max-table-size <integer>;
  667                 min-table-size <integer>;
  668                 nodata-per-second <integer>;
  669                 nxdomains-per-second <integer>;
  670                 qps-scale <integer>;
  671                 referrals-per-second <integer>;
  672                 responses-per-second <integer>;
  673                 slip <integer>;
  674                 window <integer>;
  675         };
  676         recursion <boolean>;
  677         request-expire <boolean>;
  678         request-ixfr <boolean>;
  679         request-nsid <boolean>;
  680         request-sit <boolean>; // obsolete
  681         require-server-cookie <boolean>;
  682         resolver-nonbackoff-tries <integer>;
  683         resolver-query-timeout <integer>;
  684         resolver-retry-interval <integer>;
  685         response-padding { <address_match_element>; ... } block-size
  686             <integer>;
  687         response-policy { zone <string> [ add-soa <boolean> ] [ log
  688             <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
  689             <duration> ] [ policy ( cname | disabled | drop | given | no-op
  690             | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
  691             recursive-only <boolean> ] [ nsip-enable <boolean> ] [
  692             nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
  693             break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
  694             min-update-interval <duration> ] [ min-ns-dots <integer> ] [
  695             nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
  696             ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
  697             [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
  698             dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
  699             } ];
  700         rfc2308-type1 <boolean>; // ancient
  701         root-delegation-only [ exclude { <string>; ... } ];
  702         root-key-sentinel <boolean>;
  703         rrset-order { [ class <string> ] [ type <string> ] [ name
  704             <quoted_string> ] <string> <string>; ... };
  705         send-cookie <boolean>;
  706         serial-update-method ( date | increment | unixtime );
  707         server <netprefix> {
  708                 bogus <boolean>;
  709                 edns <boolean>;
  710                 edns-udp-size <integer>;
  711                 edns-version <integer>;
  712                 keys <server_key>;
  713                 max-udp-size <integer>;
  714                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
  715                     ) ] [ dscp <integer> ];
  716                 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
  717                     | * ) ] [ dscp <integer> ];
  718                 padding <integer>;
  719                 provide-ixfr <boolean>;
  720                 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
  721                     ( <integer> | * ) ] ) | ( [ [ address ] (
  722                     <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
  723                     dscp <integer> ];
  724                 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
  725                     port ( <integer> | * ) ] ) | ( [ [ address ] (
  726                     <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
  727                     dscp <integer> ];
  728                 request-expire <boolean>;
  729                 request-ixfr <boolean>;
  730                 request-nsid <boolean>;
  731                 request-sit <boolean>; // obsolete
  732                 send-cookie <boolean>;
  733                 support-ixfr <boolean>; // obsolete
  734                 tcp-keepalive <boolean>;
  735                 tcp-only <boolean>;
  736                 transfer-format ( many-answers | one-answer );
  737                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
  738                     * ) ] [ dscp <integer> ];
  739                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
  740                     <integer> | * ) ] [ dscp <integer> ];
  741                 transfers <integer>;
  742         }; // may occur multiple times
  743         servfail-ttl <duration>;
  744         sig-signing-nodes <integer>;
  745         sig-signing-signatures <integer>;
  746         sig-signing-type <integer>;
  747         sig-validity-interval <integer> [ <integer> ];
  748         sortlist { <address_match_element>; ... };
  749         stale-answer-enable <boolean>;
  750         stale-answer-ttl <duration>;
  751         stale-cache-enable <boolean>;
  752         suppress-initial-notify <boolean>; // not yet implemented
  753         synth-from-dnssec <boolean>;
  754         topology { <address_match_element>; ... }; // ancient
  755         transfer-format ( many-answers | one-answer );
  756         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  757             dscp <integer> ];
  758         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  759             ] [ dscp <integer> ];
  760         trust-anchor-telemetry <boolean>; // experimental
  761         trust-anchors { <string> ( static-key |
  762             initial-key | static-ds | initial-ds
  763             ) <integer> <integer> <integer>
  764             <quoted_string>; ... }; // may occur multiple times
  765         trusted-keys { <string>
  766             <integer> <integer>
  767             <integer>
  768             <quoted_string>; ... }; // may occur multiple times, deprecated
  769         try-tcp-refresh <boolean>;
  770         update-check-ksk <boolean>;
  771         use-alt-transfer-source <boolean>;
  772         use-queryport-pool <boolean>; // obsolete
  773         v6-bias <integer>;
  774         validate-except { <string>; ... };
  775         zero-no-soa-ttl <boolean>;
  776         zero-no-soa-ttl-cache <boolean>;
  777         zone <string> [ <class> ] {
  778                 allow-notify { <address_match_element>; ... };
  779                 allow-query { <address_match_element>; ... };
  780                 allow-query-on { <address_match_element>; ... };
  781                 allow-transfer { <address_match_element>; ... };
  782                 allow-update { <address_match_element>; ... };
  783                 allow-update-forwarding { <address_match_element>; ... };
  784                 also-notify [ port <integer> ] [ dscp <integer> ] { (
  785                     <primaries> | <ipv4_address> [ port <integer> ] |
  786                     <ipv6_address> [ port <integer> ] ) [ key <string> ];
  787                     ... };
  788                 alt-transfer-source ( <ipv4_address> | * ) [ port (
  789                     <integer> | * ) ] [ dscp <integer> ];
  790                 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
  791                     <integer> | * ) ] [ dscp <integer> ];
  792                 auto-dnssec ( allow | maintain | off );
  793                 check-dup-records ( fail | warn | ignore );
  794                 check-integrity <boolean>;
  795                 check-mx ( fail | warn | ignore );
  796                 check-mx-cname ( fail | warn | ignore );
  797                 check-names ( fail | warn | ignore );
  798                 check-sibling <boolean>;
  799                 check-spf ( warn | ignore );
  800                 check-srv-cname ( fail | warn | ignore );
  801                 check-wildcard <boolean>;
  802                 database <string>;
  803                 delegation-only <boolean>;
  804                 dialup ( notify | notify-passive | passive | refresh |
  805                     <boolean> );
  806                 dlz <string>;
  807                 dnskey-sig-validity <integer>;
  808                 dnssec-dnskey-kskonly <boolean>;
  809                 dnssec-loadkeys-interval <integer>;
  810                 dnssec-policy <string>;
  811                 dnssec-secure-to-insecure <boolean>;
  812                 dnssec-update-mode ( maintain | no-resign );
  813                 file <quoted_string>;
  814                 forward ( first | only );
  815                 forwarders [ port <integer> ] [ dscp <integer> ] { (
  816                     <ipv4_address> | <ipv6_address> ) [ port <integer> ] [
  817                     dscp <integer> ]; ... };
  818                 in-view <string>;
  819                 inline-signing <boolean>;
  820                 ixfr-base <quoted_string>; // ancient
  821                 ixfr-from-differences <boolean>;
  822                 ixfr-tmp-file <quoted_string>; // ancient
  823                 journal <quoted_string>;
  824                 key-directory <quoted_string>;
  825                 maintain-ixfr-base <boolean>; // ancient
  826                 masterfile-format ( map | raw | text );
  827                 masterfile-style ( full | relative );
  828                 masters [ port <integer> ] [ dscp <integer> ] { (
  829                     <primaries> | <ipv4_address> [ port <integer> ] |
  830                     <ipv6_address> [ port <integer> ] ) [ key <string> ];
  831                     ... };
  832                 max-ixfr-log-size ( default | unlimited |
  833                     <sizeval> ); // ancient
  834                 max-ixfr-ratio ( unlimited | <percentage> );
  835                 max-journal-size ( default | unlimited | <sizeval> );
  836                 max-records <integer>;
  837                 max-refresh-time <integer>;
  838                 max-retry-time <integer>;
  839                 max-transfer-idle-in <integer>;
  840                 max-transfer-idle-out <integer>;
  841                 max-transfer-time-in <integer>;
  842                 max-transfer-time-out <integer>;
  843                 max-zone-ttl ( unlimited | <duration> );
  844                 min-refresh-time <integer>;
  845                 min-retry-time <integer>;
  846                 multi-master <boolean>;
  847                 notify ( explicit | master-only | primary-only | <boolean> );
  848                 notify-delay <integer>;
  849                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
  850                     ) ] [ dscp <integer> ];
  851                 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
  852                     | * ) ] [ dscp <integer> ];
  853                 notify-to-soa <boolean>;
  854                 nsec3-test-zone <boolean>; // test only
  855                 primaries [ port <integer> ] [ dscp <integer> ] { (
  856                     <primaries> | <ipv4_address> [ port <integer> ] |
  857                     <ipv6_address> [ port <integer> ] ) [ key <string> ];
  858                     ... };
  859                 pubkey <integer> <integer> <integer>
  860                     <quoted_string>; // ancient
  861                 request-expire <boolean>;
  862                 request-ixfr <boolean>;
  863                 serial-update-method ( date | increment | unixtime );
  864                 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
  865                 server-names { <string>; ... };
  866                 sig-signing-nodes <integer>;
  867                 sig-signing-signatures <integer>;
  868                 sig-signing-type <integer>;
  869                 sig-validity-interval <integer> [ <integer> ];
  870                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
  871                     * ) ] [ dscp <integer> ];
  872                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
  873                     <integer> | * ) ] [ dscp <integer> ];
  874                 try-tcp-refresh <boolean>;
  875                 type ( primary | master | secondary | slave | mirror |
  876                     delegation-only | forward | hint | redirect |
  877                     static-stub | stub );
  878                 update-check-ksk <boolean>;
  879                 update-policy ( local | { ( deny | grant ) <string> (
  880                     6to4-self | external | krb5-self | krb5-selfsub |
  881                     krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
  882                     name | self | selfsub | selfwild | subdomain | tcp-self
  883                     | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
  884                 use-alt-transfer-source <boolean>;
  885                 zero-no-soa-ttl <boolean>;
  886                 zone-statistics ( full | terse | none | <boolean> );
  887         }; // may occur multiple times
  888         zone-statistics ( full | terse | none | <boolean> );
  889 }; // may occur multiple times
  890 
  891 zone <string> [ <class> ] {
  892         allow-notify { <address_match_element>; ... };
  893         allow-query { <address_match_element>; ... };
  894         allow-query-on { <address_match_element>; ... };
  895         allow-transfer { <address_match_element>; ... };
  896         allow-update { <address_match_element>; ... };
  897         allow-update-forwarding { <address_match_element>; ... };
  898         also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
  899             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  900             <integer> ] ) [ key <string> ]; ... };
  901         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
  902             ] [ dscp <integer> ];
  903         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  904             * ) ] [ dscp <integer> ];
  905         auto-dnssec ( allow | maintain | off );
  906         check-dup-records ( fail | warn | ignore );
  907         check-integrity <boolean>;
  908         check-mx ( fail | warn | ignore );
  909         check-mx-cname ( fail | warn | ignore );
  910         check-names ( fail | warn | ignore );
  911         check-sibling <boolean>;
  912         check-spf ( warn | ignore );
  913         check-srv-cname ( fail | warn | ignore );
  914         check-wildcard <boolean>;
  915         database <string>;
  916         delegation-only <boolean>;
  917         dialup ( notify | notify-passive | passive | refresh | <boolean> );
  918         dlz <string>;
  919         dnskey-sig-validity <integer>;
  920         dnssec-dnskey-kskonly <boolean>;
  921         dnssec-loadkeys-interval <integer>;
  922         dnssec-policy <string>;
  923         dnssec-secure-to-insecure <boolean>;
  924         dnssec-update-mode ( maintain | no-resign );
  925         file <quoted_string>;
  926         forward ( first | only );
  927         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
  928             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
  929         in-view <string>;
  930         inline-signing <boolean>;
  931         ixfr-base <quoted_string>; // ancient
  932         ixfr-from-differences <boolean>;
  933         ixfr-tmp-file <quoted_string>; // ancient
  934         journal <quoted_string>;
  935         key-directory <quoted_string>;
  936         maintain-ixfr-base <boolean>; // ancient
  937         masterfile-format ( map | raw | text );
  938         masterfile-style ( full | relative );
  939         masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
  940             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  941             <integer> ] ) [ key <string> ]; ... };
  942         max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
  943         max-ixfr-ratio ( unlimited | <percentage> );
  944         max-journal-size ( default | unlimited | <sizeval> );
  945         max-records <integer>;
  946         max-refresh-time <integer>;
  947         max-retry-time <integer>;
  948         max-transfer-idle-in <integer>;
  949         max-transfer-idle-out <integer>;
  950         max-transfer-time-in <integer>;
  951         max-transfer-time-out <integer>;
  952         max-zone-ttl ( unlimited | <duration> );
  953         min-refresh-time <integer>;
  954         min-retry-time <integer>;
  955         multi-master <boolean>;
  956         notify ( explicit | master-only | primary-only | <boolean> );
  957         notify-delay <integer>;
  958         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  959             dscp <integer> ];
  960         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
  961             [ dscp <integer> ];
  962         notify-to-soa <boolean>;
  963         nsec3-test-zone <boolean>; // test only
  964         primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
  965             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
  966             <integer> ] ) [ key <string> ]; ... };
  967         pubkey <integer> <integer> <integer> <quoted_string>; // ancient
  968         request-expire <boolean>;
  969         request-ixfr <boolean>;
  970         serial-update-method ( date | increment | unixtime );
  971         server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
  972         server-names { <string>; ... };
  973         sig-signing-nodes <integer>;
  974         sig-signing-signatures <integer>;
  975         sig-signing-type <integer>;
  976         sig-validity-interval <integer> [ <integer> ];
  977         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
  978             dscp <integer> ];
  979         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
  980             ] [ dscp <integer> ];
  981         try-tcp-refresh <boolean>;
  982         type ( primary | master | secondary | slave | mirror |
  983             delegation-only | forward | hint | redirect | static-stub |
  984             stub );
  985         update-check-ksk <boolean>;
  986         update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
  987             external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
  988             | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
  989             | subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
  990             <rrtypelist>; ... };
  991         use-alt-transfer-source <boolean>;
  992         zero-no-soa-ttl <boolean>;
  993         zone-statistics ( full | terse | none | <boolean> );
  994 }; // may occur multiple times
  995