summaryrefslogtreecommitdiffstats
path: root/bin/named/named.conf.docbook
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/named/named.conf.docbook1006
1 files changed, 1006 insertions, 0 deletions
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
new file mode 100644
index 0000000..113b990
--- /dev/null
+++ b/bin/named/named.conf.docbook
@@ -0,0 +1,1006 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<!-- Generated by doc/misc/docbook-options.pl -->
+
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
+ <info>
+ <date>2018-06-21</date>
+ </info>
+ <refentryinfo>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle><filename>named.conf</filename></refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo>BIND9</refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname><filename>named.conf</filename></refname>
+ <refpurpose>configuration file for <command>named</command></refpurpose>
+ </refnamediv>
+
+ <docinfo>
+ <copyright>
+ <year>2004</year>
+ <year>2005</year>
+ <year>2006</year>
+ <year>2007</year>
+ <year>2008</year>
+ <year>2009</year>
+ <year>2010</year>
+ <year>2011</year>
+ <year>2012</year>
+ <year>2013</year>
+ <year>2014</year>
+ <year>2015</year>
+ <year>2016</year>
+ <year>2017</year>
+ <year>2018</year>
+ <year>2019</year>
+ <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+ </copyright>
+ </docinfo>
+
+ <refsynopsisdiv>
+ <cmdsynopsis sepchar=" ">
+ <command>named.conf</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsection><info><title>DESCRIPTION</title></info>
+
+ <para><filename>named.conf</filename> is the configuration file
+ for
+ <command>named</command>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </para>
+ <para>
+ C style: /* */
+ </para>
+ <para>
+ C++ style: // to end of line
+ </para>
+ <para>
+ Unix style: # to end of line
+ </para>
+ </refsection>
+
+ <refsection><info><title>ACL</title></info>
+
+ <literallayout class="normal">
+acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>CONTROLS</title></info>
+
+ <literallayout class="normal">
+controls {
+ inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
+ * ) [ port ( <replaceable>integer</replaceable> | * ) ] allow
+ { <replaceable>address_match_element</replaceable>; ... } [
+ keys { <replaceable>string</replaceable>; ... } ] [ read-only
+ <replaceable>boolean</replaceable> ];
+ unix <replaceable>quoted_string</replaceable> perm <replaceable>integer</replaceable>
+ owner <replaceable>integer</replaceable> group <replaceable>integer</replaceable> [
+ keys { <replaceable>string</replaceable>; ... } ] [ read-only
+ <replaceable>boolean</replaceable> ];
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>DLZ</title></info>
+
+ <literallayout class="normal">
+dlz <replaceable>string</replaceable> {
+ database <replaceable>string</replaceable>;
+ search <replaceable>boolean</replaceable>;
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>DYNDB</title></info>
+
+ <literallayout class="normal">
+dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
+ <replaceable>unspecified-text</replaceable> };
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>KEY</title></info>
+
+ <literallayout class="normal">
+key <replaceable>string</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>LOGGING</title></info>
+
+ <literallayout class="normal">
+logging {
+ category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+ channel <replaceable>string</replaceable> {
+ buffered <replaceable>boolean</replaceable>;
+ file <replaceable>quoted_string</replaceable> [ versions ( "unlimited" | <replaceable>integer</replaceable> )
+ ] [ size <replaceable>size</replaceable> ];
+ null;
+ print-category <replaceable>boolean</replaceable>;
+ print-severity <replaceable>boolean</replaceable>;
+ print-time <replaceable>boolean</replaceable>;
+ severity <replaceable>log_severity</replaceable>;
+ stderr;
+ syslog [ <replaceable>syslog_facility</replaceable> ];
+ };
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>LWRES</title></info>
+
+ <literallayout class="normal">
+lwres {
+ listen-on [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
+ lwres-clients <replaceable>integer</replaceable>;
+ lwres-tasks <replaceable>integer</replaceable>;
+ ndots <replaceable>integer</replaceable>;
+ search { <replaceable>string</replaceable>; ... };
+ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ];
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>MANAGED-KEYS</title></info>
+
+ <literallayout class="normal">
+managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable> <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>MASTERS</title></info>
+
+ <literallayout class="normal">
+masters <replaceable>string</replaceable> [ port <replaceable>integer</replaceable> ] [ dscp
+ <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
+ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
+
+ <literallayout class="normal">
+options {
+ acache-cleaning-interval <replaceable>integer</replaceable>;
+ acache-enable <replaceable>boolean</replaceable>;
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ allow-new-zones <replaceable>boolean</replaceable>;
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
+ * ) ] [ dscp <replaceable>integer</replaceable> ];
+ answer-cookie <replaceable>boolean</replaceable>;
+ attach-cache <replaceable>string</replaceable>;
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ auto-dnssec ( allow | maintain | off );
+ automatic-interface-scan <replaceable>boolean</replaceable>;
+ avoid-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
+ avoid-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
+ bindkeys-file <replaceable>quoted_string</replaceable>;
+ blackhole { <replaceable>address_match_element</replaceable>; ... };
+ cache-file <replaceable>quoted_string</replaceable>;
+ catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
+ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
+ <replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
+ in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ]; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response
+ ) ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ clients-per-query <replaceable>integer</replaceable>;
+ cookie-algorithm ( aes | sha1 | sha256 );
+ cookie-secret <replaceable>string</replaceable>;
+ coresize ( default | unlimited | <replaceable>sizeval</replaceable> );
+ datasize ( default | unlimited | <replaceable>sizeval</replaceable> );
+ deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } [
+ except-from { <replaceable>quoted_string</replaceable>; ... } ];
+ deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } [ except-from {
+ <replaceable>quoted_string</replaceable>; ... } ];
+ dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
+ directory <replaceable>quoted_string</replaceable>;
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-empty-zone <replaceable>string</replaceable>;
+ dns64 <replaceable>netprefix</replaceable> {
+ break-dnssec <replaceable>boolean</replaceable>;
+ clients { <replaceable>address_match_element</replaceable>; ... };
+ exclude { <replaceable>address_match_element</replaceable>; ... };
+ mapped { <replaceable>address_match_element</replaceable>; ... };
+ recursive-only <replaceable>boolean</replaceable>;
+ suffix <replaceable>ipv6_address</replaceable>;
+ };
+ dns64-contact <replaceable>string</replaceable>;
+ dns64-server <replaceable>string</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
+ <replaceable>string</replaceable> | auto | no );
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder |
+ resolver ) [ ( query | response ) ]; ... };
+ dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
+ hostname );
+ dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable>;
+ dnstap-version ( <replaceable>quoted_string</replaceable> | none );
+ dscp <replaceable>integer</replaceable>;
+ dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] ); ... };
+ dump-file <replaceable>quoted_string</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-server <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
+ fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
+ fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
+ files ( default | unlimited | <replaceable>sizeval</replaceable> );
+ filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
+ filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
+ filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
+ flush-zones-on-shutdown <replaceable>boolean</replaceable>;
+ forward ( first | only );
+ forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
+ fstrm-set-buffer-hint <replaceable>integer</replaceable>;
+ fstrm-set-flush-timeout <replaceable>integer</replaceable>;
+ fstrm-set-input-queue-size <replaceable>integer</replaceable>;
+ fstrm-set-output-notify-threshold <replaceable>integer</replaceable>;
+ fstrm-set-output-queue-model ( mpsc | spsc );
+ fstrm-set-output-queue-size <replaceable>integer</replaceable>;
+ fstrm-set-reopen-interval <replaceable>integer</replaceable>;
+ geoip-directory ( <replaceable>quoted_string</replaceable> | none );
+ geoip-use-ecs <replaceable>boolean</replaceable>;
+ heartbeat-interval <replaceable>integer</replaceable>;
+ hostname ( <replaceable>quoted_string</replaceable> | none );
+ inline-signing <replaceable>boolean</replaceable>;
+ interface-interval <replaceable>integer</replaceable>;
+ ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
+ keep-response-order { <replaceable>address_match_element</replaceable>; ... };
+ key-directory <replaceable>quoted_string</replaceable>;
+ lame-ttl <replaceable>ttlval</replaceable>;
+ listen-on [ port <replaceable>integer</replaceable> ] [ dscp
+ <replaceable>integer</replaceable> ] {
+ <replaceable>address_match_element</replaceable>; ... };
+ listen-on-v6 [ port <replaceable>integer</replaceable> ] [ dscp
+ <replaceable>integer</replaceable> ] {
+ <replaceable>address_match_element</replaceable>; ... };
+ lmdb-mapsize <replaceable>sizeval</replaceable>;
+ lock-file ( <replaceable>quoted_string</replaceable> | none );
+ managed-keys-directory <replaceable>quoted_string</replaceable>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-mapped-addresses <replaceable>boolean</replaceable>;
+ max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
+ max-cache-ttl <replaceable>integer</replaceable>;
+ max-clients-per-query <replaceable>integer</replaceable>;
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-records <replaceable>integer</replaceable>;
+ max-recursion-depth <replaceable>integer</replaceable>;
+ max-recursion-queries <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ max-rsa-exponent-size <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ memstatistics <replaceable>boolean</replaceable>;
+ memstatistics-file <replaceable>quoted_string</replaceable>;
+ message-compression <replaceable>boolean</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ minimal-any <replaceable>boolean</replaceable>;
+ minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
+ multi-master <replaceable>boolean</replaceable>;
+ no-case-compress { <replaceable>address_match_element</replaceable>; ... };
+ nocookie-udp-size <replaceable>integer</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-rate <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
+ [ dscp <replaceable>integer</replaceable> ];
+ notify-to-soa <replaceable>boolean</replaceable>;
+ nta-lifetime <replaceable>ttlval</replaceable>;
+ nta-recheck <replaceable>ttlval</replaceable>;
+ nxdomain-redirect <replaceable>string</replaceable>;
+ pid-file ( <replaceable>quoted_string</replaceable> | none );
+ port <replaceable>integer</replaceable>;
+ preferred-glue <replaceable>string</replaceable>;
+ prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
+ port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
+ query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv6_address</replaceable> | * ) ]
+ port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
+ querylog <replaceable>boolean</replaceable>;
+ random-device <replaceable>quoted_string</replaceable>;
+ rate-limit {
+ all-per-second <replaceable>integer</replaceable>;
+ errors-per-second <replaceable>integer</replaceable>;
+ exempt-clients { <replaceable>address_match_element</replaceable>; ... };
+ ipv4-prefix-length <replaceable>integer</replaceable>;
+ ipv6-prefix-length <replaceable>integer</replaceable>;
+ log-only <replaceable>boolean</replaceable>;
+ max-table-size <replaceable>integer</replaceable>;
+ min-table-size <replaceable>integer</replaceable>;
+ nodata-per-second <replaceable>integer</replaceable>;
+ nxdomains-per-second <replaceable>integer</replaceable>;
+ qps-scale <replaceable>integer</replaceable>;
+ referrals-per-second <replaceable>integer</replaceable>;
+ responses-per-second <replaceable>integer</replaceable>;
+ slip <replaceable>integer</replaceable>;
+ window <replaceable>integer</replaceable>;
+ };
+ recursing-file <replaceable>quoted_string</replaceable>;
+ recursion <replaceable>boolean</replaceable>;
+ recursive-clients <replaceable>integer</replaceable>;
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ require-server-cookie <replaceable>boolean</replaceable>;
+ reserved-sockets <replaceable>integer</replaceable>;
+ resolver-query-timeout <replaceable>integer</replaceable>;
+ response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
+ max-policy-ttl <replaceable>integer</replaceable> ] [ policy ( cname | disabled | drop |
+ given | no-op | nodata | nxdomain | passthru | tcp-only
+ <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ]; ... } [
+ break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>integer</replaceable> ] [
+ min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
+ qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
+ root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ root-key-sentinel <replaceable>boolean</replaceable>;
+ rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
+ <replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
+ secroots-file <replaceable>quoted_string</replaceable>;
+ send-cookie <replaceable>boolean</replaceable>;
+ serial-query-rate <replaceable>integer</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server-id ( <replaceable>quoted_string</replaceable> | none | hostname );
+ servfail-ttl <replaceable>ttlval</replaceable>;
+ session-keyalg <replaceable>string</replaceable>;
+ session-keyfile ( <replaceable>quoted_string</replaceable> | none );
+ session-keyname <replaceable>string</replaceable>;
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ stacksize ( default | unlimited | <replaceable>sizeval</replaceable> );
+ startup-notify-rate <replaceable>integer</replaceable>;
+ statistics-file <replaceable>quoted_string</replaceable>;
+ tcp-clients <replaceable>integer</replaceable>;
+ tcp-listen-queue <replaceable>integer</replaceable>;
+ tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
+ tkey-domain <replaceable>quoted_string</replaceable>;
+ tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
+ tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-message-size <replaceable>integer</replaceable>;
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ transfers-in <replaceable>integer</replaceable>;
+ transfers-out <replaceable>integer</replaceable>;
+ transfers-per-ns <replaceable>integer</replaceable>;
+ trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ update-check-ksk <replaceable>boolean</replaceable>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ use-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
+ use-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
+ v6-bias <replaceable>integer</replaceable>;
+ version ( <replaceable>quoted_string</replaceable> | none );
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>SERVER</title></info>
+
+ <literallayout class="normal">
+server <replaceable>netprefix</replaceable> {
+ bogus <replaceable>boolean</replaceable>;
+ edns <replaceable>boolean</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ edns-version <replaceable>integer</replaceable>;
+ keys <replaceable>server_key</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
+ [ dscp <replaceable>integer</replaceable> ];
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
+ port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
+ query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv6_address</replaceable> | * ) ]
+ port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ send-cookie <replaceable>boolean</replaceable>;
+ tcp-only <replaceable>boolean</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ transfers <replaceable>integer</replaceable>;
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>STATISTICS-CHANNELS</title></info>
+
+ <literallayout class="normal">
+statistics-channels {
+ inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
+ * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ allow { <replaceable>address_match_element</replaceable>; ...
+ } ];
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>TRUSTED-KEYS</title></info>
+
+ <literallayout class="normal">
+trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>VIEW</title></info>
+
+ <literallayout class="normal">
+view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
+ acache-cleaning-interval <replaceable>integer</replaceable>;
+ acache-enable <replaceable>boolean</replaceable>;
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ allow-new-zones <replaceable>boolean</replaceable>;
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
+ * ) ] [ dscp <replaceable>integer</replaceable> ];
+ attach-cache <replaceable>string</replaceable>;
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ auto-dnssec ( allow | maintain | off );
+ cache-file <replaceable>quoted_string</replaceable>;
+ catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
+ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
+ <replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
+ in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ]; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response
+ ) ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ clients-per-query <replaceable>integer</replaceable>;
+ deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } [
+ except-from { <replaceable>quoted_string</replaceable>; ... } ];
+ deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } [ except-from {
+ <replaceable>quoted_string</replaceable>; ... } ];
+ dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-empty-zone <replaceable>string</replaceable>;
+ dlz <replaceable>string</replaceable> {
+ database <replaceable>string</replaceable>;
+ search <replaceable>boolean</replaceable>;
+ };
+ dns64 <replaceable>netprefix</replaceable> {
+ break-dnssec <replaceable>boolean</replaceable>;
+ clients { <replaceable>address_match_element</replaceable>; ... };
+ exclude { <replaceable>address_match_element</replaceable>; ... };
+ mapped { <replaceable>address_match_element</replaceable>; ... };
+ recursive-only <replaceable>boolean</replaceable>;
+ suffix <replaceable>ipv6_address</replaceable>;
+ };
+ dns64-contact <replaceable>string</replaceable>;
+ dns64-server <replaceable>string</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
+ <replaceable>string</replaceable> | auto | no );
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder |
+ resolver ) [ ( query | response ) ]; ... };
+ dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] ); ... };
+ dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
+ <replaceable>unspecified-text</replaceable> };
+ edns-udp-size <replaceable>integer</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-server <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
+ fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
+ fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
+ filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
+ filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
+ filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
+ forward ( first | only );
+ forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
+ inline-signing <replaceable>boolean</replaceable>;
+ ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
+ key <replaceable>string</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
+ };
+ key-directory <replaceable>quoted_string</replaceable>;
+ lame-ttl <replaceable>ttlval</replaceable>;
+ lmdb-mapsize <replaceable>sizeval</replaceable>;
+ managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable>
+ <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
+ <replaceable>quoted_string</replaceable>; ... };
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-clients { <replaceable>address_match_element</replaceable>; ... };
+ match-destinations { <replaceable>address_match_element</replaceable>; ... };
+ match-recursive-only <replaceable>boolean</replaceable>;
+ max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
+ max-cache-ttl <replaceable>integer</replaceable>;
+ max-clients-per-query <replaceable>integer</replaceable>;
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-records <replaceable>integer</replaceable>;
+ max-recursion-depth <replaceable>integer</replaceable>;
+ max-recursion-queries <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ message-compression <replaceable>boolean</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ minimal-any <replaceable>boolean</replaceable>;
+ minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
+ multi-master <replaceable>boolean</replaceable>;
+ no-case-compress { <replaceable>address_match_element</replaceable>; ... };
+ nocookie-udp-size <replaceable>integer</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
+ [ dscp <replaceable>integer</replaceable> ];
+ notify-to-soa <replaceable>boolean</replaceable>;
+ nta-lifetime <replaceable>ttlval</replaceable>;
+ nta-recheck <replaceable>ttlval</replaceable>;
+ nxdomain-redirect <replaceable>string</replaceable>;
+ preferred-glue <replaceable>string</replaceable>;
+ prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
+ port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
+ query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv6_address</replaceable> | * ) ]
+ port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
+ rate-limit {
+ all-per-second <replaceable>integer</replaceable>;
+ errors-per-second <replaceable>integer</replaceable>;
+ exempt-clients { <replaceable>address_match_element</replaceable>; ... };
+ ipv4-prefix-length <replaceable>integer</replaceable>;
+ ipv6-prefix-length <replaceable>integer</replaceable>;
+ log-only <replaceable>boolean</replaceable>;
+ max-table-size <replaceable>integer</replaceable>;
+ min-table-size <replaceable>integer</replaceable>;
+ nodata-per-second <replaceable>integer</replaceable>;
+ nxdomains-per-second <replaceable>integer</replaceable>;
+ qps-scale <replaceable>integer</replaceable>;
+ referrals-per-second <replaceable>integer</replaceable>;
+ responses-per-second <replaceable>integer</replaceable>;
+ slip <replaceable>integer</replaceable>;
+ window <replaceable>integer</replaceable>;
+ };
+ recursion <replaceable>boolean</replaceable>;
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ require-server-cookie <replaceable>boolean</replaceable>;
+ resolver-query-timeout <replaceable>integer</replaceable>;
+ response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
+ max-policy-ttl <replaceable>integer</replaceable> ] [ policy ( cname | disabled | drop |
+ given | no-op | nodata | nxdomain | passthru | tcp-only
+ <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ]; ... } [
+ break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>integer</replaceable> ] [
+ min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
+ qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
+ root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+ root-key-sentinel <replaceable>boolean</replaceable>;
+ rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
+ <replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
+ send-cookie <replaceable>boolean</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server <replaceable>netprefix</replaceable> {
+ bogus <replaceable>boolean</replaceable>;
+ edns <replaceable>boolean</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ edns-version <replaceable>integer</replaceable>;
+ keys <replaceable>server_key</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | *
+ ) ] [ dscp <replaceable>integer</replaceable> ];
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable>
+ | * ) ] [ dscp <replaceable>integer</replaceable> ];
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port
+ ( <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] (
+ <replaceable>ipv4_address</replaceable> | * ) ] port ( <replaceable>integer</replaceable> | * ) ) ) [
+ dscp <replaceable>integer</replaceable> ];
+ query-source-v6 ( ( [ address ] ( <replaceable>ipv6_address</replaceable> | * ) [
+ port ( <replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] (
+ <replaceable>ipv6_address</replaceable> | * ) ] port ( <replaceable>integer</replaceable> | * ) ) ) [
+ dscp <replaceable>integer</replaceable> ];
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ send-cookie <replaceable>boolean</replaceable>;
+ tcp-only <replaceable>boolean</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
+ * ) ] [ dscp <replaceable>integer</replaceable> ];
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
+ transfers <replaceable>integer</replaceable>;
+ };
+ servfail-ttl <replaceable>ttlval</replaceable>;
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
+ trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
+ ... };
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ update-check-ksk <replaceable>boolean</replaceable>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ v6-bias <replaceable>integer</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { (
+ <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] |
+ <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ];
+ ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
+ auto-dnssec ( allow | maintain | off );
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ database <replaceable>string</replaceable>;
+ delegation-only <replaceable>boolean</replaceable>;
+ dialup ( notify | notify-passive | passive | refresh |
+ <replaceable>boolean</replaceable> );
+ dlz <replaceable>string</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ file <replaceable>quoted_string</replaceable>;
+ forward ( first | only );
+ forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { (
+ <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [
+ dscp <replaceable>integer</replaceable> ]; ... };
+ in-view <replaceable>string</replaceable>;
+ inline-signing <replaceable>boolean</replaceable>;
+ ixfr-from-differences <replaceable>boolean</replaceable>;
+ journal <replaceable>quoted_string</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable>
+ | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [
+ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
+ max-ixfr-log-size ( default | unlimited |
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-records <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | *
+ ) ] [ dscp <replaceable>integer</replaceable> ];
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable>
+ | * ) ] [ dscp <replaceable>integer</replaceable> ];
+ notify-to-soa <replaceable>boolean</replaceable>;
+ pubkey <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable>
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [
+ port <replaceable>integer</replaceable> ]; ... };
+ server-names { <replaceable>quoted_string</replaceable>; ... };
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
+ * ) ] [ dscp <replaceable>integer</replaceable> ];
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
+ <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ type ( delegation-only | forward | hint | master | redirect
+ | slave | static-stub | stub );
+ update-check-ksk <replaceable>boolean</replaceable>;
+ update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
+ 6to4-self | external | krb5-self | krb5-selfsub |
+ krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp-self
+ | wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
+ };
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>ZONE</title></info>
+
+ <literallayout class="normal">
+zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
+ * ) ] [ dscp <replaceable>integer</replaceable> ];
+ auto-dnssec ( allow | maintain | off );
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ database <replaceable>string</replaceable>;
+ delegation-only <replaceable>boolean</replaceable>;
+ dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
+ dlz <replaceable>string</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ file <replaceable>quoted_string</replaceable>;
+ forward ( first | only );
+ forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
+ in-view <replaceable>string</replaceable>;
+ inline-signing <replaceable>boolean</replaceable>;
+ ixfr-from-differences <replaceable>boolean</replaceable>;
+ journal <replaceable>quoted_string</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-records <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
+ [ dscp <replaceable>integer</replaceable> ];
+ notify-to-soa <replaceable>boolean</replaceable>;
+ pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable>
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [ port
+ <replaceable>integer</replaceable> ]; ... };
+ server-names { <replaceable>quoted_string</replaceable>; ... };
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [
+ dscp <replaceable>integer</replaceable> ];
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
+ ] [ dscp <replaceable>integer</replaceable> ];
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ type ( delegation-only | forward | hint | master | redirect | slave
+ | static-stub | stub );
+ update-check-ksk <replaceable>boolean</replaceable>;
+ update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
+ external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+ | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ]
+ <replaceable>rrtypelist</replaceable>; ... };
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
+};
+</literallayout>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
+
+ <para><filename>/etc/named.conf</filename>
+ </para>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
+
+ <para><citerefentry>
+ <refentrytitle>ddns-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+ </para>
+ </refsection>
+
+</refentry>