summaryrefslogtreecommitdiffstats
path: root/doc/misc/options
diff options
context:
space:
mode:
Diffstat (limited to 'doc/misc/options')
-rw-r--r--doc/misc/options883
1 files changed, 883 insertions, 0 deletions
diff --git a/doc/misc/options b/doc/misc/options
new file mode 100644
index 0000000..ad6bbb2
--- /dev/null
+++ b/doc/misc/options
@@ -0,0 +1,883 @@
+
+This is a summary of the named.conf options supported by
+this version of BIND 9.
+
+acl <string> { <address_match_element>; ... }; // may occur multiple times
+
+controls {
+ inet ( <ipv4_address> | <ipv6_address> |
+ * ) [ port ( <integer> | * ) ] allow
+ { <address_match_element>; ... } [
+ keys { <string>; ... } ] [ read-only
+ <boolean> ]; // may occur multiple times
+ unix <quoted_string> perm <integer>
+ owner <integer> group <integer> [
+ keys { <string>; ... } ] [ read-only
+ <boolean> ]; // may occur multiple times
+}; // may occur multiple times
+
+dlz <string> {
+ database <string>;
+ search <boolean>;
+}; // may occur multiple times
+
+dyndb <string> <quoted_string> {
+ <unspecified-text> }; // may occur multiple times
+
+key <string> {
+ algorithm <string>;
+ secret <string>;
+}; // may occur multiple times
+
+logging {
+ category <string> { <string>; ... }; // may occur multiple times
+ channel <string> {
+ buffered <boolean>;
+ file <quoted_string> [ versions ( "unlimited" | <integer> )
+ ] [ size <size> ];
+ null;
+ print-category <boolean>;
+ print-severity <boolean>;
+ print-time <boolean>;
+ severity <log_severity>;
+ stderr;
+ syslog [ <syslog_facility> ];
+ }; // may occur multiple times
+};
+
+lwres {
+ listen-on [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
+ | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ lwres-clients <integer>;
+ lwres-tasks <integer>;
+ ndots <integer>;
+ search { <string>; ... };
+ view <string> [ <class> ];
+}; // may occur multiple times
+
+managed-keys { <string> <string> <integer>
+ <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+
+masters <string> [ port <integer> ] [ dscp
+ <integer> ] { ( <masters> | <ipv4_address> [
+ port <integer> ] | <ipv6_address> [ port
+ <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
+
+options {
+ acache-cleaning-interval <integer>;
+ acache-enable <boolean>;
+ additional-from-auth <boolean>;
+ additional-from-cache <boolean>;
+ allow-new-zones <boolean>;
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-cache { <address_match_element>; ... };
+ allow-query-cache-on { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-recursion { <address_match_element>; ... };
+ allow-recursion-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ allow-v6-synthesis { <address_match_element>; ... }; // obsolete
+ also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
+ <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
+ <integer> ] ) [ key <string> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
+ * ) ] [ dscp <integer> ];
+ answer-cookie <boolean>;
+ attach-cache <string>;
+ auth-nxdomain <boolean>; // default changed
+ auto-dnssec ( allow | maintain | off );
+ automatic-interface-scan <boolean>;
+ avoid-v4-udp-ports { <portrange>; ... };
+ avoid-v6-udp-ports { <portrange>; ... };
+ bindkeys-file <quoted_string>;
+ blackhole { <address_match_element>; ... };
+ cache-file <quoted_string>;
+ catalog-zones { zone <quoted_string> [ default-masters [ port
+ <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
+ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
+ <string> ]; ... } ] [ zone-directory <quoted_string> ] [
+ in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response
+ ) ( fail | warn | ignore ); // may occur multiple times
+ check-sibling <boolean>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ cleaning-interval <integer>;
+ clients-per-query <integer>;
+ cookie-algorithm ( aes | sha1 | sha256 );
+ cookie-secret <string>; // may occur multiple times
+ coresize ( default | unlimited | <sizeval> );
+ datasize ( default | unlimited | <sizeval> );
+ deallocate-on-exit <boolean>; // obsolete
+ deny-answer-addresses { <address_match_element>; ... } [
+ except-from { <quoted_string>; ... } ];
+ deny-answer-aliases { <quoted_string>; ... } [ except-from {
+ <quoted_string>; ... } ];
+ dialup ( notify | notify-passive | passive | refresh | <boolean> );
+ directory <quoted_string>;
+ disable-algorithms <string> { <string>;
+ ... }; // may occur multiple times
+ disable-ds-digests <string> { <string>;
+ ... }; // may occur multiple times
+ disable-empty-zone <string>; // may occur multiple times
+ dns64 <netprefix> {
+ break-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive-only <boolean>;
+ suffix <ipv6_address>;
+ }; // may occur multiple times
+ dns64-contact <string>;
+ dns64-server <string>;
+ dnssec-accept-expired <boolean>;
+ dnssec-dnskey-kskonly <boolean>;
+ dnssec-enable <boolean>;
+ dnssec-loadkeys-interval <integer>;
+ dnssec-lookaside ( <string> trust-anchor
+ <string> | auto | no ); // may occur multiple times
+ dnssec-must-be-secure <string> <boolean>; // may occur multiple times
+ dnssec-secure-to-insecure <boolean>;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder |
+ resolver ) [ ( query | response ) ]; ... }; // not configured
+ dnstap-identity ( <quoted_string> | none |
+ hostname ); // not configured
+ dnstap-output ( file | unix ) <quoted_string>; // not configured
+ dnstap-version ( <quoted_string> | none ); // not configured
+ dscp <integer>;
+ dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
+ <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
+ <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
+ <integer> ] [ dscp <integer> ] ); ... };
+ dump-file <quoted_string>;
+ edns-udp-size <integer>;
+ empty-contact <string>;
+ empty-server <string>;
+ empty-zones-enable <boolean>;
+ fake-iquery <boolean>; // obsolete
+ fetch-glue <boolean>; // obsolete
+ fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+ fetches-per-server <integer> [ ( drop | fail ) ];
+ fetches-per-zone <integer> [ ( drop | fail ) ];
+ files ( default | unlimited | <sizeval> );
+ filter-aaaa { <address_match_element>; ... }; // not configured
+ filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
+ filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
+ flush-zones-on-shutdown <boolean>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
+ | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ fstrm-set-buffer-hint <integer>; // not configured
+ fstrm-set-flush-timeout <integer>; // not configured
+ fstrm-set-input-queue-size <integer>; // not configured
+ fstrm-set-output-notify-threshold <integer>; // not configured
+ fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
+ fstrm-set-output-queue-size <integer>; // not configured
+ fstrm-set-reopen-interval <integer>; // not configured
+ geoip-directory ( <quoted_string> | none ); // not configured
+ geoip-use-ecs <boolean>; // not configured
+ has-old-clients <boolean>; // obsolete
+ heartbeat-interval <integer>;
+ host-statistics <boolean>; // not implemented
+ host-statistics-max <integer>; // not implemented
+ hostname ( <quoted_string> | none );
+ inline-signing <boolean>;
+ interface-interval <integer>;
+ ixfr-from-differences ( master | slave | <boolean> );
+ keep-response-order { <address_match_element>; ... };
+ key-directory <quoted_string>;
+ lame-ttl <ttlval>;
+ listen-on [ port <integer> ] [ dscp
+ <integer> ] {
+ <address_match_element>; ... }; // may occur multiple times
+ listen-on-v6 [ port <integer> ] [ dscp
+ <integer> ] {
+ <address_match_element>; ... }; // may occur multiple times
+ lmdb-mapsize <sizeval>; // non-operational
+ lock-file ( <quoted_string> | none );
+ maintain-ixfr-base <boolean>; // obsolete
+ managed-keys-directory <quoted_string>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-mapped-addresses <boolean>;
+ max-acache-size ( unlimited | <sizeval> );
+ max-cache-size ( default | unlimited | <sizeval> | <percentage> );
+ max-cache-ttl <integer>;
+ max-clients-per-query <integer>;
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-journal-size ( unlimited | <sizeval> );
+ max-ncache-ttl <integer>;
+ max-records <integer>;
+ max-recursion-depth <integer>;
+ max-recursion-queries <integer>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-rsa-exponent-size <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ max-udp-size <integer>;
+ max-zone-ttl ( unlimited | <ttlval> );
+ memstatistics <boolean>;
+ memstatistics-file <quoted_string>;
+ message-compression <boolean>;
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ min-roots <integer>; // not implemented
+ minimal-any <boolean>;
+ minimal-responses ( no-auth | no-auth-recursive | <boolean> );
+ multi-master <boolean>;
+ multiple-cnames <boolean>; // obsolete
+ named-xfer <quoted_string>; // obsolete
+ no-case-compress { <address_match_element>; ... };
+ nocookie-udp-size <integer>;
+ nosit-udp-size <integer>; // obsolete
+ notify ( explicit | master-only | <boolean> );
+ notify-delay <integer>;
+ notify-rate <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
+ [ dscp <integer> ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ nta-lifetime <ttlval>;
+ nta-recheck <ttlval>;
+ nxdomain-redirect <string>;
+ pid-file ( <quoted_string> | none );
+ port <integer>;
+ preferred-glue <string>;
+ prefetch <integer> [ <integer> ];
+ provide-ixfr <boolean>;
+ query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
+ <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
+ port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
+ port ( <integer> | * ) ) ) [ dscp <integer> ];
+ querylog <boolean>;
+ queryport-pool-ports <integer>; // obsolete
+ queryport-pool-updateinterval <integer>; // obsolete
+ random-device <quoted_string>;
+ rate-limit {
+ all-per-second <integer>;
+ errors-per-second <integer>;
+ exempt-clients { <address_match_element>; ... };
+ ipv4-prefix-length <integer>;
+ ipv6-prefix-length <integer>;
+ log-only <boolean>;
+ max-table-size <integer>;
+ min-table-size <integer>;
+ nodata-per-second <integer>;
+ nxdomains-per-second <integer>;
+ qps-scale <integer>;
+ referrals-per-second <integer>;
+ responses-per-second <integer>;
+ slip <integer>;
+ window <integer>;
+ };
+ recursing-file <quoted_string>;
+ recursion <boolean>;
+ recursive-clients <integer>;
+ request-expire <boolean>;
+ request-ixfr <boolean>;
+ request-nsid <boolean>;
+ request-sit <boolean>; // obsolete
+ require-server-cookie <boolean>;
+ reserved-sockets <integer>;
+ resolver-query-timeout <integer>;
+ response-policy { zone <quoted_string> [ log <boolean> ] [
+ max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
+ given | no-op | nodata | nxdomain | passthru | tcp-only
+ <quoted_string> ) ] [ recursive-only <boolean> ]; ... } [
+ break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [
+ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
+ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
+ rfc2308-type1 <boolean>; // not yet implemented
+ root-delegation-only [ exclude { <quoted_string>; ... } ];
+ root-key-sentinel <boolean>;
+ rrset-order { [ class <string> ] [ type <string> ] [ name
+ <quoted_string> ] <string> <string>; ... };
+ secroots-file <quoted_string>;
+ send-cookie <boolean>;
+ serial-queries <integer>; // obsolete
+ serial-query-rate <integer>;
+ serial-update-method ( date | increment | unixtime );
+ server-id ( <quoted_string> | none | hostname );
+ servfail-ttl <ttlval>;
+ session-keyalg <string>;
+ session-keyfile ( <quoted_string> | none );
+ session-keyname <string>;
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ sit-secret <string>; // obsolete
+ sortlist { <address_match_element>; ... };
+ stacksize ( default | unlimited | <sizeval> );
+ startup-notify-rate <integer>;
+ statistics-file <quoted_string>;
+ statistics-interval <integer>; // not yet implemented
+ suppress-initial-notify <boolean>; // not yet implemented
+ tcp-clients <integer>;
+ tcp-listen-queue <integer>;
+ tkey-dhkey <quoted_string> <integer>;
+ tkey-domain <quoted_string>;
+ tkey-gssapi-credential <quoted_string>;
+ tkey-gssapi-keytab <quoted_string>;
+ topology { <address_match_element>; ... }; // not implemented
+ transfer-format ( many-answers | one-answer );
+ transfer-message-size <integer>;
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ transfers-in <integer>;
+ transfers-out <integer>;
+ transfers-per-ns <integer>;
+ treat-cr-as-space <boolean>; // obsolete
+ trust-anchor-telemetry <boolean>; // experimental
+ try-tcp-refresh <boolean>;
+ update-check-ksk <boolean>;
+ use-alt-transfer-source <boolean>;
+ use-id-pool <boolean>; // obsolete
+ use-ixfr <boolean>; // obsolete
+ use-queryport-pool <boolean>; // obsolete
+ use-v4-udp-ports { <portrange>; ... };
+ use-v6-udp-ports { <portrange>; ... };
+ v6-bias <integer>;
+ version ( <quoted_string> | none );
+ zero-no-soa-ttl <boolean>;
+ zero-no-soa-ttl-cache <boolean>;
+ zone-statistics ( full | terse | none | <boolean> );
+};
+
+server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns-udp-size <integer>;
+ edns-version <integer>;
+ keys <server_key>;
+ max-udp-size <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
+ [ dscp <integer> ];
+ provide-ixfr <boolean>;
+ query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
+ <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
+ port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
+ port ( <integer> | * ) ) ) [ dscp <integer> ];
+ request-expire <boolean>;
+ request-ixfr <boolean>;
+ request-nsid <boolean>;
+ request-sit <boolean>; // obsolete
+ send-cookie <boolean>;
+ support-ixfr <boolean>; // obsolete
+ tcp-only <boolean>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ transfers <integer>;
+}; // may occur multiple times
+
+statistics-channels {
+ inet ( <ipv4_address> | <ipv6_address> |
+ * ) [ port ( <integer> | * ) ] [
+ allow { <address_match_element>; ...
+ } ]; // may occur multiple times
+}; // may occur multiple times
+
+trusted-keys { <string> <integer> <integer>
+ <integer> <quoted_string>; ... }; // may occur multiple times
+
+view <string> [ <class> ] {
+ acache-cleaning-interval <integer>;
+ acache-enable <boolean>;
+ additional-from-auth <boolean>;
+ additional-from-cache <boolean>;
+ allow-new-zones <boolean>;
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-cache { <address_match_element>; ... };
+ allow-query-cache-on { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-recursion { <address_match_element>; ... };
+ allow-recursion-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ allow-v6-synthesis { <address_match_element>; ... }; // obsolete
+ also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
+ <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
+ <integer> ] ) [ key <string> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
+ * ) ] [ dscp <integer> ];
+ attach-cache <string>;
+ auth-nxdomain <boolean>; // default changed
+ auto-dnssec ( allow | maintain | off );
+ cache-file <quoted_string>;
+ catalog-zones { zone <quoted_string> [ default-masters [ port
+ <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
+ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
+ <string> ]; ... } ] [ zone-directory <quoted_string> ] [
+ in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response
+ ) ( fail | warn | ignore ); // may occur multiple times
+ check-sibling <boolean>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ cleaning-interval <integer>;
+ clients-per-query <integer>;
+ deny-answer-addresses { <address_match_element>; ... } [
+ except-from { <quoted_string>; ... } ];
+ deny-answer-aliases { <quoted_string>; ... } [ except-from {
+ <quoted_string>; ... } ];
+ dialup ( notify | notify-passive | passive | refresh | <boolean> );
+ disable-algorithms <string> { <string>;
+ ... }; // may occur multiple times
+ disable-ds-digests <string> { <string>;
+ ... }; // may occur multiple times
+ disable-empty-zone <string>; // may occur multiple times
+ dlz <string> {
+ database <string>;
+ search <boolean>;
+ }; // may occur multiple times
+ dns64 <netprefix> {
+ break-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive-only <boolean>;
+ suffix <ipv6_address>;
+ }; // may occur multiple times
+ dns64-contact <string>;
+ dns64-server <string>;
+ dnssec-accept-expired <boolean>;
+ dnssec-dnskey-kskonly <boolean>;
+ dnssec-enable <boolean>;
+ dnssec-loadkeys-interval <integer>;
+ dnssec-lookaside ( <string> trust-anchor
+ <string> | auto | no ); // may occur multiple times
+ dnssec-must-be-secure <string> <boolean>; // may occur multiple times
+ dnssec-secure-to-insecure <boolean>;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder |
+ resolver ) [ ( query | response ) ]; ... }; // not configured
+ dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
+ <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
+ <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
+ <integer> ] [ dscp <integer> ] ); ... };
+ dyndb <string> <quoted_string> {
+ <unspecified-text> }; // may occur multiple times
+ edns-udp-size <integer>;
+ empty-contact <string>;
+ empty-server <string>;
+ empty-zones-enable <boolean>;
+ fetch-glue <boolean>; // obsolete
+ fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+ fetches-per-server <integer> [ ( drop | fail ) ];
+ fetches-per-zone <integer> [ ( drop | fail ) ];
+ filter-aaaa { <address_match_element>; ... }; // not configured
+ filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
+ filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
+ | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ inline-signing <boolean>;
+ ixfr-from-differences ( master | slave | <boolean> );
+ key <string> {
+ algorithm <string>;
+ secret <string>;
+ }; // may occur multiple times
+ key-directory <quoted_string>;
+ lame-ttl <ttlval>;
+ lmdb-mapsize <sizeval>; // non-operational
+ maintain-ixfr-base <boolean>; // obsolete
+ managed-keys { <string> <string>
+ <integer> <integer> <integer>
+ <quoted_string>; ... }; // may occur multiple times
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-clients { <address_match_element>; ... };
+ match-destinations { <address_match_element>; ... };
+ match-recursive-only <boolean>;
+ max-acache-size ( unlimited | <sizeval> );
+ max-cache-size ( default | unlimited | <sizeval> | <percentage> );
+ max-cache-ttl <integer>;
+ max-clients-per-query <integer>;
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-journal-size ( unlimited | <sizeval> );
+ max-ncache-ttl <integer>;
+ max-records <integer>;
+ max-recursion-depth <integer>;
+ max-recursion-queries <integer>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ max-udp-size <integer>;
+ max-zone-ttl ( unlimited | <ttlval> );
+ message-compression <boolean>;
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ min-roots <integer>; // not implemented
+ minimal-any <boolean>;
+ minimal-responses ( no-auth | no-auth-recursive | <boolean> );
+ multi-master <boolean>;
+ no-case-compress { <address_match_element>; ... };
+ nocookie-udp-size <integer>;
+ nosit-udp-size <integer>; // obsolete
+ notify ( explicit | master-only | <boolean> );
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
+ [ dscp <integer> ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ nta-lifetime <ttlval>;
+ nta-recheck <ttlval>;
+ nxdomain-redirect <string>;
+ preferred-glue <string>;
+ prefetch <integer> [ <integer> ];
+ provide-ixfr <boolean>;
+ query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
+ <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
+ port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
+ port ( <integer> | * ) ) ) [ dscp <integer> ];
+ queryport-pool-ports <integer>; // obsolete
+ queryport-pool-updateinterval <integer>; // obsolete
+ rate-limit {
+ all-per-second <integer>;
+ errors-per-second <integer>;
+ exempt-clients { <address_match_element>; ... };
+ ipv4-prefix-length <integer>;
+ ipv6-prefix-length <integer>;
+ log-only <boolean>;
+ max-table-size <integer>;
+ min-table-size <integer>;
+ nodata-per-second <integer>;
+ nxdomains-per-second <integer>;
+ qps-scale <integer>;
+ referrals-per-second <integer>;
+ responses-per-second <integer>;
+ slip <integer>;
+ window <integer>;
+ };
+ recursion <boolean>;
+ request-expire <boolean>;
+ request-ixfr <boolean>;
+ request-nsid <boolean>;
+ request-sit <boolean>; // obsolete
+ require-server-cookie <boolean>;
+ resolver-query-timeout <integer>;
+ response-policy { zone <quoted_string> [ log <boolean> ] [
+ max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
+ given | no-op | nodata | nxdomain | passthru | tcp-only
+ <quoted_string> ) ] [ recursive-only <boolean> ]; ... } [
+ break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [
+ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
+ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
+ rfc2308-type1 <boolean>; // not yet implemented
+ root-delegation-only [ exclude { <quoted_string>; ... } ];
+ root-key-sentinel <boolean>;
+ rrset-order { [ class <string> ] [ type <string> ] [ name
+ <quoted_string> ] <string> <string>; ... };
+ send-cookie <boolean>;
+ serial-update-method ( date | increment | unixtime );
+ server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns-udp-size <integer>;
+ edns-version <integer>;
+ keys <server_key>;
+ max-udp-size <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
+ ) ] [ dscp <integer> ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
+ | * ) ] [ dscp <integer> ];
+ provide-ixfr <boolean>;
+ query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
+ ( <integer> | * ) ] ) | ( [ [ address ] (
+ <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
+ dscp <integer> ];
+ query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
+ port ( <integer> | * ) ] ) | ( [ [ address ] (
+ <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
+ dscp <integer> ];
+ request-expire <boolean>;
+ request-ixfr <boolean>;
+ request-nsid <boolean>;
+ request-sit <boolean>; // obsolete
+ send-cookie <boolean>;
+ support-ixfr <boolean>; // obsolete
+ tcp-only <boolean>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
+ * ) ] [ dscp <integer> ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ] [ dscp <integer> ];
+ transfers <integer>;
+ }; // may occur multiple times
+ servfail-ttl <ttlval>;
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
+ suppress-initial-notify <boolean>; // not yet implemented
+ topology { <address_match_element>; ... }; // not implemented
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ trust-anchor-telemetry <boolean>; // experimental
+ trusted-keys { <string> <integer>
+ <integer> <integer> <quoted_string>;
+ ... }; // may occur multiple times
+ try-tcp-refresh <boolean>;
+ update-check-ksk <boolean>;
+ use-alt-transfer-source <boolean>;
+ use-queryport-pool <boolean>; // obsolete
+ v6-bias <integer>;
+ zero-no-soa-ttl <boolean>;
+ zero-no-soa-ttl-cache <boolean>;
+ zone <string> [ <class> ] {
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ also-notify [ port <integer> ] [ dscp <integer> ] { (
+ <masters> | <ipv4_address> [ port <integer> ] |
+ <ipv6_address> [ port <integer> ] ) [ key <string> ];
+ ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port (
+ <integer> | * ) ] [ dscp <integer> ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ] [ dscp <integer> ];
+ auto-dnssec ( allow | maintain | off );
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <boolean>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ database <string>;
+ delegation-only <boolean>;
+ dialup ( notify | notify-passive | passive | refresh |
+ <boolean> );
+ dlz <string>;
+ dnssec-dnskey-kskonly <boolean>;
+ dnssec-loadkeys-interval <integer>;
+ dnssec-secure-to-insecure <boolean>;
+ dnssec-update-mode ( maintain | no-resign );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { (
+ <ipv4_address> | <ipv6_address> ) [ port <integer> ] [
+ dscp <integer> ]; ... };
+ in-view <string>;
+ inline-signing <boolean>;
+ ixfr-base <quoted_string>; // obsolete
+ ixfr-from-differences <boolean>;
+ ixfr-tmp-file <quoted_string>; // obsolete
+ journal <quoted_string>;
+ key-directory <quoted_string>;
+ maintain-ixfr-base <boolean>; // obsolete
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
+ | <ipv4_address> [ port <integer> ] | <ipv6_address> [
+ port <integer> ] ) [ key <string> ]; ... };
+ max-ixfr-log-size ( default | unlimited |
+ <sizeval> ); // obsolete
+ max-journal-size ( unlimited | <sizeval> );
+ max-records <integer>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ max-zone-ttl ( unlimited | <ttlval> );
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ multi-master <boolean>;
+ notify ( explicit | master-only | <boolean> );
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
+ ) ] [ dscp <integer> ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
+ | * ) ] [ dscp <integer> ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ pubkey <integer>
+ <integer>
+ <integer>
+ <quoted_string>; // obsolete, may occur multiple times
+ request-expire <boolean>;
+ request-ixfr <boolean>;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( <ipv4_address> | <ipv6_address> ) [
+ port <integer> ]; ... };
+ server-names { <quoted_string>; ... };
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
+ * ) ] [ dscp <integer> ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port (
+ <integer> | * ) ] [ dscp <integer> ];
+ try-tcp-refresh <boolean>;
+ type ( delegation-only | forward | hint | master | redirect
+ | slave | static-stub | stub );
+ update-check-ksk <boolean>;
+ update-policy ( local | { ( deny | grant ) <string> (
+ 6to4-self | external | krb5-self | krb5-selfsub |
+ krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp-self
+ | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
+ use-alt-transfer-source <boolean>;
+ zero-no-soa-ttl <boolean>;
+ zone-statistics ( full | terse | none | <boolean> );
+ }; // may occur multiple times
+ zone-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+
+zone <string> [ <class> ] {
+ allow-notify { <address_match_element>; ... };
+ allow-query { <address_match_element>; ... };
+ allow-query-on { <address_match_element>; ... };
+ allow-transfer { <address_match_element>; ... };
+ allow-update { <address_match_element>; ... };
+ allow-update-forwarding { <address_match_element>; ... };
+ also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
+ <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
+ <integer> ] ) [ key <string> ]; ... };
+ alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
+ * ) ] [ dscp <integer> ];
+ auto-dnssec ( allow | maintain | off );
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <boolean>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <boolean>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <boolean>;
+ database <string>;
+ delegation-only <boolean>;
+ dialup ( notify | notify-passive | passive | refresh | <boolean> );
+ dlz <string>;
+ dnssec-dnskey-kskonly <boolean>;
+ dnssec-loadkeys-interval <integer>;
+ dnssec-secure-to-insecure <boolean>;
+ dnssec-update-mode ( maintain | no-resign );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
+ | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ in-view <string>;
+ inline-signing <boolean>;
+ ixfr-base <quoted_string>; // obsolete
+ ixfr-from-differences <boolean>;
+ ixfr-tmp-file <quoted_string>; // obsolete
+ journal <quoted_string>;
+ key-directory <quoted_string>;
+ maintain-ixfr-base <boolean>; // obsolete
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
+ <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
+ <integer> ] ) [ key <string> ]; ... };
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-journal-size ( unlimited | <sizeval> );
+ max-records <integer>;
+ max-refresh-time <integer>;
+ max-retry-time <integer>;
+ max-transfer-idle-in <integer>;
+ max-transfer-idle-out <integer>;
+ max-transfer-time-in <integer>;
+ max-transfer-time-out <integer>;
+ max-zone-ttl ( unlimited | <ttlval> );
+ min-refresh-time <integer>;
+ min-retry-time <integer>;
+ multi-master <boolean>;
+ notify ( explicit | master-only | <boolean> );
+ notify-delay <integer>;
+ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
+ [ dscp <integer> ];
+ notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
+ pubkey <integer> <integer>
+ <integer> <quoted_string>; // obsolete, may occur multiple times
+ request-expire <boolean>;
+ request-ixfr <boolean>;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
+ <integer> ]; ... };
+ server-names { <quoted_string>; ... };
+ sig-signing-nodes <integer>;
+ sig-signing-signatures <integer>;
+ sig-signing-type <integer>;
+ sig-validity-interval <integer> [ <integer> ];
+ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
+ dscp <integer> ];
+ transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
+ ] [ dscp <integer> ];
+ try-tcp-refresh <boolean>;
+ type ( delegation-only | forward | hint | master | redirect | slave
+ | static-stub | stub );
+ update-check-ksk <boolean>;
+ update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
+ external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+ | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
+ <rrtypelist>; ... };
+ use-alt-transfer-source <boolean>;
+ zero-no-soa-ttl <boolean>;
+ zone-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-03 10:04:11 +0000