diff options
Diffstat (limited to 'doc/misc')
42 files changed, 3643 insertions, 0 deletions
diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in new file mode 100644 index 0000000..35c79f1 --- /dev/null +++ b/doc/misc/Makefile.in @@ -0,0 +1,83 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +@BIND9_MAKE_RULES@ + +PERL = @PERL@ + +MANOBJS = options + +doc man:: ${MANOBJS} + +docclean manclean maintainer-clean:: + rm -f options + +# Do not make options depend on ../../bin/tests/cfg_test, doing so +# will cause excessively clever versions of make to attempt to build +# that program right here, right now, if it is missing, which will +# cause make doc to bomb. + +CFG_TEST = ../../bin/tests/cfg_test + +options: FORCE + if test -x ${CFG_TEST} ; \ + then \ + ${CFG_TEST} --named --grammar > $@.raw ; \ + ${PERL} ${srcdir}/sort-options.pl < $@.raw > $@.sorted ; \ + ${PERL} ${srcdir}/format-options.pl < $@.sorted > $@.new ; \ + mv -f $@.new $@ ; \ + ${CFG_TEST} --named --grammar --active > $@.raw ; \ + ${PERL} ${srcdir}/sort-options.pl < $@.raw > $@.sorted ; \ + ${PERL} ${srcdir}/format-options.pl < $@.sorted > $@.new ; \ + mv -f $@.new $@.active ; \ + rm -f $@.raw $@.sorted ; \ + ${CFG_TEST} --zonegrammar master --active > master.zoneopt ; \ + ${CFG_TEST} --zonegrammar slave --active > slave.zoneopt ; \ + ${CFG_TEST} --zonegrammar mirror --active > mirror.zoneopt ; \ + ${CFG_TEST} --zonegrammar forward --active > forward.zoneopt ; \ + ${CFG_TEST} --zonegrammar hint --active > hint.zoneopt ; \ + ${CFG_TEST} --zonegrammar stub --active > stub.zoneopt ; \ + ${CFG_TEST} --zonegrammar static-stub --active > static-stub.zoneopt ; \ + ${CFG_TEST} --zonegrammar redirect --active > redirect.zoneopt ; \ + ${CFG_TEST} --zonegrammar delegation-only --active > delegation-only.zoneopt ; \ + ${CFG_TEST} --zonegrammar in-view --active > in-view.zoneopt ; \ + else \ + rm -f $@.new $@.raw $@.sorted ; \ + fi + +rst: options rst-options.pl rst-zoneopt.pl rst-grammars.pl + ${PERL} rst-options.pl options.active > ${top_srcdir}/bin/named/named.conf.rst + ${PERL} rst-zoneopt.pl master.zoneopt > master.zoneopt.rst + ${PERL} rst-zoneopt.pl slave.zoneopt > slave.zoneopt.rst + ${PERL} rst-zoneopt.pl mirror.zoneopt > mirror.zoneopt.rst + ${PERL} rst-zoneopt.pl forward.zoneopt > forward.zoneopt.rst + ${PERL} rst-zoneopt.pl hint.zoneopt > hint.zoneopt.rst + ${PERL} rst-zoneopt.pl stub.zoneopt > stub.zoneopt.rst + ${PERL} rst-zoneopt.pl static-stub.zoneopt > static-stub.zoneopt.rst + ${PERL} rst-zoneopt.pl redirect.zoneopt > redirect.zoneopt.rst + ${PERL} rst-zoneopt.pl delegation-only.zoneopt > delegation-only.zoneopt.rst + ${PERL} rst-zoneopt.pl in-view.zoneopt > in-view.zoneopt.rst + ${PERL} rst-grammars.pl options.active acl > acl.grammar.rst + ${PERL} rst-grammars.pl options.active controls > controls.grammar.rst + ${PERL} rst-grammars.pl options.active key > key.grammar.rst + ${PERL} rst-grammars.pl options.active logging > logging.grammar.rst + ${PERL} rst-grammars.pl options.active parental-agents > parental-agents.grammar.rst + ${PERL} rst-grammars.pl options.active primaries > primaries.grammar.rst + ${PERL} rst-grammars.pl options.active options > options.grammar.rst + ${PERL} rst-grammars.pl options.active server > server.grammar.rst + ${PERL} rst-grammars.pl options.active statistics-channels > statistics-channels.grammar.rst + ${PERL} rst-grammars.pl options.active trust-anchors > trust-anchors.grammar.rst + ${PERL} rst-grammars.pl options.active managed-keys > managed-keys.grammar.rst + ${PERL} rst-grammars.pl options.active trusted-keys > trusted-keys.grammar.rst diff --git a/doc/misc/acl.grammar.rst b/doc/misc/acl.grammar.rst new file mode 100644 index 0000000..d27dab3 --- /dev/null +++ b/doc/misc/acl.grammar.rst @@ -0,0 +1,14 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + acl <string> { <address_match_element>; ... }; diff --git a/doc/misc/controls.grammar.rst b/doc/misc/controls.grammar.rst new file mode 100644 index 0000000..440bce4 --- /dev/null +++ b/doc/misc/controls.grammar.rst @@ -0,0 +1,24 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + controls { + inet ( <ipv4_address> | <ipv6_address> | + * ) [ port ( <integer> | * ) ] allow + { <address_match_element>; ... } [ + keys { <string>; ... } ] [ read-only + <boolean> ]; + unix <quoted_string> perm <integer> + owner <integer> group <integer> [ + keys { <string>; ... } ] [ read-only + <boolean> ]; + }; diff --git a/doc/misc/delegation-only.zoneopt b/doc/misc/delegation-only.zoneopt new file mode 100644 index 0000000..ab86327 --- /dev/null +++ b/doc/misc/delegation-only.zoneopt @@ -0,0 +1,3 @@ +zone <string> [ <class> ] { + type delegation-only; +}; diff --git a/doc/misc/delegation-only.zoneopt.rst b/doc/misc/delegation-only.zoneopt.rst new file mode 100644 index 0000000..2a262d1 --- /dev/null +++ b/doc/misc/delegation-only.zoneopt.rst @@ -0,0 +1,16 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type delegation-only; + }; diff --git a/doc/misc/dnssec-policy.default.conf b/doc/misc/dnssec-policy.default.conf new file mode 100644 index 0000000..00b8a14 --- /dev/null +++ b/doc/misc/dnssec-policy.default.conf @@ -0,0 +1,38 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "default" { + // Keys + keys { + csk key-directory lifetime unlimited algorithm 13; + }; + + // Key timings + dnskey-ttl 3600; + publish-safety 1h; + retire-safety 1h; + purge-keys P90D; + + // Signature timings + signatures-refresh 5d; + signatures-validity 14d; + signatures-validity-dnskey 14d; + + // Zone parameters + max-zone-ttl 86400; + zone-propagation-delay 300; + + // Parent parameters + parent-ds-ttl 86400; + parent-propagation-delay 1h; +}; diff --git a/doc/misc/dnssec-policy.grammar.rst b/doc/misc/dnssec-policy.grammar.rst new file mode 100644 index 0000000..b0b9692 --- /dev/null +++ b/doc/misc/dnssec-policy.grammar.rst @@ -0,0 +1,28 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + + dnssec-policy <string> { + dnskey-ttl <duration>; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime + <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; + max-zone-ttl <duration>; + nsec3param [ iterations <integer> ] [ optout <boolean> ] [ + salt-length <integer> ]; + parent-ds-ttl <duration>; + parent-propagation-delay <duration>; + publish-safety <duration>; + purge-keys <duration>; + retire-safety <duration>; + signatures-refresh <duration>; + signatures-validity <duration>; + signatures-validity-dnskey <duration>; + zone-propagation-delay <duration>; + }; diff --git a/doc/misc/format-options.pl b/doc/misc/format-options.pl new file mode 100644 index 0000000..f4a36c2 --- /dev/null +++ b/doc/misc/format-options.pl @@ -0,0 +1,43 @@ +#!/usr/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +print <<END; + +This is a summary of the named.conf options supported by +this version of BIND 9. + +END + +# Break long lines +while (<>) { + chomp; + s/\t/ /g; + my $line = $_; + m!^( *)!; + my $indent = $1; + my $comment = ""; + if ( $line =~ m!//.*! ) { + $comment = $&; + $line =~ s!//.*!!; + } + my $start = ""; + while (length($line) >= 79 - length($comment)) { + $_ = $line; + # this makes sure that the comment has something in front of it + $len = 75 - length($comment); + m!^(.{0,$len}) (.*)$!; + $start = $start.$1."\n"; + $line = $indent." ".$2; + } + print $start.$line.$comment."\n"; +} diff --git a/doc/misc/forward.zoneopt b/doc/misc/forward.zoneopt new file mode 100644 index 0000000..e694813 --- /dev/null +++ b/doc/misc/forward.zoneopt @@ -0,0 +1,6 @@ +zone <string> [ <class> ] { + type forward; + delegation-only <boolean>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; +}; diff --git a/doc/misc/forward.zoneopt.rst b/doc/misc/forward.zoneopt.rst new file mode 100644 index 0000000..3ced3ac --- /dev/null +++ b/doc/misc/forward.zoneopt.rst @@ -0,0 +1,19 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type forward; + delegation-only <boolean>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + }; diff --git a/doc/misc/hint.zoneopt b/doc/misc/hint.zoneopt new file mode 100644 index 0000000..d7ec16c --- /dev/null +++ b/doc/misc/hint.zoneopt @@ -0,0 +1,6 @@ +zone <string> [ <class> ] { + type hint; + check-names ( fail | warn | ignore ); + delegation-only <boolean>; + file <quoted_string>; +}; diff --git a/doc/misc/hint.zoneopt.rst b/doc/misc/hint.zoneopt.rst new file mode 100644 index 0000000..998e662 --- /dev/null +++ b/doc/misc/hint.zoneopt.rst @@ -0,0 +1,19 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type hint; + check-names ( fail | warn | ignore ); + delegation-only <boolean>; + file <quoted_string>; + }; diff --git a/doc/misc/in-view.zoneopt b/doc/misc/in-view.zoneopt new file mode 100644 index 0000000..c63c427 --- /dev/null +++ b/doc/misc/in-view.zoneopt @@ -0,0 +1,3 @@ +zone <string> [ <class> ] { + in-view <string>; +}; diff --git a/doc/misc/in-view.zoneopt.rst b/doc/misc/in-view.zoneopt.rst new file mode 100644 index 0000000..df1a587 --- /dev/null +++ b/doc/misc/in-view.zoneopt.rst @@ -0,0 +1,16 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + in-view <string>; + }; diff --git a/doc/misc/key.grammar.rst b/doc/misc/key.grammar.rst new file mode 100644 index 0000000..a417997 --- /dev/null +++ b/doc/misc/key.grammar.rst @@ -0,0 +1,17 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + key <string> { + algorithm <string>; + secret <string>; + }; diff --git a/doc/misc/logging.grammar.rst b/doc/misc/logging.grammar.rst new file mode 100644 index 0000000..377d6e9 --- /dev/null +++ b/doc/misc/logging.grammar.rst @@ -0,0 +1,28 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + logging { + category <string> { <string>; ... }; + channel <string> { + buffered <boolean>; + file <quoted_string> [ versions ( unlimited | <integer> ) ] + [ size <size> ] [ suffix ( increment | timestamp ) ]; + null; + print-category <boolean>; + print-severity <boolean>; + print-time ( iso8601 | iso8601-utc | local | <boolean> ); + severity <log_severity>; + stderr; + syslog [ <syslog_facility> ]; + }; + }; diff --git a/doc/misc/managed-keys.grammar.rst b/doc/misc/managed-keys.grammar.rst new file mode 100644 index 0000000..a57f8ef --- /dev/null +++ b/doc/misc/managed-keys.grammar.rst @@ -0,0 +1,17 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + managed-keys { <string> ( static-key + | initial-key | static-ds | + initial-ds ) <integer> <integer> + <integer> <quoted_string>; ... };, deprecated diff --git a/doc/misc/master.zoneopt b/doc/misc/master.zoneopt new file mode 100644 index 0000000..953e3a2 --- /dev/null +++ b/doc/misc/master.zoneopt @@ -0,0 +1,61 @@ +zone <string> [ <class> ] { + type ( master | primary ); + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + database <string>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + inline-signing <boolean>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + key-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-out <integer>; + max-zone-ttl ( unlimited | <duration> ); + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-to-soa <boolean>; + parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + serial-update-method ( date | increment | unixtime ); + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + update-check-ksk <boolean>; + update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } ); + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; diff --git a/doc/misc/master.zoneopt.rst b/doc/misc/master.zoneopt.rst new file mode 100644 index 0000000..346d598 --- /dev/null +++ b/doc/misc/master.zoneopt.rst @@ -0,0 +1,74 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type ( master | primary ); + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + database <string>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + inline-signing <boolean>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + key-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-out <integer>; + max-zone-ttl ( unlimited | <duration> ); + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-to-soa <boolean>; + parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + serial-update-method ( date | increment | unixtime ); + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + update-check-ksk <boolean>; + update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } ); + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt new file mode 100644 index 0000000..3d45a3d --- /dev/null +++ b/doc/misc/mirror.zoneopt @@ -0,0 +1,44 @@ +zone <string> [ <class> ] { + type mirror; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + check-names ( fail | warn | ignore ); + database <string>; + file <quoted_string>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + request-expire <boolean>; + request-ixfr <boolean>; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; diff --git a/doc/misc/mirror.zoneopt.rst b/doc/misc/mirror.zoneopt.rst new file mode 100644 index 0000000..b425a96 --- /dev/null +++ b/doc/misc/mirror.zoneopt.rst @@ -0,0 +1,57 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type mirror; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + check-names ( fail | warn | ignore ); + database <string>; + file <quoted_string>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + request-expire <boolean>; + request-ixfr <boolean>; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/options b/doc/misc/options new file mode 100644 index 0000000..0dbcf10 --- /dev/null +++ b/doc/misc/options @@ -0,0 +1,1031 @@ + +This is a summary of the named.conf options supported by +this version of BIND 9. + +acl <string> { <address_match_element>; ... }; // may occur multiple times + +controls { + inet ( <ipv4_address> | <ipv6_address> | + * ) [ port ( <integer> | * ) ] allow + { <address_match_element>; ... } [ + keys { <string>; ... } ] [ read-only + <boolean> ]; // may occur multiple times + unix <quoted_string> perm <integer> + owner <integer> group <integer> [ + keys { <string>; ... } ] [ read-only + <boolean> ]; // may occur multiple times +}; // may occur multiple times + +dlz <string> { + database <string>; + search <boolean>; +}; // may occur multiple times + +dnssec-policy <string> { + dnskey-ttl <duration>; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime + <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; + max-zone-ttl <duration>; + nsec3param [ iterations <integer> ] [ optout <boolean> ] [ + salt-length <integer> ]; + parent-ds-ttl <duration>; + parent-propagation-delay <duration>; + parent-registration-delay <duration>; // obsolete + publish-safety <duration>; + purge-keys <duration>; + retire-safety <duration>; + signatures-refresh <duration>; + signatures-validity <duration>; + signatures-validity-dnskey <duration>; + zone-propagation-delay <duration>; +}; // may occur multiple times + +dyndb <string> <quoted_string> { + <unspecified-text> }; // may occur multiple times + +key <string> { + algorithm <string>; + secret <string>; +}; // may occur multiple times + +logging { + category <string> { <string>; ... }; // may occur multiple times + channel <string> { + buffered <boolean>; + file <quoted_string> [ versions ( unlimited | <integer> ) ] + [ size <size> ] [ suffix ( increment | timestamp ) ]; + null; + print-category <boolean>; + print-severity <boolean>; + print-time ( iso8601 | iso8601-utc | local | <boolean> ); + severity <log_severity>; + stderr; + syslog [ <syslog_facility> ]; + }; // may occur multiple times +}; + +lwres { <unspecified-text> }; // obsolete, may occur multiple times + +managed-keys { <string> ( static-key + | initial-key | static-ds | + initial-ds ) <integer> <integer> + <integer> <quoted_string>; ... }; // may occur multiple times, deprecated + +masters <string> [ port <integer> ] [ dscp + <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; // may occur multiple times + +options { + acache-cleaning-interval <integer>; // obsolete + acache-enable <boolean>; // obsolete + additional-from-auth <boolean>; // obsolete + additional-from-cache <boolean>; // obsolete + allow-new-zones <boolean>; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-cache { <address_match_element>; ... }; + allow-query-cache-on { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-recursion { <address_match_element>; ... }; + allow-recursion-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + allow-v6-synthesis { <address_match_element>; ... }; // obsolete + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + answer-cookie <boolean>; + attach-cache <string>; + auth-nxdomain <boolean>; // default changed + auto-dnssec ( allow | maintain | off ); // deprecated + automatic-interface-scan <boolean>; + avoid-v4-udp-ports { <portrange>; ... }; + avoid-v6-udp-ports { <portrange>; ... }; + bindkeys-file <quoted_string>; + blackhole { <address_match_element>; ... }; + cache-file <quoted_string>; // deprecated + catalog-zones { zone <string> [ default-masters [ port <integer> ] + [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port + <integer> ] | <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... } ] [ zone-directory <quoted_string> ] [ + in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | + secondary | slave | response ) ( + fail | warn | ignore ); // may occur multiple times + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + cleaning-interval <integer>; // obsolete + clients-per-query <integer>; + cookie-algorithm ( aes | siphash24 ); + cookie-secret <string>; // may occur multiple times + coresize ( default | unlimited | <sizeval> ); + datasize ( default | unlimited | <sizeval> ); + deallocate-on-exit <boolean>; // ancient + deny-answer-addresses { <address_match_element>; ... } [ + except-from { <string>; ... } ]; + deny-answer-aliases { <string>; ... } [ except-from { <string>; ... + } ]; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + directory <quoted_string>; + disable-algorithms <string> { <string>; + ... }; // may occur multiple times + disable-ds-digests <string> { <string>; + ... }; // may occur multiple times + disable-empty-zone <string>; // may occur multiple times + dns64 <netprefix> { + break-dnssec <boolean>; + clients { <address_match_element>; ... }; + exclude { <address_match_element>; ... }; + mapped { <address_match_element>; ... }; + recursive-only <boolean>; + suffix <ipv6_address>; + }; // may occur multiple times + dns64-contact <string>; + dns64-server <string>; + dnskey-sig-validity <integer>; + dnsrps-enable <boolean>; // not configured + dnsrps-options { <unspecified-text> }; // not configured + dnssec-accept-expired <boolean>; + dnssec-dnskey-kskonly <boolean>; + dnssec-enable <boolean>; // obsolete + dnssec-loadkeys-interval <integer>; + dnssec-lookaside ( <string> + trust-anchor <string> | + auto | no ); // obsolete, may occur multiple times + dnssec-must-be-secure <string> <boolean>; // may occur multiple times + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ + ( query | response ) ]; ... }; + dnstap-identity ( <quoted_string> | none | hostname ); + dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | + <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( + increment | timestamp ) ]; + dnstap-version ( <quoted_string> | none ); + dscp <integer>; // deprecated + dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port + <integer> ] [ dscp <integer> ] | <ipv4_address> [ port + <integer> ] [ dscp <integer> ] | <ipv6_address> [ port + <integer> ] [ dscp <integer> ] ); ... }; + dump-file <quoted_string>; + edns-udp-size <integer>; + empty-contact <string>; + empty-server <string>; + empty-zones-enable <boolean>; + fake-iquery <boolean>; // ancient + fetch-glue <boolean>; // ancient + fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; + fetches-per-server <integer> [ ( drop | fail ) ]; + fetches-per-zone <integer> [ ( drop | fail ) ]; + files ( default | unlimited | <sizeval> ); + filter-aaaa { <address_match_element>; ... }; // obsolete + filter-aaaa-on-v4 <boolean>; // obsolete + filter-aaaa-on-v6 <boolean>; // obsolete + flush-zones-on-shutdown <boolean>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + fstrm-set-buffer-hint <integer>; + fstrm-set-flush-timeout <integer>; + fstrm-set-input-queue-size <integer>; + fstrm-set-output-notify-threshold <integer>; + fstrm-set-output-queue-model ( mpsc | spsc ); + fstrm-set-output-queue-size <integer>; + fstrm-set-reopen-interval <duration>; + geoip-directory ( <quoted_string> | none ); + geoip-use-ecs <boolean>; // obsolete + glue-cache <boolean>; + has-old-clients <boolean>; // ancient + heartbeat-interval <integer>; + host-statistics <boolean>; // ancient + host-statistics-max <integer>; // ancient + hostname ( <quoted_string> | none ); + interface-interval <duration>; + ixfr-from-differences ( primary | master | secondary | slave | + <boolean> ); + keep-response-order { <address_match_element>; ... }; + key-directory <quoted_string>; + lame-ttl <duration>; + listen-on [ port <integer> ] [ dscp + <integer> ] { + <address_match_element>; ... }; // may occur multiple times + listen-on-v6 [ port <integer> ] [ dscp + <integer> ] { + <address_match_element>; ... }; // may occur multiple times + lmdb-mapsize <sizeval>; + lock-file ( <quoted_string> | none ); + maintain-ixfr-base <boolean>; // ancient + managed-keys-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses <boolean>; + max-acache-size ( unlimited | <sizeval> ); // obsolete + max-cache-size ( default | unlimited | <sizeval> | <percentage> ); + max-cache-ttl <duration>; + max-clients-per-query <integer>; + max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-ncache-ttl <duration>; + max-records <integer>; + max-recursion-depth <integer>; + max-recursion-queries <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-rsa-exponent-size <integer>; + max-stale-ttl <duration>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-udp-size <integer>; + max-zone-ttl ( unlimited | <duration> ); + memstatistics <boolean>; + memstatistics-file <quoted_string>; + message-compression <boolean>; + min-cache-ttl <duration>; + min-ncache-ttl <duration>; + min-refresh-time <integer>; + min-retry-time <integer>; + min-roots <integer>; // ancient + minimal-any <boolean>; + minimal-responses ( no-auth | no-auth-recursive | <boolean> ); + multi-master <boolean>; + multiple-cnames <boolean>; // ancient + named-xfer <quoted_string>; // ancient + new-zones-directory <quoted_string>; + no-case-compress { <address_match_element>; ... }; + nocookie-udp-size <integer>; + nosit-udp-size <integer>; // obsolete + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-rate <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + nsec3-test-zone <boolean>; // test only + nta-lifetime <duration>; + nta-recheck <duration>; + nxdomain-redirect <string>; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + pid-file ( <quoted_string> | none ); + port <integer>; + preferred-glue <string>; + prefetch <integer> [ <integer> ]; + provide-ixfr <boolean>; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + querylog <boolean>; + queryport-pool-ports <integer>; // obsolete + queryport-pool-updateinterval <integer>; // obsolete + random-device ( <quoted_string> | none ); + rate-limit { + all-per-second <integer>; + errors-per-second <integer>; + exempt-clients { <address_match_element>; ... }; + ipv4-prefix-length <integer>; + ipv6-prefix-length <integer>; + log-only <boolean>; + max-table-size <integer>; + min-table-size <integer>; + nodata-per-second <integer>; + nxdomains-per-second <integer>; + qps-scale <integer>; + referrals-per-second <integer>; + responses-per-second <integer>; + slip <integer>; + window <integer>; + }; + recursing-file <quoted_string>; + recursion <boolean>; + recursive-clients <integer>; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + request-sit <boolean>; // obsolete + require-server-cookie <boolean>; + reserved-sockets <integer>; + resolver-nonbackoff-tries <integer>; + resolver-query-timeout <integer>; + resolver-retry-interval <integer>; + response-padding { <address_match_element>; ... } block-size + <integer>; + response-policy { zone <string> [ add-soa <boolean> ] [ log + <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval + <duration> ] [ policy ( cname | disabled | drop | given | no-op + | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ + recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ + break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ + min-update-interval <duration> ] [ min-ns-dots <integer> ] [ + nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] + [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ + dnsrps-options { <unspecified-text> } ]; + reuseport <boolean>; + rfc2308-type1 <boolean>; // ancient + root-delegation-only [ exclude { <string>; ... } ]; + root-key-sentinel <boolean>; + rrset-order { [ class <string> ] [ type <string> ] [ name + <quoted_string> ] <string> <string>; ... }; + secroots-file <quoted_string>; + send-cookie <boolean>; + serial-queries <integer>; // ancient + serial-query-rate <integer>; + serial-update-method ( date | increment | unixtime ); + server-id ( <quoted_string> | none | hostname ); + servfail-ttl <duration>; + session-keyalg <string>; + session-keyfile ( <quoted_string> | none ); + session-keyname <string>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + sit-secret <string>; // obsolete + sortlist { <address_match_element>; ... }; + stacksize ( default | unlimited | <sizeval> ); + stale-answer-client-timeout ( disabled | off | <integer> ); + stale-answer-enable <boolean>; + stale-answer-ttl <duration>; + stale-cache-enable <boolean>; + stale-refresh-time <duration>; + startup-notify-rate <integer>; + statistics-file <quoted_string>; + statistics-interval <integer>; // ancient + suppress-initial-notify <boolean>; // not yet implemented + synth-from-dnssec <boolean>; + tcp-advertised-timeout <integer>; + tcp-clients <integer>; + tcp-idle-timeout <integer>; + tcp-initial-timeout <integer>; + tcp-keepalive-timeout <integer>; + tcp-listen-queue <integer>; + tkey-dhkey <quoted_string> <integer>; + tkey-domain <quoted_string>; + tkey-gssapi-credential <quoted_string>; + tkey-gssapi-keytab <quoted_string>; + topology { <address_match_element>; ... }; // ancient + transfer-format ( many-answers | one-answer ); + transfer-message-size <integer>; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + transfers-in <integer>; + transfers-out <integer>; + transfers-per-ns <integer>; + treat-cr-as-space <boolean>; // ancient + trust-anchor-telemetry <boolean>; // experimental + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + update-quota <integer>; + use-alt-transfer-source <boolean>; + use-id-pool <boolean>; // ancient + use-ixfr <boolean>; // obsolete + use-queryport-pool <boolean>; // obsolete + use-v4-udp-ports { <portrange>; ... }; + use-v6-udp-ports { <portrange>; ... }; + v6-bias <integer>; + validate-except { <string>; ... }; + version ( <quoted_string> | none ); + zero-no-soa-ttl <boolean>; + zero-no-soa-ttl-cache <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; + +parental-agents <string> [ port <integer> ] [ + dscp <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; // may occur multiple times + +plugin ( query ) <string> [ { <unspecified-text> + } ]; // may occur multiple times + +primaries <string> [ port <integer> ] [ dscp + <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; // may occur multiple times + +server <netprefix> { + bogus <boolean>; + edns <boolean>; + edns-udp-size <integer>; + edns-version <integer>; + keys <server_key>; + max-udp-size <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + padding <integer>; + provide-ixfr <boolean>; + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + request-sit <boolean>; // obsolete + send-cookie <boolean>; + support-ixfr <boolean>; // obsolete + tcp-keepalive <boolean>; + tcp-only <boolean>; + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + transfers <integer>; +}; // may occur multiple times + +statistics-channels { + inet ( <ipv4_address> | <ipv6_address> | + * ) [ port ( <integer> | * ) ] [ + allow { <address_match_element>; ... + } ]; // may occur multiple times +}; // may occur multiple times + +trust-anchors { <string> ( static-key | + initial-key | static-ds | initial-ds ) + <integer> <integer> <integer> + <quoted_string>; ... }; // may occur multiple times + +trusted-keys { <string> <integer> + <integer> <integer> + <quoted_string>; ... }; // may occur multiple times, deprecated + +view <string> [ <class> ] { + acache-cleaning-interval <integer>; // obsolete + acache-enable <boolean>; // obsolete + additional-from-auth <boolean>; // obsolete + additional-from-cache <boolean>; // obsolete + allow-new-zones <boolean>; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-cache { <address_match_element>; ... }; + allow-query-cache-on { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-recursion { <address_match_element>; ... }; + allow-recursion-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + allow-v6-synthesis { <address_match_element>; ... }; // obsolete + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + attach-cache <string>; + auth-nxdomain <boolean>; // default changed + auto-dnssec ( allow | maintain | off ); // deprecated + cache-file <quoted_string>; // deprecated + catalog-zones { zone <string> [ default-masters [ port <integer> ] + [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port + <integer> ] | <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... } ] [ zone-directory <quoted_string> ] [ + in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | + secondary | slave | response ) ( + fail | warn | ignore ); // may occur multiple times + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + cleaning-interval <integer>; // obsolete + clients-per-query <integer>; + deny-answer-addresses { <address_match_element>; ... } [ + except-from { <string>; ... } ]; + deny-answer-aliases { <string>; ... } [ except-from { <string>; ... + } ]; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + disable-algorithms <string> { <string>; + ... }; // may occur multiple times + disable-ds-digests <string> { <string>; + ... }; // may occur multiple times + disable-empty-zone <string>; // may occur multiple times + dlz <string> { + database <string>; + search <boolean>; + }; // may occur multiple times + dns64 <netprefix> { + break-dnssec <boolean>; + clients { <address_match_element>; ... }; + exclude { <address_match_element>; ... }; + mapped { <address_match_element>; ... }; + recursive-only <boolean>; + suffix <ipv6_address>; + }; // may occur multiple times + dns64-contact <string>; + dns64-server <string>; + dnskey-sig-validity <integer>; + dnsrps-enable <boolean>; // not configured + dnsrps-options { <unspecified-text> }; // not configured + dnssec-accept-expired <boolean>; + dnssec-dnskey-kskonly <boolean>; + dnssec-enable <boolean>; // obsolete + dnssec-loadkeys-interval <integer>; + dnssec-lookaside ( <string> + trust-anchor <string> | + auto | no ); // obsolete, may occur multiple times + dnssec-must-be-secure <string> <boolean>; // may occur multiple times + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ + ( query | response ) ]; ... }; + dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port + <integer> ] [ dscp <integer> ] | <ipv4_address> [ port + <integer> ] [ dscp <integer> ] | <ipv6_address> [ port + <integer> ] [ dscp <integer> ] ); ... }; + dyndb <string> <quoted_string> { + <unspecified-text> }; // may occur multiple times + edns-udp-size <integer>; + empty-contact <string>; + empty-server <string>; + empty-zones-enable <boolean>; + fetch-glue <boolean>; // ancient + fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; + fetches-per-server <integer> [ ( drop | fail ) ]; + fetches-per-zone <integer> [ ( drop | fail ) ]; + filter-aaaa { <address_match_element>; ... }; // obsolete + filter-aaaa-on-v4 <boolean>; // obsolete + filter-aaaa-on-v6 <boolean>; // obsolete + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + glue-cache <boolean>; + ixfr-from-differences ( primary | master | secondary | slave | + <boolean> ); + key <string> { + algorithm <string>; + secret <string>; + }; // may occur multiple times + key-directory <quoted_string>; + lame-ttl <duration>; + lmdb-mapsize <sizeval>; + maintain-ixfr-base <boolean>; // ancient + managed-keys { <string> ( + static-key | initial-key + | static-ds | initial-ds + ) <integer> <integer> + <integer> + <quoted_string>; ... }; // may occur multiple times, deprecated + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + match-clients { <address_match_element>; ... }; + match-destinations { <address_match_element>; ... }; + match-recursive-only <boolean>; + max-acache-size ( unlimited | <sizeval> ); // obsolete + max-cache-size ( default | unlimited | <sizeval> | <percentage> ); + max-cache-ttl <duration>; + max-clients-per-query <integer>; + max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-ncache-ttl <duration>; + max-records <integer>; + max-recursion-depth <integer>; + max-recursion-queries <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-stale-ttl <duration>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-udp-size <integer>; + max-zone-ttl ( unlimited | <duration> ); + message-compression <boolean>; + min-cache-ttl <duration>; + min-ncache-ttl <duration>; + min-refresh-time <integer>; + min-retry-time <integer>; + min-roots <integer>; // ancient + minimal-any <boolean>; + minimal-responses ( no-auth | no-auth-recursive | <boolean> ); + multi-master <boolean>; + new-zones-directory <quoted_string>; + no-case-compress { <address_match_element>; ... }; + nocookie-udp-size <integer>; + nosit-udp-size <integer>; // obsolete + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + nsec3-test-zone <boolean>; // test only + nta-lifetime <duration>; + nta-recheck <duration>; + nxdomain-redirect <string>; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + plugin ( query ) <string> [ { + <unspecified-text> } ]; // may occur multiple times + preferred-glue <string>; + prefetch <integer> [ <integer> ]; + provide-ixfr <boolean>; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + queryport-pool-ports <integer>; // obsolete + queryport-pool-updateinterval <integer>; // obsolete + rate-limit { + all-per-second <integer>; + errors-per-second <integer>; + exempt-clients { <address_match_element>; ... }; + ipv4-prefix-length <integer>; + ipv6-prefix-length <integer>; + log-only <boolean>; + max-table-size <integer>; + min-table-size <integer>; + nodata-per-second <integer>; + nxdomains-per-second <integer>; + qps-scale <integer>; + referrals-per-second <integer>; + responses-per-second <integer>; + slip <integer>; + window <integer>; + }; + recursion <boolean>; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + request-sit <boolean>; // obsolete + require-server-cookie <boolean>; + resolver-nonbackoff-tries <integer>; + resolver-query-timeout <integer>; + resolver-retry-interval <integer>; + response-padding { <address_match_element>; ... } block-size + <integer>; + response-policy { zone <string> [ add-soa <boolean> ] [ log + <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval + <duration> ] [ policy ( cname | disabled | drop | given | no-op + | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ + recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ + break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ + min-update-interval <duration> ] [ min-ns-dots <integer> ] [ + nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] + [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ + dnsrps-options { <unspecified-text> } ]; + rfc2308-type1 <boolean>; // ancient + root-delegation-only [ exclude { <string>; ... } ]; + root-key-sentinel <boolean>; + rrset-order { [ class <string> ] [ type <string> ] [ name + <quoted_string> ] <string> <string>; ... }; + send-cookie <boolean>; + serial-update-method ( date | increment | unixtime ); + server <netprefix> { + bogus <boolean>; + edns <boolean>; + edns-udp-size <integer>; + edns-version <integer>; + keys <server_key>; + max-udp-size <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * + ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> + | * ) ] [ dscp <integer> ]; + padding <integer>; + provide-ixfr <boolean>; + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port + ( <integer> | * ) ] ) | ( [ [ address ] ( + <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ + dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ + port ( <integer> | * ) ] ) | ( [ [ address ] ( + <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ + dscp <integer> ]; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + request-sit <boolean>; // obsolete + send-cookie <boolean>; + support-ixfr <boolean>; // obsolete + tcp-keepalive <boolean>; + tcp-only <boolean>; + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + transfers <integer>; + }; // may occur multiple times + servfail-ttl <duration>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + sortlist { <address_match_element>; ... }; + stale-answer-client-timeout ( disabled | off | <integer> ); + stale-answer-enable <boolean>; + stale-answer-ttl <duration>; + stale-cache-enable <boolean>; + stale-refresh-time <duration>; + suppress-initial-notify <boolean>; // not yet implemented + synth-from-dnssec <boolean>; + topology { <address_match_element>; ... }; // ancient + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + trust-anchor-telemetry <boolean>; // experimental + trust-anchors { <string> ( static-key | + initial-key | static-ds | initial-ds + ) <integer> <integer> <integer> + <quoted_string>; ... }; // may occur multiple times + trusted-keys { <string> + <integer> <integer> + <integer> + <quoted_string>; ... }; // may occur multiple times, deprecated + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + use-alt-transfer-source <boolean>; + use-queryport-pool <boolean>; // obsolete + v6-bias <integer>; + validate-except { <string>; ... }; + zero-no-soa-ttl <boolean>; + zero-no-soa-ttl-cache <boolean>; + zone <string> [ <class> ] { + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + database <string>; + delegation-only <boolean>; + dialup ( notify | notify-passive | passive | refresh | + <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( + <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ + dscp <integer> ]; ... }; + in-view <string>; + inline-signing <boolean>; + ixfr-base <quoted_string>; // ancient + ixfr-from-differences <boolean>; + ixfr-tmp-file <quoted_string>; // ancient + journal <quoted_string>; + key-directory <quoted_string>; + maintain-ixfr-base <boolean>; // ancient + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + max-ixfr-log-size ( default | unlimited | + <sizeval> ); // ancient + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-zone-ttl ( unlimited | <duration> ); + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * + ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> + | * ) ] [ dscp <integer> ]; + notify-to-soa <boolean>; + nsec3-test-zone <boolean>; // test only + parental-agents [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + pubkey <integer> <integer> <integer> + <quoted_string>; // ancient + request-expire <boolean>; + request-ixfr <boolean>; + serial-update-method ( date | increment | unixtime ); + server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; + server-names { <string>; ... }; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + type ( primary | master | secondary | slave | mirror | + delegation-only | forward | hint | redirect | + static-stub | stub ); + update-check-ksk <boolean>; + update-policy ( local | { ( deny | grant ) <string> ( + 6to4-self | external | krb5-self | krb5-selfsub | + krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | + name | self | selfsub | selfwild | subdomain | tcp-self + | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } ); + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; // may occur multiple times + zone-statistics ( full | terse | none | <boolean> ); +}; // may occur multiple times + +zone <string> [ <class> ] { + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + database <string>; + delegation-only <boolean>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + in-view <string>; + inline-signing <boolean>; + ixfr-base <quoted_string>; // ancient + ixfr-from-differences <boolean>; + ixfr-tmp-file <quoted_string>; // ancient + journal <quoted_string>; + key-directory <quoted_string>; + maintain-ixfr-base <boolean>; // ancient + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> + | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port + <integer> ] ) [ key <string> ]; ... }; + max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-zone-ttl ( unlimited | <duration> ); + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + nsec3-test-zone <boolean>; // test only + parental-agents [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + pubkey <integer> <integer> <integer> <quoted_string>; // ancient + request-expire <boolean>; + request-ixfr <boolean>; + serial-update-method ( date | increment | unixtime ); + server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; + server-names { <string>; ... }; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + type ( primary | master | secondary | slave | mirror | + delegation-only | forward | hint | redirect | static-stub | + stub ); + update-check-ksk <boolean>; + update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | + external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self + | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild + | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] + <rrtypelist>; ... } ); + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; // may occur multiple times + diff --git a/doc/misc/options.active b/doc/misc/options.active new file mode 100644 index 0000000..eb75a86 --- /dev/null +++ b/doc/misc/options.active @@ -0,0 +1,942 @@ + +This is a summary of the named.conf options supported by +this version of BIND 9. + +acl <string> { <address_match_element>; ... }; // may occur multiple times + +controls { + inet ( <ipv4_address> | <ipv6_address> | + * ) [ port ( <integer> | * ) ] allow + { <address_match_element>; ... } [ + keys { <string>; ... } ] [ read-only + <boolean> ]; // may occur multiple times + unix <quoted_string> perm <integer> + owner <integer> group <integer> [ + keys { <string>; ... } ] [ read-only + <boolean> ]; // may occur multiple times +}; // may occur multiple times + +dlz <string> { + database <string>; + search <boolean>; +}; // may occur multiple times + +dnssec-policy <string> { + dnskey-ttl <duration>; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime + <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; + max-zone-ttl <duration>; + nsec3param [ iterations <integer> ] [ optout <boolean> ] [ + salt-length <integer> ]; + parent-ds-ttl <duration>; + parent-propagation-delay <duration>; + publish-safety <duration>; + purge-keys <duration>; + retire-safety <duration>; + signatures-refresh <duration>; + signatures-validity <duration>; + signatures-validity-dnskey <duration>; + zone-propagation-delay <duration>; +}; // may occur multiple times + +dyndb <string> <quoted_string> { + <unspecified-text> }; // may occur multiple times + +key <string> { + algorithm <string>; + secret <string>; +}; // may occur multiple times + +logging { + category <string> { <string>; ... }; // may occur multiple times + channel <string> { + buffered <boolean>; + file <quoted_string> [ versions ( unlimited | <integer> ) ] + [ size <size> ] [ suffix ( increment | timestamp ) ]; + null; + print-category <boolean>; + print-severity <boolean>; + print-time ( iso8601 | iso8601-utc | local | <boolean> ); + severity <log_severity>; + stderr; + syslog [ <syslog_facility> ]; + }; // may occur multiple times +}; + +managed-keys { <string> ( static-key + | initial-key | static-ds | + initial-ds ) <integer> <integer> + <integer> <quoted_string>; ... }; // may occur multiple times, deprecated + +masters <string> [ port <integer> ] [ dscp + <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; // may occur multiple times + +options { + allow-new-zones <boolean>; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-cache { <address_match_element>; ... }; + allow-query-cache-on { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-recursion { <address_match_element>; ... }; + allow-recursion-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + answer-cookie <boolean>; + attach-cache <string>; + auth-nxdomain <boolean>; // default changed + auto-dnssec ( allow | maintain | off ); // deprecated + automatic-interface-scan <boolean>; + avoid-v4-udp-ports { <portrange>; ... }; + avoid-v6-udp-ports { <portrange>; ... }; + bindkeys-file <quoted_string>; + blackhole { <address_match_element>; ... }; + cache-file <quoted_string>; // deprecated + catalog-zones { zone <string> [ default-masters [ port <integer> ] + [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port + <integer> ] | <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... } ] [ zone-directory <quoted_string> ] [ + in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | + secondary | slave | response ) ( + fail | warn | ignore ); // may occur multiple times + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + clients-per-query <integer>; + cookie-algorithm ( aes | siphash24 ); + cookie-secret <string>; // may occur multiple times + coresize ( default | unlimited | <sizeval> ); + datasize ( default | unlimited | <sizeval> ); + deny-answer-addresses { <address_match_element>; ... } [ + except-from { <string>; ... } ]; + deny-answer-aliases { <string>; ... } [ except-from { <string>; ... + } ]; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + directory <quoted_string>; + disable-algorithms <string> { <string>; + ... }; // may occur multiple times + disable-ds-digests <string> { <string>; + ... }; // may occur multiple times + disable-empty-zone <string>; // may occur multiple times + dns64 <netprefix> { + break-dnssec <boolean>; + clients { <address_match_element>; ... }; + exclude { <address_match_element>; ... }; + mapped { <address_match_element>; ... }; + recursive-only <boolean>; + suffix <ipv6_address>; + }; // may occur multiple times + dns64-contact <string>; + dns64-server <string>; + dnskey-sig-validity <integer>; + dnsrps-enable <boolean>; // not configured + dnsrps-options { <unspecified-text> }; // not configured + dnssec-accept-expired <boolean>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-must-be-secure <string> <boolean>; // may occur multiple times + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ + ( query | response ) ]; ... }; + dnstap-identity ( <quoted_string> | none | hostname ); + dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | + <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( + increment | timestamp ) ]; + dnstap-version ( <quoted_string> | none ); + dscp <integer>; // deprecated + dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port + <integer> ] [ dscp <integer> ] | <ipv4_address> [ port + <integer> ] [ dscp <integer> ] | <ipv6_address> [ port + <integer> ] [ dscp <integer> ] ); ... }; + dump-file <quoted_string>; + edns-udp-size <integer>; + empty-contact <string>; + empty-server <string>; + empty-zones-enable <boolean>; + fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; + fetches-per-server <integer> [ ( drop | fail ) ]; + fetches-per-zone <integer> [ ( drop | fail ) ]; + files ( default | unlimited | <sizeval> ); + flush-zones-on-shutdown <boolean>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + fstrm-set-buffer-hint <integer>; + fstrm-set-flush-timeout <integer>; + fstrm-set-input-queue-size <integer>; + fstrm-set-output-notify-threshold <integer>; + fstrm-set-output-queue-model ( mpsc | spsc ); + fstrm-set-output-queue-size <integer>; + fstrm-set-reopen-interval <duration>; + geoip-directory ( <quoted_string> | none ); + glue-cache <boolean>; + heartbeat-interval <integer>; + hostname ( <quoted_string> | none ); + interface-interval <duration>; + ixfr-from-differences ( primary | master | secondary | slave | + <boolean> ); + keep-response-order { <address_match_element>; ... }; + key-directory <quoted_string>; + lame-ttl <duration>; + listen-on [ port <integer> ] [ dscp + <integer> ] { + <address_match_element>; ... }; // may occur multiple times + listen-on-v6 [ port <integer> ] [ dscp + <integer> ] { + <address_match_element>; ... }; // may occur multiple times + lmdb-mapsize <sizeval>; + lock-file ( <quoted_string> | none ); + managed-keys-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses <boolean>; + max-cache-size ( default | unlimited | <sizeval> | <percentage> ); + max-cache-ttl <duration>; + max-clients-per-query <integer>; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-ncache-ttl <duration>; + max-records <integer>; + max-recursion-depth <integer>; + max-recursion-queries <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-rsa-exponent-size <integer>; + max-stale-ttl <duration>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-udp-size <integer>; + max-zone-ttl ( unlimited | <duration> ); + memstatistics <boolean>; + memstatistics-file <quoted_string>; + message-compression <boolean>; + min-cache-ttl <duration>; + min-ncache-ttl <duration>; + min-refresh-time <integer>; + min-retry-time <integer>; + minimal-any <boolean>; + minimal-responses ( no-auth | no-auth-recursive | <boolean> ); + multi-master <boolean>; + new-zones-directory <quoted_string>; + no-case-compress { <address_match_element>; ... }; + nocookie-udp-size <integer>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-rate <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + nta-lifetime <duration>; + nta-recheck <duration>; + nxdomain-redirect <string>; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + pid-file ( <quoted_string> | none ); + port <integer>; + preferred-glue <string>; + prefetch <integer> [ <integer> ]; + provide-ixfr <boolean>; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + querylog <boolean>; + random-device ( <quoted_string> | none ); + rate-limit { + all-per-second <integer>; + errors-per-second <integer>; + exempt-clients { <address_match_element>; ... }; + ipv4-prefix-length <integer>; + ipv6-prefix-length <integer>; + log-only <boolean>; + max-table-size <integer>; + min-table-size <integer>; + nodata-per-second <integer>; + nxdomains-per-second <integer>; + qps-scale <integer>; + referrals-per-second <integer>; + responses-per-second <integer>; + slip <integer>; + window <integer>; + }; + recursing-file <quoted_string>; + recursion <boolean>; + recursive-clients <integer>; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + require-server-cookie <boolean>; + reserved-sockets <integer>; + resolver-nonbackoff-tries <integer>; + resolver-query-timeout <integer>; + resolver-retry-interval <integer>; + response-padding { <address_match_element>; ... } block-size + <integer>; + response-policy { zone <string> [ add-soa <boolean> ] [ log + <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval + <duration> ] [ policy ( cname | disabled | drop | given | no-op + | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ + recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ + break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ + min-update-interval <duration> ] [ min-ns-dots <integer> ] [ + nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] + [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ + dnsrps-options { <unspecified-text> } ]; + reuseport <boolean>; + root-delegation-only [ exclude { <string>; ... } ]; + root-key-sentinel <boolean>; + rrset-order { [ class <string> ] [ type <string> ] [ name + <quoted_string> ] <string> <string>; ... }; + secroots-file <quoted_string>; + send-cookie <boolean>; + serial-query-rate <integer>; + serial-update-method ( date | increment | unixtime ); + server-id ( <quoted_string> | none | hostname ); + servfail-ttl <duration>; + session-keyalg <string>; + session-keyfile ( <quoted_string> | none ); + session-keyname <string>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + sortlist { <address_match_element>; ... }; + stacksize ( default | unlimited | <sizeval> ); + stale-answer-client-timeout ( disabled | off | <integer> ); + stale-answer-enable <boolean>; + stale-answer-ttl <duration>; + stale-cache-enable <boolean>; + stale-refresh-time <duration>; + startup-notify-rate <integer>; + statistics-file <quoted_string>; + synth-from-dnssec <boolean>; + tcp-advertised-timeout <integer>; + tcp-clients <integer>; + tcp-idle-timeout <integer>; + tcp-initial-timeout <integer>; + tcp-keepalive-timeout <integer>; + tcp-listen-queue <integer>; + tkey-dhkey <quoted_string> <integer>; + tkey-domain <quoted_string>; + tkey-gssapi-credential <quoted_string>; + tkey-gssapi-keytab <quoted_string>; + transfer-format ( many-answers | one-answer ); + transfer-message-size <integer>; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + transfers-in <integer>; + transfers-out <integer>; + transfers-per-ns <integer>; + trust-anchor-telemetry <boolean>; // experimental + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + update-quota <integer>; + use-alt-transfer-source <boolean>; + use-v4-udp-ports { <portrange>; ... }; + use-v6-udp-ports { <portrange>; ... }; + v6-bias <integer>; + validate-except { <string>; ... }; + version ( <quoted_string> | none ); + zero-no-soa-ttl <boolean>; + zero-no-soa-ttl-cache <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; + +parental-agents <string> [ port <integer> ] [ + dscp <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; // may occur multiple times + +plugin ( query ) <string> [ { <unspecified-text> + } ]; // may occur multiple times + +primaries <string> [ port <integer> ] [ dscp + <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; // may occur multiple times + +server <netprefix> { + bogus <boolean>; + edns <boolean>; + edns-udp-size <integer>; + edns-version <integer>; + keys <server_key>; + max-udp-size <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + padding <integer>; + provide-ixfr <boolean>; + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + send-cookie <boolean>; + tcp-keepalive <boolean>; + tcp-only <boolean>; + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + transfers <integer>; +}; // may occur multiple times + +statistics-channels { + inet ( <ipv4_address> | <ipv6_address> | + * ) [ port ( <integer> | * ) ] [ + allow { <address_match_element>; ... + } ]; // may occur multiple times +}; // may occur multiple times + +trust-anchors { <string> ( static-key | + initial-key | static-ds | initial-ds ) + <integer> <integer> <integer> + <quoted_string>; ... }; // may occur multiple times + +trusted-keys { <string> <integer> + <integer> <integer> + <quoted_string>; ... }; // may occur multiple times, deprecated + +view <string> [ <class> ] { + allow-new-zones <boolean>; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-cache { <address_match_element>; ... }; + allow-query-cache-on { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-recursion { <address_match_element>; ... }; + allow-recursion-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + attach-cache <string>; + auth-nxdomain <boolean>; // default changed + auto-dnssec ( allow | maintain | off ); // deprecated + cache-file <quoted_string>; // deprecated + catalog-zones { zone <string> [ default-masters [ port <integer> ] + [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port + <integer> ] | <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... } ] [ zone-directory <quoted_string> ] [ + in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | + secondary | slave | response ) ( + fail | warn | ignore ); // may occur multiple times + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + clients-per-query <integer>; + deny-answer-addresses { <address_match_element>; ... } [ + except-from { <string>; ... } ]; + deny-answer-aliases { <string>; ... } [ except-from { <string>; ... + } ]; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + disable-algorithms <string> { <string>; + ... }; // may occur multiple times + disable-ds-digests <string> { <string>; + ... }; // may occur multiple times + disable-empty-zone <string>; // may occur multiple times + dlz <string> { + database <string>; + search <boolean>; + }; // may occur multiple times + dns64 <netprefix> { + break-dnssec <boolean>; + clients { <address_match_element>; ... }; + exclude { <address_match_element>; ... }; + mapped { <address_match_element>; ... }; + recursive-only <boolean>; + suffix <ipv6_address>; + }; // may occur multiple times + dns64-contact <string>; + dns64-server <string>; + dnskey-sig-validity <integer>; + dnsrps-enable <boolean>; // not configured + dnsrps-options { <unspecified-text> }; // not configured + dnssec-accept-expired <boolean>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-must-be-secure <string> <boolean>; // may occur multiple times + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ + ( query | response ) ]; ... }; + dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port + <integer> ] [ dscp <integer> ] | <ipv4_address> [ port + <integer> ] [ dscp <integer> ] | <ipv6_address> [ port + <integer> ] [ dscp <integer> ] ); ... }; + dyndb <string> <quoted_string> { + <unspecified-text> }; // may occur multiple times + edns-udp-size <integer>; + empty-contact <string>; + empty-server <string>; + empty-zones-enable <boolean>; + fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; + fetches-per-server <integer> [ ( drop | fail ) ]; + fetches-per-zone <integer> [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + glue-cache <boolean>; + ixfr-from-differences ( primary | master | secondary | slave | + <boolean> ); + key <string> { + algorithm <string>; + secret <string>; + }; // may occur multiple times + key-directory <quoted_string>; + lame-ttl <duration>; + lmdb-mapsize <sizeval>; + managed-keys { <string> ( + static-key | initial-key + | static-ds | initial-ds + ) <integer> <integer> + <integer> + <quoted_string>; ... }; // may occur multiple times, deprecated + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + match-clients { <address_match_element>; ... }; + match-destinations { <address_match_element>; ... }; + match-recursive-only <boolean>; + max-cache-size ( default | unlimited | <sizeval> | <percentage> ); + max-cache-ttl <duration>; + max-clients-per-query <integer>; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-ncache-ttl <duration>; + max-records <integer>; + max-recursion-depth <integer>; + max-recursion-queries <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-stale-ttl <duration>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-udp-size <integer>; + max-zone-ttl ( unlimited | <duration> ); + message-compression <boolean>; + min-cache-ttl <duration>; + min-ncache-ttl <duration>; + min-refresh-time <integer>; + min-retry-time <integer>; + minimal-any <boolean>; + minimal-responses ( no-auth | no-auth-recursive | <boolean> ); + multi-master <boolean>; + new-zones-directory <quoted_string>; + no-case-compress { <address_match_element>; ... }; + nocookie-udp-size <integer>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + nta-lifetime <duration>; + nta-recheck <duration>; + nxdomain-redirect <string>; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + plugin ( query ) <string> [ { + <unspecified-text> } ]; // may occur multiple times + preferred-glue <string>; + prefetch <integer> [ <integer> ]; + provide-ixfr <boolean>; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + rate-limit { + all-per-second <integer>; + errors-per-second <integer>; + exempt-clients { <address_match_element>; ... }; + ipv4-prefix-length <integer>; + ipv6-prefix-length <integer>; + log-only <boolean>; + max-table-size <integer>; + min-table-size <integer>; + nodata-per-second <integer>; + nxdomains-per-second <integer>; + qps-scale <integer>; + referrals-per-second <integer>; + responses-per-second <integer>; + slip <integer>; + window <integer>; + }; + recursion <boolean>; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + require-server-cookie <boolean>; + resolver-nonbackoff-tries <integer>; + resolver-query-timeout <integer>; + resolver-retry-interval <integer>; + response-padding { <address_match_element>; ... } block-size + <integer>; + response-policy { zone <string> [ add-soa <boolean> ] [ log + <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval + <duration> ] [ policy ( cname | disabled | drop | given | no-op + | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ + recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ + break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ + min-update-interval <duration> ] [ min-ns-dots <integer> ] [ + nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] + [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ + dnsrps-options { <unspecified-text> } ]; + root-delegation-only [ exclude { <string>; ... } ]; + root-key-sentinel <boolean>; + rrset-order { [ class <string> ] [ type <string> ] [ name + <quoted_string> ] <string> <string>; ... }; + send-cookie <boolean>; + serial-update-method ( date | increment | unixtime ); + server <netprefix> { + bogus <boolean>; + edns <boolean>; + edns-udp-size <integer>; + edns-version <integer>; + keys <server_key>; + max-udp-size <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * + ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> + | * ) ] [ dscp <integer> ]; + padding <integer>; + provide-ixfr <boolean>; + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port + ( <integer> | * ) ] ) | ( [ [ address ] ( + <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ + dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ + port ( <integer> | * ) ] ) | ( [ [ address ] ( + <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ + dscp <integer> ]; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + send-cookie <boolean>; + tcp-keepalive <boolean>; + tcp-only <boolean>; + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + transfers <integer>; + }; // may occur multiple times + servfail-ttl <duration>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + sortlist { <address_match_element>; ... }; + stale-answer-client-timeout ( disabled | off | <integer> ); + stale-answer-enable <boolean>; + stale-answer-ttl <duration>; + stale-cache-enable <boolean>; + stale-refresh-time <duration>; + synth-from-dnssec <boolean>; + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + trust-anchor-telemetry <boolean>; // experimental + trust-anchors { <string> ( static-key | + initial-key | static-ds | initial-ds + ) <integer> <integer> <integer> + <quoted_string>; ... }; // may occur multiple times + trusted-keys { <string> + <integer> <integer> + <integer> + <quoted_string>; ... }; // may occur multiple times, deprecated + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + use-alt-transfer-source <boolean>; + v6-bias <integer>; + validate-except { <string>; ... }; + zero-no-soa-ttl <boolean>; + zero-no-soa-ttl-cache <boolean>; + zone <string> [ <class> ] { + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + database <string>; + delegation-only <boolean>; + dialup ( notify | notify-passive | passive | refresh | + <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( + <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ + dscp <integer> ]; ... }; + in-view <string>; + inline-signing <boolean>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + key-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-zone-ttl ( unlimited | <duration> ); + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * + ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> + | * ) ] [ dscp <integer> ]; + notify-to-soa <boolean>; + parental-agents [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; + ... }; + request-expire <boolean>; + request-ixfr <boolean>; + serial-update-method ( date | increment | unixtime ); + server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; + server-names { <string>; ... }; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + type ( primary | master | secondary | slave | mirror | + delegation-only | forward | hint | redirect | + static-stub | stub ); + update-check-ksk <boolean>; + update-policy ( local | { ( deny | grant ) <string> ( + 6to4-self | external | krb5-self | krb5-selfsub | + krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | + name | self | selfsub | selfwild | subdomain | tcp-self + | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } ); + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; // may occur multiple times + zone-statistics ( full | terse | none | <boolean> ); +}; // may occur multiple times + +zone <string> [ <class> ] { + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + database <string>; + delegation-only <boolean>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + in-view <string>; + inline-signing <boolean>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + key-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> + | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port + <integer> ] ) [ key <string> ]; ... }; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-zone-ttl ( unlimited | <duration> ); + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + parental-agents [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + request-expire <boolean>; + request-ixfr <boolean>; + serial-update-method ( date | increment | unixtime ); + server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; + server-names { <string>; ... }; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + type ( primary | master | secondary | slave | mirror | + delegation-only | forward | hint | redirect | static-stub | + stub ); + update-check-ksk <boolean>; + update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | + external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self + | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild + | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] + <rrtypelist>; ... } ); + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; // may occur multiple times + diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst new file mode 100644 index 0000000..beef353 --- /dev/null +++ b/doc/misc/options.grammar.rst @@ -0,0 +1,313 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + options { + allow-new-zones <boolean>; + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-cache { <address_match_element>; ... }; + allow-query-cache-on { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-recursion { <address_match_element>; ... }; + allow-recursion-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( + <remote-servers> | <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | + * ) ] [ dscp <integer> ]; + answer-cookie <boolean>; + attach-cache <string>; + auth-nxdomain <boolean>; // default changed + auto-dnssec ( allow | maintain | off ); // deprecated + automatic-interface-scan <boolean>; + avoid-v4-udp-ports { <portrange>; ... }; + avoid-v6-udp-ports { <portrange>; ... }; + bindkeys-file <quoted_string>; + blackhole { <address_match_element>; ... }; + cache-file <quoted_string>; // deprecated + catalog-zones { zone <string> [ default-masters [ port <integer> ] + [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port + <integer> ] | <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... } ] [ zone-directory <quoted_string> ] [ + in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity <boolean>; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | + secondary | slave | response ) ( + fail | warn | ignore ); + check-sibling <boolean>; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard <boolean>; + clients-per-query <integer>; + cookie-algorithm ( aes | siphash24 ); + cookie-secret <string>; + coresize ( default | unlimited | <sizeval> ); + datasize ( default | unlimited | <sizeval> ); + deny-answer-addresses { <address_match_element>; ... } [ + except-from { <string>; ... } ]; + deny-answer-aliases { <string>; ... } [ except-from { <string>; ... + } ]; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + directory <quoted_string>; + disable-algorithms <string> { <string>; + ... }; + disable-ds-digests <string> { <string>; + ... }; + disable-empty-zone <string>; + dns64 <netprefix> { + break-dnssec <boolean>; + clients { <address_match_element>; ... }; + exclude { <address_match_element>; ... }; + mapped { <address_match_element>; ... }; + recursive-only <boolean>; + suffix <ipv6_address>; + }; + dns64-contact <string>; + dns64-server <string>; + dnskey-sig-validity <integer>; + dnsrps-enable <boolean>; + dnsrps-options { <unspecified-text> }; + dnssec-accept-expired <boolean>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-must-be-secure <string> <boolean>; + dnssec-policy <string>; + dnssec-secure-to-insecure <boolean>; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ + ( query | response ) ]; ... }; + dnstap-identity ( <quoted_string> | none | hostname ); + dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | + <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( + increment | timestamp ) ]; + dnstap-version ( <quoted_string> | none ); + dscp <integer>; + dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port + <integer> ] [ dscp <integer> ] | <ipv4_address> [ port + <integer> ] [ dscp <integer> ] | <ipv6_address> [ port + <integer> ] [ dscp <integer> ] ); ... }; + dump-file <quoted_string>; + edns-udp-size <integer>; + empty-contact <string>; + empty-server <string>; + empty-zones-enable <boolean>; + fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; + fetches-per-server <integer> [ ( drop | fail ) ]; + fetches-per-zone <integer> [ ( drop | fail ) ]; + files ( default | unlimited | <sizeval> ); + flush-zones-on-shutdown <boolean>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> + | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + fstrm-set-buffer-hint <integer>; + fstrm-set-flush-timeout <integer>; + fstrm-set-input-queue-size <integer>; + fstrm-set-output-notify-threshold <integer>; + fstrm-set-output-queue-model ( mpsc | spsc ); + fstrm-set-output-queue-size <integer>; + fstrm-set-reopen-interval <duration>; + geoip-directory ( <quoted_string> | none ); + glue-cache <boolean>; + heartbeat-interval <integer>; + hostname ( <quoted_string> | none ); + interface-interval <duration>; + ixfr-from-differences ( primary | master | secondary | slave | + <boolean> ); + keep-response-order { <address_match_element>; ... }; + key-directory <quoted_string>; + lame-ttl <duration>; + listen-on [ port <integer> ] [ dscp + <integer> ] { + <address_match_element>; ... }; + listen-on-v6 [ port <integer> ] [ dscp + <integer> ] { + <address_match_element>; ... }; + lmdb-mapsize <sizeval>; + lock-file ( <quoted_string> | none ); + managed-keys-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses <boolean>; + max-cache-size ( default | unlimited | <sizeval> | <percentage> ); + max-cache-ttl <duration>; + max-clients-per-query <integer>; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-ncache-ttl <duration>; + max-records <integer>; + max-recursion-depth <integer>; + max-recursion-queries <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-rsa-exponent-size <integer>; + max-stale-ttl <duration>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + max-udp-size <integer>; + max-zone-ttl ( unlimited | <duration> ); + memstatistics <boolean>; + memstatistics-file <quoted_string>; + message-compression <boolean>; + min-cache-ttl <duration>; + min-ncache-ttl <duration>; + min-refresh-time <integer>; + min-retry-time <integer>; + minimal-any <boolean>; + minimal-responses ( no-auth | no-auth-recursive | <boolean> ); + multi-master <boolean>; + new-zones-directory <quoted_string>; + no-case-compress { <address_match_element>; ... }; + nocookie-udp-size <integer>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-rate <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + notify-to-soa <boolean>; + nta-lifetime <duration>; + nta-recheck <duration>; + nxdomain-redirect <string>; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + pid-file ( <quoted_string> | none ); + port <integer>; + preferred-glue <string>; + prefetch <integer> [ <integer> ]; + provide-ixfr <boolean>; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + querylog <boolean>; + random-device ( <quoted_string> | none ); + rate-limit { + all-per-second <integer>; + errors-per-second <integer>; + exempt-clients { <address_match_element>; ... }; + ipv4-prefix-length <integer>; + ipv6-prefix-length <integer>; + log-only <boolean>; + max-table-size <integer>; + min-table-size <integer>; + nodata-per-second <integer>; + nxdomains-per-second <integer>; + qps-scale <integer>; + referrals-per-second <integer>; + responses-per-second <integer>; + slip <integer>; + window <integer>; + }; + recursing-file <quoted_string>; + recursion <boolean>; + recursive-clients <integer>; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + require-server-cookie <boolean>; + reserved-sockets <integer>; + resolver-nonbackoff-tries <integer>; + resolver-query-timeout <integer>; + resolver-retry-interval <integer>; + response-padding { <address_match_element>; ... } block-size + <integer>; + response-policy { zone <string> [ add-soa <boolean> ] [ log + <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval + <duration> ] [ policy ( cname | disabled | drop | given | no-op + | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ + recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ + break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ + min-update-interval <duration> ] [ min-ns-dots <integer> ] [ + nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] + [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ + nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ + dnsrps-options { <unspecified-text> } ]; + reuseport <boolean>; + root-delegation-only [ exclude { <string>; ... } ]; + root-key-sentinel <boolean>; + rrset-order { [ class <string> ] [ type <string> ] [ name + <quoted_string> ] <string> <string>; ... }; + secroots-file <quoted_string>; + send-cookie <boolean>; + serial-query-rate <integer>; + serial-update-method ( date | increment | unixtime ); + server-id ( <quoted_string> | none | hostname ); + servfail-ttl <duration>; + session-keyalg <string>; + session-keyfile ( <quoted_string> | none ); + session-keyname <string>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + sortlist { <address_match_element>; ... }; + stacksize ( default | unlimited | <sizeval> ); + stale-answer-client-timeout ( disabled | off | <integer> ); + stale-answer-enable <boolean>; + stale-answer-ttl <duration>; + stale-cache-enable <boolean>; + stale-refresh-time <duration>; + startup-notify-rate <integer>; + statistics-file <quoted_string>; + synth-from-dnssec <boolean>; + tcp-advertised-timeout <integer>; + tcp-clients <integer>; + tcp-idle-timeout <integer>; + tcp-initial-timeout <integer>; + tcp-keepalive-timeout <integer>; + tcp-listen-queue <integer>; + tkey-dhkey <quoted_string> <integer>; + tkey-domain <quoted_string>; + tkey-gssapi-credential <quoted_string>; + tkey-gssapi-keytab <quoted_string>; + transfer-format ( many-answers | one-answer ); + transfer-message-size <integer>; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + transfers-in <integer>; + transfers-out <integer>; + transfers-per-ns <integer>; + trust-anchor-telemetry <boolean>; // experimental + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + update-quota <integer>; + use-alt-transfer-source <boolean>; + use-v4-udp-ports { <portrange>; ... }; + use-v6-udp-ports { <portrange>; ... }; + v6-bias <integer>; + validate-except { <string>; ... }; + version ( <quoted_string> | none ); + zero-no-soa-ttl <boolean>; + zero-no-soa-ttl-cache <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/parental-agents.grammar.rst b/doc/misc/parental-agents.grammar.rst new file mode 100644 index 0000000..509d01c --- /dev/null +++ b/doc/misc/parental-agents.grammar.rst @@ -0,0 +1,18 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + parental-agents <string> [ port <integer> ] [ + dscp <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; diff --git a/doc/misc/primaries.grammar.rst b/doc/misc/primaries.grammar.rst new file mode 100644 index 0000000..7e1901e --- /dev/null +++ b/doc/misc/primaries.grammar.rst @@ -0,0 +1,18 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + primaries <string> [ port <integer> ] [ dscp + <integer> ] { ( <remote-servers> | + <ipv4_address> [ port <integer> ] | + <ipv6_address> [ port <integer> ] ) [ key + <string> ]; ... }; diff --git a/doc/misc/redirect.zoneopt b/doc/misc/redirect.zoneopt new file mode 100644 index 0000000..6a5ef66 --- /dev/null +++ b/doc/misc/redirect.zoneopt @@ -0,0 +1,14 @@ +zone <string> [ <class> ] { + type redirect; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + dlz <string>; + file <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-records <integer>; + max-zone-ttl ( unlimited | <duration> ); + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + zone-statistics ( full | terse | none | <boolean> ); +}; diff --git a/doc/misc/redirect.zoneopt.rst b/doc/misc/redirect.zoneopt.rst new file mode 100644 index 0000000..51c378a --- /dev/null +++ b/doc/misc/redirect.zoneopt.rst @@ -0,0 +1,27 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type redirect; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + dlz <string>; + file <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-records <integer>; + max-zone-ttl ( unlimited | <duration> ); + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/rst-grammars.pl b/doc/misc/rst-grammars.pl new file mode 100644 index 0000000..56ff5ea --- /dev/null +++ b/doc/misc/rst-grammars.pl @@ -0,0 +1,81 @@ +#!/usr/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +use warnings; +use strict; + +if (@ARGV < 2) { + print STDERR <<'END'; +usage: + perl docbook-options.pl options_file section > section.grammar.xml +END + exit 1; +} + +my $FILE = shift; +my $SECTION = shift; + +open (FH, "<", $FILE) or die "Can't open $FILE"; + +print <<END; +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + +END + +# skip preamble +my $preamble = 0; +while (<FH>) { + if (m{^\s*$}) { + last if $preamble > 0; + } else { + $preamble++; + } +} + +my $display = 0; +while (<FH>) { + if (m{^$SECTION\b}) { + $display = 1 + } + + if (m{// not.*implemented} || m{// obsolete} || + m{// ancient} || m{// test.*only}) + { + next; + } + + s{ // not configured}{}; + s{ // non-operational}{}; + s{ // may occur multiple times}{}; + s{[[]}{[}g; + s{[]]}{]}g; + s{ }{\t}g; + + if (m{^\s*$} && $display) { + last; + } + if ($display) { + print " " . $_; + } +} diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl new file mode 100644 index 0000000..7b5d490 --- /dev/null +++ b/doc/misc/rst-options.pl @@ -0,0 +1,135 @@ +#!/usr/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +use warnings; +use strict; + +if (@ARGV < 1) { + print STDERR <<'END'; +usage: + perl rst-options.pl options_file >named.conf.rst +END + exit 1; +} + +my $FILE = shift; + +open (FH, "<", $FILE) or die "Can't open $FILE"; + +print <<END; +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +END + +print <<END; +.. highlight: console + +named.conf - configuration file for **named** +--------------------------------------------- + +Synopsis +~~~~~~~~ + +:program:`named.conf` + +Description +~~~~~~~~~~~ + +``named.conf`` is the configuration file for ``named``. Statements are +enclosed in braces and terminated with a semi-colon. Clauses in the +statements are also semi-colon terminated. The usual comment styles are +supported: + +C style: /\\* \\*/ + + C++ style: // to end of line + +Unix style: # to end of line + +END + +# skip preamble +my $preamble = 0; +while (<FH>) { + if (m{^\s*$}) { + last if $preamble > 0; + } else { + $preamble++; + } +} + +my $blank = 0; +while (<FH>) { + if (m{// not.*implemented} || m{// obsolete} || + m{// ancient} || m{// test.*only}) + { + next; + } + + s{ // not configured}{}; + s{ // non-operational}{}; + s{ (// )*may occur multiple times}{}; + s{<([a-z0-9_-]+)>}{$1}g; + s{ // deprecated,*}{// deprecated}; + s{[[]}{[}g; + s{[]]}{]}g; + s{ }{\t}g; + if (m{^([a-z0-9-]+) }) { + my $HEADING = uc $1; + my $UNDERLINE = $HEADING; + $UNDERLINE =~ s/./^/g; + print $HEADING . "\n"; + print $UNDERLINE . "\n\n"; + if ($HEADING eq "TRUSTED-KEYS") { + print "Deprecated - see DNSSEC-KEYS.\n\n"; + } + if ($HEADING eq "MANAGED-KEYS") { + print "See DNSSEC-KEYS.\n\n" ; + } + print "::\n\n"; + } + + if (m{^\s*$}) { + if (!$blank) { + print "\n"; + $blank = 1; + } + next; + } else { + $blank = 0; + } + print " " . $_; + +} + +print <<END; +Files +~~~~~ + +``/etc/named.conf`` + +See Also +~~~~~~~~ + +:manpage:`ddns-confgen(8)`, :manpage:`named(8)`, :manpage:`named-checkconf(8)`, :manpage:`rndc(8)`, :manpage:`rndc-confgen(8)`, BIND 9 Administrator Reference Manual. + +END diff --git a/doc/misc/rst-zoneopt.pl b/doc/misc/rst-zoneopt.pl new file mode 100644 index 0000000..e1af541 --- /dev/null +++ b/doc/misc/rst-zoneopt.pl @@ -0,0 +1,59 @@ +#!/usr/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +use warnings; +use strict; + +if (@ARGV < 1) { + print STDERR <<'END'; +usage: + perl rst-zoneopt.pl zoneopt_file +END + exit 1; +} + +my $FILE = shift; + +open (FH, "<", $FILE) or die "Can't open $FILE"; + +print <<END; +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + +END + +while (<FH>) { + if (m{// not.*implemented} || m{// obsolete} || + m{// ancient} || m{// test.*only}) + { + next; + } + + s{ // not configured}{}; + s{ // may occur multiple times}{}; + s{[[]}{[}g; + s{[]]}{]}g; + s{ }{\t}g; + + print " " . $_; +} diff --git a/doc/misc/server.grammar.rst b/doc/misc/server.grammar.rst new file mode 100644 index 0000000..526636e --- /dev/null +++ b/doc/misc/server.grammar.rst @@ -0,0 +1,45 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + server <netprefix> { + bogus <boolean>; + edns <boolean>; + edns-udp-size <integer>; + edns-version <integer>; + keys <server_key>; + max-udp-size <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] + [ dscp <integer> ]; + padding <integer>; + provide-ixfr <boolean>; + query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( + <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] + port ( <integer> | * ) ) ) [ dscp <integer> ]; + request-expire <boolean>; + request-ixfr <boolean>; + request-nsid <boolean>; + send-cookie <boolean>; + tcp-keepalive <boolean>; + tcp-only <boolean>; + transfer-format ( many-answers | one-answer ); + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ + dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) + ] [ dscp <integer> ]; + transfers <integer>; + }; diff --git a/doc/misc/slave.zoneopt b/doc/misc/slave.zoneopt new file mode 100644 index 0000000..c46202d --- /dev/null +++ b/doc/misc/slave.zoneopt @@ -0,0 +1,65 @@ +zone <string> [ <class> ] { + type ( slave | secondary ); + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-names ( fail | warn | ignore ); + database <string>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + inline-signing <boolean>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + key-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-to-soa <boolean>; + parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + request-expire <boolean>; + request-ixfr <boolean>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; diff --git a/doc/misc/slave.zoneopt.rst b/doc/misc/slave.zoneopt.rst new file mode 100644 index 0000000..468a7f4 --- /dev/null +++ b/doc/misc/slave.zoneopt.rst @@ -0,0 +1,78 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type ( slave | secondary ); + allow-notify { <address_match_element>; ... }; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + allow-transfer { <address_match_element>; ... }; + allow-update-forwarding { <address_match_element>; ... }; + also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + auto-dnssec ( allow | maintain | off ); // deprecated + check-names ( fail | warn | ignore ); + database <string>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + dlz <string>; + dnskey-sig-validity <integer>; + dnssec-dnskey-kskonly <boolean>; + dnssec-loadkeys-interval <integer>; + dnssec-policy <string>; + dnssec-update-mode ( maintain | no-resign ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + inline-signing <boolean>; + ixfr-from-differences <boolean>; + journal <quoted_string>; + key-directory <quoted_string>; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-ixfr-ratio ( unlimited | <percentage> ); + max-journal-size ( default | unlimited | <sizeval> ); + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-idle-out <integer>; + max-transfer-time-in <integer>; + max-transfer-time-out <integer>; + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + notify ( explicit | master-only | primary-only | <boolean> ); + notify-delay <integer>; + notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + notify-to-soa <boolean>; + parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + request-expire <boolean>; + request-ixfr <boolean>; + sig-signing-nodes <integer>; + sig-signing-signatures <integer>; + sig-signing-type <integer>; + sig-validity-interval <integer> [ <integer> ]; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + try-tcp-refresh <boolean>; + update-check-ksk <boolean>; + use-alt-transfer-source <boolean>; + zero-no-soa-ttl <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/sort-options.pl b/doc/misc/sort-options.pl new file mode 100644 index 0000000..f60b0b7 --- /dev/null +++ b/doc/misc/sort-options.pl @@ -0,0 +1,45 @@ +#!/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +sub sortlevel() { + my @options = (); + my $fin = ""; + my $i = 0; + while (<>) { + if (/^\s*};$/ || /^\s*}; \/\/.*$/) { + $fin = $_; + # print 2, $_; + last; + } + next if (/^$/); + if (/{$/) { + # print 3, $_; + my $sec = $_; + push(@options, $sec . sortlevel()); + } else { + push(@options, $_); + # print 1, $_; + } + $i++; + } + my $result = ""; + foreach my $i (sort @options) { + $result = ${result}.${i}; + $result = $result."\n" if ($i =~ /^[a-z]/i); + # print 5, ${i}; + } + $result = ${result}.${fin}; + return ($result); +} + +print sortlevel(); diff --git a/doc/misc/static-stub.zoneopt b/doc/misc/static-stub.zoneopt new file mode 100644 index 0000000..f89d462 --- /dev/null +++ b/doc/misc/static-stub.zoneopt @@ -0,0 +1,11 @@ +zone <string> [ <class> ] { + type static-stub; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + max-records <integer>; + server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; + server-names { <string>; ... }; + zone-statistics ( full | terse | none | <boolean> ); +}; diff --git a/doc/misc/static-stub.zoneopt.rst b/doc/misc/static-stub.zoneopt.rst new file mode 100644 index 0000000..d307586 --- /dev/null +++ b/doc/misc/static-stub.zoneopt.rst @@ -0,0 +1,24 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type static-stub; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + max-records <integer>; + server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; + server-names { <string>; ... }; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/statistics-channels.grammar.rst b/doc/misc/statistics-channels.grammar.rst new file mode 100644 index 0000000..7a4ef27 --- /dev/null +++ b/doc/misc/statistics-channels.grammar.rst @@ -0,0 +1,19 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + statistics-channels { + inet ( <ipv4_address> | <ipv6_address> | + * ) [ port ( <integer> | * ) ] [ + allow { <address_match_element>; ... + } ]; + }; diff --git a/doc/misc/stub.zoneopt b/doc/misc/stub.zoneopt new file mode 100644 index 0000000..2db604d --- /dev/null +++ b/doc/misc/stub.zoneopt @@ -0,0 +1,28 @@ +zone <string> [ <class> ] { + type stub; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + check-names ( fail | warn | ignore ); + database <string>; + delegation-only <boolean>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-time-in <integer>; + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + use-alt-transfer-source <boolean>; + zone-statistics ( full | terse | none | <boolean> ); +}; diff --git a/doc/misc/stub.zoneopt.rst b/doc/misc/stub.zoneopt.rst new file mode 100644 index 0000000..6b5ce2d --- /dev/null +++ b/doc/misc/stub.zoneopt.rst @@ -0,0 +1,41 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + zone <string> [ <class> ] { + type stub; + allow-query { <address_match_element>; ... }; + allow-query-on { <address_match_element>; ... }; + check-names ( fail | warn | ignore ); + database <string>; + delegation-only <boolean>; + dialup ( notify | notify-passive | passive | refresh | <boolean> ); + file <quoted_string>; + forward ( first | only ); + forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + max-records <integer>; + max-refresh-time <integer>; + max-retry-time <integer>; + max-transfer-idle-in <integer>; + max-transfer-time-in <integer>; + min-refresh-time <integer>; + min-retry-time <integer>; + multi-master <boolean>; + primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; + transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; + use-alt-transfer-source <boolean>; + zone-statistics ( full | terse | none | <boolean> ); + }; diff --git a/doc/misc/trust-anchors.grammar.rst b/doc/misc/trust-anchors.grammar.rst new file mode 100644 index 0000000..eabe7c0 --- /dev/null +++ b/doc/misc/trust-anchors.grammar.rst @@ -0,0 +1,17 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + trust-anchors { <string> ( static-key | + initial-key | static-ds | initial-ds ) + <integer> <integer> <integer> + <quoted_string>; ... }; diff --git a/doc/misc/trusted-keys.grammar.rst b/doc/misc/trusted-keys.grammar.rst new file mode 100644 index 0000000..55cfa38 --- /dev/null +++ b/doc/misc/trusted-keys.grammar.rst @@ -0,0 +1,16 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +:: + + trusted-keys { <string> <integer> + <integer> <integer> + <quoted_string>; ... };, deprecated |