summaryrefslogtreecommitdiffstats
path: root/doc/man/named.conf.5in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/named.conf.5in')
-rw-r--r--doc/man/named.conf.5in1012
1 files changed, 1012 insertions, 0 deletions
diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in
new file mode 100644
index 0000000..c5619dc
--- /dev/null
+++ b/doc/man/named.conf.5in
@@ -0,0 +1,1012 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "NAMED.CONF" "5" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
+.SH NAME
+named.conf \- configuration file for **named**
+.SH SYNOPSIS
+.sp
+\fBnamed.conf\fP
+.SH DESCRIPTION
+.sp
+\fBnamed.conf\fP is the configuration file for \fI\%named\fP\&.
+.sp
+For complete documentation about the configuration statements, please refer to
+the Configuration Reference section in the BIND 9 Administrator Reference
+Manual.
+.sp
+Statements are enclosed in braces and terminated with a semi\-colon.
+Clauses in the statements are also semi\-colon terminated. The usual
+comment styles are supported:
+.sp
+C style: /* */
+.sp
+C++ style: // to end of line
+.sp
+Unix style: # to end of line
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+acl <string> { <address_match_element>; ... }; // may occur multiple times
+
+controls {
+ inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read\-only <boolean> ]; // may occur multiple times
+ unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read\-only <boolean> ]; // may occur multiple times
+}; // may occur multiple times
+
+dlz <string> {
+ database <string>;
+ search <boolean>;
+}; // may occur multiple times
+
+dnssec\-policy <string> {
+ dnskey\-ttl <duration>;
+ keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
+ max\-zone\-ttl <duration>;
+ nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt\-length <integer> ];
+ parent\-ds\-ttl <duration>;
+ parent\-propagation\-delay <duration>;
+ parent\-registration\-delay <duration>; // obsolete
+ publish\-safety <duration>;
+ purge\-keys <duration>;
+ retire\-safety <duration>;
+ signatures\-refresh <duration>;
+ signatures\-validity <duration>;
+ signatures\-validity\-dnskey <duration>;
+ zone\-propagation\-delay <duration>;
+}; // may occur multiple times
+
+dyndb <string> <quoted_string> { <unspecified\-text> }; // may occur multiple times
+
+http <string> {
+ endpoints { <quoted_string>; ... };
+ listener\-clients <integer>;
+ streams\-per\-connection <integer>;
+}; // may occur multiple times
+
+key <string> {
+ algorithm <string>;
+ secret <string>;
+}; // may occur multiple times
+
+logging {
+ category <string> { <string>; ... }; // may occur multiple times
+ channel <string> {
+ buffered <boolean>;
+ file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
+ null;
+ print\-category <boolean>;
+ print\-severity <boolean>;
+ print\-time ( iso8601 | iso8601\-utc | local | <boolean> );
+ severity <log_severity>;
+ stderr;
+ syslog [ <syslog_facility> ];
+ }; // may occur multiple times
+};
+
+managed\-keys { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+
+options {
+ allow\-new\-zones <boolean>;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-cache { <address_match_element>; ... };
+ allow\-query\-cache\-on { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-recursion { <address_match_element>; ... };
+ allow\-recursion\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) ; // deprecated
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) ; // deprecated
+ answer\-cookie <boolean>;
+ attach\-cache <string>;
+ auth\-nxdomain <boolean>;
+ auto\-dnssec ( allow | maintain | off ); // deprecated
+ automatic\-interface\-scan <boolean>;
+ avoid\-v4\-udp\-ports { <portrange>; ... }; // deprecated
+ avoid\-v6\-udp\-ports { <portrange>; ... }; // deprecated
+ bindkeys\-file <quoted_string>;
+ blackhole { <address_match_element>; ... };
+ catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity <boolean>;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+ check\-sibling <boolean>;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard <boolean>;
+ clients\-per\-query <integer>;
+ cookie\-algorithm ( aes | siphash24 );
+ cookie\-secret <string>; // may occur multiple times
+ coresize ( default | unlimited | <sizeval> ); // deprecated
+ datasize ( default | unlimited | <sizeval> ); // deprecated
+ deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
+ deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
+ directory <quoted_string>;
+ disable\-algorithms <string> { <string>; ... }; // may occur multiple times
+ disable\-ds\-digests <string> { <string>; ... }; // may occur multiple times
+ disable\-empty\-zone <string>; // may occur multiple times
+ dns64 <netprefix> {
+ break\-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive\-only <boolean>;
+ suffix <ipv6_address>;
+ }; // may occur multiple times
+ dns64\-contact <string>;
+ dns64\-server <string>;
+ dnskey\-sig\-validity <integer>;
+ dnsrps\-enable <boolean>; // not configured
+ dnsrps\-options { <unspecified\-text> }; // not configured
+ dnssec\-accept\-expired <boolean>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-must\-be\-secure <string> <boolean>; // may occur multiple times, deprecated
+ dnssec\-policy <string>;
+ dnssec\-secure\-to\-insecure <boolean>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
+ dnstap\-identity ( <quoted_string> | none | hostname ); // not configured
+ dnstap\-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
+ dnstap\-version ( <quoted_string> | none ); // not configured
+ dscp <integer>; // obsolete
+ dual\-stack\-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+ dump\-file <quoted_string>;
+ edns\-udp\-size <integer>;
+ empty\-contact <string>;
+ empty\-server <string>;
+ empty\-zones\-enable <boolean>;
+ fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+ fetches\-per\-server <integer> [ ( drop | fail ) ];
+ fetches\-per\-zone <integer> [ ( drop | fail ) ];
+ files ( default | unlimited | <sizeval> ); // deprecated
+ flush\-zones\-on\-shutdown <boolean>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+ fstrm\-set\-buffer\-hint <integer>; // not configured
+ fstrm\-set\-flush\-timeout <integer>; // not configured
+ fstrm\-set\-input\-queue\-size <integer>; // not configured
+ fstrm\-set\-output\-notify\-threshold <integer>; // not configured
+ fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured
+ fstrm\-set\-output\-queue\-size <integer>; // not configured
+ fstrm\-set\-reopen\-interval <duration>; // not configured
+ geoip\-directory ( <quoted_string> | none );
+ glue\-cache <boolean>; // deprecated
+ heartbeat\-interval <integer>; // deprecated
+ hostname ( <quoted_string> | none );
+ http\-listener\-clients <integer>;
+ http\-port <integer>;
+ http\-streams\-per\-connection <integer>;
+ https\-port <integer>;
+ interface\-interval <duration>;
+ ipv4only\-contact <string>;
+ ipv4only\-enable <boolean>;
+ ipv4only\-server <string>;
+ ixfr\-from\-differences ( primary | master | secondary | slave | <boolean> );
+ keep\-response\-order { <address_match_element>; ... };
+ key\-directory <quoted_string>;
+ lame\-ttl <duration>;
+ listen\-on [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+ listen\-on\-v6 [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+ lmdb\-mapsize <sizeval>;
+ lock\-file ( <quoted_string> | none );
+ managed\-keys\-directory <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ match\-mapped\-addresses <boolean>;
+ max\-cache\-size ( default | unlimited | <sizeval> | <percentage> );
+ max\-cache\-ttl <duration>;
+ max\-clients\-per\-query <integer>;
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-ncache\-ttl <duration>;
+ max\-records <integer>;
+ max\-recursion\-depth <integer>;
+ max\-recursion\-queries <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-rsa\-exponent\-size <integer>;
+ max\-stale\-ttl <duration>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ max\-udp\-size <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ memstatistics <boolean>;
+ memstatistics\-file <quoted_string>;
+ message\-compression <boolean>;
+ min\-cache\-ttl <duration>;
+ min\-ncache\-ttl <duration>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ minimal\-any <boolean>;
+ minimal\-responses ( no\-auth | no\-auth\-recursive | <boolean> );
+ multi\-master <boolean>;
+ new\-zones\-directory <quoted_string>;
+ no\-case\-compress { <address_match_element>; ... };
+ nocookie\-udp\-size <integer>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-rate <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ nta\-lifetime <duration>;
+ nta\-recheck <duration>;
+ nxdomain\-redirect <string>;
+ parental\-source ( <ipv4_address> | * ) ;
+ parental\-source\-v6 ( <ipv6_address> | * ) ;
+ pid\-file ( <quoted_string> | none );
+ port <integer>;
+ preferred\-glue <string>;
+ prefetch <integer> [ <integer> ];
+ provide\-ixfr <boolean>;
+ qname\-minimization ( strict | relaxed | disabled | off );
+ query\-source [ address ] ( <ipv4_address> | * );
+ query\-source\-v6 [ address ] ( <ipv6_address> | * );
+ querylog <boolean>;
+ random\-device ( <quoted_string> | none ); // obsolete
+ rate\-limit {
+ all\-per\-second <integer>;
+ errors\-per\-second <integer>;
+ exempt\-clients { <address_match_element>; ... };
+ ipv4\-prefix\-length <integer>;
+ ipv6\-prefix\-length <integer>;
+ log\-only <boolean>;
+ max\-table\-size <integer>;
+ min\-table\-size <integer>;
+ nodata\-per\-second <integer>;
+ nxdomains\-per\-second <integer>;
+ qps\-scale <integer>;
+ referrals\-per\-second <integer>;
+ responses\-per\-second <integer>;
+ slip <integer>;
+ window <integer>;
+ };
+ recursing\-file <quoted_string>;
+ recursion <boolean>;
+ recursive\-clients <integer>;
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ require\-server\-cookie <boolean>;
+ reserved\-sockets <integer>; // deprecated
+ resolver\-nonbackoff\-tries <integer>;
+ resolver\-query\-timeout <integer>;
+ resolver\-retry\-interval <integer>;
+ response\-padding { <address_match_element>; ... } block\-size <integer>;
+ response\-policy { zone <string> [ add\-soa <boolean> ] [ log <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only <quoted_string> ) ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ]; ... } [ add\-soa <boolean> ] [ break\-dnssec <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ min\-ns\-dots <integer> ] [ nsip\-wait\-recurse <boolean> ] [ nsdname\-wait\-recurse <boolean> ] [ qname\-wait\-recurse <boolean> ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ dnsrps\-enable <boolean> ] [ dnsrps\-options { <unspecified\-text> } ];
+ reuseport <boolean>;
+ root\-delegation\-only [ exclude { <string>; ... } ]; // deprecated
+ root\-key\-sentinel <boolean>;
+ rrset\-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+ secroots\-file <quoted_string>;
+ send\-cookie <boolean>;
+ serial\-query\-rate <integer>;
+ serial\-update\-method ( date | increment | unixtime );
+ server\-id ( <quoted_string> | none | hostname );
+ servfail\-ttl <duration>;
+ session\-keyalg <string>;
+ session\-keyfile ( <quoted_string> | none );
+ session\-keyname <string>;
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
+ stacksize ( default | unlimited | <sizeval> ); // deprecated
+ stale\-answer\-client\-timeout ( disabled | off | <integer> );
+ stale\-answer\-enable <boolean>;
+ stale\-answer\-ttl <duration>;
+ stale\-cache\-enable <boolean>;
+ stale\-refresh\-time <duration>;
+ startup\-notify\-rate <integer>;
+ statistics\-file <quoted_string>;
+ suppress\-initial\-notify <boolean>; // obsolete
+ synth\-from\-dnssec <boolean>;
+ tcp\-advertised\-timeout <integer>;
+ tcp\-clients <integer>;
+ tcp\-idle\-timeout <integer>;
+ tcp\-initial\-timeout <integer>;
+ tcp\-keepalive\-timeout <integer>;
+ tcp\-listen\-queue <integer>;
+ tcp\-receive\-buffer <integer>;
+ tcp\-send\-buffer <integer>;
+ tkey\-dhkey <quoted_string> <integer>; // deprecated
+ tkey\-domain <quoted_string>;
+ tkey\-gssapi\-credential <quoted_string>;
+ tkey\-gssapi\-keytab <quoted_string>;
+ tls\-port <integer>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-message\-size <integer>;
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ transfers\-in <integer>;
+ transfers\-out <integer>;
+ transfers\-per\-ns <integer>;
+ trust\-anchor\-telemetry <boolean>; // experimental
+ try\-tcp\-refresh <boolean>;
+ udp\-receive\-buffer <integer>;
+ udp\-send\-buffer <integer>;
+ update\-check\-ksk <boolean>;
+ update\-quota <integer>;
+ use\-alt\-transfer\-source <boolean>; // deprecated
+ use\-v4\-udp\-ports { <portrange>; ... }; // deprecated
+ use\-v6\-udp\-ports { <portrange>; ... }; // deprecated
+ v6\-bias <integer>;
+ validate\-except { <string>; ... };
+ version ( <quoted_string> | none );
+ zero\-no\-soa\-ttl <boolean>;
+ zero\-no\-soa\-ttl\-cache <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+parental\-agents <string> [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
+
+primaries <string> [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns\-udp\-size <integer>;
+ edns\-version <integer>;
+ keys <server_key>;
+ max\-udp\-size <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ padding <integer>;
+ provide\-ixfr <boolean>;
+ query\-source [ address ] ( <ipv4_address> | * );
+ query\-source\-v6 [ address ] ( <ipv6_address> | * );
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ send\-cookie <boolean>;
+ tcp\-keepalive <boolean>;
+ tcp\-only <boolean>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ transfers <integer>;
+}; // may occur multiple times
+
+statistics\-channels {
+ inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
+}; // may occur multiple times
+
+tls <string> {
+ ca\-file <quoted_string>;
+ cert\-file <quoted_string>;
+ ciphers <string>;
+ dhparam\-file <quoted_string>;
+ key\-file <quoted_string>;
+ prefer\-server\-ciphers <boolean>;
+ protocols { <string>; ... };
+ remote\-hostname <quoted_string>;
+ session\-tickets <boolean>;
+}; // may occur multiple times
+
+trust\-anchors { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+
+trusted\-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+
+view <string> [ <class> ] {
+ allow\-new\-zones <boolean>;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-cache { <address_match_element>; ... };
+ allow\-query\-cache\-on { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-recursion { <address_match_element>; ... };
+ allow\-recursion\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) ; // deprecated
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) ; // deprecated
+ attach\-cache <string>;
+ auth\-nxdomain <boolean>;
+ auto\-dnssec ( allow | maintain | off ); // deprecated
+ catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity <boolean>;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+ check\-sibling <boolean>;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard <boolean>;
+ clients\-per\-query <integer>;
+ deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
+ deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
+ disable\-algorithms <string> { <string>; ... }; // may occur multiple times
+ disable\-ds\-digests <string> { <string>; ... }; // may occur multiple times
+ disable\-empty\-zone <string>; // may occur multiple times
+ dlz <string> {
+ database <string>;
+ search <boolean>;
+ }; // may occur multiple times
+ dns64 <netprefix> {
+ break\-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive\-only <boolean>;
+ suffix <ipv6_address>;
+ }; // may occur multiple times
+ dns64\-contact <string>;
+ dns64\-server <string>;
+ dnskey\-sig\-validity <integer>;
+ dnsrps\-enable <boolean>; // not configured
+ dnsrps\-options { <unspecified\-text> }; // not configured
+ dnssec\-accept\-expired <boolean>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-must\-be\-secure <string> <boolean>; // may occur multiple times, deprecated
+ dnssec\-policy <string>;
+ dnssec\-secure\-to\-insecure <boolean>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
+ dual\-stack\-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+ dyndb <string> <quoted_string> { <unspecified\-text> }; // may occur multiple times
+ edns\-udp\-size <integer>;
+ empty\-contact <string>;
+ empty\-server <string>;
+ empty\-zones\-enable <boolean>;
+ fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+ fetches\-per\-server <integer> [ ( drop | fail ) ];
+ fetches\-per\-zone <integer> [ ( drop | fail ) ];
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+ glue\-cache <boolean>; // deprecated
+ ipv4only\-contact <string>;
+ ipv4only\-enable <boolean>;
+ ipv4only\-server <string>;
+ ixfr\-from\-differences ( primary | master | secondary | slave | <boolean> );
+ key <string> {
+ algorithm <string>;
+ secret <string>;
+ }; // may occur multiple times
+ key\-directory <quoted_string>;
+ lame\-ttl <duration>;
+ lmdb\-mapsize <sizeval>;
+ managed\-keys { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ match\-clients { <address_match_element>; ... };
+ match\-destinations { <address_match_element>; ... };
+ match\-recursive\-only <boolean>;
+ max\-cache\-size ( default | unlimited | <sizeval> | <percentage> );
+ max\-cache\-ttl <duration>;
+ max\-clients\-per\-query <integer>;
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-ncache\-ttl <duration>;
+ max\-records <integer>;
+ max\-recursion\-depth <integer>;
+ max\-recursion\-queries <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-stale\-ttl <duration>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ max\-udp\-size <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ message\-compression <boolean>;
+ min\-cache\-ttl <duration>;
+ min\-ncache\-ttl <duration>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ minimal\-any <boolean>;
+ minimal\-responses ( no\-auth | no\-auth\-recursive | <boolean> );
+ multi\-master <boolean>;
+ new\-zones\-directory <quoted_string>;
+ no\-case\-compress { <address_match_element>; ... };
+ nocookie\-udp\-size <integer>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ nta\-lifetime <duration>;
+ nta\-recheck <duration>;
+ nxdomain\-redirect <string>;
+ parental\-source ( <ipv4_address> | * ) ;
+ parental\-source\-v6 ( <ipv6_address> | * ) ;
+ plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
+ preferred\-glue <string>;
+ prefetch <integer> [ <integer> ];
+ provide\-ixfr <boolean>;
+ qname\-minimization ( strict | relaxed | disabled | off );
+ query\-source [ address ] ( <ipv4_address> | * );
+ query\-source\-v6 [ address ] ( <ipv6_address> | * );
+ rate\-limit {
+ all\-per\-second <integer>;
+ errors\-per\-second <integer>;
+ exempt\-clients { <address_match_element>; ... };
+ ipv4\-prefix\-length <integer>;
+ ipv6\-prefix\-length <integer>;
+ log\-only <boolean>;
+ max\-table\-size <integer>;
+ min\-table\-size <integer>;
+ nodata\-per\-second <integer>;
+ nxdomains\-per\-second <integer>;
+ qps\-scale <integer>;
+ referrals\-per\-second <integer>;
+ responses\-per\-second <integer>;
+ slip <integer>;
+ window <integer>;
+ };
+ recursion <boolean>;
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ require\-server\-cookie <boolean>;
+ resolver\-nonbackoff\-tries <integer>;
+ resolver\-query\-timeout <integer>;
+ resolver\-retry\-interval <integer>;
+ response\-padding { <address_match_element>; ... } block\-size <integer>;
+ response\-policy { zone <string> [ add\-soa <boolean> ] [ log <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only <quoted_string> ) ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ]; ... } [ add\-soa <boolean> ] [ break\-dnssec <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ min\-ns\-dots <integer> ] [ nsip\-wait\-recurse <boolean> ] [ nsdname\-wait\-recurse <boolean> ] [ qname\-wait\-recurse <boolean> ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ dnsrps\-enable <boolean> ] [ dnsrps\-options { <unspecified\-text> } ];
+ root\-delegation\-only [ exclude { <string>; ... } ]; // deprecated
+ root\-key\-sentinel <boolean>;
+ rrset\-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+ send\-cookie <boolean>;
+ serial\-update\-method ( date | increment | unixtime );
+ server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns\-udp\-size <integer>;
+ edns\-version <integer>;
+ keys <server_key>;
+ max\-udp\-size <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ padding <integer>;
+ provide\-ixfr <boolean>;
+ query\-source [ address ] ( <ipv4_address> | * );
+ query\-source\-v6 [ address ] ( <ipv6_address> | * );
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ send\-cookie <boolean>;
+ tcp\-keepalive <boolean>;
+ tcp\-only <boolean>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ transfers <integer>;
+ }; // may occur multiple times
+ servfail\-ttl <duration>;
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
+ stale\-answer\-client\-timeout ( disabled | off | <integer> );
+ stale\-answer\-enable <boolean>;
+ stale\-answer\-ttl <duration>;
+ stale\-cache\-enable <boolean>;
+ stale\-refresh\-time <duration>;
+ suppress\-initial\-notify <boolean>; // obsolete
+ synth\-from\-dnssec <boolean>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ trust\-anchor\-telemetry <boolean>; // experimental
+ trust\-anchors { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+ trusted\-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+ try\-tcp\-refresh <boolean>;
+ update\-check\-ksk <boolean>;
+ use\-alt\-transfer\-source <boolean>; // deprecated
+ v6\-bias <integer>;
+ validate\-except { <string>; ... };
+ zero\-no\-soa\-ttl <boolean>;
+ zero\-no\-soa\-ttl\-cache <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Any of these zone statements can also be set inside the view statement.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type primary;
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update { <address_match_element>; ... };
+ also\-notify [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) ; // deprecated
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) ; // deprecated
+ auto\-dnssec ( allow | maintain | off ); // deprecated
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity <boolean>;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( fail | warn | ignore );
+ check\-sibling <boolean>;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard <boolean>;
+ database <string>;
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
+ dlz <string>;
+ dnskey\-sig\-validity <integer>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-policy <string>;
+ dnssec\-secure\-to\-insecure <boolean>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+ inline\-signing <boolean>;
+ ixfr\-from\-differences <boolean>;
+ journal <quoted_string>;
+ key\-directory <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-records <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-out <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ parental\-agents [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ parental\-source ( <ipv4_address> | * ) ;
+ parental\-source\-v6 ( <ipv6_address> | * ) ;
+ serial\-update\-method ( date | increment | unixtime );
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ update\-check\-ksk <boolean>;
+ update\-policy ( local | { ( deny | grant ) <string> ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
+ zero\-no\-soa\-ttl <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type secondary;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) ; // deprecated
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) ; // deprecated
+ auto\-dnssec ( allow | maintain | off ); // deprecated
+ check\-names ( fail | warn | ignore );
+ database <string>;
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
+ dlz <string>;
+ dnskey\-sig\-validity <integer>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-policy <string>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+ inline\-signing <boolean>;
+ ixfr\-from\-differences <boolean>;
+ journal <quoted_string>;
+ key\-directory <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-records <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ multi\-master <boolean>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ parental\-agents [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ parental\-source ( <ipv4_address> | * ) ;
+ parental\-source\-v6 ( <ipv6_address> | * ) ;
+ primaries [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ try\-tcp\-refresh <boolean>;
+ update\-check\-ksk <boolean>;
+ use\-alt\-transfer\-source <boolean>; // deprecated
+ zero\-no\-soa\-ttl <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type mirror;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) ; // deprecated
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) ; // deprecated
+ check\-names ( fail | warn | ignore );
+ database <string>;
+ file <quoted_string>;
+ ixfr\-from\-differences <boolean>;
+ journal <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-records <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ multi\-master <boolean>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) ;
+ notify\-source\-v6 ( <ipv6_address> | * ) ;
+ primaries [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ try\-tcp\-refresh <boolean>;
+ use\-alt\-transfer\-source <boolean>; // deprecated
+ zero\-no\-soa\-ttl <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type forward;
+ delegation\-only <boolean>; // deprecated
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type hint;
+ check\-names ( fail | warn | ignore );
+ delegation\-only <boolean>; // deprecated
+ file <quoted_string>;
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type redirect;
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ dlz <string>;
+ file <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-records <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ primaries [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type static\-stub;
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+ max\-records <integer>;
+ server\-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
+ server\-names { <string>; ... };
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type stub;
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ check\-names ( fail | warn | ignore );
+ database <string>;
+ delegation\-only <boolean>; // deprecated
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> ); // deprecated
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-records <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-time\-in <integer>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ multi\-master <boolean>;
+ primaries [ port <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ transfer\-source ( <ipv4_address> | * ) ;
+ transfer\-source\-v6 ( <ipv6_address> | * ) ;
+ use\-alt\-transfer\-source <boolean>; // deprecated
+ zone\-statistics ( full | terse | none | <boolean> );
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ type delegation\-only;
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+zone <string> [ <class> ] {
+ in\-view <string>;
+};
+
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH FILES
+.sp
+\fB@sysconfdir@/named.conf\fP
+.SH SEE ALSO
+.sp
+\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fI\%tsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-16 21:16:46 +0000