From 3b9b6d0b8e7f798023c9d109c490449d528fde80 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 17:59:48 +0200
Subject: Adding upstream version 1:9.18.19.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 doc/misc/options | 597 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 597 insertions(+)
 create mode 100644 doc/misc/options

(limited to 'doc/misc/options')

diff --git a/doc/misc/options b/doc/misc/options
new file mode 100644
index 0000000..e19261f
--- /dev/null
+++ b/doc/misc/options
@@ -0,0 +1,597 @@
+acl <string> { <address_match_element>; ... }; // may occur multiple times
+
+controls {
+	inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
+	unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
+}; // may occur multiple times
+
+dlz <string> {
+	database <string>;
+	search <boolean>;
+}; // may occur multiple times
+
+dnssec-policy <string> {
+	dnskey-ttl <duration>;
+	keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
+	max-zone-ttl <duration>;
+	nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
+	parent-ds-ttl <duration>;
+	parent-propagation-delay <duration>;
+	parent-registration-delay <duration>; // obsolete
+	publish-safety <duration>;
+	purge-keys <duration>;
+	retire-safety <duration>;
+	signatures-refresh <duration>;
+	signatures-validity <duration>;
+	signatures-validity-dnskey <duration>;
+	zone-propagation-delay <duration>;
+}; // may occur multiple times
+
+dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
+
+http <string> {
+	endpoints { <quoted_string>; ... };
+	listener-clients <integer>;
+	streams-per-connection <integer>;
+}; // may occur multiple times
+
+key <string> {
+	algorithm <string>;
+	secret <string>;
+}; // may occur multiple times
+
+logging {
+	category <string> { <string>; ... }; // may occur multiple times
+	channel <string> {
+		buffered <boolean>;
+		file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
+		null;
+		print-category <boolean>;
+		print-severity <boolean>;
+		print-time ( iso8601 | iso8601-utc | local | <boolean> );
+		severity <log_severity>;
+		stderr;
+		syslog [ <syslog_facility> ];
+	}; // may occur multiple times
+};
+
+managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+
+options {
+	allow-new-zones <boolean>;
+	allow-notify { <address_match_element>; ... };
+	allow-query { <address_match_element>; ... };
+	allow-query-cache { <address_match_element>; ... };
+	allow-query-cache-on { <address_match_element>; ... };
+	allow-query-on { <address_match_element>; ... };
+	allow-recursion { <address_match_element>; ... };
+	allow-recursion-on { <address_match_element>; ... };
+	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+	allow-update { <address_match_element>; ... };
+	allow-update-forwarding { <address_match_element>; ... };
+	also-notify [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
+	alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
+	answer-cookie <boolean>;
+	attach-cache <string>;
+	auth-nxdomain <boolean>;
+	auto-dnssec ( allow | maintain | off ); // deprecated
+	automatic-interface-scan <boolean>;
+	avoid-v4-udp-ports { <portrange>; ... }; // deprecated
+	avoid-v6-udp-ports { <portrange>; ... }; // deprecated
+	bindkeys-file <quoted_string>;
+	blackhole { <address_match_element>; ... };
+	catalog-zones { zone <string> [ default-primaries [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
+	check-dup-records ( fail | warn | ignore );
+	check-integrity <boolean>;
+	check-mx ( fail | warn | ignore );
+	check-mx-cname ( fail | warn | ignore );
+	check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+	check-sibling <boolean>;
+	check-spf ( warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
+	check-wildcard <boolean>;
+	clients-per-query <integer>;
+	cookie-algorithm ( aes | siphash24 );
+	cookie-secret <string>; // may occur multiple times
+	coresize ( default | unlimited | <sizeval> ); // deprecated
+	datasize ( default | unlimited | <sizeval> ); // deprecated
+	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
+	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
+	dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
+	directory <quoted_string>;
+	disable-algorithms <string> { <string>; ... }; // may occur multiple times
+	disable-ds-digests <string> { <string>; ... }; // may occur multiple times
+	disable-empty-zone <string>; // may occur multiple times
+	dns64 <netprefix> {
+		break-dnssec <boolean>;
+		clients { <address_match_element>; ... };
+		exclude { <address_match_element>; ... };
+		mapped { <address_match_element>; ... };
+		recursive-only <boolean>;
+		suffix <ipv6_address>;
+	}; // may occur multiple times
+	dns64-contact <string>;
+	dns64-server <string>;
+	dnskey-sig-validity <integer>;
+	dnsrps-enable <boolean>; // not configured
+	dnsrps-options { <unspecified-text> }; // not configured
+	dnssec-accept-expired <boolean>;
+	dnssec-dnskey-kskonly <boolean>;
+	dnssec-loadkeys-interval <integer>;
+	dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
+	dnssec-policy <string>;
+	dnssec-secure-to-insecure <boolean>;
+	dnssec-update-mode ( maintain | no-resign );
+	dnssec-validation ( yes | no | auto );
+	dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
+	dnstap-identity ( <quoted_string> | none | hostname ); // not configured
+	dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
+	dnstap-version ( <quoted_string> | none ); // not configured
+	dscp <integer>; // obsolete
+	dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+	dump-file <quoted_string>;
+	edns-udp-size <integer>;
+	empty-contact <string>;
+	empty-server <string>;
+	empty-zones-enable <boolean>;
+	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+	fetches-per-server <integer> [ ( drop | fail ) ];
+	fetches-per-zone <integer> [ ( drop | fail ) ];
+	files ( default | unlimited | <sizeval> ); // deprecated
+	flush-zones-on-shutdown <boolean>;
+	forward ( first | only );
+	forwarders [ port <integer> ]  { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+	fstrm-set-buffer-hint <integer>; // not configured
+	fstrm-set-flush-timeout <integer>; // not configured
+	fstrm-set-input-queue-size <integer>; // not configured
+	fstrm-set-output-notify-threshold <integer>; // not configured
+	fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
+	fstrm-set-output-queue-size <integer>; // not configured
+	fstrm-set-reopen-interval <duration>; // not configured
+	geoip-directory ( <quoted_string> | none );
+	glue-cache <boolean>; // deprecated
+	heartbeat-interval <integer>; // deprecated
+	hostname ( <quoted_string> | none );
+	http-listener-clients <integer>;
+	http-port <integer>;
+	http-streams-per-connection <integer>;
+	https-port <integer>;
+	interface-interval <duration>;
+	ipv4only-contact <string>;
+	ipv4only-enable <boolean>;
+	ipv4only-server <string>;
+	ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
+	keep-response-order { <address_match_element>; ... };
+	key-directory <quoted_string>;
+	lame-ttl <duration>;
+	listen-on [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+	listen-on-v6 [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+	lmdb-mapsize <sizeval>;
+	lock-file ( <quoted_string> | none );
+	managed-keys-directory <quoted_string>;
+	masterfile-format ( raw | text );
+	masterfile-style ( full | relative );
+	match-mapped-addresses <boolean>;
+	max-cache-size ( default | unlimited | <sizeval> | <percentage> );
+	max-cache-ttl <duration>;
+	max-clients-per-query <integer>;
+	max-ixfr-ratio ( unlimited | <percentage> );
+	max-journal-size ( default | unlimited | <sizeval> );
+	max-ncache-ttl <duration>;
+	max-records <integer>;
+	max-recursion-depth <integer>;
+	max-recursion-queries <integer>;
+	max-refresh-time <integer>;
+	max-retry-time <integer>;
+	max-rsa-exponent-size <integer>;
+	max-stale-ttl <duration>;
+	max-transfer-idle-in <integer>;
+	max-transfer-idle-out <integer>;
+	max-transfer-time-in <integer>;
+	max-transfer-time-out <integer>;
+	max-udp-size <integer>;
+	max-zone-ttl ( unlimited | <duration> );
+	memstatistics <boolean>;
+	memstatistics-file <quoted_string>;
+	message-compression <boolean>;
+	min-cache-ttl <duration>;
+	min-ncache-ttl <duration>;
+	min-refresh-time <integer>;
+	min-retry-time <integer>;
+	minimal-any <boolean>;
+	minimal-responses ( no-auth | no-auth-recursive | <boolean> );
+	multi-master <boolean>;
+	new-zones-directory <quoted_string>;
+	no-case-compress { <address_match_element>; ... };
+	nocookie-udp-size <integer>;
+	notify ( explicit | master-only | primary-only | <boolean> );
+	notify-delay <integer>;
+	notify-rate <integer>;
+	notify-source ( <ipv4_address> | * ) ;
+	notify-source-v6 ( <ipv6_address> | * ) ;
+	notify-to-soa <boolean>;
+	nsec3-test-zone <boolean>; // test only
+	nta-lifetime <duration>;
+	nta-recheck <duration>;
+	nxdomain-redirect <string>;
+	parental-source ( <ipv4_address> | * ) ;
+	parental-source-v6 ( <ipv6_address> | * ) ;
+	pid-file ( <quoted_string> | none );
+	port <integer>;
+	preferred-glue <string>;
+	prefetch <integer> [ <integer> ];
+	provide-ixfr <boolean>;
+	qname-minimization ( strict | relaxed | disabled | off );
+	query-source [ address ] ( <ipv4_address> | * );
+	query-source-v6 [ address ] ( <ipv6_address> | * );
+	querylog <boolean>;
+	random-device ( <quoted_string> | none ); // obsolete
+	rate-limit {
+		all-per-second <integer>;
+		errors-per-second <integer>;
+		exempt-clients { <address_match_element>; ... };
+		ipv4-prefix-length <integer>;
+		ipv6-prefix-length <integer>;
+		log-only <boolean>;
+		max-table-size <integer>;
+		min-table-size <integer>;
+		nodata-per-second <integer>;
+		nxdomains-per-second <integer>;
+		qps-scale <integer>;
+		referrals-per-second <integer>;
+		responses-per-second <integer>;
+		slip <integer>;
+		window <integer>;
+	};
+	recursing-file <quoted_string>;
+	recursion <boolean>;
+	recursive-clients <integer>;
+	request-expire <boolean>;
+	request-ixfr <boolean>;
+	request-nsid <boolean>;
+	require-server-cookie <boolean>;
+	reserved-sockets <integer>; // deprecated
+	resolver-nonbackoff-tries <integer>;
+	resolver-query-timeout <integer>;
+	resolver-retry-interval <integer>;
+	response-padding { <address_match_element>; ... } block-size <integer>;
+	response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
+	reuseport <boolean>;
+	root-delegation-only [ exclude { <string>; ... } ]; // deprecated
+	root-key-sentinel <boolean>;
+	rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+	secroots-file <quoted_string>;
+	send-cookie <boolean>;
+	serial-query-rate <integer>;
+	serial-update-method ( date | increment | unixtime );
+	server-id ( <quoted_string> | none | hostname );
+	servfail-ttl <duration>;
+	session-keyalg <string>;
+	session-keyfile ( <quoted_string> | none );
+	session-keyname <string>;
+	sig-signing-nodes <integer>;
+	sig-signing-signatures <integer>;
+	sig-signing-type <integer>;
+	sig-validity-interval <integer> [ <integer> ];
+	sortlist { <address_match_element>; ... };
+	stacksize ( default | unlimited | <sizeval> ); // deprecated
+	stale-answer-client-timeout ( disabled | off | <integer> );
+	stale-answer-enable <boolean>;
+	stale-answer-ttl <duration>;
+	stale-cache-enable <boolean>;
+	stale-refresh-time <duration>;
+	startup-notify-rate <integer>;
+	statistics-file <quoted_string>;
+	suppress-initial-notify <boolean>; // obsolete
+	synth-from-dnssec <boolean>;
+	tcp-advertised-timeout <integer>;
+	tcp-clients <integer>;
+	tcp-idle-timeout <integer>;
+	tcp-initial-timeout <integer>;
+	tcp-keepalive-timeout <integer>;
+	tcp-listen-queue <integer>;
+	tcp-receive-buffer <integer>;
+	tcp-send-buffer <integer>;
+	tkey-dhkey <quoted_string> <integer>; // deprecated
+	tkey-domain <quoted_string>;
+	tkey-gssapi-credential <quoted_string>;
+	tkey-gssapi-keytab <quoted_string>;
+	tls-port <integer>;
+	transfer-format ( many-answers | one-answer );
+	transfer-message-size <integer>;
+	transfer-source ( <ipv4_address> | * ) ;
+	transfer-source-v6 ( <ipv6_address> | * ) ;
+	transfers-in <integer>;
+	transfers-out <integer>;
+	transfers-per-ns <integer>;
+	trust-anchor-telemetry <boolean>; // experimental
+	try-tcp-refresh <boolean>;
+	udp-receive-buffer <integer>;
+	udp-send-buffer <integer>;
+	update-check-ksk <boolean>;
+	update-quota <integer>;
+	use-alt-transfer-source <boolean>; // deprecated
+	use-v4-udp-ports { <portrange>; ... }; // deprecated
+	use-v6-udp-ports { <portrange>; ... }; // deprecated
+	v6-bias <integer>;
+	validate-except { <string>; ... };
+	version ( <quoted_string> | none );
+	zero-no-soa-ttl <boolean>;
+	zero-no-soa-ttl-cache <boolean>;
+	zone-statistics ( full | terse | none | <boolean> );
+};
+
+parental-agents <string> [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
+
+primaries <string> [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+server <netprefix> {
+	bogus <boolean>;
+	edns <boolean>;
+	edns-udp-size <integer>;
+	edns-version <integer>;
+	keys <server_key>;
+	max-udp-size <integer>;
+	notify-source ( <ipv4_address> | * ) ;
+	notify-source-v6 ( <ipv6_address> | * ) ;
+	padding <integer>;
+	provide-ixfr <boolean>;
+	query-source [ address ] ( <ipv4_address> | * );
+	query-source-v6 [ address ] ( <ipv6_address> | * );
+	request-expire <boolean>;
+	request-ixfr <boolean>;
+	request-nsid <boolean>;
+	send-cookie <boolean>;
+	tcp-keepalive <boolean>;
+	tcp-only <boolean>;
+	transfer-format ( many-answers | one-answer );
+	transfer-source ( <ipv4_address> | * ) ;
+	transfer-source-v6 ( <ipv6_address> | * ) ;
+	transfers <integer>;
+}; // may occur multiple times
+
+statistics-channels {
+	inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
+}; // may occur multiple times
+
+tls <string> {
+	ca-file <quoted_string>;
+	cert-file <quoted_string>;
+	ciphers <string>;
+	dhparam-file <quoted_string>;
+	key-file <quoted_string>;
+	prefer-server-ciphers <boolean>;
+	protocols { <string>; ... };
+	remote-hostname <quoted_string>;
+	session-tickets <boolean>;
+}; // may occur multiple times
+
+trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+
+trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+
+view <string> [ <class> ] {
+	allow-new-zones <boolean>;
+	allow-notify { <address_match_element>; ... };
+	allow-query { <address_match_element>; ... };
+	allow-query-cache { <address_match_element>; ... };
+	allow-query-cache-on { <address_match_element>; ... };
+	allow-query-on { <address_match_element>; ... };
+	allow-recursion { <address_match_element>; ... };
+	allow-recursion-on { <address_match_element>; ... };
+	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+	allow-update { <address_match_element>; ... };
+	allow-update-forwarding { <address_match_element>; ... };
+	also-notify [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+	alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
+	alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
+	attach-cache <string>;
+	auth-nxdomain <boolean>;
+	auto-dnssec ( allow | maintain | off ); // deprecated
+	catalog-zones { zone <string> [ default-primaries [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
+	check-dup-records ( fail | warn | ignore );
+	check-integrity <boolean>;
+	check-mx ( fail | warn | ignore );
+	check-mx-cname ( fail | warn | ignore );
+	check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+	check-sibling <boolean>;
+	check-spf ( warn | ignore );
+	check-srv-cname ( fail | warn | ignore );
+	check-wildcard <boolean>;
+	clients-per-query <integer>;
+	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
+	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
+	dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
+	disable-algorithms <string> { <string>; ... }; // may occur multiple times
+	disable-ds-digests <string> { <string>; ... }; // may occur multiple times
+	disable-empty-zone <string>; // may occur multiple times
+	dlz <string> {
+		database <string>;
+		search <boolean>;
+	}; // may occur multiple times
+	dns64 <netprefix> {
+		break-dnssec <boolean>;
+		clients { <address_match_element>; ... };
+		exclude { <address_match_element>; ... };
+		mapped { <address_match_element>; ... };
+		recursive-only <boolean>;
+		suffix <ipv6_address>;
+	}; // may occur multiple times
+	dns64-contact <string>;
+	dns64-server <string>;
+	dnskey-sig-validity <integer>;
+	dnsrps-enable <boolean>; // not configured
+	dnsrps-options { <unspecified-text> }; // not configured
+	dnssec-accept-expired <boolean>;
+	dnssec-dnskey-kskonly <boolean>;
+	dnssec-loadkeys-interval <integer>;
+	dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
+	dnssec-policy <string>;
+	dnssec-secure-to-insecure <boolean>;
+	dnssec-update-mode ( maintain | no-resign );
+	dnssec-validation ( yes | no | auto );
+	dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
+	dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+	dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
+	edns-udp-size <integer>;
+	empty-contact <string>;
+	empty-server <string>;
+	empty-zones-enable <boolean>;
+	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+	fetches-per-server <integer> [ ( drop | fail ) ];
+	fetches-per-zone <integer> [ ( drop | fail ) ];
+	forward ( first | only );
+	forwarders [ port <integer> ]  { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
+	glue-cache <boolean>; // deprecated
+	ipv4only-contact <string>;
+	ipv4only-enable <boolean>;
+	ipv4only-server <string>;
+	ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
+	key <string> {
+		algorithm <string>;
+		secret <string>;
+	}; // may occur multiple times
+	key-directory <quoted_string>;
+	lame-ttl <duration>;
+	lmdb-mapsize <sizeval>;
+	managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+	masterfile-format ( raw | text );
+	masterfile-style ( full | relative );
+	match-clients { <address_match_element>; ... };
+	match-destinations { <address_match_element>; ... };
+	match-recursive-only <boolean>;
+	max-cache-size ( default | unlimited | <sizeval> | <percentage> );
+	max-cache-ttl <duration>;
+	max-clients-per-query <integer>;
+	max-ixfr-ratio ( unlimited | <percentage> );
+	max-journal-size ( default | unlimited | <sizeval> );
+	max-ncache-ttl <duration>;
+	max-records <integer>;
+	max-recursion-depth <integer>;
+	max-recursion-queries <integer>;
+	max-refresh-time <integer>;
+	max-retry-time <integer>;
+	max-stale-ttl <duration>;
+	max-transfer-idle-in <integer>;
+	max-transfer-idle-out <integer>;
+	max-transfer-time-in <integer>;
+	max-transfer-time-out <integer>;
+	max-udp-size <integer>;
+	max-zone-ttl ( unlimited | <duration> );
+	message-compression <boolean>;
+	min-cache-ttl <duration>;
+	min-ncache-ttl <duration>;
+	min-refresh-time <integer>;
+	min-retry-time <integer>;
+	minimal-any <boolean>;
+	minimal-responses ( no-auth | no-auth-recursive | <boolean> );
+	multi-master <boolean>;
+	new-zones-directory <quoted_string>;
+	no-case-compress { <address_match_element>; ... };
+	nocookie-udp-size <integer>;
+	notify ( explicit | master-only | primary-only | <boolean> );
+	notify-delay <integer>;
+	notify-source ( <ipv4_address> | * ) ;
+	notify-source-v6 ( <ipv6_address> | * ) ;
+	notify-to-soa <boolean>;
+	nsec3-test-zone <boolean>; // test only
+	nta-lifetime <duration>;
+	nta-recheck <duration>;
+	nxdomain-redirect <string>;
+	parental-source ( <ipv4_address> | * ) ;
+	parental-source-v6 ( <ipv6_address> | * ) ;
+	plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
+	preferred-glue <string>;
+	prefetch <integer> [ <integer> ];
+	provide-ixfr <boolean>;
+	qname-minimization ( strict | relaxed | disabled | off );
+	query-source [ address ] ( <ipv4_address> | * );
+	query-source-v6 [ address ] ( <ipv6_address> | * );
+	rate-limit {
+		all-per-second <integer>;
+		errors-per-second <integer>;
+		exempt-clients { <address_match_element>; ... };
+		ipv4-prefix-length <integer>;
+		ipv6-prefix-length <integer>;
+		log-only <boolean>;
+		max-table-size <integer>;
+		min-table-size <integer>;
+		nodata-per-second <integer>;
+		nxdomains-per-second <integer>;
+		qps-scale <integer>;
+		referrals-per-second <integer>;
+		responses-per-second <integer>;
+		slip <integer>;
+		window <integer>;
+	};
+	recursion <boolean>;
+	request-expire <boolean>;
+	request-ixfr <boolean>;
+	request-nsid <boolean>;
+	require-server-cookie <boolean>;
+	resolver-nonbackoff-tries <integer>;
+	resolver-query-timeout <integer>;
+	resolver-retry-interval <integer>;
+	response-padding { <address_match_element>; ... } block-size <integer>;
+	response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
+	root-delegation-only [ exclude { <string>; ... } ]; // deprecated
+	root-key-sentinel <boolean>;
+	rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+	send-cookie <boolean>;
+	serial-update-method ( date | increment | unixtime );
+	server <netprefix> {
+		bogus <boolean>;
+		edns <boolean>;
+		edns-udp-size <integer>;
+		edns-version <integer>;
+		keys <server_key>;
+		max-udp-size <integer>;
+		notify-source ( <ipv4_address> | * ) ;
+		notify-source-v6 ( <ipv6_address> | * ) ;
+		padding <integer>;
+		provide-ixfr <boolean>;
+		query-source [ address ] ( <ipv4_address> | * );
+		query-source-v6 [ address ] ( <ipv6_address> | * );
+		request-expire <boolean>;
+		request-ixfr <boolean>;
+		request-nsid <boolean>;
+		send-cookie <boolean>;
+		tcp-keepalive <boolean>;
+		tcp-only <boolean>;
+		transfer-format ( many-answers | one-answer );
+		transfer-source ( <ipv4_address> | * ) ;
+		transfer-source-v6 ( <ipv6_address> | * ) ;
+		transfers <integer>;
+	}; // may occur multiple times
+	servfail-ttl <duration>;
+	sig-signing-nodes <integer>;
+	sig-signing-signatures <integer>;
+	sig-signing-type <integer>;
+	sig-validity-interval <integer> [ <integer> ];
+	sortlist { <address_match_element>; ... };
+	stale-answer-client-timeout ( disabled | off | <integer> );
+	stale-answer-enable <boolean>;
+	stale-answer-ttl <duration>;
+	stale-cache-enable <boolean>;
+	stale-refresh-time <duration>;
+	suppress-initial-notify <boolean>; // obsolete
+	synth-from-dnssec <boolean>;
+	transfer-format ( many-answers | one-answer );
+	transfer-source ( <ipv4_address> | * ) ;
+	transfer-source-v6 ( <ipv6_address> | * ) ;
+	trust-anchor-telemetry <boolean>; // experimental
+	trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+	trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+	try-tcp-refresh <boolean>;
+	update-check-ksk <boolean>;
+	use-alt-transfer-source <boolean>; // deprecated
+	v6-bias <integer>;
+	validate-except { <string>; ... };
+	zero-no-soa-ttl <boolean>;
+	zero-no-soa-ttl-cache <boolean>;
+	zone-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+
-- 
cgit v1.2.3