1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * 9 ) ] allow { <address_match_element>; ... } [ keys { <string>; 10 ... } ]; 11 unix <quoted_string> perm <integer> owner <integer> group <integer> 12 [ keys { <string>; ... } ]; 13}; 14 15dlz <string> { 16 database <string>; 17 search <boolean>; 18}; 19 20key <string> { 21 algorithm <string>; 22 secret <string>; 23}; 24 25logging { 26 category <string> { <string>; ... }; 27 channel <string> { 28 file <quoted_string> [ versions ( "unlimited" | <integer> ) 29 ] [ size <size> ]; 30 null; 31 print-category <boolean>; 32 print-severity <boolean>; 33 print-time <boolean>; 34 severity <log_severity>; 35 stderr; 36 syslog <optional_facility>; 37 }; 38}; 39 40lwres { 41 listen-on [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 42 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 43 ndots <integer>; 44 search { <string>; ... }; 45 view <string> <optional_class>; 46}; 47 48managed-keys { <string> <string> <integer> <integer> <integer> 49 <quoted_string>; ... }; 50 51masters <string> [ port <integer> ] [ dscp <integer> ] { ( <masters> | 52 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) 53 [ key <string> ]; ... }; 54 55options { 56 acache-cleaning-interval <integer>; 57 acache-enable <boolean>; 58 additional-from-auth <boolean>; 59 additional-from-cache <boolean>; 60 allow-new-zones <boolean>; 61 allow-notify { <address_match_element>; ... }; 62 allow-query { <address_match_element>; ... }; 63 allow-query-cache { <address_match_element>; ... }; 64 allow-query-cache-on { <address_match_element>; ... }; 65 allow-query-on { <address_match_element>; ... }; 66 allow-recursion { <address_match_element>; ... }; 67 allow-recursion-on { <address_match_element>; ... }; 68 allow-transfer { <address_match_element>; ... }; 69 allow-update { <address_match_element>; ... }; 70 allow-update-forwarding { <address_match_element>; ... }; 71 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 72 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 73 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 74 <integer> ] ) [ key <string> ]; ... }; 75 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 76 ] [ dscp <integer> ]; 77 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 78 * ) ] [ dscp <integer> ]; 79 attach-cache <string>; 80 auth-nxdomain <boolean>; // default changed 81 auto-dnssec ( allow | maintain | off ); 82 automatic-interface-scan <boolean>; 83 avoid-v4-udp-ports { <portrange>; ... }; 84 avoid-v6-udp-ports { <portrange>; ... }; 85 bindkeys-file <quoted_string>; 86 blackhole { <address_match_element>; ... }; 87 cache-file <quoted_string>; 88 check-dup-records ( fail | warn | ignore ); 89 check-integrity <boolean>; 90 check-mx ( fail | warn | ignore ); 91 check-mx-cname ( fail | warn | ignore ); 92 check-names ( master | slave | response ) ( fail | warn | ignore ); 93 check-sibling <boolean>; 94 check-spf ( warn | ignore ); 95 check-srv-cname ( fail | warn | ignore ); 96 check-wildcard <boolean>; 97 cleaning-interval <integer>; 98 clients-per-query <integer>; 99 coresize <size>; 100 datasize <size>; 101 deallocate-on-exit <boolean>; // obsolete 102 deny-answer-addresses { <address_match_element>; ... } [ 103 except-from { <quoted_string>; ... } ]; 104 deny-answer-aliases { <quoted_string>; ... } [ except-from { 105 <quoted_string>; ... } ]; 106 dialup <dialuptype>; 107 directory <quoted_string>; 108 disable-algorithms <string> { <string>; ... }; 109 disable-ds-digests <string> { <string>; ... }; 110 disable-empty-zone <string>; 111 dns64 <netprefix> { 112 break-dnssec <boolean>; 113 clients { <address_match_element>; ... }; 114 exclude { <address_match_element>; ... }; 115 mapped { <address_match_element>; ... }; 116 recursive-only <boolean>; 117 suffix <ipv6_address>; 118 }; 119 dns64-contact <string>; 120 dns64-server <string>; 121 dnssec-accept-expired <boolean>; 122 dnssec-dnskey-kskonly <boolean>; 123 dnssec-enable <boolean>; 124 dnssec-loadkeys-interval <integer>; 125 dnssec-lookaside ( <string> trust-anchor <string> | auto | no ); 126 dnssec-must-be-secure <string> <boolean>; 127 dnssec-secure-to-insecure <boolean>; 128 dnssec-update-mode ( maintain | no-resign ); 129 dnssec-validation ( yes | no | auto ); 130 dscp <integer>; 131 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 132 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 133 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 134 <integer> ] [ dscp <integer> ] ); ... }; 135 dump-file <quoted_string>; 136 edns-udp-size <integer>; 137 empty-contact <string>; 138 empty-server <string>; 139 empty-zones-enable <boolean>; 140 fake-iquery <boolean>; // obsolete 141 fetch-glue <boolean>; // obsolete 142 files <size>; 143 filter-aaaa { <address_match_element>; ... }; // not configured 144 filter-aaaa-on-v4 <filter_aaaa>; // not configured 145 filter-aaaa-on-v6 <filter_aaaa>; // not configured 146 flush-zones-on-shutdown <boolean>; 147 forward ( first | only ); 148 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 149 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 150 geoip-directory ( <quoted_string> | none ); // not configured 151 has-old-clients <boolean>; // obsolete 152 heartbeat-interval <integer>; 153 host-statistics <boolean>; // not implemented 154 host-statistics-max <integer>; // not implemented 155 hostname ( <quoted_string> | none ); 156 inline-signing <boolean>; 157 interface-interval <integer>; 158 ixfr-from-differences <ixfrdiff>; 159 key-directory <quoted_string>; 160 lame-ttl <integer>; 161 listen-on [ port <integer> ] [ dscp <integer> ] { 162 <address_match_element>; ... }; 163 listen-on-v6 [ port <integer> ] [ dscp <integer> ] { 164 <address_match_element>; ... }; 165 maintain-ixfr-base <boolean>; // obsolete 166 managed-keys-directory <quoted_string>; 167 masterfile-format ( text | raw | map ); 168 match-mapped-addresses <boolean>; 169 max-acache-size <size_no_default>; 170 max-cache-size <size_no_default>; 171 max-cache-ttl <integer>; 172 max-clients-per-query <integer>; 173 max-ixfr-log-size <size>; // obsolete 174 max-journal-size <size_no_default>; 175 max-ncache-ttl <integer>; 176 max-recursion-depth <integer>; 177 max-recursion-queries <integer>; 178 max-refresh-time <integer>; 179 max-retry-time <integer>; 180 max-rsa-exponent-size <integer>; 181 max-transfer-idle-in <integer>; 182 max-transfer-idle-out <integer>; 183 max-transfer-time-in <integer>; 184 max-transfer-time-out <integer>; 185 max-udp-size <integer>; 186 max-zone-ttl <maxttl_no_default>; 187 memstatistics <boolean>; 188 memstatistics-file <quoted_string>; 189 min-refresh-time <integer>; 190 min-retry-time <integer>; 191 min-roots <integer>; // not implemented 192 minimal-responses <boolean>; 193 multi-master <boolean>; 194 multiple-cnames <boolean>; // obsolete 195 named-xfer <quoted_string>; // obsolete 196 no-case-compress { <address_match_element>; ... }; 197 nosit-udp-size <integer>; // not configured 198 notify <notifytype>; 199 notify-delay <integer>; 200 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 201 dscp <integer> ]; 202 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 203 [ dscp <integer> ]; 204 notify-to-soa <boolean>; 205 nsec3-test-zone <boolean>; // test only 206 pid-file ( <quoted_string> | none ); 207 port <integer>; 208 preferred-glue <string>; 209 prefetch <integer> [ <integer> ]; 210 provide-ixfr <boolean>; 211 query-source <querysource4>; 212 query-source-v6 <querysource6>; 213 querylog <boolean>; 214 queryport-pool-ports <integer>; // obsolete 215 queryport-pool-updateinterval <integer>; // obsolete 216 random-device <quoted_string>; 217 rate-limit { 218 all-per-second <integer>; 219 errors-per-second <integer>; 220 exempt-clients { <address_match_element>; ... }; 221 ipv4-prefix-length <integer>; 222 ipv6-prefix-length <integer>; 223 log-only <boolean>; 224 max-table-size <integer>; 225 min-table-size <integer>; 226 nodata-per-second <integer>; 227 nxdomains-per-second <integer>; 228 qps-scale <integer>; 229 referrals-per-second <integer>; 230 responses-per-second <integer>; 231 slip <integer>; 232 window <integer>; 233 }; 234 recursing-file <quoted_string>; 235 recursion <boolean>; 236 recursive-clients <integer>; 237 request-ixfr <boolean>; 238 request-nsid <boolean>; 239 request-sit <boolean>; // not configured 240 reserved-sockets <integer>; 241 resolver-query-timeout <integer>; 242 response-policy { zone <quoted_string> [ policy ( given | disabled 243 | passthru | no-op | drop | tcp-only | nxdomain | nodata | 244 cname <quoted_string> ) ] [ recursive-only <boolean> ] [ 245 max-policy-ttl <integer> ]; ... } [ recursive-only <boolean> ] 246 [ break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [ 247 min-ns-dots <integer> ] [ qname-wait-recurse <boolean> ]; 248 rfc2308-type1 <boolean>; // not yet implemented 249 root-delegation-only [ exclude { <quoted_string>; ... } ]; 250 rrset-order { [ class <string> ] [ type <string> ] [ name 251 <quoted_string> ] <string> <string>; ... }; 252 secroots-file <quoted_string>; 253 serial-queries <integer>; // obsolete 254 serial-query-rate <integer>; 255 serial-update-method ( increment | unixtime ); 256 server-id ( <quoted_string> | none | hostname ); 257 session-keyalg <string>; 258 session-keyfile ( <quoted_string> | none ); 259 session-keyname <string>; 260 sig-signing-nodes <integer>; 261 sig-signing-signatures <integer>; 262 sig-signing-type <integer>; 263 sig-validity-interval <integer> [ <integer> ]; 264 sit-secret <string>; // not configured 265 sortlist { <address_match_element>; ... }; 266 stacksize <size>; 267 statistics-file <quoted_string>; 268 statistics-interval <integer>; // not yet implemented 269 suppress-initial-notify <boolean>; // not yet implemented 270 tcp-clients <integer>; 271 tcp-listen-queue <integer>; 272 tkey-dhkey <quoted_string> <integer>; 273 tkey-domain <quoted_string>; 274 tkey-gssapi-credential <quoted_string>; 275 tkey-gssapi-keytab <quoted_string>; 276 topology { <address_match_element>; ... }; // not implemented 277 transfer-format ( many-answers | one-answer ); 278 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 279 dscp <integer> ]; 280 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 281 ] [ dscp <integer> ]; 282 transfers-in <integer>; 283 transfers-out <integer>; 284 transfers-per-ns <integer>; 285 treat-cr-as-space <boolean>; // obsolete 286 try-tcp-refresh <boolean>; 287 update-check-ksk <boolean>; 288 use-alt-transfer-source <boolean>; 289 use-id-pool <boolean>; // obsolete 290 use-ixfr <boolean>; 291 use-queryport-pool <boolean>; // obsolete 292 use-v4-udp-ports { <portrange>; ... }; 293 use-v6-udp-ports { <portrange>; ... }; 294 version ( <quoted_string> | none ); 295 zero-no-soa-ttl <boolean>; 296 zero-no-soa-ttl-cache <boolean>; 297 zone-statistics <zonestat>; 298}; 299 300server <netprefix> { 301 bogus <boolean>; 302 edns <boolean>; 303 edns-udp-size <integer>; 304 keys <server_key>; 305 max-udp-size <integer>; 306 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 307 dscp <integer> ]; 308 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 309 [ dscp <integer> ]; 310 provide-ixfr <boolean>; 311 query-source <querysource4>; 312 query-source-v6 <querysource6>; 313 request-ixfr <boolean>; 314 request-nsid <boolean>; 315 request-sit <boolean>; // not configured 316 support-ixfr <boolean>; // obsolete 317 transfer-format ( many-answers | one-answer ); 318 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 319 dscp <integer> ]; 320 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 321 ] [ dscp <integer> ]; 322 transfers <integer>; 323}; 324 325statistics-channels { 326 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * 327 ) ] [ allow { <address_match_element>; ... } ]; 328}; 329 330trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; 331 332view <string> <optional_class> { 333 acache-cleaning-interval <integer>; 334 acache-enable <boolean>; 335 additional-from-auth <boolean>; 336 additional-from-cache <boolean>; 337 allow-new-zones <boolean>; 338 allow-notify { <address_match_element>; ... }; 339 allow-query { <address_match_element>; ... }; 340 allow-query-cache { <address_match_element>; ... }; 341 allow-query-cache-on { <address_match_element>; ... }; 342 allow-query-on { <address_match_element>; ... }; 343 allow-recursion { <address_match_element>; ... }; 344 allow-recursion-on { <address_match_element>; ... }; 345 allow-transfer { <address_match_element>; ... }; 346 allow-update { <address_match_element>; ... }; 347 allow-update-forwarding { <address_match_element>; ... }; 348 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 349 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 350 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 351 <integer> ] ) [ key <string> ]; ... }; 352 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 353 ] [ dscp <integer> ]; 354 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 355 * ) ] [ dscp <integer> ]; 356 attach-cache <string>; 357 auth-nxdomain <boolean>; // default changed 358 auto-dnssec ( allow | maintain | off ); 359 cache-file <quoted_string>; 360 check-dup-records ( fail | warn | ignore ); 361 check-integrity <boolean>; 362 check-mx ( fail | warn | ignore ); 363 check-mx-cname ( fail | warn | ignore ); 364 check-names ( master | slave | response ) ( fail | warn | ignore ); 365 check-sibling <boolean>; 366 check-spf ( warn | ignore ); 367 check-srv-cname ( fail | warn | ignore ); 368 check-wildcard <boolean>; 369 cleaning-interval <integer>; 370 clients-per-query <integer>; 371 deny-answer-addresses { <address_match_element>; ... } [ 372 except-from { <quoted_string>; ... } ]; 373 deny-answer-aliases { <quoted_string>; ... } [ except-from { 374 <quoted_string>; ... } ]; 375 dialup <dialuptype>; 376 disable-algorithms <string> { <string>; ... }; 377 disable-ds-digests <string> { <string>; ... }; 378 disable-empty-zone <string>; 379 dlz <string> { 380 database <string>; 381 search <boolean>; 382 }; 383 dns64 <netprefix> { 384 break-dnssec <boolean>; 385 clients { <address_match_element>; ... }; 386 exclude { <address_match_element>; ... }; 387 mapped { <address_match_element>; ... }; 388 recursive-only <boolean>; 389 suffix <ipv6_address>; 390 }; 391 dns64-contact <string>; 392 dns64-server <string>; 393 dnssec-accept-expired <boolean>; 394 dnssec-dnskey-kskonly <boolean>; 395 dnssec-enable <boolean>; 396 dnssec-loadkeys-interval <integer>; 397 dnssec-lookaside ( <string> trust-anchor <string> | auto | no ); 398 dnssec-must-be-secure <string> <boolean>; 399 dnssec-secure-to-insecure <boolean>; 400 dnssec-update-mode ( maintain | no-resign ); 401 dnssec-validation ( yes | no | auto ); 402 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 403 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 404 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 405 <integer> ] [ dscp <integer> ] ); ... }; 406 edns-udp-size <integer>; 407 empty-contact <string>; 408 empty-server <string>; 409 empty-zones-enable <boolean>; 410 fetch-glue <boolean>; // obsolete 411 filter-aaaa { <address_match_element>; ... }; // not configured 412 filter-aaaa-on-v4 <filter_aaaa>; // not configured 413 filter-aaaa-on-v6 <filter_aaaa>; // not configured 414 forward ( first | only ); 415 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 416 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 417 inline-signing <boolean>; 418 ixfr-from-differences <ixfrdiff>; 419 key <string> { 420 algorithm <string>; 421 secret <string>; 422 }; 423 key-directory <quoted_string>; 424 lame-ttl <integer>; 425 maintain-ixfr-base <boolean>; // obsolete 426 managed-keys { <string> <string> <integer> <integer> <integer> 427 <quoted_string>; ... }; 428 masterfile-format ( text | raw | map ); 429 match-clients { <address_match_element>; ... }; 430 match-destinations { <address_match_element>; ... }; 431 match-recursive-only <boolean>; 432 max-acache-size <size_no_default>; 433 max-cache-size <size_no_default>; 434 max-cache-ttl <integer>; 435 max-clients-per-query <integer>; 436 max-ixfr-log-size <size>; // obsolete 437 max-journal-size <size_no_default>; 438 max-ncache-ttl <integer>; 439 max-recursion-depth <integer>; 440 max-recursion-queries <integer>; 441 max-refresh-time <integer>; 442 max-retry-time <integer>; 443 max-transfer-idle-in <integer>; 444 max-transfer-idle-out <integer>; 445 max-transfer-time-in <integer>; 446 max-transfer-time-out <integer>; 447 max-udp-size <integer>; 448 max-zone-ttl <maxttl_no_default>; 449 min-refresh-time <integer>; 450 min-retry-time <integer>; 451 min-roots <integer>; // not implemented 452 minimal-responses <boolean>; 453 multi-master <boolean>; 454 no-case-compress { <address_match_element>; ... }; 455 nosit-udp-size <integer>; // not configured 456 notify <notifytype>; 457 notify-delay <integer>; 458 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 459 dscp <integer> ]; 460 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 461 [ dscp <integer> ]; 462 notify-to-soa <boolean>; 463 nsec3-test-zone <boolean>; // test only 464 preferred-glue <string>; 465 prefetch <integer> [ <integer> ]; 466 provide-ixfr <boolean>; 467 query-source <querysource4>; 468 query-source-v6 <querysource6>; 469 queryport-pool-ports <integer>; // obsolete 470 queryport-pool-updateinterval <integer>; // obsolete 471 rate-limit { 472 all-per-second <integer>; 473 errors-per-second <integer>; 474 exempt-clients { <address_match_element>; ... }; 475 ipv4-prefix-length <integer>; 476 ipv6-prefix-length <integer>; 477 log-only <boolean>; 478 max-table-size <integer>; 479 min-table-size <integer>; 480 nodata-per-second <integer>; 481 nxdomains-per-second <integer>; 482 qps-scale <integer>; 483 referrals-per-second <integer>; 484 responses-per-second <integer>; 485 slip <integer>; 486 window <integer>; 487 }; 488 recursion <boolean>; 489 request-ixfr <boolean>; 490 request-nsid <boolean>; 491 request-sit <boolean>; // not configured 492 resolver-query-timeout <integer>; 493 response-policy { zone <quoted_string> [ policy ( given | disabled 494 | passthru | no-op | drop | tcp-only | nxdomain | nodata | 495 cname <quoted_string> ) ] [ recursive-only <boolean> ] [ 496 max-policy-ttl <integer> ]; ... } [ recursive-only <boolean> ] 497 [ break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [ 498 min-ns-dots <integer> ] [ qname-wait-recurse <boolean> ]; 499 rfc2308-type1 <boolean>; // not yet implemented 500 root-delegation-only [ exclude { <quoted_string>; ... } ]; 501 rrset-order { [ class <string> ] [ type <string> ] [ name 502 <quoted_string> ] <string> <string>; ... }; 503 serial-update-method ( increment | unixtime ); 504 server <netprefix> { 505 bogus <boolean>; 506 edns <boolean>; 507 edns-udp-size <integer>; 508 keys <server_key>; 509 max-udp-size <integer>; 510 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 511 ) ] [ dscp <integer> ]; 512 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 513 | * ) ] [ dscp <integer> ]; 514 provide-ixfr <boolean>; 515 query-source <querysource4>; 516 query-source-v6 <querysource6>; 517 request-ixfr <boolean>; 518 request-nsid <boolean>; 519 request-sit <boolean>; // not configured 520 support-ixfr <boolean>; // obsolete 521 transfer-format ( many-answers | one-answer ); 522 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 523 * ) ] [ dscp <integer> ]; 524 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 525 <integer> | * ) ] [ dscp <integer> ]; 526 transfers <integer>; 527 }; 528 sig-signing-nodes <integer>; 529 sig-signing-signatures <integer>; 530 sig-signing-type <integer>; 531 sig-validity-interval <integer> [ <integer> ]; 532 sortlist { <address_match_element>; ... }; 533 suppress-initial-notify <boolean>; // not yet implemented 534 topology { <address_match_element>; ... }; // not implemented 535 transfer-format ( many-answers | one-answer ); 536 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 537 dscp <integer> ]; 538 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 539 ] [ dscp <integer> ]; 540 trusted-keys { <string> <integer> <integer> <integer> 541 <quoted_string>; ... }; 542 try-tcp-refresh <boolean>; 543 update-check-ksk <boolean>; 544 use-alt-transfer-source <boolean>; 545 use-queryport-pool <boolean>; // obsolete 546 zero-no-soa-ttl <boolean>; 547 zero-no-soa-ttl-cache <boolean>; 548 zone <string> <optional_class> { 549 allow-notify { <address_match_element>; ... }; 550 allow-query { <address_match_element>; ... }; 551 allow-query-on { <address_match_element>; ... }; 552 allow-transfer { <address_match_element>; ... }; 553 allow-update { <address_match_element>; ... }; 554 allow-update-forwarding { <address_match_element>; ... }; 555 also-notify [ port <integer> ] [ dscp <integer> ] { ( 556 <masters> | <ipv4_address> [ port <integer> ] | 557 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 558 ... }; 559 alt-transfer-source ( <ipv4_address> | * ) [ port ( 560 <integer> | * ) ] [ dscp <integer> ]; 561 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 562 <integer> | * ) ] [ dscp <integer> ]; 563 auto-dnssec ( allow | maintain | off ); 564 check-dup-records ( fail | warn | ignore ); 565 check-integrity <boolean>; 566 check-mx ( fail | warn | ignore ); 567 check-mx-cname ( fail | warn | ignore ); 568 check-names ( fail | warn | ignore ); 569 check-sibling <boolean>; 570 check-spf ( warn | ignore ); 571 check-srv-cname ( fail | warn | ignore ); 572 check-wildcard <boolean>; 573 database <string>; 574 delegation-only <boolean>; 575 dialup <dialuptype>; 576 dlz <string>; 577 dnssec-dnskey-kskonly <boolean>; 578 dnssec-loadkeys-interval <integer>; 579 dnssec-secure-to-insecure <boolean>; 580 dnssec-update-mode ( maintain | no-resign ); 581 file <quoted_string>; 582 forward ( first | only ); 583 forwarders [ port <integer> ] [ dscp <integer> ] { ( 584 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 585 dscp <integer> ]; ... }; 586 in-view <string>; 587 inline-signing <boolean>; 588 ixfr-base <quoted_string>; // obsolete 589 ixfr-from-differences <boolean>; 590 ixfr-tmp-file <quoted_string>; // obsolete 591 journal <quoted_string>; 592 key-directory <quoted_string>; 593 maintain-ixfr-base <boolean>; // obsolete 594 masterfile-format ( text | raw | map ); 595 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 596 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 597 port <integer> ] ) [ key <string> ]; ... }; 598 max-ixfr-log-size <size>; // obsolete 599 max-journal-size <size_no_default>; 600 max-refresh-time <integer>; 601 max-retry-time <integer>; 602 max-transfer-idle-in <integer>; 603 max-transfer-idle-out <integer>; 604 max-transfer-time-in <integer>; 605 max-transfer-time-out <integer>; 606 max-zone-ttl <maxttl_no_default>; 607 min-refresh-time <integer>; 608 min-retry-time <integer>; 609 multi-master <boolean>; 610 notify <notifytype>; 611 notify-delay <integer>; 612 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 613 ) ] [ dscp <integer> ]; 614 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 615 | * ) ] [ dscp <integer> ]; 616 notify-to-soa <boolean>; 617 nsec3-test-zone <boolean>; // test only 618 pubkey <integer> <integer> <integer> 619 <quoted_string>; // obsolete 620 request-ixfr <boolean>; 621 serial-update-method ( increment | unixtime ); 622 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ 623 port <integer> ]; ... }; 624 server-names { <quoted_string>; ... }; 625 sig-signing-nodes <integer>; 626 sig-signing-signatures <integer>; 627 sig-signing-type <integer>; 628 sig-validity-interval <integer> [ <integer> ]; 629 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 630 * ) ] [ dscp <integer> ]; 631 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 632 <integer> | * ) ] [ dscp <integer> ]; 633 try-tcp-refresh <boolean>; 634 type ( master | slave | stub | static-stub | hint | forward 635 | delegation-only | redirect ); 636 update-check-ksk <boolean>; 637 update-policy ( local | { ( grant | deny ) <string> ( name 638 | subdomain | wildcard | self | selfsub | selfwild | 639 krb5-self | ms-self | krb5-subdomain | ms-subdomain | 640 tcp-self | 6to4-self | zonesub | external ) [ <string> 641 ] <rrtypelist>; ... }; 642 use-alt-transfer-source <boolean>; 643 zero-no-soa-ttl <boolean>; 644 zone-statistics <zonestat>; 645 }; 646 zone-statistics <zonestat>; 647}; 648 649zone <string> <optional_class> { 650 allow-notify { <address_match_element>; ... }; 651 allow-query { <address_match_element>; ... }; 652 allow-query-on { <address_match_element>; ... }; 653 allow-transfer { <address_match_element>; ... }; 654 allow-update { <address_match_element>; ... }; 655 allow-update-forwarding { <address_match_element>; ... }; 656 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 657 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 658 <integer> ] ) [ key <string> ]; ... }; 659 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 660 ] [ dscp <integer> ]; 661 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 662 * ) ] [ dscp <integer> ]; 663 auto-dnssec ( allow | maintain | off ); 664 check-dup-records ( fail | warn | ignore ); 665 check-integrity <boolean>; 666 check-mx ( fail | warn | ignore ); 667 check-mx-cname ( fail | warn | ignore ); 668 check-names ( fail | warn | ignore ); 669 check-sibling <boolean>; 670 check-spf ( warn | ignore ); 671 check-srv-cname ( fail | warn | ignore ); 672 check-wildcard <boolean>; 673 database <string>; 674 delegation-only <boolean>; 675 dialup <dialuptype>; 676 dlz <string>; 677 dnssec-dnskey-kskonly <boolean>; 678 dnssec-loadkeys-interval <integer>; 679 dnssec-secure-to-insecure <boolean>; 680 dnssec-update-mode ( maintain | no-resign ); 681 file <quoted_string>; 682 forward ( first | only ); 683 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 684 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 685 in-view <string>; 686 inline-signing <boolean>; 687 ixfr-base <quoted_string>; // obsolete 688 ixfr-from-differences <boolean>; 689 ixfr-tmp-file <quoted_string>; // obsolete 690 journal <quoted_string>; 691 key-directory <quoted_string>; 692 maintain-ixfr-base <boolean>; // obsolete 693 masterfile-format ( text | raw | map ); 694 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 695 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 696 <integer> ] ) [ key <string> ]; ... }; 697 max-ixfr-log-size <size>; // obsolete 698 max-journal-size <size_no_default>; 699 max-refresh-time <integer>; 700 max-retry-time <integer>; 701 max-transfer-idle-in <integer>; 702 max-transfer-idle-out <integer>; 703 max-transfer-time-in <integer>; 704 max-transfer-time-out <integer>; 705 max-zone-ttl <maxttl_no_default>; 706 min-refresh-time <integer>; 707 min-retry-time <integer>; 708 multi-master <boolean>; 709 notify <notifytype>; 710 notify-delay <integer>; 711 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 712 dscp <integer> ]; 713 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 714 [ dscp <integer> ]; 715 notify-to-soa <boolean>; 716 nsec3-test-zone <boolean>; // test only 717 pubkey <integer> <integer> <integer> <quoted_string>; // obsolete 718 request-ixfr <boolean>; 719 serial-update-method ( increment | unixtime ); 720 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port 721 <integer> ]; ... }; 722 server-names { <quoted_string>; ... }; 723 sig-signing-nodes <integer>; 724 sig-signing-signatures <integer>; 725 sig-signing-type <integer>; 726 sig-validity-interval <integer> [ <integer> ]; 727 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 728 dscp <integer> ]; 729 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 730 ] [ dscp <integer> ]; 731 try-tcp-refresh <boolean>; 732 type ( master | slave | stub | static-stub | hint | forward | 733 delegation-only | redirect ); 734 update-check-ksk <boolean>; 735 update-policy ( local | { ( grant | deny ) <string> ( name | 736 subdomain | wildcard | self | selfsub | selfwild | krb5-self | 737 ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self 738 | zonesub | external ) [ <string> ] <rrtypelist>; ... }; 739 use-alt-transfer-source <boolean>; 740 zero-no-soa-ttl <boolean>; 741 zone-statistics <zonestat>; 742}; 743 744