1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12:: 13 14 options { 15 allow-new-zones <boolean>; 16 allow-notify { <address_match_element>; ... }; 17 allow-query { <address_match_element>; ... }; 18 allow-query-cache { <address_match_element>; ... }; 19 allow-query-cache-on { <address_match_element>; ... }; 20 allow-query-on { <address_match_element>; ... }; 21 allow-recursion { <address_match_element>; ... }; 22 allow-recursion-on { <address_match_element>; ... }; 23 allow-transfer { <address_match_element>; ... }; 24 allow-update { <address_match_element>; ... }; 25 allow-update-forwarding { <address_match_element>; ... }; 26 also-notify [ port <integer> ] [ dscp <integer> ] { ( 27 <remote-servers> | <ipv4_address> [ port <integer> ] | 28 <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... }; 29 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 30 ] [ dscp <integer> ]; 31 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 32 * ) ] [ dscp <integer> ]; 33 answer-cookie <boolean>; 34 attach-cache <string>; 35 auth-nxdomain <boolean>; // default changed 36 auto-dnssec ( allow | maintain | off ); 37 automatic-interface-scan <boolean>; 38 avoid-v4-udp-ports { <portrange>; ... }; 39 avoid-v6-udp-ports { <portrange>; ... }; 40 bindkeys-file <quoted_string>; 41 blackhole { <address_match_element>; ... }; 42 cache-file <quoted_string>; // deprecated 43 catalog-zones { zone <string> [ default-masters [ port <integer> ] 44 [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port 45 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 46 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 47 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 48 check-dup-records ( fail | warn | ignore ); 49 check-integrity <boolean>; 50 check-mx ( fail | warn | ignore ); 51 check-mx-cname ( fail | warn | ignore ); 52 check-names ( primary | master | 53 secondary | slave | response ) ( 54 fail | warn | ignore ); 55 check-sibling <boolean>; 56 check-spf ( warn | ignore ); 57 check-srv-cname ( fail | warn | ignore ); 58 check-wildcard <boolean>; 59 clients-per-query <integer>; 60 cookie-algorithm ( aes | siphash24 ); 61 cookie-secret <string>; 62 coresize ( default | unlimited | <sizeval> ); 63 datasize ( default | unlimited | <sizeval> ); 64 deny-answer-addresses { <address_match_element>; ... } [ 65 except-from { <string>; ... } ]; 66 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 67 } ]; 68 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 69 directory <quoted_string>; 70 disable-algorithms <string> { <string>; 71 ... }; 72 disable-ds-digests <string> { <string>; 73 ... }; 74 disable-empty-zone <string>; 75 dns64 <netprefix> { 76 break-dnssec <boolean>; 77 clients { <address_match_element>; ... }; 78 exclude { <address_match_element>; ... }; 79 mapped { <address_match_element>; ... }; 80 recursive-only <boolean>; 81 suffix <ipv6_address>; 82 }; 83 dns64-contact <string>; 84 dns64-server <string>; 85 dnskey-sig-validity <integer>; 86 dnsrps-enable <boolean>; 87 dnsrps-options { <unspecified-text> }; 88 dnssec-accept-expired <boolean>; 89 dnssec-dnskey-kskonly <boolean>; 90 dnssec-loadkeys-interval <integer>; 91 dnssec-must-be-secure <string> <boolean>; 92 dnssec-policy <string>; 93 dnssec-secure-to-insecure <boolean>; 94 dnssec-update-mode ( maintain | no-resign ); 95 dnssec-validation ( yes | no | auto ); 96 dnstap { ( all | auth | client | forwarder | 97 resolver | update ) [ ( query | response ) ]; 98 ... }; 99 dnstap-identity ( <quoted_string> | none | 100 hostname ); 101 dnstap-output ( file | unix ) <quoted_string> [ 102 size ( unlimited | <size> ) ] [ versions ( 103 unlimited | <integer> ) ] [ suffix ( increment 104 | timestamp ) ]; 105 dnstap-version ( <quoted_string> | none ); 106 dscp <integer>; 107 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 108 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 109 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 110 <integer> ] [ dscp <integer> ] ); ... }; 111 dump-file <quoted_string>; 112 edns-udp-size <integer>; 113 empty-contact <string>; 114 empty-server <string>; 115 empty-zones-enable <boolean>; 116 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 117 fetches-per-server <integer> [ ( drop | fail ) ]; 118 fetches-per-zone <integer> [ ( drop | fail ) ]; 119 files ( default | unlimited | <sizeval> ); 120 flush-zones-on-shutdown <boolean>; 121 forward ( first | only ); 122 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 123 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 124 fstrm-set-buffer-hint <integer>; 125 fstrm-set-flush-timeout <integer>; 126 fstrm-set-input-queue-size <integer>; 127 fstrm-set-output-notify-threshold <integer>; 128 fstrm-set-output-queue-model ( mpsc | spsc ); 129 fstrm-set-output-queue-size <integer>; 130 fstrm-set-reopen-interval <duration>; 131 geoip-directory ( <quoted_string> | none ); 132 glue-cache <boolean>; 133 heartbeat-interval <integer>; 134 hostname ( <quoted_string> | none ); 135 interface-interval <duration>; 136 ixfr-from-differences ( primary | master | secondary | slave | 137 <boolean> ); 138 keep-response-order { <address_match_element>; ... }; 139 key-directory <quoted_string>; 140 lame-ttl <duration>; 141 listen-on [ port <integer> ] [ dscp 142 <integer> ] { 143 <address_match_element>; ... }; 144 listen-on-v6 [ port <integer> ] [ dscp 145 <integer> ] { 146 <address_match_element>; ... }; 147 lmdb-mapsize <sizeval>; 148 lock-file ( <quoted_string> | none ); 149 managed-keys-directory <quoted_string>; 150 masterfile-format ( map | raw | text ); 151 masterfile-style ( full | relative ); 152 match-mapped-addresses <boolean>; 153 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 154 max-cache-ttl <duration>; 155 max-clients-per-query <integer>; 156 max-ixfr-ratio ( unlimited | <percentage> ); 157 max-journal-size ( default | unlimited | <sizeval> ); 158 max-ncache-ttl <duration>; 159 max-records <integer>; 160 max-recursion-depth <integer>; 161 max-recursion-queries <integer>; 162 max-refresh-time <integer>; 163 max-retry-time <integer>; 164 max-rsa-exponent-size <integer>; 165 max-stale-ttl <duration>; 166 max-transfer-idle-in <integer>; 167 max-transfer-idle-out <integer>; 168 max-transfer-time-in <integer>; 169 max-transfer-time-out <integer>; 170 max-udp-size <integer>; 171 max-zone-ttl ( unlimited | <duration> ); 172 memstatistics <boolean>; 173 memstatistics-file <quoted_string>; 174 message-compression <boolean>; 175 min-cache-ttl <duration>; 176 min-ncache-ttl <duration>; 177 min-refresh-time <integer>; 178 min-retry-time <integer>; 179 minimal-any <boolean>; 180 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 181 multi-master <boolean>; 182 new-zones-directory <quoted_string>; 183 no-case-compress { <address_match_element>; ... }; 184 nocookie-udp-size <integer>; 185 notify ( explicit | master-only | primary-only | <boolean> ); 186 notify-delay <integer>; 187 notify-rate <integer>; 188 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 189 dscp <integer> ]; 190 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 191 [ dscp <integer> ]; 192 notify-to-soa <boolean>; 193 nta-lifetime <duration>; 194 nta-recheck <duration>; 195 nxdomain-redirect <string>; 196 parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 197 dscp <integer> ]; 198 parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 199 ] [ dscp <integer> ]; 200 pid-file ( <quoted_string> | none ); 201 port <integer>; 202 preferred-glue <string>; 203 prefetch <integer> [ <integer> ]; 204 provide-ixfr <boolean>; 205 qname-minimization ( strict | relaxed | disabled | off ); 206 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 207 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 208 port ( <integer> | * ) ) ) [ dscp <integer> ]; 209 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 210 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 211 port ( <integer> | * ) ) ) [ dscp <integer> ]; 212 querylog <boolean>; 213 random-device ( <quoted_string> | none ); 214 rate-limit { 215 all-per-second <integer>; 216 errors-per-second <integer>; 217 exempt-clients { <address_match_element>; ... }; 218 ipv4-prefix-length <integer>; 219 ipv6-prefix-length <integer>; 220 log-only <boolean>; 221 max-table-size <integer>; 222 min-table-size <integer>; 223 nodata-per-second <integer>; 224 nxdomains-per-second <integer>; 225 qps-scale <integer>; 226 referrals-per-second <integer>; 227 responses-per-second <integer>; 228 slip <integer>; 229 window <integer>; 230 }; 231 recursing-file <quoted_string>; 232 recursion <boolean>; 233 recursive-clients <integer>; 234 request-expire <boolean>; 235 request-ixfr <boolean>; 236 request-nsid <boolean>; 237 require-server-cookie <boolean>; 238 reserved-sockets <integer>; 239 resolver-nonbackoff-tries <integer>; 240 resolver-query-timeout <integer>; 241 resolver-retry-interval <integer>; 242 response-padding { <address_match_element>; ... } block-size 243 <integer>; 244 response-policy { zone <string> [ add-soa <boolean> ] [ log 245 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 246 <duration> ] [ policy ( cname | disabled | drop | given | no-op 247 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 248 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 249 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 250 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 251 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 252 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 253 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 254 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 255 dnsrps-options { <unspecified-text> } ]; 256 root-delegation-only [ exclude { <string>; ... } ]; 257 root-key-sentinel <boolean>; 258 rrset-order { [ class <string> ] [ type <string> ] [ name 259 <quoted_string> ] <string> <string>; ... }; 260 secroots-file <quoted_string>; 261 send-cookie <boolean>; 262 serial-query-rate <integer>; 263 serial-update-method ( date | increment | unixtime ); 264 server-id ( <quoted_string> | none | hostname ); 265 servfail-ttl <duration>; 266 session-keyalg <string>; 267 session-keyfile ( <quoted_string> | none ); 268 session-keyname <string>; 269 sig-signing-nodes <integer>; 270 sig-signing-signatures <integer>; 271 sig-signing-type <integer>; 272 sig-validity-interval <integer> [ <integer> ]; 273 sortlist { <address_match_element>; ... }; 274 stacksize ( default | unlimited | <sizeval> ); 275 stale-answer-client-timeout ( disabled | off | <integer> ); 276 stale-answer-enable <boolean>; 277 stale-answer-ttl <duration>; 278 stale-cache-enable <boolean>; 279 stale-refresh-time <duration>; 280 startup-notify-rate <integer>; 281 statistics-file <quoted_string>; 282 synth-from-dnssec <boolean>; 283 tcp-advertised-timeout <integer>; 284 tcp-clients <integer>; 285 tcp-idle-timeout <integer>; 286 tcp-initial-timeout <integer>; 287 tcp-keepalive-timeout <integer>; 288 tcp-listen-queue <integer>; 289 tkey-dhkey <quoted_string> <integer>; 290 tkey-domain <quoted_string>; 291 tkey-gssapi-credential <quoted_string>; 292 tkey-gssapi-keytab <quoted_string>; 293 transfer-format ( many-answers | one-answer ); 294 transfer-message-size <integer>; 295 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 296 dscp <integer> ]; 297 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 298 ] [ dscp <integer> ]; 299 transfers-in <integer>; 300 transfers-out <integer>; 301 transfers-per-ns <integer>; 302 trust-anchor-telemetry <boolean>; // experimental 303 try-tcp-refresh <boolean>; 304 update-check-ksk <boolean>; 305 use-alt-transfer-source <boolean>; 306 use-v4-udp-ports { <portrange>; ... }; 307 use-v6-udp-ports { <portrange>; ... }; 308 v6-bias <integer>; 309 validate-except { <string>; ... }; 310 version ( <quoted_string> | none ); 311 zero-no-soa-ttl <boolean>; 312 zero-no-soa-ttl-cache <boolean>; 313 zone-statistics ( full | terse | none | <boolean> ); 314 }; 315