1:: 2 3 options { 4 allow-new-zones <boolean>; 5 allow-notify { <address_match_element>; ... }; 6 allow-query { <address_match_element>; ... }; 7 allow-query-cache { <address_match_element>; ... }; 8 allow-query-cache-on { <address_match_element>; ... }; 9 allow-query-on { <address_match_element>; ... }; 10 allow-recursion { <address_match_element>; ... }; 11 allow-recursion-on { <address_match_element>; ... }; 12 allow-transfer { <address_match_element>; ... }; 13 allow-update { <address_match_element>; ... }; 14 allow-update-forwarding { <address_match_element>; ... }; 15 also-notify [ port <integer> ] [ dscp <integer> ] { ( 16 <remote-servers> | <ipv4_address> [ port <integer> ] | 17 <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls 18 <string> ]; ... }; 19 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 20 ] [ dscp <integer> ]; 21 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 22 * ) ] [ dscp <integer> ]; 23 answer-cookie <boolean>; 24 attach-cache <string>; 25 auth-nxdomain <boolean>; 26 auto-dnssec ( allow | maintain | off ); 27 automatic-interface-scan <boolean>; 28 avoid-v4-udp-ports { <portrange>; ... }; 29 avoid-v6-udp-ports { <portrange>; ... }; 30 bindkeys-file <quoted_string>; 31 blackhole { <address_match_element>; ... }; 32 catalog-zones { zone <string> [ default-masters [ port <integer> ] 33 [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port 34 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 35 <string> ] [ tls <string> ]; ... } ] [ default-primaries [ port 36 <integer> ] [ dscp <integer> ] { ( <remote-servers> | 37 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 38 <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ 39 zone-directory <quoted_string> ] [ in-memory <boolean> ] [ 40 min-update-interval <duration> ]; ... }; 41 check-dup-records ( fail | warn | ignore ); 42 check-integrity <boolean>; 43 check-mx ( fail | warn | ignore ); 44 check-mx-cname ( fail | warn | ignore ); 45 check-names ( primary | master | 46 secondary | slave | response ) ( 47 fail | warn | ignore ); 48 check-sibling <boolean>; 49 check-spf ( warn | ignore ); 50 check-srv-cname ( fail | warn | ignore ); 51 check-wildcard <boolean>; 52 clients-per-query <integer>; 53 cookie-algorithm ( aes | siphash24 ); 54 cookie-secret <string>; 55 coresize ( default | unlimited | <sizeval> ); 56 datasize ( default | unlimited | <sizeval> ); 57 deny-answer-addresses { <address_match_element>; ... } [ 58 except-from { <string>; ... } ]; 59 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 60 } ]; 61 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 62 directory <quoted_string>; 63 disable-algorithms <string> { <string>; 64 ... }; 65 disable-ds-digests <string> { <string>; 66 ... }; 67 disable-empty-zone <string>; 68 dns64 <netprefix> { 69 break-dnssec <boolean>; 70 clients { <address_match_element>; ... }; 71 exclude { <address_match_element>; ... }; 72 mapped { <address_match_element>; ... }; 73 recursive-only <boolean>; 74 suffix <ipv6_address>; 75 }; 76 dns64-contact <string>; 77 dns64-server <string>; 78 dnskey-sig-validity <integer>; 79 dnsrps-enable <boolean>; 80 dnsrps-options { <unspecified-text> }; 81 dnssec-accept-expired <boolean>; 82 dnssec-dnskey-kskonly <boolean>; 83 dnssec-loadkeys-interval <integer>; 84 dnssec-must-be-secure <string> <boolean>; 85 dnssec-policy <string>; 86 dnssec-secure-to-insecure <boolean>; 87 dnssec-update-mode ( maintain | no-resign ); 88 dnssec-validation ( yes | no | auto ); 89 dnstap { ( all | auth | client | forwarder | resolver | update ) [ 90 ( query | response ) ]; ... }; 91 dnstap-identity ( <quoted_string> | none | hostname ); 92 dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | 93 <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( 94 increment | timestamp ) ]; 95 dnstap-version ( <quoted_string> | none ); 96 dscp <integer>; 97 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 98 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 99 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 100 <integer> ] [ dscp <integer> ] ); ... }; 101 dump-file <quoted_string>; 102 edns-udp-size <integer>; 103 empty-contact <string>; 104 empty-server <string>; 105 empty-zones-enable <boolean>; 106 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 107 fetches-per-server <integer> [ ( drop | fail ) ]; 108 fetches-per-zone <integer> [ ( drop | fail ) ]; 109 files ( default | unlimited | <sizeval> ); 110 flush-zones-on-shutdown <boolean>; 111 forward ( first | only ); 112 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 113 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 114 fstrm-set-buffer-hint <integer>; 115 fstrm-set-flush-timeout <integer>; 116 fstrm-set-input-queue-size <integer>; 117 fstrm-set-output-notify-threshold <integer>; 118 fstrm-set-output-queue-model ( mpsc | spsc ); 119 fstrm-set-output-queue-size <integer>; 120 fstrm-set-reopen-interval <duration>; 121 geoip-directory ( <quoted_string> | none ); 122 glue-cache <boolean>; // deprecated 123 heartbeat-interval <integer>; 124 hostname ( <quoted_string> | none ); 125 http-listener-clients <integer>; 126 http-port <integer>; 127 http-streams-per-connection <integer>; 128 https-port <integer>; 129 interface-interval <duration>; 130 ipv4only-contact <string>; 131 ipv4only-enable <boolean>; 132 ipv4only-server <string>; 133 ixfr-from-differences ( primary | master | secondary | slave | 134 <boolean> ); 135 keep-response-order { <address_match_element>; ... }; 136 key-directory <quoted_string>; 137 lame-ttl <duration>; 138 listen-on [ port <integer> ] [ dscp 139 <integer> ] [ tls <string> ] [ http 140 <string> ] { 141 <address_match_element>; ... }; 142 listen-on-v6 [ port <integer> ] [ dscp 143 <integer> ] [ tls <string> ] [ http 144 <string> ] { 145 <address_match_element>; ... }; 146 lmdb-mapsize <sizeval>; 147 lock-file ( <quoted_string> | none ); 148 managed-keys-directory <quoted_string>; 149 masterfile-format ( raw | text ); 150 masterfile-style ( full | relative ); 151 match-mapped-addresses <boolean>; 152 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 153 max-cache-ttl <duration>; 154 max-clients-per-query <integer>; 155 max-ixfr-ratio ( unlimited | <percentage> ); 156 max-journal-size ( default | unlimited | <sizeval> ); 157 max-ncache-ttl <duration>; 158 max-records <integer>; 159 max-recursion-depth <integer>; 160 max-recursion-queries <integer>; 161 max-refresh-time <integer>; 162 max-retry-time <integer>; 163 max-rsa-exponent-size <integer>; 164 max-stale-ttl <duration>; 165 max-transfer-idle-in <integer>; 166 max-transfer-idle-out <integer>; 167 max-transfer-time-in <integer>; 168 max-transfer-time-out <integer>; 169 max-udp-size <integer>; 170 max-zone-ttl ( unlimited | <duration> ); 171 memstatistics <boolean>; 172 memstatistics-file <quoted_string>; 173 message-compression <boolean>; 174 min-cache-ttl <duration>; 175 min-ncache-ttl <duration>; 176 min-refresh-time <integer>; 177 min-retry-time <integer>; 178 minimal-any <boolean>; 179 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 180 multi-master <boolean>; 181 new-zones-directory <quoted_string>; 182 no-case-compress { <address_match_element>; ... }; 183 nocookie-udp-size <integer>; 184 notify ( explicit | master-only | primary-only | <boolean> ); 185 notify-delay <integer>; 186 notify-rate <integer>; 187 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 188 dscp <integer> ]; 189 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 190 [ dscp <integer> ]; 191 notify-to-soa <boolean>; 192 nta-lifetime <duration>; 193 nta-recheck <duration>; 194 nxdomain-redirect <string>; 195 parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 196 dscp <integer> ]; 197 parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 198 ] [ dscp <integer> ]; 199 pid-file ( <quoted_string> | none ); 200 port <integer>; 201 preferred-glue <string>; 202 prefetch <integer> [ <integer> ]; 203 provide-ixfr <boolean>; 204 qname-minimization ( strict | relaxed | disabled | off ); 205 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 206 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 207 port ( <integer> | * ) ) ) [ dscp <integer> ]; 208 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 209 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 210 port ( <integer> | * ) ) ) [ dscp <integer> ]; 211 querylog <boolean>; 212 random-device ( <quoted_string> | none ); 213 rate-limit { 214 all-per-second <integer>; 215 errors-per-second <integer>; 216 exempt-clients { <address_match_element>; ... }; 217 ipv4-prefix-length <integer>; 218 ipv6-prefix-length <integer>; 219 log-only <boolean>; 220 max-table-size <integer>; 221 min-table-size <integer>; 222 nodata-per-second <integer>; 223 nxdomains-per-second <integer>; 224 qps-scale <integer>; 225 referrals-per-second <integer>; 226 responses-per-second <integer>; 227 slip <integer>; 228 window <integer>; 229 }; 230 recursing-file <quoted_string>; 231 recursion <boolean>; 232 recursive-clients <integer>; 233 request-expire <boolean>; 234 request-ixfr <boolean>; 235 request-nsid <boolean>; 236 require-server-cookie <boolean>; 237 reserved-sockets <integer>; 238 resolver-nonbackoff-tries <integer>; 239 resolver-query-timeout <integer>; 240 resolver-retry-interval <integer>; 241 response-padding { <address_match_element>; ... } block-size 242 <integer>; 243 response-policy { zone <string> [ add-soa <boolean> ] [ log 244 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 245 <duration> ] [ policy ( cname | disabled | drop | given | no-op 246 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 247 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 248 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 249 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 250 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 251 nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> 252 ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] 253 [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ 254 dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> 255 } ]; 256 root-delegation-only [ exclude { <string>; ... } ]; 257 root-key-sentinel <boolean>; 258 rrset-order { [ class <string> ] [ type <string> ] [ name 259 <quoted_string> ] <string> <string>; ... }; 260 secroots-file <quoted_string>; 261 send-cookie <boolean>; 262 serial-query-rate <integer>; 263 serial-update-method ( date | increment | unixtime ); 264 server-id ( <quoted_string> | none | hostname ); 265 servfail-ttl <duration>; 266 session-keyalg <string>; 267 session-keyfile ( <quoted_string> | none ); 268 session-keyname <string>; 269 sig-signing-nodes <integer>; 270 sig-signing-signatures <integer>; 271 sig-signing-type <integer>; 272 sig-validity-interval <integer> [ <integer> ]; 273 sortlist { <address_match_element>; ... }; 274 stacksize ( default | unlimited | <sizeval> ); 275 stale-answer-client-timeout ( disabled | off | <integer> ); 276 stale-answer-enable <boolean>; 277 stale-answer-ttl <duration>; 278 stale-cache-enable <boolean>; 279 stale-refresh-time <duration>; 280 startup-notify-rate <integer>; 281 statistics-file <quoted_string>; 282 synth-from-dnssec <boolean>; 283 tcp-advertised-timeout <integer>; 284 tcp-clients <integer>; 285 tcp-idle-timeout <integer>; 286 tcp-initial-timeout <integer>; 287 tcp-keepalive-timeout <integer>; 288 tcp-listen-queue <integer>; 289 tcp-receive-buffer <integer>; 290 tcp-send-buffer <integer>; 291 tkey-dhkey <quoted_string> <integer>; 292 tkey-domain <quoted_string>; 293 tkey-gssapi-credential <quoted_string>; 294 tkey-gssapi-keytab <quoted_string>; 295 tls-port <integer>; 296 transfer-format ( many-answers | one-answer ); 297 transfer-message-size <integer>; 298 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 299 dscp <integer> ]; 300 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 301 ] [ dscp <integer> ]; 302 transfers-in <integer>; 303 transfers-out <integer>; 304 transfers-per-ns <integer>; 305 trust-anchor-telemetry <boolean>; // experimental 306 try-tcp-refresh <boolean>; 307 udp-receive-buffer <integer>; 308 udp-send-buffer <integer>; 309 update-check-ksk <boolean>; 310 use-alt-transfer-source <boolean>; 311 use-v4-udp-ports { <portrange>; ... }; 312 use-v6-udp-ports { <portrange>; ... }; 313 v6-bias <integer>; 314 validate-except { <string>; ... }; 315 version ( <quoted_string> | none ); 316 zero-no-soa-ttl <boolean>; 317 zero-no-soa-ttl-cache <boolean>; 318 zone-statistics ( full | terse | none | <boolean> ); 319 }; 320