1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dyndb <string> <quoted_string> { 25 <unspecified-text> }; // may occur multiple times 26 27key <string> { 28 algorithm <string>; 29 secret <string>; 30}; // may occur multiple times 31 32logging { 33 category <string> { <string>; ... }; // may occur multiple times 34 channel <string> { 35 buffered <boolean>; 36 file <quoted_string> [ versions ( "unlimited" | <integer> ) 37 ] [ size <size> ]; 38 null; 39 print-category <boolean>; 40 print-severity <boolean>; 41 print-time <boolean>; 42 severity <log_severity>; 43 stderr; 44 syslog [ <syslog_facility> ]; 45 }; // may occur multiple times 46}; 47 48lwres { 49 listen-on [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 50 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 51 lwres-clients <integer>; 52 lwres-tasks <integer>; 53 ndots <integer>; 54 search { <string>; ... }; 55 view <string> [ <class> ]; 56}; // may occur multiple times 57 58managed-keys { <string> <string> <integer> 59 <integer> <integer> <quoted_string>; ... }; // may occur multiple times 60 61masters <string> [ port <integer> ] [ dscp 62 <integer> ] { ( <masters> | <ipv4_address> [ 63 port <integer> ] | <ipv6_address> [ port 64 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 65 66options { 67 acache-cleaning-interval <integer>; 68 acache-enable <boolean>; 69 additional-from-auth <boolean>; 70 additional-from-cache <boolean>; 71 allow-new-zones <boolean>; 72 allow-notify { <address_match_element>; ... }; 73 allow-query { <address_match_element>; ... }; 74 allow-query-cache { <address_match_element>; ... }; 75 allow-query-cache-on { <address_match_element>; ... }; 76 allow-query-on { <address_match_element>; ... }; 77 allow-recursion { <address_match_element>; ... }; 78 allow-recursion-on { <address_match_element>; ... }; 79 allow-transfer { <address_match_element>; ... }; 80 allow-update { <address_match_element>; ... }; 81 allow-update-forwarding { <address_match_element>; ... }; 82 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 83 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 84 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 85 <integer> ] ) [ key <string> ]; ... }; 86 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 87 ] [ dscp <integer> ]; 88 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 89 * ) ] [ dscp <integer> ]; 90 answer-cookie <boolean>; 91 attach-cache <string>; 92 auth-nxdomain <boolean>; // default changed 93 auto-dnssec ( allow | maintain | off ); 94 automatic-interface-scan <boolean>; 95 avoid-v4-udp-ports { <portrange>; ... }; 96 avoid-v6-udp-ports { <portrange>; ... }; 97 bindkeys-file <quoted_string>; 98 blackhole { <address_match_element>; ... }; 99 cache-file <quoted_string>; 100 catalog-zones { zone <string> [ default-masters [ port <integer> ] 101 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 102 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 103 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 104 in-memory <boolean> ] [ min-update-interval <integer> ]; ... }; 105 check-dup-records ( fail | warn | ignore ); 106 check-integrity <boolean>; 107 check-mx ( fail | warn | ignore ); 108 check-mx-cname ( fail | warn | ignore ); 109 check-names ( master | slave | response 110 ) ( fail | warn | ignore ); // may occur multiple times 111 check-sibling <boolean>; 112 check-spf ( warn | ignore ); 113 check-srv-cname ( fail | warn | ignore ); 114 check-wildcard <boolean>; 115 cleaning-interval <integer>; 116 clients-per-query <integer>; 117 cookie-algorithm ( aes | sha1 | sha256 | siphash24 ); 118 cookie-secret <string>; // may occur multiple times 119 coresize ( default | unlimited | <sizeval> ); 120 datasize ( default | unlimited | <sizeval> ); 121 deallocate-on-exit <boolean>; // obsolete 122 deny-answer-addresses { <address_match_element>; ... } [ 123 except-from { <quoted_string>; ... } ]; 124 deny-answer-aliases { <quoted_string>; ... } [ except-from { 125 <quoted_string>; ... } ]; 126 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 127 directory <quoted_string>; 128 disable-algorithms <string> { <string>; 129 ... }; // may occur multiple times 130 disable-ds-digests <string> { <string>; 131 ... }; // may occur multiple times 132 disable-empty-zone <string>; // may occur multiple times 133 dns64 <netprefix> { 134 break-dnssec <boolean>; 135 clients { <address_match_element>; ... }; 136 exclude { <address_match_element>; ... }; 137 mapped { <address_match_element>; ... }; 138 recursive-only <boolean>; 139 suffix <ipv6_address>; 140 }; // may occur multiple times 141 dns64-contact <string>; 142 dns64-server <string>; 143 dnssec-accept-expired <boolean>; 144 dnssec-dnskey-kskonly <boolean>; 145 dnssec-enable <boolean>; 146 dnssec-loadkeys-interval <integer>; 147 dnssec-lookaside ( <string> trust-anchor 148 <string> | auto | no ); // may occur multiple times 149 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 150 dnssec-secure-to-insecure <boolean>; 151 dnssec-update-mode ( maintain | no-resign ); 152 dnssec-validation ( yes | no | auto ); 153 dnstap { ( all | auth | client | forwarder | 154 resolver ) [ ( query | response ) ]; ... }; // not configured 155 dnstap-identity ( <quoted_string> | none | 156 hostname ); // not configured 157 dnstap-output ( file | unix ) <quoted_string>; // not configured 158 dnstap-version ( <quoted_string> | none ); // not configured 159 dscp <integer>; 160 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 161 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 162 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 163 <integer> ] [ dscp <integer> ] ); ... }; 164 dump-file <quoted_string>; 165 edns-udp-size <integer>; 166 empty-contact <string>; 167 empty-server <string>; 168 empty-zones-enable <boolean>; 169 fake-iquery <boolean>; // obsolete 170 fetch-glue <boolean>; // obsolete 171 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 172 fetches-per-server <integer> [ ( drop | fail ) ]; 173 fetches-per-zone <integer> [ ( drop | fail ) ]; 174 files ( default | unlimited | <sizeval> ); 175 filter-aaaa { <address_match_element>; ... }; // not configured 176 filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured 177 filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured 178 flush-zones-on-shutdown <boolean>; 179 forward ( first | only ); 180 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 181 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 182 fstrm-set-buffer-hint <integer>; // not configured 183 fstrm-set-flush-timeout <integer>; // not configured 184 fstrm-set-input-queue-size <integer>; // not configured 185 fstrm-set-output-notify-threshold <integer>; // not configured 186 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 187 fstrm-set-output-queue-size <integer>; // not configured 188 fstrm-set-reopen-interval <integer>; // not configured 189 geoip-directory ( <quoted_string> | none ); // not configured 190 geoip-use-ecs <boolean>; // not configured 191 has-old-clients <boolean>; // obsolete 192 heartbeat-interval <integer>; 193 host-statistics <boolean>; // not implemented 194 host-statistics-max <integer>; // not implemented 195 hostname ( <quoted_string> | none ); 196 inline-signing <boolean>; 197 interface-interval <integer>; 198 ixfr-from-differences ( master | slave | <boolean> ); 199 keep-response-order { <address_match_element>; ... }; 200 key-directory <quoted_string>; 201 lame-ttl <ttlval>; 202 listen-on [ port <integer> ] [ dscp 203 <integer> ] { 204 <address_match_element>; ... }; // may occur multiple times 205 listen-on-v6 [ port <integer> ] [ dscp 206 <integer> ] { 207 <address_match_element>; ... }; // may occur multiple times 208 lmdb-mapsize <sizeval>; // non-operational 209 lock-file ( <quoted_string> | none ); 210 maintain-ixfr-base <boolean>; // obsolete 211 managed-keys-directory <quoted_string>; 212 masterfile-format ( map | raw | text ); 213 masterfile-style ( full | relative ); 214 match-mapped-addresses <boolean>; 215 max-acache-size ( unlimited | <sizeval> ); 216 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 217 max-cache-ttl <integer>; 218 max-clients-per-query <integer>; 219 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 220 max-journal-size ( unlimited | <sizeval> ); 221 max-ncache-ttl <integer>; 222 max-records <integer>; 223 max-recursion-depth <integer>; 224 max-recursion-queries <integer>; 225 max-refresh-time <integer>; 226 max-retry-time <integer>; 227 max-rsa-exponent-size <integer>; 228 max-transfer-idle-in <integer>; 229 max-transfer-idle-out <integer>; 230 max-transfer-time-in <integer>; 231 max-transfer-time-out <integer>; 232 max-udp-size <integer>; 233 max-zone-ttl ( unlimited | <ttlval> ); 234 memstatistics <boolean>; 235 memstatistics-file <quoted_string>; 236 message-compression <boolean>; 237 min-refresh-time <integer>; 238 min-retry-time <integer>; 239 min-roots <integer>; // not implemented 240 minimal-any <boolean>; 241 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 242 multi-master <boolean>; 243 multiple-cnames <boolean>; // obsolete 244 named-xfer <quoted_string>; // obsolete 245 no-case-compress { <address_match_element>; ... }; 246 nocookie-udp-size <integer>; 247 nosit-udp-size <integer>; // obsolete 248 notify ( explicit | master-only | <boolean> ); 249 notify-delay <integer>; 250 notify-rate <integer>; 251 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 252 dscp <integer> ]; 253 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 254 [ dscp <integer> ]; 255 notify-to-soa <boolean>; 256 nsec3-test-zone <boolean>; // test only 257 nta-lifetime <ttlval>; 258 nta-recheck <ttlval>; 259 nxdomain-redirect <string>; 260 pid-file ( <quoted_string> | none ); 261 port <integer>; 262 preferred-glue <string>; 263 prefetch <integer> [ <integer> ]; 264 provide-ixfr <boolean>; 265 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 266 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 267 port ( <integer> | * ) ) ) [ dscp <integer> ]; 268 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 269 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 270 port ( <integer> | * ) ) ) [ dscp <integer> ]; 271 querylog <boolean>; 272 queryport-pool-ports <integer>; // obsolete 273 queryport-pool-updateinterval <integer>; // obsolete 274 random-device <quoted_string>; 275 rate-limit { 276 all-per-second <integer>; 277 errors-per-second <integer>; 278 exempt-clients { <address_match_element>; ... }; 279 ipv4-prefix-length <integer>; 280 ipv6-prefix-length <integer>; 281 log-only <boolean>; 282 max-table-size <integer>; 283 min-table-size <integer>; 284 nodata-per-second <integer>; 285 nxdomains-per-second <integer>; 286 qps-scale <integer>; 287 referrals-per-second <integer>; 288 responses-per-second <integer>; 289 slip <integer>; 290 window <integer>; 291 }; 292 recursing-file <quoted_string>; 293 recursion <boolean>; 294 recursive-clients <integer>; 295 request-expire <boolean>; 296 request-ixfr <boolean>; 297 request-nsid <boolean>; 298 request-sit <boolean>; // obsolete 299 require-server-cookie <boolean>; 300 reserved-sockets <integer>; 301 resolver-query-timeout <integer>; 302 response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl 303 <integer> ] [ policy ( cname | disabled | drop | given | no-op 304 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 305 recursive-only <boolean> ]; ... } [ break-dnssec <boolean> ] [ 306 max-policy-ttl <integer> ] [ min-ns-dots <integer> ] [ 307 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 308 [ recursive-only <boolean> ]; 309 rfc2308-type1 <boolean>; // not yet implemented 310 root-delegation-only [ exclude { <quoted_string>; ... } ]; 311 root-key-sentinel <boolean>; 312 rrset-order { [ class <string> ] [ type <string> ] [ name 313 <quoted_string> ] <string> <string>; ... }; 314 secroots-file <quoted_string>; 315 send-cookie <boolean>; 316 serial-queries <integer>; // obsolete 317 serial-query-rate <integer>; 318 serial-update-method ( date | increment | unixtime ); 319 server-id ( <quoted_string> | none | hostname ); 320 servfail-ttl <ttlval>; 321 session-keyalg <string>; 322 session-keyfile ( <quoted_string> | none ); 323 session-keyname <string>; 324 sig-signing-nodes <integer>; 325 sig-signing-signatures <integer>; 326 sig-signing-type <integer>; 327 sig-validity-interval <integer> [ <integer> ]; 328 sit-secret <string>; // obsolete 329 sortlist { <address_match_element>; ... }; 330 stacksize ( default | unlimited | <sizeval> ); 331 startup-notify-rate <integer>; 332 statistics-file <quoted_string>; 333 statistics-interval <integer>; // not yet implemented 334 suppress-initial-notify <boolean>; // not yet implemented 335 tcp-clients <integer>; 336 tcp-listen-queue <integer>; 337 tkey-dhkey <quoted_string> <integer>; 338 tkey-domain <quoted_string>; 339 tkey-gssapi-credential <quoted_string>; 340 tkey-gssapi-keytab <quoted_string>; 341 topology { <address_match_element>; ... }; // not implemented 342 transfer-format ( many-answers | one-answer ); 343 transfer-message-size <integer>; 344 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 345 dscp <integer> ]; 346 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 347 ] [ dscp <integer> ]; 348 transfers-in <integer>; 349 transfers-out <integer>; 350 transfers-per-ns <integer>; 351 treat-cr-as-space <boolean>; // obsolete 352 trust-anchor-telemetry <boolean>; // experimental 353 try-tcp-refresh <boolean>; 354 update-check-ksk <boolean>; 355 use-alt-transfer-source <boolean>; 356 use-id-pool <boolean>; // obsolete 357 use-ixfr <boolean>; // obsolete 358 use-queryport-pool <boolean>; // obsolete 359 use-v4-udp-ports { <portrange>; ... }; 360 use-v6-udp-ports { <portrange>; ... }; 361 v6-bias <integer>; 362 version ( <quoted_string> | none ); 363 zero-no-soa-ttl <boolean>; 364 zero-no-soa-ttl-cache <boolean>; 365 zone-statistics ( full | terse | none | <boolean> ); 366}; 367 368server <netprefix> { 369 bogus <boolean>; 370 edns <boolean>; 371 edns-udp-size <integer>; 372 edns-version <integer>; 373 keys <server_key>; 374 max-udp-size <integer>; 375 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 376 dscp <integer> ]; 377 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 378 [ dscp <integer> ]; 379 provide-ixfr <boolean>; 380 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 381 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 382 port ( <integer> | * ) ) ) [ dscp <integer> ]; 383 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 384 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 385 port ( <integer> | * ) ) ) [ dscp <integer> ]; 386 request-expire <boolean>; 387 request-ixfr <boolean>; 388 request-nsid <boolean>; 389 request-sit <boolean>; // obsolete 390 send-cookie <boolean>; 391 support-ixfr <boolean>; // obsolete 392 tcp-only <boolean>; 393 transfer-format ( many-answers | one-answer ); 394 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 395 dscp <integer> ]; 396 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 397 ] [ dscp <integer> ]; 398 transfers <integer>; 399}; // may occur multiple times 400 401statistics-channels { 402 inet ( <ipv4_address> | <ipv6_address> | 403 * ) [ port ( <integer> | * ) ] [ 404 allow { <address_match_element>; ... 405 } ]; // may occur multiple times 406}; // may occur multiple times 407 408trusted-keys { <string> <integer> <integer> 409 <integer> <quoted_string>; ... }; // may occur multiple times 410 411view <string> [ <class> ] { 412 acache-cleaning-interval <integer>; 413 acache-enable <boolean>; 414 additional-from-auth <boolean>; 415 additional-from-cache <boolean>; 416 allow-new-zones <boolean>; 417 allow-notify { <address_match_element>; ... }; 418 allow-query { <address_match_element>; ... }; 419 allow-query-cache { <address_match_element>; ... }; 420 allow-query-cache-on { <address_match_element>; ... }; 421 allow-query-on { <address_match_element>; ... }; 422 allow-recursion { <address_match_element>; ... }; 423 allow-recursion-on { <address_match_element>; ... }; 424 allow-transfer { <address_match_element>; ... }; 425 allow-update { <address_match_element>; ... }; 426 allow-update-forwarding { <address_match_element>; ... }; 427 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 428 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 429 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 430 <integer> ] ) [ key <string> ]; ... }; 431 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 432 ] [ dscp <integer> ]; 433 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 434 * ) ] [ dscp <integer> ]; 435 attach-cache <string>; 436 auth-nxdomain <boolean>; // default changed 437 auto-dnssec ( allow | maintain | off ); 438 cache-file <quoted_string>; 439 catalog-zones { zone <string> [ default-masters [ port <integer> ] 440 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 441 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 442 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 443 in-memory <boolean> ] [ min-update-interval <integer> ]; ... }; 444 check-dup-records ( fail | warn | ignore ); 445 check-integrity <boolean>; 446 check-mx ( fail | warn | ignore ); 447 check-mx-cname ( fail | warn | ignore ); 448 check-names ( master | slave | response 449 ) ( fail | warn | ignore ); // may occur multiple times 450 check-sibling <boolean>; 451 check-spf ( warn | ignore ); 452 check-srv-cname ( fail | warn | ignore ); 453 check-wildcard <boolean>; 454 cleaning-interval <integer>; 455 clients-per-query <integer>; 456 deny-answer-addresses { <address_match_element>; ... } [ 457 except-from { <quoted_string>; ... } ]; 458 deny-answer-aliases { <quoted_string>; ... } [ except-from { 459 <quoted_string>; ... } ]; 460 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 461 disable-algorithms <string> { <string>; 462 ... }; // may occur multiple times 463 disable-ds-digests <string> { <string>; 464 ... }; // may occur multiple times 465 disable-empty-zone <string>; // may occur multiple times 466 dlz <string> { 467 database <string>; 468 search <boolean>; 469 }; // may occur multiple times 470 dns64 <netprefix> { 471 break-dnssec <boolean>; 472 clients { <address_match_element>; ... }; 473 exclude { <address_match_element>; ... }; 474 mapped { <address_match_element>; ... }; 475 recursive-only <boolean>; 476 suffix <ipv6_address>; 477 }; // may occur multiple times 478 dns64-contact <string>; 479 dns64-server <string>; 480 dnssec-accept-expired <boolean>; 481 dnssec-dnskey-kskonly <boolean>; 482 dnssec-enable <boolean>; 483 dnssec-loadkeys-interval <integer>; 484 dnssec-lookaside ( <string> trust-anchor 485 <string> | auto | no ); // may occur multiple times 486 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 487 dnssec-secure-to-insecure <boolean>; 488 dnssec-update-mode ( maintain | no-resign ); 489 dnssec-validation ( yes | no | auto ); 490 dnstap { ( all | auth | client | forwarder | 491 resolver ) [ ( query | response ) ]; ... }; // not configured 492 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 493 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 494 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 495 <integer> ] [ dscp <integer> ] ); ... }; 496 dyndb <string> <quoted_string> { 497 <unspecified-text> }; // may occur multiple times 498 edns-udp-size <integer>; 499 empty-contact <string>; 500 empty-server <string>; 501 empty-zones-enable <boolean>; 502 fetch-glue <boolean>; // obsolete 503 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 504 fetches-per-server <integer> [ ( drop | fail ) ]; 505 fetches-per-zone <integer> [ ( drop | fail ) ]; 506 filter-aaaa { <address_match_element>; ... }; // not configured 507 filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured 508 filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured 509 forward ( first | only ); 510 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 511 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 512 inline-signing <boolean>; 513 ixfr-from-differences ( master | slave | <boolean> ); 514 key <string> { 515 algorithm <string>; 516 secret <string>; 517 }; // may occur multiple times 518 key-directory <quoted_string>; 519 lame-ttl <ttlval>; 520 lmdb-mapsize <sizeval>; // non-operational 521 maintain-ixfr-base <boolean>; // obsolete 522 managed-keys { <string> <string> 523 <integer> <integer> <integer> 524 <quoted_string>; ... }; // may occur multiple times 525 masterfile-format ( map | raw | text ); 526 masterfile-style ( full | relative ); 527 match-clients { <address_match_element>; ... }; 528 match-destinations { <address_match_element>; ... }; 529 match-recursive-only <boolean>; 530 max-acache-size ( unlimited | <sizeval> ); 531 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 532 max-cache-ttl <integer>; 533 max-clients-per-query <integer>; 534 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 535 max-journal-size ( unlimited | <sizeval> ); 536 max-ncache-ttl <integer>; 537 max-records <integer>; 538 max-recursion-depth <integer>; 539 max-recursion-queries <integer>; 540 max-refresh-time <integer>; 541 max-retry-time <integer>; 542 max-transfer-idle-in <integer>; 543 max-transfer-idle-out <integer>; 544 max-transfer-time-in <integer>; 545 max-transfer-time-out <integer>; 546 max-udp-size <integer>; 547 max-zone-ttl ( unlimited | <ttlval> ); 548 message-compression <boolean>; 549 min-refresh-time <integer>; 550 min-retry-time <integer>; 551 min-roots <integer>; // not implemented 552 minimal-any <boolean>; 553 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 554 multi-master <boolean>; 555 no-case-compress { <address_match_element>; ... }; 556 nocookie-udp-size <integer>; 557 nosit-udp-size <integer>; // obsolete 558 notify ( explicit | master-only | <boolean> ); 559 notify-delay <integer>; 560 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 561 dscp <integer> ]; 562 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 563 [ dscp <integer> ]; 564 notify-to-soa <boolean>; 565 nsec3-test-zone <boolean>; // test only 566 nta-lifetime <ttlval>; 567 nta-recheck <ttlval>; 568 nxdomain-redirect <string>; 569 preferred-glue <string>; 570 prefetch <integer> [ <integer> ]; 571 provide-ixfr <boolean>; 572 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 573 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 574 port ( <integer> | * ) ) ) [ dscp <integer> ]; 575 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 576 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 577 port ( <integer> | * ) ) ) [ dscp <integer> ]; 578 queryport-pool-ports <integer>; // obsolete 579 queryport-pool-updateinterval <integer>; // obsolete 580 rate-limit { 581 all-per-second <integer>; 582 errors-per-second <integer>; 583 exempt-clients { <address_match_element>; ... }; 584 ipv4-prefix-length <integer>; 585 ipv6-prefix-length <integer>; 586 log-only <boolean>; 587 max-table-size <integer>; 588 min-table-size <integer>; 589 nodata-per-second <integer>; 590 nxdomains-per-second <integer>; 591 qps-scale <integer>; 592 referrals-per-second <integer>; 593 responses-per-second <integer>; 594 slip <integer>; 595 window <integer>; 596 }; 597 recursion <boolean>; 598 request-expire <boolean>; 599 request-ixfr <boolean>; 600 request-nsid <boolean>; 601 request-sit <boolean>; // obsolete 602 require-server-cookie <boolean>; 603 resolver-query-timeout <integer>; 604 response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl 605 <integer> ] [ policy ( cname | disabled | drop | given | no-op 606 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 607 recursive-only <boolean> ]; ... } [ break-dnssec <boolean> ] [ 608 max-policy-ttl <integer> ] [ min-ns-dots <integer> ] [ 609 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 610 [ recursive-only <boolean> ]; 611 rfc2308-type1 <boolean>; // not yet implemented 612 root-delegation-only [ exclude { <quoted_string>; ... } ]; 613 root-key-sentinel <boolean>; 614 rrset-order { [ class <string> ] [ type <string> ] [ name 615 <quoted_string> ] <string> <string>; ... }; 616 send-cookie <boolean>; 617 serial-update-method ( date | increment | unixtime ); 618 server <netprefix> { 619 bogus <boolean>; 620 edns <boolean>; 621 edns-udp-size <integer>; 622 edns-version <integer>; 623 keys <server_key>; 624 max-udp-size <integer>; 625 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 626 ) ] [ dscp <integer> ]; 627 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 628 | * ) ] [ dscp <integer> ]; 629 provide-ixfr <boolean>; 630 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 631 ( <integer> | * ) ] ) | ( [ [ address ] ( 632 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 633 dscp <integer> ]; 634 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 635 port ( <integer> | * ) ] ) | ( [ [ address ] ( 636 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 637 dscp <integer> ]; 638 request-expire <boolean>; 639 request-ixfr <boolean>; 640 request-nsid <boolean>; 641 request-sit <boolean>; // obsolete 642 send-cookie <boolean>; 643 support-ixfr <boolean>; // obsolete 644 tcp-only <boolean>; 645 transfer-format ( many-answers | one-answer ); 646 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 647 * ) ] [ dscp <integer> ]; 648 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 649 <integer> | * ) ] [ dscp <integer> ]; 650 transfers <integer>; 651 }; // may occur multiple times 652 servfail-ttl <ttlval>; 653 sig-signing-nodes <integer>; 654 sig-signing-signatures <integer>; 655 sig-signing-type <integer>; 656 sig-validity-interval <integer> [ <integer> ]; 657 sortlist { <address_match_element>; ... }; 658 suppress-initial-notify <boolean>; // not yet implemented 659 topology { <address_match_element>; ... }; // not implemented 660 transfer-format ( many-answers | one-answer ); 661 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 662 dscp <integer> ]; 663 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 664 ] [ dscp <integer> ]; 665 trust-anchor-telemetry <boolean>; // experimental 666 trusted-keys { <string> <integer> 667 <integer> <integer> <quoted_string>; 668 ... }; // may occur multiple times 669 try-tcp-refresh <boolean>; 670 update-check-ksk <boolean>; 671 use-alt-transfer-source <boolean>; 672 use-queryport-pool <boolean>; // obsolete 673 v6-bias <integer>; 674 zero-no-soa-ttl <boolean>; 675 zero-no-soa-ttl-cache <boolean>; 676 zone <string> [ <class> ] { 677 allow-notify { <address_match_element>; ... }; 678 allow-query { <address_match_element>; ... }; 679 allow-query-on { <address_match_element>; ... }; 680 allow-transfer { <address_match_element>; ... }; 681 allow-update { <address_match_element>; ... }; 682 allow-update-forwarding { <address_match_element>; ... }; 683 also-notify [ port <integer> ] [ dscp <integer> ] { ( 684 <masters> | <ipv4_address> [ port <integer> ] | 685 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 686 ... }; 687 alt-transfer-source ( <ipv4_address> | * ) [ port ( 688 <integer> | * ) ] [ dscp <integer> ]; 689 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 690 <integer> | * ) ] [ dscp <integer> ]; 691 auto-dnssec ( allow | maintain | off ); 692 check-dup-records ( fail | warn | ignore ); 693 check-integrity <boolean>; 694 check-mx ( fail | warn | ignore ); 695 check-mx-cname ( fail | warn | ignore ); 696 check-names ( fail | warn | ignore ); 697 check-sibling <boolean>; 698 check-spf ( warn | ignore ); 699 check-srv-cname ( fail | warn | ignore ); 700 check-wildcard <boolean>; 701 database <string>; 702 delegation-only <boolean>; 703 dialup ( notify | notify-passive | passive | refresh | 704 <boolean> ); 705 dlz <string>; 706 dnssec-dnskey-kskonly <boolean>; 707 dnssec-loadkeys-interval <integer>; 708 dnssec-secure-to-insecure <boolean>; 709 dnssec-update-mode ( maintain | no-resign ); 710 file <quoted_string>; 711 forward ( first | only ); 712 forwarders [ port <integer> ] [ dscp <integer> ] { ( 713 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 714 dscp <integer> ]; ... }; 715 in-view <string>; 716 inline-signing <boolean>; 717 ixfr-base <quoted_string>; // obsolete 718 ixfr-from-differences <boolean>; 719 ixfr-tmp-file <quoted_string>; // obsolete 720 journal <quoted_string>; 721 key-directory <quoted_string>; 722 maintain-ixfr-base <boolean>; // obsolete 723 masterfile-format ( map | raw | text ); 724 masterfile-style ( full | relative ); 725 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 726 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 727 port <integer> ] ) [ key <string> ]; ... }; 728 max-ixfr-log-size ( default | unlimited | 729 <sizeval> ); // obsolete 730 max-journal-size ( unlimited | <sizeval> ); 731 max-records <integer>; 732 max-refresh-time <integer>; 733 max-retry-time <integer>; 734 max-transfer-idle-in <integer>; 735 max-transfer-idle-out <integer>; 736 max-transfer-time-in <integer>; 737 max-transfer-time-out <integer>; 738 max-zone-ttl ( unlimited | <ttlval> ); 739 min-refresh-time <integer>; 740 min-retry-time <integer>; 741 multi-master <boolean>; 742 notify ( explicit | master-only | <boolean> ); 743 notify-delay <integer>; 744 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 745 ) ] [ dscp <integer> ]; 746 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 747 | * ) ] [ dscp <integer> ]; 748 notify-to-soa <boolean>; 749 nsec3-test-zone <boolean>; // test only 750 pubkey <integer> 751 <integer> 752 <integer> 753 <quoted_string>; // obsolete, may occur multiple times 754 request-expire <boolean>; 755 request-ixfr <boolean>; 756 serial-update-method ( date | increment | unixtime ); 757 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 758 server-names { <quoted_string>; ... }; 759 sig-signing-nodes <integer>; 760 sig-signing-signatures <integer>; 761 sig-signing-type <integer>; 762 sig-validity-interval <integer> [ <integer> ]; 763 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 764 * ) ] [ dscp <integer> ]; 765 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 766 <integer> | * ) ] [ dscp <integer> ]; 767 try-tcp-refresh <boolean>; 768 type ( delegation-only | forward | hint | master | redirect 769 | slave | static-stub | stub ); 770 update-check-ksk <boolean>; 771 update-policy ( local | { ( deny | grant ) <string> ( 772 6to4-self | external | krb5-self | krb5-selfsub | 773 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 774 name | self | selfsub | selfwild | subdomain | tcp-self 775 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 776 use-alt-transfer-source <boolean>; 777 zero-no-soa-ttl <boolean>; 778 zone-statistics ( full | terse | none | <boolean> ); 779 }; // may occur multiple times 780 zone-statistics ( full | terse | none | <boolean> ); 781}; // may occur multiple times 782 783zone <string> [ <class> ] { 784 allow-notify { <address_match_element>; ... }; 785 allow-query { <address_match_element>; ... }; 786 allow-query-on { <address_match_element>; ... }; 787 allow-transfer { <address_match_element>; ... }; 788 allow-update { <address_match_element>; ... }; 789 allow-update-forwarding { <address_match_element>; ... }; 790 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 791 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 792 <integer> ] ) [ key <string> ]; ... }; 793 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 794 ] [ dscp <integer> ]; 795 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 796 * ) ] [ dscp <integer> ]; 797 auto-dnssec ( allow | maintain | off ); 798 check-dup-records ( fail | warn | ignore ); 799 check-integrity <boolean>; 800 check-mx ( fail | warn | ignore ); 801 check-mx-cname ( fail | warn | ignore ); 802 check-names ( fail | warn | ignore ); 803 check-sibling <boolean>; 804 check-spf ( warn | ignore ); 805 check-srv-cname ( fail | warn | ignore ); 806 check-wildcard <boolean>; 807 database <string>; 808 delegation-only <boolean>; 809 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 810 dlz <string>; 811 dnssec-dnskey-kskonly <boolean>; 812 dnssec-loadkeys-interval <integer>; 813 dnssec-secure-to-insecure <boolean>; 814 dnssec-update-mode ( maintain | no-resign ); 815 file <quoted_string>; 816 forward ( first | only ); 817 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 818 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 819 in-view <string>; 820 inline-signing <boolean>; 821 ixfr-base <quoted_string>; // obsolete 822 ixfr-from-differences <boolean>; 823 ixfr-tmp-file <quoted_string>; // obsolete 824 journal <quoted_string>; 825 key-directory <quoted_string>; 826 maintain-ixfr-base <boolean>; // obsolete 827 masterfile-format ( map | raw | text ); 828 masterfile-style ( full | relative ); 829 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 830 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 831 <integer> ] ) [ key <string> ]; ... }; 832 max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete 833 max-journal-size ( unlimited | <sizeval> ); 834 max-records <integer>; 835 max-refresh-time <integer>; 836 max-retry-time <integer>; 837 max-transfer-idle-in <integer>; 838 max-transfer-idle-out <integer>; 839 max-transfer-time-in <integer>; 840 max-transfer-time-out <integer>; 841 max-zone-ttl ( unlimited | <ttlval> ); 842 min-refresh-time <integer>; 843 min-retry-time <integer>; 844 multi-master <boolean>; 845 notify ( explicit | master-only | <boolean> ); 846 notify-delay <integer>; 847 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 848 dscp <integer> ]; 849 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 850 [ dscp <integer> ]; 851 notify-to-soa <boolean>; 852 nsec3-test-zone <boolean>; // test only 853 pubkey <integer> <integer> 854 <integer> <quoted_string>; // obsolete, may occur multiple times 855 request-expire <boolean>; 856 request-ixfr <boolean>; 857 serial-update-method ( date | increment | unixtime ); 858 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 859 server-names { <quoted_string>; ... }; 860 sig-signing-nodes <integer>; 861 sig-signing-signatures <integer>; 862 sig-signing-type <integer>; 863 sig-validity-interval <integer> [ <integer> ]; 864 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 865 dscp <integer> ]; 866 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 867 ] [ dscp <integer> ]; 868 try-tcp-refresh <boolean>; 869 type ( delegation-only | forward | hint | master | redirect | slave 870 | static-stub | stub ); 871 update-check-ksk <boolean>; 872 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 873 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 874 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 875 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 876 <rrtypelist>; ... }; 877 use-alt-transfer-source <boolean>; 878 zero-no-soa-ttl <boolean>; 879 zone-statistics ( full | terse | none | <boolean> ); 880}; // may occur multiple times 881 882