1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dnssec-policy <string> { 25 dnskey-ttl <duration>; 26 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 27 <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; 28 max-zone-ttl <duration>; 29 parent-ds-ttl <duration>; 30 parent-propagation-delay <duration>; 31 parent-registration-delay <duration>; 32 publish-safety <duration>; 33 retire-safety <duration>; 34 signatures-refresh <duration>; 35 signatures-validity <duration>; 36 signatures-validity-dnskey <duration>; 37 zone-propagation-delay <duration>; 38}; // may occur multiple times 39 40dyndb <string> <quoted_string> { 41 <unspecified-text> }; // may occur multiple times 42 43key <string> { 44 algorithm <string>; 45 secret <string>; 46}; // may occur multiple times 47 48logging { 49 category <string> { <string>; ... }; // may occur multiple times 50 channel <string> { 51 buffered <boolean>; 52 file <quoted_string> [ versions ( unlimited | <integer> ) ] 53 [ size <size> ] [ suffix ( increment | timestamp ) ]; 54 null; 55 print-category <boolean>; 56 print-severity <boolean>; 57 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 58 severity <log_severity>; 59 stderr; 60 syslog [ <syslog_facility> ]; 61 }; // may occur multiple times 62}; 63 64managed-keys { <string> ( static-key 65 | initial-key | static-ds | 66 initial-ds ) <integer> <integer> 67 <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 68 69masters <string> [ port <integer> ] [ dscp 70 <integer> ] { ( <masters> | <ipv4_address> [ 71 port <integer> ] | <ipv6_address> [ port 72 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 73 74options { 75 allow-new-zones <boolean>; 76 allow-notify { <address_match_element>; ... }; 77 allow-query { <address_match_element>; ... }; 78 allow-query-cache { <address_match_element>; ... }; 79 allow-query-cache-on { <address_match_element>; ... }; 80 allow-query-on { <address_match_element>; ... }; 81 allow-recursion { <address_match_element>; ... }; 82 allow-recursion-on { <address_match_element>; ... }; 83 allow-transfer { <address_match_element>; ... }; 84 allow-update { <address_match_element>; ... }; 85 allow-update-forwarding { <address_match_element>; ... }; 86 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 87 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 88 <integer> ] ) [ key <string> ]; ... }; 89 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 90 ] [ dscp <integer> ]; 91 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 92 * ) ] [ dscp <integer> ]; 93 answer-cookie <boolean>; 94 attach-cache <string>; 95 auth-nxdomain <boolean>; // default changed 96 auto-dnssec ( allow | maintain | off ); 97 automatic-interface-scan <boolean>; 98 avoid-v4-udp-ports { <portrange>; ... }; 99 avoid-v6-udp-ports { <portrange>; ... }; 100 bindkeys-file <quoted_string>; 101 blackhole { <address_match_element>; ... }; 102 cache-file <quoted_string>; 103 catalog-zones { zone <string> [ default-masters [ port <integer> ] 104 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 105 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 106 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 107 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 108 check-dup-records ( fail | warn | ignore ); 109 check-integrity <boolean>; 110 check-mx ( fail | warn | ignore ); 111 check-mx-cname ( fail | warn | ignore ); 112 check-names ( primary | master | 113 secondary | slave | response ) ( 114 fail | warn | ignore ); // may occur multiple times 115 check-sibling <boolean>; 116 check-spf ( warn | ignore ); 117 check-srv-cname ( fail | warn | ignore ); 118 check-wildcard <boolean>; 119 clients-per-query <integer>; 120 cookie-algorithm ( aes | siphash24 ); 121 cookie-secret <string>; // may occur multiple times 122 coresize ( default | unlimited | <sizeval> ); 123 datasize ( default | unlimited | <sizeval> ); 124 deny-answer-addresses { <address_match_element>; ... } [ 125 except-from { <string>; ... } ]; 126 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 127 } ]; 128 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 129 directory <quoted_string>; 130 disable-algorithms <string> { <string>; 131 ... }; // may occur multiple times 132 disable-ds-digests <string> { <string>; 133 ... }; // may occur multiple times 134 disable-empty-zone <string>; // may occur multiple times 135 dns64 <netprefix> { 136 break-dnssec <boolean>; 137 clients { <address_match_element>; ... }; 138 exclude { <address_match_element>; ... }; 139 mapped { <address_match_element>; ... }; 140 recursive-only <boolean>; 141 suffix <ipv6_address>; 142 }; // may occur multiple times 143 dns64-contact <string>; 144 dns64-server <string>; 145 dnskey-sig-validity <integer>; 146 dnsrps-enable <boolean>; // not configured 147 dnsrps-options { <unspecified-text> }; // not configured 148 dnssec-accept-expired <boolean>; 149 dnssec-dnskey-kskonly <boolean>; 150 dnssec-loadkeys-interval <integer>; 151 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 152 dnssec-policy <string>; 153 dnssec-secure-to-insecure <boolean>; 154 dnssec-update-mode ( maintain | no-resign ); 155 dnssec-validation ( yes | no | auto ); 156 dnstap { ( all | auth | client | forwarder | 157 resolver | update ) [ ( query | response ) ]; 158 ... }; // not configured 159 dnstap-identity ( <quoted_string> | none | 160 hostname ); // not configured 161 dnstap-output ( file | unix ) <quoted_string> [ 162 size ( unlimited | <size> ) ] [ versions ( 163 unlimited | <integer> ) ] [ suffix ( increment 164 | timestamp ) ]; // not configured 165 dnstap-version ( <quoted_string> | none ); // not configured 166 dscp <integer>; 167 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 168 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 169 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 170 <integer> ] [ dscp <integer> ] ); ... }; 171 dump-file <quoted_string>; 172 edns-udp-size <integer>; 173 empty-contact <string>; 174 empty-server <string>; 175 empty-zones-enable <boolean>; 176 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 177 fetches-per-server <integer> [ ( drop | fail ) ]; 178 fetches-per-zone <integer> [ ( drop | fail ) ]; 179 files ( default | unlimited | <sizeval> ); 180 flush-zones-on-shutdown <boolean>; 181 forward ( first | only ); 182 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 183 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 184 fstrm-set-buffer-hint <integer>; // not configured 185 fstrm-set-flush-timeout <integer>; // not configured 186 fstrm-set-input-queue-size <integer>; // not configured 187 fstrm-set-output-notify-threshold <integer>; // not configured 188 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 189 fstrm-set-output-queue-size <integer>; // not configured 190 fstrm-set-reopen-interval <duration>; // not configured 191 geoip-directory ( <quoted_string> | none ); 192 glue-cache <boolean>; 193 heartbeat-interval <integer>; 194 hostname ( <quoted_string> | none ); 195 inline-signing <boolean>; 196 interface-interval <duration>; 197 ixfr-from-differences ( primary | master | secondary | slave | 198 <boolean> ); 199 keep-response-order { <address_match_element>; ... }; 200 key-directory <quoted_string>; 201 lame-ttl <duration>; 202 listen-on [ port <integer> ] [ dscp 203 <integer> ] { 204 <address_match_element>; ... }; // may occur multiple times 205 listen-on-v6 [ port <integer> ] [ dscp 206 <integer> ] { 207 <address_match_element>; ... }; // may occur multiple times 208 lmdb-mapsize <sizeval>; 209 lock-file ( <quoted_string> | none ); 210 managed-keys-directory <quoted_string>; 211 masterfile-format ( map | raw | text ); 212 masterfile-style ( full | relative ); 213 match-mapped-addresses <boolean>; 214 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 215 max-cache-ttl <duration>; 216 max-clients-per-query <integer>; 217 max-journal-size ( default | unlimited | <sizeval> ); 218 max-ncache-ttl <duration>; 219 max-records <integer>; 220 max-recursion-depth <integer>; 221 max-recursion-queries <integer>; 222 max-refresh-time <integer>; 223 max-retry-time <integer>; 224 max-rsa-exponent-size <integer>; 225 max-stale-ttl <duration>; 226 max-transfer-idle-in <integer>; 227 max-transfer-idle-out <integer>; 228 max-transfer-time-in <integer>; 229 max-transfer-time-out <integer>; 230 max-udp-size <integer>; 231 max-zone-ttl ( unlimited | <duration> ); 232 memstatistics <boolean>; 233 memstatistics-file <quoted_string>; 234 message-compression <boolean>; 235 min-cache-ttl <duration>; 236 min-ncache-ttl <duration>; 237 min-refresh-time <integer>; 238 min-retry-time <integer>; 239 minimal-any <boolean>; 240 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 241 multi-master <boolean>; 242 new-zones-directory <quoted_string>; 243 no-case-compress { <address_match_element>; ... }; 244 nocookie-udp-size <integer>; 245 notify ( explicit | master-only | <boolean> ); 246 notify-delay <integer>; 247 notify-rate <integer>; 248 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 249 dscp <integer> ]; 250 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 251 [ dscp <integer> ]; 252 notify-to-soa <boolean>; 253 nta-lifetime <duration>; 254 nta-recheck <duration>; 255 nxdomain-redirect <string>; 256 pid-file ( <quoted_string> | none ); 257 port <integer>; 258 preferred-glue <string>; 259 prefetch <integer> [ <integer> ]; 260 provide-ixfr <boolean>; 261 qname-minimization ( strict | relaxed | disabled | off ); 262 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 263 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 264 port ( <integer> | * ) ) ) [ dscp <integer> ]; 265 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 266 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 267 port ( <integer> | * ) ) ) [ dscp <integer> ]; 268 querylog <boolean>; 269 random-device ( <quoted_string> | none ); 270 rate-limit { 271 all-per-second <integer>; 272 errors-per-second <integer>; 273 exempt-clients { <address_match_element>; ... }; 274 ipv4-prefix-length <integer>; 275 ipv6-prefix-length <integer>; 276 log-only <boolean>; 277 max-table-size <integer>; 278 min-table-size <integer>; 279 nodata-per-second <integer>; 280 nxdomains-per-second <integer>; 281 qps-scale <integer>; 282 referrals-per-second <integer>; 283 responses-per-second <integer>; 284 slip <integer>; 285 window <integer>; 286 }; 287 recursing-file <quoted_string>; 288 recursion <boolean>; 289 recursive-clients <integer>; 290 request-expire <boolean>; 291 request-ixfr <boolean>; 292 request-nsid <boolean>; 293 require-server-cookie <boolean>; 294 reserved-sockets <integer>; 295 resolver-nonbackoff-tries <integer>; 296 resolver-query-timeout <integer>; 297 resolver-retry-interval <integer>; 298 response-padding { <address_match_element>; ... } block-size 299 <integer>; 300 response-policy { zone <string> [ add-soa <boolean> ] [ log 301 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 302 <duration> ] [ policy ( cname | disabled | drop | given | no-op 303 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 304 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 305 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 306 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 307 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 308 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 309 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 310 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 311 dnsrps-options { <unspecified-text> } ]; 312 root-delegation-only [ exclude { <string>; ... } ]; 313 root-key-sentinel <boolean>; 314 rrset-order { [ class <string> ] [ type <string> ] [ name 315 <quoted_string> ] <string> <string>; ... }; 316 secroots-file <quoted_string>; 317 send-cookie <boolean>; 318 serial-query-rate <integer>; 319 serial-update-method ( date | increment | unixtime ); 320 server-id ( <quoted_string> | none | hostname ); 321 servfail-ttl <duration>; 322 session-keyalg <string>; 323 session-keyfile ( <quoted_string> | none ); 324 session-keyname <string>; 325 sig-signing-nodes <integer>; 326 sig-signing-signatures <integer>; 327 sig-signing-type <integer>; 328 sig-validity-interval <integer> [ <integer> ]; 329 sortlist { <address_match_element>; ... }; 330 stacksize ( default | unlimited | <sizeval> ); 331 stale-answer-enable <boolean>; 332 stale-answer-ttl <duration>; 333 startup-notify-rate <integer>; 334 statistics-file <quoted_string>; 335 synth-from-dnssec <boolean>; 336 tcp-advertised-timeout <integer>; 337 tcp-clients <integer>; 338 tcp-idle-timeout <integer>; 339 tcp-initial-timeout <integer>; 340 tcp-keepalive-timeout <integer>; 341 tcp-listen-queue <integer>; 342 tkey-dhkey <quoted_string> <integer>; 343 tkey-domain <quoted_string>; 344 tkey-gssapi-credential <quoted_string>; 345 tkey-gssapi-keytab <quoted_string>; 346 transfer-format ( many-answers | one-answer ); 347 transfer-message-size <integer>; 348 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 349 dscp <integer> ]; 350 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 351 ] [ dscp <integer> ]; 352 transfers-in <integer>; 353 transfers-out <integer>; 354 transfers-per-ns <integer>; 355 trust-anchor-telemetry <boolean>; // experimental 356 try-tcp-refresh <boolean>; 357 update-check-ksk <boolean>; 358 use-alt-transfer-source <boolean>; 359 use-v4-udp-ports { <portrange>; ... }; 360 use-v6-udp-ports { <portrange>; ... }; 361 v6-bias <integer>; 362 validate-except { <string>; ... }; 363 version ( <quoted_string> | none ); 364 zero-no-soa-ttl <boolean>; 365 zero-no-soa-ttl-cache <boolean>; 366 zone-statistics ( full | terse | none | <boolean> ); 367}; 368 369plugin ( query ) <string> [ { <unspecified-text> 370 } ]; // may occur multiple times 371 372server <netprefix> { 373 bogus <boolean>; 374 edns <boolean>; 375 edns-udp-size <integer>; 376 edns-version <integer>; 377 keys <server_key>; 378 max-udp-size <integer>; 379 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 380 dscp <integer> ]; 381 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 382 [ dscp <integer> ]; 383 padding <integer>; 384 provide-ixfr <boolean>; 385 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 386 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 387 port ( <integer> | * ) ) ) [ dscp <integer> ]; 388 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 389 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 390 port ( <integer> | * ) ) ) [ dscp <integer> ]; 391 request-expire <boolean>; 392 request-ixfr <boolean>; 393 request-nsid <boolean>; 394 send-cookie <boolean>; 395 tcp-keepalive <boolean>; 396 tcp-only <boolean>; 397 transfer-format ( many-answers | one-answer ); 398 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 399 dscp <integer> ]; 400 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 401 ] [ dscp <integer> ]; 402 transfers <integer>; 403}; // may occur multiple times 404 405statistics-channels { 406 inet ( <ipv4_address> | <ipv6_address> | 407 * ) [ port ( <integer> | * ) ] [ 408 allow { <address_match_element>; ... 409 } ]; // may occur multiple times 410}; // may occur multiple times 411 412trust-anchors { <string> ( static-key | 413 initial-key | static-ds | initial-ds ) 414 <integer> <integer> <integer> 415 <quoted_string>; ... }; // may occur multiple times 416 417trusted-keys { <string> <integer> 418 <integer> <integer> 419 <quoted_string>; ... }; // may occur multiple times, deprecated 420 421view <string> [ <class> ] { 422 allow-new-zones <boolean>; 423 allow-notify { <address_match_element>; ... }; 424 allow-query { <address_match_element>; ... }; 425 allow-query-cache { <address_match_element>; ... }; 426 allow-query-cache-on { <address_match_element>; ... }; 427 allow-query-on { <address_match_element>; ... }; 428 allow-recursion { <address_match_element>; ... }; 429 allow-recursion-on { <address_match_element>; ... }; 430 allow-transfer { <address_match_element>; ... }; 431 allow-update { <address_match_element>; ... }; 432 allow-update-forwarding { <address_match_element>; ... }; 433 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 434 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 435 <integer> ] ) [ key <string> ]; ... }; 436 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 437 ] [ dscp <integer> ]; 438 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 439 * ) ] [ dscp <integer> ]; 440 attach-cache <string>; 441 auth-nxdomain <boolean>; // default changed 442 auto-dnssec ( allow | maintain | off ); 443 cache-file <quoted_string>; 444 catalog-zones { zone <string> [ default-masters [ port <integer> ] 445 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 446 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 447 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 448 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 449 check-dup-records ( fail | warn | ignore ); 450 check-integrity <boolean>; 451 check-mx ( fail | warn | ignore ); 452 check-mx-cname ( fail | warn | ignore ); 453 check-names ( primary | master | 454 secondary | slave | response ) ( 455 fail | warn | ignore ); // may occur multiple times 456 check-sibling <boolean>; 457 check-spf ( warn | ignore ); 458 check-srv-cname ( fail | warn | ignore ); 459 check-wildcard <boolean>; 460 clients-per-query <integer>; 461 deny-answer-addresses { <address_match_element>; ... } [ 462 except-from { <string>; ... } ]; 463 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 464 } ]; 465 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 466 disable-algorithms <string> { <string>; 467 ... }; // may occur multiple times 468 disable-ds-digests <string> { <string>; 469 ... }; // may occur multiple times 470 disable-empty-zone <string>; // may occur multiple times 471 dlz <string> { 472 database <string>; 473 search <boolean>; 474 }; // may occur multiple times 475 dns64 <netprefix> { 476 break-dnssec <boolean>; 477 clients { <address_match_element>; ... }; 478 exclude { <address_match_element>; ... }; 479 mapped { <address_match_element>; ... }; 480 recursive-only <boolean>; 481 suffix <ipv6_address>; 482 }; // may occur multiple times 483 dns64-contact <string>; 484 dns64-server <string>; 485 dnskey-sig-validity <integer>; 486 dnsrps-enable <boolean>; // not configured 487 dnsrps-options { <unspecified-text> }; // not configured 488 dnssec-accept-expired <boolean>; 489 dnssec-dnskey-kskonly <boolean>; 490 dnssec-loadkeys-interval <integer>; 491 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 492 dnssec-policy <string>; 493 dnssec-secure-to-insecure <boolean>; 494 dnssec-update-mode ( maintain | no-resign ); 495 dnssec-validation ( yes | no | auto ); 496 dnstap { ( all | auth | client | forwarder | 497 resolver | update ) [ ( query | response ) ]; 498 ... }; // not configured 499 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 500 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 501 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 502 <integer> ] [ dscp <integer> ] ); ... }; 503 dyndb <string> <quoted_string> { 504 <unspecified-text> }; // may occur multiple times 505 edns-udp-size <integer>; 506 empty-contact <string>; 507 empty-server <string>; 508 empty-zones-enable <boolean>; 509 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 510 fetches-per-server <integer> [ ( drop | fail ) ]; 511 fetches-per-zone <integer> [ ( drop | fail ) ]; 512 forward ( first | only ); 513 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 514 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 515 glue-cache <boolean>; 516 inline-signing <boolean>; 517 ixfr-from-differences ( primary | master | secondary | slave | 518 <boolean> ); 519 key <string> { 520 algorithm <string>; 521 secret <string>; 522 }; // may occur multiple times 523 key-directory <quoted_string>; 524 lame-ttl <duration>; 525 lmdb-mapsize <sizeval>; 526 managed-keys { <string> ( 527 static-key | initial-key 528 | static-ds | initial-ds 529 ) <integer> <integer> 530 <integer> 531 <quoted_string>; ... }; // may occur multiple times, deprecated 532 masterfile-format ( map | raw | text ); 533 masterfile-style ( full | relative ); 534 match-clients { <address_match_element>; ... }; 535 match-destinations { <address_match_element>; ... }; 536 match-recursive-only <boolean>; 537 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 538 max-cache-ttl <duration>; 539 max-clients-per-query <integer>; 540 max-journal-size ( default | unlimited | <sizeval> ); 541 max-ncache-ttl <duration>; 542 max-records <integer>; 543 max-recursion-depth <integer>; 544 max-recursion-queries <integer>; 545 max-refresh-time <integer>; 546 max-retry-time <integer>; 547 max-stale-ttl <duration>; 548 max-transfer-idle-in <integer>; 549 max-transfer-idle-out <integer>; 550 max-transfer-time-in <integer>; 551 max-transfer-time-out <integer>; 552 max-udp-size <integer>; 553 max-zone-ttl ( unlimited | <duration> ); 554 message-compression <boolean>; 555 min-cache-ttl <duration>; 556 min-ncache-ttl <duration>; 557 min-refresh-time <integer>; 558 min-retry-time <integer>; 559 minimal-any <boolean>; 560 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 561 multi-master <boolean>; 562 new-zones-directory <quoted_string>; 563 no-case-compress { <address_match_element>; ... }; 564 nocookie-udp-size <integer>; 565 notify ( explicit | master-only | <boolean> ); 566 notify-delay <integer>; 567 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 568 dscp <integer> ]; 569 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 570 [ dscp <integer> ]; 571 notify-to-soa <boolean>; 572 nta-lifetime <duration>; 573 nta-recheck <duration>; 574 nxdomain-redirect <string>; 575 plugin ( query ) <string> [ { 576 <unspecified-text> } ]; // may occur multiple times 577 preferred-glue <string>; 578 prefetch <integer> [ <integer> ]; 579 provide-ixfr <boolean>; 580 qname-minimization ( strict | relaxed | disabled | off ); 581 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 582 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 583 port ( <integer> | * ) ) ) [ dscp <integer> ]; 584 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 585 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 586 port ( <integer> | * ) ) ) [ dscp <integer> ]; 587 rate-limit { 588 all-per-second <integer>; 589 errors-per-second <integer>; 590 exempt-clients { <address_match_element>; ... }; 591 ipv4-prefix-length <integer>; 592 ipv6-prefix-length <integer>; 593 log-only <boolean>; 594 max-table-size <integer>; 595 min-table-size <integer>; 596 nodata-per-second <integer>; 597 nxdomains-per-second <integer>; 598 qps-scale <integer>; 599 referrals-per-second <integer>; 600 responses-per-second <integer>; 601 slip <integer>; 602 window <integer>; 603 }; 604 recursion <boolean>; 605 request-expire <boolean>; 606 request-ixfr <boolean>; 607 request-nsid <boolean>; 608 require-server-cookie <boolean>; 609 resolver-nonbackoff-tries <integer>; 610 resolver-query-timeout <integer>; 611 resolver-retry-interval <integer>; 612 response-padding { <address_match_element>; ... } block-size 613 <integer>; 614 response-policy { zone <string> [ add-soa <boolean> ] [ log 615 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 616 <duration> ] [ policy ( cname | disabled | drop | given | no-op 617 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 618 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 619 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 620 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 621 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 622 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 623 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 624 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 625 dnsrps-options { <unspecified-text> } ]; 626 root-delegation-only [ exclude { <string>; ... } ]; 627 root-key-sentinel <boolean>; 628 rrset-order { [ class <string> ] [ type <string> ] [ name 629 <quoted_string> ] <string> <string>; ... }; 630 send-cookie <boolean>; 631 serial-update-method ( date | increment | unixtime ); 632 server <netprefix> { 633 bogus <boolean>; 634 edns <boolean>; 635 edns-udp-size <integer>; 636 edns-version <integer>; 637 keys <server_key>; 638 max-udp-size <integer>; 639 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 640 ) ] [ dscp <integer> ]; 641 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 642 | * ) ] [ dscp <integer> ]; 643 padding <integer>; 644 provide-ixfr <boolean>; 645 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 646 ( <integer> | * ) ] ) | ( [ [ address ] ( 647 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 648 dscp <integer> ]; 649 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 650 port ( <integer> | * ) ] ) | ( [ [ address ] ( 651 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 652 dscp <integer> ]; 653 request-expire <boolean>; 654 request-ixfr <boolean>; 655 request-nsid <boolean>; 656 send-cookie <boolean>; 657 tcp-keepalive <boolean>; 658 tcp-only <boolean>; 659 transfer-format ( many-answers | one-answer ); 660 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 661 * ) ] [ dscp <integer> ]; 662 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 663 <integer> | * ) ] [ dscp <integer> ]; 664 transfers <integer>; 665 }; // may occur multiple times 666 servfail-ttl <duration>; 667 sig-signing-nodes <integer>; 668 sig-signing-signatures <integer>; 669 sig-signing-type <integer>; 670 sig-validity-interval <integer> [ <integer> ]; 671 sortlist { <address_match_element>; ... }; 672 stale-answer-enable <boolean>; 673 stale-answer-ttl <duration>; 674 synth-from-dnssec <boolean>; 675 transfer-format ( many-answers | one-answer ); 676 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 677 dscp <integer> ]; 678 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 679 ] [ dscp <integer> ]; 680 trust-anchor-telemetry <boolean>; // experimental 681 trust-anchors { <string> ( static-key | 682 initial-key | static-ds | initial-ds 683 ) <integer> <integer> <integer> 684 <quoted_string>; ... }; // may occur multiple times 685 trusted-keys { <string> 686 <integer> <integer> 687 <integer> 688 <quoted_string>; ... }; // may occur multiple times, deprecated 689 try-tcp-refresh <boolean>; 690 update-check-ksk <boolean>; 691 use-alt-transfer-source <boolean>; 692 v6-bias <integer>; 693 validate-except { <string>; ... }; 694 zero-no-soa-ttl <boolean>; 695 zero-no-soa-ttl-cache <boolean>; 696 zone <string> [ <class> ] { 697 allow-notify { <address_match_element>; ... }; 698 allow-query { <address_match_element>; ... }; 699 allow-query-on { <address_match_element>; ... }; 700 allow-transfer { <address_match_element>; ... }; 701 allow-update { <address_match_element>; ... }; 702 allow-update-forwarding { <address_match_element>; ... }; 703 also-notify [ port <integer> ] [ dscp <integer> ] { ( 704 <masters> | <ipv4_address> [ port <integer> ] | 705 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 706 ... }; 707 alt-transfer-source ( <ipv4_address> | * ) [ port ( 708 <integer> | * ) ] [ dscp <integer> ]; 709 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 710 <integer> | * ) ] [ dscp <integer> ]; 711 auto-dnssec ( allow | maintain | off ); 712 check-dup-records ( fail | warn | ignore ); 713 check-integrity <boolean>; 714 check-mx ( fail | warn | ignore ); 715 check-mx-cname ( fail | warn | ignore ); 716 check-names ( fail | warn | ignore ); 717 check-sibling <boolean>; 718 check-spf ( warn | ignore ); 719 check-srv-cname ( fail | warn | ignore ); 720 check-wildcard <boolean>; 721 database <string>; 722 delegation-only <boolean>; 723 dialup ( notify | notify-passive | passive | refresh | 724 <boolean> ); 725 dlz <string>; 726 dnskey-sig-validity <integer>; 727 dnssec-dnskey-kskonly <boolean>; 728 dnssec-loadkeys-interval <integer>; 729 dnssec-policy <string>; 730 dnssec-secure-to-insecure <boolean>; 731 dnssec-update-mode ( maintain | no-resign ); 732 file <quoted_string>; 733 forward ( first | only ); 734 forwarders [ port <integer> ] [ dscp <integer> ] { ( 735 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 736 dscp <integer> ]; ... }; 737 in-view <string>; 738 inline-signing <boolean>; 739 ixfr-from-differences <boolean>; 740 journal <quoted_string>; 741 key-directory <quoted_string>; 742 masterfile-format ( map | raw | text ); 743 masterfile-style ( full | relative ); 744 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 745 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 746 port <integer> ] ) [ key <string> ]; ... }; 747 max-journal-size ( default | unlimited | <sizeval> ); 748 max-records <integer>; 749 max-refresh-time <integer>; 750 max-retry-time <integer>; 751 max-transfer-idle-in <integer>; 752 max-transfer-idle-out <integer>; 753 max-transfer-time-in <integer>; 754 max-transfer-time-out <integer>; 755 max-zone-ttl ( unlimited | <duration> ); 756 min-refresh-time <integer>; 757 min-retry-time <integer>; 758 multi-master <boolean>; 759 notify ( explicit | master-only | <boolean> ); 760 notify-delay <integer>; 761 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 762 ) ] [ dscp <integer> ]; 763 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 764 | * ) ] [ dscp <integer> ]; 765 notify-to-soa <boolean>; 766 request-expire <boolean>; 767 request-ixfr <boolean>; 768 serial-update-method ( date | increment | unixtime ); 769 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 770 server-names { <string>; ... }; 771 sig-signing-nodes <integer>; 772 sig-signing-signatures <integer>; 773 sig-signing-type <integer>; 774 sig-validity-interval <integer> [ <integer> ]; 775 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 776 * ) ] [ dscp <integer> ]; 777 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 778 <integer> | * ) ] [ dscp <integer> ]; 779 try-tcp-refresh <boolean>; 780 type ( primary | master | secondary | slave | mirror | 781 delegation-only | forward | hint | redirect | 782 static-stub | stub ); 783 update-check-ksk <boolean>; 784 update-policy ( local | { ( deny | grant ) <string> ( 785 6to4-self | external | krb5-self | krb5-selfsub | 786 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 787 name | self | selfsub | selfwild | subdomain | tcp-self 788 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 789 use-alt-transfer-source <boolean>; 790 zero-no-soa-ttl <boolean>; 791 zone-statistics ( full | terse | none | <boolean> ); 792 }; // may occur multiple times 793 zone-statistics ( full | terse | none | <boolean> ); 794}; // may occur multiple times 795 796zone <string> [ <class> ] { 797 allow-notify { <address_match_element>; ... }; 798 allow-query { <address_match_element>; ... }; 799 allow-query-on { <address_match_element>; ... }; 800 allow-transfer { <address_match_element>; ... }; 801 allow-update { <address_match_element>; ... }; 802 allow-update-forwarding { <address_match_element>; ... }; 803 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 804 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 805 <integer> ] ) [ key <string> ]; ... }; 806 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 807 ] [ dscp <integer> ]; 808 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 809 * ) ] [ dscp <integer> ]; 810 auto-dnssec ( allow | maintain | off ); 811 check-dup-records ( fail | warn | ignore ); 812 check-integrity <boolean>; 813 check-mx ( fail | warn | ignore ); 814 check-mx-cname ( fail | warn | ignore ); 815 check-names ( fail | warn | ignore ); 816 check-sibling <boolean>; 817 check-spf ( warn | ignore ); 818 check-srv-cname ( fail | warn | ignore ); 819 check-wildcard <boolean>; 820 database <string>; 821 delegation-only <boolean>; 822 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 823 dlz <string>; 824 dnskey-sig-validity <integer>; 825 dnssec-dnskey-kskonly <boolean>; 826 dnssec-loadkeys-interval <integer>; 827 dnssec-policy <string>; 828 dnssec-secure-to-insecure <boolean>; 829 dnssec-update-mode ( maintain | no-resign ); 830 file <quoted_string>; 831 forward ( first | only ); 832 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 833 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 834 in-view <string>; 835 inline-signing <boolean>; 836 ixfr-from-differences <boolean>; 837 journal <quoted_string>; 838 key-directory <quoted_string>; 839 masterfile-format ( map | raw | text ); 840 masterfile-style ( full | relative ); 841 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 842 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 843 <integer> ] ) [ key <string> ]; ... }; 844 max-journal-size ( default | unlimited | <sizeval> ); 845 max-records <integer>; 846 max-refresh-time <integer>; 847 max-retry-time <integer>; 848 max-transfer-idle-in <integer>; 849 max-transfer-idle-out <integer>; 850 max-transfer-time-in <integer>; 851 max-transfer-time-out <integer>; 852 max-zone-ttl ( unlimited | <duration> ); 853 min-refresh-time <integer>; 854 min-retry-time <integer>; 855 multi-master <boolean>; 856 notify ( explicit | master-only | <boolean> ); 857 notify-delay <integer>; 858 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 859 dscp <integer> ]; 860 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 861 [ dscp <integer> ]; 862 notify-to-soa <boolean>; 863 request-expire <boolean>; 864 request-ixfr <boolean>; 865 serial-update-method ( date | increment | unixtime ); 866 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 867 server-names { <string>; ... }; 868 sig-signing-nodes <integer>; 869 sig-signing-signatures <integer>; 870 sig-signing-type <integer>; 871 sig-validity-interval <integer> [ <integer> ]; 872 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 873 dscp <integer> ]; 874 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 875 ] [ dscp <integer> ]; 876 try-tcp-refresh <boolean>; 877 type ( primary | master | secondary | slave | mirror | 878 delegation-only | forward | hint | redirect | static-stub | 879 stub ); 880 update-check-ksk <boolean>; 881 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 882 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 883 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 884 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 885 <rrtypelist>; ... }; 886 use-alt-transfer-source <boolean>; 887 zero-no-soa-ttl <boolean>; 888 zone-statistics ( full | terse | none | <boolean> ); 889}; // may occur multiple times 890 891