1 2This is a summary of the named.conf options supported by 3this version of BIND 9. 4 5acl <string> { <address_match_element>; ... }; // may occur multiple times 6 7controls { 8 inet ( <ipv4_address> | <ipv6_address> | 9 * ) [ port ( <integer> | * ) ] allow 10 { <address_match_element>; ... } [ 11 keys { <string>; ... } ] [ read-only 12 <boolean> ]; // may occur multiple times 13 unix <quoted_string> perm <integer> 14 owner <integer> group <integer> [ 15 keys { <string>; ... } ] [ read-only 16 <boolean> ]; // may occur multiple times 17}; // may occur multiple times 18 19dlz <string> { 20 database <string>; 21 search <boolean>; 22}; // may occur multiple times 23 24dnssec-policy <string> { 25 dnskey-ttl <duration>; 26 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime 27 <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; 28 max-zone-ttl <duration>; 29 parent-ds-ttl <duration>; 30 parent-propagation-delay <duration>; 31 parent-registration-delay <duration>; 32 publish-safety <duration>; 33 retire-safety <duration>; 34 signatures-refresh <duration>; 35 signatures-validity <duration>; 36 signatures-validity-dnskey <duration>; 37 zone-propagation-delay <duration>; 38}; // may occur multiple times 39 40dyndb <string> <quoted_string> { 41 <unspecified-text> }; // may occur multiple times 42 43key <string> { 44 algorithm <string>; 45 secret <string>; 46}; // may occur multiple times 47 48logging { 49 category <string> { <string>; ... }; // may occur multiple times 50 channel <string> { 51 buffered <boolean>; 52 file <quoted_string> [ versions ( unlimited | <integer> ) ] 53 [ size <size> ] [ suffix ( increment | timestamp ) ]; 54 null; 55 print-category <boolean>; 56 print-severity <boolean>; 57 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 58 severity <log_severity>; 59 stderr; 60 syslog [ <syslog_facility> ]; 61 }; // may occur multiple times 62}; 63 64lwres { <unspecified-text> }; // obsolete, may occur multiple times 65 66managed-keys { <string> ( static-key 67 | initial-key | static-ds | 68 initial-ds ) <integer> <integer> 69 <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 70 71masters <string> [ port <integer> ] [ dscp 72 <integer> ] { ( <masters> | <ipv4_address> [ 73 port <integer> ] | <ipv6_address> [ port 74 <integer> ] ) [ key <string> ]; ... }; // may occur multiple times 75 76options { 77 acache-cleaning-interval <integer>; // obsolete 78 acache-enable <boolean>; // obsolete 79 additional-from-auth <boolean>; // obsolete 80 additional-from-cache <boolean>; // obsolete 81 allow-new-zones <boolean>; 82 allow-notify { <address_match_element>; ... }; 83 allow-query { <address_match_element>; ... }; 84 allow-query-cache { <address_match_element>; ... }; 85 allow-query-cache-on { <address_match_element>; ... }; 86 allow-query-on { <address_match_element>; ... }; 87 allow-recursion { <address_match_element>; ... }; 88 allow-recursion-on { <address_match_element>; ... }; 89 allow-transfer { <address_match_element>; ... }; 90 allow-update { <address_match_element>; ... }; 91 allow-update-forwarding { <address_match_element>; ... }; 92 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 93 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 94 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 95 <integer> ] ) [ key <string> ]; ... }; 96 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 97 ] [ dscp <integer> ]; 98 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 99 * ) ] [ dscp <integer> ]; 100 answer-cookie <boolean>; 101 attach-cache <string>; 102 auth-nxdomain <boolean>; // default changed 103 auto-dnssec ( allow | maintain | off ); 104 automatic-interface-scan <boolean>; 105 avoid-v4-udp-ports { <portrange>; ... }; 106 avoid-v6-udp-ports { <portrange>; ... }; 107 bindkeys-file <quoted_string>; 108 blackhole { <address_match_element>; ... }; 109 cache-file <quoted_string>; 110 catalog-zones { zone <string> [ default-masters [ port <integer> ] 111 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 112 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 113 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 114 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 115 check-dup-records ( fail | warn | ignore ); 116 check-integrity <boolean>; 117 check-mx ( fail | warn | ignore ); 118 check-mx-cname ( fail | warn | ignore ); 119 check-names ( primary | master | 120 secondary | slave | response ) ( 121 fail | warn | ignore ); // may occur multiple times 122 check-sibling <boolean>; 123 check-spf ( warn | ignore ); 124 check-srv-cname ( fail | warn | ignore ); 125 check-wildcard <boolean>; 126 cleaning-interval <integer>; // obsolete 127 clients-per-query <integer>; 128 cookie-algorithm ( aes | siphash24 ); 129 cookie-secret <string>; // may occur multiple times 130 coresize ( default | unlimited | <sizeval> ); 131 datasize ( default | unlimited | <sizeval> ); 132 deallocate-on-exit <boolean>; // ancient 133 deny-answer-addresses { <address_match_element>; ... } [ 134 except-from { <string>; ... } ]; 135 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 136 } ]; 137 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 138 directory <quoted_string>; 139 disable-algorithms <string> { <string>; 140 ... }; // may occur multiple times 141 disable-ds-digests <string> { <string>; 142 ... }; // may occur multiple times 143 disable-empty-zone <string>; // may occur multiple times 144 dns64 <netprefix> { 145 break-dnssec <boolean>; 146 clients { <address_match_element>; ... }; 147 exclude { <address_match_element>; ... }; 148 mapped { <address_match_element>; ... }; 149 recursive-only <boolean>; 150 suffix <ipv6_address>; 151 }; // may occur multiple times 152 dns64-contact <string>; 153 dns64-server <string>; 154 dnskey-sig-validity <integer>; 155 dnsrps-enable <boolean>; // not configured 156 dnsrps-options { <unspecified-text> }; // not configured 157 dnssec-accept-expired <boolean>; 158 dnssec-dnskey-kskonly <boolean>; 159 dnssec-enable <boolean>; // obsolete 160 dnssec-loadkeys-interval <integer>; 161 dnssec-lookaside ( <string> 162 trust-anchor <string> | 163 auto | no ); // obsolete, may occur multiple times 164 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 165 dnssec-policy <string>; 166 dnssec-secure-to-insecure <boolean>; 167 dnssec-update-mode ( maintain | no-resign ); 168 dnssec-validation ( yes | no | auto ); 169 dnstap { ( all | auth | client | forwarder | 170 resolver | update ) [ ( query | response ) ]; 171 ... }; // not configured 172 dnstap-identity ( <quoted_string> | none | 173 hostname ); // not configured 174 dnstap-output ( file | unix ) <quoted_string> [ 175 size ( unlimited | <size> ) ] [ versions ( 176 unlimited | <integer> ) ] [ suffix ( increment 177 | timestamp ) ]; // not configured 178 dnstap-version ( <quoted_string> | none ); // not configured 179 dscp <integer>; 180 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 181 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 182 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 183 <integer> ] [ dscp <integer> ] ); ... }; 184 dump-file <quoted_string>; 185 edns-udp-size <integer>; 186 empty-contact <string>; 187 empty-server <string>; 188 empty-zones-enable <boolean>; 189 fake-iquery <boolean>; // ancient 190 fetch-glue <boolean>; // ancient 191 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 192 fetches-per-server <integer> [ ( drop | fail ) ]; 193 fetches-per-zone <integer> [ ( drop | fail ) ]; 194 files ( default | unlimited | <sizeval> ); 195 filter-aaaa { <address_match_element>; ... }; // obsolete 196 filter-aaaa-on-v4 <boolean>; // obsolete 197 filter-aaaa-on-v6 <boolean>; // obsolete 198 flush-zones-on-shutdown <boolean>; 199 forward ( first | only ); 200 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 201 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 202 fstrm-set-buffer-hint <integer>; // not configured 203 fstrm-set-flush-timeout <integer>; // not configured 204 fstrm-set-input-queue-size <integer>; // not configured 205 fstrm-set-output-notify-threshold <integer>; // not configured 206 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 207 fstrm-set-output-queue-size <integer>; // not configured 208 fstrm-set-reopen-interval <duration>; // not configured 209 geoip-directory ( <quoted_string> | none ); 210 geoip-use-ecs <boolean>; // obsolete 211 glue-cache <boolean>; 212 has-old-clients <boolean>; // ancient 213 heartbeat-interval <integer>; 214 host-statistics <boolean>; // ancient 215 host-statistics-max <integer>; // ancient 216 hostname ( <quoted_string> | none ); 217 inline-signing <boolean>; 218 interface-interval <duration>; 219 ixfr-from-differences ( primary | master | secondary | slave | 220 <boolean> ); 221 keep-response-order { <address_match_element>; ... }; 222 key-directory <quoted_string>; 223 lame-ttl <duration>; 224 listen-on [ port <integer> ] [ dscp 225 <integer> ] { 226 <address_match_element>; ... }; // may occur multiple times 227 listen-on-v6 [ port <integer> ] [ dscp 228 <integer> ] { 229 <address_match_element>; ... }; // may occur multiple times 230 lmdb-mapsize <sizeval>; 231 lock-file ( <quoted_string> | none ); 232 maintain-ixfr-base <boolean>; // ancient 233 managed-keys-directory <quoted_string>; 234 masterfile-format ( map | raw | text ); 235 masterfile-style ( full | relative ); 236 match-mapped-addresses <boolean>; 237 max-acache-size ( unlimited | <sizeval> ); // obsolete 238 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 239 max-cache-ttl <duration>; 240 max-clients-per-query <integer>; 241 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 242 max-journal-size ( default | unlimited | <sizeval> ); 243 max-ncache-ttl <duration>; 244 max-records <integer>; 245 max-recursion-depth <integer>; 246 max-recursion-queries <integer>; 247 max-refresh-time <integer>; 248 max-retry-time <integer>; 249 max-rsa-exponent-size <integer>; 250 max-stale-ttl <duration>; 251 max-transfer-idle-in <integer>; 252 max-transfer-idle-out <integer>; 253 max-transfer-time-in <integer>; 254 max-transfer-time-out <integer>; 255 max-udp-size <integer>; 256 max-zone-ttl ( unlimited | <duration> ); 257 memstatistics <boolean>; 258 memstatistics-file <quoted_string>; 259 message-compression <boolean>; 260 min-cache-ttl <duration>; 261 min-ncache-ttl <duration>; 262 min-refresh-time <integer>; 263 min-retry-time <integer>; 264 min-roots <integer>; // ancient 265 minimal-any <boolean>; 266 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 267 multi-master <boolean>; 268 multiple-cnames <boolean>; // ancient 269 named-xfer <quoted_string>; // ancient 270 new-zones-directory <quoted_string>; 271 no-case-compress { <address_match_element>; ... }; 272 nocookie-udp-size <integer>; 273 nosit-udp-size <integer>; // obsolete 274 notify ( explicit | master-only | <boolean> ); 275 notify-delay <integer>; 276 notify-rate <integer>; 277 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 278 dscp <integer> ]; 279 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 280 [ dscp <integer> ]; 281 notify-to-soa <boolean>; 282 nsec3-test-zone <boolean>; // test only 283 nta-lifetime <duration>; 284 nta-recheck <duration>; 285 nxdomain-redirect <string>; 286 pid-file ( <quoted_string> | none ); 287 port <integer>; 288 preferred-glue <string>; 289 prefetch <integer> [ <integer> ]; 290 provide-ixfr <boolean>; 291 qname-minimization ( strict | relaxed | disabled | off ); 292 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 293 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 294 port ( <integer> | * ) ) ) [ dscp <integer> ]; 295 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 296 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 297 port ( <integer> | * ) ) ) [ dscp <integer> ]; 298 querylog <boolean>; 299 queryport-pool-ports <integer>; // obsolete 300 queryport-pool-updateinterval <integer>; // obsolete 301 random-device ( <quoted_string> | none ); 302 rate-limit { 303 all-per-second <integer>; 304 errors-per-second <integer>; 305 exempt-clients { <address_match_element>; ... }; 306 ipv4-prefix-length <integer>; 307 ipv6-prefix-length <integer>; 308 log-only <boolean>; 309 max-table-size <integer>; 310 min-table-size <integer>; 311 nodata-per-second <integer>; 312 nxdomains-per-second <integer>; 313 qps-scale <integer>; 314 referrals-per-second <integer>; 315 responses-per-second <integer>; 316 slip <integer>; 317 window <integer>; 318 }; 319 recursing-file <quoted_string>; 320 recursion <boolean>; 321 recursive-clients <integer>; 322 request-expire <boolean>; 323 request-ixfr <boolean>; 324 request-nsid <boolean>; 325 request-sit <boolean>; // obsolete 326 require-server-cookie <boolean>; 327 reserved-sockets <integer>; 328 resolver-nonbackoff-tries <integer>; 329 resolver-query-timeout <integer>; 330 resolver-retry-interval <integer>; 331 response-padding { <address_match_element>; ... } block-size 332 <integer>; 333 response-policy { zone <string> [ add-soa <boolean> ] [ log 334 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 335 <duration> ] [ policy ( cname | disabled | drop | given | no-op 336 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 337 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 338 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 339 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 340 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 341 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 342 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 343 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 344 dnsrps-options { <unspecified-text> } ]; 345 rfc2308-type1 <boolean>; // ancient 346 root-delegation-only [ exclude { <string>; ... } ]; 347 root-key-sentinel <boolean>; 348 rrset-order { [ class <string> ] [ type <string> ] [ name 349 <quoted_string> ] <string> <string>; ... }; 350 secroots-file <quoted_string>; 351 send-cookie <boolean>; 352 serial-queries <integer>; // ancient 353 serial-query-rate <integer>; 354 serial-update-method ( date | increment | unixtime ); 355 server-id ( <quoted_string> | none | hostname ); 356 servfail-ttl <duration>; 357 session-keyalg <string>; 358 session-keyfile ( <quoted_string> | none ); 359 session-keyname <string>; 360 sig-signing-nodes <integer>; 361 sig-signing-signatures <integer>; 362 sig-signing-type <integer>; 363 sig-validity-interval <integer> [ <integer> ]; 364 sit-secret <string>; // obsolete 365 sortlist { <address_match_element>; ... }; 366 stacksize ( default | unlimited | <sizeval> ); 367 stale-answer-enable <boolean>; 368 stale-answer-ttl <duration>; 369 startup-notify-rate <integer>; 370 statistics-file <quoted_string>; 371 statistics-interval <integer>; // ancient 372 suppress-initial-notify <boolean>; // not yet implemented 373 synth-from-dnssec <boolean>; 374 tcp-advertised-timeout <integer>; 375 tcp-clients <integer>; 376 tcp-idle-timeout <integer>; 377 tcp-initial-timeout <integer>; 378 tcp-keepalive-timeout <integer>; 379 tcp-listen-queue <integer>; 380 tkey-dhkey <quoted_string> <integer>; 381 tkey-domain <quoted_string>; 382 tkey-gssapi-credential <quoted_string>; 383 tkey-gssapi-keytab <quoted_string>; 384 topology { <address_match_element>; ... }; // ancient 385 transfer-format ( many-answers | one-answer ); 386 transfer-message-size <integer>; 387 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 388 dscp <integer> ]; 389 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 390 ] [ dscp <integer> ]; 391 transfers-in <integer>; 392 transfers-out <integer>; 393 transfers-per-ns <integer>; 394 treat-cr-as-space <boolean>; // ancient 395 trust-anchor-telemetry <boolean>; // experimental 396 try-tcp-refresh <boolean>; 397 update-check-ksk <boolean>; 398 use-alt-transfer-source <boolean>; 399 use-id-pool <boolean>; // ancient 400 use-ixfr <boolean>; // obsolete 401 use-queryport-pool <boolean>; // obsolete 402 use-v4-udp-ports { <portrange>; ... }; 403 use-v6-udp-ports { <portrange>; ... }; 404 v6-bias <integer>; 405 validate-except { <string>; ... }; 406 version ( <quoted_string> | none ); 407 zero-no-soa-ttl <boolean>; 408 zero-no-soa-ttl-cache <boolean>; 409 zone-statistics ( full | terse | none | <boolean> ); 410}; 411 412plugin ( query ) <string> [ { <unspecified-text> 413 } ]; // may occur multiple times 414 415server <netprefix> { 416 bogus <boolean>; 417 edns <boolean>; 418 edns-udp-size <integer>; 419 edns-version <integer>; 420 keys <server_key>; 421 max-udp-size <integer>; 422 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 423 dscp <integer> ]; 424 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 425 [ dscp <integer> ]; 426 padding <integer>; 427 provide-ixfr <boolean>; 428 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 429 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 430 port ( <integer> | * ) ) ) [ dscp <integer> ]; 431 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 432 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 433 port ( <integer> | * ) ) ) [ dscp <integer> ]; 434 request-expire <boolean>; 435 request-ixfr <boolean>; 436 request-nsid <boolean>; 437 request-sit <boolean>; // obsolete 438 send-cookie <boolean>; 439 support-ixfr <boolean>; // obsolete 440 tcp-keepalive <boolean>; 441 tcp-only <boolean>; 442 transfer-format ( many-answers | one-answer ); 443 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 444 dscp <integer> ]; 445 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 446 ] [ dscp <integer> ]; 447 transfers <integer>; 448}; // may occur multiple times 449 450statistics-channels { 451 inet ( <ipv4_address> | <ipv6_address> | 452 * ) [ port ( <integer> | * ) ] [ 453 allow { <address_match_element>; ... 454 } ]; // may occur multiple times 455}; // may occur multiple times 456 457trust-anchors { <string> ( static-key | 458 initial-key | static-ds | initial-ds ) 459 <integer> <integer> <integer> 460 <quoted_string>; ... }; // may occur multiple times 461 462trusted-keys { <string> <integer> 463 <integer> <integer> 464 <quoted_string>; ... }; // may occur multiple times, deprecated 465 466view <string> [ <class> ] { 467 acache-cleaning-interval <integer>; // obsolete 468 acache-enable <boolean>; // obsolete 469 additional-from-auth <boolean>; // obsolete 470 additional-from-cache <boolean>; // obsolete 471 allow-new-zones <boolean>; 472 allow-notify { <address_match_element>; ... }; 473 allow-query { <address_match_element>; ... }; 474 allow-query-cache { <address_match_element>; ... }; 475 allow-query-cache-on { <address_match_element>; ... }; 476 allow-query-on { <address_match_element>; ... }; 477 allow-recursion { <address_match_element>; ... }; 478 allow-recursion-on { <address_match_element>; ... }; 479 allow-transfer { <address_match_element>; ... }; 480 allow-update { <address_match_element>; ... }; 481 allow-update-forwarding { <address_match_element>; ... }; 482 allow-v6-synthesis { <address_match_element>; ... }; // obsolete 483 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 484 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 485 <integer> ] ) [ key <string> ]; ... }; 486 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 487 ] [ dscp <integer> ]; 488 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 489 * ) ] [ dscp <integer> ]; 490 attach-cache <string>; 491 auth-nxdomain <boolean>; // default changed 492 auto-dnssec ( allow | maintain | off ); 493 cache-file <quoted_string>; 494 catalog-zones { zone <string> [ default-masters [ port <integer> ] 495 [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port 496 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key 497 <string> ]; ... } ] [ zone-directory <quoted_string> ] [ 498 in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 499 check-dup-records ( fail | warn | ignore ); 500 check-integrity <boolean>; 501 check-mx ( fail | warn | ignore ); 502 check-mx-cname ( fail | warn | ignore ); 503 check-names ( primary | master | 504 secondary | slave | response ) ( 505 fail | warn | ignore ); // may occur multiple times 506 check-sibling <boolean>; 507 check-spf ( warn | ignore ); 508 check-srv-cname ( fail | warn | ignore ); 509 check-wildcard <boolean>; 510 cleaning-interval <integer>; // obsolete 511 clients-per-query <integer>; 512 deny-answer-addresses { <address_match_element>; ... } [ 513 except-from { <string>; ... } ]; 514 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... 515 } ]; 516 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 517 disable-algorithms <string> { <string>; 518 ... }; // may occur multiple times 519 disable-ds-digests <string> { <string>; 520 ... }; // may occur multiple times 521 disable-empty-zone <string>; // may occur multiple times 522 dlz <string> { 523 database <string>; 524 search <boolean>; 525 }; // may occur multiple times 526 dns64 <netprefix> { 527 break-dnssec <boolean>; 528 clients { <address_match_element>; ... }; 529 exclude { <address_match_element>; ... }; 530 mapped { <address_match_element>; ... }; 531 recursive-only <boolean>; 532 suffix <ipv6_address>; 533 }; // may occur multiple times 534 dns64-contact <string>; 535 dns64-server <string>; 536 dnskey-sig-validity <integer>; 537 dnsrps-enable <boolean>; // not configured 538 dnsrps-options { <unspecified-text> }; // not configured 539 dnssec-accept-expired <boolean>; 540 dnssec-dnskey-kskonly <boolean>; 541 dnssec-enable <boolean>; // obsolete 542 dnssec-loadkeys-interval <integer>; 543 dnssec-lookaside ( <string> 544 trust-anchor <string> | 545 auto | no ); // obsolete, may occur multiple times 546 dnssec-must-be-secure <string> <boolean>; // may occur multiple times 547 dnssec-policy <string>; 548 dnssec-secure-to-insecure <boolean>; 549 dnssec-update-mode ( maintain | no-resign ); 550 dnssec-validation ( yes | no | auto ); 551 dnstap { ( all | auth | client | forwarder | 552 resolver | update ) [ ( query | response ) ]; 553 ... }; // not configured 554 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port 555 <integer> ] [ dscp <integer> ] | <ipv4_address> [ port 556 <integer> ] [ dscp <integer> ] | <ipv6_address> [ port 557 <integer> ] [ dscp <integer> ] ); ... }; 558 dyndb <string> <quoted_string> { 559 <unspecified-text> }; // may occur multiple times 560 edns-udp-size <integer>; 561 empty-contact <string>; 562 empty-server <string>; 563 empty-zones-enable <boolean>; 564 fetch-glue <boolean>; // ancient 565 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 566 fetches-per-server <integer> [ ( drop | fail ) ]; 567 fetches-per-zone <integer> [ ( drop | fail ) ]; 568 filter-aaaa { <address_match_element>; ... }; // obsolete 569 filter-aaaa-on-v4 <boolean>; // obsolete 570 filter-aaaa-on-v6 <boolean>; // obsolete 571 forward ( first | only ); 572 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 573 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 574 glue-cache <boolean>; 575 inline-signing <boolean>; 576 ixfr-from-differences ( primary | master | secondary | slave | 577 <boolean> ); 578 key <string> { 579 algorithm <string>; 580 secret <string>; 581 }; // may occur multiple times 582 key-directory <quoted_string>; 583 lame-ttl <duration>; 584 lmdb-mapsize <sizeval>; 585 maintain-ixfr-base <boolean>; // ancient 586 managed-keys { <string> ( 587 static-key | initial-key 588 | static-ds | initial-ds 589 ) <integer> <integer> 590 <integer> 591 <quoted_string>; ... }; // may occur multiple times, deprecated 592 masterfile-format ( map | raw | text ); 593 masterfile-style ( full | relative ); 594 match-clients { <address_match_element>; ... }; 595 match-destinations { <address_match_element>; ... }; 596 match-recursive-only <boolean>; 597 max-acache-size ( unlimited | <sizeval> ); // obsolete 598 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 599 max-cache-ttl <duration>; 600 max-clients-per-query <integer>; 601 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 602 max-journal-size ( default | unlimited | <sizeval> ); 603 max-ncache-ttl <duration>; 604 max-records <integer>; 605 max-recursion-depth <integer>; 606 max-recursion-queries <integer>; 607 max-refresh-time <integer>; 608 max-retry-time <integer>; 609 max-stale-ttl <duration>; 610 max-transfer-idle-in <integer>; 611 max-transfer-idle-out <integer>; 612 max-transfer-time-in <integer>; 613 max-transfer-time-out <integer>; 614 max-udp-size <integer>; 615 max-zone-ttl ( unlimited | <duration> ); 616 message-compression <boolean>; 617 min-cache-ttl <duration>; 618 min-ncache-ttl <duration>; 619 min-refresh-time <integer>; 620 min-retry-time <integer>; 621 min-roots <integer>; // ancient 622 minimal-any <boolean>; 623 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 624 multi-master <boolean>; 625 new-zones-directory <quoted_string>; 626 no-case-compress { <address_match_element>; ... }; 627 nocookie-udp-size <integer>; 628 nosit-udp-size <integer>; // obsolete 629 notify ( explicit | master-only | <boolean> ); 630 notify-delay <integer>; 631 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 632 dscp <integer> ]; 633 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 634 [ dscp <integer> ]; 635 notify-to-soa <boolean>; 636 nsec3-test-zone <boolean>; // test only 637 nta-lifetime <duration>; 638 nta-recheck <duration>; 639 nxdomain-redirect <string>; 640 plugin ( query ) <string> [ { 641 <unspecified-text> } ]; // may occur multiple times 642 preferred-glue <string>; 643 prefetch <integer> [ <integer> ]; 644 provide-ixfr <boolean>; 645 qname-minimization ( strict | relaxed | disabled | off ); 646 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( 647 <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] 648 port ( <integer> | * ) ) ) [ dscp <integer> ]; 649 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( 650 <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] 651 port ( <integer> | * ) ) ) [ dscp <integer> ]; 652 queryport-pool-ports <integer>; // obsolete 653 queryport-pool-updateinterval <integer>; // obsolete 654 rate-limit { 655 all-per-second <integer>; 656 errors-per-second <integer>; 657 exempt-clients { <address_match_element>; ... }; 658 ipv4-prefix-length <integer>; 659 ipv6-prefix-length <integer>; 660 log-only <boolean>; 661 max-table-size <integer>; 662 min-table-size <integer>; 663 nodata-per-second <integer>; 664 nxdomains-per-second <integer>; 665 qps-scale <integer>; 666 referrals-per-second <integer>; 667 responses-per-second <integer>; 668 slip <integer>; 669 window <integer>; 670 }; 671 recursion <boolean>; 672 request-expire <boolean>; 673 request-ixfr <boolean>; 674 request-nsid <boolean>; 675 request-sit <boolean>; // obsolete 676 require-server-cookie <boolean>; 677 resolver-nonbackoff-tries <integer>; 678 resolver-query-timeout <integer>; 679 resolver-retry-interval <integer>; 680 response-padding { <address_match_element>; ... } block-size 681 <integer>; 682 response-policy { zone <string> [ add-soa <boolean> ] [ log 683 <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval 684 <duration> ] [ policy ( cname | disabled | drop | given | no-op 685 | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ 686 recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 687 nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ 688 break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ 689 min-update-interval <duration> ] [ min-ns-dots <integer> ] [ 690 nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] 691 [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ 692 nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ 693 dnsrps-options { <unspecified-text> } ]; 694 rfc2308-type1 <boolean>; // ancient 695 root-delegation-only [ exclude { <string>; ... } ]; 696 root-key-sentinel <boolean>; 697 rrset-order { [ class <string> ] [ type <string> ] [ name 698 <quoted_string> ] <string> <string>; ... }; 699 send-cookie <boolean>; 700 serial-update-method ( date | increment | unixtime ); 701 server <netprefix> { 702 bogus <boolean>; 703 edns <boolean>; 704 edns-udp-size <integer>; 705 edns-version <integer>; 706 keys <server_key>; 707 max-udp-size <integer>; 708 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 709 ) ] [ dscp <integer> ]; 710 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 711 | * ) ] [ dscp <integer> ]; 712 padding <integer>; 713 provide-ixfr <boolean>; 714 query-source ( ( [ address ] ( <ipv4_address> | * ) [ port 715 ( <integer> | * ) ] ) | ( [ [ address ] ( 716 <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ 717 dscp <integer> ]; 718 query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ 719 port ( <integer> | * ) ] ) | ( [ [ address ] ( 720 <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ 721 dscp <integer> ]; 722 request-expire <boolean>; 723 request-ixfr <boolean>; 724 request-nsid <boolean>; 725 request-sit <boolean>; // obsolete 726 send-cookie <boolean>; 727 support-ixfr <boolean>; // obsolete 728 tcp-keepalive <boolean>; 729 tcp-only <boolean>; 730 transfer-format ( many-answers | one-answer ); 731 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 732 * ) ] [ dscp <integer> ]; 733 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 734 <integer> | * ) ] [ dscp <integer> ]; 735 transfers <integer>; 736 }; // may occur multiple times 737 servfail-ttl <duration>; 738 sig-signing-nodes <integer>; 739 sig-signing-signatures <integer>; 740 sig-signing-type <integer>; 741 sig-validity-interval <integer> [ <integer> ]; 742 sortlist { <address_match_element>; ... }; 743 stale-answer-enable <boolean>; 744 stale-answer-ttl <duration>; 745 suppress-initial-notify <boolean>; // not yet implemented 746 synth-from-dnssec <boolean>; 747 topology { <address_match_element>; ... }; // ancient 748 transfer-format ( many-answers | one-answer ); 749 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 750 dscp <integer> ]; 751 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 752 ] [ dscp <integer> ]; 753 trust-anchor-telemetry <boolean>; // experimental 754 trust-anchors { <string> ( static-key | 755 initial-key | static-ds | initial-ds 756 ) <integer> <integer> <integer> 757 <quoted_string>; ... }; // may occur multiple times 758 trusted-keys { <string> 759 <integer> <integer> 760 <integer> 761 <quoted_string>; ... }; // may occur multiple times, deprecated 762 try-tcp-refresh <boolean>; 763 update-check-ksk <boolean>; 764 use-alt-transfer-source <boolean>; 765 use-queryport-pool <boolean>; // obsolete 766 v6-bias <integer>; 767 validate-except { <string>; ... }; 768 zero-no-soa-ttl <boolean>; 769 zero-no-soa-ttl-cache <boolean>; 770 zone <string> [ <class> ] { 771 allow-notify { <address_match_element>; ... }; 772 allow-query { <address_match_element>; ... }; 773 allow-query-on { <address_match_element>; ... }; 774 allow-transfer { <address_match_element>; ... }; 775 allow-update { <address_match_element>; ... }; 776 allow-update-forwarding { <address_match_element>; ... }; 777 also-notify [ port <integer> ] [ dscp <integer> ] { ( 778 <masters> | <ipv4_address> [ port <integer> ] | 779 <ipv6_address> [ port <integer> ] ) [ key <string> ]; 780 ... }; 781 alt-transfer-source ( <ipv4_address> | * ) [ port ( 782 <integer> | * ) ] [ dscp <integer> ]; 783 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( 784 <integer> | * ) ] [ dscp <integer> ]; 785 auto-dnssec ( allow | maintain | off ); 786 check-dup-records ( fail | warn | ignore ); 787 check-integrity <boolean>; 788 check-mx ( fail | warn | ignore ); 789 check-mx-cname ( fail | warn | ignore ); 790 check-names ( fail | warn | ignore ); 791 check-sibling <boolean>; 792 check-spf ( warn | ignore ); 793 check-srv-cname ( fail | warn | ignore ); 794 check-wildcard <boolean>; 795 database <string>; 796 delegation-only <boolean>; 797 dialup ( notify | notify-passive | passive | refresh | 798 <boolean> ); 799 dlz <string>; 800 dnskey-sig-validity <integer>; 801 dnssec-dnskey-kskonly <boolean>; 802 dnssec-loadkeys-interval <integer>; 803 dnssec-policy <string>; 804 dnssec-secure-to-insecure <boolean>; 805 dnssec-update-mode ( maintain | no-resign ); 806 file <quoted_string>; 807 forward ( first | only ); 808 forwarders [ port <integer> ] [ dscp <integer> ] { ( 809 <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ 810 dscp <integer> ]; ... }; 811 in-view <string>; 812 inline-signing <boolean>; 813 ixfr-base <quoted_string>; // ancient 814 ixfr-from-differences <boolean>; 815 ixfr-tmp-file <quoted_string>; // ancient 816 journal <quoted_string>; 817 key-directory <quoted_string>; 818 maintain-ixfr-base <boolean>; // ancient 819 masterfile-format ( map | raw | text ); 820 masterfile-style ( full | relative ); 821 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> 822 | <ipv4_address> [ port <integer> ] | <ipv6_address> [ 823 port <integer> ] ) [ key <string> ]; ... }; 824 max-ixfr-log-size ( default | unlimited | 825 <sizeval> ); // ancient 826 max-journal-size ( default | unlimited | <sizeval> ); 827 max-records <integer>; 828 max-refresh-time <integer>; 829 max-retry-time <integer>; 830 max-transfer-idle-in <integer>; 831 max-transfer-idle-out <integer>; 832 max-transfer-time-in <integer>; 833 max-transfer-time-out <integer>; 834 max-zone-ttl ( unlimited | <duration> ); 835 min-refresh-time <integer>; 836 min-retry-time <integer>; 837 multi-master <boolean>; 838 notify ( explicit | master-only | <boolean> ); 839 notify-delay <integer>; 840 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * 841 ) ] [ dscp <integer> ]; 842 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> 843 | * ) ] [ dscp <integer> ]; 844 notify-to-soa <boolean>; 845 nsec3-test-zone <boolean>; // test only 846 pubkey <integer> <integer> <integer> 847 <quoted_string>; // ancient 848 request-expire <boolean>; 849 request-ixfr <boolean>; 850 serial-update-method ( date | increment | unixtime ); 851 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 852 server-names { <string>; ... }; 853 sig-signing-nodes <integer>; 854 sig-signing-signatures <integer>; 855 sig-signing-type <integer>; 856 sig-validity-interval <integer> [ <integer> ]; 857 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | 858 * ) ] [ dscp <integer> ]; 859 transfer-source-v6 ( <ipv6_address> | * ) [ port ( 860 <integer> | * ) ] [ dscp <integer> ]; 861 try-tcp-refresh <boolean>; 862 type ( primary | master | secondary | slave | mirror | 863 delegation-only | forward | hint | redirect | 864 static-stub | stub ); 865 update-check-ksk <boolean>; 866 update-policy ( local | { ( deny | grant ) <string> ( 867 6to4-self | external | krb5-self | krb5-selfsub | 868 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain | 869 name | self | selfsub | selfwild | subdomain | tcp-self 870 | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... }; 871 use-alt-transfer-source <boolean>; 872 zero-no-soa-ttl <boolean>; 873 zone-statistics ( full | terse | none | <boolean> ); 874 }; // may occur multiple times 875 zone-statistics ( full | terse | none | <boolean> ); 876}; // may occur multiple times 877 878zone <string> [ <class> ] { 879 allow-notify { <address_match_element>; ... }; 880 allow-query { <address_match_element>; ... }; 881 allow-query-on { <address_match_element>; ... }; 882 allow-transfer { <address_match_element>; ... }; 883 allow-update { <address_match_element>; ... }; 884 allow-update-forwarding { <address_match_element>; ... }; 885 also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | 886 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 887 <integer> ] ) [ key <string> ]; ... }; 888 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) 889 ] [ dscp <integer> ]; 890 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | 891 * ) ] [ dscp <integer> ]; 892 auto-dnssec ( allow | maintain | off ); 893 check-dup-records ( fail | warn | ignore ); 894 check-integrity <boolean>; 895 check-mx ( fail | warn | ignore ); 896 check-mx-cname ( fail | warn | ignore ); 897 check-names ( fail | warn | ignore ); 898 check-sibling <boolean>; 899 check-spf ( warn | ignore ); 900 check-srv-cname ( fail | warn | ignore ); 901 check-wildcard <boolean>; 902 database <string>; 903 delegation-only <boolean>; 904 dialup ( notify | notify-passive | passive | refresh | <boolean> ); 905 dlz <string>; 906 dnskey-sig-validity <integer>; 907 dnssec-dnskey-kskonly <boolean>; 908 dnssec-loadkeys-interval <integer>; 909 dnssec-policy <string>; 910 dnssec-secure-to-insecure <boolean>; 911 dnssec-update-mode ( maintain | no-resign ); 912 file <quoted_string>; 913 forward ( first | only ); 914 forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> 915 | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; 916 in-view <string>; 917 inline-signing <boolean>; 918 ixfr-base <quoted_string>; // ancient 919 ixfr-from-differences <boolean>; 920 ixfr-tmp-file <quoted_string>; // ancient 921 journal <quoted_string>; 922 key-directory <quoted_string>; 923 maintain-ixfr-base <boolean>; // ancient 924 masterfile-format ( map | raw | text ); 925 masterfile-style ( full | relative ); 926 masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | 927 <ipv4_address> [ port <integer> ] | <ipv6_address> [ port 928 <integer> ] ) [ key <string> ]; ... }; 929 max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient 930 max-journal-size ( default | unlimited | <sizeval> ); 931 max-records <integer>; 932 max-refresh-time <integer>; 933 max-retry-time <integer>; 934 max-transfer-idle-in <integer>; 935 max-transfer-idle-out <integer>; 936 max-transfer-time-in <integer>; 937 max-transfer-time-out <integer>; 938 max-zone-ttl ( unlimited | <duration> ); 939 min-refresh-time <integer>; 940 min-retry-time <integer>; 941 multi-master <boolean>; 942 notify ( explicit | master-only | <boolean> ); 943 notify-delay <integer>; 944 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 945 dscp <integer> ]; 946 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] 947 [ dscp <integer> ]; 948 notify-to-soa <boolean>; 949 nsec3-test-zone <boolean>; // test only 950 pubkey <integer> <integer> <integer> <quoted_string>; // ancient 951 request-expire <boolean>; 952 request-ixfr <boolean>; 953 serial-update-method ( date | increment | unixtime ); 954 server-addresses { ( <ipv4_address> | <ipv6_address> ); ... }; 955 server-names { <string>; ... }; 956 sig-signing-nodes <integer>; 957 sig-signing-signatures <integer>; 958 sig-signing-type <integer>; 959 sig-validity-interval <integer> [ <integer> ]; 960 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ 961 dscp <integer> ]; 962 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) 963 ] [ dscp <integer> ]; 964 try-tcp-refresh <boolean>; 965 type ( primary | master | secondary | slave | mirror | 966 delegation-only | forward | hint | redirect | static-stub | 967 stub ); 968 update-check-ksk <boolean>; 969 update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | 970 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self 971 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild 972 | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] 973 <rrtypelist>; ... }; 974 use-alt-transfer-source <boolean>; 975 zero-no-soa-ttl <boolean>; 976 zone-statistics ( full | terse | none | <boolean> ); 977}; // may occur multiple times 978 979