This is a summary of the named.conf options supported by
this version of BIND 9.
acl <string> { <address_match_element>; ... }; // may occur multiple times
controls {
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] allow
{ <address_match_element>; ... } [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
unix <quoted_string> perm <integer>
owner <integer> group <integer> [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
}; // may occur multiple times
dlz <string> {
database <string>;
search <boolean>;
}; // may occur multiple times
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
key <string> {
algorithm <string>;
secret <string>;
}; // may occur multiple times
logging {
category <string> { <string>; ... }; // may occur multiple times
channel <string> {
buffered <boolean>;
file <quoted_string> [ versions ( "unlimited" | <integer> )
] [ size <size> ];
null;
print-category <boolean>;
print-severity <boolean>;
print-time <boolean>;
severity <log_severity>;
stderr;
syslog [ <syslog_facility> ];
}; // may occur multiple times
};
lwres {
listen-on [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
lwres-clients <integer>;
lwres-tasks <integer>;
ndots <integer>;
search { <string>; ... };
view <string> [ <class> ];
}; // may occur multiple times
managed-keys { <string> <string> <integer>
<integer> <integer> <quoted_string>; ... }; // may occur multiple times
masters <string> [ port <integer> ] [ dscp
<integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... }; // may occur multiple times
options {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
cache-file <quoted_string>;
catalog-zones { zone <quoted_string> [ default-masters [ port
<integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
cookie-algorithm ( aes | sha1 | sha256 );
cookie-secret <string>;
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
deallocate-on-exit <boolean>; // obsolete
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
directory <quoted_string>;
disable-algorithms <string> { <string>;
... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-lookaside ( <string> trust-anchor
<string> | auto | no ); // may occur multiple times
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... }; // not configured
dnstap-identity ( <quoted_string> | none |
hostname ); // not configured
dnstap-output ( file | unix ) <quoted_string>; // not configured
dnstap-version ( <quoted_string> | none ); // not configured
dscp <integer>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dump-file <quoted_string>;
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fake-iquery <boolean>; // obsolete
fetch-glue <boolean>; // obsolete
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
fstrm-set-buffer-hint <integer>; // not configured
fstrm-set-flush-timeout <integer>; // not configured
fstrm-set-input-queue-size <integer>; // not configured
fstrm-set-output-notify-threshold <integer>; // not configured
fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-size <integer>; // not configured
fstrm-set-reopen-interval <integer>; // not configured
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // not configured
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
host-statistics-max <integer>; // not implemented
hostname ( <quoted_string> | none );
inline-signing <boolean>;
interface-interval <integer>;
ixfr-from-differences ( master | slave | <boolean> );
keep-response-order { <address_match_element>; ... };
key-directory <quoted_string>;
lame-ttl <ttlval>;
listen-on [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>; // non-operational
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // obsolete
managed-keys-directory <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <boolean>;
max-acache-size ( unlimited | <sizeval> );
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <integer>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-ncache-ttl <integer>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-rsa-exponent-size <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
max-zone-ttl ( unlimited | <ttlval> );
memstatistics <boolean>;
memstatistics-file <quoted_string>;
message-compression <boolean>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
nosit-udp-size <integer>; // obsolete
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-rate <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
nta-lifetime <ttlval>;
nta-recheck <ttlval>;
nxdomain-redirect <string>;
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>;
queryport-pool-ports <integer>; // obsolete
queryport-pool-updateinterval <integer>; // obsolete
random-device <quoted_string>;
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
exempt-clients { <address_match_element>; ... };
ipv4-prefix-length <integer>;
ipv6-prefix-length <integer>;
log-only <boolean>;
max-table-size <integer>;
min-table-size <integer>;
nodata-per-second <integer>;
nxdomains-per-second <integer>;
qps-scale <integer>;
referrals-per-second <integer>;
responses-per-second <integer>;
slip <integer>;
window <integer>;
};
recursing-file <quoted_string>;
recursion <boolean>;
recursive-clients <integer>;
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
require-server-cookie <boolean>;
reserved-sockets <integer>;
resolver-query-timeout <integer>;
response-policy { zone <quoted_string> [ log <boolean> ] [
max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
<quoted_string> ) ] [ recursive-only <boolean> ]; ... } [
break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [
min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
serial-queries <integer>; // obsolete
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
servfail-ttl <ttlval>;
session-keyalg <string>;
session-keyfile ( <quoted_string> | none );
session-keyname <string>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sit-secret <string>; // obsolete
sortlist { <address_match_element>; ... };
stacksize ( default | unlimited | <sizeval> );
startup-notify-rate <integer>;
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
suppress-initial-notify <boolean>; // not yet implemented
tcp-clients <integer>;
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
use-ixfr <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
v6-bias <integer>;
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
server <netprefix> {
bogus <boolean>;
edns <boolean>;
edns-udp-size <integer>;
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
send-cookie <boolean>;
support-ixfr <boolean>; // obsolete
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers <integer>;
}; // may occur multiple times
statistics-channels {
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] [
allow { <address_match_element>; ...
} ]; // may occur multiple times
}; // may occur multiple times
trusted-keys { <string> <integer> <integer>
<integer> <quoted_string>; ... }; // may occur multiple times
view <string> [ <class> ] {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
auto-dnssec ( allow | maintain | off );
cache-file <quoted_string>;
catalog-zones { zone <quoted_string> [ default-masters [ port
<integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
disable-algorithms <string> { <string>;
... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times
dlz <string> {
database <string>;
search <boolean>;
}; // may occur multiple times
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-lookaside ( <string> trust-anchor
<string> | auto | no ); // may occur multiple times
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... }; // not configured
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-glue <boolean>; // obsolete
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
inline-signing <boolean>;
ixfr-from-differences ( master | slave | <boolean> );
key <string> {
algorithm <string>;
secret <string>;
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
lmdb-mapsize <sizeval>; // non-operational
maintain-ixfr-base <boolean>; // obsolete
managed-keys { <string> <string>
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
match-recursive-only <boolean>;
max-acache-size ( unlimited | <sizeval> );
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <integer>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-ncache-ttl <integer>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
max-zone-ttl ( unlimited | <ttlval> );
message-compression <boolean>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
nosit-udp-size <integer>; // obsolete
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
nta-lifetime <ttlval>;
nta-recheck <ttlval>;
nxdomain-redirect <string>;
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
queryport-pool-ports <integer>; // obsolete
queryport-pool-updateinterval <integer>; // obsolete
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
exempt-clients { <address_match_element>; ... };
ipv4-prefix-length <integer>;
ipv6-prefix-length <integer>;
log-only <boolean>;
max-table-size <integer>;
min-table-size <integer>;
nodata-per-second <integer>;
nxdomains-per-second <integer>;
qps-scale <integer>;
referrals-per-second <integer>;
responses-per-second <integer>;
slip <integer>;
window <integer>;
};
recursion <boolean>;
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
require-server-cookie <boolean>;
resolver-query-timeout <integer>;
response-policy { zone <quoted_string> [ log <boolean> ] [
max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
<quoted_string> ) ] [ recursive-only <boolean> ]; ... } [
break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [
min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
send-cookie <boolean>;
serial-update-method ( date | increment | unixtime );
server <netprefix> {
bogus <boolean>;
edns <boolean>;
edns-udp-size <integer>;
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ] [ dscp <integer> ];
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
( <integer> | * ) ] ) | ( [ [ address ] (
<ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
port ( <integer> | * ) ] ) | ( [ [ address ] (
<ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
request-sit <boolean>; // obsolete
send-cookie <boolean>;
support-ixfr <boolean>; // obsolete
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
transfers <integer>;
}; // may occur multiple times
servfail-ttl <ttlval>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
suppress-initial-notify <boolean>; // not yet implemented
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
trust-anchor-telemetry <boolean>; // experimental
trusted-keys { <string> <integer>
<integer> <integer> <quoted_string>;
... }; // may occur multiple times
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-queryport-pool <boolean>; // obsolete
v6-bias <integer>;
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { (
<masters> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ];
... };
alt-transfer-source ( <ipv4_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
database <string>;
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh |
<boolean> );
dlz <string>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { (
<ipv4_address> | <ipv6_address> ) [ port <integer> ] [
dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
| <ipv4_address> [ port <integer> ] | <ipv6_address> [
port <integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited |
<sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer>
<integer>
<integer>
<quoted_string>; // obsolete, may occur multiple times
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <ipv4_address> | <ipv6_address> ) [
port <integer> ]; ... };
server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( delegation-only | forward | hint | master | redirect
| slave | static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> (
6to4-self | external | krb5-self | krb5-subdomain |
ms-self | ms-subdomain | name | self | selfsub |
selfwild | subdomain | tcp-self | wildcard | zonesub )
[ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times
zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
database <string>;
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer>
<integer> <quoted_string>; // obsolete, may occur multiple times
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
<integer> ]; ... };
server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( delegation-only | forward | hint | master | redirect | slave
| static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
| name | self | selfsub | selfwild | subdomain | tcp-self |
wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times