category <string> { <string>; ... };
file <quoted_string> [ versions ( "unlimited" | <integer> )
print-category <boolean>;
print-severity <boolean>;
syslog <optional_facility>;
listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
search { <string>; ... };
view <string> <optional_class>;
managed-keys { <string> <string> <integer> <integer> <integer>
masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
acache-cleaning-interval <integer>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
auth-nxdomain <boolean>; // default changed
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
cache-file <quoted_string>;
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
deallocate-on-exit <boolean>; // obsolete
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
dnssec-secure-to-insecure <boolean>;
dnssec-validation ( yes | no | auto );
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ); ... };
dump-file <quoted_string>;
empty-zones-enable <boolean>;
fake-iquery <boolean>; // obsolete
fetch-glue <boolean>; // obsolete
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 <v4_aaaa>; // not configured
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
host-statistics-max <integer>; // not implemented
hostname ( <quoted_string> | none );
interface-interval <integer>;
ixfr-from-differences <ixfrdiff>;
key-directory <quoted_string>;
listen-on [ port <integer> ] { <address_match_element>; ... };
listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
maintain-ixfr-base <boolean>; // obsolete
managed-keys-directory <quoted_string>;
masterfile-format ( text | raw );
match-mapped-addresses <boolean>;
max-acache-size <size_no_default>;
max-cache-size <size_no_default>;
max-clients-per-query <integer>;
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
memstatistics-file <quoted_string>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-responses <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
nsec3-test-zone <boolean>; // test only
pid-file ( <quoted_string> | none );
query-source <querysource4>;
query-source-v6 <querysource6>;
queryport-pool-ports <integer>; // obsolete
queryport-pool-updateinterval <integer>; // obsolete
random-device <quoted_string>;
recursing-file <quoted_string>;
recursive-clients <integer>;
reserved-sockets <integer>;
zone <string> [ policy ( given | no-op | nxdomain | nodata
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none | hostname );
session-keyfile ( <quoted_string> | none );
session-keyname <string>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
suppress-initial-notify <boolean>; // not yet implemented
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics <boolean>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
query-source <querysource4>;
query-source-v6 <querysource6>;
support-ixfr <boolean>; // obsolete
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
) ] [ allow { <address_match_element>; ... } ];
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
view <string> <optional_class> {
acache-cleaning-interval <integer>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
auth-nxdomain <boolean>; // default changed
cache-file <quoted_string>;
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
dnssec-secure-to-insecure <boolean>;
dnssec-validation ( yes | no | auto );
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ); ... };
empty-zones-enable <boolean>;
fetch-glue <boolean>; // obsolete
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 <v4_aaaa>; // not configured
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
ixfr-from-differences <ixfrdiff>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
managed-keys { <string> <string> <integer> <integer> <integer>
masterfile-format ( text | raw );
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
match-recursive-only <boolean>;
max-acache-size <size_no_default>;
max-cache-size <size_no_default>;
max-clients-per-query <integer>;
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-responses <boolean>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
nsec3-test-zone <boolean>; // test only
query-source <querysource4>;
query-source-v6 <querysource6>;
queryport-pool-ports <integer>; // obsolete
queryport-pool-updateinterval <integer>; // obsolete
zone <string> [ policy ( given | no-op | nxdomain | nodata
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
query-source <querysource4>;
query-source-v6 <querysource6>;
support-ixfr <boolean>; // obsolete
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
transfer-source-v6 ( <ipv6_address> | * ) [ port (
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
suppress-initial-notify <boolean>; // not yet implemented
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
trusted-keys { <string> <integer> <integer> <integer>
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-queryport-pool <boolean>; // obsolete
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone <string> <optional_class> {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] { ( <ipv4_address> |
<ipv6_address> ) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port (
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
auto-dnssec ( allow | maintain | create | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
delegation-only <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-secure-to-insecure <boolean>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> |
<ipv6_address> ) [ port <integer> ]; ... };
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( text | raw );
masters [ port <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] )
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer> <integer>
<quoted_string>; // obsolete
server-addresses { ( <ipv4_address> | <ipv6_address> ) [
server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
transfer-source-v6 ( <ipv6_address> | * ) [ port (
try-tcp-refresh <boolean>;
type ( master | slave | stub | static-stub | hint | forward
update-check-ksk <boolean>;
update-policy ( local | { ( grant | deny ) <string> ( name
| subdomain | wildcard | self | selfsub | selfwild |
krb5-self | ms-self | krb5-subdomain | ms-subdomain |
tcp-self | 6to4-self | zonesub | external ) [ <string>
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics <boolean>;
zone-statistics <boolean>;
zone <string> <optional_class> {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
auto-dnssec ( allow | maintain | create | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
delegation-only <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-secure-to-insecure <boolean>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( text | raw );
masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
try-tcp-refresh <boolean>;
type ( master | slave | stub | static-stub | hint | forward |
update-check-ksk <boolean>;
update-policy ( local | { ( grant | deny ) <string> ( name |
subdomain | wildcard | self | selfsub | selfwild | krb5-self |
ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
| zonesub | external ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics <boolean>;