10139N/Aacl <string> { <address_match_element>; ... }; // may occur multiple times
10139N/A inet ( <ipv4_address> | <ipv6_address> |
17177N/A * ) [ port ( <integer> | * ) ] allow
17177N/A { <address_match_element>; ... } [
17177N/A keys { <string>; ... } ] [ read-only
10139N/A <boolean> ]; // may occur multiple times
10139N/A unix <quoted_string> perm <integer>
10139N/A owner <integer> group <integer> [
18544N/A keys { <string>; ... } ] [ read-only
10139N/A <boolean> ]; // may occur multiple times
10139N/Adyndb <string> <quoted_string> {
10139N/A <unspecified-text> }; // may occur multiple times
17451N/A category <string> { <string>; ... }; // may occur multiple times
10139N/A file <quoted_string> [ versions ( "unlimited" | <integer> )
10139N/A listen-on [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
10139N/A | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
10139N/Amanaged-keys { <string> <string> <integer>
10139N/A <integer> <integer> <quoted_string>; ... }; // may occur multiple times
10139N/Amasters <string> [ port <integer> ] [ dscp
10139N/A <integer> ] { ( <masters> | <ipv4_address> [
10139N/A port <integer> ] | <ipv6_address> [ port
10139N/A <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
10139N/A acache-cleaning-interval <integer>;
10243N/A additional-from-auth <boolean>;
14082N/A additional-from-cache <boolean>;
10139N/A allow-notify { <address_match_element>; ... };
10139N/A allow-query { <address_match_element>; ... };
10139N/A allow-query-cache { <address_match_element>; ... };
10139N/A allow-query-cache-on { <address_match_element>; ... };
10139N/A allow-query-on { <address_match_element>; ... };
10139N/A allow-recursion { <address_match_element>; ... };
17541N/A allow-recursion-on { <address_match_element>; ... };
10139N/A allow-transfer { <address_match_element>; ... };
10139N/A allow-update { <address_match_element>; ... };
10139N/A allow-update-forwarding { <address_match_element>; ... };
10139N/A allow-v6-synthesis { <address_match_element>; ... }; // obsolete
10139N/A also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
10139N/A <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
12805N/A <integer> ] ) [ key <string> ]; ... };
12805N/A alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
12805N/A alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
10139N/A auth-nxdomain <boolean>; // default changed
10139N/A auto-dnssec ( allow | maintain | off );
10139N/A automatic-interface-scan <boolean>;
10139N/A avoid-v4-udp-ports { <portrange>; ... };
10139N/A avoid-v6-udp-ports { <portrange>; ... };
15742N/A blackhole { <address_match_element>; ... };
15742N/A catalog-zones { zone <quoted_string> [ default-masters [ port
10139N/A <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
17541N/A port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
10139N/A <string> ]; ... } ] [ zone-directory <quoted_string> ] [
10139N/A in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
10139N/A check-dup-records ( fail | warn | ignore );
17541N/A check-mx ( fail | warn | ignore );
17541N/A check-mx-cname ( fail | warn | ignore );
10139N/A check-names ( master | slave | response
10139N/A ) ( fail | warn | ignore ); // may occur multiple times
10139N/A check-srv-cname ( fail | warn | ignore );
10139N/A cookie-algorithm ( aes | sha1 | sha256 );
10139N/A coresize ( default | unlimited | <sizeval> );
10139N/A datasize ( default | unlimited | <sizeval> );
10139N/A deallocate-on-exit <boolean>; // obsolete
10139N/A deny-answer-addresses { <address_match_element>; ... } [
10139N/A except-from { <quoted_string>; ... } ];
10139N/A deny-answer-aliases { <quoted_string>; ... } [ except-from {
10139N/A dialup ( notify | notify-passive | passive | refresh | <boolean> );
10139N/A disable-algorithms <string> { <string>;
10139N/A ... }; // may occur multiple times
10139N/A disable-ds-digests <string> { <string>;
10139N/A ... }; // may occur multiple times
10139N/A disable-empty-zone <string>; // may occur multiple times
10139N/A clients { <address_match_element>; ... };
10139N/A exclude { <address_match_element>; ... };
10139N/A mapped { <address_match_element>; ... };
10139N/A dnssec-accept-expired <boolean>;
10139N/A dnssec-dnskey-kskonly <boolean>;
10139N/A dnssec-loadkeys-interval <integer>;
10139N/A dnssec-lookaside ( <string> trust-anchor
10139N/A <string> | auto | no ); // may occur multiple times
10139N/A dnssec-must-be-secure <string> <boolean>; // may occur multiple times
10139N/A dnssec-secure-to-insecure <boolean>;
18544N/A dnssec-update-mode ( maintain | no-resign );
18544N/A dnssec-validation ( yes | no | auto );
18141N/A dnstap { ( all | auth | client | forwarder |
18141N/A resolver ) [ ( query | response ) ]; ... }; // not configured
17541N/A dnstap-identity ( <quoted_string> | none |
17451N/A dnstap-output ( file | unix ) <quoted_string>; // not configured
17451N/A dnstap-version ( <quoted_string> | none ); // not configured
17417N/A dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
17299N/A <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
17299N/A <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
17164N/A <integer> ] [ dscp <integer> ] ); ... };
16543N/A fake-iquery <boolean>; // obsolete
16543N/A fetch-glue <boolean>; // obsolete
16379N/A fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
16630N/A fetches-per-server <integer> [ ( drop | fail ) ];
16188N/A fetches-per-zone <integer> [ ( drop | fail ) ];
16630N/A files ( default | unlimited | <sizeval> );
16137N/A filter-aaaa { <address_match_element>; ... }; // not configured
16630N/A filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
15898N/A filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
16630N/A flush-zones-on-shutdown <boolean>;
16630N/A forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
15852N/A | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
15742N/A fstrm-set-buffer-hint <integer>; // not configured
16630N/A fstrm-set-flush-timeout <integer>; // not configured
16630N/A fstrm-set-input-queue-size <integer>; // not configured
15564N/A fstrm-set-output-notify-threshold <integer>; // not configured
16630N/A fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
14550N/A fstrm-set-output-queue-size <integer>; // not configured
16630N/A fstrm-set-reopen-interval <integer>; // not configured
14550N/A geoip-directory ( <quoted_string> | none ); // not configured
14550N/A geoip-use-ecs ( <quoted_string> | none ); // not configured
14378N/A has-old-clients <boolean>; // obsolete
14378N/A host-statistics <boolean>; // not implemented
14173N/A host-statistics-max <integer>; // not implemented
14173N/A hostname ( <quoted_string> | none );
16630N/A ixfr-from-differences ( master | slave | <boolean> );
13917N/A keep-response-order { <address_match_element>; ... };
13769N/A listen-on [ port <integer> ] [ dscp
13415N/A <address_match_element>; ... }; // may occur multiple times
13259N/A listen-on-v6 [ port <integer> ] [ dscp
13264N/A <address_match_element>; ... }; // may occur multiple times
13259N/A lock-file ( <quoted_string> | none );
12813N/A maintain-ixfr-base <boolean>; // obsolete
12813N/A managed-keys-directory <quoted_string>;
12805N/A masterfile-format ( map | raw | text );
12805N/A masterfile-style ( full | relative );
12805N/A match-mapped-addresses <boolean>;
12805N/A max-acache-size ( unlimited | <sizeval> );
12571N/A max-cache-size ( default | unlimited | <sizeval> | <percentage> );
12467N/A max-clients-per-query <integer>;
12467N/A max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
12360N/A max-journal-size ( unlimited | <sizeval> );
12316N/A max-recursion-queries <integer>;
12022N/A max-rsa-exponent-size <integer>;
12022N/A max-transfer-idle-in <integer>;
11912N/A max-transfer-idle-out <integer>;
11912N/A max-transfer-time-in <integer>;
11393N/A max-transfer-time-out <integer>;
11393N/A max-zone-ttl ( unlimited | <ttlval> );
11393N/A memstatistics-file <quoted_string>;
11169N/A min-roots <integer>; // not implemented
10986N/A minimal-responses ( no-auth | no-auth-recursive | <boolean> );
10972N/A multiple-cnames <boolean>; // obsolete
10961N/A named-xfer <quoted_string>; // obsolete
10961N/A no-case-compress { <address_match_element>; ... };
10265N/A nosit-udp-size <integer>; // obsolete
10180N/A notify ( explicit | master-only | <boolean> );
10139N/A notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
10139N/A notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
10139N/A nsec3-test-zone <boolean>; // test only
10139N/A pid-file ( <quoted_string> | none );
10139N/A prefetch <integer> [ <integer> ];
10139N/A query-source-v6 <querysource6>;
10139N/A queryport-pool-ports <integer>; // obsolete
10139N/A queryport-pool-updateinterval <integer>; // obsolete
10139N/A exempt-clients { <address_match_element>; ... };
10139N/A nxdomains-per-second <integer>;
10139N/A referrals-per-second <integer>;
10139N/A responses-per-second <integer>;
16630N/A recursing-file <quoted_string>;
10139N/A request-sit <boolean>; // obsolete
10139N/A require-server-cookie <boolean>;
10139N/A resolver-query-timeout <integer>;
10139N/A response-policy { zone <quoted_string> [ log <boolean> ] [
10139N/A max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
10139N/A given | no-op | nodata | nxdomain | passthru | tcp-only
10139N/A <quoted_string> ) ] [ recursive-only <boolean> ]; ... } [
10139N/A break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [
10139N/A min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
10139N/A qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
10139N/A rfc2308-type1 <boolean>; // not yet implemented
10139N/A root-delegation-only [ exclude { <quoted_string>; ... } ];
10139N/A rrset-order { [ class <string> ] [ type <string> ] [ name
10139N/A <quoted_string> ] <string> <string>; ... };
10139N/A serial-queries <integer>; // obsolete
10139N/A serial-update-method ( date | increment | unixtime );
10139N/A server-id ( <quoted_string> | none | hostname );
10139N/A session-keyfile ( <quoted_string> | none );
10139N/A sig-signing-signatures <integer>;
10139N/A sig-validity-interval <integer> [ <integer> ];
10139N/A sit-secret <string>; // obsolete
16630N/A sortlist { <address_match_element>; ... };
10139N/A stacksize ( default | unlimited | <sizeval> );
10139N/A statistics-file <quoted_string>;
16630N/A statistics-interval <integer>; // not yet implemented
10139N/A suppress-initial-notify <boolean>; // not yet implemented
16630N/A tkey-dhkey <quoted_string> <integer>;
10139N/A tkey-gssapi-credential <quoted_string>;
16630N/A tkey-gssapi-keytab <quoted_string>;
16630N/A topology { <address_match_element>; ... }; // not implemented
10139N/A transfer-format ( many-answers | one-answer );
16630N/A transfer-message-size <integer>;
10139N/A transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
16630N/A transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
10139N/A treat-cr-as-space <boolean>; // obsolete
16630N/A trust-anchor-telemetry <boolean>; // experimental
10139N/A use-alt-transfer-source <boolean>;
10139N/A use-id-pool <boolean>; // obsolete
10139N/A use-ixfr <boolean>; // obsolete
10139N/A use-queryport-pool <boolean>; // obsolete
10139N/A use-v4-udp-ports { <portrange>; ... };
10139N/A use-v6-udp-ports { <portrange>; ... };
10139N/A version ( <quoted_string> | none );
16630N/A zero-no-soa-ttl-cache <boolean>;
10139N/A zone-statistics ( full | terse | none | <boolean> );
10139N/A notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
10139N/A notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
10139N/A query-source-v6 <querysource6>;
10139N/A request-sit <boolean>; // obsolete
10139N/A support-ixfr <boolean>; // obsolete
10139N/A transfer-format ( many-answers | one-answer );
10139N/A transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
10139N/A transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
10139N/A inet ( <ipv4_address> | <ipv6_address> |
10139N/A * ) [ port ( <integer> | * ) ] [
10139N/A allow { <address_match_element>; ...
16630N/A } ]; // may occur multiple times
16630N/Atrusted-keys { <string> <integer> <integer>
10139N/A <integer> <quoted_string>; ... }; // may occur multiple times
10139N/A acache-cleaning-interval <integer>;
16630N/A additional-from-auth <boolean>;
10139N/A additional-from-cache <boolean>;
10139N/A allow-notify { <address_match_element>; ... };
16630N/A allow-query { <address_match_element>; ... };
10139N/A allow-query-cache { <address_match_element>; ... };
16630N/A allow-query-cache-on { <address_match_element>; ... };
10139N/A allow-query-on { <address_match_element>; ... };
10139N/A allow-recursion { <address_match_element>; ... };
16630N/A allow-recursion-on { <address_match_element>; ... };
10139N/A allow-transfer { <address_match_element>; ... };
16630N/A allow-update { <address_match_element>; ... };
10139N/A allow-update-forwarding { <address_match_element>; ... };
10139N/A allow-v6-synthesis { <address_match_element>; ... }; // obsolete
16630N/A also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
10139N/A <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
10139N/A <integer> ] ) [ key <string> ]; ... };
10139N/A alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
10139N/A alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
10139N/A auth-nxdomain <boolean>; // default changed
10139N/A auto-dnssec ( allow | maintain | off );
10139N/A catalog-zones { zone <quoted_string> [ default-masters [ port
10139N/A <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
10139N/A port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
10139N/A <string> ]; ... } ] [ zone-directory <quoted_string> ] [
10139N/A in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
10139N/A check-dup-records ( fail | warn | ignore );
10139N/A check-mx ( fail | warn | ignore );
16630N/A check-mx-cname ( fail | warn | ignore );
16630N/A check-names ( master | slave | response
10139N/A ) ( fail | warn | ignore ); // may occur multiple times
10139N/A check-srv-cname ( fail | warn | ignore );
10139N/A deny-answer-addresses { <address_match_element>; ... } [
16630N/A except-from { <quoted_string>; ... } ];
10139N/A deny-answer-aliases { <quoted_string>; ... } [ except-from {
10139N/A dialup ( notify | notify-passive | passive | refresh | <boolean> );
10139N/A disable-algorithms <string> { <string>;
10139N/A ... }; // may occur multiple times
10139N/A disable-ds-digests <string> { <string>;
10139N/A ... }; // may occur multiple times
10139N/A disable-empty-zone <string>; // may occur multiple times
10139N/A clients { <address_match_element>; ... };
10139N/A exclude { <address_match_element>; ... };
10139N/A mapped { <address_match_element>; ... };
10139N/A dnssec-accept-expired <boolean>;
10139N/A dnssec-dnskey-kskonly <boolean>;
16630N/A dnssec-loadkeys-interval <integer>;
10139N/A dnssec-lookaside ( <string> trust-anchor
10139N/A <string> | auto | no ); // may occur multiple times
10139N/A dnssec-must-be-secure <string> <boolean>; // may occur multiple times
10139N/A dnssec-secure-to-insecure <boolean>;
10139N/A dnssec-update-mode ( maintain | no-resign );
10139N/A dnssec-validation ( yes | no | auto );
10139N/A dnstap { ( all | auth | client | forwarder |
10139N/A resolver ) [ ( query | response ) ]; ... }; // not configured
10139N/A dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
10139N/A <integer> ] [ dscp <integer> ] | <ipv4_address> [ port
10139N/A <integer> ] [ dscp <integer> ] | <ipv6_address> [ port
16630N/A <integer> ] [ dscp <integer> ] ); ... };
10139N/A dyndb <string> <quoted_string> {
10139N/A <unspecified-text> }; // may occur multiple times
10139N/A fetch-glue <boolean>; // obsolete
16630N/A fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
10139N/A fetches-per-server <integer> [ ( drop | fail ) ];
16630N/A fetches-per-zone <integer> [ ( drop | fail ) ];
10139N/A filter-aaaa { <address_match_element>; ... }; // not configured
10139N/A filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
10139N/A filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
10139N/A forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
10139N/A | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
10139N/A ixfr-from-differences ( master | slave | <boolean> );
10139N/A maintain-ixfr-base <boolean>; // obsolete
10139N/A managed-keys { <string> <string>
16630N/A <quoted_string>; ... }; // may occur multiple times
10139N/A masterfile-format ( map | raw | text );
16630N/A masterfile-style ( full | relative );
10139N/A match-clients { <address_match_element>; ... };
16630N/A match-destinations { <address_match_element>; ... };
10139N/A match-recursive-only <boolean>;
10139N/A max-acache-size ( unlimited | <sizeval> );
16630N/A max-cache-size ( default | unlimited | <sizeval> | <percentage> );
10139N/A max-clients-per-query <integer>;
16630N/A max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
10139N/A max-journal-size ( unlimited | <sizeval> );
16630N/A max-recursion-queries <integer>;
16630N/A max-transfer-idle-in <integer>;
10139N/A max-transfer-idle-out <integer>;
16630N/A max-transfer-time-in <integer>;
10139N/A max-transfer-time-out <integer>;
10139N/A max-zone-ttl ( unlimited | <ttlval> );
10139N/A min-roots <integer>; // not implemented
10139N/A minimal-responses ( no-auth | no-auth-recursive | <boolean> );
16630N/A no-case-compress { <address_match_element>; ... };
16630N/A nosit-udp-size <integer>; // obsolete
16630N/A notify ( explicit | master-only | <boolean> );
16630N/A notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
10139N/A notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
16630N/A nsec3-test-zone <boolean>; // test only
10139N/A prefetch <integer> [ <integer> ];
10139N/A query-source-v6 <querysource6>;
10139N/A queryport-pool-ports <integer>; // obsolete
10139N/A queryport-pool-updateinterval <integer>; // obsolete
10139N/A exempt-clients { <address_match_element>; ... };
16630N/A nxdomains-per-second <integer>;
16630N/A referrals-per-second <integer>;
10139N/A responses-per-second <integer>;
10139N/A request-sit <boolean>; // obsolete
16630N/A require-server-cookie <boolean>;
10139N/A resolver-query-timeout <integer>;
16630N/A response-policy { zone <quoted_string> [ log <boolean> ] [
10139N/A max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
16630N/A given | no-op | nodata | nxdomain | passthru | tcp-only
10139N/A <quoted_string> ) ] [ recursive-only <boolean> ]; ... } [
16630N/A break-dnssec <boolean> ] [ max-policy-ttl <integer> ] [
10139N/A min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
16630N/A qname-wait-recurse <boolean> ] [ recursive-only <boolean> ];
10139N/A rfc2308-type1 <boolean>; // not yet implemented
16630N/A root-delegation-only [ exclude { <quoted_string>; ... } ];
10139N/A rrset-order { [ class <string> ] [ type <string> ] [ name
16630N/A <quoted_string> ] <string> <string>; ... };
16630N/A serial-update-method ( date | increment | unixtime );
16630N/A notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
10139N/A notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
16630N/A query-source-v6 <querysource6>;
request-expire <boolean>;
request-sit <boolean>; // obsolete
support-ixfr <boolean>; // obsolete
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
}; // may occur multiple times
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
suppress-initial-notify <boolean>; // not yet implemented
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
trust-anchor-telemetry <boolean>; // experimental
trusted-keys { <string> <integer>
<integer> <integer> <quoted_string>;
... }; // may occur multiple times
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-queryport-pool <boolean>; // obsolete
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { (
<masters> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ];
alt-transfer-source ( <ipv4_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh |
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { (
<ipv4_address> | <ipv6_address> ) [ port <integer> ] [
inline-signing <boolean>;
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
| <ipv4_address> [ port <integer> ] | <ipv6_address> [
port <integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited |
max-journal-size ( unlimited | <sizeval> );
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
notify ( explicit | master-only | <boolean> );
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ] [ dscp <integer> ];
nsec3-test-zone <boolean>; // test only
<quoted_string>; // obsolete, may occur multiple times
request-expire <boolean>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <ipv4_address> | <ipv6_address> ) [
server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( delegation-only | forward | hint | master | redirect
| slave | static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> (
6to4-self | external | krb5-self | krb5-subdomain |
ms-self | ms-subdomain | name | self | selfsub |
selfwild | subdomain | tcp-self | wildcard | zonesub )
[ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times
zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
inline-signing <boolean>;
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-journal-size ( unlimited | <sizeval> );
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
notify ( explicit | master-only | <boolean> );
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer>
<integer> <quoted_string>; // obsolete, may occur multiple times
request-expire <boolean>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
try-tcp-refresh <boolean>;
type ( delegation-only | forward | hint | master | redirect | slave
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
| name | self | selfsub | selfwild | subdomain | tcp-self |
wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times