named.conf
— configuration file for named
named.conf
named.conf
is the configuration file
for
named. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
controls�{
inet�(�ipv4_address
�|�ipv6_address
�|
����*�)�[�port�(�integer
�|�*�)�]�allow
����{�address_match_element
;�...�}�[
����keys�{�string
;�...�}�]�[�read-only
����boolean
�];
unix�quoted_string
�perm�integer
����owner�integer
�group�integer
�[
����keys�{�string
;�...�}�]�[�read-only
����boolean
�];
};
logging�{
category�string
�{�string
;�...�};
channel�string
�{
buffered�boolean
;
file�quoted_string
�[�versions�(�"unlimited"�|�integer
�)
����]�[�size�size
�];
null;
print-category�boolean
;
print-severity�boolean
;
print-time�boolean
;
severity�log_severity
;
stderr;
syslog�[�syslog_facility
�];
};
};
lwres�{
listen-on�[�port�integer
�]�[�dscp�integer
�]�{�(�ipv4_address
����|�ipv6_address
�)�[�port�integer
�]�[�dscp�integer
�];�...�};
lwres-clients�integer
;
lwres-tasks�integer
;
ndots�integer
;
search�{�string
;�...�};
view�string
�[�class
�];
};
masters�string
�[�port�integer
�]�[�dscp
����integer
�]�{�(�masters
�|�ipv4_address
�[
����port�integer
�]�|�ipv6_address
�[�port
����integer
�]�)�[�key�string
�];�...�};
options�{
acache-cleaning-interval�integer
;
acache-enable�boolean
;
additional-from-auth�boolean
;
additional-from-cache�boolean
;
allow-new-zones�boolean
;
allow-notify�{�address_match_element
;�...�};
allow-query�{�address_match_element
;�...�};
allow-query-cache�{�address_match_element
;�...�};
allow-query-cache-on�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-recursion�{�address_match_element
;�...�};
allow-recursion-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
also-notify�[�port�integer
�]�[�dscp�integer
�]�{�(�masters
�|
����ipv4_address
�[�port�integer
�]�|�ipv6_address
�[�port
����integer
�]�)�[�key�string
�];�...�};
alt-transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|
����*�)�]�[�dscp�integer
�];
answer-cookie�boolean
;
attach-cache�string
;
auth-nxdomain�boolean
;�//�default�changed
auto-dnssec�(�allow�|�maintain�|�off�);
automatic-interface-scan�boolean
;
avoid-v4-udp-ports�{�portrange
;�...�};
avoid-v6-udp-ports�{�portrange
;�...�};
bindkeys-file�quoted_string
;
blackhole�{�address_match_element
;�...�};
cache-file�quoted_string
;
catalog-zones�{�zone�quoted_string
�[�default-masters�[�port
����integer
�]�[�dscp�integer
�]�{�(�masters
�|�ipv4_address
�[
����port�integer
�]�|�ipv6_address
�[�port�integer
�]�)�[�key
����string
�];�...�}�]�[�zone-directory�quoted_string
�]�[
����in-memory�boolean
�]�[�min-update-interval�integer
�];�...�};
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�master�|�slave�|�response
����)�(�fail�|�warn�|�ignore�);
check-sibling�boolean
;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean
;
cleaning-interval�integer
;
clients-per-query�integer
;
cookie-algorithm�(�aes�|�sha1�|�sha256�);
cookie-secret�string
;
coresize�(�default�|�unlimited�|�sizeval
�);
datasize�(�default�|�unlimited�|�sizeval
�);
deny-answer-addresses�{�address_match_element
;�...�}�[
����except-from�{�quoted_string
;�...�}�];
deny-answer-aliases�{�quoted_string
;�...�}�[�except-from�{
����quoted_string
;�...�}�];
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|�boolean
�);
directory�quoted_string
;
disable-algorithms�string
�{�string
;
����...�};
disable-ds-digests�string
�{�string
;
����...�};
disable-empty-zone�string
;
dns64�netprefix
�{
break-dnssec�boolean
;
clients�{�address_match_element
;�...�};
exclude�{�address_match_element
;�...�};
mapped�{�address_match_element
;�...�};
recursive-only�boolean
;
suffix�ipv6_address
;
};
dns64-contact�string
;
dns64-server�string
;
dnssec-accept-expired�boolean
;
dnssec-dnskey-kskonly�boolean
;
dnssec-enable�boolean
;
dnssec-loadkeys-interval�integer
;
dnssec-lookaside�(�string
�trust-anchor
����string
�|�auto�|�no�);
dnssec-must-be-secure�string
�boolean
;
dnssec-secure-to-insecure�boolean
;
dnssec-update-mode�(�maintain�|�no-resign�);
dnssec-validation�(�yes�|�no�|�auto�);
dnstap�{�(�all�|�auth�|�client�|�forwarder�|
����resolver�)�[�(�query�|�response�)�];�...�};
dnstap-identity�(�quoted_string
�|�none�|
����hostname�);
dnstap-output�(�file�|�unix�)�quoted_string
;
dnstap-version�(�quoted_string
�|�none�);
dscp�integer
;
dual-stack-servers�[�port�integer
�]�{�(�quoted_string
�[�port
����integer
�]�[�dscp�integer
�]�|�ipv4_address
�[�port
����integer
�]�[�dscp�integer
�]�|�ipv6_address
�[�port
����integer
�]�[�dscp�integer
�]�);�...�};
dump-file�quoted_string
;
edns-udp-size�integer
;
empty-contact�string
;
empty-server�string
;
empty-zones-enable�boolean
;
fetch-quota-params�integer
�fixedpoint
�fixedpoint
�fixedpoint
;
fetches-per-server�integer
�[�(�drop�|�fail�)�];
fetches-per-zone�integer
�[�(�drop�|�fail�)�];
files�(�default�|�unlimited�|�sizeval
�);
filter-aaaa�{�address_match_element
;�...�};
filter-aaaa-on-v4�(�break-dnssec�|�boolean
�);
filter-aaaa-on-v6�(�break-dnssec�|�boolean
�);
flush-zones-on-shutdown�boolean
;
forward�(�first�|�only�);
forwarders�[�port�integer
�]�[�dscp�integer
�]�{�(�ipv4_address
����|�ipv6_address
�)�[�port�integer
�]�[�dscp�integer
�];�...�};
fstrm-set-buffer-hint�integer
;
fstrm-set-flush-timeout�integer
;
fstrm-set-input-queue-size�integer
;
fstrm-set-output-notify-threshold�integer
;
fstrm-set-output-queue-model�(�mpsc�|�spsc�);
fstrm-set-output-queue-size�integer
;
fstrm-set-reopen-interval�integer
;
geoip-directory�(�quoted_string
�|�none�);
geoip-use-ecs�boolean
;
heartbeat-interval�integer
;
hostname�(�quoted_string
�|�none�);
inline-signing�boolean
;
interface-interval�integer
;
ixfr-from-differences�(�master�|�slave�|�boolean
�);
keep-response-order�{�address_match_element
;�...�};
key-directory�quoted_string
;
lame-ttl�ttlval
;
listen-on�[�port�integer
�]�[�dscp
����integer
�]�{
����address_match_element
;�...�};
listen-on-v6�[�port�integer
�]�[�dscp
����integer
�]�{
����address_match_element
;�...�};
lmdb-mapsize�sizeval
;
lock-file�(�quoted_string
�|�none�);
managed-keys-directory�quoted_string
;
masterfile-format�(�map�|�raw�|�text�);
masterfile-style�(�full�|�relative�);
match-mapped-addresses�boolean
;
max-acache-size�(�unlimited�|�sizeval
�);
max-cache-size�(�default�|�unlimited�|�sizeval
�|�percentage
�);
max-cache-ttl�integer
;
max-clients-per-query�integer
;
max-journal-size�(�unlimited�|�sizeval
�);
max-ncache-ttl�integer
;
max-records�integer
;
max-recursion-depth�integer
;
max-recursion-queries�integer
;
max-refresh-time�integer
;
max-retry-time�integer
;
max-rsa-exponent-size�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-udp-size�integer
;
max-zone-ttl�(�unlimited�|�ttlval
�);
memstatistics�boolean
;
memstatistics-file�quoted_string
;
message-compression�boolean
;
min-refresh-time�integer
;
min-retry-time�integer
;
minimal-any�boolean
;
minimal-responses�(�no-auth�|�no-auth-recursive�|�boolean
�);
multi-master�boolean
;
no-case-compress�{�address_match_element
;�...�};
nocookie-udp-size�integer
;
notify�(�explicit�|�master-only�|�boolean
�);
notify-delay�integer
;
notify-rate�integer
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�]
����[�dscp�integer
�];
notify-to-soa�boolean
;
nta-lifetime�ttlval
;
nta-recheck�ttlval
;
nxdomain-redirect�string
;
pid-file�(�quoted_string
�|�none�);
port�integer
;
preferred-glue�string
;
prefetch�integer
�[�integer
�];
provide-ixfr�boolean
;
query-source�(�(�[�address�]�(�ipv4_address
�|�*�)�[�port�(
����integer
�|�*�)�]�)�|�(�[�[�address�]�(�ipv4_address
�|�*�)�]
����port�(�integer
�|�*�)�)�)�[�dscp�integer
�];
query-source-v6�(�(�[�address�]�(�ipv6_address
�|�*�)�[�port�(
����integer
�|�*�)�]�)�|�(�[�[�address�]�(�ipv6_address
�|�*�)�]
����port�(�integer
�|�*�)�)�)�[�dscp�integer
�];
querylog�boolean
;
random-device�quoted_string
;
rate-limit�{
all-per-second�integer
;
errors-per-second�integer
;
exempt-clients�{�address_match_element
;�...�};
ipv4-prefix-length�integer
;
ipv6-prefix-length�integer
;
log-only�boolean
;
max-table-size�integer
;
min-table-size�integer
;
nodata-per-second�integer
;
nxdomains-per-second�integer
;
qps-scale�integer
;
referrals-per-second�integer
;
responses-per-second�integer
;
slip�integer
;
window�integer
;
};
recursing-file�quoted_string
;
recursion�boolean
;
recursive-clients�integer
;
request-expire�boolean
;
request-ixfr�boolean
;
request-nsid�boolean
;
require-server-cookie�boolean
;
reserved-sockets�integer
;
resolver-query-timeout�integer
;
response-policy�{�zone�quoted_string
�[�log�boolean
�]�[
����max-policy-ttl�integer
�]�[�policy�(�cname�|�disabled�|�drop�|
����given�|�no-op�|�nodata�|�nxdomain�|�passthru�|�tcp-only
����quoted_string
�)�]�[�recursive-only�boolean
�];�...�}�[
����break-dnssec�boolean
�]�[�max-policy-ttl�integer
�]�[
����min-ns-dots�integer
�]�[�nsip-wait-recurse�boolean
�]�[
����qname-wait-recurse�boolean
�]�[�recursive-only�boolean
�];
root-delegation-only�[�exclude�{�quoted_string
;�...�}�];
root-key-sentinel�boolean
;
rrset-order�{�[�class�string
�]�[�type�string
�]�[�name
����quoted_string
�]�string
�string
;�...�};
secroots-file�quoted_string
;
send-cookie�boolean
;
serial-query-rate�integer
;
serial-update-method�(�date�|�increment�|�unixtime�);
server-id�(�quoted_string
�|�none�|�hostname�);
servfail-ttl�ttlval
;
session-keyalg�string
;
session-keyfile�(�quoted_string
�|�none�);
session-keyname�string
;
sig-signing-nodes�integer
;
sig-signing-signatures�integer
;
sig-signing-type�integer
;
sig-validity-interval�integer
�[�integer
�];
sortlist�{�address_match_element
;�...�};
stacksize�(�default�|�unlimited�|�sizeval
�);
startup-notify-rate�integer
;
statistics-file�quoted_string
;
tcp-clients�integer
;
tcp-listen-queue�integer
;
tkey-dhkey�quoted_string
�integer
;
tkey-domain�quoted_string
;
tkey-gssapi-credential�quoted_string
;
tkey-gssapi-keytab�quoted_string
;
transfer-format�(�many-answers�|�one-answer�);
transfer-message-size�integer
;
transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
transfers-in�integer
;
transfers-out�integer
;
transfers-per-ns�integer
;
trust-anchor-telemetry�boolean
;�//�experimental
try-tcp-refresh�boolean
;
update-check-ksk�boolean
;
use-alt-transfer-source�boolean
;
use-v4-udp-ports�{�portrange
;�...�};
use-v6-udp-ports�{�portrange
;�...�};
v6-bias�integer
;
version�(�quoted_string
�|�none�);
zero-no-soa-ttl�boolean
;
zero-no-soa-ttl-cache�boolean
;
zone-statistics�(�full�|�terse�|�none�|�boolean
�);
};
server�netprefix
�{
bogus�boolean
;
edns�boolean
;
edns-udp-size�integer
;
edns-version�integer
;
keys�server_key
;
max-udp-size�integer
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�]
����[�dscp�integer
�];
provide-ixfr�boolean
;
query-source�(�(�[�address�]�(�ipv4_address
�|�*�)�[�port�(
����integer
�|�*�)�]�)�|�(�[�[�address�]�(�ipv4_address
�|�*�)�]
����port�(�integer
�|�*�)�)�)�[�dscp�integer
�];
query-source-v6�(�(�[�address�]�(�ipv6_address
�|�*�)�[�port�(
����integer
�|�*�)�]�)�|�(�[�[�address�]�(�ipv6_address
�|�*�)�]
����port�(�integer
�|�*�)�)�)�[�dscp�integer
�];
request-expire�boolean
;
request-ixfr�boolean
;
request-nsid�boolean
;
send-cookie�boolean
;
tcp-only�boolean
;
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
transfers�integer
;
};
statistics-channels�{
inet�(�ipv4_address
�|�ipv6_address
�|
����*�)�[�port�(�integer
�|�*�)�]�[
����allow�{�address_match_element
;�...
����}�];
};
view�string
�[�class
�]�{
acache-cleaning-interval�integer
;
acache-enable�boolean
;
additional-from-auth�boolean
;
additional-from-cache�boolean
;
allow-new-zones�boolean
;
allow-notify�{�address_match_element
;�...�};
allow-query�{�address_match_element
;�...�};
allow-query-cache�{�address_match_element
;�...�};
allow-query-cache-on�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-recursion�{�address_match_element
;�...�};
allow-recursion-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
also-notify�[�port�integer
�]�[�dscp�integer
�]�{�(�masters
�|
����ipv4_address
�[�port�integer
�]�|�ipv6_address
�[�port
����integer
�]�)�[�key�string
�];�...�};
alt-transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|
����*�)�]�[�dscp�integer
�];
attach-cache�string
;
auth-nxdomain�boolean
;�//�default�changed
auto-dnssec�(�allow�|�maintain�|�off�);
cache-file�quoted_string
;
catalog-zones�{�zone�quoted_string
�[�default-masters�[�port
����integer
�]�[�dscp�integer
�]�{�(�masters
�|�ipv4_address
�[
����port�integer
�]�|�ipv6_address
�[�port�integer
�]�)�[�key
����string
�];�...�}�]�[�zone-directory�quoted_string
�]�[
����in-memory�boolean
�]�[�min-update-interval�integer
�];�...�};
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�master�|�slave�|�response
����)�(�fail�|�warn�|�ignore�);
check-sibling�boolean
;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean
;
cleaning-interval�integer
;
clients-per-query�integer
;
deny-answer-addresses�{�address_match_element
;�...�}�[
����except-from�{�quoted_string
;�...�}�];
deny-answer-aliases�{�quoted_string
;�...�}�[�except-from�{
����quoted_string
;�...�}�];
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|�boolean
�);
disable-algorithms�string
�{�string
;
����...�};
disable-ds-digests�string
�{�string
;
����...�};
disable-empty-zone�string
;
dlz�string
�{
database�string
;
search�boolean
;
};
dns64�netprefix
�{
break-dnssec�boolean
;
clients�{�address_match_element
;�...�};
exclude�{�address_match_element
;�...�};
mapped�{�address_match_element
;�...�};
recursive-only�boolean
;
suffix�ipv6_address
;
};
dns64-contact�string
;
dns64-server�string
;
dnssec-accept-expired�boolean
;
dnssec-dnskey-kskonly�boolean
;
dnssec-enable�boolean
;
dnssec-loadkeys-interval�integer
;
dnssec-lookaside�(�string
�trust-anchor
����string
�|�auto�|�no�);
dnssec-must-be-secure�string
�boolean
;
dnssec-secure-to-insecure�boolean
;
dnssec-update-mode�(�maintain�|�no-resign�);
dnssec-validation�(�yes�|�no�|�auto�);
dnstap�{�(�all�|�auth�|�client�|�forwarder�|
����resolver�)�[�(�query�|�response�)�];�...�};
dual-stack-servers�[�port�integer
�]�{�(�quoted_string
�[�port
����integer
�]�[�dscp�integer
�]�|�ipv4_address
�[�port
����integer
�]�[�dscp�integer
�]�|�ipv6_address
�[�port
����integer
�]�[�dscp�integer
�]�);�...�};
dyndb�string
�quoted_string
�{
����unspecified-text
�};
edns-udp-size�integer
;
empty-contact�string
;
empty-server�string
;
empty-zones-enable�boolean
;
fetch-quota-params�integer
�fixedpoint
�fixedpoint
�fixedpoint
;
fetches-per-server�integer
�[�(�drop�|�fail�)�];
fetches-per-zone�integer
�[�(�drop�|�fail�)�];
filter-aaaa�{�address_match_element
;�...�};
filter-aaaa-on-v4�(�break-dnssec�|�boolean
�);
filter-aaaa-on-v6�(�break-dnssec�|�boolean
�);
forward�(�first�|�only�);
forwarders�[�port�integer
�]�[�dscp�integer
�]�{�(�ipv4_address
����|�ipv6_address
�)�[�port�integer
�]�[�dscp�integer
�];�...�};
inline-signing�boolean
;
ixfr-from-differences�(�master�|�slave�|�boolean
�);
key�string
�{
algorithm�string
;
secret�string
;
};
key-directory�quoted_string
;
lame-ttl�ttlval
;
lmdb-mapsize�sizeval
;
managed-keys�{�string
�string
����integer
�integer
�integer
����quoted_string
;�...�};
masterfile-format�(�map�|�raw�|�text�);
masterfile-style�(�full�|�relative�);
match-clients�{�address_match_element
;�...�};
match-destinations�{�address_match_element
;�...�};
match-recursive-only�boolean
;
max-acache-size�(�unlimited�|�sizeval
�);
max-cache-size�(�default�|�unlimited�|�sizeval
�|�percentage
�);
max-cache-ttl�integer
;
max-clients-per-query�integer
;
max-journal-size�(�unlimited�|�sizeval
�);
max-ncache-ttl�integer
;
max-records�integer
;
max-recursion-depth�integer
;
max-recursion-queries�integer
;
max-refresh-time�integer
;
max-retry-time�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-udp-size�integer
;
max-zone-ttl�(�unlimited�|�ttlval
�);
message-compression�boolean
;
min-refresh-time�integer
;
min-retry-time�integer
;
minimal-any�boolean
;
minimal-responses�(�no-auth�|�no-auth-recursive�|�boolean
�);
multi-master�boolean
;
no-case-compress�{�address_match_element
;�...�};
nocookie-udp-size�integer
;
notify�(�explicit�|�master-only�|�boolean
�);
notify-delay�integer
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�]
����[�dscp�integer
�];
notify-to-soa�boolean
;
nta-lifetime�ttlval
;
nta-recheck�ttlval
;
nxdomain-redirect�string
;
preferred-glue�string
;
prefetch�integer
�[�integer
�];
provide-ixfr�boolean
;
query-source�(�(�[�address�]�(�ipv4_address
�|�*�)�[�port�(
����integer
�|�*�)�]�)�|�(�[�[�address�]�(�ipv4_address
�|�*�)�]
����port�(�integer
�|�*�)�)�)�[�dscp�integer
�];
query-source-v6�(�(�[�address�]�(�ipv6_address
�|�*�)�[�port�(
����integer
�|�*�)�]�)�|�(�[�[�address�]�(�ipv6_address
�|�*�)�]
����port�(�integer
�|�*�)�)�)�[�dscp�integer
�];
rate-limit�{
all-per-second�integer
;
errors-per-second�integer
;
exempt-clients�{�address_match_element
;�...�};
ipv4-prefix-length�integer
;
ipv6-prefix-length�integer
;
log-only�boolean
;
max-table-size�integer
;
min-table-size�integer
;
nodata-per-second�integer
;
nxdomains-per-second�integer
;
qps-scale�integer
;
referrals-per-second�integer
;
responses-per-second�integer
;
slip�integer
;
window�integer
;
};
recursion�boolean
;
request-expire�boolean
;
request-ixfr�boolean
;
request-nsid�boolean
;
require-server-cookie�boolean
;
resolver-query-timeout�integer
;
response-policy�{�zone�quoted_string
�[�log�boolean
�]�[
����max-policy-ttl�integer
�]�[�policy�(�cname�|�disabled�|�drop�|
����given�|�no-op�|�nodata�|�nxdomain�|�passthru�|�tcp-only
����quoted_string
�)�]�[�recursive-only�boolean
�];�...�}�[
����break-dnssec�boolean
�]�[�max-policy-ttl�integer
�]�[
����min-ns-dots�integer
�]�[�nsip-wait-recurse�boolean
�]�[
����qname-wait-recurse�boolean
�]�[�recursive-only�boolean
�];
root-delegation-only�[�exclude�{�quoted_string
;�...�}�];
root-key-sentinel�boolean
;
rrset-order�{�[�class�string
�]�[�type�string
�]�[�name
����quoted_string
�]�string
�string
;�...�};
send-cookie�boolean
;
serial-update-method�(�date�|�increment�|�unixtime�);
server�netprefix
�{
bogus�boolean
;
edns�boolean
;
edns-udp-size�integer
;
edns-version�integer
;
keys�server_key
;
max-udp-size�integer
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*
����)�]�[�dscp�integer
�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
����|�*�)�]�[�dscp�integer
�];
provide-ixfr�boolean
;
query-source�(�(�[�address�]�(�ipv4_address
�|�*�)�[�port
����(�integer
�|�*�)�]�)�|�(�[�[�address�]�(
����ipv4_address
�|�*�)�]�port�(�integer
�|�*�)�)�)�[
����dscp�integer
�];
query-source-v6�(�(�[�address�]�(�ipv6_address
�|�*�)�[
����port�(�integer
�|�*�)�]�)�|�(�[�[�address�]�(
����ipv6_address
�|�*�)�]�port�(�integer
�|�*�)�)�)�[
����dscp�integer
�];
request-expire�boolean
;
request-ixfr�boolean
;
request-nsid�boolean
;
send-cookie�boolean
;
tcp-only�boolean
;
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|
����*�)�]�[�dscp�integer
�];
transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(
����integer
�|�*�)�]�[�dscp�integer
�];
transfers�integer
;
};
servfail-ttl�ttlval
;
sig-signing-nodes�integer
;
sig-signing-signatures�integer
;
sig-signing-type�integer
;
sig-validity-interval�integer
�[�integer
�];
sortlist�{�address_match_element
;�...�};
transfer-format�(�many-answers�|�one-answer�);
transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
trust-anchor-telemetry�boolean
;�//�experimental
trusted-keys�{�string
�integer
����integer
�integer
�quoted_string
;
����...�};
try-tcp-refresh�boolean
;
update-check-ksk�boolean
;
use-alt-transfer-source�boolean
;
v6-bias�integer
;
zero-no-soa-ttl�boolean
;
zero-no-soa-ttl-cache�boolean
;
zone�string
�[�class
�]�{
allow-notify�{�address_match_element
;�...�};
allow-query�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
also-notify�[�port�integer
�]�[�dscp�integer
�]�{�(
����masters
�|�ipv4_address
�[�port�integer
�]�|
����ipv6_address
�[�port�integer
�]�)�[�key�string
�];
����...�};
alt-transfer-source�(�ipv4_address
�|�*�)�[�port�(
����integer
�|�*�)�]�[�dscp�integer
�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(
����integer
�|�*�)�]�[�dscp�integer
�];
auto-dnssec�(�allow�|�maintain�|�off�);
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�fail�|�warn�|�ignore�);
check-sibling�boolean
;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean
;
database�string
;
delegation-only�boolean
;
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|
����boolean
�);
dlz�string
;
dnssec-dnskey-kskonly�boolean
;
dnssec-loadkeys-interval�integer
;
dnssec-secure-to-insecure�boolean
;
dnssec-update-mode�(�maintain�|�no-resign�);
file�quoted_string
;
forward�(�first�|�only�);
forwarders�[�port�integer
�]�[�dscp�integer
�]�{�(
����ipv4_address
�|�ipv6_address
�)�[�port�integer
�]�[
����dscp�integer
�];�...�};
in-view�string
;
inline-signing�boolean
;
ixfr-from-differences�boolean
;
journal�quoted_string
;
key-directory�quoted_string
;
masterfile-format�(�map�|�raw�|�text�);
masterfile-style�(�full�|�relative�);
masters�[�port�integer
�]�[�dscp�integer
�]�{�(�masters
����|�ipv4_address
�[�port�integer
�]�|�ipv6_address
�[
����port�integer
�]�)�[�key�string
�];�...�};
max-ixfr-log-size�(�default�|�unlimited�|
max-journal-size�(�unlimited�|�sizeval
�);
max-records�integer
;
max-refresh-time�integer
;
max-retry-time�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-zone-ttl�(�unlimited�|�ttlval
�);
min-refresh-time�integer
;
min-retry-time�integer
;
multi-master�boolean
;
notify�(�explicit�|�master-only�|�boolean
�);
notify-delay�integer
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*
����)�]�[�dscp�integer
�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
����|�*�)�]�[�dscp�integer
�];
notify-to-soa�boolean
;
pubkey�integer
����integer
����integer
request-expire�boolean
;
request-ixfr�boolean
;
serial-update-method�(�date�|�increment�|�unixtime�);
server-addresses�{�(�ipv4_address
�|�ipv6_address
�)�[
����port�integer
�];�...�};
server-names�{�quoted_string
;�...�};
sig-signing-nodes�integer
;
sig-signing-signatures�integer
;
sig-signing-type�integer
;
sig-validity-interval�integer
�[�integer
�];
transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|
����*�)�]�[�dscp�integer
�];
transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(
����integer
�|�*�)�]�[�dscp�integer
�];
try-tcp-refresh�boolean
;
type�(�delegation-only�|�forward�|�hint�|�master�|�redirect
����|�slave�|�static-stub�|�stub�);
update-check-ksk�boolean
;
update-policy�(�local�|�{�(�deny�|�grant�)�string
�(
����6to4-self�|�external�|�krb5-self�|�krb5-subdomain�|
����ms-self�|�ms-subdomain�|�name�|�self�|�selfsub�|
����selfwild�|�subdomain�|�tcp-self�|�wildcard�|�zonesub�)
����[�string
�]�rrtypelist
;�...�};
use-alt-transfer-source�boolean
;
zero-no-soa-ttl�boolean
;
zone-statistics�(�full�|�terse�|�none�|�boolean
�);
};
zone-statistics�(�full�|�terse�|�none�|�boolean
�);
};
zone�string
�[�class
�]�{
allow-notify�{�address_match_element
;�...�};
allow-query�{�address_match_element
;�...�};
allow-query-on�{�address_match_element
;�...�};
allow-transfer�{�address_match_element
;�...�};
allow-update�{�address_match_element
;�...�};
allow-update-forwarding�{�address_match_element
;�...�};
also-notify�[�port�integer
�]�[�dscp�integer
�]�{�(�masters
�|
����ipv4_address
�[�port�integer
�]�|�ipv6_address
�[�port
����integer
�]�)�[�key�string
�];�...�};
alt-transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
alt-transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|
����*�)�]�[�dscp�integer
�];
auto-dnssec�(�allow�|�maintain�|�off�);
check-dup-records�(�fail�|�warn�|�ignore�);
check-integrity�boolean
;
check-mx�(�fail�|�warn�|�ignore�);
check-mx-cname�(�fail�|�warn�|�ignore�);
check-names�(�fail�|�warn�|�ignore�);
check-sibling�boolean
;
check-spf�(�warn�|�ignore�);
check-srv-cname�(�fail�|�warn�|�ignore�);
check-wildcard�boolean
;
database�string
;
delegation-only�boolean
;
dialup�(�notify�|�notify-passive�|�passive�|�refresh�|�boolean
�);
dlz�string
;
dnssec-dnskey-kskonly�boolean
;
dnssec-loadkeys-interval�integer
;
dnssec-secure-to-insecure�boolean
;
dnssec-update-mode�(�maintain�|�no-resign�);
file�quoted_string
;
forward�(�first�|�only�);
forwarders�[�port�integer
�]�[�dscp�integer
�]�{�(�ipv4_address
����|�ipv6_address
�)�[�port�integer
�]�[�dscp�integer
�];�...�};
in-view�string
;
inline-signing�boolean
;
ixfr-from-differences�boolean
;
journal�quoted_string
;
key-directory�quoted_string
;
masterfile-format�(�map�|�raw�|�text�);
masterfile-style�(�full�|�relative�);
masters�[�port�integer
�]�[�dscp�integer
�]�{�(�masters
�|
����ipv4_address
�[�port�integer
�]�|�ipv6_address
�[�port
����integer
�]�)�[�key�string
�];�...�};
max-journal-size�(�unlimited�|�sizeval
�);
max-records�integer
;
max-refresh-time�integer
;
max-retry-time�integer
;
max-transfer-idle-in�integer
;
max-transfer-idle-out�integer
;
max-transfer-time-in�integer
;
max-transfer-time-out�integer
;
max-zone-ttl�(�unlimited�|�ttlval
�);
min-refresh-time�integer
;
min-retry-time�integer
;
multi-master�boolean
;
notify�(�explicit�|�master-only�|�boolean
�);
notify-delay�integer
;
notify-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
notify-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)�]
����[�dscp�integer
�];
notify-to-soa�boolean
;
pubkey�integer
�integer
request-expire�boolean
;
request-ixfr�boolean
;
serial-update-method�(�date�|�increment�|�unixtime�);
server-addresses�{�(�ipv4_address
�|�ipv6_address
�)�[�port
����integer
�];�...�};
server-names�{�quoted_string
;�...�};
sig-signing-nodes�integer
;
sig-signing-signatures�integer
;
sig-signing-type�integer
;
sig-validity-interval�integer
�[�integer
�];
transfer-source�(�ipv4_address
�|�*�)�[�port�(�integer
�|�*�)�]�[
����dscp�integer
�];
transfer-source-v6�(�ipv6_address
�|�*�)�[�port�(�integer
�|�*�)
����]�[�dscp�integer
�];
try-tcp-refresh�boolean
;
type�(�delegation-only�|�forward�|�hint�|�master�|�redirect�|�slave
����|�static-stub�|�stub�);
update-check-ksk�boolean
;
update-policy�(�local�|�{�(�deny�|�grant�)�string
�(�6to4-self�|
����external�|�krb5-self�|�krb5-subdomain�|�ms-self�|�ms-subdomain
����|�name�|�self�|�selfsub�|�selfwild�|�subdomain�|�tcp-self�|
����wildcard�|�zonesub�)�[�string
�]�rrtypelist
;�...�};
use-alt-transfer-source�boolean
;
zero-no-soa-ttl�boolean
;
zone-statistics�(�full�|�terse�|�none�|�boolean
�);
};
BIND 9.11.4-P1 (Extended Support Version)