/contrib/bind9/doc/misc/options

https://bitbucket.org/freebsd/freebsd-head/ · #! · 619 lines · 603 code · 16 blank · 0 comment · 0 complexity · 686b6a7f58c0a5a2a4c89e4a9a028255 MD5 · raw file

  1. This is a summary of the named.conf options supported by
  2. this version of BIND 9.
  3. acl <string> { <address_match_element>; ... };
  4. controls {
  5. inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
  6. ) ] allow { <address_match_element>; ... } [ keys { <string>;
  7. ... } ];
  8. unix <quoted_string> perm <integer> owner <integer> group <integer>
  9. [ keys { <string>; ... } ];
  10. };
  11. dlz <string> {
  12. database <string>;
  13. };
  14. key <string> {
  15. algorithm <string>;
  16. secret <string>;
  17. };
  18. logging {
  19. category <string> { <string>; ... };
  20. channel <string> {
  21. file <quoted_string> [ versions ( "unlimited" | <integer> )
  22. ] [ size <size> ];
  23. null;
  24. print-category <boolean>;
  25. print-severity <boolean>;
  26. print-time <boolean>;
  27. severity <log_severity>;
  28. stderr;
  29. syslog <optional_facility>;
  30. };
  31. };
  32. lwres {
  33. listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
  34. [ port <integer> ]; ... };
  35. ndots <integer>;
  36. search { <string>; ... };
  37. view <string> <optional_class>;
  38. };
  39. managed-keys { <string> <string> <integer> <integer> <integer>
  40. <quoted_string>; ... };
  41. masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
  42. <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
  43. options {
  44. acache-cleaning-interval <integer>;
  45. acache-enable <boolean>;
  46. additional-from-auth <boolean>;
  47. additional-from-cache <boolean>;
  48. allow-new-zones <boolean>;
  49. allow-notify { <address_match_element>; ... };
  50. allow-query { <address_match_element>; ... };
  51. allow-query-cache { <address_match_element>; ... };
  52. allow-query-cache-on { <address_match_element>; ... };
  53. allow-query-on { <address_match_element>; ... };
  54. allow-recursion { <address_match_element>; ... };
  55. allow-recursion-on { <address_match_element>; ... };
  56. allow-transfer { <address_match_element>; ... };
  57. allow-update { <address_match_element>; ... };
  58. allow-update-forwarding { <address_match_element>; ... };
  59. allow-v6-synthesis { <address_match_element>; ... }; // obsolete
  60. also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
  61. ) [ port <integer> ]; ... };
  62. alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  63. alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  64. * ) ];
  65. attach-cache <string>;
  66. auth-nxdomain <boolean>; // default changed
  67. auto-dnssec ( allow | maintain | off );
  68. avoid-v4-udp-ports { <portrange>; ... };
  69. avoid-v6-udp-ports { <portrange>; ... };
  70. bindkeys-file <quoted_string>;
  71. blackhole { <address_match_element>; ... };
  72. cache-file <quoted_string>;
  73. check-dup-records ( fail | warn | ignore );
  74. check-integrity <boolean>;
  75. check-mx ( fail | warn | ignore );
  76. check-mx-cname ( fail | warn | ignore );
  77. check-names ( master | slave | response ) ( fail | warn | ignore );
  78. check-sibling <boolean>;
  79. check-srv-cname ( fail | warn | ignore );
  80. check-wildcard <boolean>;
  81. cleaning-interval <integer>;
  82. clients-per-query <integer>;
  83. coresize <size>;
  84. datasize <size>;
  85. deallocate-on-exit <boolean>; // obsolete
  86. deny-answer-addresses { <address_match_element>; ... } [
  87. except-from { <quoted_string>; ... } ];
  88. deny-answer-aliases { <quoted_string>; ... } [ except-from {
  89. <quoted_string>; ... } ];
  90. dialup <dialuptype>;
  91. directory <quoted_string>;
  92. disable-algorithms <string> { <string>; ... };
  93. disable-empty-zone <string>;
  94. dns64 <netprefix> {
  95. break-dnssec <boolean>;
  96. clients { <address_match_element>; ... };
  97. exclude { <address_match_element>; ... };
  98. mapped { <address_match_element>; ... };
  99. recursive-only <boolean>;
  100. suffix <ipv6_address>;
  101. };
  102. dns64-contact <string>;
  103. dns64-server <string>;
  104. dnssec-accept-expired <boolean>;
  105. dnssec-dnskey-kskonly <boolean>;
  106. dnssec-enable <boolean>;
  107. dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
  108. dnssec-must-be-secure <string> <boolean>;
  109. dnssec-secure-to-insecure <boolean>;
  110. dnssec-validation ( yes | no | auto );
  111. dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
  112. <integer> ] | <ipv4_address> [ port <integer> ] |
  113. <ipv6_address> [ port <integer> ] ); ... };
  114. dump-file <quoted_string>;
  115. edns-udp-size <integer>;
  116. empty-contact <string>;
  117. empty-server <string>;
  118. empty-zones-enable <boolean>;
  119. fake-iquery <boolean>; // obsolete
  120. fetch-glue <boolean>; // obsolete
  121. files <size>;
  122. filter-aaaa { <address_match_element>; ... }; // not configured
  123. filter-aaaa-on-v4 <v4_aaaa>; // not configured
  124. flush-zones-on-shutdown <boolean>;
  125. forward ( first | only );
  126. forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
  127. [ port <integer> ]; ... };
  128. has-old-clients <boolean>; // obsolete
  129. heartbeat-interval <integer>;
  130. host-statistics <boolean>; // not implemented
  131. host-statistics-max <integer>; // not implemented
  132. hostname ( <quoted_string> | none );
  133. interface-interval <integer>;
  134. ixfr-from-differences <ixfrdiff>;
  135. key-directory <quoted_string>;
  136. lame-ttl <integer>;
  137. listen-on [ port <integer> ] { <address_match_element>; ... };
  138. listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
  139. maintain-ixfr-base <boolean>; // obsolete
  140. managed-keys-directory <quoted_string>;
  141. masterfile-format ( text | raw );
  142. match-mapped-addresses <boolean>;
  143. max-acache-size <size_no_default>;
  144. max-cache-size <size_no_default>;
  145. max-cache-ttl <integer>;
  146. max-clients-per-query <integer>;
  147. max-ixfr-log-size <size>; // obsolete
  148. max-journal-size <size_no_default>;
  149. max-ncache-ttl <integer>;
  150. max-refresh-time <integer>;
  151. max-retry-time <integer>;
  152. max-transfer-idle-in <integer>;
  153. max-transfer-idle-out <integer>;
  154. max-transfer-time-in <integer>;
  155. max-transfer-time-out <integer>;
  156. max-udp-size <integer>;
  157. memstatistics <boolean>;
  158. memstatistics-file <quoted_string>;
  159. min-refresh-time <integer>;
  160. min-retry-time <integer>;
  161. min-roots <integer>; // not implemented
  162. minimal-responses <boolean>;
  163. multi-master <boolean>;
  164. multiple-cnames <boolean>; // obsolete
  165. named-xfer <quoted_string>; // obsolete
  166. notify <notifytype>;
  167. notify-delay <integer>;
  168. notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  169. notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  170. notify-to-soa <boolean>;
  171. nsec3-test-zone <boolean>; // test only
  172. pid-file ( <quoted_string> | none );
  173. port <integer>;
  174. preferred-glue <string>;
  175. provide-ixfr <boolean>;
  176. query-source <querysource4>;
  177. query-source-v6 <querysource6>;
  178. querylog <boolean>;
  179. queryport-pool-ports <integer>; // obsolete
  180. queryport-pool-updateinterval <integer>; // obsolete
  181. random-device <quoted_string>;
  182. recursing-file <quoted_string>;
  183. recursion <boolean>;
  184. recursive-clients <integer>;
  185. request-ixfr <boolean>;
  186. request-nsid <boolean>;
  187. reserved-sockets <integer>;
  188. resolver-query-timeout <integer>;
  189. response-policy {
  190. zone <string> [ policy ( given | disabled | passthru |
  191. no-op | nxdomain | nodata | cname <domain> ) ];
  192. };
  193. rfc2308-type1 <boolean>; // not yet implemented
  194. root-delegation-only [ exclude { <quoted_string>; ... } ];
  195. rrset-order { [ class <string> ] [ type <string> ] [ name
  196. <quoted_string> ] <string> <string>; ... };
  197. secroots-file <quoted_string>;
  198. serial-queries <integer>; // obsolete
  199. serial-query-rate <integer>;
  200. server-id ( <quoted_string> | none | hostname );
  201. session-keyalg <string>;
  202. session-keyfile ( <quoted_string> | none );
  203. session-keyname <string>;
  204. sig-signing-nodes <integer>;
  205. sig-signing-signatures <integer>;
  206. sig-signing-type <integer>;
  207. sig-validity-interval <integer> [ <integer> ];
  208. sortlist { <address_match_element>; ... };
  209. stacksize <size>;
  210. statistics-file <quoted_string>;
  211. statistics-interval <integer>; // not yet implemented
  212. suppress-initial-notify <boolean>; // not yet implemented
  213. tcp-clients <integer>;
  214. tcp-listen-queue <integer>;
  215. tkey-dhkey <quoted_string> <integer>;
  216. tkey-domain <quoted_string>;
  217. tkey-gssapi-credential <quoted_string>;
  218. tkey-gssapi-keytab <quoted_string>;
  219. topology { <address_match_element>; ... }; // not implemented
  220. transfer-format ( many-answers | one-answer );
  221. transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  222. transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  223. transfers-in <integer>;
  224. transfers-out <integer>;
  225. transfers-per-ns <integer>;
  226. treat-cr-as-space <boolean>; // obsolete
  227. try-tcp-refresh <boolean>;
  228. update-check-ksk <boolean>;
  229. use-alt-transfer-source <boolean>;
  230. use-id-pool <boolean>; // obsolete
  231. use-ixfr <boolean>;
  232. use-queryport-pool <boolean>; // obsolete
  233. use-v4-udp-ports { <portrange>; ... };
  234. use-v6-udp-ports { <portrange>; ... };
  235. version ( <quoted_string> | none );
  236. zero-no-soa-ttl <boolean>;
  237. zero-no-soa-ttl-cache <boolean>;
  238. zone-statistics <boolean>;
  239. };
  240. server <netprefix> {
  241. bogus <boolean>;
  242. edns <boolean>;
  243. edns-udp-size <integer>;
  244. keys <server_key>;
  245. max-udp-size <integer>;
  246. notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  247. notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  248. provide-ixfr <boolean>;
  249. query-source <querysource4>;
  250. query-source-v6 <querysource6>;
  251. request-ixfr <boolean>;
  252. support-ixfr <boolean>; // obsolete
  253. transfer-format ( many-answers | one-answer );
  254. transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  255. transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  256. transfers <integer>;
  257. };
  258. statistics-channels {
  259. inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
  260. ) ] [ allow { <address_match_element>; ... } ];
  261. };
  262. trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
  263. view <string> <optional_class> {
  264. acache-cleaning-interval <integer>;
  265. acache-enable <boolean>;
  266. additional-from-auth <boolean>;
  267. additional-from-cache <boolean>;
  268. allow-new-zones <boolean>;
  269. allow-notify { <address_match_element>; ... };
  270. allow-query { <address_match_element>; ... };
  271. allow-query-cache { <address_match_element>; ... };
  272. allow-query-cache-on { <address_match_element>; ... };
  273. allow-query-on { <address_match_element>; ... };
  274. allow-recursion { <address_match_element>; ... };
  275. allow-recursion-on { <address_match_element>; ... };
  276. allow-transfer { <address_match_element>; ... };
  277. allow-update { <address_match_element>; ... };
  278. allow-update-forwarding { <address_match_element>; ... };
  279. allow-v6-synthesis { <address_match_element>; ... }; // obsolete
  280. also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
  281. ) [ port <integer> ]; ... };
  282. alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  283. alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  284. * ) ];
  285. attach-cache <string>;
  286. auth-nxdomain <boolean>; // default changed
  287. auto-dnssec ( allow | maintain | off );
  288. cache-file <quoted_string>;
  289. check-dup-records ( fail | warn | ignore );
  290. check-integrity <boolean>;
  291. check-mx ( fail | warn | ignore );
  292. check-mx-cname ( fail | warn | ignore );
  293. check-names ( master | slave | response ) ( fail | warn | ignore );
  294. check-sibling <boolean>;
  295. check-srv-cname ( fail | warn | ignore );
  296. check-wildcard <boolean>;
  297. cleaning-interval <integer>;
  298. clients-per-query <integer>;
  299. database <string>;
  300. deny-answer-addresses { <address_match_element>; ... } [
  301. except-from { <quoted_string>; ... } ];
  302. deny-answer-aliases { <quoted_string>; ... } [ except-from {
  303. <quoted_string>; ... } ];
  304. dialup <dialuptype>;
  305. disable-algorithms <string> { <string>; ... };
  306. disable-empty-zone <string>;
  307. dlz <string> {
  308. database <string>;
  309. };
  310. dns64 <netprefix> {
  311. break-dnssec <boolean>;
  312. clients { <address_match_element>; ... };
  313. exclude { <address_match_element>; ... };
  314. mapped { <address_match_element>; ... };
  315. recursive-only <boolean>;
  316. suffix <ipv6_address>;
  317. };
  318. dns64-contact <string>;
  319. dns64-server <string>;
  320. dnssec-accept-expired <boolean>;
  321. dnssec-dnskey-kskonly <boolean>;
  322. dnssec-enable <boolean>;
  323. dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
  324. dnssec-must-be-secure <string> <boolean>;
  325. dnssec-secure-to-insecure <boolean>;
  326. dnssec-validation ( yes | no | auto );
  327. dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
  328. <integer> ] | <ipv4_address> [ port <integer> ] |
  329. <ipv6_address> [ port <integer> ] ); ... };
  330. edns-udp-size <integer>;
  331. empty-contact <string>;
  332. empty-server <string>;
  333. empty-zones-enable <boolean>;
  334. fetch-glue <boolean>; // obsolete
  335. filter-aaaa { <address_match_element>; ... }; // not configured
  336. filter-aaaa-on-v4 <v4_aaaa>; // not configured
  337. forward ( first | only );
  338. forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
  339. [ port <integer> ]; ... };
  340. ixfr-from-differences <ixfrdiff>;
  341. key <string> {
  342. algorithm <string>;
  343. secret <string>;
  344. };
  345. key-directory <quoted_string>;
  346. lame-ttl <integer>;
  347. maintain-ixfr-base <boolean>; // obsolete
  348. managed-keys { <string> <string> <integer> <integer> <integer>
  349. <quoted_string>; ... };
  350. masterfile-format ( text | raw );
  351. match-clients { <address_match_element>; ... };
  352. match-destinations { <address_match_element>; ... };
  353. match-recursive-only <boolean>;
  354. max-acache-size <size_no_default>;
  355. max-cache-size <size_no_default>;
  356. max-cache-ttl <integer>;
  357. max-clients-per-query <integer>;
  358. max-ixfr-log-size <size>; // obsolete
  359. max-journal-size <size_no_default>;
  360. max-ncache-ttl <integer>;
  361. max-refresh-time <integer>;
  362. max-retry-time <integer>;
  363. max-transfer-idle-in <integer>;
  364. max-transfer-idle-out <integer>;
  365. max-transfer-time-in <integer>;
  366. max-transfer-time-out <integer>;
  367. max-udp-size <integer>;
  368. min-refresh-time <integer>;
  369. min-retry-time <integer>;
  370. min-roots <integer>; // not implemented
  371. minimal-responses <boolean>;
  372. multi-master <boolean>;
  373. notify <notifytype>;
  374. notify-delay <integer>;
  375. notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  376. notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  377. notify-to-soa <boolean>;
  378. nsec3-test-zone <boolean>; // test only
  379. preferred-glue <string>;
  380. provide-ixfr <boolean>;
  381. query-source <querysource4>;
  382. query-source-v6 <querysource6>;
  383. queryport-pool-ports <integer>; // obsolete
  384. queryport-pool-updateinterval <integer>; // obsolete
  385. recursion <boolean>;
  386. request-ixfr <boolean>;
  387. request-nsid <boolean>;
  388. resolver-query-timeout <integer>;
  389. response-policy {
  390. zone <string> [ policy ( given | disabled | passthru |
  391. no-op | nxdomain | nodata | cname <domain> ) ];
  392. };
  393. rfc2308-type1 <boolean>; // not yet implemented
  394. root-delegation-only [ exclude { <quoted_string>; ... } ];
  395. rrset-order { [ class <string> ] [ type <string> ] [ name
  396. <quoted_string> ] <string> <string>; ... };
  397. server <netprefix> {
  398. bogus <boolean>;
  399. edns <boolean>;
  400. edns-udp-size <integer>;
  401. keys <server_key>;
  402. max-udp-size <integer>;
  403. notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
  404. ) ];
  405. notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
  406. | * ) ];
  407. provide-ixfr <boolean>;
  408. query-source <querysource4>;
  409. query-source-v6 <querysource6>;
  410. request-ixfr <boolean>;
  411. support-ixfr <boolean>; // obsolete
  412. transfer-format ( many-answers | one-answer );
  413. transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
  414. * ) ];
  415. transfer-source-v6 ( <ipv6_address> | * ) [ port (
  416. <integer> | * ) ];
  417. transfers <integer>;
  418. };
  419. sig-signing-nodes <integer>;
  420. sig-signing-signatures <integer>;
  421. sig-signing-type <integer>;
  422. sig-validity-interval <integer> [ <integer> ];
  423. sortlist { <address_match_element>; ... };
  424. suppress-initial-notify <boolean>; // not yet implemented
  425. topology { <address_match_element>; ... }; // not implemented
  426. transfer-format ( many-answers | one-answer );
  427. transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  428. transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  429. trusted-keys { <string> <integer> <integer> <integer>
  430. <quoted_string>; ... };
  431. try-tcp-refresh <boolean>;
  432. update-check-ksk <boolean>;
  433. use-alt-transfer-source <boolean>;
  434. use-queryport-pool <boolean>; // obsolete
  435. zero-no-soa-ttl <boolean>;
  436. zero-no-soa-ttl-cache <boolean>;
  437. zone <string> <optional_class> {
  438. allow-notify { <address_match_element>; ... };
  439. allow-query { <address_match_element>; ... };
  440. allow-query-on { <address_match_element>; ... };
  441. allow-transfer { <address_match_element>; ... };
  442. allow-update { <address_match_element>; ... };
  443. allow-update-forwarding { <address_match_element>; ... };
  444. also-notify [ port <integer> ] { ( <ipv4_address> |
  445. <ipv6_address> ) [ port <integer> ]; ... };
  446. alt-transfer-source ( <ipv4_address> | * ) [ port (
  447. <integer> | * ) ];
  448. alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
  449. <integer> | * ) ];
  450. auto-dnssec ( allow | maintain | off );
  451. check-dup-records ( fail | warn | ignore );
  452. check-integrity <boolean>;
  453. check-mx ( fail | warn | ignore );
  454. check-mx-cname ( fail | warn | ignore );
  455. check-names ( fail | warn | ignore );
  456. check-sibling <boolean>;
  457. check-srv-cname ( fail | warn | ignore );
  458. check-wildcard <boolean>;
  459. database <string>;
  460. delegation-only <boolean>;
  461. dialup <dialuptype>;
  462. dnssec-dnskey-kskonly <boolean>;
  463. dnssec-secure-to-insecure <boolean>;
  464. file <quoted_string>;
  465. forward ( first | only );
  466. forwarders [ port <integer> ] { ( <ipv4_address> |
  467. <ipv6_address> ) [ port <integer> ]; ... };
  468. ixfr-base <quoted_string>; // obsolete
  469. ixfr-from-differences <boolean>;
  470. ixfr-tmp-file <quoted_string>; // obsolete
  471. journal <quoted_string>;
  472. key-directory <quoted_string>;
  473. maintain-ixfr-base <boolean>; // obsolete
  474. masterfile-format ( text | raw );
  475. masters [ port <integer> ] { ( <masters> | <ipv4_address> [
  476. port <integer> ] | <ipv6_address> [ port <integer> ] )
  477. [ key <string> ]; ... };
  478. max-ixfr-log-size <size>; // obsolete
  479. max-journal-size <size_no_default>;
  480. max-refresh-time <integer>;
  481. max-retry-time <integer>;
  482. max-transfer-idle-in <integer>;
  483. max-transfer-idle-out <integer>;
  484. max-transfer-time-in <integer>;
  485. max-transfer-time-out <integer>;
  486. min-refresh-time <integer>;
  487. min-retry-time <integer>;
  488. multi-master <boolean>;
  489. notify <notifytype>;
  490. notify-delay <integer>;
  491. notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
  492. ) ];
  493. notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
  494. | * ) ];
  495. notify-to-soa <boolean>;
  496. nsec3-test-zone <boolean>; // test only
  497. pubkey <integer> <integer> <integer>
  498. <quoted_string>; // obsolete
  499. server-addresses { ( <ipv4_address> | <ipv6_address> ) [
  500. port <integer> ]; ... };
  501. server-names { <quoted_string>; ... };
  502. sig-signing-nodes <integer>;
  503. sig-signing-signatures <integer>;
  504. sig-signing-type <integer>;
  505. sig-validity-interval <integer> [ <integer> ];
  506. transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
  507. * ) ];
  508. transfer-source-v6 ( <ipv6_address> | * ) [ port (
  509. <integer> | * ) ];
  510. try-tcp-refresh <boolean>;
  511. type ( master | slave | stub | static-stub | hint | forward
  512. | delegation-only );
  513. update-check-ksk <boolean>;
  514. update-policy ( local | { ( grant | deny ) <string> ( name
  515. | subdomain | wildcard | self | selfsub | selfwild |
  516. krb5-self | ms-self | krb5-subdomain | ms-subdomain |
  517. tcp-self | 6to4-self | zonesub | external ) [ <string>
  518. ] <rrtypelist>; ... };
  519. use-alt-transfer-source <boolean>;
  520. zero-no-soa-ttl <boolean>;
  521. zone-statistics <boolean>;
  522. };
  523. zone-statistics <boolean>;
  524. };
  525. zone <string> <optional_class> {
  526. allow-notify { <address_match_element>; ... };
  527. allow-query { <address_match_element>; ... };
  528. allow-query-on { <address_match_element>; ... };
  529. allow-transfer { <address_match_element>; ... };
  530. allow-update { <address_match_element>; ... };
  531. allow-update-forwarding { <address_match_element>; ... };
  532. also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
  533. ) [ port <integer> ]; ... };
  534. alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  535. alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
  536. * ) ];
  537. auto-dnssec ( allow | maintain | off );
  538. check-dup-records ( fail | warn | ignore );
  539. check-integrity <boolean>;
  540. check-mx ( fail | warn | ignore );
  541. check-mx-cname ( fail | warn | ignore );
  542. check-names ( fail | warn | ignore );
  543. check-sibling <boolean>;
  544. check-srv-cname ( fail | warn | ignore );
  545. check-wildcard <boolean>;
  546. database <string>;
  547. delegation-only <boolean>;
  548. dialup <dialuptype>;
  549. dnssec-dnskey-kskonly <boolean>;
  550. dnssec-secure-to-insecure <boolean>;
  551. file <quoted_string>;
  552. forward ( first | only );
  553. forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
  554. [ port <integer> ]; ... };
  555. ixfr-base <quoted_string>; // obsolete
  556. ixfr-from-differences <boolean>;
  557. ixfr-tmp-file <quoted_string>; // obsolete
  558. journal <quoted_string>;
  559. key-directory <quoted_string>;
  560. maintain-ixfr-base <boolean>; // obsolete
  561. masterfile-format ( text | raw );
  562. masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
  563. <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
  564. <string> ]; ... };
  565. max-ixfr-log-size <size>; // obsolete
  566. max-journal-size <size_no_default>;
  567. max-refresh-time <integer>;
  568. max-retry-time <integer>;
  569. max-transfer-idle-in <integer>;
  570. max-transfer-idle-out <integer>;
  571. max-transfer-time-in <integer>;
  572. max-transfer-time-out <integer>;
  573. min-refresh-time <integer>;
  574. min-retry-time <integer>;
  575. multi-master <boolean>;
  576. notify <notifytype>;
  577. notify-delay <integer>;
  578. notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  579. notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  580. notify-to-soa <boolean>;
  581. nsec3-test-zone <boolean>; // test only
  582. pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
  583. server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
  584. <integer> ]; ... };
  585. server-names { <quoted_string>; ... };
  586. sig-signing-nodes <integer>;
  587. sig-signing-signatures <integer>;
  588. sig-signing-type <integer>;
  589. sig-validity-interval <integer> [ <integer> ];
  590. transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
  591. transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
  592. try-tcp-refresh <boolean>;
  593. type ( master | slave | stub | static-stub | hint | forward |
  594. delegation-only );
  595. update-check-ksk <boolean>;
  596. update-policy ( local | { ( grant | deny ) <string> ( name |
  597. subdomain | wildcard | self | selfsub | selfwild | krb5-self |
  598. ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
  599. | zonesub | external ) [ <string> ] <rrtypelist>; ... };
  600. use-alt-transfer-source <boolean>;
  601. zero-no-soa-ttl <boolean>;
  602. zone-statistics <boolean>;
  603. };