/contrib/bind9/doc/misc/options

https://bitbucket.org/freebsd/freebsd-head/ · #! · 619 lines · 603 code · 16 blank · 0 comment · 0 complexity · 686b6a7f58c0a5a2a4c89e4a9a028255 MD5 · raw file 

    

  1. This is a summary of the named.conf options supported by 
    2. 

  2. this version of BIND 9.
    3. 

  3. 

  4. acl <string> { <address_match_element>; ... };
    5. 

  5. 

  6. controls {
    7. 

  7.         inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
    8. 

  8.             ) ] allow { <address_match_element>; ... } [ keys { <string>;
    9. 

  9.             ... } ];
    10. 

  10.         unix <quoted_string> perm <integer> owner <integer> group <integer>
    11. 

  11.             [ keys { <string>; ... } ];
    12. 

  12. };
    13. 

  13. 

  14. dlz <string> {
    15. 

  15.         database <string>;
    16. 

  16. };
    17. 

  17. 

  18. key <string> {
    19. 

  19.         algorithm <string>;
    20. 

  20.         secret <string>;
    21. 

  21. };
    22. 

  22. 

  23. logging {
    24. 

  24.         category <string> { <string>; ... };
    25. 

  25.         channel <string> {
    26. 

  26.                 file <quoted_string> [ versions ( "unlimited" | <integer> )
    27. 

  27.                     ] [ size <size> ];
    28. 

  28.                 null;
    29. 

  29.                 print-category <boolean>;
    30. 

  30.                 print-severity <boolean>;
    31. 

  31.                 print-time <boolean>;
    32. 

  32.                 severity <log_severity>;
    33. 

  33.                 stderr;
    34. 

  34.                 syslog <optional_facility>;
    35. 

  35.         };
    36. 

  36. };
    37. 

  37. 

  38. lwres {
    39. 

  39.         listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
    40. 

  40.             [ port <integer> ]; ... };
    41. 

  41.         ndots <integer>;
    42. 

  42.         search { <string>; ... };
    43. 

  43.         view <string> <optional_class>;
    44. 

  44. };
    45. 

  45. 

  46. managed-keys { <string> <string> <integer> <integer> <integer>
    47. 

  47.     <quoted_string>; ... };
    48. 

  48. 

  49. masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
    50. 

  50.     <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
    51. 

  51. 

  52. options {
    53. 

  53.         acache-cleaning-interval <integer>;
    54. 

  54.         acache-enable <boolean>;
    55. 

  55.         additional-from-auth <boolean>;
    56. 

  56.         additional-from-cache <boolean>;
    57. 

  57.         allow-new-zones <boolean>;
    58. 

  58.         allow-notify { <address_match_element>; ... };
    59. 

  59.         allow-query { <address_match_element>; ... };
    60. 

  60.         allow-query-cache { <address_match_element>; ... };
    61. 

  61.         allow-query-cache-on { <address_match_element>; ... };
    62. 

  62.         allow-query-on { <address_match_element>; ... };
    63. 

  63.         allow-recursion { <address_match_element>; ... };
    64. 

  64.         allow-recursion-on { <address_match_element>; ... };
    65. 

  65.         allow-transfer { <address_match_element>; ... };
    66. 

  66.         allow-update { <address_match_element>; ... };
    67. 

  67.         allow-update-forwarding { <address_match_element>; ... };
    68. 

  68.         allow-v6-synthesis { <address_match_element>; ... }; // obsolete
    69. 

  69.         also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
    70. 

  70.             ) [ port <integer> ]; ... };
    71. 

  71.         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    72. 

  72.         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
    73. 

  73.             * ) ];
    74. 

  74.         attach-cache <string>;
    75. 

  75.         auth-nxdomain <boolean>; // default changed
    76. 

  76.         auto-dnssec ( allow | maintain | off );
    77. 

  77.         avoid-v4-udp-ports { <portrange>; ... };
    78. 

  78.         avoid-v6-udp-ports { <portrange>; ... };
    79. 

  79.         bindkeys-file <quoted_string>;
    80. 

  80.         blackhole { <address_match_element>; ... };
    81. 

  81.         cache-file <quoted_string>;
    82. 

  82.         check-dup-records ( fail | warn | ignore );
    83. 

  83.         check-integrity <boolean>;
    84. 

  84.         check-mx ( fail | warn | ignore );
    85. 

  85.         check-mx-cname ( fail | warn | ignore );
    86. 

  86.         check-names ( master | slave | response ) ( fail | warn | ignore );
    87. 

  87.         check-sibling <boolean>;
    88. 

  88.         check-srv-cname ( fail | warn | ignore );
    89. 

  89.         check-wildcard <boolean>;
    90. 

  90.         cleaning-interval <integer>;
    91. 

  91.         clients-per-query <integer>;
    92. 

  92.         coresize <size>;
    93. 

  93.         datasize <size>;
    94. 

  94.         deallocate-on-exit <boolean>; // obsolete
    95. 

  95.         deny-answer-addresses { <address_match_element>; ... } [
    96. 

  96.             except-from { <quoted_string>; ... } ];
    97. 

  97.         deny-answer-aliases { <quoted_string>; ... } [ except-from {
    98. 

  98.             <quoted_string>; ... } ];
    99. 

  99.         dialup <dialuptype>;
    100. 

  100.         directory <quoted_string>;
    101. 

  101.         disable-algorithms <string> { <string>; ... };
    102. 

  102.         disable-empty-zone <string>;
    103. 

  103.         dns64 <netprefix> {
    104. 

  104.                 break-dnssec <boolean>;
    105. 

  105.                 clients { <address_match_element>; ... };
    106. 

  106.                 exclude { <address_match_element>; ... };
    107. 

  107.                 mapped { <address_match_element>; ... };
    108. 

  108.                 recursive-only <boolean>;
    109. 

  109.                 suffix <ipv6_address>;
    110. 

  110.         };
    111. 

  111.         dns64-contact <string>;
    112. 

  112.         dns64-server <string>;
    113. 

  113.         dnssec-accept-expired <boolean>;
    114. 

  114.         dnssec-dnskey-kskonly <boolean>;
    115. 

  115.         dnssec-enable <boolean>;
    116. 

  116.         dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
    117. 

  117.         dnssec-must-be-secure <string> <boolean>;
    118. 

  118.         dnssec-secure-to-insecure <boolean>;
    119. 

  119.         dnssec-validation ( yes | no | auto );
    120. 

  120.         dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
    121. 

  121.             <integer> ] | <ipv4_address> [ port <integer> ] |
    122. 

  122.             <ipv6_address> [ port <integer> ] ); ... };
    123. 

  123.         dump-file <quoted_string>;
    124. 

  124.         edns-udp-size <integer>;
    125. 

  125.         empty-contact <string>;
    126. 

  126.         empty-server <string>;
    127. 

  127.         empty-zones-enable <boolean>;
    128. 

  128.         fake-iquery <boolean>; // obsolete
    129. 

  129.         fetch-glue <boolean>; // obsolete
    130. 

  130.         files <size>;
    131. 

  131.         filter-aaaa { <address_match_element>; ... }; // not configured
    132. 

  132.         filter-aaaa-on-v4 <v4_aaaa>; // not configured
    133. 

  133.         flush-zones-on-shutdown <boolean>;
    134. 

  134.         forward ( first | only );
    135. 

  135.         forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
    136. 

  136.             [ port <integer> ]; ... };
    137. 

  137.         has-old-clients <boolean>; // obsolete
    138. 

  138.         heartbeat-interval <integer>;
    139. 

  139.         host-statistics <boolean>; // not implemented
    140. 

  140.         host-statistics-max <integer>; // not implemented
    141. 

  141.         hostname ( <quoted_string> | none );
    142. 

  142.         interface-interval <integer>;
    143. 

  143.         ixfr-from-differences <ixfrdiff>;
    144. 

  144.         key-directory <quoted_string>;
    145. 

  145.         lame-ttl <integer>;
    146. 

  146.         listen-on [ port <integer> ] { <address_match_element>; ... };
    147. 

  147.         listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
    148. 

  148.         maintain-ixfr-base <boolean>; // obsolete
    149. 

  149.         managed-keys-directory <quoted_string>;
    150. 

  150.         masterfile-format ( text | raw );
    151. 

  151.         match-mapped-addresses <boolean>;
    152. 

  152.         max-acache-size <size_no_default>;
    153. 

  153.         max-cache-size <size_no_default>;
    154. 

  154.         max-cache-ttl <integer>;
    155. 

  155.         max-clients-per-query <integer>;
    156. 

  156.         max-ixfr-log-size <size>; // obsolete
    157. 

  157.         max-journal-size <size_no_default>;
    158. 

  158.         max-ncache-ttl <integer>;
    159. 

  159.         max-refresh-time <integer>;
    160. 

  160.         max-retry-time <integer>;
    161. 

  161.         max-transfer-idle-in <integer>;
    162. 

  162.         max-transfer-idle-out <integer>;
    163. 

  163.         max-transfer-time-in <integer>;
    164. 

  164.         max-transfer-time-out <integer>;
    165. 

  165.         max-udp-size <integer>;
    166. 

  166.         memstatistics <boolean>;
    167. 

  167.         memstatistics-file <quoted_string>;
    168. 

  168.         min-refresh-time <integer>;
    169. 

  169.         min-retry-time <integer>;
    170. 

  170.         min-roots <integer>; // not implemented
    171. 

  171.         minimal-responses <boolean>;
    172. 

  172.         multi-master <boolean>;
    173. 

  173.         multiple-cnames <boolean>; // obsolete
    174. 

  174.         named-xfer <quoted_string>; // obsolete
    175. 

  175.         notify <notifytype>;
    176. 

  176.         notify-delay <integer>;
    177. 

  177.         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    178. 

  178.         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    179. 

  179.         notify-to-soa <boolean>;
    180. 

  180.         nsec3-test-zone <boolean>; // test only
    181. 

  181.         pid-file ( <quoted_string> | none );
    182. 

  182.         port <integer>;
    183. 

  183.         preferred-glue <string>;
    184. 

  184.         provide-ixfr <boolean>;
    185. 

  185.         query-source <querysource4>;
    186. 

  186.         query-source-v6 <querysource6>;
    187. 

  187.         querylog <boolean>;
    188. 

  188.         queryport-pool-ports <integer>; // obsolete
    189. 

  189.         queryport-pool-updateinterval <integer>; // obsolete
    190. 

  190.         random-device <quoted_string>;
    191. 

  191.         recursing-file <quoted_string>;
    192. 

  192.         recursion <boolean>;
    193. 

  193.         recursive-clients <integer>;
    194. 

  194.         request-ixfr <boolean>;
    195. 

  195.         request-nsid <boolean>;
    196. 

  196.         reserved-sockets <integer>;
    197. 

  197.         resolver-query-timeout <integer>;
    198. 

  198.         response-policy {
    199. 

  199.                 zone <string> [ policy ( given | disabled | passthru |
    200. 

  200.                     no-op | nxdomain | nodata | cname <domain> ) ];
    201. 

  201.         };
    202. 

  202.         rfc2308-type1 <boolean>; // not yet implemented
    203. 

  203.         root-delegation-only [ exclude { <quoted_string>; ... } ];
    204. 

  204.         rrset-order { [ class <string> ] [ type <string> ] [ name
    205. 

  205.             <quoted_string> ] <string> <string>; ... };
    206. 

  206.         secroots-file <quoted_string>;
    207. 

  207.         serial-queries <integer>; // obsolete
    208. 

  208.         serial-query-rate <integer>;
    209. 

  209.         server-id ( <quoted_string> | none | hostname );
    210. 

  210.         session-keyalg <string>;
    211. 

  211.         session-keyfile ( <quoted_string> | none );
    212. 

  212.         session-keyname <string>;
    213. 

  213.         sig-signing-nodes <integer>;
    214. 

  214.         sig-signing-signatures <integer>;
    215. 

  215.         sig-signing-type <integer>;
    216. 

  216.         sig-validity-interval <integer> [ <integer> ];
    217. 

  217.         sortlist { <address_match_element>; ... };
    218. 

  218.         stacksize <size>;
    219. 

  219.         statistics-file <quoted_string>;
    220. 

  220.         statistics-interval <integer>; // not yet implemented
    221. 

  221.         suppress-initial-notify <boolean>; // not yet implemented
    222. 

  222.         tcp-clients <integer>;
    223. 

  223.         tcp-listen-queue <integer>;
    224. 

  224.         tkey-dhkey <quoted_string> <integer>;
    225. 

  225.         tkey-domain <quoted_string>;
    226. 

  226.         tkey-gssapi-credential <quoted_string>;
    227. 

  227.         tkey-gssapi-keytab <quoted_string>;
    228. 

  228.         topology { <address_match_element>; ... }; // not implemented
    229. 

  229.         transfer-format ( many-answers | one-answer );
    230. 

  230.         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    231. 

  231.         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    232. 

  232.         transfers-in <integer>;
    233. 

  233.         transfers-out <integer>;
    234. 

  234.         transfers-per-ns <integer>;
    235. 

  235.         treat-cr-as-space <boolean>; // obsolete
    236. 

  236.         try-tcp-refresh <boolean>;
    237. 

  237.         update-check-ksk <boolean>;
    238. 

  238.         use-alt-transfer-source <boolean>;
    239. 

  239.         use-id-pool <boolean>; // obsolete
    240. 

  240.         use-ixfr <boolean>;
    241. 

  241.         use-queryport-pool <boolean>; // obsolete
    242. 

  242.         use-v4-udp-ports { <portrange>; ... };
    243. 

  243.         use-v6-udp-ports { <portrange>; ... };
    244. 

  244.         version ( <quoted_string> | none );
    245. 

  245.         zero-no-soa-ttl <boolean>;
    246. 

  246.         zero-no-soa-ttl-cache <boolean>;
    247. 

  247.         zone-statistics <boolean>;
    248. 

  248. };
    249. 

  249. 

  250. server <netprefix> {
    251. 

  251.         bogus <boolean>;
    252. 

  252.         edns <boolean>;
    253. 

  253.         edns-udp-size <integer>;
    254. 

  254.         keys <server_key>;
    255. 

  255.         max-udp-size <integer>;
    256. 

  256.         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    257. 

  257.         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    258. 

  258.         provide-ixfr <boolean>;
    259. 

  259.         query-source <querysource4>;
    260. 

  260.         query-source-v6 <querysource6>;
    261. 

  261.         request-ixfr <boolean>;
    262. 

  262.         support-ixfr <boolean>; // obsolete
    263. 

  263.         transfer-format ( many-answers | one-answer );
    264. 

  264.         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    265. 

  265.         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    266. 

  266.         transfers <integer>;
    267. 

  267. };
    268. 

  268. 

  269. statistics-channels {
    270. 

  270.         inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
    271. 

  271.             ) ] [ allow { <address_match_element>; ... } ];
    272. 

  272. };
    273. 

  273. 

  274. trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
    275. 

  275. 

  276. view <string> <optional_class> {
    277. 

  277.         acache-cleaning-interval <integer>;
    278. 

  278.         acache-enable <boolean>;
    279. 

  279.         additional-from-auth <boolean>;
    280. 

  280.         additional-from-cache <boolean>;
    281. 

  281.         allow-new-zones <boolean>;
    282. 

  282.         allow-notify { <address_match_element>; ... };
    283. 

  283.         allow-query { <address_match_element>; ... };
    284. 

  284.         allow-query-cache { <address_match_element>; ... };
    285. 

  285.         allow-query-cache-on { <address_match_element>; ... };
    286. 

  286.         allow-query-on { <address_match_element>; ... };
    287. 

  287.         allow-recursion { <address_match_element>; ... };
    288. 

  288.         allow-recursion-on { <address_match_element>; ... };
    289. 

  289.         allow-transfer { <address_match_element>; ... };
    290. 

  290.         allow-update { <address_match_element>; ... };
    291. 

  291.         allow-update-forwarding { <address_match_element>; ... };
    292. 

  292.         allow-v6-synthesis { <address_match_element>; ... }; // obsolete
    293. 

  293.         also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
    294. 

  294.             ) [ port <integer> ]; ... };
    295. 

  295.         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    296. 

  296.         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
    297. 

  297.             * ) ];
    298. 

  298.         attach-cache <string>;
    299. 

  299.         auth-nxdomain <boolean>; // default changed
    300. 

  300.         auto-dnssec ( allow | maintain | off );
    301. 

  301.         cache-file <quoted_string>;
    302. 

  302.         check-dup-records ( fail | warn | ignore );
    303. 

  303.         check-integrity <boolean>;
    304. 

  304.         check-mx ( fail | warn | ignore );
    305. 

  305.         check-mx-cname ( fail | warn | ignore );
    306. 

  306.         check-names ( master | slave | response ) ( fail | warn | ignore );
    307. 

  307.         check-sibling <boolean>;
    308. 

  308.         check-srv-cname ( fail | warn | ignore );
    309. 

  309.         check-wildcard <boolean>;
    310. 

  310.         cleaning-interval <integer>;
    311. 

  311.         clients-per-query <integer>;
    312. 

  312.         database <string>;
    313. 

  313.         deny-answer-addresses { <address_match_element>; ... } [
    314. 

  314.             except-from { <quoted_string>; ... } ];
    315. 

  315.         deny-answer-aliases { <quoted_string>; ... } [ except-from {
    316. 

  316.             <quoted_string>; ... } ];
    317. 

  317.         dialup <dialuptype>;
    318. 

  318.         disable-algorithms <string> { <string>; ... };
    319. 

  319.         disable-empty-zone <string>;
    320. 

  320.         dlz <string> {
    321. 

  321.                 database <string>;
    322. 

  322.         };
    323. 

  323.         dns64 <netprefix> {
    324. 

  324.                 break-dnssec <boolean>;
    325. 

  325.                 clients { <address_match_element>; ... };
    326. 

  326.                 exclude { <address_match_element>; ... };
    327. 

  327.                 mapped { <address_match_element>; ... };
    328. 

  328.                 recursive-only <boolean>;
    329. 

  329.                 suffix <ipv6_address>;
    330. 

  330.         };
    331. 

  331.         dns64-contact <string>;
    332. 

  332.         dns64-server <string>;
    333. 

  333.         dnssec-accept-expired <boolean>;
    334. 

  334.         dnssec-dnskey-kskonly <boolean>;
    335. 

  335.         dnssec-enable <boolean>;
    336. 

  336.         dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
    337. 

  337.         dnssec-must-be-secure <string> <boolean>;
    338. 

  338.         dnssec-secure-to-insecure <boolean>;
    339. 

  339.         dnssec-validation ( yes | no | auto );
    340. 

  340.         dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
    341. 

  341.             <integer> ] | <ipv4_address> [ port <integer> ] |
    342. 

  342.             <ipv6_address> [ port <integer> ] ); ... };
    343. 

  343.         edns-udp-size <integer>;
    344. 

  344.         empty-contact <string>;
    345. 

  345.         empty-server <string>;
    346. 

  346.         empty-zones-enable <boolean>;
    347. 

  347.         fetch-glue <boolean>; // obsolete
    348. 

  348.         filter-aaaa { <address_match_element>; ... }; // not configured
    349. 

  349.         filter-aaaa-on-v4 <v4_aaaa>; // not configured
    350. 

  350.         forward ( first | only );
    351. 

  351.         forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
    352. 

  352.             [ port <integer> ]; ... };
    353. 

  353.         ixfr-from-differences <ixfrdiff>;
    354. 

  354.         key <string> {
    355. 

  355.                 algorithm <string>;
    356. 

  356.                 secret <string>;
    357. 

  357.         };
    358. 

  358.         key-directory <quoted_string>;
    359. 

  359.         lame-ttl <integer>;
    360. 

  360.         maintain-ixfr-base <boolean>; // obsolete
    361. 

  361.         managed-keys { <string> <string> <integer> <integer> <integer>
    362. 

  362.             <quoted_string>; ... };
    363. 

  363.         masterfile-format ( text | raw );
    364. 

  364.         match-clients { <address_match_element>; ... };
    365. 

  365.         match-destinations { <address_match_element>; ... };
    366. 

  366.         match-recursive-only <boolean>;
    367. 

  367.         max-acache-size <size_no_default>;
    368. 

  368.         max-cache-size <size_no_default>;
    369. 

  369.         max-cache-ttl <integer>;
    370. 

  370.         max-clients-per-query <integer>;
    371. 

  371.         max-ixfr-log-size <size>; // obsolete
    372. 

  372.         max-journal-size <size_no_default>;
    373. 

  373.         max-ncache-ttl <integer>;
    374. 

  374.         max-refresh-time <integer>;
    375. 

  375.         max-retry-time <integer>;
    376. 

  376.         max-transfer-idle-in <integer>;
    377. 

  377.         max-transfer-idle-out <integer>;
    378. 

  378.         max-transfer-time-in <integer>;
    379. 

  379.         max-transfer-time-out <integer>;
    380. 

  380.         max-udp-size <integer>;
    381. 

  381.         min-refresh-time <integer>;
    382. 

  382.         min-retry-time <integer>;
    383. 

  383.         min-roots <integer>; // not implemented
    384. 

  384.         minimal-responses <boolean>;
    385. 

  385.         multi-master <boolean>;
    386. 

  386.         notify <notifytype>;
    387. 

  387.         notify-delay <integer>;
    388. 

  388.         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    389. 

  389.         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    390. 

  390.         notify-to-soa <boolean>;
    391. 

  391.         nsec3-test-zone <boolean>; // test only
    392. 

  392.         preferred-glue <string>;
    393. 

  393.         provide-ixfr <boolean>;
    394. 

  394.         query-source <querysource4>;
    395. 

  395.         query-source-v6 <querysource6>;
    396. 

  396.         queryport-pool-ports <integer>; // obsolete
    397. 

  397.         queryport-pool-updateinterval <integer>; // obsolete
    398. 

  398.         recursion <boolean>;
    399. 

  399.         request-ixfr <boolean>;
    400. 

  400.         request-nsid <boolean>;
    401. 

  401.         resolver-query-timeout <integer>;
    402. 

  402.         response-policy {
    403. 

  403.                 zone <string> [ policy ( given | disabled | passthru |
    404. 

  404.                     no-op | nxdomain | nodata | cname <domain> ) ];
    405. 

  405.         };
    406. 

  406.         rfc2308-type1 <boolean>; // not yet implemented
    407. 

  407.         root-delegation-only [ exclude { <quoted_string>; ... } ];
    408. 

  408.         rrset-order { [ class <string> ] [ type <string> ] [ name
    409. 

  409.             <quoted_string> ] <string> <string>; ... };
    410. 

  410.         server <netprefix> {
    411. 

  411.                 bogus <boolean>;
    412. 

  412.                 edns <boolean>;
    413. 

  413.                 edns-udp-size <integer>;
    414. 

  414.                 keys <server_key>;
    415. 

  415.                 max-udp-size <integer>;
    416. 

  416.                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
    417. 

  417.                     ) ];
    418. 

  418.                 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
    419. 

  419.                     | * ) ];
    420. 

  420.                 provide-ixfr <boolean>;
    421. 

  421.                 query-source <querysource4>;
    422. 

  422.                 query-source-v6 <querysource6>;
    423. 

  423.                 request-ixfr <boolean>;
    424. 

  424.                 support-ixfr <boolean>; // obsolete
    425. 

  425.                 transfer-format ( many-answers | one-answer );
    426. 

  426.                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
    427. 

  427.                     * ) ];
    428. 

  428.                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
    429. 

  429.                     <integer> | * ) ];
    430. 

  430.                 transfers <integer>;
    431. 

  431.         };
    432. 

  432.         sig-signing-nodes <integer>;
    433. 

  433.         sig-signing-signatures <integer>;
    434. 

  434.         sig-signing-type <integer>;
    435. 

  435.         sig-validity-interval <integer> [ <integer> ];
    436. 

  436.         sortlist { <address_match_element>; ... };
    437. 

  437.         suppress-initial-notify <boolean>; // not yet implemented
    438. 

  438.         topology { <address_match_element>; ... }; // not implemented
    439. 

  439.         transfer-format ( many-answers | one-answer );
    440. 

  440.         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    441. 

  441.         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    442. 

  442.         trusted-keys { <string> <integer> <integer> <integer>
    443. 

  443.             <quoted_string>; ... };
    444. 

  444.         try-tcp-refresh <boolean>;
    445. 

  445.         update-check-ksk <boolean>;
    446. 

  446.         use-alt-transfer-source <boolean>;
    447. 

  447.         use-queryport-pool <boolean>; // obsolete
    448. 

  448.         zero-no-soa-ttl <boolean>;
    449. 

  449.         zero-no-soa-ttl-cache <boolean>;
    450. 

  450.         zone <string> <optional_class> {
    451. 

  451.                 allow-notify { <address_match_element>; ... };
    452. 

  452.                 allow-query { <address_match_element>; ... };
    453. 

  453.                 allow-query-on { <address_match_element>; ... };
    454. 

  454.                 allow-transfer { <address_match_element>; ... };
    455. 

  455.                 allow-update { <address_match_element>; ... };
    456. 

  456.                 allow-update-forwarding { <address_match_element>; ... };
    457. 

  457.                 also-notify [ port <integer> ] { ( <ipv4_address> |
    458. 

  458.                     <ipv6_address> ) [ port <integer> ]; ... };
    459. 

  459.                 alt-transfer-source ( <ipv4_address> | * ) [ port (
    460. 

  460.                     <integer> | * ) ];
    461. 

  461.                 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
    462. 

  462.                     <integer> | * ) ];
    463. 

  463.                 auto-dnssec ( allow | maintain | off );
    464. 

  464.                 check-dup-records ( fail | warn | ignore );
    465. 

  465.                 check-integrity <boolean>;
    466. 

  466.                 check-mx ( fail | warn | ignore );
    467. 

  467.                 check-mx-cname ( fail | warn | ignore );
    468. 

  468.                 check-names ( fail | warn | ignore );
    469. 

  469.                 check-sibling <boolean>;
    470. 

  470.                 check-srv-cname ( fail | warn | ignore );
    471. 

  471.                 check-wildcard <boolean>;
    472. 

  472.                 database <string>;
    473. 

  473.                 delegation-only <boolean>;
    474. 

  474.                 dialup <dialuptype>;
    475. 

  475.                 dnssec-dnskey-kskonly <boolean>;
    476. 

  476.                 dnssec-secure-to-insecure <boolean>;
    477. 

  477.                 file <quoted_string>;
    478. 

  478.                 forward ( first | only );
    479. 

  479.                 forwarders [ port <integer> ] { ( <ipv4_address> |
    480. 

  480.                     <ipv6_address> ) [ port <integer> ]; ... };
    481. 

  481.                 ixfr-base <quoted_string>; // obsolete
    482. 

  482.                 ixfr-from-differences <boolean>;
    483. 

  483.                 ixfr-tmp-file <quoted_string>; // obsolete
    484. 

  484.                 journal <quoted_string>;
    485. 

  485.                 key-directory <quoted_string>;
    486. 

  486.                 maintain-ixfr-base <boolean>; // obsolete
    487. 

  487.                 masterfile-format ( text | raw );
    488. 

  488.                 masters [ port <integer> ] { ( <masters> | <ipv4_address> [
    489. 

  489.                     port <integer> ] | <ipv6_address> [ port <integer> ] )
    490. 

  490.                     [ key <string> ]; ... };
    491. 

  491.                 max-ixfr-log-size <size>; // obsolete
    492. 

  492.                 max-journal-size <size_no_default>;
    493. 

  493.                 max-refresh-time <integer>;
    494. 

  494.                 max-retry-time <integer>;
    495. 

  495.                 max-transfer-idle-in <integer>;
    496. 

  496.                 max-transfer-idle-out <integer>;
    497. 

  497.                 max-transfer-time-in <integer>;
    498. 

  498.                 max-transfer-time-out <integer>;
    499. 

  499.                 min-refresh-time <integer>;
    500. 

  500.                 min-retry-time <integer>;
    501. 

  501.                 multi-master <boolean>;
    502. 

  502.                 notify <notifytype>;
    503. 

  503.                 notify-delay <integer>;
    504. 

  504.                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
    505. 

  505.                     ) ];
    506. 

  506.                 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
    507. 

  507.                     | * ) ];
    508. 

  508.                 notify-to-soa <boolean>;
    509. 

  509.                 nsec3-test-zone <boolean>; // test only
    510. 

  510.                 pubkey <integer> <integer> <integer>
    511. 

  511.                     <quoted_string>; // obsolete
    512. 

  512.                 server-addresses { ( <ipv4_address> | <ipv6_address> ) [
    513. 

  513.                     port <integer> ]; ... };
    514. 

  514.                 server-names { <quoted_string>; ... };
    515. 

  515.                 sig-signing-nodes <integer>;
    516. 

  516.                 sig-signing-signatures <integer>;
    517. 

  517.                 sig-signing-type <integer>;
    518. 

  518.                 sig-validity-interval <integer> [ <integer> ];
    519. 

  519.                 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
    520. 

  520.                     * ) ];
    521. 

  521.                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
    522. 

  522.                     <integer> | * ) ];
    523. 

  523.                 try-tcp-refresh <boolean>;
    524. 

  524.                 type ( master | slave | stub | static-stub | hint | forward
    525. 

  525.                     | delegation-only );
    526. 

  526.                 update-check-ksk <boolean>;
    527. 

  527.                 update-policy ( local | { ( grant | deny ) <string> ( name
    528. 

  528.                     | subdomain | wildcard | self | selfsub | selfwild |
    529. 

  529.                     krb5-self | ms-self | krb5-subdomain | ms-subdomain |
    530. 

  530.                     tcp-self | 6to4-self | zonesub | external ) [ <string>
    531. 

  531.                     ] <rrtypelist>; ... };
    532. 

  532.                 use-alt-transfer-source <boolean>;
    533. 

  533.                 zero-no-soa-ttl <boolean>;
    534. 

  534.                 zone-statistics <boolean>;
    535. 

  535.         };
    536. 

  536.         zone-statistics <boolean>;
    537. 

  537. };
    538. 

  538. 

  539. zone <string> <optional_class> {
    540. 

  540.         allow-notify { <address_match_element>; ... };
    541. 

  541.         allow-query { <address_match_element>; ... };
    542. 

  542.         allow-query-on { <address_match_element>; ... };
    543. 

  543.         allow-transfer { <address_match_element>; ... };
    544. 

  544.         allow-update { <address_match_element>; ... };
    545. 

  545.         allow-update-forwarding { <address_match_element>; ... };
    546. 

  546.         also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
    547. 

  547.             ) [ port <integer> ]; ... };
    548. 

  548.         alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    549. 

  549.         alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
    550. 

  550.             * ) ];
    551. 

  551.         auto-dnssec ( allow | maintain | off );
    552. 

  552.         check-dup-records ( fail | warn | ignore );
    553. 

  553.         check-integrity <boolean>;
    554. 

  554.         check-mx ( fail | warn | ignore );
    555. 

  555.         check-mx-cname ( fail | warn | ignore );
    556. 

  556.         check-names ( fail | warn | ignore );
    557. 

  557.         check-sibling <boolean>;
    558. 

  558.         check-srv-cname ( fail | warn | ignore );
    559. 

  559.         check-wildcard <boolean>;
    560. 

  560.         database <string>;
    561. 

  561.         delegation-only <boolean>;
    562. 

  562.         dialup <dialuptype>;
    563. 

  563.         dnssec-dnskey-kskonly <boolean>;
    564. 

  564.         dnssec-secure-to-insecure <boolean>;
    565. 

  565.         file <quoted_string>;
    566. 

  566.         forward ( first | only );
    567. 

  567.         forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
    568. 

  568.             [ port <integer> ]; ... };
    569. 

  569.         ixfr-base <quoted_string>; // obsolete
    570. 

  570.         ixfr-from-differences <boolean>;
    571. 

  571.         ixfr-tmp-file <quoted_string>; // obsolete
    572. 

  572.         journal <quoted_string>;
    573. 

  573.         key-directory <quoted_string>;
    574. 

  574.         maintain-ixfr-base <boolean>; // obsolete
    575. 

  575.         masterfile-format ( text | raw );
    576. 

  576.         masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
    577. 

  577.             <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
    578. 

  578.             <string> ]; ... };
    579. 

  579.         max-ixfr-log-size <size>; // obsolete
    580. 

  580.         max-journal-size <size_no_default>;
    581. 

  581.         max-refresh-time <integer>;
    582. 

  582.         max-retry-time <integer>;
    583. 

  583.         max-transfer-idle-in <integer>;
    584. 

  584.         max-transfer-idle-out <integer>;
    585. 

  585.         max-transfer-time-in <integer>;
    586. 

  586.         max-transfer-time-out <integer>;
    587. 

  587.         min-refresh-time <integer>;
    588. 

  588.         min-retry-time <integer>;
    589. 

  589.         multi-master <boolean>;
    590. 

  590.         notify <notifytype>;
    591. 

  591.         notify-delay <integer>;
    592. 

  592.         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    593. 

  593.         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    594. 

  594.         notify-to-soa <boolean>;
    595. 

  595.         nsec3-test-zone <boolean>; // test only
    596. 

  596.         pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
    597. 

  597.         server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
    598. 

  598.             <integer> ]; ... };
    599. 

  599.         server-names { <quoted_string>; ... };
    600. 

  600.         sig-signing-nodes <integer>;
    601. 

  601.         sig-signing-signatures <integer>;
    602. 

  602.         sig-signing-type <integer>;
    603. 

  603.         sig-validity-interval <integer> [ <integer> ];
    604. 

  604.         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
    605. 

  605.         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
    606. 

  606.         try-tcp-refresh <boolean>;
    607. 

  607.         type ( master | slave | stub | static-stub | hint | forward |
    608. 

  608.             delegation-only );
    609. 

  609.         update-check-ksk <boolean>;
    610. 

  610.         update-policy ( local | { ( grant | deny ) <string> ( name |
    611. 

  611.             subdomain | wildcard | self | selfsub | selfwild | krb5-self |
    612. 

  612.             ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
    613. 

  613.             | zonesub | external ) [ <string> ] <rrtypelist>; ... };
    614. 

  614.         use-alt-transfer-source <boolean>;
    615. 

  615.         zero-no-soa-ttl <boolean>;
    616. 

  616.         zone-statistics <boolean>;
    617. 

  617. };
    618.