PageRenderTime 36ms CodeModel.GetById 14ms app.highlight 10ms RepoModel.GetById 2ms app.codeStats 0ms

/contrib/bind9/doc/misc/options

https://bitbucket.org/freebsd/freebsd-head/
#! | 619 lines | 603 code | 16 blank | 0 comment | 0 complexity | 686b6a7f58c0a5a2a4c89e4a9a028255 MD5 | raw file
  1
  2This is a summary of the named.conf options supported by 
  3this version of BIND 9.
  4
  5acl <string> { <address_match_element>; ... };
  6
  7controls {
  8        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
  9            ) ] allow { <address_match_element>; ... } [ keys { <string>;
 10            ... } ];
 11        unix <quoted_string> perm <integer> owner <integer> group <integer>
 12            [ keys { <string>; ... } ];
 13};
 14
 15dlz <string> {
 16        database <string>;
 17};
 18
 19key <string> {
 20        algorithm <string>;
 21        secret <string>;
 22};
 23
 24logging {
 25        category <string> { <string>; ... };
 26        channel <string> {
 27                file <quoted_string> [ versions ( "unlimited" | <integer> )
 28                    ] [ size <size> ];
 29                null;
 30                print-category <boolean>;
 31                print-severity <boolean>;
 32                print-time <boolean>;
 33                severity <log_severity>;
 34                stderr;
 35                syslog <optional_facility>;
 36        };
 37};
 38
 39lwres {
 40        listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
 41            [ port <integer> ]; ... };
 42        ndots <integer>;
 43        search { <string>; ... };
 44        view <string> <optional_class>;
 45};
 46
 47managed-keys { <string> <string> <integer> <integer> <integer>
 48    <quoted_string>; ... };
 49
 50masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
 51    <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
 52
 53options {
 54        acache-cleaning-interval <integer>;
 55        acache-enable <boolean>;
 56        additional-from-auth <boolean>;
 57        additional-from-cache <boolean>;
 58        allow-new-zones <boolean>;
 59        allow-notify { <address_match_element>; ... };
 60        allow-query { <address_match_element>; ... };
 61        allow-query-cache { <address_match_element>; ... };
 62        allow-query-cache-on { <address_match_element>; ... };
 63        allow-query-on { <address_match_element>; ... };
 64        allow-recursion { <address_match_element>; ... };
 65        allow-recursion-on { <address_match_element>; ... };
 66        allow-transfer { <address_match_element>; ... };
 67        allow-update { <address_match_element>; ... };
 68        allow-update-forwarding { <address_match_element>; ... };
 69        allow-v6-synthesis { <address_match_element>; ... }; // obsolete
 70        also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
 71            ) [ port <integer> ]; ... };
 72        alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
 73        alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
 74            * ) ];
 75        attach-cache <string>;
 76        auth-nxdomain <boolean>; // default changed
 77        auto-dnssec ( allow | maintain | off );
 78        avoid-v4-udp-ports { <portrange>; ... };
 79        avoid-v6-udp-ports { <portrange>; ... };
 80        bindkeys-file <quoted_string>;
 81        blackhole { <address_match_element>; ... };
 82        cache-file <quoted_string>;
 83        check-dup-records ( fail | warn | ignore );
 84        check-integrity <boolean>;
 85        check-mx ( fail | warn | ignore );
 86        check-mx-cname ( fail | warn | ignore );
 87        check-names ( master | slave | response ) ( fail | warn | ignore );
 88        check-sibling <boolean>;
 89        check-srv-cname ( fail | warn | ignore );
 90        check-wildcard <boolean>;
 91        cleaning-interval <integer>;
 92        clients-per-query <integer>;
 93        coresize <size>;
 94        datasize <size>;
 95        deallocate-on-exit <boolean>; // obsolete
 96        deny-answer-addresses { <address_match_element>; ... } [
 97            except-from { <quoted_string>; ... } ];
 98        deny-answer-aliases { <quoted_string>; ... } [ except-from {
 99            <quoted_string>; ... } ];
100        dialup <dialuptype>;
101        directory <quoted_string>;
102        disable-algorithms <string> { <string>; ... };
103        disable-empty-zone <string>;
104        dns64 <netprefix> {
105                break-dnssec <boolean>;
106                clients { <address_match_element>; ... };
107                exclude { <address_match_element>; ... };
108                mapped { <address_match_element>; ... };
109                recursive-only <boolean>;
110                suffix <ipv6_address>;
111        };
112        dns64-contact <string>;
113        dns64-server <string>;
114        dnssec-accept-expired <boolean>;
115        dnssec-dnskey-kskonly <boolean>;
116        dnssec-enable <boolean>;
117        dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
118        dnssec-must-be-secure <string> <boolean>;
119        dnssec-secure-to-insecure <boolean>;
120        dnssec-validation ( yes | no | auto );
121        dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
122            <integer> ] | <ipv4_address> [ port <integer> ] |
123            <ipv6_address> [ port <integer> ] ); ... };
124        dump-file <quoted_string>;
125        edns-udp-size <integer>;
126        empty-contact <string>;
127        empty-server <string>;
128        empty-zones-enable <boolean>;
129        fake-iquery <boolean>; // obsolete
130        fetch-glue <boolean>; // obsolete
131        files <size>;
132        filter-aaaa { <address_match_element>; ... }; // not configured
133        filter-aaaa-on-v4 <v4_aaaa>; // not configured
134        flush-zones-on-shutdown <boolean>;
135        forward ( first | only );
136        forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
137            [ port <integer> ]; ... };
138        has-old-clients <boolean>; // obsolete
139        heartbeat-interval <integer>;
140        host-statistics <boolean>; // not implemented
141        host-statistics-max <integer>; // not implemented
142        hostname ( <quoted_string> | none );
143        interface-interval <integer>;
144        ixfr-from-differences <ixfrdiff>;
145        key-directory <quoted_string>;
146        lame-ttl <integer>;
147        listen-on [ port <integer> ] { <address_match_element>; ... };
148        listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
149        maintain-ixfr-base <boolean>; // obsolete
150        managed-keys-directory <quoted_string>;
151        masterfile-format ( text | raw );
152        match-mapped-addresses <boolean>;
153        max-acache-size <size_no_default>;
154        max-cache-size <size_no_default>;
155        max-cache-ttl <integer>;
156        max-clients-per-query <integer>;
157        max-ixfr-log-size <size>; // obsolete
158        max-journal-size <size_no_default>;
159        max-ncache-ttl <integer>;
160        max-refresh-time <integer>;
161        max-retry-time <integer>;
162        max-transfer-idle-in <integer>;
163        max-transfer-idle-out <integer>;
164        max-transfer-time-in <integer>;
165        max-transfer-time-out <integer>;
166        max-udp-size <integer>;
167        memstatistics <boolean>;
168        memstatistics-file <quoted_string>;
169        min-refresh-time <integer>;
170        min-retry-time <integer>;
171        min-roots <integer>; // not implemented
172        minimal-responses <boolean>;
173        multi-master <boolean>;
174        multiple-cnames <boolean>; // obsolete
175        named-xfer <quoted_string>; // obsolete
176        notify <notifytype>;
177        notify-delay <integer>;
178        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
179        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
180        notify-to-soa <boolean>;
181        nsec3-test-zone <boolean>; // test only
182        pid-file ( <quoted_string> | none );
183        port <integer>;
184        preferred-glue <string>;
185        provide-ixfr <boolean>;
186        query-source <querysource4>;
187        query-source-v6 <querysource6>;
188        querylog <boolean>;
189        queryport-pool-ports <integer>; // obsolete
190        queryport-pool-updateinterval <integer>; // obsolete
191        random-device <quoted_string>;
192        recursing-file <quoted_string>;
193        recursion <boolean>;
194        recursive-clients <integer>;
195        request-ixfr <boolean>;
196        request-nsid <boolean>;
197        reserved-sockets <integer>;
198        resolver-query-timeout <integer>;
199        response-policy {
200                zone <string> [ policy ( given | disabled | passthru |
201                    no-op | nxdomain | nodata | cname <domain> ) ];
202        };
203        rfc2308-type1 <boolean>; // not yet implemented
204        root-delegation-only [ exclude { <quoted_string>; ... } ];
205        rrset-order { [ class <string> ] [ type <string> ] [ name
206            <quoted_string> ] <string> <string>; ... };
207        secroots-file <quoted_string>;
208        serial-queries <integer>; // obsolete
209        serial-query-rate <integer>;
210        server-id ( <quoted_string> | none | hostname );
211        session-keyalg <string>;
212        session-keyfile ( <quoted_string> | none );
213        session-keyname <string>;
214        sig-signing-nodes <integer>;
215        sig-signing-signatures <integer>;
216        sig-signing-type <integer>;
217        sig-validity-interval <integer> [ <integer> ];
218        sortlist { <address_match_element>; ... };
219        stacksize <size>;
220        statistics-file <quoted_string>;
221        statistics-interval <integer>; // not yet implemented
222        suppress-initial-notify <boolean>; // not yet implemented
223        tcp-clients <integer>;
224        tcp-listen-queue <integer>;
225        tkey-dhkey <quoted_string> <integer>;
226        tkey-domain <quoted_string>;
227        tkey-gssapi-credential <quoted_string>;
228        tkey-gssapi-keytab <quoted_string>;
229        topology { <address_match_element>; ... }; // not implemented
230        transfer-format ( many-answers | one-answer );
231        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
232        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
233        transfers-in <integer>;
234        transfers-out <integer>;
235        transfers-per-ns <integer>;
236        treat-cr-as-space <boolean>; // obsolete
237        try-tcp-refresh <boolean>;
238        update-check-ksk <boolean>;
239        use-alt-transfer-source <boolean>;
240        use-id-pool <boolean>; // obsolete
241        use-ixfr <boolean>;
242        use-queryport-pool <boolean>; // obsolete
243        use-v4-udp-ports { <portrange>; ... };
244        use-v6-udp-ports { <portrange>; ... };
245        version ( <quoted_string> | none );
246        zero-no-soa-ttl <boolean>;
247        zero-no-soa-ttl-cache <boolean>;
248        zone-statistics <boolean>;
249};
250
251server <netprefix> {
252        bogus <boolean>;
253        edns <boolean>;
254        edns-udp-size <integer>;
255        keys <server_key>;
256        max-udp-size <integer>;
257        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
258        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
259        provide-ixfr <boolean>;
260        query-source <querysource4>;
261        query-source-v6 <querysource6>;
262        request-ixfr <boolean>;
263        support-ixfr <boolean>; // obsolete
264        transfer-format ( many-answers | one-answer );
265        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
266        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
267        transfers <integer>;
268};
269
270statistics-channels {
271        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
272            ) ] [ allow { <address_match_element>; ... } ];
273};
274
275trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
276
277view <string> <optional_class> {
278        acache-cleaning-interval <integer>;
279        acache-enable <boolean>;
280        additional-from-auth <boolean>;
281        additional-from-cache <boolean>;
282        allow-new-zones <boolean>;
283        allow-notify { <address_match_element>; ... };
284        allow-query { <address_match_element>; ... };
285        allow-query-cache { <address_match_element>; ... };
286        allow-query-cache-on { <address_match_element>; ... };
287        allow-query-on { <address_match_element>; ... };
288        allow-recursion { <address_match_element>; ... };
289        allow-recursion-on { <address_match_element>; ... };
290        allow-transfer { <address_match_element>; ... };
291        allow-update { <address_match_element>; ... };
292        allow-update-forwarding { <address_match_element>; ... };
293        allow-v6-synthesis { <address_match_element>; ... }; // obsolete
294        also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
295            ) [ port <integer> ]; ... };
296        alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
297        alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
298            * ) ];
299        attach-cache <string>;
300        auth-nxdomain <boolean>; // default changed
301        auto-dnssec ( allow | maintain | off );
302        cache-file <quoted_string>;
303        check-dup-records ( fail | warn | ignore );
304        check-integrity <boolean>;
305        check-mx ( fail | warn | ignore );
306        check-mx-cname ( fail | warn | ignore );
307        check-names ( master | slave | response ) ( fail | warn | ignore );
308        check-sibling <boolean>;
309        check-srv-cname ( fail | warn | ignore );
310        check-wildcard <boolean>;
311        cleaning-interval <integer>;
312        clients-per-query <integer>;
313        database <string>;
314        deny-answer-addresses { <address_match_element>; ... } [
315            except-from { <quoted_string>; ... } ];
316        deny-answer-aliases { <quoted_string>; ... } [ except-from {
317            <quoted_string>; ... } ];
318        dialup <dialuptype>;
319        disable-algorithms <string> { <string>; ... };
320        disable-empty-zone <string>;
321        dlz <string> {
322                database <string>;
323        };
324        dns64 <netprefix> {
325                break-dnssec <boolean>;
326                clients { <address_match_element>; ... };
327                exclude { <address_match_element>; ... };
328                mapped { <address_match_element>; ... };
329                recursive-only <boolean>;
330                suffix <ipv6_address>;
331        };
332        dns64-contact <string>;
333        dns64-server <string>;
334        dnssec-accept-expired <boolean>;
335        dnssec-dnskey-kskonly <boolean>;
336        dnssec-enable <boolean>;
337        dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
338        dnssec-must-be-secure <string> <boolean>;
339        dnssec-secure-to-insecure <boolean>;
340        dnssec-validation ( yes | no | auto );
341        dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
342            <integer> ] | <ipv4_address> [ port <integer> ] |
343            <ipv6_address> [ port <integer> ] ); ... };
344        edns-udp-size <integer>;
345        empty-contact <string>;
346        empty-server <string>;
347        empty-zones-enable <boolean>;
348        fetch-glue <boolean>; // obsolete
349        filter-aaaa { <address_match_element>; ... }; // not configured
350        filter-aaaa-on-v4 <v4_aaaa>; // not configured
351        forward ( first | only );
352        forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
353            [ port <integer> ]; ... };
354        ixfr-from-differences <ixfrdiff>;
355        key <string> {
356                algorithm <string>;
357                secret <string>;
358        };
359        key-directory <quoted_string>;
360        lame-ttl <integer>;
361        maintain-ixfr-base <boolean>; // obsolete
362        managed-keys { <string> <string> <integer> <integer> <integer>
363            <quoted_string>; ... };
364        masterfile-format ( text | raw );
365        match-clients { <address_match_element>; ... };
366        match-destinations { <address_match_element>; ... };
367        match-recursive-only <boolean>;
368        max-acache-size <size_no_default>;
369        max-cache-size <size_no_default>;
370        max-cache-ttl <integer>;
371        max-clients-per-query <integer>;
372        max-ixfr-log-size <size>; // obsolete
373        max-journal-size <size_no_default>;
374        max-ncache-ttl <integer>;
375        max-refresh-time <integer>;
376        max-retry-time <integer>;
377        max-transfer-idle-in <integer>;
378        max-transfer-idle-out <integer>;
379        max-transfer-time-in <integer>;
380        max-transfer-time-out <integer>;
381        max-udp-size <integer>;
382        min-refresh-time <integer>;
383        min-retry-time <integer>;
384        min-roots <integer>; // not implemented
385        minimal-responses <boolean>;
386        multi-master <boolean>;
387        notify <notifytype>;
388        notify-delay <integer>;
389        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
390        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
391        notify-to-soa <boolean>;
392        nsec3-test-zone <boolean>; // test only
393        preferred-glue <string>;
394        provide-ixfr <boolean>;
395        query-source <querysource4>;
396        query-source-v6 <querysource6>;
397        queryport-pool-ports <integer>; // obsolete
398        queryport-pool-updateinterval <integer>; // obsolete
399        recursion <boolean>;
400        request-ixfr <boolean>;
401        request-nsid <boolean>;
402        resolver-query-timeout <integer>;
403        response-policy {
404                zone <string> [ policy ( given | disabled | passthru |
405                    no-op | nxdomain | nodata | cname <domain> ) ];
406        };
407        rfc2308-type1 <boolean>; // not yet implemented
408        root-delegation-only [ exclude { <quoted_string>; ... } ];
409        rrset-order { [ class <string> ] [ type <string> ] [ name
410            <quoted_string> ] <string> <string>; ... };
411        server <netprefix> {
412                bogus <boolean>;
413                edns <boolean>;
414                edns-udp-size <integer>;
415                keys <server_key>;
416                max-udp-size <integer>;
417                notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
418                    ) ];
419                notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
420                    | * ) ];
421                provide-ixfr <boolean>;
422                query-source <querysource4>;
423                query-source-v6 <querysource6>;
424                request-ixfr <boolean>;
425                support-ixfr <boolean>; // obsolete
426                transfer-format ( many-answers | one-answer );
427                transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
428                    * ) ];
429                transfer-source-v6 ( <ipv6_address> | * ) [ port (
430                    <integer> | * ) ];
431                transfers <integer>;
432        };
433        sig-signing-nodes <integer>;
434        sig-signing-signatures <integer>;
435        sig-signing-type <integer>;
436        sig-validity-interval <integer> [ <integer> ];
437        sortlist { <address_match_element>; ... };
438        suppress-initial-notify <boolean>; // not yet implemented
439        topology { <address_match_element>; ... }; // not implemented
440        transfer-format ( many-answers | one-answer );
441        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
442        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
443        trusted-keys { <string> <integer> <integer> <integer>
444            <quoted_string>; ... };
445        try-tcp-refresh <boolean>;
446        update-check-ksk <boolean>;
447        use-alt-transfer-source <boolean>;
448        use-queryport-pool <boolean>; // obsolete
449        zero-no-soa-ttl <boolean>;
450        zero-no-soa-ttl-cache <boolean>;
451        zone <string> <optional_class> {
452                allow-notify { <address_match_element>; ... };
453                allow-query { <address_match_element>; ... };
454                allow-query-on { <address_match_element>; ... };
455                allow-transfer { <address_match_element>; ... };
456                allow-update { <address_match_element>; ... };
457                allow-update-forwarding { <address_match_element>; ... };
458                also-notify [ port <integer> ] { ( <ipv4_address> |
459                    <ipv6_address> ) [ port <integer> ]; ... };
460                alt-transfer-source ( <ipv4_address> | * ) [ port (
461                    <integer> | * ) ];
462                alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
463                    <integer> | * ) ];
464                auto-dnssec ( allow | maintain | off );
465                check-dup-records ( fail | warn | ignore );
466                check-integrity <boolean>;
467                check-mx ( fail | warn | ignore );
468                check-mx-cname ( fail | warn | ignore );
469                check-names ( fail | warn | ignore );
470                check-sibling <boolean>;
471                check-srv-cname ( fail | warn | ignore );
472                check-wildcard <boolean>;
473                database <string>;
474                delegation-only <boolean>;
475                dialup <dialuptype>;
476                dnssec-dnskey-kskonly <boolean>;
477                dnssec-secure-to-insecure <boolean>;
478                file <quoted_string>;
479                forward ( first | only );
480                forwarders [ port <integer> ] { ( <ipv4_address> |
481                    <ipv6_address> ) [ port <integer> ]; ... };
482                ixfr-base <quoted_string>; // obsolete
483                ixfr-from-differences <boolean>;
484                ixfr-tmp-file <quoted_string>; // obsolete
485                journal <quoted_string>;
486                key-directory <quoted_string>;
487                maintain-ixfr-base <boolean>; // obsolete
488                masterfile-format ( text | raw );
489                masters [ port <integer> ] { ( <masters> | <ipv4_address> [
490                    port <integer> ] | <ipv6_address> [ port <integer> ] )
491                    [ key <string> ]; ... };
492                max-ixfr-log-size <size>; // obsolete
493                max-journal-size <size_no_default>;
494                max-refresh-time <integer>;
495                max-retry-time <integer>;
496                max-transfer-idle-in <integer>;
497                max-transfer-idle-out <integer>;
498                max-transfer-time-in <integer>;
499                max-transfer-time-out <integer>;
500                min-refresh-time <integer>;
501                min-retry-time <integer>;
502                multi-master <boolean>;
503                notify <notifytype>;
504                notify-delay <integer>;
505                notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
506                    ) ];
507                notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
508                    | * ) ];
509                notify-to-soa <boolean>;
510                nsec3-test-zone <boolean>; // test only
511                pubkey <integer> <integer> <integer>
512                    <quoted_string>; // obsolete
513                server-addresses { ( <ipv4_address> | <ipv6_address> ) [
514                    port <integer> ]; ... };
515                server-names { <quoted_string>; ... };
516                sig-signing-nodes <integer>;
517                sig-signing-signatures <integer>;
518                sig-signing-type <integer>;
519                sig-validity-interval <integer> [ <integer> ];
520                transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
521                    * ) ];
522                transfer-source-v6 ( <ipv6_address> | * ) [ port (
523                    <integer> | * ) ];
524                try-tcp-refresh <boolean>;
525                type ( master | slave | stub | static-stub | hint | forward
526                    | delegation-only );
527                update-check-ksk <boolean>;
528                update-policy ( local | { ( grant | deny ) <string> ( name
529                    | subdomain | wildcard | self | selfsub | selfwild |
530                    krb5-self | ms-self | krb5-subdomain | ms-subdomain |
531                    tcp-self | 6to4-self | zonesub | external ) [ <string>
532                    ] <rrtypelist>; ... };
533                use-alt-transfer-source <boolean>;
534                zero-no-soa-ttl <boolean>;
535                zone-statistics <boolean>;
536        };
537        zone-statistics <boolean>;
538};
539
540zone <string> <optional_class> {
541        allow-notify { <address_match_element>; ... };
542        allow-query { <address_match_element>; ... };
543        allow-query-on { <address_match_element>; ... };
544        allow-transfer { <address_match_element>; ... };
545        allow-update { <address_match_element>; ... };
546        allow-update-forwarding { <address_match_element>; ... };
547        also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
548            ) [ port <integer> ]; ... };
549        alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
550        alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
551            * ) ];
552        auto-dnssec ( allow | maintain | off );
553        check-dup-records ( fail | warn | ignore );
554        check-integrity <boolean>;
555        check-mx ( fail | warn | ignore );
556        check-mx-cname ( fail | warn | ignore );
557        check-names ( fail | warn | ignore );
558        check-sibling <boolean>;
559        check-srv-cname ( fail | warn | ignore );
560        check-wildcard <boolean>;
561        database <string>;
562        delegation-only <boolean>;
563        dialup <dialuptype>;
564        dnssec-dnskey-kskonly <boolean>;
565        dnssec-secure-to-insecure <boolean>;
566        file <quoted_string>;
567        forward ( first | only );
568        forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
569            [ port <integer> ]; ... };
570        ixfr-base <quoted_string>; // obsolete
571        ixfr-from-differences <boolean>;
572        ixfr-tmp-file <quoted_string>; // obsolete
573        journal <quoted_string>;
574        key-directory <quoted_string>;
575        maintain-ixfr-base <boolean>; // obsolete
576        masterfile-format ( text | raw );
577        masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
578            <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
579            <string> ]; ... };
580        max-ixfr-log-size <size>; // obsolete
581        max-journal-size <size_no_default>;
582        max-refresh-time <integer>;
583        max-retry-time <integer>;
584        max-transfer-idle-in <integer>;
585        max-transfer-idle-out <integer>;
586        max-transfer-time-in <integer>;
587        max-transfer-time-out <integer>;
588        min-refresh-time <integer>;
589        min-retry-time <integer>;
590        multi-master <boolean>;
591        notify <notifytype>;
592        notify-delay <integer>;
593        notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
594        notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
595        notify-to-soa <boolean>;
596        nsec3-test-zone <boolean>; // test only
597        pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
598        server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
599            <integer> ]; ... };
600        server-names { <quoted_string>; ... };
601        sig-signing-nodes <integer>;
602        sig-signing-signatures <integer>;
603        sig-signing-type <integer>;
604        sig-validity-interval <integer> [ <integer> ];
605        transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
606        transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
607        try-tcp-refresh <boolean>;
608        type ( master | slave | stub | static-stub | hint | forward |
609            delegation-only );
610        update-check-ksk <boolean>;
611        update-policy ( local | { ( grant | deny ) <string> ( name |
612            subdomain | wildcard | self | selfsub | selfwild | krb5-self |
613            ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
614            | zonesub | external ) [ <string> ] <rrtypelist>; ... };
615        use-alt-transfer-source <boolean>;
616        zero-no-soa-ttl <boolean>;
617        zone-statistics <boolean>;
618};
619