<!--
- - Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
-<!-- Converted by db4-upgrade version 1.0 -->
+<!-- Generated by doc/misc/docbook-options.pl -->
+
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
- <date>2014-01-08</date>
+ <date>2017-03-08</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
<literallayout class="normal">
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
-
</literallayout>
</refsection>
- <refsection><info><title>KEY</title></info>
+ <refsection><info><title>CONTROLS</title></info>
<literallayout class="normal">
-key <replaceable>domain_name</replaceable> {
- algorithm <replaceable>string</replaceable>;
- secret <replaceable>string</replaceable>;
+controls {
+ inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
+ * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> allow
+ { <replaceable>address_match_element</replaceable>; ... } <optional>
+ keys { <replaceable>string</replaceable>; ... } </optional> <optional> read-only
+ <replaceable>boolean</replaceable> </optional>;
+ unix <replaceable>quoted_string</replaceable> perm <replaceable>integer</replaceable>
+ owner <replaceable>integer</replaceable> group <replaceable>integer</replaceable> <optional>
+ keys { <replaceable>string</replaceable>; ... } </optional> <optional> read-only
+ <replaceable>boolean</replaceable> </optional>;
};
</literallayout>
</refsection>
- <refsection><info><title>MASTERS</title></info>
+ <refsection><info><title>DLZ</title></info>
<literallayout class="normal">
-masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
- <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
+dlz <replaceable>string</replaceable> {
+ database <replaceable>string</replaceable>;
+ search <replaceable>boolean</replaceable>;
};
</literallayout>
</refsection>
- <refsection><info><title>SERVER</title></info>
+ <refsection><info><title>DYNDB</title></info>
<literallayout class="normal">
-server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
- bogus <replaceable>boolean</replaceable>;
- edns <replaceable>boolean</replaceable>;
- edns-udp-size <replaceable>integer</replaceable>;
- max-udp-size <replaceable>integer</replaceable>;
- padding <replaceable>integer</replaceable>;
- tcp-only <replaceable>boolean</replaceable>;
- tcp-keepalive <replaceable>boolean</replaceable>;
- provide-ixfr <replaceable>boolean</replaceable>;
- request-ixfr <replaceable>boolean</replaceable>;
- keys <replaceable>server_key</replaceable>;
- transfers <replaceable>integer</replaceable>;
- transfer-format ( many-answers | one-answer );
- transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
-
- support-ixfr <replaceable>boolean</replaceable>; // obsolete
-};
+dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
+ <replaceable>unspecified-text</replaceable> };
</literallayout>
</refsection>
- <refsection><info><title>TRUSTED-KEYS</title></info>
+ <refsection><info><title>KEY</title></info>
<literallayout class="normal">
-trusted-keys {
- <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
+key <replaceable>string</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
};
</literallayout>
</refsection>
- <refsection><info><title>MANAGED-KEYS</title></info>
+ <refsection><info><title>LOGGING</title></info>
<literallayout class="normal">
-managed-keys {
- <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
+logging {
+ category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+ channel <replaceable>string</replaceable> {
+ buffered <replaceable>boolean</replaceable>;
+ file <replaceable>quoted_string</replaceable> <optional> versions ( unlimited | <replaceable>integer</replaceable> ) </optional>
+ <optional> size <replaceable>size</replaceable> </optional> <optional> suffix ( increment | timestamp ) </optional>;
+ null;
+ print-category <replaceable>boolean</replaceable>;
+ print-severity <replaceable>boolean</replaceable>;
+ print-time ( iso8601 | iso8601-utc | local | <replaceable>boolean</replaceable> );
+ severity <replaceable>log_severity</replaceable>;
+ stderr;
+ syslog <optional> <replaceable>syslog_facility</replaceable> </optional>;
+ };
};
</literallayout>
</refsection>
- <refsection><info><title>CONTROLS</title></info>
+ <refsection><info><title>LWRES</title></info>
<literallayout class="normal">
-controls {
- inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
- allow { <replaceable>address_match_element</replaceable>; ... }
- <optional> keys { <replaceable>string</replaceable>; ... } </optional>;
- unix <replaceable>unsupported</replaceable>; // not implemented
+lwres {
+ listen-on <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional>; ... };
+ lwres-clients <replaceable>integer</replaceable>;
+ lwres-tasks <replaceable>integer</replaceable>;
+ ndots <replaceable>integer</replaceable>;
+ search { <replaceable>string</replaceable>; ... };
+ view <replaceable>string</replaceable> <optional> <replaceable>class</replaceable> </optional>;
};
</literallayout>
</refsection>
- <refsection><info><title>LOGGING</title></info>
+ <refsection><info><title>MANAGED-KEYS</title></info>
<literallayout class="normal">
-logging {
- channel <replaceable>string</replaceable> {
- file <replaceable>log_file</replaceable>;
- syslog <replaceable>optional_facility</replaceable>;
- null;
- stderr;
- severity <replaceable>log_severity</replaceable>;
- print-time <replaceable>boolean</replaceable>;
- print-severity <replaceable>boolean</replaceable>;
- print-category <replaceable>boolean</replaceable>;
- };
- category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
-};
+managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable> <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
</literallayout>
</refsection>
- <refsection><info><title>LWRES</title></info>
+ <refsection><info><title>MASTERS</title></info>
<literallayout class="normal">
-lwres {
- listen-on <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
- };
- view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
- search { <replaceable>string</replaceable>; ... };
- ndots <replaceable>integer</replaceable>;
- lwres-tasks <replaceable>integer</replaceable>;
- lwres-clients <replaceable>integer</replaceable>;
-};
+masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp
+ <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>
+ port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
</literallayout>
</refsection>
<literallayout class="normal">
options {
- avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
- avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
+ acache-cleaning-interval <replaceable>integer</replaceable>;
+ acache-enable <replaceable>boolean</replaceable>;
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ allow-new-zones <replaceable>boolean</replaceable>;
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+ allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> |
+ * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ attach-cache <replaceable>string</replaceable>;
+ auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+ auto-dnssec ( allow | maintain | off );
+ automatic-interface-scan <replaceable>boolean</replaceable>;
+ avoid-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
+ avoid-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
+ bindkeys-file <replaceable>quoted_string</replaceable>;
blackhole { <replaceable>address_match_element</replaceable>; ... };
- coresize <replaceable>size</replaceable>;
- datasize <replaceable>size</replaceable>;
+ cache-file <replaceable>quoted_string</replaceable>;
+ catalog-zones { zone <replaceable>quoted_string</replaceable> <optional> default-masters <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>
+ port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key
+ <replaceable>string</replaceable> </optional>; ... } </optional> <optional> zone-directory <replaceable>quoted_string</replaceable> </optional> <optional>
+ in-memory <replaceable>boolean</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional>; ... };
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response
+ ) ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ clients-per-query <replaceable>integer</replaceable>;
+ cookie-algorithm ( aes | sha1 | sha256 );
+ cookie-secret <replaceable>string</replaceable>;
+ coresize ( default | unlimited | <replaceable>sizeval</replaceable> );
+ datasize ( default | unlimited | <replaceable>sizeval</replaceable> );
+ deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } <optional>
+ except-from { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } <optional> except-from {
+ <replaceable>quoted_string</replaceable>; ... } </optional>;
+ dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
directory <replaceable>quoted_string</replaceable>;
- dnstap { <replaceable>message_type</replaceable>; ... };
- dnstap-output ( <literal>file</literal> | <literal>unix</literal> ) <replaceable>path_name</replaceable>;
- dnstap-identity ( <replaceable>string</replaceable> | <literal>hostname</literal> | <literal>none</literal> );
- dnstap-version ( <replaceable>string</replaceable> | <literal>none</literal> );
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-empty-zone <replaceable>string</replaceable>;
+ dns64 <replaceable>netprefix</replaceable> {
+ break-dnssec <replaceable>boolean</replaceable>;
+ clients { <replaceable>address_match_element</replaceable>; ... };
+ exclude { <replaceable>address_match_element</replaceable>; ... };
+ mapped { <replaceable>address_match_element</replaceable>; ... };
+ recursive-only <replaceable>boolean</replaceable>;
+ suffix <replaceable>ipv6_address</replaceable>;
+ };
+ dns64-contact <replaceable>string</replaceable>;
+ dns64-server <replaceable>string</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
+ <replaceable>string</replaceable> | auto | no );
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder |
+ resolver ) <optional> ( query | response ) </optional>; ... };
+ dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
+ hostname );
+ dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> <optional>
+ size ( unlimited | <replaceable>size</replaceable> ) </optional> <optional> versions (
+ unlimited | <replaceable>integer</replaceable> ) </optional> <optional> suffix ( increment
+ | timestamp ) </optional>;
+ dnstap-version ( <replaceable>quoted_string</replaceable> | none );
+ dscp <replaceable>integer</replaceable>;
+ dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>quoted_string</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> | <replaceable>ipv4_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> ); ... };
dump-file <replaceable>quoted_string</replaceable>;
- files <replaceable>size</replaceable>;
- fstrm-set-buffer-hint <replaceable>number</replaceable>;
- fstrm-set-flush-timeout <replaceable>number</replaceable>;
- fstrm-set-input-queue-size <replaceable>number</replaceable>;
- fstrm-set-output-notify-threshold <replaceable>number</replaceable>;
- fstrm-set-output-queue-model ( <replaceable>mpsc</replaceable> | <replaceable>spsc</replaceable> ) ;
- fstrm-set-output-queue-size <replaceable>number</replaceable>;
- fstrm-set-reopen-interval <replaceable>number</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ empty-contact <replaceable>string</replaceable>;
+ empty-server <replaceable>string</replaceable>;
+ empty-zones-enable <replaceable>boolean</replaceable>;
+ fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
+ fetches-per-server <replaceable>integer</replaceable> <optional> ( drop | fail ) </optional>;
+ fetches-per-zone <replaceable>integer</replaceable> <optional> ( drop | fail ) </optional>;
+ files ( default | unlimited | <replaceable>sizeval</replaceable> );
+ filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
+ filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
+ filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
+ flush-zones-on-shutdown <replaceable>boolean</replaceable>;
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional>; ... };
+ fstrm-set-buffer-hint <replaceable>integer</replaceable>;
+ fstrm-set-flush-timeout <replaceable>integer</replaceable>;
+ fstrm-set-input-queue-size <replaceable>integer</replaceable>;
+ fstrm-set-output-notify-threshold <replaceable>integer</replaceable>;
+ fstrm-set-output-queue-model ( mpsc | spsc );
+ fstrm-set-output-queue-size <replaceable>integer</replaceable>;
+ fstrm-set-reopen-interval <replaceable>integer</replaceable>;
+ geoip-directory ( <replaceable>quoted_string</replaceable> | none );
+ geoip-use-ecs ( <replaceable>quoted_string</replaceable> | none );
heartbeat-interval <replaceable>integer</replaceable>;
- host-statistics <replaceable>boolean</replaceable>; // not implemented
- host-statistics-max <replaceable>number</replaceable>; // not implemented
hostname ( <replaceable>quoted_string</replaceable> | none );
+ inline-signing <replaceable>boolean</replaceable>;
interface-interval <replaceable>integer</replaceable>;
+ ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
keep-response-order { <replaceable>address_match_element</replaceable>; ... };
- listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
- listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+ key-directory <replaceable>quoted_string</replaceable>;
+ lame-ttl <replaceable>ttlval</replaceable>;
+ listen-on <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp
+ <replaceable>integer</replaceable> </optional> {
+ <replaceable>address_match_element</replaceable>; ... };
+ listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp
+ <replaceable>integer</replaceable> </optional> {
+ <replaceable>address_match_element</replaceable>; ... };
+ lock-file ( <replaceable>quoted_string</replaceable> | none );
+ managed-keys-directory <replaceable>quoted_string</replaceable>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
match-mapped-addresses <replaceable>boolean</replaceable>;
+ max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
+ max-cache-ttl <replaceable>integer</replaceable>;
+ max-clients-per-query <replaceable>integer</replaceable>;
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-ncache-ttl <replaceable>integer</replaceable>;
+ max-records <replaceable>integer</replaceable>;
+ max-recursion-depth <replaceable>integer</replaceable>;
+ max-recursion-queries <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ max-rsa-exponent-size <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ memstatistics <replaceable>boolean</replaceable>;
memstatistics-file <replaceable>quoted_string</replaceable>;
+ message-compression <replaceable>boolean</replaceable>;
+ min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ minimal-any <replaceable>boolean</replaceable>;
+ minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
+ multi-master <replaceable>boolean</replaceable>;
+ no-case-compress { <replaceable>address_match_element</replaceable>; ... };
+ nocookie-udp-size <replaceable>integer</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-rate <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+ <optional> dscp <replaceable>integer</replaceable> </optional>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ nsec3-test-zone <replaceable>boolean</replaceable>; // test only
+ nta-lifetime <replaceable>ttlval</replaceable>;
+ nta-recheck <replaceable>ttlval</replaceable>;
+ nxdomain-redirect <replaceable>string</replaceable>;
pid-file ( <replaceable>quoted_string</replaceable> | none );
port <replaceable>integer</replaceable>;
+ preferred-glue <replaceable>string</replaceable>;
+ prefetch <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) </optional>
+ port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
+ query-source-v6 ( ( <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) </optional>
+ port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
querylog <replaceable>boolean</replaceable>;
- recursing-file <replaceable>quoted_string</replaceable>;
- reserved-sockets <replaceable>integer</replaceable>;
random-device <replaceable>quoted_string</replaceable>;
+ rate-limit {
+ all-per-second <replaceable>integer</replaceable>;
+ errors-per-second <replaceable>integer</replaceable>;
+ exempt-clients { <replaceable>address_match_element</replaceable>; ... };
+ ipv4-prefix-length <replaceable>integer</replaceable>;
+ ipv6-prefix-length <replaceable>integer</replaceable>;
+ log-only <replaceable>boolean</replaceable>;
+ max-table-size <replaceable>integer</replaceable>;
+ min-table-size <replaceable>integer</replaceable>;
+ nodata-per-second <replaceable>integer</replaceable>;
+ nxdomains-per-second <replaceable>integer</replaceable>;
+ qps-scale <replaceable>integer</replaceable>;
+ referrals-per-second <replaceable>integer</replaceable>;
+ responses-per-second <replaceable>integer</replaceable>;
+ slip <replaceable>integer</replaceable>;
+ window <replaceable>integer</replaceable>;
+ };
+ recursing-file <replaceable>quoted_string</replaceable>;
+ recursion <replaceable>boolean</replaceable>;
recursive-clients <replaceable>integer</replaceable>;
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ require-server-cookie <replaceable>boolean</replaceable>;
+ reserved-sockets <replaceable>integer</replaceable>;
+ resolver-query-timeout <replaceable>integer</replaceable>;
+ response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
+ <replaceable>integer</replaceable>;
+ response-policy { zone <replaceable>quoted_string</replaceable> <optional> log <replaceable>boolean</replaceable> </optional> <optional>
+ max-policy-ttl <replaceable>integer</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional> <optional>
+ policy ( cname | disabled | drop | given | no-op | nodata |
+ nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) </optional> <optional>
+ recursive-only <replaceable>boolean</replaceable> </optional>; ... } <optional> break-dnssec <replaceable>boolean</replaceable> </optional> <optional>
+ max-policy-ttl <replaceable>integer</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional> <optional>
+ min-ns-dots <replaceable>integer</replaceable> </optional> <optional> nsip-wait-recurse <replaceable>boolean</replaceable> </optional> <optional>
+ qname-wait-recurse <replaceable>boolean</replaceable> </optional> <optional> recursive-only <replaceable>boolean</replaceable> </optional>;
+ root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ rrset-order { <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> <optional> name
+ <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
+ secroots-file <replaceable>quoted_string</replaceable>;
+ send-cookie <replaceable>boolean</replaceable>;
serial-query-rate <replaceable>integer</replaceable>;
- server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
- stacksize <replaceable>size</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server-id ( <replaceable>quoted_string</replaceable> | none | hostname );
+ servfail-ttl <replaceable>ttlval</replaceable>;
+ session-keyalg <replaceable>string</replaceable>;
+ session-keyfile ( <replaceable>quoted_string</replaceable> | none );
+ session-keyname <replaceable>string</replaceable>;
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ stacksize ( default | unlimited | <replaceable>sizeval</replaceable> );
+ startup-notify-rate <replaceable>integer</replaceable>;
statistics-file <replaceable>quoted_string</replaceable>;
- statistics-interval <replaceable>integer</replaceable>; // not yet implemented
+ tcp-advertised-timeout <replaceable>integer</replaceable>;
tcp-clients <replaceable>integer</replaceable>;
+ tcp-idle-timeout <replaceable>integer</replaceable>;
+ tcp-initial-timeout <replaceable>integer</replaceable>;
+ tcp-keepalive-timeout <replaceable>integer</replaceable>;
tcp-listen-queue <replaceable>integer</replaceable>;
tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
+ tkey-domain <replaceable>quoted_string</replaceable>;
tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
- tkey-domain <replaceable>quoted_string</replaceable>;
+ transfer-format ( many-answers | one-answer );
transfer-message-size <replaceable>integer</replaceable>;
- transfers-per-ns <replaceable>integer</replaceable>;
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
transfers-in <replaceable>integer</replaceable>;
transfers-out <replaceable>integer</replaceable>;
- version ( <replaceable>quoted_string</replaceable> | none );
- allow-recursion { <replaceable>address_match_element</replaceable>; ... };
- allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
- sortlist { <replaceable>address_match_element</replaceable>; ... };
- topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
- auth-nxdomain <replaceable>boolean</replaceable>; // default changed
- minimal-any <replaceable>boolean</replaceable>;
- minimal-responses ( <replaceable>boolean</replaceable> | no-auth | no-auth-recursive );
- recursion <replaceable>boolean</replaceable>;
- rrset-order {
- <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
- <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
- };
- provide-ixfr <replaceable>boolean</replaceable>;
- request-ixfr <replaceable>boolean</replaceable>;
- rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
- additional-from-auth <replaceable>boolean</replaceable>;
- additional-from-cache <replaceable>boolean</replaceable>;
- query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- use-queryport-pool <replaceable>boolean</replaceable>;
- queryport-pool-ports <replaceable>integer</replaceable>;
- queryport-pool-updateinterval <replaceable>integer</replaceable>;
- cleaning-interval <replaceable>integer</replaceable>;
- resolver-query-timeout <replaceable>integer</replaceable>;
- min-roots <replaceable>integer</replaceable>; // not implemented
- lame-ttl <replaceable>integer</replaceable>;
- max-ncache-ttl <replaceable>integer</replaceable>;
- max-cache-ttl <replaceable>integer</replaceable>;
- transfer-format ( many-answers | one-answer );
- max-cache-size <replaceable>size</replaceable>;
- max-acache-size <replaceable>size</replaceable>;
- clients-per-query <replaceable>number</replaceable>;
- max-clients-per-query <replaceable>number</replaceable>;
- check-names ( master | slave | response )
- ( fail | warn | ignore );
- check-mx ( fail | warn | ignore );
- check-integrity <replaceable>boolean</replaceable>;
- check-mx-cname ( fail | warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- cache-file <replaceable>quoted_string</replaceable>; // test option
- catalog-zones {
- zone <replaceable>quoted_string</replaceable>
- <optional> default-masters
- <optional>port <replaceable>ip_port</replaceable></optional>
- <optional>dscp <replaceable>ip_dscp</replaceable></optional>
- { ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }</optional>
- <optional>in-memory <replaceable>yes_or_no</replaceable></optional>
- <optional>min-update-interval <replaceable>interval</replaceable></optional>
- ; ... };
- ;
- suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
- preferred-glue <replaceable>string</replaceable>;
- dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
- <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
- <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
- };
- edns-udp-size <replaceable>integer</replaceable>;
- max-udp-size <replaceable>integer</replaceable>;
- root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
- disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
- disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
- dnssec-enable <replaceable>boolean</replaceable>;
- dnssec-validation <replaceable>boolean</replaceable>;
- dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
- dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
- dnssec-accept-expired <replaceable>boolean</replaceable>;
-
- dns64-server <replaceable>string</replaceable>;
- dns64-contact <replaceable>string</replaceable>;
- dns64 <replaceable>prefix</replaceable> {
- clients { <replaceable>acl</replaceable>; };
- exclude { <replaceable>acl</replaceable>; };
- mapped { <replaceable>acl</replaceable>; };
- break-dnssec <replaceable>boolean</replaceable>;
- recursive-only <replaceable>boolean</replaceable>;
- suffix <replaceable>ipv6_address</replaceable>;
- };
-
- empty-server <replaceable>string</replaceable>;
- empty-contact <replaceable>string</replaceable>;
- empty-zones-enable <replaceable>boolean</replaceable>;
- disable-empty-zone <replaceable>string</replaceable>;
-
- dialup <replaceable>dialuptype</replaceable>;
- ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
-
- allow-query { <replaceable>address_match_element</replaceable>; ... };
- allow-query-on { <replaceable>address_match_element</replaceable>; ... };
- allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
- allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
- allow-transfer { <replaceable>address_match_element</replaceable>; ... };
- allow-update { <replaceable>address_match_element</replaceable>; ... };
- allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ transfers-per-ns <replaceable>integer</replaceable>;
+ trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
+ try-tcp-refresh <replaceable>boolean</replaceable>;
update-check-ksk <replaceable>boolean</replaceable>;
- dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
-
- masterfile-format ( text | raw | map );
- notify <replaceable>notifytype</replaceable>;
- notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- notify-delay <replaceable>seconds</replaceable>;
- notify-to-soa <replaceable>boolean</replaceable>;
- also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
- <optional> port <replaceable>integer</replaceable> </optional>; ...
- <optional> key <replaceable>keyname</replaceable> </optional> ... };
- allow-notify { <replaceable>address_match_element</replaceable>; ... };
-
- forward ( first | only );
- forwarders <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
- };
-
- max-journal-size <replaceable>size_no_default</replaceable>;
- max-records <replaceable>integer</replaceable>;
- max-transfer-time-in <replaceable>integer</replaceable>;
- max-transfer-time-out <replaceable>integer</replaceable>;
- max-transfer-idle-in <replaceable>integer</replaceable>;
- max-transfer-idle-out <replaceable>integer</replaceable>;
- max-retry-time <replaceable>integer</replaceable>;
- min-retry-time <replaceable>integer</replaceable>;
- max-refresh-time <replaceable>integer</replaceable>;
- min-refresh-time <replaceable>integer</replaceable>;
- multi-master <replaceable>boolean</replaceable>;
-
- sig-validity-interval <replaceable>integer</replaceable>;
- sig-re-signing-interval <replaceable>integer</replaceable>;
- sig-signing-nodes <replaceable>integer</replaceable>;
- sig-signing-signatures <replaceable>integer</replaceable>;
- sig-signing-type <replaceable>integer</replaceable>;
-
- transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
-
- alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
-
- zone-statistics <replaceable>boolean</replaceable>;
- key-directory <replaceable>quoted_string</replaceable>;
- managed-keys-directory <replaceable>quoted_string</replaceable>;
- auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
- try-tcp-refresh <replaceable>boolean</replaceable>;
+ use-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
+ use-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
+ v6-bias <replaceable>integer</replaceable>;
+ version ( <replaceable>quoted_string</replaceable> | none );
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
- dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
- automatic-interface-scan <replaceable>boolean</replaceable>;
-
- cookie-algorithm ( <replaceable>aes</replaceable> | <replaceable>sha1</replaceable> | <replaceable>sha256</replaceable> );
- cookie-secret <replaceable>string</replaceable>;
- require-server-cookie <replaceable>boolean</replaceable>;
- send-cookie <replaceable>boolean</replaceable>;
- nocookie-udp-size <replaceable>integer</replaceable>;
-
- response-padding {
- <replaceable>address_match_list</replaceable>
- } block-size <replaceable>integer</replaceable>;
-
- deny-answer-addresses {
- <replaceable>address_match_list</replaceable>
- } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
- deny-answer-aliases {
- <replaceable>namelist</replaceable>
- } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
-
- nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
-
- allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
- deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
- fake-iquery <replaceable>boolean</replaceable>; // obsolete
- fetch-glue <replaceable>boolean</replaceable>; // obsolete
- has-old-clients <replaceable>boolean</replaceable>; // obsolete
- maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
- max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
- multiple-cnames <replaceable>boolean</replaceable>; // obsolete
- named-xfer <replaceable>quoted_string</replaceable>; // obsolete
- serial-queries <replaceable>integer</replaceable>; // obsolete
- treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
- use-id-pool <replaceable>boolean</replaceable>; // obsolete
- use-ixfr <replaceable>boolean</replaceable>; // obsolete
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
</literallayout>
</refsection>
- <refsection><info><title>VIEW</title></info>
+ <refsection><info><title>SERVER</title></info>
<literallayout class="normal">
-view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
- match-clients { <replaceable>address_match_element</replaceable>; ... };
- match-destinations { <replaceable>address_match_element</replaceable>; ... };
- match-recursive-only <replaceable>boolean</replaceable>;
+server <replaceable>netprefix</replaceable> {
+ bogus <replaceable>boolean</replaceable>;
+ edns <replaceable>boolean</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ edns-version <replaceable>integer</replaceable>;
+ keys <replaceable>server_key</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+ <optional> dscp <replaceable>integer</replaceable> </optional>;
+ padding <replaceable>integer</replaceable>;
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) </optional>
+ port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
+ query-source-v6 ( ( <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) </optional>
+ port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ send-cookie <replaceable>boolean</replaceable>;
+ tcp-keepalive <replaceable>boolean</replaceable>;
+ tcp-only <replaceable>boolean</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ transfers <replaceable>integer</replaceable>;
+};
+</literallayout>
+ </refsection>
- key <replaceable>string</replaceable> {
- algorithm <replaceable>string</replaceable>;
- secret <replaceable>string</replaceable>;
- };
+ <refsection><info><title>STATISTICS-CHANNELS</title></info>
- zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
- ...
- };
+ <literallayout class="normal">
+statistics-channels {
+ inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
+ * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ allow { <replaceable>address_match_element</replaceable>; ...
+ } </optional>;
+};
+</literallayout>
+ </refsection>
- server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
- ...
- };
+ <refsection><info><title>TRUSTED-KEYS</title></info>
- trusted-keys {
- <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
- <optional>...</optional>
- };
+ <literallayout class="normal">
+trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
+</literallayout>
+ </refsection>
- managed-keys {
- <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>;
- <optional>...</optional>
- };
+ <refsection><info><title>VIEW</title></info>
+ <literallayout class="normal">
+view <replaceable>string</replaceable> <optional> <replaceable>class</replaceable> </optional> {
+ acache-cleaning-interval <replaceable>integer</replaceable>;
+ acache-enable <replaceable>boolean</replaceable>;
+ additional-from-auth <replaceable>boolean</replaceable>;
+ additional-from-cache <replaceable>boolean</replaceable>;
+ allow-new-zones <replaceable>boolean</replaceable>;
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
- sortlist { <replaceable>address_match_element</replaceable>; ... };
- topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> |
+ * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ attach-cache <replaceable>string</replaceable>;
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
- minimal-any <replaceable>boolean</replaceable>;
- minimal-responses <replaceable>boolean</replaceable>;
- recursion <replaceable>boolean</replaceable>;
- rrset-order {
- <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
- <optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
- };
- provide-ixfr <replaceable>boolean</replaceable>;
- request-ixfr <replaceable>boolean</replaceable>;
- rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
- additional-from-auth <replaceable>boolean</replaceable>;
- additional-from-cache <replaceable>boolean</replaceable>;
- query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- use-queryport-pool <replaceable>boolean</replaceable>;
- queryport-pool-ports <replaceable>integer</replaceable>;
- queryport-pool-updateinterval <replaceable>integer</replaceable>;
- cleaning-interval <replaceable>integer</replaceable>;
- resolver-query-timeout <replaceable>integer</replaceable>;
- min-roots <replaceable>integer</replaceable>; // not implemented
- lame-ttl <replaceable>integer</replaceable>;
- max-ncache-ttl <replaceable>integer</replaceable>;
- max-cache-ttl <replaceable>integer</replaceable>;
- transfer-format ( many-answers | one-answer );
- max-cache-size <replaceable>size</replaceable>;
- max-acache-size <replaceable>size</replaceable>;
- clients-per-query <replaceable>number</replaceable>;
- max-clients-per-query <replaceable>number</replaceable>;
- check-names ( master | slave | response )
- ( fail | warn | ignore );
- check-mx ( fail | warn | ignore );
+ auto-dnssec ( allow | maintain | off );
+ cache-file <replaceable>quoted_string</replaceable>;
+ catalog-zones { zone <replaceable>quoted_string</replaceable> <optional> default-masters <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>
+ port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key
+ <replaceable>string</replaceable> </optional>; ... } </optional> <optional> zone-directory <replaceable>quoted_string</replaceable> </optional> <optional>
+ in-memory <replaceable>boolean</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional>; ... };
+ check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
+ check-names ( master | slave | response
+ ) ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
- cache-file <replaceable>quoted_string</replaceable>; // test option
- suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
- preferred-glue <replaceable>string</replaceable>;
- dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
- <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
- <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
+ check-wildcard <replaceable>boolean</replaceable>;
+ cleaning-interval <replaceable>integer</replaceable>;
+ clients-per-query <replaceable>integer</replaceable>;
+ deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } <optional>
+ except-from { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } <optional> except-from {
+ <replaceable>quoted_string</replaceable>; ... } </optional>;
+ dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
+ disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
+ ... };
+ disable-empty-zone <replaceable>string</replaceable>;
+ dlz <replaceable>string</replaceable> {
+ database <replaceable>string</replaceable>;
+ search <replaceable>boolean</replaceable>;
};
- edns-udp-size <replaceable>integer</replaceable>;
- max-udp-size <replaceable>integer</replaceable>;
- root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
- disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
- disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
- dnssec-enable <replaceable>boolean</replaceable>;
- dnssec-validation <replaceable>boolean</replaceable>;
- dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
- dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
- dnssec-accept-expired <replaceable>boolean</replaceable>;
-
- dns64-server <replaceable>string</replaceable>;
- dns64-contact <replaceable>string</replaceable>;
- dns64 <replaceable>prefix</replaceable> {
- clients { <replaceable>acl</replaceable>; };
- exclude { <replaceable>acl</replaceable>; };
- mapped { <replaceable>acl</replaceable>; };
+ dns64 <replaceable>netprefix</replaceable> {
break-dnssec <replaceable>boolean</replaceable>;
+ clients { <replaceable>address_match_element</replaceable>; ... };
+ exclude { <replaceable>address_match_element</replaceable>; ... };
+ mapped { <replaceable>address_match_element</replaceable>; ... };
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
-
- empty-server <replaceable>string</replaceable>;
+ dns64-contact <replaceable>string</replaceable>;
+ dns64-server <replaceable>string</replaceable>;
+ dnssec-accept-expired <replaceable>boolean</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-enable <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
+ <replaceable>string</replaceable> | auto | no );
+ dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ dnssec-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder |
+ resolver ) <optional> ( query | response ) </optional>; ... };
+ dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>quoted_string</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> | <replaceable>ipv4_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> ); ... };
+ dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
+ <replaceable>unspecified-text</replaceable> };
+ edns-udp-size <replaceable>integer</replaceable>;
empty-contact <replaceable>string</replaceable>;
+ empty-server <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
- disable-empty-zone <replaceable>string</replaceable>;
-
- dialup <replaceable>dialuptype</replaceable>;
- ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
-
- allow-query { <replaceable>address_match_element</replaceable>; ... };
- allow-query-on { <replaceable>address_match_element</replaceable>; ... };
- allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
- allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
- allow-transfer { <replaceable>address_match_element</replaceable>; ... };
- allow-update { <replaceable>address_match_element</replaceable>; ... };
- allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
- update-check-ksk <replaceable>boolean</replaceable>;
- dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
-
- masterfile-format ( text | raw | map );
- notify <replaceable>notifytype</replaceable>;
- notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- notify-delay <replaceable>seconds</replaceable>;
- notify-to-soa <replaceable>boolean</replaceable>;
- also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
- <optional> port <replaceable>integer</replaceable> </optional>; ...
- <optional> key <replaceable>keyname</replaceable> </optional> ... };
- allow-notify { <replaceable>address_match_element</replaceable>; ... };
-
+ fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
+ fetches-per-server <replaceable>integer</replaceable> <optional> ( drop | fail ) </optional>;
+ fetches-per-zone <replaceable>integer</replaceable> <optional> ( drop | fail ) </optional>;
+ filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
+ filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
+ filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
forward ( first | only );
- forwarders <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional>; ... };
+ inline-signing <replaceable>boolean</replaceable>;
+ ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
+ key <replaceable>string</replaceable> {
+ algorithm <replaceable>string</replaceable>;
+ secret <replaceable>string</replaceable>;
};
-
- max-journal-size <replaceable>size_no_default</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ lame-ttl <replaceable>ttlval</replaceable>;
+ managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable>
+ <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
+ <replaceable>quoted_string</replaceable>; ... };
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ match-clients { <replaceable>address_match_element</replaceable>; ... };
+ match-destinations { <replaceable>address_match_element</replaceable>; ... };
+ match-recursive-only <replaceable>boolean</replaceable>;
+ max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
+ max-cache-ttl <replaceable>integer</replaceable>;
+ max-clients-per-query <replaceable>integer</replaceable>;
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-ncache-ttl <replaceable>integer</replaceable>;
max-records <replaceable>integer</replaceable>;
- max-transfer-time-in <replaceable>integer</replaceable>;
- max-transfer-time-out <replaceable>integer</replaceable>;
+ max-recursion-depth <replaceable>integer</replaceable>;
+ max-recursion-queries <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
- max-retry-time <replaceable>integer</replaceable>;
- min-retry-time <replaceable>integer</replaceable>;
- max-refresh-time <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ message-compression <replaceable>boolean</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ minimal-any <replaceable>boolean</replaceable>;
+ minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
multi-master <replaceable>boolean</replaceable>;
- sig-validity-interval <replaceable>integer</replaceable>;
-
- transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
-
- alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- use-alt-transfer-source <replaceable>boolean</replaceable>;
-
- zone-statistics <replaceable>boolean</replaceable>;
+ no-case-compress { <replaceable>address_match_element</replaceable>; ... };
+ nocookie-udp-size <replaceable>integer</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+ <optional> dscp <replaceable>integer</replaceable> </optional>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ nsec3-test-zone <replaceable>boolean</replaceable>; // test only
+ nta-lifetime <replaceable>ttlval</replaceable>;
+ nta-recheck <replaceable>ttlval</replaceable>;
+ nxdomain-redirect <replaceable>string</replaceable>;
+ preferred-glue <replaceable>string</replaceable>;
+ prefetch <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) </optional>
+ port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
+ query-source-v6 ( ( <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) </optional>
+ port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
+ rate-limit {
+ all-per-second <replaceable>integer</replaceable>;
+ errors-per-second <replaceable>integer</replaceable>;
+ exempt-clients { <replaceable>address_match_element</replaceable>; ... };
+ ipv4-prefix-length <replaceable>integer</replaceable>;
+ ipv6-prefix-length <replaceable>integer</replaceable>;
+ log-only <replaceable>boolean</replaceable>;
+ max-table-size <replaceable>integer</replaceable>;
+ min-table-size <replaceable>integer</replaceable>;
+ nodata-per-second <replaceable>integer</replaceable>;
+ nxdomains-per-second <replaceable>integer</replaceable>;
+ qps-scale <replaceable>integer</replaceable>;
+ referrals-per-second <replaceable>integer</replaceable>;
+ responses-per-second <replaceable>integer</replaceable>;
+ slip <replaceable>integer</replaceable>;
+ window <replaceable>integer</replaceable>;
+ };
+ recursion <replaceable>boolean</replaceable>;
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ require-server-cookie <replaceable>boolean</replaceable>;
+ resolver-query-timeout <replaceable>integer</replaceable>;
+ response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
+ <replaceable>integer</replaceable>;
+ response-policy { zone <replaceable>quoted_string</replaceable> <optional> log <replaceable>boolean</replaceable> </optional> <optional>
+ max-policy-ttl <replaceable>integer</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional> <optional>
+ policy ( cname | disabled | drop | given | no-op | nodata |
+ nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) </optional> <optional>
+ recursive-only <replaceable>boolean</replaceable> </optional>; ... } <optional> break-dnssec <replaceable>boolean</replaceable> </optional> <optional>
+ max-policy-ttl <replaceable>integer</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional> <optional>
+ min-ns-dots <replaceable>integer</replaceable> </optional> <optional> nsip-wait-recurse <replaceable>boolean</replaceable> </optional> <optional>
+ qname-wait-recurse <replaceable>boolean</replaceable> </optional> <optional> recursive-only <replaceable>boolean</replaceable> </optional>;
+ root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+ rrset-order { <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> <optional> name
+ <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
+ send-cookie <replaceable>boolean</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server <replaceable>netprefix</replaceable> {
+ bogus <replaceable>boolean</replaceable>;
+ edns <replaceable>boolean</replaceable>;
+ edns-udp-size <replaceable>integer</replaceable>;
+ edns-version <replaceable>integer</replaceable>;
+ keys <replaceable>server_key</replaceable>;
+ max-udp-size <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | *
+ ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable>
+ | * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ padding <replaceable>integer</replaceable>;
+ provide-ixfr <replaceable>boolean</replaceable>;
+ query-source ( ( <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) <optional> port
+ ( <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> (
+ <replaceable>ipv4_address</replaceable> | * ) </optional> port ( <replaceable>integer</replaceable> | * ) ) ) <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ query-source-v6 ( ( <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) <optional>
+ port ( <replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> (
+ <replaceable>ipv6_address</replaceable> | * ) </optional> port ( <replaceable>integer</replaceable> | * ) ) ) <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ request-nsid <replaceable>boolean</replaceable>;
+ send-cookie <replaceable>boolean</replaceable>;
+ tcp-keepalive <replaceable>boolean</replaceable>;
+ tcp-only <replaceable>boolean</replaceable>;
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> |
+ * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ transfers <replaceable>integer</replaceable>;
+ };
+ servfail-ttl <replaceable>ttlval</replaceable>;
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
+ sortlist { <replaceable>address_match_element</replaceable>; ... };
+ transfer-format ( many-answers | one-answer );
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
+ trusted-keys { <replaceable>string</replaceable> <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
+ ... };
try-tcp-refresh <replaceable>boolean</replaceable>;
- key-directory <replaceable>quoted_string</replaceable>;
+ update-check-ksk <replaceable>boolean</replaceable>;
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ v6-bias <replaceable>integer</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
- dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
-
- require-server-cookie <replaceable>boolean</replaceable>;
- send-cookie <replaceable>boolean</replaceable>;
- nocookie-udp-size <replaceable>integer</replaceable>;
-
- allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
- fetch-glue <replaceable>boolean</replaceable>; // obsolete
- maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
- max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+ zone <replaceable>string</replaceable> <optional> <replaceable>class</replaceable> </optional> {
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
+ allow-query { <replaceable>address_match_element</replaceable>; ... };
+ allow-query-on { <replaceable>address_match_element</replaceable>; ... };
+ allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+ allow-update { <replaceable>address_match_element</replaceable>; ... };
+ allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { (
+ <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> |
+ <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>;
+ ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ auto-dnssec ( allow | maintain | off );
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ database <replaceable>string</replaceable>;
+ delegation-only <replaceable>boolean</replaceable>;
+ dialup ( notify | notify-passive | passive | refresh |
+ <replaceable>boolean</replaceable> );
+ dlz <replaceable>string</replaceable>;
+ dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ file <replaceable>quoted_string</replaceable>;
+ forward ( first | only );
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { (
+ <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>; ... };
+ in-view <replaceable>string</replaceable>;
+ inline-signing <replaceable>boolean</replaceable>;
+ ixfr-from-differences <replaceable>boolean</replaceable>;
+ journal <replaceable>quoted_string</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable>
+ | <replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional>
+ port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
+ max-ixfr-log-size ( default | unlimited |
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
+ max-records <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
+ max-transfer-idle-in <replaceable>integer</replaceable>;
+ max-transfer-idle-out <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
+ min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
+ multi-master <replaceable>boolean</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | *
+ ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable>
+ | * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ nsec3-test-zone <replaceable>boolean</replaceable>; // test only
+ pubkey <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable>
+ <replaceable>integer</replaceable>
+ request-expire <replaceable>boolean</replaceable>;
+ request-ixfr <replaceable>boolean</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional>
+ port <replaceable>integer</replaceable> </optional>; ... };
+ server-names { <replaceable>quoted_string</replaceable>; ... };
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> |
+ * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
+ <replaceable>integer</replaceable> | * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ try-tcp-refresh <replaceable>boolean</replaceable>;
+ type ( delegation-only | forward | hint | master | redirect
+ | slave | static-stub | stub );
+ update-check-ksk <replaceable>boolean</replaceable>;
+ update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
+ 6to4-self | external | krb5-self | krb5-subdomain |
+ ms-self | ms-subdomain | name | self | selfsub |
+ selfwild | subdomain | tcp-self | wildcard | zonesub )
+ <optional> <replaceable>string</replaceable> </optional> <replaceable>rrtypelist</replaceable>; ... };
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
+ };
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
</literallayout>
</refsection>
<refsection><info><title>ZONE</title></info>
<literallayout class="normal">
-zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
- type ( master | slave | stub | hint | redirect |
- forward | delegation-only );
- file <replaceable>quoted_string</replaceable>;
-
- masters <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>masters</replaceable> |
- <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
- <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
- };
-
- database <replaceable>string</replaceable>;
- delegation-only <replaceable>boolean</replaceable>;
- check-names ( fail | warn | ignore );
- check-mx ( fail | warn | ignore );
- check-integrity <replaceable>boolean</replaceable>;
- check-mx-cname ( fail | warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- dialup <replaceable>dialuptype</replaceable>;
- ixfr-from-differences <replaceable>boolean</replaceable>;
- journal <replaceable>quoted_string</replaceable>;
- zero-no-soa-ttl <replaceable>boolean</replaceable>;
- dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
-
+zone <replaceable>string</replaceable> <optional> <replaceable>class</replaceable> </optional> {
+ allow-notify { <replaceable>address_match_element</replaceable>; ... };
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
- update-policy <replaceable>local</replaceable> | <replaceable> {
- ( grant | deny ) <replaceable>string</replaceable>
- ( name | subdomain | wildcard | self | selfsub | selfwild |
- krb5-self | ms-self | krb5-subdomain | ms-subdomain |
- tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
- <replaceable>rrtypelist</replaceable>;
- <optional>...</optional>
- }</replaceable>;
- update-check-ksk <replaceable>boolean</replaceable>;
+ also-notify <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
+ alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> |
+ * ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
+ auto-dnssec ( allow | maintain | off );
+ check-dup-records ( fail | warn | ignore );
+ check-integrity <replaceable>boolean</replaceable>;
+ check-mx ( fail | warn | ignore );
+ check-mx-cname ( fail | warn | ignore );
+ check-names ( fail | warn | ignore );
+ check-sibling <replaceable>boolean</replaceable>;
+ check-spf ( warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ check-wildcard <replaceable>boolean</replaceable>;
+ database <replaceable>string</replaceable>;
+ delegation-only <replaceable>boolean</replaceable>;
+ dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
+ dlz <replaceable>string</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
-
- masterfile-format ( text | raw | map );
- notify <replaceable>notifytype</replaceable>;
- notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- notify-delay <replaceable>seconds</replaceable>;
- notify-to-soa <replaceable>boolean</replaceable>;
- also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
- <optional> port <replaceable>integer</replaceable> </optional>; ...
- <optional> key <replaceable>keyname</replaceable> </optional> ... };
- allow-notify { <replaceable>address_match_element</replaceable>; ... };
-
+ dnssec-loadkeys-interval <replaceable>integer</replaceable>;
+ dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+ dnssec-update-mode ( maintain | no-resign );
+ file <replaceable>quoted_string</replaceable>;
forward ( first | only );
- forwarders <optional> port <replaceable>integer</replaceable> </optional> {
- ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
- };
-
- max-journal-size <replaceable>size_no_default</replaceable>;
+ forwarders <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable>
+ | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional>; ... };
+ in-view <replaceable>string</replaceable>;
+ inline-signing <replaceable>boolean</replaceable>;
+ ixfr-from-differences <replaceable>boolean</replaceable>;
+ journal <replaceable>quoted_string</replaceable>;
+ key-directory <replaceable>quoted_string</replaceable>;
+ masterfile-format ( map | raw | text );
+ masterfile-style ( full | relative );
+ masters <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> |
+ <replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
+ <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
+ max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
max-records <replaceable>integer</replaceable>;
- max-transfer-time-in <replaceable>integer</replaceable>;
- max-transfer-time-out <replaceable>integer</replaceable>;
+ max-refresh-time <replaceable>integer</replaceable>;
+ max-retry-time <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
- max-retry-time <replaceable>integer</replaceable>;
- min-retry-time <replaceable>integer</replaceable>;
- max-refresh-time <replaceable>integer</replaceable>;
+ max-transfer-time-in <replaceable>integer</replaceable>;
+ max-transfer-time-out <replaceable>integer</replaceable>;
+ max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
+ min-retry-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
+ notify ( explicit | master-only | <replaceable>boolean</replaceable> );
+ notify-delay <replaceable>integer</replaceable>;
+ notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+ <optional> dscp <replaceable>integer</replaceable> </optional>;
+ notify-to-soa <replaceable>boolean</replaceable>;
+ nsec3-test-zone <replaceable>boolean</replaceable>; // test only
+ pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable>
+ request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
- sig-validity-interval <replaceable>integer</replaceable>;
-
- transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
-
- alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
- <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
- use-alt-transfer-source <replaceable>boolean</replaceable>;
-
- zone-statistics <replaceable>boolean</replaceable>;
+ serial-update-method ( date | increment | unixtime );
+ server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port
+ <replaceable>integer</replaceable> </optional>; ... };
+ server-names { <replaceable>quoted_string</replaceable>; ... };
+ sig-signing-nodes <replaceable>integer</replaceable>;
+ sig-signing-signatures <replaceable>integer</replaceable>;
+ sig-signing-type <replaceable>integer</replaceable>;
+ sig-validity-interval <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
+ transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
+ dscp <replaceable>integer</replaceable> </optional>;
+ transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
+ </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
try-tcp-refresh <replaceable>boolean</replaceable>;
- key-directory <replaceable>quoted_string</replaceable>;
-
- nsec3-test-zone <replaceable>boolean</replaceable>; // testing only
-
- ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
- ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
- maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
- max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
- pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
+ type ( delegation-only | forward | hint | master | redirect | slave
+ | static-stub | stub );
+ update-check-ksk <replaceable>boolean</replaceable>;
+ update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
+ external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
+ | name | self | selfsub | selfwild | subdomain | tcp-self |
+ wildcard | zonesub ) <optional> <replaceable>string</replaceable> </optional> <replaceable>rrtypelist</replaceable>; ... };
+ use-alt-transfer-source <replaceable>boolean</replaceable>;
+ zero-no-soa-ttl <replaceable>boolean</replaceable>;
+ zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
};
</literallayout>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
+ <refentrytitle>ddns-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
+ <citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsection>
projects / thirdparty / bind9.git / commitdiff
