.uncrustify.cfg
doc/misc/*.zoneopt
doc/misc/options
- doc/misc/options.active
doc/misc/rndc.grammar
tsan-suppressions.txt
Copyright: Internet Systems Consortium, Inc. ("ISC")
AM_V_CFG_TEST = $(AM_V_CFG_TEST_@AM_V@)
AM_V_CFG_TEST_ = $(AM_V_CFG_TEST_@AM_DEFAULT_V@)
AM_V_CFG_TEST_0 = @echo " CFG_GEN $@";
-
-AM_V_RST_OPTIONS = $(AM_V_CFG_TEST_@AM_V@)
-AM_V_RST_OPTIONS_ = $(AM_V_RST_OPTIONS_@AM_DEFAULT_V@)
-AM_V_RST_OPTIONS_0 = @echo " RST_OPTIONS $@";
-
-AM_V_RST_ZONEOPT = $(AM_V_CFG_TEST_@AM_V@)
-AM_V_RST_ZONEOPT_ = $(AM_V_RST_ZONEOPT_@AM_DEFAULT_V@)
-AM_V_RST_ZONEOPT_0 = @echo " RST_ZONEOPT $@";
-
-AM_V_RST_GRAMMARS = $(AM_V_CFG_TEST_@AM_V@)
-AM_V_RST_GRAMMARS_ = $(AM_V_RST_GRAMMARS_@AM_DEFAULT_V@)
-AM_V_RST_GRAMMARS_0 = @echo " RST_GRAMMARS $@";
named_LDADD += \
$(LIBNGHTTP2_LIBS)
endif HAVE_LIBNGHTTP2
-
-MAINTAINERCLEANFILES = \
- named.conf.rst
C style: /\* \*/
- C++ style: // to end of line
+C++ style: // to end of line
Unix style: # to end of line
-CONTROLS
-^^^^^^^^
-
-::
-
- controls {
- inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ];
- unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ];
- };
-
-DLZ
-^^^
-
-::
-
- dlz string {
- database string;
- search boolean;
- };
-
-DNSSEC-POLICY
-^^^^^^^^^^^^^
-
-::
-
- dnssec-policy string {
- dnskey-ttl duration;
- keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... };
- max-zone-ttl duration;
- nsec3param [ iterations integer ] [ optout boolean ] [ salt-length integer ];
- parent-ds-ttl duration;
- parent-propagation-delay duration;
- publish-safety duration;
- purge-keys duration;
- retire-safety duration;
- signatures-refresh duration;
- signatures-validity duration;
- signatures-validity-dnskey duration;
- zone-propagation-delay duration;
- };
-
-DYNDB
-^^^^^
-
-::
-
- dyndb string quoted_string { unspecified-text };
-
-HTTP
-^^^^
-
-::
-
- http string {
- endpoints { quoted_string; ... };
- listener-clients integer;
- streams-per-connection integer;
- };
-
-KEY
-^^^
-
-::
-
- key string {
- algorithm string;
- secret string;
- };
-
-LOGGING
-^^^^^^^
-
-::
-
- logging {
- category string { string; ... };
- channel string {
- buffered boolean;
- file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ];
- null;
- print-category boolean;
- print-severity boolean;
- print-time ( iso8601 | iso8601-utc | local | boolean );
- severity log_severity;
- stderr;
- syslog [ syslog_facility ];
- };
- };
-
-MANAGED-KEYS
-^^^^^^^^^^^^
-
-See DNSSEC-KEYS.
-
-::
-
- managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated
-
-OPTIONS
-^^^^^^^
-
-::
-
- options {
- allow-new-zones boolean;
- allow-notify { address_match_element; ... };
- allow-query { address_match_element; ... };
- allow-query-cache { address_match_element; ... };
- allow-query-cache-on { address_match_element; ... };
- allow-query-on { address_match_element; ... };
- allow-recursion { address_match_element; ... };
- allow-recursion-on { address_match_element; ... };
- allow-transfer [ port integer ] [ transport string ] { address_match_element; ... };
- allow-update { address_match_element; ... };
- allow-update-forwarding { address_match_element; ... };
- also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
- alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- answer-cookie boolean;
- attach-cache string;
- auth-nxdomain boolean;
- auto-dnssec ( allow | maintain | off );
- automatic-interface-scan boolean;
- avoid-v4-udp-ports { portrange; ... };
- avoid-v6-udp-ports { portrange; ... };
- bindkeys-file quoted_string;
- blackhole { address_match_element; ... };
- catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... };
- check-dup-records ( fail | warn | ignore );
- check-integrity boolean;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore );
- check-sibling boolean;
- check-spf ( warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- check-wildcard boolean;
- clients-per-query integer;
- cookie-algorithm ( aes | siphash24 );
- cookie-secret string;
- coresize ( default | unlimited | sizeval );
- datasize ( default | unlimited | sizeval );
- deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ];
- deny-answer-aliases { string; ... } [ except-from { string; ... } ];
- dialup ( notify | notify-passive | passive | refresh | boolean );
- directory quoted_string;
- disable-algorithms string { string; ... };
- disable-ds-digests string { string; ... };
- disable-empty-zone string;
- dns64 netprefix {
- break-dnssec boolean;
- clients { address_match_element; ... };
- exclude { address_match_element; ... };
- mapped { address_match_element; ... };
- recursive-only boolean;
- suffix ipv6_address;
- };
- dns64-contact string;
- dns64-server string;
- dnskey-sig-validity integer;
- dnsrps-enable boolean;
- dnsrps-options { unspecified-text };
- dnssec-accept-expired boolean;
- dnssec-dnskey-kskonly boolean;
- dnssec-loadkeys-interval integer;
- dnssec-must-be-secure string boolean;
- dnssec-policy string;
- dnssec-secure-to-insecure boolean;
- dnssec-update-mode ( maintain | no-resign );
- dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... };
- dnstap-identity ( quoted_string | none | hostname );
- dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ];
- dnstap-version ( quoted_string | none );
- dscp integer;
- dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... };
- dump-file quoted_string;
- edns-udp-size integer;
- empty-contact string;
- empty-server string;
- empty-zones-enable boolean;
- fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
- fetches-per-server integer [ ( drop | fail ) ];
- fetches-per-zone integer [ ( drop | fail ) ];
- files ( default | unlimited | sizeval );
- flush-zones-on-shutdown boolean;
- forward ( first | only );
- forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
- fstrm-set-buffer-hint integer;
- fstrm-set-flush-timeout integer;
- fstrm-set-input-queue-size integer;
- fstrm-set-output-notify-threshold integer;
- fstrm-set-output-queue-model ( mpsc | spsc );
- fstrm-set-output-queue-size integer;
- fstrm-set-reopen-interval duration;
- geoip-directory ( quoted_string | none );
- heartbeat-interval integer;
- hostname ( quoted_string | none );
- http-listener-clients integer;
- http-port integer;
- http-streams-per-connection integer;
- https-port integer;
- interface-interval duration;
- ipv4only-contact string;
- ipv4only-enable boolean;
- ipv4only-server string;
- ixfr-from-differences ( primary | master | secondary | slave | boolean );
- key-directory quoted_string;
- lame-ttl duration;
- listen-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... };
- listen-on-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... };
- lmdb-mapsize sizeval;
- lock-file ( quoted_string | none );
- managed-keys-directory quoted_string;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- match-mapped-addresses boolean;
- max-cache-size ( default | unlimited | sizeval | percentage );
- max-cache-ttl duration;
- max-clients-per-query integer;
- max-ixfr-ratio ( unlimited | percentage );
- max-journal-size ( default | unlimited | sizeval );
- max-ncache-ttl duration;
- max-records integer;
- max-recursion-depth integer;
- max-recursion-queries integer;
- max-refresh-time integer;
- max-retry-time integer;
- max-rsa-exponent-size integer;
- max-stale-ttl duration;
- max-transfer-idle-in integer;
- max-transfer-idle-out integer;
- max-transfer-time-in integer;
- max-transfer-time-out integer;
- max-udp-size integer;
- max-zone-ttl ( unlimited | duration );
- memstatistics boolean;
- memstatistics-file quoted_string;
- message-compression boolean;
- min-cache-ttl duration;
- min-ncache-ttl duration;
- min-refresh-time integer;
- min-retry-time integer;
- minimal-any boolean;
- minimal-responses ( no-auth | no-auth-recursive | boolean );
- multi-master boolean;
- new-zones-directory quoted_string;
- no-case-compress { address_match_element; ... };
- nocookie-udp-size integer;
- notify ( explicit | master-only | primary-only | boolean );
- notify-delay integer;
- notify-rate integer;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify-to-soa boolean;
- nta-lifetime duration;
- nta-recheck duration;
- nxdomain-redirect string;
- parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- pid-file ( quoted_string | none );
- port integer;
- preferred-glue string;
- prefetch integer [ integer ];
- provide-ixfr boolean;
- qname-minimization ( strict | relaxed | disabled | off );
- query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- querylog boolean;
- random-device ( quoted_string | none );
- rate-limit {
- all-per-second integer;
- errors-per-second integer;
- exempt-clients { address_match_element; ... };
- ipv4-prefix-length integer;
- ipv6-prefix-length integer;
- log-only boolean;
- max-table-size integer;
- min-table-size integer;
- nodata-per-second integer;
- nxdomains-per-second integer;
- qps-scale integer;
- referrals-per-second integer;
- responses-per-second integer;
- slip integer;
- window integer;
- };
- recursing-file quoted_string;
- recursion boolean;
- recursive-clients integer;
- request-expire boolean;
- request-ixfr boolean;
- request-nsid boolean;
- require-server-cookie boolean;
- reserved-sockets integer;// deprecated
- resolver-nonbackoff-tries integer;
- resolver-query-timeout integer;
- resolver-retry-interval integer;
- response-padding { address_match_element; ... } block-size integer;
- response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ];
- reuseport boolean;
- root-delegation-only [ exclude { string; ... } ];
- root-key-sentinel boolean;
- rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... };
- secroots-file quoted_string;
- send-cookie boolean;
- serial-query-rate integer;
- serial-update-method ( date | increment | unixtime );
- server-id ( quoted_string | none | hostname );
- servfail-ttl duration;
- session-keyalg string;
- session-keyfile ( quoted_string | none );
- session-keyname string;
- sig-signing-nodes integer;
- sig-signing-signatures integer;
- sig-signing-type integer;
- sig-validity-interval integer [ integer ];
- sortlist { address_match_element; ... };
- stacksize ( default | unlimited | sizeval );
- stale-answer-client-timeout ( disabled | off | integer );
- stale-answer-enable boolean;
- stale-answer-ttl duration;
- stale-cache-enable boolean;
- stale-refresh-time duration;
- startup-notify-rate integer;
- statistics-file quoted_string;
- synth-from-dnssec boolean;
- tcp-advertised-timeout integer;
- tcp-clients integer;
- tcp-idle-timeout integer;
- tcp-initial-timeout integer;
- tcp-keepalive-timeout integer;
- tcp-listen-queue integer;
- tcp-receive-buffer integer;
- tcp-send-buffer integer;
- tkey-dhkey quoted_string integer;
- tkey-domain quoted_string;
- tkey-gssapi-credential quoted_string;
- tkey-gssapi-keytab quoted_string;
- tls-port integer;
- transfer-format ( many-answers | one-answer );
- transfer-message-size integer;
- transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfers-in integer;
- transfers-out integer;
- transfers-per-ns integer;
- trust-anchor-telemetry boolean; // experimental
- try-tcp-refresh boolean;
- udp-receive-buffer integer;
- udp-send-buffer integer;
- update-check-ksk boolean;
- use-alt-transfer-source boolean;
- use-v4-udp-ports { portrange; ... };
- use-v6-udp-ports { portrange; ... };
- v6-bias integer;
- validate-except { string; ... };
- version ( quoted_string | none );
- zero-no-soa-ttl boolean;
- zero-no-soa-ttl-cache boolean;
- zone-statistics ( full | terse | none | boolean );
- };
-
-PARENTAL-AGENTS
-^^^^^^^^^^^^^^^
-
-::
-
- parental-agents string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
-
-PLUGIN
-^^^^^^
-
-::
-
- plugin ( query ) string [ { unspecified-text } ];
-
-PRIMARIES
-^^^^^^^^^
-
-::
-
- primaries string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
-
-SERVER
-^^^^^^
-
-::
-
- server netprefix {
- bogus boolean;
- edns boolean;
- edns-udp-size integer;
- edns-version integer;
- keys server_key;
- max-udp-size integer;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- padding integer;
- provide-ixfr boolean;
- query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- request-expire boolean;
- request-ixfr boolean;
- request-nsid boolean;
- send-cookie boolean;
- tcp-keepalive boolean;
- tcp-only boolean;
- transfer-format ( many-answers | one-answer );
- transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfers integer;
- };
-
-STATISTICS-CHANNELS
-^^^^^^^^^^^^^^^^^^^
-
-::
-
- statistics-channels {
- inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ];
- };
-
-TLS
-^^^
-
-::
-
- tls string {
- ca-file quoted_string;
- cert-file quoted_string;
- ciphers string;
- dhparam-file quoted_string;
- key-file quoted_string;
- prefer-server-ciphers boolean;
- protocols { string; ... };
- remote-hostname quoted_string;
- session-tickets boolean;
- };
-
-TRUST-ANCHORS
-^^^^^^^^^^^^^
-
-::
-
- trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };
-
-TRUSTED-KEYS
-^^^^^^^^^^^^
-
-Deprecated - see DNSSEC-KEYS.
-
-::
-
- trusted-keys { string integer integer integer quoted_string; ... };, deprecated
-
-VIEW
-^^^^
-
-::
-
- view string [ class ] {
- allow-new-zones boolean;
- allow-notify { address_match_element; ... };
- allow-query { address_match_element; ... };
- allow-query-cache { address_match_element; ... };
- allow-query-cache-on { address_match_element; ... };
- allow-query-on { address_match_element; ... };
- allow-recursion { address_match_element; ... };
- allow-recursion-on { address_match_element; ... };
- allow-transfer [ port integer ] [ transport string ] { address_match_element; ... };
- allow-update { address_match_element; ... };
- allow-update-forwarding { address_match_element; ... };
- also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
- alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- attach-cache string;
- auth-nxdomain boolean;
- auto-dnssec ( allow | maintain | off );
- catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... };
- check-dup-records ( fail | warn | ignore );
- check-integrity boolean;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore );
- check-sibling boolean;
- check-spf ( warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- check-wildcard boolean;
- clients-per-query integer;
- deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ];
- deny-answer-aliases { string; ... } [ except-from { string; ... } ];
- dialup ( notify | notify-passive | passive | refresh | boolean );
- disable-algorithms string { string; ... };
- disable-ds-digests string { string; ... };
- disable-empty-zone string;
- dlz string {
- database string;
- search boolean;
- };
- dns64 netprefix {
- break-dnssec boolean;
- clients { address_match_element; ... };
- exclude { address_match_element; ... };
- mapped { address_match_element; ... };
- recursive-only boolean;
- suffix ipv6_address;
- };
- dns64-contact string;
- dns64-server string;
- dnskey-sig-validity integer;
- dnsrps-enable boolean;
- dnsrps-options { unspecified-text };
- dnssec-accept-expired boolean;
- dnssec-dnskey-kskonly boolean;
- dnssec-loadkeys-interval integer;
- dnssec-must-be-secure string boolean;
- dnssec-policy string;
- dnssec-secure-to-insecure boolean;
- dnssec-update-mode ( maintain | no-resign );
- dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... };
- dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... };
- dyndb string quoted_string { unspecified-text };
- edns-udp-size integer;
- empty-contact string;
- empty-server string;
- empty-zones-enable boolean;
- fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
- fetches-per-server integer [ ( drop | fail ) ];
- fetches-per-zone integer [ ( drop | fail ) ];
- forward ( first | only );
- forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
- ipv4only-contact string;
- ipv4only-enable boolean;
- ipv4only-server string;
- ixfr-from-differences ( primary | master | secondary | slave | boolean );
- key string {
- algorithm string;
- secret string;
- };
- key-directory quoted_string;
- lame-ttl duration;
- lmdb-mapsize sizeval;
- managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- match-clients { address_match_element; ... };
- match-destinations { address_match_element; ... };
- match-recursive-only boolean;
- max-cache-size ( default | unlimited | sizeval | percentage );
- max-cache-ttl duration;
- max-clients-per-query integer;
- max-ixfr-ratio ( unlimited | percentage );
- max-journal-size ( default | unlimited | sizeval );
- max-ncache-ttl duration;
- max-records integer;
- max-recursion-depth integer;
- max-recursion-queries integer;
- max-refresh-time integer;
- max-retry-time integer;
- max-stale-ttl duration;
- max-transfer-idle-in integer;
- max-transfer-idle-out integer;
- max-transfer-time-in integer;
- max-transfer-time-out integer;
- max-udp-size integer;
- max-zone-ttl ( unlimited | duration );
- message-compression boolean;
- min-cache-ttl duration;
- min-ncache-ttl duration;
- min-refresh-time integer;
- min-retry-time integer;
- minimal-any boolean;
- minimal-responses ( no-auth | no-auth-recursive | boolean );
- multi-master boolean;
- new-zones-directory quoted_string;
- no-case-compress { address_match_element; ... };
- nocookie-udp-size integer;
- notify ( explicit | master-only | primary-only | boolean );
- notify-delay integer;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify-to-soa boolean;
- nta-lifetime duration;
- nta-recheck duration;
- nxdomain-redirect string;
- parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- plugin ( query ) string [ { unspecified-text } ];
- preferred-glue string;
- prefetch integer [ integer ];
- provide-ixfr boolean;
- qname-minimization ( strict | relaxed | disabled | off );
- query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- rate-limit {
- all-per-second integer;
- errors-per-second integer;
- exempt-clients { address_match_element; ... };
- ipv4-prefix-length integer;
- ipv6-prefix-length integer;
- log-only boolean;
- max-table-size integer;
- min-table-size integer;
- nodata-per-second integer;
- nxdomains-per-second integer;
- qps-scale integer;
- referrals-per-second integer;
- responses-per-second integer;
- slip integer;
- window integer;
- };
- recursion boolean;
- request-expire boolean;
- request-ixfr boolean;
- request-nsid boolean;
- require-server-cookie boolean;
- resolver-nonbackoff-tries integer;
- resolver-query-timeout integer;
- resolver-retry-interval integer;
- response-padding { address_match_element; ... } block-size integer;
- response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ];
- root-delegation-only [ exclude { string; ... } ];
- root-key-sentinel boolean;
- rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... };
- send-cookie boolean;
- serial-update-method ( date | increment | unixtime );
- server netprefix {
- bogus boolean;
- edns boolean;
- edns-udp-size integer;
- edns-version integer;
- keys server_key;
- max-udp-size integer;
- notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- padding integer;
- provide-ixfr boolean;
- query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- request-expire boolean;
- request-ixfr boolean;
- request-nsid boolean;
- send-cookie boolean;
- tcp-keepalive boolean;
- tcp-only boolean;
- transfer-format ( many-answers | one-answer );
- transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfers integer;
- };
- servfail-ttl duration;
- sig-signing-nodes integer;
- sig-signing-signatures integer;
- sig-signing-type integer;
- sig-validity-interval integer [ integer ];
- sortlist { address_match_element; ... };
- stale-answer-client-timeout ( disabled | off | integer );
- stale-answer-enable boolean;
- stale-answer-ttl duration;
- stale-cache-enable boolean;
- stale-refresh-time duration;
- synth-from-dnssec boolean;
- transfer-format ( many-answers | one-answer );
- transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- trust-anchor-telemetry boolean; // experimental
- trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };
- trusted-keys { string integer integer integer quoted_string; ... };, deprecated
- try-tcp-refresh boolean;
- update-check-ksk boolean;
- use-alt-transfer-source boolean;
- v6-bias integer;
- validate-except { string; ... };
- zero-no-soa-ttl boolean;
- zero-no-soa-ttl-cache boolean;
- zone-statistics ( full | terse | none | boolean );
- };
-
-ZONE
-^^^^
+.. literalinclude:: ../../doc/misc/options
Any of these zone statements can also be set inside the view statement.
-.. include:: ../../doc/misc/primary.zoneopt.rst
-.. include:: ../../doc/misc/secondary.zoneopt.rst
-.. include:: ../../doc/misc/mirror.zoneopt.rst
-.. include:: ../../doc/misc/forward.zoneopt.rst
-.. include:: ../../doc/misc/hint.zoneopt.rst
-.. include:: ../../doc/misc/redirect.zoneopt.rst
-.. include:: ../../doc/misc/static-stub.zoneopt.rst
-.. include:: ../../doc/misc/stub.zoneopt.rst
-.. include:: ../../doc/misc/delegation-only.zoneopt.rst
-.. include:: ../../doc/misc/in-view.zoneopt.rst
+.. literalinclude:: ../../doc/misc/primary.zoneopt
+.. literalinclude:: ../../doc/misc/secondary.zoneopt
+.. literalinclude:: ../../doc/misc/mirror.zoneopt
+.. literalinclude:: ../../doc/misc/forward.zoneopt
+.. literalinclude:: ../../doc/misc/hint.zoneopt
+.. literalinclude:: ../../doc/misc/redirect.zoneopt
+.. literalinclude:: ../../doc/misc/static-stub.zoneopt
+.. literalinclude:: ../../doc/misc/stub.zoneopt
+.. literalinclude:: ../../doc/misc/delegation-only.zoneopt
+.. literalinclude:: ../../doc/misc/in-view.zoneopt
Files
~~~~~
_ext/rndcconf.py \
_static/custom.css \
../dnssec-guide \
- ../misc/acl.grammar.rst \
- ../misc/controls.grammar.rst \
- ../misc/delegation-only.zoneopt.rst \
- ../misc/forward.zoneopt.rst \
- ../misc/hint.zoneopt.rst \
- ../misc/in-view.zoneopt.rst \
- ../misc/key.grammar.rst \
- ../misc/logging.grammar.rst \
- ../misc/managed-keys.grammar.rst \
- ../misc/primary.zoneopt.rst \
- ../misc/mirror.zoneopt.rst \
- ../misc/options.grammar.rst \
- ../misc/parental-agents.grammar.rst \
- ../misc/primaries.grammar.rst \
- ../misc/redirect.zoneopt.rst \
- ../misc/server.grammar.rst \
- ../misc/secondary.zoneopt.rst \
- ../misc/static-stub.zoneopt.rst \
- ../misc/statistics-channels.grammar.rst \
- ../misc/stub.zoneopt.rst \
- ../misc/trusted-keys.grammar.rst \
+ ../misc/options \
+ ../misc/rndc.grammar \
+ ../misc/delegation-only.zoneopt \
+ ../misc/forward.zoneopt \
+ ../misc/hint.zoneopt \
+ ../misc/in-view.zoneopt \
+ ../misc/mirror.zoneopt \
+ ../misc/primary.zoneopt \
+ ../misc/redirect.zoneopt \
+ ../misc/secondary.zoneopt \
+ ../misc/static-stub.zoneopt \
+ ../misc/stub.zoneopt \
../notes/*.rst
html-local:
.. namedconf:statement:: acl
-.. include:: ../misc/acl.grammar.rst
-
.. _acl:
``acl`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: controls
-.. include:: ../misc/controls.grammar.rst
-
.. _controls_statement_definition_and_usage:
``controls`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: key
-.. include:: ../misc/key.grammar.rst
-
.. _key_statement:
``key`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: logging
-.. include:: ../misc/logging.grammar.rst
-
.. _logging_statement:
``logging`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: parental-agents
-.. include:: ../misc/parental-agents.grammar.rst
-
.. _parental_agents_statement:
``parental-agents`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: primaries
-.. include:: ../misc/primaries.grammar.rst
-
.. _primaries_statement:
``primaries`` Statement Definition and Usage
This is the grammar of the ``options`` statement in the :iscman:`named.conf`
file:
-.. include:: ../misc/options.grammar.rst
-
.. _options:
``options`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: server
-.. include:: ../misc/server.grammar.rst
-
.. _server_statement_definition_and_usage:
``server`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: statistics-channels
-.. include:: ../misc/statistics-channels.grammar.rst
-
.. _statistics_channels:
``statistics-channels`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: tls
-.. include:: ../misc/tls.grammar.rst
-
``tls`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: http
-.. include:: ../misc/http.grammar.rst
-
``http`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: trust-anchors
-.. include:: ../misc/trust-anchors.grammar.rst
-
.. _trust-anchors:
``trust-anchors`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: dnssec-policy
-.. include:: ../misc/dnssec-policy.grammar.rst
-
.. _dnssec_policy:
``dnssec-policy`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: managed-keys
-.. include:: ../misc/managed-keys.grammar.rst
-
.. _managed_keys:
``managed-keys`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: trusted-keys
-.. include:: ../misc/trusted-keys.grammar.rst
-
.. _trusted_keys:
``trusted-keys`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: zone
-.. include:: ../misc/primary.zoneopt.rst
-.. include:: ../misc/secondary.zoneopt.rst
-.. include:: ../misc/mirror.zoneopt.rst
-.. include:: ../misc/hint.zoneopt.rst
-.. include:: ../misc/stub.zoneopt.rst
-.. include:: ../misc/static-stub.zoneopt.rst
-.. include:: ../misc/forward.zoneopt.rst
-.. include:: ../misc/redirect.zoneopt.rst
-.. include:: ../misc/delegation-only.zoneopt.rst
-.. include:: ../misc/in-view.zoneopt.rst
-
.. _zone_statement:
``zone`` Statement Definition and Usage
../../bin/dnssec/dnssec-settime.rst \
../../bin/dnssec/dnssec-signzone.rst \
../../bin/dnssec/dnssec-verify.rst \
+ ../../bin/named/named.conf.rst \
../../bin/named/named.rst \
../../bin/nsupdate/nsupdate.rst \
../../bin/plugins/filter-aaaa.rst \
comment styles are supported:
.sp
C style: /* */
-.INDENT 0.0
-.INDENT 3.5
+.sp
C++ style: // to end of line
-.UNINDENT
-.UNINDENT
.sp
Unix style: # to end of line
-.SS CONTROLS
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
+acl <string> { <address_match_element>; ... }; // may occur multiple times
+
controls {
- inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read\-only boolean ];
- unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read\-only boolean ];
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS DLZ
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-dlz string {
- database string;
- search boolean;
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS DNSSEC\-POLICY
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-dnssec\-policy string {
- dnskey\-ttl duration;
- keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... };
- max\-zone\-ttl duration;
- nsec3param [ iterations integer ] [ optout boolean ] [ salt\-length integer ];
- parent\-ds\-ttl duration;
- parent\-propagation\-delay duration;
- publish\-safety duration;
- purge\-keys duration;
- retire\-safety duration;
- signatures\-refresh duration;
- signatures\-validity duration;
- signatures\-validity\-dnskey duration;
- zone\-propagation\-delay duration;
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS DYNDB
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-dyndb string quoted_string { unspecified\-text };
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS HTTP
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-http string {
- endpoints { quoted_string; ... };
- listener\-clients integer;
- streams\-per\-connection integer;
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS KEY
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-key string {
- algorithm string;
- secret string;
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS LOGGING
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
+ inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read\-only <boolean> ]; // may occur multiple times
+ unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read\-only <boolean> ]; // may occur multiple times
+}; // may occur multiple times
+
+dlz <string> {
+ database <string>;
+ search <boolean>;
+}; // may occur multiple times
+
+dnssec\-policy <string> {
+ dnskey\-ttl <duration>;
+ keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
+ max\-zone\-ttl <duration>;
+ nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt\-length <integer> ];
+ parent\-ds\-ttl <duration>;
+ parent\-propagation\-delay <duration>;
+ parent\-registration\-delay <duration>; // obsolete
+ publish\-safety <duration>;
+ purge\-keys <duration>;
+ retire\-safety <duration>;
+ signatures\-refresh <duration>;
+ signatures\-validity <duration>;
+ signatures\-validity\-dnskey <duration>;
+ zone\-propagation\-delay <duration>;
+}; // may occur multiple times
+
+dyndb <string> <quoted_string> { <unspecified\-text> }; // may occur multiple times
+
+http <string> {
+ endpoints { <quoted_string>; ... };
+ listener\-clients <integer>;
+ streams\-per\-connection <integer>;
+}; // may occur multiple times
+
+key <string> {
+ algorithm <string>;
+ secret <string>;
+}; // may occur multiple times
+
logging {
- category string { string; ... };
- channel string {
- buffered boolean;
- file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ];
- null;
- print\-category boolean;
- print\-severity boolean;
- print\-time ( iso8601 | iso8601\-utc | local | boolean );
- severity log_severity;
- stderr;
- syslog [ syslog_facility ];
- };
+ category <string> { <string>; ... }; // may occur multiple times
+ channel <string> {
+ buffered <boolean>;
+ file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
+ null;
+ print\-category <boolean>;
+ print\-severity <boolean>;
+ print\-time ( iso8601 | iso8601\-utc | local | <boolean> );
+ severity <log_severity>;
+ stderr;
+ syslog [ <syslog_facility> ];
+ }; // may occur multiple times
};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS MANAGED\-KEYS
-.sp
-See DNSSEC\-KEYS.
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS OPTIONS
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
+
+managed\-keys { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+
options {
- allow\-new\-zones boolean;
- allow\-notify { address_match_element; ... };
- allow\-query { address_match_element; ... };
- allow\-query\-cache { address_match_element; ... };
- allow\-query\-cache\-on { address_match_element; ... };
- allow\-query\-on { address_match_element; ... };
- allow\-recursion { address_match_element; ... };
- allow\-recursion\-on { address_match_element; ... };
- allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... };
- allow\-update { address_match_element; ... };
- allow\-update\-forwarding { address_match_element; ... };
- also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
- alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- answer\-cookie boolean;
- attach\-cache string;
- auth\-nxdomain boolean;
- auto\-dnssec ( allow | maintain | off );
- automatic\-interface\-scan boolean;
- avoid\-v4\-udp\-ports { portrange; ... };
- avoid\-v6\-udp\-ports { portrange; ... };
- bindkeys\-file quoted_string;
- blackhole { address_match_element; ... };
- catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... };
- check\-dup\-records ( fail | warn | ignore );
- check\-integrity boolean;
- check\-mx ( fail | warn | ignore );
- check\-mx\-cname ( fail | warn | ignore );
- check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore );
- check\-sibling boolean;
- check\-spf ( warn | ignore );
- check\-srv\-cname ( fail | warn | ignore );
- check\-wildcard boolean;
- clients\-per\-query integer;
- cookie\-algorithm ( aes | siphash24 );
- cookie\-secret string;
- coresize ( default | unlimited | sizeval );
- datasize ( default | unlimited | sizeval );
- deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ];
- deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ];
- dialup ( notify | notify\-passive | passive | refresh | boolean );
- directory quoted_string;
- disable\-algorithms string { string; ... };
- disable\-ds\-digests string { string; ... };
- disable\-empty\-zone string;
- dns64 netprefix {
- break\-dnssec boolean;
- clients { address_match_element; ... };
- exclude { address_match_element; ... };
- mapped { address_match_element; ... };
- recursive\-only boolean;
- suffix ipv6_address;
- };
- dns64\-contact string;
- dns64\-server string;
- dnskey\-sig\-validity integer;
- dnsrps\-enable boolean;
- dnsrps\-options { unspecified\-text };
- dnssec\-accept\-expired boolean;
- dnssec\-dnskey\-kskonly boolean;
- dnssec\-loadkeys\-interval integer;
- dnssec\-must\-be\-secure string boolean;
- dnssec\-policy string;
- dnssec\-secure\-to\-insecure boolean;
- dnssec\-update\-mode ( maintain | no\-resign );
- dnssec\-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... };
- dnstap\-identity ( quoted_string | none | hostname );
- dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ];
- dnstap\-version ( quoted_string | none );
- dscp integer;
- dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... };
- dump\-file quoted_string;
- edns\-udp\-size integer;
- empty\-contact string;
- empty\-server string;
- empty\-zones\-enable boolean;
- fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint;
- fetches\-per\-server integer [ ( drop | fail ) ];
- fetches\-per\-zone integer [ ( drop | fail ) ];
- files ( default | unlimited | sizeval );
- flush\-zones\-on\-shutdown boolean;
- forward ( first | only );
- forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
- fstrm\-set\-buffer\-hint integer;
- fstrm\-set\-flush\-timeout integer;
- fstrm\-set\-input\-queue\-size integer;
- fstrm\-set\-output\-notify\-threshold integer;
- fstrm\-set\-output\-queue\-model ( mpsc | spsc );
- fstrm\-set\-output\-queue\-size integer;
- fstrm\-set\-reopen\-interval duration;
- geoip\-directory ( quoted_string | none );
- heartbeat\-interval integer;
- hostname ( quoted_string | none );
- http\-listener\-clients integer;
- http\-port integer;
- http\-streams\-per\-connection integer;
- https\-port integer;
- interface\-interval duration;
- ipv4only\-contact string;
- ipv4only\-enable boolean;
- ipv4only\-server string;
- ixfr\-from\-differences ( primary | master | secondary | slave | boolean );
- key\-directory quoted_string;
- lame\-ttl duration;
- listen\-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... };
- listen\-on\-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... };
- lmdb\-mapsize sizeval;
- lock\-file ( quoted_string | none );
- managed\-keys\-directory quoted_string;
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- match\-mapped\-addresses boolean;
- max\-cache\-size ( default | unlimited | sizeval | percentage );
- max\-cache\-ttl duration;
- max\-clients\-per\-query integer;
- max\-ixfr\-ratio ( unlimited | percentage );
- max\-journal\-size ( default | unlimited | sizeval );
- max\-ncache\-ttl duration;
- max\-records integer;
- max\-recursion\-depth integer;
- max\-recursion\-queries integer;
- max\-refresh\-time integer;
- max\-retry\-time integer;
- max\-rsa\-exponent\-size integer;
- max\-stale\-ttl duration;
- max\-transfer\-idle\-in integer;
- max\-transfer\-idle\-out integer;
- max\-transfer\-time\-in integer;
- max\-transfer\-time\-out integer;
- max\-udp\-size integer;
- max\-zone\-ttl ( unlimited | duration );
- memstatistics boolean;
- memstatistics\-file quoted_string;
- message\-compression boolean;
- min\-cache\-ttl duration;
- min\-ncache\-ttl duration;
- min\-refresh\-time integer;
- min\-retry\-time integer;
- minimal\-any boolean;
- minimal\-responses ( no\-auth | no\-auth\-recursive | boolean );
- multi\-master boolean;
- new\-zones\-directory quoted_string;
- no\-case\-compress { address_match_element; ... };
- nocookie\-udp\-size integer;
- notify ( explicit | master\-only | primary\-only | boolean );
- notify\-delay integer;
- notify\-rate integer;
- notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify\-to\-soa boolean;
- nta\-lifetime duration;
- nta\-recheck duration;
- nxdomain\-redirect string;
- parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- pid\-file ( quoted_string | none );
- port integer;
- preferred\-glue string;
- prefetch integer [ integer ];
- provide\-ixfr boolean;
- qname\-minimization ( strict | relaxed | disabled | off );
- query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- querylog boolean;
- random\-device ( quoted_string | none );
- rate\-limit {
- all\-per\-second integer;
- errors\-per\-second integer;
- exempt\-clients { address_match_element; ... };
- ipv4\-prefix\-length integer;
- ipv6\-prefix\-length integer;
- log\-only boolean;
- max\-table\-size integer;
- min\-table\-size integer;
- nodata\-per\-second integer;
- nxdomains\-per\-second integer;
- qps\-scale integer;
- referrals\-per\-second integer;
- responses\-per\-second integer;
- slip integer;
- window integer;
- };
- recursing\-file quoted_string;
- recursion boolean;
- recursive\-clients integer;
- request\-expire boolean;
- request\-ixfr boolean;
- request\-nsid boolean;
- require\-server\-cookie boolean;
- reserved\-sockets integer;// deprecated
- resolver\-nonbackoff\-tries integer;
- resolver\-query\-timeout integer;
- resolver\-retry\-interval integer;
- response\-padding { address_match_element; ... } block\-size integer;
- response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ];
- reuseport boolean;
- root\-delegation\-only [ exclude { string; ... } ];
- root\-key\-sentinel boolean;
- rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... };
- secroots\-file quoted_string;
- send\-cookie boolean;
- serial\-query\-rate integer;
- serial\-update\-method ( date | increment | unixtime );
- server\-id ( quoted_string | none | hostname );
- servfail\-ttl duration;
- session\-keyalg string;
- session\-keyfile ( quoted_string | none );
- session\-keyname string;
- sig\-signing\-nodes integer;
- sig\-signing\-signatures integer;
- sig\-signing\-type integer;
- sig\-validity\-interval integer [ integer ];
- sortlist { address_match_element; ... };
- stacksize ( default | unlimited | sizeval );
- stale\-answer\-client\-timeout ( disabled | off | integer );
- stale\-answer\-enable boolean;
- stale\-answer\-ttl duration;
- stale\-cache\-enable boolean;
- stale\-refresh\-time duration;
- startup\-notify\-rate integer;
- statistics\-file quoted_string;
- synth\-from\-dnssec boolean;
- tcp\-advertised\-timeout integer;
- tcp\-clients integer;
- tcp\-idle\-timeout integer;
- tcp\-initial\-timeout integer;
- tcp\-keepalive\-timeout integer;
- tcp\-listen\-queue integer;
- tcp\-receive\-buffer integer;
- tcp\-send\-buffer integer;
- tkey\-dhkey quoted_string integer;
- tkey\-domain quoted_string;
- tkey\-gssapi\-credential quoted_string;
- tkey\-gssapi\-keytab quoted_string;
- tls\-port integer;
- transfer\-format ( many\-answers | one\-answer );
- transfer\-message\-size integer;
- transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfers\-in integer;
- transfers\-out integer;
- transfers\-per\-ns integer;
- trust\-anchor\-telemetry boolean; // experimental
- try\-tcp\-refresh boolean;
- udp\-receive\-buffer integer;
- udp\-send\-buffer integer;
- update\-check\-ksk boolean;
- use\-alt\-transfer\-source boolean;
- use\-v4\-udp\-ports { portrange; ... };
- use\-v6\-udp\-ports { portrange; ... };
- v6\-bias integer;
- validate\-except { string; ... };
- version ( quoted_string | none );
- zero\-no\-soa\-ttl boolean;
- zero\-no\-soa\-ttl\-cache boolean;
- zone\-statistics ( full | terse | none | boolean );
+ allow\-new\-zones <boolean>;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-cache { <address_match_element>; ... };
+ allow\-query\-cache\-on { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-recursion { <address_match_element>; ... };
+ allow\-recursion\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ answer\-cookie <boolean>;
+ attach\-cache <string>;
+ auth\-nxdomain <boolean>;
+ auto\-dnssec ( allow | maintain | off );
+ automatic\-interface\-scan <boolean>;
+ avoid\-v4\-udp\-ports { <portrange>; ... };
+ avoid\-v6\-udp\-ports { <portrange>; ... };
+ bindkeys\-file <quoted_string>;
+ blackhole { <address_match_element>; ... };
+ catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity <boolean>;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+ check\-sibling <boolean>;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard <boolean>;
+ clients\-per\-query <integer>;
+ cookie\-algorithm ( aes | siphash24 );
+ cookie\-secret <string>; // may occur multiple times
+ coresize ( default | unlimited | <sizeval> );
+ datasize ( default | unlimited | <sizeval> );
+ deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
+ deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> );
+ directory <quoted_string>;
+ disable\-algorithms <string> { <string>; ... }; // may occur multiple times
+ disable\-ds\-digests <string> { <string>; ... }; // may occur multiple times
+ disable\-empty\-zone <string>; // may occur multiple times
+ dns64 <netprefix> {
+ break\-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive\-only <boolean>;
+ suffix <ipv6_address>;
+ }; // may occur multiple times
+ dns64\-contact <string>;
+ dns64\-server <string>;
+ dnskey\-sig\-validity <integer>;
+ dnsrps\-enable <boolean>; // not configured
+ dnsrps\-options { <unspecified\-text> }; // not configured
+ dnssec\-accept\-expired <boolean>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-must\-be\-secure <string> <boolean>; // may occur multiple times
+ dnssec\-policy <string>;
+ dnssec\-secure\-to\-insecure <boolean>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
+ dnstap\-identity ( <quoted_string> | none | hostname ); // not configured
+ dnstap\-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
+ dnstap\-version ( <quoted_string> | none ); // not configured
+ dscp <integer>;
+ dual\-stack\-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
+ dump\-file <quoted_string>;
+ edns\-udp\-size <integer>;
+ empty\-contact <string>;
+ empty\-server <string>;
+ empty\-zones\-enable <boolean>;
+ fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+ fetches\-per\-server <integer> [ ( drop | fail ) ];
+ fetches\-per\-zone <integer> [ ( drop | fail ) ];
+ files ( default | unlimited | <sizeval> );
+ flush\-zones\-on\-shutdown <boolean>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ fstrm\-set\-buffer\-hint <integer>; // not configured
+ fstrm\-set\-flush\-timeout <integer>; // not configured
+ fstrm\-set\-input\-queue\-size <integer>; // not configured
+ fstrm\-set\-output\-notify\-threshold <integer>; // not configured
+ fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured
+ fstrm\-set\-output\-queue\-size <integer>; // not configured
+ fstrm\-set\-reopen\-interval <duration>; // not configured
+ geoip\-directory ( <quoted_string> | none );
+ heartbeat\-interval <integer>;
+ hostname ( <quoted_string> | none );
+ http\-listener\-clients <integer>;
+ http\-port <integer>;
+ http\-streams\-per\-connection <integer>;
+ https\-port <integer>;
+ interface\-interval <duration>;
+ ipv4only\-contact <string>;
+ ipv4only\-enable <boolean>;
+ ipv4only\-server <string>;
+ ixfr\-from\-differences ( primary | master | secondary | slave | <boolean> );
+ keep\-response\-order { <address_match_element>; ... }; // obsolete
+ key\-directory <quoted_string>;
+ lame\-ttl <duration>;
+ listen\-on [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+ listen\-on\-v6 [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+ lmdb\-mapsize <sizeval>;
+ lock\-file ( <quoted_string> | none );
+ managed\-keys\-directory <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ match\-mapped\-addresses <boolean>;
+ max\-cache\-size ( default | unlimited | <sizeval> | <percentage> );
+ max\-cache\-ttl <duration>;
+ max\-clients\-per\-query <integer>;
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-ncache\-ttl <duration>;
+ max\-records <integer>;
+ max\-recursion\-depth <integer>;
+ max\-recursion\-queries <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-rsa\-exponent\-size <integer>;
+ max\-stale\-ttl <duration>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ max\-udp\-size <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ memstatistics <boolean>;
+ memstatistics\-file <quoted_string>;
+ message\-compression <boolean>;
+ min\-cache\-ttl <duration>;
+ min\-ncache\-ttl <duration>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ minimal\-any <boolean>;
+ minimal\-responses ( no\-auth | no\-auth\-recursive | <boolean> );
+ multi\-master <boolean>;
+ new\-zones\-directory <quoted_string>;
+ no\-case\-compress { <address_match_element>; ... };
+ nocookie\-udp\-size <integer>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-rate <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ nta\-lifetime <duration>;
+ nta\-recheck <duration>;
+ nxdomain\-redirect <string>;
+ parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ pid\-file ( <quoted_string> | none );
+ port <integer>;
+ preferred\-glue <string>;
+ prefetch <integer> [ <integer> ];
+ provide\-ixfr <boolean>;
+ qname\-minimization ( strict | relaxed | disabled | off );
+ query\-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query\-source\-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ querylog <boolean>;
+ random\-device ( <quoted_string> | none );
+ rate\-limit {
+ all\-per\-second <integer>;
+ errors\-per\-second <integer>;
+ exempt\-clients { <address_match_element>; ... };
+ ipv4\-prefix\-length <integer>;
+ ipv6\-prefix\-length <integer>;
+ log\-only <boolean>;
+ max\-table\-size <integer>;
+ min\-table\-size <integer>;
+ nodata\-per\-second <integer>;
+ nxdomains\-per\-second <integer>;
+ qps\-scale <integer>;
+ referrals\-per\-second <integer>;
+ responses\-per\-second <integer>;
+ slip <integer>;
+ window <integer>;
+ };
+ recursing\-file <quoted_string>;
+ recursion <boolean>;
+ recursive\-clients <integer>;
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ require\-server\-cookie <boolean>;
+ reserved\-sockets <integer>; // deprecated
+ resolver\-nonbackoff\-tries <integer>;
+ resolver\-query\-timeout <integer>;
+ resolver\-retry\-interval <integer>;
+ response\-padding { <address_match_element>; ... } block\-size <integer>;
+ response\-policy { zone <string> [ add\-soa <boolean> ] [ log <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only <quoted_string> ) ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ]; ... } [ add\-soa <boolean> ] [ break\-dnssec <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ min\-ns\-dots <integer> ] [ nsip\-wait\-recurse <boolean> ] [ nsdname\-wait\-recurse <boolean> ] [ qname\-wait\-recurse <boolean> ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ dnsrps\-enable <boolean> ] [ dnsrps\-options { <unspecified\-text> } ];
+ reuseport <boolean>;
+ root\-delegation\-only [ exclude { <string>; ... } ];
+ root\-key\-sentinel <boolean>;
+ rrset\-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+ secroots\-file <quoted_string>;
+ send\-cookie <boolean>;
+ serial\-query\-rate <integer>;
+ serial\-update\-method ( date | increment | unixtime );
+ server\-id ( <quoted_string> | none | hostname );
+ servfail\-ttl <duration>;
+ session\-keyalg <string>;
+ session\-keyfile ( <quoted_string> | none );
+ session\-keyname <string>;
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
+ stacksize ( default | unlimited | <sizeval> );
+ stale\-answer\-client\-timeout ( disabled | off | <integer> );
+ stale\-answer\-enable <boolean>;
+ stale\-answer\-ttl <duration>;
+ stale\-cache\-enable <boolean>;
+ stale\-refresh\-time <duration>;
+ startup\-notify\-rate <integer>;
+ statistics\-file <quoted_string>;
+ suppress\-initial\-notify <boolean>; // obsolete
+ synth\-from\-dnssec <boolean>;
+ tcp\-advertised\-timeout <integer>;
+ tcp\-clients <integer>;
+ tcp\-idle\-timeout <integer>;
+ tcp\-initial\-timeout <integer>;
+ tcp\-keepalive\-timeout <integer>;
+ tcp\-listen\-queue <integer>;
+ tcp\-receive\-buffer <integer>;
+ tcp\-send\-buffer <integer>;
+ tkey\-dhkey <quoted_string> <integer>;
+ tkey\-domain <quoted_string>;
+ tkey\-gssapi\-credential <quoted_string>;
+ tkey\-gssapi\-keytab <quoted_string>;
+ tls\-port <integer>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-message\-size <integer>;
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfers\-in <integer>;
+ transfers\-out <integer>;
+ transfers\-per\-ns <integer>;
+ trust\-anchor\-telemetry <boolean>; // experimental
+ try\-tcp\-refresh <boolean>;
+ udp\-receive\-buffer <integer>;
+ udp\-send\-buffer <integer>;
+ update\-check\-ksk <boolean>;
+ use\-alt\-transfer\-source <boolean>;
+ use\-v4\-udp\-ports { <portrange>; ... };
+ use\-v6\-udp\-ports { <portrange>; ... };
+ v6\-bias <integer>;
+ validate\-except { <string>; ... };
+ version ( <quoted_string> | none );
+ zero\-no\-soa\-ttl <boolean>;
+ zero\-no\-soa\-ttl\-cache <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS PARENTAL\-AGENTS
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-parental\-agents string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS PLUGIN
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-plugin ( query ) string [ { unspecified\-text } ];
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS PRIMARIES
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-primaries string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS SERVER
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-server netprefix {
- bogus boolean;
- edns boolean;
- edns\-udp\-size integer;
- edns\-version integer;
- keys server_key;
- max\-udp\-size integer;
- notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- padding integer;
- provide\-ixfr boolean;
- query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- request\-expire boolean;
- request\-ixfr boolean;
- request\-nsid boolean;
- send\-cookie boolean;
- tcp\-keepalive boolean;
- tcp\-only boolean;
- transfer\-format ( many\-answers | one\-answer );
- transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfers integer;
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS STATISTICS\-CHANNELS
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
+
+parental\-agents <string> [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
+
+primaries <string> [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns\-udp\-size <integer>;
+ edns\-version <integer>;
+ keys <server_key>;
+ max\-udp\-size <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ padding <integer>;
+ provide\-ixfr <boolean>;
+ query\-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query\-source\-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ send\-cookie <boolean>;
+ tcp\-keepalive <boolean>;
+ tcp\-only <boolean>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfers <integer>;
+}; // may occur multiple times
+
statistics\-channels {
- inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ];
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS TLS
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-tls string {
- ca\-file quoted_string;
- cert\-file quoted_string;
- ciphers string;
- dhparam\-file quoted_string;
- key\-file quoted_string;
- prefer\-server\-ciphers boolean;
- protocols { string; ... };
- remote\-hostname quoted_string;
- session\-tickets boolean;
-};
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS TRUST\-ANCHORS
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS TRUSTED\-KEYS
-.sp
-Deprecated \- see DNSSEC\-KEYS.
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-trusted\-keys { string integer integer integer quoted_string; ... };, deprecated
-.ft P
-.fi
-.UNINDENT
-.UNINDENT
-.SS VIEW
-.INDENT 0.0
-.INDENT 3.5
-.sp
-.nf
-.ft C
-view string [ class ] {
- allow\-new\-zones boolean;
- allow\-notify { address_match_element; ... };
- allow\-query { address_match_element; ... };
- allow\-query\-cache { address_match_element; ... };
- allow\-query\-cache\-on { address_match_element; ... };
- allow\-query\-on { address_match_element; ... };
- allow\-recursion { address_match_element; ... };
- allow\-recursion\-on { address_match_element; ... };
- allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... };
- allow\-update { address_match_element; ... };
- allow\-update\-forwarding { address_match_element; ... };
- also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... };
- alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- attach\-cache string;
- auth\-nxdomain boolean;
- auto\-dnssec ( allow | maintain | off );
- catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... };
- check\-dup\-records ( fail | warn | ignore );
- check\-integrity boolean;
- check\-mx ( fail | warn | ignore );
- check\-mx\-cname ( fail | warn | ignore );
- check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore );
- check\-sibling boolean;
- check\-spf ( warn | ignore );
- check\-srv\-cname ( fail | warn | ignore );
- check\-wildcard boolean;
- clients\-per\-query integer;
- deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ];
- deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ];
- dialup ( notify | notify\-passive | passive | refresh | boolean );
- disable\-algorithms string { string; ... };
- disable\-ds\-digests string { string; ... };
- disable\-empty\-zone string;
- dlz string {
- database string;
- search boolean;
- };
- dns64 netprefix {
- break\-dnssec boolean;
- clients { address_match_element; ... };
- exclude { address_match_element; ... };
- mapped { address_match_element; ... };
- recursive\-only boolean;
- suffix ipv6_address;
- };
- dns64\-contact string;
- dns64\-server string;
- dnskey\-sig\-validity integer;
- dnsrps\-enable boolean;
- dnsrps\-options { unspecified\-text };
- dnssec\-accept\-expired boolean;
- dnssec\-dnskey\-kskonly boolean;
- dnssec\-loadkeys\-interval integer;
- dnssec\-must\-be\-secure string boolean;
- dnssec\-policy string;
- dnssec\-secure\-to\-insecure boolean;
- dnssec\-update\-mode ( maintain | no\-resign );
- dnssec\-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... };
- dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... };
- dyndb string quoted_string { unspecified\-text };
- edns\-udp\-size integer;
- empty\-contact string;
- empty\-server string;
- empty\-zones\-enable boolean;
- fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint;
- fetches\-per\-server integer [ ( drop | fail ) ];
- fetches\-per\-zone integer [ ( drop | fail ) ];
- forward ( first | only );
- forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
- ipv4only\-contact string;
- ipv4only\-enable boolean;
- ipv4only\-server string;
- ixfr\-from\-differences ( primary | master | secondary | slave | boolean );
- key string {
- algorithm string;
- secret string;
- };
- key\-directory quoted_string;
- lame\-ttl duration;
- lmdb\-mapsize sizeval;
- managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- match\-clients { address_match_element; ... };
- match\-destinations { address_match_element; ... };
- match\-recursive\-only boolean;
- max\-cache\-size ( default | unlimited | sizeval | percentage );
- max\-cache\-ttl duration;
- max\-clients\-per\-query integer;
- max\-ixfr\-ratio ( unlimited | percentage );
- max\-journal\-size ( default | unlimited | sizeval );
- max\-ncache\-ttl duration;
- max\-records integer;
- max\-recursion\-depth integer;
- max\-recursion\-queries integer;
- max\-refresh\-time integer;
- max\-retry\-time integer;
- max\-stale\-ttl duration;
- max\-transfer\-idle\-in integer;
- max\-transfer\-idle\-out integer;
- max\-transfer\-time\-in integer;
- max\-transfer\-time\-out integer;
- max\-udp\-size integer;
- max\-zone\-ttl ( unlimited | duration );
- message\-compression boolean;
- min\-cache\-ttl duration;
- min\-ncache\-ttl duration;
- min\-refresh\-time integer;
- min\-retry\-time integer;
- minimal\-any boolean;
- minimal\-responses ( no\-auth | no\-auth\-recursive | boolean );
- multi\-master boolean;
- new\-zones\-directory quoted_string;
- no\-case\-compress { address_match_element; ... };
- nocookie\-udp\-size integer;
- notify ( explicit | master\-only | primary\-only | boolean );
- notify\-delay integer;
- notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify\-to\-soa boolean;
- nta\-lifetime duration;
- nta\-recheck duration;
- nxdomain\-redirect string;
- parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- plugin ( query ) string [ { unspecified\-text } ];
- preferred\-glue string;
- prefetch integer [ integer ];
- provide\-ixfr boolean;
- qname\-minimization ( strict | relaxed | disabled | off );
- query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- rate\-limit {
- all\-per\-second integer;
- errors\-per\-second integer;
- exempt\-clients { address_match_element; ... };
- ipv4\-prefix\-length integer;
- ipv6\-prefix\-length integer;
- log\-only boolean;
- max\-table\-size integer;
- min\-table\-size integer;
- nodata\-per\-second integer;
- nxdomains\-per\-second integer;
- qps\-scale integer;
- referrals\-per\-second integer;
- responses\-per\-second integer;
- slip integer;
- window integer;
- };
- recursion boolean;
- request\-expire boolean;
- request\-ixfr boolean;
- request\-nsid boolean;
- require\-server\-cookie boolean;
- resolver\-nonbackoff\-tries integer;
- resolver\-query\-timeout integer;
- resolver\-retry\-interval integer;
- response\-padding { address_match_element; ... } block\-size integer;
- response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ];
- root\-delegation\-only [ exclude { string; ... } ];
- root\-key\-sentinel boolean;
- rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... };
- send\-cookie boolean;
- serial\-update\-method ( date | increment | unixtime );
- server netprefix {
- bogus boolean;
- edns boolean;
- edns\-udp\-size integer;
- edns\-version integer;
- keys server_key;
- max\-udp\-size integer;
- notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- padding integer;
- provide\-ixfr boolean;
- query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ];
- request\-expire boolean;
- request\-ixfr boolean;
- request\-nsid boolean;
- send\-cookie boolean;
- tcp\-keepalive boolean;
- tcp\-only boolean;
- transfer\-format ( many\-answers | one\-answer );
- transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfers integer;
- };
- servfail\-ttl duration;
- sig\-signing\-nodes integer;
- sig\-signing\-signatures integer;
- sig\-signing\-type integer;
- sig\-validity\-interval integer [ integer ];
- sortlist { address_match_element; ... };
- stale\-answer\-client\-timeout ( disabled | off | integer );
- stale\-answer\-enable boolean;
- stale\-answer\-ttl duration;
- stale\-cache\-enable boolean;
- stale\-refresh\-time duration;
- synth\-from\-dnssec boolean;
- transfer\-format ( many\-answers | one\-answer );
- transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
- trust\-anchor\-telemetry boolean; // experimental
- trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };
- trusted\-keys { string integer integer integer quoted_string; ... };, deprecated
- try\-tcp\-refresh boolean;
- update\-check\-ksk boolean;
- use\-alt\-transfer\-source boolean;
- v6\-bias integer;
- validate\-except { string; ... };
- zero\-no\-soa\-ttl boolean;
- zero\-no\-soa\-ttl\-cache boolean;
- zone\-statistics ( full | terse | none | boolean );
-};
+ inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
+}; // may occur multiple times
+
+tls <string> {
+ ca\-file <quoted_string>;
+ cert\-file <quoted_string>;
+ ciphers <string>;
+ dhparam\-file <quoted_string>;
+ key\-file <quoted_string>;
+ prefer\-server\-ciphers <boolean>;
+ protocols { <string>; ... };
+ remote\-hostname <quoted_string>;
+ session\-tickets <boolean>;
+}; // may occur multiple times
+
+trust\-anchors { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+
+trusted\-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+
+view <string> [ <class> ] {
+ allow\-new\-zones <boolean>;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-cache { <address_match_element>; ... };
+ allow\-query\-cache\-on { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-recursion { <address_match_element>; ... };
+ allow\-recursion\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ attach\-cache <string>;
+ auth\-nxdomain <boolean>;
+ auto\-dnssec ( allow | maintain | off );
+ catalog\-zones { zone <string> [ default\-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone\-directory <quoted_string> ] [ in\-memory <boolean> ] [ min\-update\-interval <duration> ]; ... };
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity <boolean>;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+ check\-sibling <boolean>;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard <boolean>;
+ clients\-per\-query <integer>;
+ deny\-answer\-addresses { <address_match_element>; ... } [ except\-from { <string>; ... } ];
+ deny\-answer\-aliases { <string>; ... } [ except\-from { <string>; ... } ];
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> );
+ disable\-algorithms <string> { <string>; ... }; // may occur multiple times
+ disable\-ds\-digests <string> { <string>; ... }; // may occur multiple times
+ disable\-empty\-zone <string>; // may occur multiple times
+ dlz <string> {
+ database <string>;
+ search <boolean>;
+ }; // may occur multiple times
+ dns64 <netprefix> {
+ break\-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive\-only <boolean>;
+ suffix <ipv6_address>;
+ }; // may occur multiple times
+ dns64\-contact <string>;
+ dns64\-server <string>;
+ dnskey\-sig\-validity <integer>;
+ dnsrps\-enable <boolean>; // not configured
+ dnsrps\-options { <unspecified\-text> }; // not configured
+ dnssec\-accept\-expired <boolean>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-must\-be\-secure <string> <boolean>; // may occur multiple times
+ dnssec\-policy <string>;
+ dnssec\-secure\-to\-insecure <boolean>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
+ dual\-stack\-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
+ dyndb <string> <quoted_string> { <unspecified\-text> }; // may occur multiple times
+ edns\-udp\-size <integer>;
+ empty\-contact <string>;
+ empty\-server <string>;
+ empty\-zones\-enable <boolean>;
+ fetch\-quota\-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+ fetches\-per\-server <integer> [ ( drop | fail ) ];
+ fetches\-per\-zone <integer> [ ( drop | fail ) ];
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ ipv4only\-contact <string>;
+ ipv4only\-enable <boolean>;
+ ipv4only\-server <string>;
+ ixfr\-from\-differences ( primary | master | secondary | slave | <boolean> );
+ key <string> {
+ algorithm <string>;
+ secret <string>;
+ }; // may occur multiple times
+ key\-directory <quoted_string>;
+ lame\-ttl <duration>;
+ lmdb\-mapsize <sizeval>;
+ managed\-keys { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ match\-clients { <address_match_element>; ... };
+ match\-destinations { <address_match_element>; ... };
+ match\-recursive\-only <boolean>;
+ max\-cache\-size ( default | unlimited | <sizeval> | <percentage> );
+ max\-cache\-ttl <duration>;
+ max\-clients\-per\-query <integer>;
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-ncache\-ttl <duration>;
+ max\-records <integer>;
+ max\-recursion\-depth <integer>;
+ max\-recursion\-queries <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-stale\-ttl <duration>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ max\-udp\-size <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ message\-compression <boolean>;
+ min\-cache\-ttl <duration>;
+ min\-ncache\-ttl <duration>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ minimal\-any <boolean>;
+ minimal\-responses ( no\-auth | no\-auth\-recursive | <boolean> );
+ multi\-master <boolean>;
+ new\-zones\-directory <quoted_string>;
+ no\-case\-compress { <address_match_element>; ... };
+ nocookie\-udp\-size <integer>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ nta\-lifetime <duration>;
+ nta\-recheck <duration>;
+ nxdomain\-redirect <string>;
+ parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ plugin ( query ) <string> [ { <unspecified\-text> } ]; // may occur multiple times
+ preferred\-glue <string>;
+ prefetch <integer> [ <integer> ];
+ provide\-ixfr <boolean>;
+ qname\-minimization ( strict | relaxed | disabled | off );
+ query\-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query\-source\-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ rate\-limit {
+ all\-per\-second <integer>;
+ errors\-per\-second <integer>;
+ exempt\-clients { <address_match_element>; ... };
+ ipv4\-prefix\-length <integer>;
+ ipv6\-prefix\-length <integer>;
+ log\-only <boolean>;
+ max\-table\-size <integer>;
+ min\-table\-size <integer>;
+ nodata\-per\-second <integer>;
+ nxdomains\-per\-second <integer>;
+ qps\-scale <integer>;
+ referrals\-per\-second <integer>;
+ responses\-per\-second <integer>;
+ slip <integer>;
+ window <integer>;
+ };
+ recursion <boolean>;
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ require\-server\-cookie <boolean>;
+ resolver\-nonbackoff\-tries <integer>;
+ resolver\-query\-timeout <integer>;
+ resolver\-retry\-interval <integer>;
+ response\-padding { <address_match_element>; ... } block\-size <integer>;
+ response\-policy { zone <string> [ add\-soa <boolean> ] [ log <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only <quoted_string> ) ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ]; ... } [ add\-soa <boolean> ] [ break\-dnssec <boolean> ] [ max\-policy\-ttl <duration> ] [ min\-update\-interval <duration> ] [ min\-ns\-dots <integer> ] [ nsip\-wait\-recurse <boolean> ] [ nsdname\-wait\-recurse <boolean> ] [ qname\-wait\-recurse <boolean> ] [ recursive\-only <boolean> ] [ nsip\-enable <boolean> ] [ nsdname\-enable <boolean> ] [ dnsrps\-enable <boolean> ] [ dnsrps\-options { <unspecified\-text> } ];
+ root\-delegation\-only [ exclude { <string>; ... } ];
+ root\-key\-sentinel <boolean>;
+ rrset\-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+ send\-cookie <boolean>;
+ serial\-update\-method ( date | increment | unixtime );
+ server <netprefix> {
+ bogus <boolean>;
+ edns <boolean>;
+ edns\-udp\-size <integer>;
+ edns\-version <integer>;
+ keys <server_key>;
+ max\-udp\-size <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ padding <integer>;
+ provide\-ixfr <boolean>;
+ query\-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ query\-source\-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ request\-nsid <boolean>;
+ send\-cookie <boolean>;
+ tcp\-keepalive <boolean>;
+ tcp\-only <boolean>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfers <integer>;
+ }; // may occur multiple times
+ servfail\-ttl <duration>;
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ sortlist { <address_match_element>; ... };
+ stale\-answer\-client\-timeout ( disabled | off | <integer> );
+ stale\-answer\-enable <boolean>;
+ stale\-answer\-ttl <duration>;
+ stale\-cache\-enable <boolean>;
+ stale\-refresh\-time <duration>;
+ suppress\-initial\-notify <boolean>; // obsolete
+ synth\-from\-dnssec <boolean>;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ trust\-anchor\-telemetry <boolean>; // experimental
+ trust\-anchors { <string> ( static\-key | initial\-key | static\-ds | initial\-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+ trusted\-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
+ try\-tcp\-refresh <boolean>;
+ update\-check\-ksk <boolean>;
+ use\-alt\-transfer\-source <boolean>;
+ v6\-bias <integer>;
+ validate\-except { <string>; ... };
+ zero\-no\-soa\-ttl <boolean>;
+ zero\-no\-soa\-ttl\-cache <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+
+
.ft P
.fi
.UNINDENT
.UNINDENT
-.SS ZONE
.sp
Any of these zone statements can also be set inside the view statement.
.INDENT 0.0
.nf
.ft C
zone <string> [ <class> ] {
- type primary;
- allow\-query { <address_match_element>; ... };
- allow\-query\-on { <address_match_element>; ... };
- allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow\-update { <address_match_element>; ... };
- also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- auto\-dnssec ( allow | maintain | off );
- check\-dup\-records ( fail | warn | ignore );
- check\-integrity <boolean>;
- check\-mx ( fail | warn | ignore );
- check\-mx\-cname ( fail | warn | ignore );
- check\-names ( fail | warn | ignore );
- check\-sibling <boolean>;
- check\-spf ( warn | ignore );
- check\-srv\-cname ( fail | warn | ignore );
- check\-wildcard <boolean>;
- database <string>;
- dialup ( notify | notify\-passive | passive | refresh | <boolean> );
- dlz <string>;
- dnskey\-sig\-validity <integer>;
- dnssec\-dnskey\-kskonly <boolean>;
- dnssec\-loadkeys\-interval <integer>;
- dnssec\-policy <string>;
- dnssec\-secure\-to\-insecure <boolean>;
- dnssec\-update\-mode ( maintain | no\-resign );
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- inline\-signing <boolean>;
- ixfr\-from\-differences <boolean>;
- journal <quoted_string>;
- key\-directory <quoted_string>;
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- max\-ixfr\-ratio ( unlimited | <percentage> );
- max\-journal\-size ( default | unlimited | <sizeval> );
- max\-records <integer>;
- max\-transfer\-idle\-out <integer>;
- max\-transfer\-time\-out <integer>;
- max\-zone\-ttl ( unlimited | <duration> );
- notify ( explicit | master\-only | primary\-only | <boolean> );
- notify\-delay <integer>;
- notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify\-to\-soa <boolean>;
- parental\-agents [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- serial\-update\-method ( date | increment | unixtime );
- sig\-signing\-nodes <integer>;
- sig\-signing\-signatures <integer>;
- sig\-signing\-type <integer>;
- sig\-validity\-interval <integer> [ <integer> ];
- update\-check\-ksk <boolean>;
- update\-policy ( local | { ( deny | grant ) <string> ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
- zero\-no\-soa\-ttl <boolean>;
- zone\-statistics ( full | terse | none | <boolean> );
+ type primary;
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update { <address_match_element>; ... };
+ also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ auto\-dnssec ( allow | maintain | off );
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity <boolean>;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( fail | warn | ignore );
+ check\-sibling <boolean>;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard <boolean>;
+ database <string>;
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> );
+ dlz <string>;
+ dnskey\-sig\-validity <integer>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-policy <string>;
+ dnssec\-secure\-to\-insecure <boolean>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ inline\-signing <boolean>;
+ ixfr\-from\-differences <boolean>;
+ journal <quoted_string>;
+ key\-directory <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-records <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-out <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ parental\-agents [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ serial\-update\-method ( date | increment | unixtime );
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ update\-check\-ksk <boolean>;
+ update\-policy ( local | { ( deny | grant ) <string> ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
+ zero\-no\-soa\-ttl <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type secondary;
- allow\-notify { <address_match_element>; ... };
- allow\-query { <address_match_element>; ... };
- allow\-query\-on { <address_match_element>; ... };
- allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow\-update\-forwarding { <address_match_element>; ... };
- also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- auto\-dnssec ( allow | maintain | off );
- check\-names ( fail | warn | ignore );
- database <string>;
- dialup ( notify | notify\-passive | passive | refresh | <boolean> );
- dlz <string>;
- dnskey\-sig\-validity <integer>;
- dnssec\-dnskey\-kskonly <boolean>;
- dnssec\-loadkeys\-interval <integer>;
- dnssec\-policy <string>;
- dnssec\-update\-mode ( maintain | no\-resign );
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- inline\-signing <boolean>;
- ixfr\-from\-differences <boolean>;
- journal <quoted_string>;
- key\-directory <quoted_string>;
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- max\-ixfr\-ratio ( unlimited | <percentage> );
- max\-journal\-size ( default | unlimited | <sizeval> );
- max\-records <integer>;
- max\-refresh\-time <integer>;
- max\-retry\-time <integer>;
- max\-transfer\-idle\-in <integer>;
- max\-transfer\-idle\-out <integer>;
- max\-transfer\-time\-in <integer>;
- max\-transfer\-time\-out <integer>;
- min\-refresh\-time <integer>;
- min\-retry\-time <integer>;
- multi\-master <boolean>;
- notify ( explicit | master\-only | primary\-only | <boolean> );
- notify\-delay <integer>;
- notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify\-to\-soa <boolean>;
- parental\-agents [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- request\-expire <boolean>;
- request\-ixfr <boolean>;
- sig\-signing\-nodes <integer>;
- sig\-signing\-signatures <integer>;
- sig\-signing\-type <integer>;
- sig\-validity\-interval <integer> [ <integer> ];
- transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- try\-tcp\-refresh <boolean>;
- update\-check\-ksk <boolean>;
- use\-alt\-transfer\-source <boolean>;
- zero\-no\-soa\-ttl <boolean>;
- zone\-statistics ( full | terse | none | <boolean> );
+ type secondary;
+ allow\-notify { <address_match_element>; ... };
+ allow\-query { <address_match_element>; ... };
+ allow\-query\-on { <address_match_element>; ... };
+ allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+ allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ auto\-dnssec ( allow | maintain | off );
+ check\-names ( fail | warn | ignore );
+ database <string>;
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> );
+ dlz <string>;
+ dnskey\-sig\-validity <integer>;
+ dnssec\-dnskey\-kskonly <boolean>;
+ dnssec\-loadkeys\-interval <integer>;
+ dnssec\-policy <string>;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ inline\-signing <boolean>;
+ ixfr\-from\-differences <boolean>;
+ journal <quoted_string>;
+ key\-directory <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-records <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ multi\-master <boolean>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-to\-soa <boolean>;
+ nsec3\-test\-zone <boolean>; // test only
+ parental\-agents [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ parental\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ parental\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ sig\-signing\-nodes <integer>;
+ sig\-signing\-signatures <integer>;
+ sig\-signing\-type <integer>;
+ sig\-validity\-interval <integer> [ <integer> ];
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ try\-tcp\-refresh <boolean>;
+ update\-check\-ksk <boolean>;
+ use\-alt\-transfer\-source <boolean>;
+ zero\-no\-soa\-ttl <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type mirror;
- allow\-notify { <address_match_element>; ... };
- allow\-query { <address_match_element>; ... };
- allow\-query\-on { <address_match_element>; ... };
- allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow\-update\-forwarding { <address_match_element>; ... };
- also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- check\-names ( fail | warn | ignore );
- database <string>;
- file <quoted_string>;
- ixfr\-from\-differences <boolean>;
- journal <quoted_string>;
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- max\-ixfr\-ratio ( unlimited | <percentage> );
- max\-journal\-size ( default | unlimited | <sizeval> );
- max\-records <integer>;
- max\-refresh\-time <integer>;
- max\-retry\-time <integer>;
- max\-transfer\-idle\-in <integer>;
- max\-transfer\-idle\-out <integer>;
- max\-transfer\-time\-in <integer>;
- max\-transfer\-time\-out <integer>;
- min\-refresh\-time <integer>;
- min\-retry\-time <integer>;
- multi\-master <boolean>;
- notify ( explicit | master\-only | primary\-only | <boolean> );
- notify\-delay <integer>;
- notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- request\-expire <boolean>;
- request\-ixfr <boolean>;
- transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- try\-tcp\-refresh <boolean>;
- use\-alt\-transfer\-source <boolean>;
- zero\-no\-soa\-ttl <boolean>;
- zone\-statistics ( full | terse | none | <boolean> );
+ type mirror;
+
allow\-notify { <address_match_element>; ... };
+
allow\-query { <address_match_element>; ... };
+
allow\-query\-on { <address_match_element>; ... };
+
allow\-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+
allow\-update\-forwarding { <address_match_element>; ... };
+ also\-notify [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ alt\-transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ alt\-transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ check\-names ( fail | warn | ignore );
+ database <string>;
+ file <quoted_string>;
+ ixfr\-from\-differences <boolean>;
+ journal <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+
max\-ixfr\-ratio ( unlimited | <percentage> );
+ max\-journal\-size ( default | unlimited | <sizeval> );
+ max\-records <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-idle\-out <integer>;
+ max\-transfer\-time\-in <integer>;
+ max\-transfer\-time\-out <integer>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ multi\-master <boolean>;
+ notify ( explicit | master\-only | primary\-only | <boolean> );
+ notify\-delay <integer>;
+ notify\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ notify\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ request\-expire <boolean>;
+ request\-ixfr <boolean>;
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ try\-tcp\-refresh <boolean>;
+ use\-alt\-transfer\-source <boolean>;
+ zero\-no\-soa\-ttl <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type forward;
- delegation\-only <boolean>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ type forward;
+ delegation\-only <boolean>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type hint;
- check\-names ( fail | warn | ignore );
- delegation\-only <boolean>;
- file <quoted_string>;
+ type hint;
+ check\-names ( fail | warn | ignore );
+ delegation\-only <boolean>;
+ file <quoted_string>;
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type redirect;
- allow\-query { <address_match_element>; ... };
- allow\-query\-on { <address_match_element>; ... };
- dlz <string>;
- file <quoted_string>;
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- max\-records <integer>;
- max\-zone\-ttl ( unlimited | <duration> );
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- zone\-statistics ( full | terse | none | <boolean> );
+ type redirect;
+
allow\-query { <address_match_element>; ... };
+
allow\-query\-on { <address_match_element>; ... };
+ dlz <string>;
+ file <quoted_string>;
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-records <integer>;
+ max\-zone\-ttl ( unlimited | <duration> );
+ primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ zone\-statistics ( full | terse | none | <boolean> );
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type static\-stub;
- allow\-query { <address_match_element>; ... };
- allow\-query\-on { <address_match_element>; ... };
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- max\-records <integer>;
- server\-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
- server\-names { <string>; ... };
- zone\-statistics ( full | terse | none | <boolean> );
+ type static\-stub;
+
allow\-query { <address_match_element>; ... };
+
allow\-query\-on { <address_match_element>; ... };
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ max\-records <integer>;
+ server\-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
+ server\-names { <string>; ... };
+ zone\-statistics ( full | terse | none | <boolean> );
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type stub;
- allow\-query { <address_match_element>; ... };
- allow\-query\-on { <address_match_element>; ... };
- check\-names ( fail | warn | ignore );
- database <string>;
- delegation\-only <boolean>;
- dialup ( notify | notify\-passive | passive | refresh | <boolean> );
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- masterfile\-format ( raw | text );
- masterfile\-style ( full | relative );
- max\-records <integer>;
- max\-refresh\-time <integer>;
- max\-retry\-time <integer>;
- max\-transfer\-idle\-in <integer>;
- max\-transfer\-time\-in <integer>;
- min\-refresh\-time <integer>;
- min\-retry\-time <integer>;
- multi\-master <boolean>;
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- use\-alt\-transfer\-source <boolean>;
- zone\-statistics ( full | terse | none | <boolean> );
+ type stub;
+
allow\-query { <address_match_element>; ... };
+
allow\-query\-on { <address_match_element>; ... };
+ check\-names ( fail | warn | ignore );
+ database <string>;
+ delegation\-only <boolean>;
+ dialup ( notify | notify\-passive | passive | refresh | <boolean> );
+ file <quoted_string>;
+ forward ( first | only );
+ forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
+ masterfile\-format ( raw | text );
+ masterfile\-style ( full | relative );
+ max\-records <integer>;
+ max\-refresh\-time <integer>;
+ max\-retry\-time <integer>;
+ max\-transfer\-idle\-in <integer>;
+ max\-transfer\-time\-in <integer>;
+ min\-refresh\-time <integer>;
+ min\-retry\-time <integer>;
+ multi\-master <boolean>;
+ primaries [ port <integer> ] [ dscp <integer> ] { ( <remote\-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+ transfer\-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ transfer\-source\-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+ use\-alt\-transfer\-source <boolean>;
+ zone\-statistics ( full | terse | none | <boolean> );
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- type delegation\-only;
+ type delegation\-only;
};
+
.ft P
.fi
.UNINDENT
.nf
.ft C
zone <string> [ <class> ] {
- in\-view <string>;
+ in\-view <string>;
};
+
.ft P
.fi
.UNINDENT
OPTIONS_FILES = \
rndc.grammar \
options \
- options.active \
primary.zoneopt \
secondary.zoneopt \
mirror.zoneopt \
static-stub.zoneopt \
redirect.zoneopt \
delegation-only.zoneopt \
- in-view.zoneopt \
- ../../bin/named/named.conf.rst \
- primary.zoneopt.rst \
- secondary.zoneopt.rst \
- mirror.zoneopt.rst \
- forward.zoneopt.rst \
- hint.zoneopt.rst \
- stub.zoneopt.rst \
- static-stub.zoneopt.rst \
- redirect.zoneopt.rst \
- delegation-only.zoneopt.rst \
- in-view.zoneopt.rst \
- acl.grammar.rst \
- controls.grammar.rst \
- dnssec-policy.grammar.rst \
- key.grammar.rst \
- logging.grammar.rst \
- primaries.grammar.rst \
- options.grammar.rst \
- server.grammar.rst \
- statistics-channels.grammar.rst \
- tls.grammar.rst \
- trust-anchors.grammar.rst \
- managed-keys.grammar.rst \
- trusted-keys.grammar.rst \
- http.grammar.rst \
- parental-agents.grammar.rst
+ in-view.zoneopt
EXTRA_DIST = \
$(OPTIONS_FILES) \
checkgrammar.py \
- format-options.pl \
parsegrammar.py \
- rst-grammars.pl \
- rst-options.pl \
- rst-zoneopt.pl \
sort-options.pl
if MAINTAINER_MODE
options: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@
-options.active: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl > $@
-
primary.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary > $@
secondary.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary > $@
mirror.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror > $@
forward.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward > $@
hint.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint > $@
stub.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub > $@
static-stub.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub > $@
redirect.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect > $@
delegation-only.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only --active > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only > $@
in-view.zoneopt: cfg_test
- $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@
-
-../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst
- $(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@
-
-primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl primary.zoneopt > $@
-
-secondary.zoneopt.rst: secondary.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl secondary.zoneopt > $@
-
-mirror.zoneopt.rst: mirror.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl mirror.zoneopt > $@
-
-forward.zoneopt.rst: forward.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl forward.zoneopt > $@
-
-hint.zoneopt.rst: hint.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl hint.zoneopt > $@
-
-stub.zoneopt.rst: stub.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl stub.zoneopt > $@
-
-static-stub.zoneopt.rst: static-stub.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl static-stub.zoneopt > $@
-
-redirect.zoneopt.rst: redirect.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl redirect.zoneopt > $@
-
-delegation-only.zoneopt.rst: delegation-only.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl delegation-only.zoneopt > $@
-
-in-view.zoneopt.rst: in-view.zoneopt rst-zoneopt.pl
- $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl in-view.zoneopt > $@
-
-acl.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active acl > $@
-
-controls.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active controls > $@
-
-dnssec-policy.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active dnssec-policy > $@
-
-key.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active key > $@
-
-logging.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active logging > $@
-
-primaries.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active primaries > $@
-
-options.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active options > $@
-
-server.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active server > $@
-
-statistics-channels.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active statistics-channels > $@
-
-tls.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active tls > $@
-
-trust-anchors.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trust-anchors > $@
-
-managed-keys.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active managed-keys > $@
-
-trusted-keys.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trusted-keys > $@
-
-http.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active http > $@
-
-parental-agents.grammar.rst: options.active rst-grammars.pl
- $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active parental-agents > $@
+ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view > $@
endif
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- controls {
- inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ];
- unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ];
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type delegation-only;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- dnssec-policy <string> {
- dnskey-ttl <duration>;
- keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
- max-zone-ttl <duration>;
- nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
- parent-ds-ttl <duration>;
- parent-propagation-delay <duration>;
- publish-safety <duration>;
- purge-keys <duration>;
- retire-safety <duration>;
- signatures-refresh <duration>;
- signatures-validity <duration>;
- signatures-validity-dnskey <duration>;
- zone-propagation-delay <duration>;
- };
+++ /dev/null
-#!/usr/bin/perl
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-use Getopt::Long;
-
-my $strip_not_configured = '';
-
-GetOptions ('strip-not-configured' => \$strip_not_configured);
-
-print <<END;
-
-// This is a summary of the named.conf options supported by
-// this version of BIND 9.
-
-END
-
-# Break long lines
-while (<>) {
- chomp;
- s/\t/ /g;
- my $line = $_;
- m!^( *)!;
- my $indent = $1;
- my $comment = "";
- $line =~ s! // not configured,! //! if $strip_not_configured;
- $line =~ s! // not configured!! if $strip_not_configured;
- if ( $line =~ m!//.*! ) {
- $comment = $&;
- $line =~ s!//.*!!;
- }
- my $start = "";
- while (length($line) >= 79 - length($comment)) {
- $_ = $line;
- # this makes sure that the comment has something in front of it
- $len = 75 - length($comment);
- m!^(.{0,$len}) (.*)$!;
- $start = $start.$1."\n";
- $line = $indent." ".$2;
- }
- print $start.$line.$comment."\n";
-}
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type forward;
- delegation-only <boolean>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type hint;
- check-names ( fail | warn | ignore );
- delegation-only <boolean>;
- file <quoted_string>;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- http <string> {
- endpoints { <quoted_string>; ... };
- listener-clients <integer>;
- streams-per-connection <integer>;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- in-view <string>;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- key <string> {
- algorithm <string>;
- secret <string>;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- logging {
- category <string> { <string>; ... };
- channel <string> {
- buffered <boolean>;
- file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
- null;
- print-category <boolean>;
- print-severity <boolean>;
- print-time ( iso8601 | iso8601-utc | local | <boolean> );
- severity <log_severity>;
- stderr;
- syslog [ <syslog_facility> ];
- };
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... };, deprecated
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type mirror;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- check-names ( fail | warn | ignore );
- database <string>;
- file <quoted_string>;
- ixfr-from-differences <boolean>;
- journal <quoted_string>;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- max-ixfr-ratio ( unlimited | <percentage> );
- max-journal-size ( default | unlimited | <sizeval> );
- max-records <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- multi-master <boolean>;
- notify ( explicit | master-only | primary-only | <boolean> );
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- request-expire <boolean>;
- request-ixfr <boolean>;
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- try-tcp-refresh <boolean>;
- use-alt-transfer-source <boolean>;
- zero-no-soa-ttl <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-acl <string> { <address_match_element>; ... }; // may occur multiple times
-
-controls {
- inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
- unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
-}; // may occur multiple times
-
-dlz <string> {
- database <string>;
- search <boolean>;
-}; // may occur multiple times
-
-dnssec-policy <string> {
- dnskey-ttl <duration>;
- keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
- max-zone-ttl <duration>;
- nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
- parent-ds-ttl <duration>;
- parent-propagation-delay <duration>;
- publish-safety <duration>;
- purge-keys <duration>;
- retire-safety <duration>;
- signatures-refresh <duration>;
- signatures-validity <duration>;
- signatures-validity-dnskey <duration>;
- zone-propagation-delay <duration>;
-}; // may occur multiple times
-
-dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
-
-http <string> {
- endpoints { <quoted_string>; ... };
- listener-clients <integer>;
- streams-per-connection <integer>;
-}; // may occur multiple times
-
-key <string> {
- algorithm <string>;
- secret <string>;
-}; // may occur multiple times
-
-logging {
- category <string> { <string>; ... }; // may occur multiple times
- channel <string> {
- buffered <boolean>;
- file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
- null;
- print-category <boolean>;
- print-severity <boolean>;
- print-time ( iso8601 | iso8601-utc | local | <boolean> );
- severity <log_severity>;
- stderr;
- syslog [ <syslog_facility> ];
- }; // may occur multiple times
-};
-
-managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
-
-options {
- allow-new-zones <boolean>;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-cache { <address_match_element>; ... };
- allow-query-cache-on { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-recursion { <address_match_element>; ... };
- allow-recursion-on { <address_match_element>; ... };
- allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- answer-cookie <boolean>;
- attach-cache <string>;
- auth-nxdomain <boolean>;
- auto-dnssec ( allow | maintain | off );
- automatic-interface-scan <boolean>;
- avoid-v4-udp-ports { <portrange>; ... };
- avoid-v6-udp-ports { <portrange>; ... };
- bindkeys-file <quoted_string>;
- blackhole { <address_match_element>; ... };
- catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
- check-dup-records ( fail | warn | ignore );
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
- check-sibling <boolean>;
- check-spf ( warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- clients-per-query <integer>;
- cookie-algorithm ( aes | siphash24 );
- cookie-secret <string>; // may occur multiple times
- coresize ( default | unlimited | <sizeval> );
- datasize ( default | unlimited | <sizeval> );
- deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
- deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
- dialup ( notify | notify-passive | passive | refresh | <boolean> );
- directory <quoted_string>;
- disable-algorithms <string> { <string>; ... }; // may occur multiple times
- disable-ds-digests <string> { <string>; ... }; // may occur multiple times
- disable-empty-zone <string>; // may occur multiple times
- dns64 <netprefix> {
- break-dnssec <boolean>;
- clients { <address_match_element>; ... };
- exclude { <address_match_element>; ... };
- mapped { <address_match_element>; ... };
- recursive-only <boolean>;
- suffix <ipv6_address>;
- }; // may occur multiple times
- dns64-contact <string>;
- dns64-server <string>;
- dnskey-sig-validity <integer>;
- dnsrps-enable <boolean>; // not configured
- dnsrps-options { <unspecified-text> }; // not configured
- dnssec-accept-expired <boolean>;
- dnssec-dnskey-kskonly <boolean>;
- dnssec-loadkeys-interval <integer>;
- dnssec-must-be-secure <string> <boolean>; // may occur multiple times
- dnssec-policy <string>;
- dnssec-secure-to-insecure <boolean>;
- dnssec-update-mode ( maintain | no-resign );
- dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
- dnstap-identity ( <quoted_string> | none | hostname ); // not configured
- dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
- dnstap-version ( <quoted_string> | none ); // not configured
- dscp <integer>;
- dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
- dump-file <quoted_string>;
- edns-udp-size <integer>;
- empty-contact <string>;
- empty-server <string>;
- empty-zones-enable <boolean>;
- fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
- fetches-per-server <integer> [ ( drop | fail ) ];
- fetches-per-zone <integer> [ ( drop | fail ) ];
- files ( default | unlimited | <sizeval> );
- flush-zones-on-shutdown <boolean>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- fstrm-set-buffer-hint <integer>; // not configured
- fstrm-set-flush-timeout <integer>; // not configured
- fstrm-set-input-queue-size <integer>; // not configured
- fstrm-set-output-notify-threshold <integer>; // not configured
- fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
- fstrm-set-output-queue-size <integer>; // not configured
- fstrm-set-reopen-interval <duration>; // not configured
- geoip-directory ( <quoted_string> | none );
- heartbeat-interval <integer>;
- hostname ( <quoted_string> | none );
- http-listener-clients <integer>;
- http-port <integer>;
- http-streams-per-connection <integer>;
- https-port <integer>;
- interface-interval <duration>;
- ipv4only-contact <string>;
- ipv4only-enable <boolean>;
- ipv4only-server <string>;
- ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
- key-directory <quoted_string>;
- lame-ttl <duration>;
- listen-on [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
- listen-on-v6 [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
- lmdb-mapsize <sizeval>;
- lock-file ( <quoted_string> | none );
- managed-keys-directory <quoted_string>;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- match-mapped-addresses <boolean>;
- max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <duration>;
- max-clients-per-query <integer>;
- max-ixfr-ratio ( unlimited | <percentage> );
- max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <duration>;
- max-records <integer>;
- max-recursion-depth <integer>;
- max-recursion-queries <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-rsa-exponent-size <integer>;
- max-stale-ttl <duration>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- max-udp-size <integer>;
- max-zone-ttl ( unlimited | <duration> );
- memstatistics <boolean>;
- memstatistics-file <quoted_string>;
- message-compression <boolean>;
- min-cache-ttl <duration>;
- min-ncache-ttl <duration>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- minimal-any <boolean>;
- minimal-responses ( no-auth | no-auth-recursive | <boolean> );
- multi-master <boolean>;
- new-zones-directory <quoted_string>;
- no-case-compress { <address_match_element>; ... };
- nocookie-udp-size <integer>;
- notify ( explicit | master-only | primary-only | <boolean> );
- notify-delay <integer>;
- notify-rate <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-to-soa <boolean>;
- nta-lifetime <duration>;
- nta-recheck <duration>;
- nxdomain-redirect <string>;
- parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- pid-file ( <quoted_string> | none );
- port <integer>;
- preferred-glue <string>;
- prefetch <integer> [ <integer> ];
- provide-ixfr <boolean>;
- qname-minimization ( strict | relaxed | disabled | off );
- query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- querylog <boolean>;
- random-device ( <quoted_string> | none );
- rate-limit {
- all-per-second <integer>;
- errors-per-second <integer>;
- exempt-clients { <address_match_element>; ... };
- ipv4-prefix-length <integer>;
- ipv6-prefix-length <integer>;
- log-only <boolean>;
- max-table-size <integer>;
- min-table-size <integer>;
- nodata-per-second <integer>;
- nxdomains-per-second <integer>;
- qps-scale <integer>;
- referrals-per-second <integer>;
- responses-per-second <integer>;
- slip <integer>;
- window <integer>;
- };
- recursing-file <quoted_string>;
- recursion <boolean>;
- recursive-clients <integer>;
- request-expire <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- require-server-cookie <boolean>;
- reserved-sockets <integer>; // deprecated
- resolver-nonbackoff-tries <integer>;
- resolver-query-timeout <integer>;
- resolver-retry-interval <integer>;
- response-padding { <address_match_element>; ... } block-size <integer>;
- response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
- reuseport <boolean>;
- root-delegation-only [ exclude { <string>; ... } ];
- root-key-sentinel <boolean>;
- rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
- secroots-file <quoted_string>;
- send-cookie <boolean>;
- serial-query-rate <integer>;
- serial-update-method ( date | increment | unixtime );
- server-id ( <quoted_string> | none | hostname );
- servfail-ttl <duration>;
- session-keyalg <string>;
- session-keyfile ( <quoted_string> | none );
- session-keyname <string>;
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- sortlist { <address_match_element>; ... };
- stacksize ( default | unlimited | <sizeval> );
- stale-answer-client-timeout ( disabled | off | <integer> );
- stale-answer-enable <boolean>;
- stale-answer-ttl <duration>;
- stale-cache-enable <boolean>;
- stale-refresh-time <duration>;
- startup-notify-rate <integer>;
- statistics-file <quoted_string>;
- synth-from-dnssec <boolean>;
- tcp-advertised-timeout <integer>;
- tcp-clients <integer>;
- tcp-idle-timeout <integer>;
- tcp-initial-timeout <integer>;
- tcp-keepalive-timeout <integer>;
- tcp-listen-queue <integer>;
- tcp-receive-buffer <integer>;
- tcp-send-buffer <integer>;
- tkey-dhkey <quoted_string> <integer>;
- tkey-domain <quoted_string>;
- tkey-gssapi-credential <quoted_string>;
- tkey-gssapi-keytab <quoted_string>;
- tls-port <integer>;
- transfer-format ( many-answers | one-answer );
- transfer-message-size <integer>;
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfers-in <integer>;
- transfers-out <integer>;
- transfers-per-ns <integer>;
- trust-anchor-telemetry <boolean>; // experimental
- try-tcp-refresh <boolean>;
- udp-receive-buffer <integer>;
- udp-send-buffer <integer>;
- update-check-ksk <boolean>;
- use-alt-transfer-source <boolean>;
- use-v4-udp-ports { <portrange>; ... };
- use-v6-udp-ports { <portrange>; ... };
- v6-bias <integer>;
- validate-except { <string>; ... };
- version ( <quoted_string> | none );
- zero-no-soa-ttl <boolean>;
- zero-no-soa-ttl-cache <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
-};
-
-parental-agents <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
-
-plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
-
-primaries <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
-
-server <netprefix> {
- bogus <boolean>;
- edns <boolean>;
- edns-udp-size <integer>;
- edns-version <integer>;
- keys <server_key>;
- max-udp-size <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- padding <integer>;
- provide-ixfr <boolean>;
- query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- request-expire <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- send-cookie <boolean>;
- tcp-keepalive <boolean>;
- tcp-only <boolean>;
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfers <integer>;
-}; // may occur multiple times
-
-statistics-channels {
- inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
-}; // may occur multiple times
-
-tls <string> {
- ca-file <quoted_string>;
- cert-file <quoted_string>;
- ciphers <string>;
- dhparam-file <quoted_string>;
- key-file <quoted_string>;
- prefer-server-ciphers <boolean>;
- protocols { <string>; ... };
- remote-hostname <quoted_string>;
- session-tickets <boolean>;
-}; // may occur multiple times
-
-trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
-
-trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
-
-view <string> [ <class> ] {
- allow-new-zones <boolean>;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-cache { <address_match_element>; ... };
- allow-query-cache-on { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-recursion { <address_match_element>; ... };
- allow-recursion-on { <address_match_element>; ... };
- allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- attach-cache <string>;
- auth-nxdomain <boolean>;
- auto-dnssec ( allow | maintain | off );
- catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
- check-dup-records ( fail | warn | ignore );
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
- check-sibling <boolean>;
- check-spf ( warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- clients-per-query <integer>;
- deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
- deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
- dialup ( notify | notify-passive | passive | refresh | <boolean> );
- disable-algorithms <string> { <string>; ... }; // may occur multiple times
- disable-ds-digests <string> { <string>; ... }; // may occur multiple times
- disable-empty-zone <string>; // may occur multiple times
- dlz <string> {
- database <string>;
- search <boolean>;
- }; // may occur multiple times
- dns64 <netprefix> {
- break-dnssec <boolean>;
- clients { <address_match_element>; ... };
- exclude { <address_match_element>; ... };
- mapped { <address_match_element>; ... };
- recursive-only <boolean>;
- suffix <ipv6_address>;
- }; // may occur multiple times
- dns64-contact <string>;
- dns64-server <string>;
- dnskey-sig-validity <integer>;
- dnsrps-enable <boolean>; // not configured
- dnsrps-options { <unspecified-text> }; // not configured
- dnssec-accept-expired <boolean>;
- dnssec-dnskey-kskonly <boolean>;
- dnssec-loadkeys-interval <integer>;
- dnssec-must-be-secure <string> <boolean>; // may occur multiple times
- dnssec-policy <string>;
- dnssec-secure-to-insecure <boolean>;
- dnssec-update-mode ( maintain | no-resign );
- dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
- dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
- dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
- edns-udp-size <integer>;
- empty-contact <string>;
- empty-server <string>;
- empty-zones-enable <boolean>;
- fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
- fetches-per-server <integer> [ ( drop | fail ) ];
- fetches-per-zone <integer> [ ( drop | fail ) ];
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- ipv4only-contact <string>;
- ipv4only-enable <boolean>;
- ipv4only-server <string>;
- ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
- key <string> {
- algorithm <string>;
- secret <string>;
- }; // may occur multiple times
- key-directory <quoted_string>;
- lame-ttl <duration>;
- lmdb-mapsize <sizeval>;
- managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- match-clients { <address_match_element>; ... };
- match-destinations { <address_match_element>; ... };
- match-recursive-only <boolean>;
- max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <duration>;
- max-clients-per-query <integer>;
- max-ixfr-ratio ( unlimited | <percentage> );
- max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <duration>;
- max-records <integer>;
- max-recursion-depth <integer>;
- max-recursion-queries <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-stale-ttl <duration>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- max-udp-size <integer>;
- max-zone-ttl ( unlimited | <duration> );
- message-compression <boolean>;
- min-cache-ttl <duration>;
- min-ncache-ttl <duration>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- minimal-any <boolean>;
- minimal-responses ( no-auth | no-auth-recursive | <boolean> );
- multi-master <boolean>;
- new-zones-directory <quoted_string>;
- no-case-compress { <address_match_element>; ... };
- nocookie-udp-size <integer>;
- notify ( explicit | master-only | primary-only | <boolean> );
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-to-soa <boolean>;
- nta-lifetime <duration>;
- nta-recheck <duration>;
- nxdomain-redirect <string>;
- parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
- preferred-glue <string>;
- prefetch <integer> [ <integer> ];
- provide-ixfr <boolean>;
- qname-minimization ( strict | relaxed | disabled | off );
- query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- rate-limit {
- all-per-second <integer>;
- errors-per-second <integer>;
- exempt-clients { <address_match_element>; ... };
- ipv4-prefix-length <integer>;
- ipv6-prefix-length <integer>;
- log-only <boolean>;
- max-table-size <integer>;
- min-table-size <integer>;
- nodata-per-second <integer>;
- nxdomains-per-second <integer>;
- qps-scale <integer>;
- referrals-per-second <integer>;
- responses-per-second <integer>;
- slip <integer>;
- window <integer>;
- };
- recursion <boolean>;
- request-expire <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- require-server-cookie <boolean>;
- resolver-nonbackoff-tries <integer>;
- resolver-query-timeout <integer>;
- resolver-retry-interval <integer>;
- response-padding { <address_match_element>; ... } block-size <integer>;
- response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
- root-delegation-only [ exclude { <string>; ... } ];
- root-key-sentinel <boolean>;
- rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
- send-cookie <boolean>;
- serial-update-method ( date | increment | unixtime );
- server <netprefix> {
- bogus <boolean>;
- edns <boolean>;
- edns-udp-size <integer>;
- edns-version <integer>;
- keys <server_key>;
- max-udp-size <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- padding <integer>;
- provide-ixfr <boolean>;
- query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- request-expire <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- send-cookie <boolean>;
- tcp-keepalive <boolean>;
- tcp-only <boolean>;
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfers <integer>;
- }; // may occur multiple times
- servfail-ttl <duration>;
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- sortlist { <address_match_element>; ... };
- stale-answer-client-timeout ( disabled | off | <integer> );
- stale-answer-enable <boolean>;
- stale-answer-ttl <duration>;
- stale-cache-enable <boolean>;
- stale-refresh-time <duration>;
- synth-from-dnssec <boolean>;
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- trust-anchor-telemetry <boolean>; // experimental
- trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
- trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
- try-tcp-refresh <boolean>;
- update-check-ksk <boolean>;
- use-alt-transfer-source <boolean>;
- v6-bias <integer>;
- validate-except { <string>; ... };
- zero-no-soa-ttl <boolean>;
- zero-no-soa-ttl-cache <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
-}; // may occur multiple times
-
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- options {
- allow-new-zones <boolean>;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-cache { <address_match_element>; ... };
- allow-query-cache-on { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-recursion { <address_match_element>; ... };
- allow-recursion-on { <address_match_element>; ... };
- allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- answer-cookie <boolean>;
- attach-cache <string>;
- auth-nxdomain <boolean>;
- auto-dnssec ( allow | maintain | off );
- automatic-interface-scan <boolean>;
- avoid-v4-udp-ports { <portrange>; ... };
- avoid-v6-udp-ports { <portrange>; ... };
- bindkeys-file <quoted_string>;
- blackhole { <address_match_element>; ... };
- catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
- check-dup-records ( fail | warn | ignore );
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore );
- check-sibling <boolean>;
- check-spf ( warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- clients-per-query <integer>;
- cookie-algorithm ( aes | siphash24 );
- cookie-secret <string>;
- coresize ( default | unlimited | <sizeval> );
- datasize ( default | unlimited | <sizeval> );
- deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
- deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
- dialup ( notify | notify-passive | passive | refresh | <boolean> );
- directory <quoted_string>;
- disable-algorithms <string> { <string>; ... };
- disable-ds-digests <string> { <string>; ... };
- disable-empty-zone <string>;
- dns64 <netprefix> {
- break-dnssec <boolean>;
- clients { <address_match_element>; ... };
- exclude { <address_match_element>; ... };
- mapped { <address_match_element>; ... };
- recursive-only <boolean>;
- suffix <ipv6_address>;
- };
- dns64-contact <string>;
- dns64-server <string>;
- dnskey-sig-validity <integer>;
- dnsrps-enable <boolean>;
- dnsrps-options { <unspecified-text> };
- dnssec-accept-expired <boolean>;
- dnssec-dnskey-kskonly <boolean>;
- dnssec-loadkeys-interval <integer>;
- dnssec-must-be-secure <string> <boolean>;
- dnssec-policy <string>;
- dnssec-secure-to-insecure <boolean>;
- dnssec-update-mode ( maintain | no-resign );
- dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... };
- dnstap-identity ( <quoted_string> | none | hostname );
- dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ];
- dnstap-version ( <quoted_string> | none );
- dscp <integer>;
- dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
- dump-file <quoted_string>;
- edns-udp-size <integer>;
- empty-contact <string>;
- empty-server <string>;
- empty-zones-enable <boolean>;
- fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
- fetches-per-server <integer> [ ( drop | fail ) ];
- fetches-per-zone <integer> [ ( drop | fail ) ];
- files ( default | unlimited | <sizeval> );
- flush-zones-on-shutdown <boolean>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- fstrm-set-buffer-hint <integer>;
- fstrm-set-flush-timeout <integer>;
- fstrm-set-input-queue-size <integer>;
- fstrm-set-output-notify-threshold <integer>;
- fstrm-set-output-queue-model ( mpsc | spsc );
- fstrm-set-output-queue-size <integer>;
- fstrm-set-reopen-interval <duration>;
- geoip-directory ( <quoted_string> | none );
- heartbeat-interval <integer>;
- hostname ( <quoted_string> | none );
- http-listener-clients <integer>;
- http-port <integer>;
- http-streams-per-connection <integer>;
- https-port <integer>;
- interface-interval <duration>;
- ipv4only-contact <string>;
- ipv4only-enable <boolean>;
- ipv4only-server <string>;
- ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
- key-directory <quoted_string>;
- lame-ttl <duration>;
- listen-on [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... };
- listen-on-v6 [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... };
- lmdb-mapsize <sizeval>;
- lock-file ( <quoted_string> | none );
- managed-keys-directory <quoted_string>;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- match-mapped-addresses <boolean>;
- max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <duration>;
- max-clients-per-query <integer>;
- max-ixfr-ratio ( unlimited | <percentage> );
- max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <duration>;
- max-records <integer>;
- max-recursion-depth <integer>;
- max-recursion-queries <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-rsa-exponent-size <integer>;
- max-stale-ttl <duration>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- max-udp-size <integer>;
- max-zone-ttl ( unlimited | <duration> );
- memstatistics <boolean>;
- memstatistics-file <quoted_string>;
- message-compression <boolean>;
- min-cache-ttl <duration>;
- min-ncache-ttl <duration>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- minimal-any <boolean>;
- minimal-responses ( no-auth | no-auth-recursive | <boolean> );
- multi-master <boolean>;
- new-zones-directory <quoted_string>;
- no-case-compress { <address_match_element>; ... };
- nocookie-udp-size <integer>;
- notify ( explicit | master-only | primary-only | <boolean> );
- notify-delay <integer>;
- notify-rate <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-to-soa <boolean>;
- nta-lifetime <duration>;
- nta-recheck <duration>;
- nxdomain-redirect <string>;
- parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- pid-file ( <quoted_string> | none );
- port <integer>;
- preferred-glue <string>;
- prefetch <integer> [ <integer> ];
- provide-ixfr <boolean>;
- qname-minimization ( strict | relaxed | disabled | off );
- query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- querylog <boolean>;
- random-device ( <quoted_string> | none );
- rate-limit {
- all-per-second <integer>;
- errors-per-second <integer>;
- exempt-clients { <address_match_element>; ... };
- ipv4-prefix-length <integer>;
- ipv6-prefix-length <integer>;
- log-only <boolean>;
- max-table-size <integer>;
- min-table-size <integer>;
- nodata-per-second <integer>;
- nxdomains-per-second <integer>;
- qps-scale <integer>;
- referrals-per-second <integer>;
- responses-per-second <integer>;
- slip <integer>;
- window <integer>;
- };
- recursing-file <quoted_string>;
- recursion <boolean>;
- recursive-clients <integer>;
- request-expire <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- require-server-cookie <boolean>;
- reserved-sockets <integer>; // deprecated
- resolver-nonbackoff-tries <integer>;
- resolver-query-timeout <integer>;
- resolver-retry-interval <integer>;
- response-padding { <address_match_element>; ... } block-size <integer>;
- response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
- reuseport <boolean>;
- root-delegation-only [ exclude { <string>; ... } ];
- root-key-sentinel <boolean>;
- rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
- secroots-file <quoted_string>;
- send-cookie <boolean>;
- serial-query-rate <integer>;
- serial-update-method ( date | increment | unixtime );
- server-id ( <quoted_string> | none | hostname );
- servfail-ttl <duration>;
- session-keyalg <string>;
- session-keyfile ( <quoted_string> | none );
- session-keyname <string>;
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- sortlist { <address_match_element>; ... };
- stacksize ( default | unlimited | <sizeval> );
- stale-answer-client-timeout ( disabled | off | <integer> );
- stale-answer-enable <boolean>;
- stale-answer-ttl <duration>;
- stale-cache-enable <boolean>;
- stale-refresh-time <duration>;
- startup-notify-rate <integer>;
- statistics-file <quoted_string>;
- synth-from-dnssec <boolean>;
- tcp-advertised-timeout <integer>;
- tcp-clients <integer>;
- tcp-idle-timeout <integer>;
- tcp-initial-timeout <integer>;
- tcp-keepalive-timeout <integer>;
- tcp-listen-queue <integer>;
- tcp-receive-buffer <integer>;
- tcp-send-buffer <integer>;
- tkey-dhkey <quoted_string> <integer>;
- tkey-domain <quoted_string>;
- tkey-gssapi-credential <quoted_string>;
- tkey-gssapi-keytab <quoted_string>;
- tls-port <integer>;
- transfer-format ( many-answers | one-answer );
- transfer-message-size <integer>;
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfers-in <integer>;
- transfers-out <integer>;
- transfers-per-ns <integer>;
- trust-anchor-telemetry <boolean>; // experimental
- try-tcp-refresh <boolean>;
- udp-receive-buffer <integer>;
- udp-send-buffer <integer>;
- update-check-ksk <boolean>;
- use-alt-transfer-source <boolean>;
- use-v4-udp-ports { <portrange>; ... };
- use-v6-udp-ports { <portrange>; ... };
- v6-bias <integer>;
- validate-except { <string>; ... };
- version ( <quoted_string> | none );
- zero-no-soa-ttl <boolean>;
- zero-no-soa-ttl-cache <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- parental-agents <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- primaries <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type primary;
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
- check-dup-records ( fail | warn | ignore );
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( fail | warn | ignore );
- check-sibling <boolean>;
- check-spf ( warn | ignore );
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- database <string>;
- dialup ( notify | notify-passive | passive | refresh | <boolean> );
- dlz <string>;
- dnskey-sig-validity <integer>;
- dnssec-dnskey-kskonly <boolean>;
- dnssec-loadkeys-interval <integer>;
- dnssec-policy <string>;
- dnssec-secure-to-insecure <boolean>;
- dnssec-update-mode ( maintain | no-resign );
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- inline-signing <boolean>;
- ixfr-from-differences <boolean>;
- journal <quoted_string>;
- key-directory <quoted_string>;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- max-ixfr-ratio ( unlimited | <percentage> );
- max-journal-size ( default | unlimited | <sizeval> );
- max-records <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-out <integer>;
- max-zone-ttl ( unlimited | <duration> );
- notify ( explicit | master-only | primary-only | <boolean> );
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-to-soa <boolean>;
- parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- serial-update-method ( date | increment | unixtime );
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- update-check-ksk <boolean>;
- update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
- zero-no-soa-ttl <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type redirect;
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- dlz <string>;
- file <quoted_string>;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- max-records <integer>;
- max-zone-ttl ( unlimited | <duration> );
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-#!/usr/bin/perl
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-use warnings;
-use strict;
-
-if (@ARGV < 2) {
- print STDERR <<'END';
-usage:
- perl docbook-options.pl options_file section > section.grammar.xml
-END
- exit 1;
-}
-
-my $FILE = shift;
-my $SECTION = shift;
-
-open (FH, "<", $FILE) or die "Can't open $FILE";
-
-print <<END;
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
-END
-
-# skip preamble
-my $preamble = 0;
-while (<FH>) {
- if (m{^\s*$}) {
- last if $preamble > 0;
- } else {
- $preamble++;
- }
-}
-
-my $display = 0;
-while (<FH>) {
- if (m{^$SECTION\b}) {
- $display = 1
- }
-
- if (m{// not.*implemented} || m{// obsolete} ||
- m{// ancient} || m{// test.*only})
- {
- next;
- }
-
- s{ // not configured}{};
- s{ // non-operational}{};
- s{ // may occur multiple times}{};
- s{[[]}{[}g;
- s{[]]}{]}g;
- s{ }{\t}g;
-
- if (m{^\s*$} && $display) {
- last;
- }
- if ($display) {
- print " " . $_;
- }
-}
+++ /dev/null
-#!/usr/bin/perl
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-use warnings;
-use strict;
-
-if (@ARGV < 1) {
- print STDERR <<'END';
-usage:
- perl rst-options.pl options_file >named.conf.rst
-END
- exit 1;
-}
-
-my $FILE = shift;
-
-open (FH, "<", $FILE) or die "Can't open $FILE";
-
-print <<END;
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-END
-
-print <<END;
-.. highlight: console
-
-.. iscman:: named.conf
-
-named.conf - configuration file for **named**
----------------------------------------------
-
-Synopsis
-~~~~~~~~
-
-:program:`named.conf`
-
-Description
-~~~~~~~~~~~
-
-:file:`named.conf` is the configuration file for :iscman:`named`.
-Statements are enclosed in braces and terminated with a semi-colon.
-Clauses in the statements are also semi-colon terminated. The usual
-comment styles are supported:
-
-C style: /\\* \\*/
-
- C++ style: // to end of line
-
-Unix style: # to end of line
-
-END
-
-# skip preamble
-my $preamble = 0;
-while (<FH>) {
- if (m{^\s*$}) {
- last if $preamble > 0;
- } else {
- $preamble++;
- }
-}
-
-my $UNDERLINE;
-
-my $blank = 0;
-while (<FH>) {
- if (m{// not.*implemented} || m{// obsolete} ||
- m{// ancient} || m{// test.*only})
- {
- next;
- }
-
- s{ // not configured}{};
- s{ // non-operational}{};
- s{ (// )*may occur multiple times}{};
- s{<([a-z0-9_-]+)>}{$1}g;
- s{ // deprecated,*}{// deprecated};
- s{[[]}{[}g;
- s{[]]}{]}g;
- s{ }{\t}g;
- if (m{^([a-z0-9-]+) }) {
- my $HEADING = uc $1;
- $UNDERLINE = $HEADING;
- $UNDERLINE =~ s/./^/g;
- print $HEADING . "\n";
- print $UNDERLINE . "\n\n";
- if ($HEADING eq "TRUSTED-KEYS") {
- print "Deprecated - see DNSSEC-KEYS.\n\n";
- }
- if ($HEADING eq "MANAGED-KEYS") {
- print "See DNSSEC-KEYS.\n\n" ;
- }
- print "::\n\n";
- }
-
- if (m{^\s*$}) {
- if (!$blank) {
- print "\n";
- $blank = 1;
- }
- next;
- } else {
- $blank = 0;
- }
- print " " . $_;
-
-}
-
-print "ZONE\n";
-$UNDERLINE = "ZONE";
-$UNDERLINE =~ s/./^/g;
-print $UNDERLINE . "\n\n";
-print "Any of these zone statements can also be set inside the view statement.\n\n";
-
-print <<END;
-.. include:: ../../doc/misc/primary.zoneopt.rst
-.. include:: ../../doc/misc/secondary.zoneopt.rst
-.. include:: ../../doc/misc/mirror.zoneopt.rst
-.. include:: ../../doc/misc/forward.zoneopt.rst
-.. include:: ../../doc/misc/hint.zoneopt.rst
-.. include:: ../../doc/misc/redirect.zoneopt.rst
-.. include:: ../../doc/misc/static-stub.zoneopt.rst
-.. include:: ../../doc/misc/stub.zoneopt.rst
-.. include:: ../../doc/misc/delegation-only.zoneopt.rst
-.. include:: ../../doc/misc/in-view.zoneopt.rst
-
-Files
-~~~~~
-
-|named_conf|
-
-See Also
-~~~~~~~~
-
-:iscman:`named(8) <named>`, :iscman:`named-checkconf(8) <named-checkconf>`, :iscman:`rndc(8) <rndc>`, :iscman:`rndc-confgen(8) <rndc-confgen>`, :iscman:`tsig-keygen(8) <tsig-keygen>`, BIND 9 Administrator Reference Manual.
-
-END
+++ /dev/null
-#!/usr/bin/perl
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-use warnings;
-use strict;
-
-if (@ARGV < 1) {
- print STDERR <<'END';
-usage:
- perl rst-zoneopt.pl zoneopt_file
-END
- exit 1;
-}
-
-my $FILE = shift;
-
-open (FH, "<", $FILE) or die "Can't open $FILE";
-
-print <<END;
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
-END
-
-while (<FH>) {
- if (m{// not.*implemented} || m{// obsolete} ||
- m{// ancient} || m{// test.*only})
- {
- next;
- }
-
- s{ // not configured}{};
- s{ // may occur multiple times}{};
- s{[[]}{[}g;
- s{[]]}{]}g;
- s{ }{\t}g;
-
- print " " . $_;
-}
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
+ nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type secondary;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- auto-dnssec ( allow | maintain | off );
- check-names ( fail | warn | ignore );
- database <string>;
- dialup ( notify | notify-passive | passive | refresh | <boolean> );
- dlz <string>;
- dnskey-sig-validity <integer>;
- dnssec-dnskey-kskonly <boolean>;
- dnssec-loadkeys-interval <integer>;
- dnssec-policy <string>;
- dnssec-update-mode ( maintain | no-resign );
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- inline-signing <boolean>;
- ixfr-from-differences <boolean>;
- journal <quoted_string>;
- key-directory <quoted_string>;
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- max-ixfr-ratio ( unlimited | <percentage> );
- max-journal-size ( default | unlimited | <sizeval> );
- max-records <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- multi-master <boolean>;
- notify ( explicit | master-only | primary-only | <boolean> );
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-to-soa <boolean>;
- parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- request-expire <boolean>;
- request-ixfr <boolean>;
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- try-tcp-refresh <boolean>;
- update-check-ksk <boolean>;
- use-alt-transfer-source <boolean>;
- zero-no-soa-ttl <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- server <netprefix> {
- bogus <boolean>;
- edns <boolean>;
- edns-udp-size <integer>;
- edns-version <integer>;
- keys <server_key>;
- max-udp-size <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- padding <integer>;
- provide-ixfr <boolean>;
- query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
- request-expire <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- send-cookie <boolean>;
- tcp-keepalive <boolean>;
- tcp-only <boolean>;
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfers <integer>;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type static-stub;
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- max-records <integer>;
- server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
- server-names { <string>; ... };
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- statistics-channels {
- inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ];
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- zone <string> [ <class> ] {
- type stub;
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- check-names ( fail | warn | ignore );
- database <string>;
- delegation-only <boolean>;
- dialup ( notify | notify-passive | passive | refresh | <boolean> );
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
- masterfile-format ( raw | text );
- masterfile-style ( full | relative );
- max-records <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-time-in <integer>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- multi-master <boolean>;
- primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
- use-alt-transfer-source <boolean>;
- zone-statistics ( full | terse | none | <boolean> );
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- tls <string> {
- ca-file <quoted_string>;
- cert-file <quoted_string>;
- ciphers <string>;
- dhparam-file <quoted_string>;
- key-file <quoted_string>;
- prefer-server-ciphers <boolean>;
- protocols { <string>; ... };
- remote-hostname <quoted_string>;
- session-tickets <boolean>;
- };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... };
+++ /dev/null
-.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-..
-.. SPDX-License-Identifier: MPL-2.0
-..
-.. This Source Code Form is subject to the terms of the Mozilla Public
-.. License, v. 2.0. If a copy of the MPL was not distributed with this
-.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
-..
-.. See the COPYRIGHT file distributed with this work for additional
-.. information regarding copyright ownership.
-
-::
-
- trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };, deprecated
projects / thirdparty / bind9.git / commitdiff
