-Summary of functional enhancements from prior major releases of BIND 9:
-
-BIND 9.8.0
-
- BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
- releases. New features include:
-
- - Built-in trust anchor for the root zone, which can be
- switched on via "dnssec-validation auto;"
- - Support for DNS64.
- - Support for response policy zones (RPZ).
- - Support for writable DLZ zones.
- - Improved ease of configuration of GSS/TSIG for
- interoperability with Active Directory
- - Support for GOST signing algorithm for DNSSEC.
- - Removed RTT Banding from server selection algorithm.
- - New "static-stub" zone type.
- - Allow configuration of resolver timeouts via
- "resolver-query-timeout" option.
- - The DLZ "dlopen" driver is now built by default.
- - Added a new include file with function typedefs
- for the DLZ "dlopen" driver.
- - Made "--with-gssapi" default.
- - More verbose error reporting from DLZ LDAP.
-
-BIND 9.7.0
-
- BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
- releases. Most are intended to simplify DNSSEC configuration.
- New features include:
-
- - Fully automatic signing of zones by "named".
- - Simplified configuration of DNSSEC Lookaside Validation (DLV).
- - Simplified configuration of Dynamic DNS, using the "ddns-confgen"
- command line tool or the "local" update-policy option. (As a side
- effect, this also makes it easier to configure automatic zone
- re-signing.)
- - New named option "attach-cache" that allows multiple views to
- share a single cache.
- - DNS rebinding attack prevention.
- - New default values for dnssec-keygen parameters.
- - Support for RFC 5011 automated trust anchor maintenance
- - Smart signing: simplified tools for zone signing and key
- maintenance.
- - The "statistics-channels" option is now available on Windows.
- - A new DNSSEC-aware libdns API for use by non-BIND9 applications
- - On some platforms, named and other binaries can now print out
- a stack backtrace on assertion failure, to aid in debugging.
- - A "tools only" installation mode on Windows, which only installs
- dig, host, nslookup and nsupdate.
- - Improved PKCS#11 support, including Keyper support and explicit
- OpenSSL engine selection.
-
-BIND 9.6.0
-
- Full NSEC3 support
-
- Automatic zone re-signing
-
- New update-policy methods tcp-self and 6to4-self
-
- The BIND 8 resolver library, libbind, has been removed from the
- BIND 9 distribution and is now available as a separate download.
-
- Change the default pid file location from /var/run to
- /var/run/{named,lwresd} for improved chroot/setuid support.
-
-BIND 9.5.0
-
- GSS-TSIG support (RFC 3645).
-
- DHCID support.
-
- Experimental http server and statistics support for named via xml.
-
- More detailed statistics counters including those supported in BIND 8.
-
- Faster ACL processing.
-
- Use Doxygen to generate internal documentation.
-
- Efficient LRU cache-cleaning mechanism.
-
- NSID support.
-
-BIND 9.4.0
-
- Implemented "additional section caching (or acache)", an
- internal cache framework for additional section content to
- improve response performance. Several configuration options
- were provided to control the behavior.
-
- New notify type 'master-only'. Enable notify for master
- zones only.
-
- Accept 'notify-source' style syntax for query-source.
-
- rndc now allows addresses to be set in the server clauses.
-
- New option "allow-query-cache". This lets "allow-query"
- be used to specify the default zone access level rather
- than having to have every zone override the global value.
- "allow-query-cache" can be set at both the options and view
- levels. If "allow-query-cache" is not set then "allow-recursion"
- is used if set, otherwise "allow-query" is used if set
- unless "recursion no;" is set in which case "none;" is used,
- otherwise the default (localhost; localnets;) is used.
-
- rndc: the source address can now be specified.
-
- ixfr-from-differences now takes master and slave in addition
- to yes and no at the options and view levels.
-
- Allow the journal's name to be changed via named.conf.
-
- 'rndc notify zone [class [view]]' resend the NOTIFY messages
- for the specified zone.
-
- 'dig +trace' now randomly selects the next servers to try.
- Report if there is a bad delegation.
-
- Improve check-names error messages.
-
- Make public the function to read a key file, dst_key_read_public().
-
- dig now returns the byte count for axfr/ixfr.
-
- allow-update is now settable at the options / view level.
-
- named-checkconf now checks the logging configuration.
-
- host now can turn on memory debugging flags with '-m'.
-
- Don't send notify messages to self.
-
- Perform sanity checks on NS records which refer to 'in zone' names.
-
- New zone option "notify-delay". Specify a minimum delay
- between sets of NOTIFY messages.
-
- Extend adjusting TTL warning messages.
-
- Named and named-checkzone can now both check for non-terminal
- wildcard records.
-
- "rndc freeze/thaw" now freezes/thaws all zones.
-
- named-checkconf now check acls to verify that they only
- refer to existing acls.
-
- The server syntax has been extended to support a range of
- servers.
-
- Report differences between hints and real NS rrset and
- associated address records.
-
- Preserve the case of domain names in rdata during zone
- transfers.
-
- Restructured the data locking framework using architecture
- dependent atomic operations (when available), improving
- response performance on multi-processor machines significantly.
- x86, x86_64, alpha, powerpc, and mips are currently supported.
-
- UNIX domain controls are now supported.
-
- Add support for additional zone file formats for improving
- loading performance. The masterfile-format option in
- named.conf can be used to specify a non-default format. A
- separate command named-compilezone was provided to generate
- zone files in the new format. Additionally, the -I and -O
- options for dnssec-signzone specify the input and output
- formats.
-
- dnssec-signzone can now randomize signature end times
- (dnssec-signzone -j jitter).
-
- Add support for CH A record.
-
- Add additional zone data constancy checks. named-checkzone
- has extended checking of NS, MX and SRV record and the hosts
- they reference. named has extended post zone load checks.
- New zone options: check-mx and integrity-check.
-
-
- edns-udp-size can now be overridden on a per server basis.
-
- dig can now specify the EDNS version when making a query.
-
- Added framework for handling multiple EDNS versions.
-
- Additional memory debugging support to track size and mctx
- arguments.
-
- Detect duplicates of UDP queries we are recursing on and
- drop them. New stats category "duplicates".
-
- "USE INTERNAL MALLOC" is now runtime selectable.
-
- The lame cache is now done on a <qname,qclass,qtype> basis
- as some servers only appear to be lame for certain query
- types.
-
- Limit the number of recursive clients that can be waiting
- for a single query (<qname,qtype,qclass>) to resolve. New
- options clients-per-query and max-clients-per-query.
-
- dig: report the number of extra bytes still left in the
- packet after processing all the records.
-
- Support for IPSECKEY rdata type.
-
- Raise the UDP recieve buffer size to 32k if it is less than 32k.
-
- x86 and x86_64 now have seperate atomic locking implementations.
-
- named-checkconf now validates update-policy entries.
-
- Attempt to make the amount of work performed in a iteration
- self tuning. The covers nodes clean from the cache per
- iteration, nodes written to disk when rewriting a master
- file and nodes destroyed per iteration when destroying a
- zone or a cache.
-
- ISC string copy API.
-
- Automatic empty zone creation for D.F.IP6.ARPA and friends.
- Note: RFC 1918 zones are not yet covered by this but are
- likely to be in a future release.
-
- New options: empty-server, empty-contact, empty-zones-enable
- and disable-empty-zone.
-
- dig now has a '-q queryname' and '+showsearch' options.
-
- host/nslookup now continue (default)/fail on SERVFAIL.
-
- dig now warns if 'RA' is not set in the answer when 'RD'
- was set in the query. host/nslookup skip servers that fail
- to set 'RA' when 'RD' is set unless a server is explicitly
- set.
-
- Integrate contibuted DLZ code into named.
-
- Integrate contibuted IDN code from JPNIC.
-
- libbind: corresponds to that from BIND 8.4.7.
-
-BIND 9.3.0
-
- DNSSEC is now DS based (RFC 3658).
- See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
-
- DNSSEC lookaside validation.
-
- check-names is now implemented.
- rrset-order in more complete.
-
- IPv4/IPv6 transition support, dual-stack-servers.
-
- IXFR deltas can now be generated when loading master files,
- ixfr-from-differences.
-
- It is now possible to specify the size of a journal, max-journal-size.
-
- It is now possible to define a named set of master servers to be
- used in masters clause, masters.
-
- The advertised EDNS UDP size can now be set, edns-udp-size.
-
- allow-v6-synthesis has been obsoleted.
-
- NOTE:
- * Zones containing MD and MF will now be rejected.
- * dig, nslookup name. now report "Not Implemented" as
- NOTIMP rather than NOTIMPL. This will have impact on scripts
- that are looking for NOTIMPL.
-
- libbind: corresponds to that from BIND 8.4.5.
-
-BIND 9.2.0
-
- The size of the cache can now be limited using the
- "max-cache-size" option.
-
- The server can now automatically convert RFC1886-style recursive
- lookup requests into RFC2874-style lookups, when enabled using the
- new option "allow-v6-synthesis". This allows stub resolvers that
- support AAAA records but not A6 record chains or binary labels to
- perform lookups in domains that make use of these IPv6 DNS
- features.
-
- Performance has been improved.
-
- The man pages now use the more portable "man" macros rather than
- the "mandoc" macros, and are installed by "make install".
-
- The named.conf parser has been completely rewritten. It now
- supports "include" directives in more places such as inside "view"
- statements, and it no longer has any reserved words.
-
- The "rndc status" command is now implemented.
-
- rndc can now be configured automatically.
-
- A BIND 8 compatible stub resolver library is now included in
- lib/bind.
-
- OpenSSL has been removed from the distribution. This means that to
- use DNSSEC, OpenSSL must be installed and the --with-openssl option
- must be supplied to configure. This does not apply to the use of
- TSIG, which does not require OpenSSL.
-
- The source distribution now builds on Windows. See
- win32utils/readme1.txt and win32utils/win32-build.txt for details.
-
- This distribution also includes a new lightweight stub
- resolver library and associated resolver daemon that fully
- support forward and reverse lookups of both IPv4 and IPv6
- addresses. This library is considered experimental and
- is not a complete replacement for the BIND 8 resolver library.
- Applications that use the BIND 8 res_* functions to perform
- DNS lookups or dynamic updates still need to be linked against
- the BIND 8 libraries. For DNS lookups, they can also use the
- new "getrrsetbyname()" API.
-
- BIND 9.2 is capable of acting as an authoritative server
- for DNSSEC secured zones. This functionality is believed to
- be stable and complete except for lacking support for
- verifications involving wildcard records in secure zones.
-
- When acting as a caching server, BIND 9.2 can be configured
- to perform DNSSEC secure resolution on behalf of its clients.
- This part of the DNSSEC implementation is still considered
- experimental. For detailed information about the state of the
- DNSSEC implementation, see the file doc/misc/dnssec.
-
- There are a few known bugs:
-
- On some systems, IPv6 and IPv4 sockets interact in
- unexpected ways. For details, see doc/misc/ipv6.
- To reduce the impact of these problems, the server
- no longer listens for requests on IPv6 addresses
- by default. If you need to accept DNS queries over
- IPv6, you must specify "listen-on-v6 { any; };"
- in the named.conf options statement.
-
- FreeBSD prior to 4.2 (and 4.2 if running as non-root)
- and OpenBSD prior to 2.8 log messages like
- "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
- This is due to a bug in "/dev/random" and impacts the
- server's DNSSEC support.
-
- OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
- OS X 10.2 (Darwin 6.0) reports errors like
- "fcntl(3, F_SETFL, 4): Operation not supported by device".
- This is due to a bug in "/dev/random" and impacts the
- server's DNSSEC support.
-
- --with-libtool does not work on AIX.
-
- A bug in some versions of the Microsoft DNS server can cause zone
- transfers from a BIND 9 server to a W2K server to fail. For details,
- see the "Zone Transfers" section in doc/misc/migration.
-Setting the STD_CDEFINES environment variable before running configure can
-be used to enable certain compile-time options that are not explicitly
-defined in configure.
-
-Some of these settings are:
-
-Setting Description
- Don't ovewrite memory when allocating or freeing
--DISC_MEM_FILL=0 it; this improves performance but makes
- debugging more difficult.
- Don't track memory allocations by file and line
--DISC_MEM_TRACKLINES=0 number; this improves performance but makes
- debugging more difficult.
--DISC_FACILITY=LOG_LOCAL0 Change the default syslog facility for named
--DNS_CLIENT_DROPPORT=0 Disable dropping queries from particular
- well-known ports:
--DCHECK_SIBLING=0 Don't check sibling glue in named-checkzone
--DCHECK_LOCAL=0 Don't check out-of-zone addresses in
- named-checkzone
--DNS_RUN_PID_DIR=0 Create default PID files in ${localstatedir}/run
- rather than ${localstatedir}/run/{named,lwresd}/
- Enable DNSSEC signature chasing support in dig.
--DDIG_SIGCHASE=1 (Note: This feature is deprecated. Use delv
- instead.)
-
-BIND 9
-
-Contents
-
- 1. Introduction
- 2. Reporting bugs and getting help
- 3. Contributing to BIND
- 4. BIND 9.10 features
- 5. Building BIND
- 6. Compile-time options
- 7. Automated testing
- 8. Documentation
- 9. Change log
-10. Acknowledgments
-
-Introduction
-
-BIND (Berkeley Internet Name Domain) is a complete, highly portable
-implementation of the DNS (Domain Name System) protocol.
-
-The BIND name server, named, is able to serve as an authoritative name
-server, recursive resolver, DNS forwarder, or all three simultaneously. It
-implements views for split-horizon DNS, automatic DNSSEC zone signing and
-key management, catalog zones to facilitate provisioning of zone data
-throughout a name server constellation, response policy zones (RPZ) to
-protect clients from malicious data, response rate limiting (RRL) and
-recursive query limits to reduce distributed denial of service attacks,
-and many other advanced DNS features. BIND also includes a suite of
-administrative tools, including the dig and delv DNS lookup tools,
-nsupdate for dynamic DNS zone updates, rndc for remote name server
-administration, and more.
-
-BIND 9 is a complete re-write of the BIND architecture that was used in
-versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a 501
-(c)(3) public benefit corporation dedicated to providing software and
-services in support of the Internet infrastructure, developed BIND 9 and
-is responsible for its ongoing maintenance and improvement. BIND is open
-source software licenced under the terms of the Mozilla Public License,
-version 2.0.
-
-For a summary of features introduced in past major releases of BIND, see
-the file HISTORY.
-
-For a detailed list of changes made throughout the history of BIND 9, see
-the file CHANGES. See below for details on the CHANGES file format.
-
-For up-to-date release notes and errata, see http://www.isc.org/software/
-bind9/releasenotes
-
-Reporting bugs and getting help
-
-Please report assertion failure errors and suspected security issues to
-security-officer@isc.org.
-
-General bug reports can be sent to bind9-bugs@isc.org.
-
-Feature requests can be sent to bind-suggest@isc.org.
-
-Please note that, while ISC's ticketing system is not currently publicly
-readable, this may change in the future. Please do not include information
-in bug reports that you consider to be confidential. For example, when
-sending the contents of your configuration file, it is advisable to
-obscure key secrets; this can be done automatically by using
-named-checkconf -px.
-
-Professional support and training for BIND are available from ISC at
-https://www.isc.org/support.
-
-To join the BIND Users mailing list, or view the archives, visit https://
-lists.isc.org/mailman/listinfo/bind-users.
-
-If you're planning on making changes to the BIND 9 source code, you may
-also want to join the BIND Workers mailing list, at https://lists.isc.org/
-mailman/listinfo/bind-workers.
-
-Contributing to BIND
-
-A public git repository for BIND is maintained at http://www.isc.org/git/,
-and also on Github at https://github.com/isc-projects.
-
-Information for BIND contributors can be found in the following files: -
-General information: doc/dev/contrib.md - BIND 9 code style: doc/dev/
-style.md - BIND architecture and developer guide: doc/dev/dev.md
-
-Patches for BIND may be submitted either as Github pull requests or via
-email. When submitting a patch via email, please prepend the subject
-header with "[PATCH]" so it will be easier for us to find. If your patch
-introduces a new feature in BIND, please submit it to bind-suggest@isc.org
-; if it fixes a bug, please submit it to bind9-bugs@isc.org.
-
-BIND 9.10 features
-
-BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
-releases. New features include:
-
- * DNS Response-rate limiting (DNS RRL), which blunts the impact of
- reflection and amplification attacks, is always compiled in and no
- longer requires a compile-time option to enable it.
- * An experimental "Source Identity Token" (SIT) EDNS option is now
- available. Similar to DNS Cookies as invented by Donald Eastlake 3rd,
- these are designed to enable clients to detect off-path spoofed
- responses, and to enable servers to detect spoofed-source queries.
- Servers can be configured to send smaller responses to clients that
- have not identified themselves using a SIT option, reducing the
- effectiveness of amplification attacks. RRL processing has also been
- updated; clients proven to be legitimate via SIT are not subject to
- rate limiting. Use configure --enable-sit to enable this feature in
- BIND.
- * A new zone file format, map, stores zone data in a format that can be
- mapped directly into memory, allowing significantly faster zone
- loading.
- * delv (domain entity lookup and validation) is a new tool with dig-like
- semantics for looking up DNS data and performing internal DNSSEC
- validation. This allows easy validation in environments where the
- resolver may not be trustworthy, and assists with troubleshooting of
- DNSSEC problems. (NOTE: In previous development releases of BIND 9.10,
- this utility was called delve. The spelling has been changed to avoid
- confusion with the delve utility included with the Xapian search
- engine.)
- * Improved EDNS(0) processing for better resolver performance and
- reliability over slow or lossy connections.
- * A new configure --with-tuning=large option tunes certain compiled-in
- constants and default settings to values better suited to large
- servers with abundant memory. This can improve performance on such
- servers, but will consume more memory and may degrade performance on
- smaller systems.
- * Substantial improvement in response-policy zone (RPZ) performance. Up
- to 32 response-policy zones can be configured with minimal performance
- loss.
- * To improve recursive resolver performance, cache records which are
- still being requested by clients can now be automatically refreshed
- from the authoritative server before they expire, reducing or
- eliminating the time window in which no answer is available in the
- cache.
- * New rpz-client-ip triggers and drop policies allowing response
- policies based on the IP address of the client.
- * ACLs can now be specified based on geographic location using the
- MaxMind GeoIP databases. Use configure --with-geoip to enable.
- * Zone data can now be shared between views, allowing multiple views to
- serve the same zones authoritatively without storing multiple copies
- in memory.
- * New XML schema (version 3) for the statistics channel includes many
- new statistics and uses a flattened XML tree for faster parsing. The
- older schema is now deprecated.
- * A new stylesheet, based on the Google Charts API, displays XML
- statistics in charts and graphs on javascript-enabled browsers.
- * The statistics channel can now provide data in JSON format as well as
- XML.
- * New stats counters track TCP and UDP queries received per zone, and
- EDNS options received in total.
- * The internal and export versions of the BIND libraries (libisc,
- libdns, etc) have been unified so that external library clients can
- use the same libraries as BIND itself.
- * A new compile-time option, configure --enable-native-pkcs11, allows
- BIND 9 cryptography functions to use the PKCS#11 API natively, so that
- BIND can drive a cryptographic hardware service module (HSM) directly
- instead of using a modified OpenSSL as an intermediary. (Note: This
- feature requires an HSM to have a full implementation of the PKCS#11
- API; many current HSMs only have partial implementations. The new
- pkcs11-tokens command can be used to check API completeness. Native
- PKCS#11 is known to work with the Thales nShield HSM and with SoftHSM
- version 2 from the Open DNSSEC project.)
- * The new max-zone-ttl option enforces maximum TTLs for zones. This can
- simplify the process of rolling DNSSEC keys by guaranteeing that
- cached signatures will have expired within the specified amount of
- time.
- * dig +subnet sends an EDNS CLIENT-SUBNET option when querying.
- * dig +expire sends an EDNS EXPIRE option when querying. When this
- option is sent with an SOA query to a server that supports it, it will
- report the expiry time of a slave zone.
- * New dnssec-coverage tool to check DNSSEC key coverage for a zone and
- report if a lapse in signing coverage has been inadvertently
- scheduled.
- * Signing algorithm flexibility and other improvements for the rndc
- control channel.
- * named-checkzone and named-compilezone can now read journal files,
- allowing them to process dynamic zones.
- * Multiple DLZ databases can now be configured. Individual zones can be
- configured to be served from a specific DLZ database. DLZ databases
- now serve zones of type master and redirect.
- * rndc zonestatus reports information about a specified zone.
- * named now listens on IPv6 as well as IPv4 interfaces by default.
- * named now preserves the capitalization of names when responding to
- queries: for instance, a query for "example.com" may be answered with
- "example.COM" if the name was configured that way in the zone file.
- Some clients have a bug causing them to depend on the older behavior,
- in which the case of the answer always matched the case of the query,
- rather than the case of the name configured in the DNS. Such clients
- can now be specified in the new no-case-compress ACL; this will
- restore the older behavior of named for those clients only.
- * new dnssec-importkey command allows the use of offline DNSSEC keys
- with automatic DNSKEY management.
- * New named-rrchecker tool to verify the syntactic correctness of
- individual resource records.
- * When re-signing a zone, the new dnssec-signzone -Q option drops
- signatures from keys that are still published but are no longer
- active.
- * named-checkconf -px will print the contents of configuration files
- with the shared secrets obscured, making it easier to share
- configuration (e.g. when submitting a bug report) without revealing
- private information.
- * rndc scan causes named to re-scan network interfaces for changes in
- local addresses.
- * On operating systems with support for routing sockets, network
- interfaces are re-scanned automatically whenever they change.
- * tsig-keygen is now available as an alternate command name to use for
- ddns-confgen.
-
-BIND 9.10.1
-
-BIND 9.10.1 is a maintenance release, and addresses the security flaws
-described in CVE-2014-3214 and CVE-2014-3859.
-
-BIND 9.10.2
-
-BIND 9.10.2 is a maintenance release, and addresses the security flaws
-described in CVE-2014-8500, CVE-2014-8680 and CVE-2015-1349.
-
-BIND 9.10.3
-
-BIND 9.10.3 is a maintenance release, and addresses the security flaws
-described in CVE-2015-4620, CVE-2015-5477, CVE-2015-5722, and
-CVE-2015-5986.
-
-It also makes the following new features available:
-
- * New "fetchlimit" quotas are now available for the use of recursive
- resolvers that are are under high query load for domains whose
- authoritative servers are nonresponsive or are experiencing a denial
- of service attack.
-
- + fetches-per-server limits the number of simultaneous queries that
- can be sent to any single authoritative server. The configured
- value is a starting point; it is automatically adjusted downward
- if the server is partially or completely non-responsive. The
- algorithm used to adjust the quota can be configured via the
- fetch-quota-params option.
- + fetches-per-zone limits the number of simultaneous queries that
- can be sent for names within a single domain. (Note: Unlike
- fetches-per-server, this value is not self-tuning.)
- + New stats counters have been added to count queries spilled due to
- these quotas.
-
-NOTE: These features are NOT built in by default; use configure
---enable-fetchlimit to enable them.
-
- * dig now supports sending of arbitrary EDNS options by specifying them
- on the command line.
-
-BIND 9.10.4
-
-BIND 9.10.4 is a maintenance release, and addresses the security flaws
-described in CVE-2015-8000, CVE-2015-8461, CVE-2015-8704, CVE-2015-8705,
-CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, CVE-2016-2775 and
-CVE-2016-2776.
-
-BIND 9.10.5
-
-BIND 9.10.5 is a maintenance release, and addresses the security flaws
-disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864,
-CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135, CVE-2017-3136,
-CVE-2017-3137, and CVE-2017-3138.
-
-Building BIND
-
-BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
-support, and a 64-bit integer type. Successful builds have been observed
-on many versions of Linux and UNIX, including RedHat, Fedora, Debian,
-Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris,
-HP-UX, AIX, SCO OpenServer, and OpenWRT.
-
-BIND is also available for Windows XP, 2003, 2008, and higher. See
-win32utils/readme1st.txt for details on building for Windows systems.
-
-To build on a UNIX or Linux system, use:
-
- $ ./configure
- $ make
-
-(NOTE: Using multiple processors in make is not reliable and is not
-advised.)
-
-If you're planning on making changes to the BIND 9 source, you should run
-make depend. If you're using Emacs, you might find make tags helpful.
-
-Several environment variables that can be set before running configure
-will affect compilation:
-
-Variable Description
-CC The C compiler to use. configure tries to figure out the
- right one for supported systems.
- C compiler flags. Defaults to include -g and/or -O2 as
-CFLAGS supported by the compiler. Please include '-g' if you need
- to set CFLAGS.
- System header file directories. Can be used to specify
-STD_CINCLUDES where add-on thread or IPv6 support is, for example.
- Defaults to empty string.
- Any additional preprocessor symbols you want defined.
-STD_CDEFINES Defaults to empty string. For a list of possible settings,
- see the file OPTIONS.
-LDFLAGS Linker flags. Defaults to empty string.
-BUILD_CC Needed when cross-compiling: the native C compiler to use
- when building for the target system.
-BUILD_CFLAGS Optional, used for cross-compiling
-BUILD_CPPFLAGS
-BUILD_LDFLAGS
-BUILD_LIBS
-
-Compile-time options
-
-To see a full list of configuration options, run configure --help.
-
-On most platforms, BIND 9 is built with multithreading support, allowing
-it to take advantage of multiple CPUs. You can configure this by
-specifying --enable-threads or --disable-threads on the configure command
-line. The default is to enable threads, except on some older operating
-systems on which threads are known to have had problems in the past.
-(Note: Prior to BIND 9.10, the default was to disable threads on Linux
-systems; this has now been reversed. On Linux systems, the threaded build
-is known to change BIND's behavior with respect to file permissions; it
-may be necessary to specify a user with the -u option when running named.)
-
-To build shared libraries, specify --with-libtool on the configure command
-line.
-
-Certain compiled-in constants and default settings can be increased to
-values better suited to large servers with abundant memory resources (e.g,
-64-bit servers with 12G or more of memory) by specifying --with-tuning=
-large on the configure command line. This can improve performance on big
-servers, but will consume more memory and may degrade performance on
-smaller systems.
-
-For the server to support DNSSEC, you need to build it with crypto
-support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
-installed. If the OpenSSL library is installed in a nonstandard location,
-specify the prefix using "--with-openssl=/prefix" on the configure command
-line. To use a PKCS#11 hardware service module for cryptographic
-operations, specify the path to the PKCS#11 provider library using
-"--with-pkcs11=/prefix", and configure BIND with "--enable-native-pkcs11".
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following: libxml2 http://xmlsoft.org or json-c https://
-github.com/json-c. If these are installed at a nonstandard location,
-specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
-
-To support GeoIP location-based ACLs, the server must be linked with
-libGeoIP. This is not turned on by default; BIND must be configured with
-"--with-geoip". If the library is installed in a nonstandard location, use
-specify the prefix using "--with-geoip=/prefix".
-
-Python requires the 'argparse' module to be available. 'argparse' is a
-standard module as of Python 2.7 and Python 3.2.
-
-On some platforms it is necessary to explicitly request large file support
-to handle files bigger than 2GB. This can be done by using
---enable-largefile on the configure command line.
-
-Support for the "fixed" rrset-order option can be enabled or disabled by
-specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
-command line. By default, fixed rrset-order is disabled to reduce memory
-footprint.
-
-If your operating system has integrated support for IPv6, it will be used
-automatically. If you have installed KAME IPv6 separately, use --with-kame
-[=PATH] to specify its location.
-
-make install will install named and the various BIND 9 libraries. By
-default, installation is into /usr/local, but this can be changed with the
---prefix option when running configure.
-
-You may specify the option --sysconfdir to set the directory where
-configuration files like named.conf go by default, and --localstatedir to
-set the default parent directory of run/named.pid. For backwards
-compatibility with BIND 8, --sysconfdir defaults to /etc and
---localstatedir defaults to /var if no --prefix option is given. If there
-is a --prefix option, sysconfdir defaults to $prefix/etc and localstatedir
-defaults to $prefix/var.
-
-Automated testing
-
-A system test suite can be run with make test. The system tests require
-you to configure a set of virtual IP addresses on your system (this allows
-multiple servers to run locally and communicate with one another). These
-IP addresses can be configured by by running the script bin/tests/system/
-ifconfig.sh up as root.
-
-Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
-and will be skipped if these are not available. Some tests require Python
-and the 'dnspython' module and will be skipped if these are not available.
-See bin/tests/system/README for further details.
-
-Unit tests are implemented using Automated Testing Framework (ATF). To run
-them, use configure --with-atf, then run make test or make unit.
-
-Documentation
-
-The BIND 9 Administrator Reference Manual is included with the source
-distribution, in DocBook XML, HTML and PDF format, in the doc/arm
-directory.
-
-Some of the programs in the BIND 9 distribution have man pages in their
-directories. In particular, the command line options of named are
-documented in bin/named/named.8.
-
-Frequently (and not-so-frequently) asked questions and their answers can
-be found in the ISC Knowledge Base at https://kb.isc.org.
-
-Additional information on various subjects can be found in other README
-files throughout the source tree.
-
-Change log
-
-A detailed list of all changes that have been made throughout the
-development BIND 9 is included in the file CHANGES, with the most recent
-changes listed first. Change notes include tags indicating the category of
-the change that was made; these categories are:
-
-Category Description
-[func] New feature
-[bug] General bug fix
-[security] Fix for a significant security flaw
-[experimental] Used for new features when the syntax or other aspects of
- the design are still in flux and may change
-[port] Portability enhancement
-[maint] Updates to built-in data such as root server addresses and
- keys
-[tuning] Changes to built-in configuration defaults and constants to
- improve performance
-[performance] Other changes to improve server performance
-[protocol] Updates to the DNS protocol such as new RR types
-[test] Changes to the automatic tests, not affecting server
- functionality
-[cleanup] Minor corrections and refactoring
-[doc] Documentation
-[contrib] Changes to the contributed tools and libraries in the
- 'contrib' subdirectory
- Used in the master development branch to reserve change
-[placeholder] numbers for use in other branches, e.g. when fixing a bug
- that only exists in older releases
-
-In general, [func] and [experimental] tags will only appear in new-feature
-releases (i.e., those with version numbers ending in zero). Some new
-functionality may be backported to older releases on a case-by-case basis.
-All other change types may be applied to all currently-supported releases.
-
-Acknowledgments
-
- * The original development of BIND 9 was underwritten by the following
- organizations:
-
- Sun Microsystems, Inc.
- Hewlett Packard
- Compaq Computer Corporation
- IBM
- Process Software Corporation
- Silicon Graphics, Inc.
- Network Associates, Inc.
- U.S. Defense Information Systems Agency
- USENIX Association
- Stichting NLnet - NLnet Foundation
- Nominum, Inc.
-
- * This product includes software developed by the OpenSSL Project for
- use in the OpenSSL Toolkit. http://www.OpenSSL.org/
- * This product includes cryptographic software written by Eric Young
- (eay@cryptsoft.com)
- * This product includes software written by Tim Hudson
- (tjh@cryptsoft.com)
-
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 2014-01-08
+.\" Date: 2016-12-02
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
-.TH "NAMED\&.CONF" "5" "2014\-01\-08" "ISC" "BIND9"
+.TH "NAMED\&.CONF" "5" "2016\-12\-02" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
-named.conf \- configuration file for named
+named.conf \- configuration file for \fBnamed\fR
.SH "SYNOPSIS"
.HP \w'\fBnamed\&.conf\fR\ 'u
\fBnamed\&.conf\fR
.if n \{\
.RE
.\}
-.SH "KEY"
+.SH "CONTROLS"
.sp
.if n \{\
.RS 4
.\}
.nf
-key \fIdomain_name\fR {
- algorithm \fIstring\fR;
- secret \fIstring\fR;
+controls {
+ inet ( \fIipv4_address\fR | \fIipv6_address\fR |
+ * ) [ port ( \fIinteger\fR | * ) ] allow
+ { \fIaddress_match_element\fR; \&.\&.\&. } [
+ keys { \fIstring\fR; \&.\&.\&. } ];
+ unix \fIquoted_string\fR perm \fIinteger\fR
+ owner \fIinteger\fR group \fIinteger\fR [
+ keys { \fIstring\fR; \&.\&.\&. } ];
};
.fi
.if n \{\
.RE
.\}
-.SH "MASTERS"
+.SH "DLZ"
.sp
.if n \{\
.RS 4
.\}
.nf
-masters \fIstring\fR [ port \fIinteger\fR ] {
- ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; \&.\&.\&.
+dlz \fIstring\fR {
+ database \fIstring\fR;
+ search \fIboolean\fR;
};
.fi
.if n \{\
.RE
.\}
-.SH "SERVER"
+.SH "KEY"
.sp
.if n \{\
.RS 4
.\}
.nf
-server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
- bogus \fIboolean\fR;
- edns \fIboolean\fR;
- edns\-udp\-size \fIinteger\fR;
- max\-udp\-size \fIinteger\fR;
- tcp\-only \fIboolean\fR;
- provide\-ixfr \fIboolean\fR;
- request\-ixfr \fIboolean\fR;
- keys \fIserver_key\fR;
- transfers \fIinteger\fR;
- transfer\-format ( many\-answers | one\-answer );
- transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- support\-ixfr \fIboolean\fR; // obsolete
+key \fIstring\fR {
+ algorithm \fIstring\fR;
+ secret \fIstring\fR;
};
.fi
.if n \{\
.RE
.\}
-.SH "TRUSTED-KEYS"
+.SH "LOGGING"
.sp
.if n \{\
.RS 4
.\}
.nf
-trusted\-keys {
- \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&.
+logging {
+ category \fIstring\fR { \fIstring\fR; \&.\&.\&. };
+ channel \fIstring\fR {
+ file \fIquoted_string\fR [ versions ( "unlimited" | \fIinteger\fR )
+ ] [ size \fIsize\fR ];
+ null;
+ print\-category \fIboolean\fR;
+ print\-severity \fIboolean\fR;
+ print\-time \fIboolean\fR;
+ severity \fIlog_severity\fR;
+ stderr;
+ syslog [ \fIsyslog_facility\fR ];
+ };
};
.fi
.if n \{\
.RE
.\}
-.SH "MANAGED-KEYS"
+.SH "LWRES"
.sp
.if n \{\
.RS 4
.\}
.nf
-managed\-keys {
- \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&.
+lwres {
+ listen\-on [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
+ | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
+ ndots \fIinteger\fR;
+ search { \fIstring\fR; \&.\&.\&. };
+ view \fIstring\fR [ \fIclass\fR ];
};
.fi
.if n \{\
.RE
.\}
-.SH "CONTROLS"
+.SH "MANAGED-KEYS"
.sp
.if n \{\
.RS 4
.\}
.nf
-controls {
- inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ]
- allow { \fIaddress_match_element\fR; \&.\&.\&. }
- [ keys { \fIstring\fR; \&.\&.\&. } ];
- unix \fIunsupported\fR; // not implemented
-};
+managed\-keys { \fIstring\fR \fIstring\fR \fIinteger\fR
+ \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
-.SH "LOGGING"
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-logging {
- channel \fIstring\fR {
- file \fIlog_file\fR;
- syslog \fIoptional_facility\fR;
- null;
- stderr;
- severity \fIlog_severity\fR;
- print\-time \fIboolean\fR;
- print\-severity \fIboolean\fR;
- print\-category \fIboolean\fR;
- };
- category \fIstring\fR { \fIstring\fR; \&.\&.\&. };
-};
-.fi
-.if n \{\
-.RE
-.\}
-.SH "LWRES"
+.SH "MASTERS"
.sp
.if n \{\
.RS 4
.\}
.nf
-lwres {
- listen\-on [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
- };
- view \fIstring\fR \fIoptional_class\fR;
- search { \fIstring\fR; \&.\&.\&. };
- ndots \fIinteger\fR;
-};
+masters \fIstring\fR [ port \fIinteger\fR ] [ dscp
+ \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [
+ port \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
.fi
.if n \{\
.RE
.\}
.nf
options {
- avoid\-v4\-udp\-ports { \fIport\fR; \&.\&.\&. };
- avoid\-v6\-udp\-ports { \fIport\fR; \&.\&.\&. };
+ acache\-cleaning\-interval \fIinteger\fR;
+ acache\-enable \fIboolean\fR;
+ additional\-from\-auth \fIboolean\fR;
+ additional\-from\-cache \fIboolean\fR;
+ allow\-new\-zones \fIboolean\fR;
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
+ also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
+ \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
+ alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
+ * ) ] [ dscp \fIinteger\fR ];
+ attach\-cache \fIstring\fR;
+ auth\-nxdomain \fIboolean\fR; // default changed
+ auto\-dnssec ( allow | maintain | off );
+ automatic\-interface\-scan \fIboolean\fR;
+ avoid\-v4\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
+ avoid\-v6\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
+ bindkeys\-file \fIquoted_string\fR;
blackhole { \fIaddress_match_element\fR; \&.\&.\&. };
- coresize \fIsize\fR;
- datasize \fIsize\fR;
+ cache\-file \fIquoted_string\fR;
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity \fIboolean\fR;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( master | slave | response
+ ) ( fail | warn | ignore );
+ check\-sibling \fIboolean\fR;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard \fIboolean\fR;
+ cleaning\-interval \fIinteger\fR;
+ clients\-per\-query \fIinteger\fR;
+ coresize ( default | unlimited | \fIsizeval\fR );
+ datasize ( default | unlimited | \fIsizeval\fR );
+ deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [
+ except\-from { \fIquoted_string\fR; \&.\&.\&. } ];
+ deny\-answer\-aliases { \fIquoted_string\fR; \&.\&.\&. } [ except\-from {
+ \fIquoted_string\fR; \&.\&.\&. } ];
+ dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR );
directory \fIquoted_string\fR;
+ disable\-algorithms \fIstring\fR { \fIstring\fR;
+ \&.\&.\&. };
+ disable\-ds\-digests \fIstring\fR { \fIstring\fR;
+ \&.\&.\&. };
+ disable\-empty\-zone \fIstring\fR;
+ dns64 \fInetprefix\fR {
+ break\-dnssec \fIboolean\fR;
+ clients { \fIaddress_match_element\fR; \&.\&.\&. };
+ exclude { \fIaddress_match_element\fR; \&.\&.\&. };
+ mapped { \fIaddress_match_element\fR; \&.\&.\&. };
+ recursive\-only \fIboolean\fR;
+ suffix \fIipv6_address\fR;
+ };
+ dns64\-contact \fIstring\fR;
+ dns64\-server \fIstring\fR;
+ dnssec\-accept\-expired \fIboolean\fR;
+ dnssec\-dnskey\-kskonly \fIboolean\fR;
+ dnssec\-enable \fIboolean\fR;
+ dnssec\-loadkeys\-interval \fIinteger\fR;
+ dnssec\-lookaside ( \fIstring\fR trust\-anchor
+ \fIstring\fR | auto | no );
+ dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dscp \fIinteger\fR;
+ dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
+ \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
+ \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] [ dscp \fIinteger\fR ] ); \&.\&.\&. };
dump\-file \fIquoted_string\fR;
- files \fIsize\fR;
+ edns\-udp\-size \fIinteger\fR;
+ empty\-contact \fIstring\fR;
+ empty\-server \fIstring\fR;
+ empty\-zones\-enable \fIboolean\fR;
+ fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR
+ \fIfixedpoint\fR \fIfixedpoint\fR;
+ fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
+ fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
+ files ( default | unlimited | \fIsizeval\fR );
+ filter\-aaaa { \fIaddress_match_element\fR; \&.\&.\&. };
+ filter\-aaaa\-on\-v4 ( break\-dnssec | \fIboolean\fR );
+ filter\-aaaa\-on\-v6 ( break\-dnssec | \fIboolean\fR );
+ flush\-zones\-on\-shutdown \fIboolean\fR;
+ forward ( first | only );
+ forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
+ | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
+ geoip\-directory ( \fIquoted_string\fR | none );
heartbeat\-interval \fIinteger\fR;
- host\-statistics \fIboolean\fR; // not implemented
- host\-statistics\-max \fInumber\fR; // not implemented
hostname ( \fIquoted_string\fR | none );
+ inline\-signing \fIboolean\fR;
interface\-interval \fIinteger\fR;
- listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. };
- listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. };
+ ixfr\-from\-differences ( master | slave | \fIboolean\fR );
+ key\-directory \fIquoted_string\fR;
+ lame\-ttl \fIinteger\fR;
+ listen\-on [ port \fIinteger\fR ] [ dscp
+ \fIinteger\fR ] {
+ \fIaddress_match_element\fR; \&.\&.\&. };
+ listen\-on\-v6 [ port \fIinteger\fR ] [ dscp
+ \fIinteger\fR ] {
+ \fIaddress_match_element\fR; \&.\&.\&. };
+ managed\-keys\-directory \fIquoted_string\fR;
+ masterfile\-format ( map | raw | text );
match\-mapped\-addresses \fIboolean\fR;
+ max\-acache\-size \fIsize_no_default\fR;
+ max\-cache\-size \fIsize_no_default\fR;
+ max\-cache\-ttl \fIinteger\fR;
+ max\-clients\-per\-query \fIinteger\fR;
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-ncache\-ttl \fIinteger\fR;
+ max\-records \fIinteger\fR;
+ max\-recursion\-depth \fIinteger\fR;
+ max\-recursion\-queries \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ max\-rsa\-exponent\-size \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-udp\-size \fIinteger\fR;
+ max\-zone\-ttl ( unlimited | \fIttlval\fR );
+ memstatistics \fIboolean\fR;
memstatistics\-file \fIquoted_string\fR;
+ min\-refresh\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ minimal\-responses \fIboolean\fR;
+ multi\-master \fIboolean\fR;
+ no\-case\-compress { \fIaddress_match_element\fR; \&.\&.\&. };
+ nosit\-udp\-size \fIinteger\fR;, experimental
+ notify ( explicit | master\-only | \fIboolean\fR );
+ notify\-delay \fIinteger\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
+ [ dscp \fIinteger\fR ];
+ notify\-to\-soa \fIboolean\fR;
+ nsec3\-test\-zone \fIboolean\fR; // test only
pid\-file ( \fIquoted_string\fR | none );
port \fIinteger\fR;
+ preferred\-glue \fIstring\fR;
+ prefetch \fIinteger\fR [ \fIinteger\fR ];
+ provide\-ixfr \fIboolean\fR;
+ query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ]
+ port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
+ query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ]
+ port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
querylog \fIboolean\fR;
- recursing\-file \fIquoted_string\fR;
- reserved\-sockets \fIinteger\fR;
random\-device \fIquoted_string\fR;
+ rate\-limit {
+ all\-per\-second \fIinteger\fR;
+ errors\-per\-second \fIinteger\fR;
+ exempt\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
+ ipv4\-prefix\-length \fIinteger\fR;
+ ipv6\-prefix\-length \fIinteger\fR;
+ log\-only \fIboolean\fR;
+ max\-table\-size \fIinteger\fR;
+ min\-table\-size \fIinteger\fR;
+ nodata\-per\-second \fIinteger\fR;
+ nxdomains\-per\-second \fIinteger\fR;
+ qps\-scale \fIinteger\fR;
+ referrals\-per\-second \fIinteger\fR;
+ responses\-per\-second \fIinteger\fR;
+ slip \fIinteger\fR;
+ window \fIinteger\fR;
+ };
+ recursing\-file \fIquoted_string\fR;
+ recursion \fIboolean\fR;
recursive\-clients \fIinteger\fR;
+ request\-ixfr \fIboolean\fR;
+ request\-nsid \fIboolean\fR;
+ request\-sit \fIboolean\fR;, experimental
+ reserved\-sockets \fIinteger\fR;
+ resolver\-query\-timeout \fIinteger\fR;
+ response\-policy { zone \fIquoted_string\fR [ policy ( cname | disabled
+ | drop | given | no\-op | nodata | nxdomain | passthru |
+ tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [
+ max\-policy\-ttl \fIinteger\fR ]; \&.\&.\&. } [ recursive\-only \fIboolean\fR ]
+ [ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIinteger\fR ] [
+ min\-ns\-dots \fIinteger\fR ] [ qname\-wait\-recurse \fIboolean\fR ];
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
+ \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
+ secroots\-file \fIquoted_string\fR;
serial\-query\-rate \fIinteger\fR;
- server\-id ( \fIquoted_string\fR | hostname | none );
- stacksize \fIsize\fR;
+ serial\-update\-method ( increment | unixtime );
+ server\-id ( \fIquoted_string\fR | none | hostname );
+ session\-keyalg \fIstring\fR;
+ session\-keyfile ( \fIquoted_string\fR | none );
+ session\-keyname \fIstring\fR;
+ sig\-signing\-nodes \fIinteger\fR;
+ sig\-signing\-signatures \fIinteger\fR;
+ sig\-signing\-type \fIinteger\fR;
+ sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
+ sit\-secret \fIstring\fR;, experimental
+ sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
+ stacksize ( default | unlimited | \fIsizeval\fR );
statistics\-file \fIquoted_string\fR;
- statistics\-interval \fIinteger\fR; // not yet implemented
tcp\-clients \fIinteger\fR;
tcp\-listen\-queue \fIinteger\fR;
tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
+ tkey\-domain \fIquoted_string\fR;
tkey\-gssapi\-credential \fIquoted_string\fR;
tkey\-gssapi\-keytab \fIquoted_string\fR;
- tkey\-domain \fIquoted_string\fR;
- transfers\-per\-ns \fIinteger\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
transfers\-in \fIinteger\fR;
transfers\-out \fIinteger\fR;
- version ( \fIquoted_string\fR | none );
- allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
- sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
- topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
- auth\-nxdomain \fIboolean\fR; // default changed
- minimal\-responses \fIboolean\fR;
- recursion \fIboolean\fR;
- rrset\-order {
- [ class \fIstring\fR ] [ type \fIstring\fR ]
- [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&.
- };
- provide\-ixfr \fIboolean\fR;
- request\-ixfr \fIboolean\fR;
- rfc2308\-type1 \fIboolean\fR; // not yet implemented
- additional\-from\-auth \fIboolean\fR;
- additional\-from\-cache \fIboolean\fR;
- query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
- query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
- use\-queryport\-pool \fIboolean\fR;
- queryport\-pool\-ports \fIinteger\fR;
- queryport\-pool\-updateinterval \fIinteger\fR;
- cleaning\-interval \fIinteger\fR;
- resolver\-query\-timeout \fIinteger\fR;
- min\-roots \fIinteger\fR; // not implemented
- lame\-ttl \fIinteger\fR;
- max\-ncache\-ttl \fIinteger\fR;
- max\-cache\-ttl \fIinteger\fR;
- transfer\-format ( many\-answers | one\-answer );
- max\-cache\-size \fIsize\fR;
- max\-acache\-size \fIsize\fR;
- clients\-per\-query \fInumber\fR;
- max\-clients\-per\-query \fInumber\fR;
- check\-names ( master | slave | response )
- ( fail | warn | ignore );
- check\-mx ( fail | warn | ignore );
- check\-integrity \fIboolean\fR;
- check\-mx\-cname ( fail | warn | ignore );
- check\-srv\-cname ( fail | warn | ignore );
- cache\-file \fIquoted_string\fR; // test option
- suppress\-initial\-notify \fIboolean\fR; // not yet implemented
- preferred\-glue \fIstring\fR;
- dual\-stack\-servers [ port \fIinteger\fR ] {
- ( \fIquoted_string\fR [port \fIinteger\fR] |
- \fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&.
- };
- edns\-udp\-size \fIinteger\fR;
- max\-udp\-size \fIinteger\fR;
- root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
- disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. };
- disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. };
- dnssec\-enable \fIboolean\fR;
- dnssec\-validation \fIboolean\fR;
- dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
- dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
- dnssec\-accept\-expired \fIboolean\fR;
- dns64\-server \fIstring\fR;
- dns64\-contact \fIstring\fR;
- dns64 \fIprefix\fR {
- clients { <replacable>acl</replacable>; };
- exclude { <replacable>acl</replacable>; };
- mapped { <replacable>acl</replacable>; };
- break\-dnssec \fIboolean\fR;
- recursive\-only \fIboolean\fR;
- suffix \fIipv6_address\fR;
- };
- empty\-server \fIstring\fR;
- empty\-contact \fIstring\fR;
- empty\-zones\-enable \fIboolean\fR;
- disable\-empty\-zone \fIstring\fR;
- dialup \fIdialuptype\fR;
- ixfr\-from\-differences \fIixfrdiff\fR;
- allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
+ transfers\-per\-ns \fIinteger\fR;
+ trust\-anchor\-telemetry \fIboolean\fR; // experimental
+ try\-tcp\-refresh \fIboolean\fR;
update\-check\-ksk \fIboolean\fR;
- dnssec\-dnskey\-kskonly \fIboolean\fR;
- masterfile\-format ( text | raw | map );
- notify \fInotifytype\fR;
- notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify\-delay \fIseconds\fR;
- notify\-to\-soa \fIboolean\fR;
- also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
- [ port \fIinteger\fR ]; \&.\&.\&.
- [ key \fIkeyname\fR ] \&.\&.\&. };
- allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
- forward ( first | only );
- forwarders [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
- };
- max\-journal\-size \fIsize_no_default\fR;
- max\-records \fIinteger\fR;
- max\-transfer\-time\-in \fIinteger\fR;
- max\-transfer\-time\-out \fIinteger\fR;
- max\-transfer\-idle\-in \fIinteger\fR;
- max\-transfer\-idle\-out \fIinteger\fR;
- max\-retry\-time \fIinteger\fR;
- min\-retry\-time \fIinteger\fR;
- max\-refresh\-time \fIinteger\fR;
- min\-refresh\-time \fIinteger\fR;
- multi\-master \fIboolean\fR;
- sig\-validity\-interval \fIinteger\fR;
- sig\-re\-signing\-interval \fIinteger\fR;
- sig\-signing\-nodes \fIinteger\fR;
- sig\-signing\-signatures \fIinteger\fR;
- sig\-signing\-type \fIinteger\fR;
- transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- alt\-transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
use\-alt\-transfer\-source \fIboolean\fR;
- zone\-statistics \fIboolean\fR;
- key\-directory \fIquoted_string\fR;
- managed\-keys\-directory \fIquoted_string\fR;
- auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBoff\fR;
- try\-tcp\-refresh \fIboolean\fR;
+ use\-v4\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
+ use\-v6\-udp\-ports { \fIportrange\fR; \&.\&.\&. };
+ version ( \fIquoted_string\fR | none );
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
- dnssec\-secure\-to\-insecure \fIboolean\fR;
- automatic\-interface\-scan \fIboolean\fR;
- deny\-answer\-addresses {
- \fIaddress_match_list\fR
- } [ except\-from { \fInamelist\fR } ];
- deny\-answer\-aliases {
- \fInamelist\fR
- } [ except\-from { \fInamelist\fR } ];
- nsec3\-test\-zone \fIboolean\fR; // testing only
- allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete
- deallocate\-on\-exit \fIboolean\fR; // obsolete
- fake\-iquery \fIboolean\fR; // obsolete
- fetch\-glue \fIboolean\fR; // obsolete
- has\-old\-clients \fIboolean\fR; // obsolete
- maintain\-ixfr\-base \fIboolean\fR; // obsolete
- max\-ixfr\-log\-size \fIsize\fR; // obsolete
- multiple\-cnames \fIboolean\fR; // obsolete
- named\-xfer \fIquoted_string\fR; // obsolete
- serial\-queries \fIinteger\fR; // obsolete
- treat\-cr\-as\-space \fIboolean\fR; // obsolete
- use\-id\-pool \fIboolean\fR; // obsolete
- use\-ixfr \fIboolean\fR; // obsolete
+ zone\-statistics ( full | terse | none | \fIboolean\fR );
};
.fi
.if n \{\
.RE
.\}
-.SH "VIEW"
+.SH "SERVER"
.sp
.if n \{\
.RS 4
.\}
.nf
-view \fIstring\fR \fIoptional_class\fR {
- match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
- match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. };
- match\-recursive\-only \fIboolean\fR;
- key \fIstring\fR {
- algorithm \fIstring\fR;
- secret \fIstring\fR;
- };
- zone \fIstring\fR \fIoptional_class\fR {
- \&.\&.\&.
- };
- server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
- \&.\&.\&.
- };
- trusted\-keys {
- \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
- [\&.\&.\&.]
- };
- managed\-keys {
- \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR;
- [\&.\&.\&.]
- };
- allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
- sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
- topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
- auth\-nxdomain \fIboolean\fR; // default changed
- minimal\-responses \fIboolean\fR;
- recursion \fIboolean\fR;
- rrset\-order {
- [ class \fIstring\fR ] [ type \fIstring\fR ]
- [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&.
- };
+server \fInetprefix\fR {
+ bogus \fIboolean\fR;
+ edns \fIboolean\fR;
+ edns\-udp\-size \fIinteger\fR;
+ keys \fIserver_key\fR;
+ max\-udp\-size \fIinteger\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
+ [ dscp \fIinteger\fR ];
provide\-ixfr \fIboolean\fR;
+ query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ]
+ port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
+ query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ]
+ port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
request\-ixfr \fIboolean\fR;
- rfc2308\-type1 \fIboolean\fR; // not yet implemented
+ request\-nsid \fIboolean\fR;
+ request\-sit \fIboolean\fR;, experimental
+ tcp\-only \fIboolean\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
+ transfers \fIinteger\fR;
+};
+.fi
+.if n \{\
+.RE
+.\}
+.SH "STATISTICS-CHANNELS"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+statistics\-channels {
+ inet ( \fIipv4_address\fR | \fIipv6_address\fR |
+ * ) [ port ( \fIinteger\fR | * ) ] [
+ allow { \fIaddress_match_element\fR; \&.\&.\&.
+ } ];
+};
+.fi
+.if n \{\
+.RE
+.\}
+.SH "TRUSTED-KEYS"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR
+ \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
+.fi
+.if n \{\
+.RE
+.\}
+.SH "VIEW"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+view \fIstring\fR [ \fIclass\fR ] {
+ acache\-cleaning\-interval \fIinteger\fR;
+ acache\-enable \fIboolean\fR;
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
- query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
- query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
- use\-queryport\-pool \fIboolean\fR;
- queryport\-pool\-ports \fIinteger\fR;
- queryport\-pool\-updateinterval \fIinteger\fR;
- cleaning\-interval \fIinteger\fR;
- resolver\-query\-timeout \fIinteger\fR;
- min\-roots \fIinteger\fR; // not implemented
- lame\-ttl \fIinteger\fR;
- max\-ncache\-ttl \fIinteger\fR;
- max\-cache\-ttl \fIinteger\fR;
- transfer\-format ( many\-answers | one\-answer );
- max\-cache\-size \fIsize\fR;
- max\-acache\-size \fIsize\fR;
- clients\-per\-query \fInumber\fR;
- max\-clients\-per\-query \fInumber\fR;
- check\-names ( master | slave | response )
- ( fail | warn | ignore );
- check\-mx ( fail | warn | ignore );
+ allow\-new\-zones \fIboolean\fR;
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
+ also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
+ \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
+ alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
+ * ) ] [ dscp \fIinteger\fR ];
+ attach\-cache \fIstring\fR;
+ auth\-nxdomain \fIboolean\fR; // default changed
+ auto\-dnssec ( allow | maintain | off );
+ cache\-file \fIquoted_string\fR;
+ check\-dup\-records ( fail | warn | ignore );
check\-integrity \fIboolean\fR;
+ check\-mx ( fail | warn | ignore );
check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( master | slave | response
+ ) ( fail | warn | ignore );
+ check\-sibling \fIboolean\fR;
+ check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
- cache\-file \fIquoted_string\fR; // test option
- suppress\-initial\-notify \fIboolean\fR; // not yet implemented
- preferred\-glue \fIstring\fR;
- dual\-stack\-servers [ port \fIinteger\fR ] {
- ( \fIquoted_string\fR [port \fIinteger\fR] |
- \fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&.
+ check\-wildcard \fIboolean\fR;
+ cleaning\-interval \fIinteger\fR;
+ clients\-per\-query \fIinteger\fR;
+ deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [
+ except\-from { \fIquoted_string\fR; \&.\&.\&. } ];
+ deny\-answer\-aliases { \fIquoted_string\fR; \&.\&.\&. } [ except\-from {
+ \fIquoted_string\fR; \&.\&.\&. } ];
+ dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR );
+ disable\-algorithms \fIstring\fR { \fIstring\fR;
+ \&.\&.\&. };
+ disable\-ds\-digests \fIstring\fR { \fIstring\fR;
+ \&.\&.\&. };
+ disable\-empty\-zone \fIstring\fR;
+ dlz \fIstring\fR {
+ database \fIstring\fR;
+ search \fIboolean\fR;
};
- edns\-udp\-size \fIinteger\fR;
- max\-udp\-size \fIinteger\fR;
- root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
- disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. };
- disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. };
- dnssec\-enable \fIboolean\fR;
- dnssec\-validation \fIboolean\fR;
- dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
- dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
- dnssec\-accept\-expired \fIboolean\fR;
- dns64\-server \fIstring\fR;
- dns64\-contact \fIstring\fR;
- dns64 \fIprefix\fR {
- clients { <replacable>acl</replacable>; };
- exclude { <replacable>acl</replacable>; };
- mapped { <replacable>acl</replacable>; };
+ dns64 \fInetprefix\fR {
break\-dnssec \fIboolean\fR;
+ clients { \fIaddress_match_element\fR; \&.\&.\&. };
+ exclude { \fIaddress_match_element\fR; \&.\&.\&. };
+ mapped { \fIaddress_match_element\fR; \&.\&.\&. };
recursive\-only \fIboolean\fR;
suffix \fIipv6_address\fR;
};
- empty\-server \fIstring\fR;
+ dns64\-contact \fIstring\fR;
+ dns64\-server \fIstring\fR;
+ dnssec\-accept\-expired \fIboolean\fR;
+ dnssec\-dnskey\-kskonly \fIboolean\fR;
+ dnssec\-enable \fIboolean\fR;
+ dnssec\-loadkeys\-interval \fIinteger\fR;
+ dnssec\-lookaside ( \fIstring\fR trust\-anchor
+ \fIstring\fR | auto | no );
+ dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ dnssec\-validation ( yes | no | auto );
+ dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
+ \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
+ \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] [ dscp \fIinteger\fR ] ); \&.\&.\&. };
+ edns\-udp\-size \fIinteger\fR;
empty\-contact \fIstring\fR;
+ empty\-server \fIstring\fR;
empty\-zones\-enable \fIboolean\fR;
- disable\-empty\-zone \fIstring\fR;
- dialup \fIdialuptype\fR;
- ixfr\-from\-differences \fIixfrdiff\fR;
- allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
- allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
- update\-check\-ksk \fIboolean\fR;
- dnssec\-dnskey\-kskonly \fIboolean\fR;
- masterfile\-format ( text | raw | map );
- notify \fInotifytype\fR;
- notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify\-delay \fIseconds\fR;
- notify\-to\-soa \fIboolean\fR;
- also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
- [ port \fIinteger\fR ]; \&.\&.\&.
- [ key \fIkeyname\fR ] \&.\&.\&. };
- allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
+ fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR
+ \fIfixedpoint\fR \fIfixedpoint\fR;
+ fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
+ fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
+ filter\-aaaa { \fIaddress_match_element\fR; \&.\&.\&. };
+ filter\-aaaa\-on\-v4 ( break\-dnssec | \fIboolean\fR );
+ filter\-aaaa\-on\-v6 ( break\-dnssec | \fIboolean\fR );
forward ( first | only );
- forwarders [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
+ forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
+ | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
+ inline\-signing \fIboolean\fR;
+ ixfr\-from\-differences ( master | slave | \fIboolean\fR );
+ key \fIstring\fR {
+ algorithm \fIstring\fR;
+ secret \fIstring\fR;
};
+ key\-directory \fIquoted_string\fR;
+ lame\-ttl \fIinteger\fR;
+ managed\-keys { \fIstring\fR \fIstring\fR
+ \fIinteger\fR \fIinteger\fR \fIinteger\fR
+ \fIquoted_string\fR; \&.\&.\&. };
+ masterfile\-format ( map | raw | text );
+ match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
+ match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. };
+ match\-recursive\-only \fIboolean\fR;
+ max\-acache\-size \fIsize_no_default\fR;
+ max\-cache\-size \fIsize_no_default\fR;
+ max\-cache\-ttl \fIinteger\fR;
+ max\-clients\-per\-query \fIinteger\fR;
max\-journal\-size \fIsize_no_default\fR;
+ max\-ncache\-ttl \fIinteger\fR;
max\-records \fIinteger\fR;
- max\-transfer\-time\-in \fIinteger\fR;
- max\-transfer\-time\-out \fIinteger\fR;
+ max\-recursion\-depth \fIinteger\fR;
+ max\-recursion\-queries \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
- max\-retry\-time \fIinteger\fR;
- min\-retry\-time \fIinteger\fR;
- max\-refresh\-time \fIinteger\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-udp\-size \fIinteger\fR;
+ max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ minimal\-responses \fIboolean\fR;
multi\-master \fIboolean\fR;
- sig\-validity\-interval \fIinteger\fR;
- transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- alt\-transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- use\-alt\-transfer\-source \fIboolean\fR;
- zone\-statistics \fIboolean\fR;
+ no\-case\-compress { \fIaddress_match_element\fR; \&.\&.\&. };
+ nosit\-udp\-size \fIinteger\fR;, experimental
+ notify ( explicit | master\-only | \fIboolean\fR );
+ notify\-delay \fIinteger\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
+ [ dscp \fIinteger\fR ];
+ notify\-to\-soa \fIboolean\fR;
+ nsec3\-test\-zone \fIboolean\fR; // test only
+ preferred\-glue \fIstring\fR;
+ prefetch \fIinteger\fR [ \fIinteger\fR ];
+ provide\-ixfr \fIboolean\fR;
+ query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ]
+ port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
+ query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ]
+ port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ];
+ rate\-limit {
+ all\-per\-second \fIinteger\fR;
+ errors\-per\-second \fIinteger\fR;
+ exempt\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
+ ipv4\-prefix\-length \fIinteger\fR;
+ ipv6\-prefix\-length \fIinteger\fR;
+ log\-only \fIboolean\fR;
+ max\-table\-size \fIinteger\fR;
+ min\-table\-size \fIinteger\fR;
+ nodata\-per\-second \fIinteger\fR;
+ nxdomains\-per\-second \fIinteger\fR;
+ qps\-scale \fIinteger\fR;
+ referrals\-per\-second \fIinteger\fR;
+ responses\-per\-second \fIinteger\fR;
+ slip \fIinteger\fR;
+ window \fIinteger\fR;
+ };
+ recursion \fIboolean\fR;
+ request\-ixfr \fIboolean\fR;
+ request\-nsid \fIboolean\fR;
+ request\-sit \fIboolean\fR;, experimental
+ resolver\-query\-timeout \fIinteger\fR;
+ response\-policy { zone \fIquoted_string\fR [ policy ( cname | disabled
+ | drop | given | no\-op | nodata | nxdomain | passthru |
+ tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [
+ max\-policy\-ttl \fIinteger\fR ]; \&.\&.\&. } [ recursive\-only \fIboolean\fR ]
+ [ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIinteger\fR ] [
+ min\-ns\-dots \fIinteger\fR ] [ qname\-wait\-recurse \fIboolean\fR ];
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
+ \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
+ serial\-update\-method ( increment | unixtime );
+ server \fInetprefix\fR {
+ bogus \fIboolean\fR;
+ edns \fIboolean\fR;
+ edns\-udp\-size \fIinteger\fR;
+ keys \fIserver_key\fR;
+ max\-udp\-size \fIinteger\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | *
+ ) ] [ dscp \fIinteger\fR ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR
+ | * ) ] [ dscp \fIinteger\fR ];
+ provide\-ixfr \fIboolean\fR;
+ query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port
+ ( \fIinteger\fR | * ) ] ) | ( [ [ address ] (
+ \fIipv4_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [
+ dscp \fIinteger\fR ];
+ query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [
+ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] (
+ \fIipv6_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [
+ dscp \fIinteger\fR ];
+ request\-ixfr \fIboolean\fR;
+ request\-nsid \fIboolean\fR;
+ request\-sit \fIboolean\fR;, experimental
+ tcp\-only \fIboolean\fR;
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR |
+ * ) ] [ dscp \fIinteger\fR ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
+ transfers \fIinteger\fR;
+ };
+ sig\-signing\-nodes \fIinteger\fR;
+ sig\-signing\-signatures \fIinteger\fR;
+ sig\-signing\-type \fIinteger\fR;
+ sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
+ sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
+ transfer\-format ( many\-answers | one\-answer );
+ transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
+ trust\-anchor\-telemetry \fIboolean\fR; // experimental
+ trusted\-keys { \fIstring\fR \fIinteger\fR
+ \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
+ \&.\&.\&. };
try\-tcp\-refresh \fIboolean\fR;
- key\-directory \fIquoted_string\fR;
+ update\-check\-ksk \fIboolean\fR;
+ use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
- dnssec\-secure\-to\-insecure \fIboolean\fR;
- allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete
- fetch\-glue \fIboolean\fR; // obsolete
- maintain\-ixfr\-base \fIboolean\fR; // obsolete
- max\-ixfr\-log\-size \fIsize\fR; // obsolete
+ zone \fIstring\fR [ \fIclass\fR ] {
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
+ also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { (
+ \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] |
+ \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ];
+ \&.\&.\&. };
+ alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
+ auto\-dnssec ( allow | maintain | off );
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity \fIboolean\fR;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( fail | warn | ignore );
+ check\-sibling \fIboolean\fR;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard \fIboolean\fR;
+ database \fIstring\fR;
+ delegation\-only \fIboolean\fR;
+ dialup ( notify | notify\-passive | passive | refresh |
+ \fIboolean\fR );
+ dlz \fIstring\fR;
+ dnssec\-dnskey\-kskonly \fIboolean\fR;
+ dnssec\-loadkeys\-interval \fIinteger\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file \fIquoted_string\fR;
+ forward ( first | only );
+ forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { (
+ \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ] [
+ dscp \fIinteger\fR ]; \&.\&.\&. };
+ in\-view \fIstring\fR;
+ inline\-signing \fIboolean\fR;
+ ixfr\-from\-differences \fIboolean\fR;
+ journal \fIquoted_string\fR;
+ key\-directory \fIquoted_string\fR;
+ masterfile\-format ( map | raw | text );
+ masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR
+ | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [
+ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
+ max\-ixfr\-log\-size ( default | unlimited |
+ max\-journal\-size \fIsize_no_default\fR;
+ max\-records \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
+ max\-transfer\-idle\-in \fIinteger\fR;
+ max\-transfer\-idle\-out \fIinteger\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-zone\-ttl ( unlimited | \fIttlval\fR );
+ min\-refresh\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
+ multi\-master \fIboolean\fR;
+ notify ( explicit | master\-only | \fIboolean\fR );
+ notify\-delay \fIinteger\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | *
+ ) ] [ dscp \fIinteger\fR ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR
+ | * ) ] [ dscp \fIinteger\fR ];
+ notify\-to\-soa \fIboolean\fR;
+ nsec3\-test\-zone \fIboolean\fR; // test only
+ pubkey \fIinteger\fR
+ \fIinteger\fR
+ \fIinteger\fR
+ request\-ixfr \fIboolean\fR;
+ serial\-update\-method ( increment | unixtime );
+ server\-addresses { ( \fIipv4_address\fR | \fIipv6_address\fR ) [
+ port \fIinteger\fR ]; \&.\&.\&. };
+ server\-names { \fIquoted_string\fR; \&.\&.\&. };
+ sig\-signing\-nodes \fIinteger\fR;
+ sig\-signing\-signatures \fIinteger\fR;
+ sig\-signing\-type \fIinteger\fR;
+ sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
+ transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR |
+ * ) ] [ dscp \fIinteger\fR ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
+ \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
+ try\-tcp\-refresh \fIboolean\fR;
+ type ( delegation\-only | forward | hint | master | redirect
+ | slave | static\-stub | stub );
+ update\-check\-ksk \fIboolean\fR;
+ update\-policy ( local | { ( deny | grant ) \fIstring\fR (
+ 6to4\-self | external | krb5\-self | krb5\-subdomain |
+ ms\-self | ms\-subdomain | name | self | selfsub |
+ selfwild | subdomain | tcp\-self | wildcard | zonesub )
+ [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zero\-no\-soa\-ttl \fIboolean\fR;
+ zone\-statistics ( full | terse | none | \fIboolean\fR );
+ };
+ zone\-statistics ( full | terse | none | \fIboolean\fR );
};
.fi
.if n \{\
.RS 4
.\}
.nf
-zone \fIstring\fR \fIoptional_class\fR {
- type ( master | slave | stub | hint | redirect |
- forward | delegation\-only );
- file \fIquoted_string\fR;
- masters [ port \fIinteger\fR ] {
- ( \fImasters\fR |
- \fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&.
- };
- database \fIstring\fR;
- delegation\-only \fIboolean\fR;
- check\-names ( fail | warn | ignore );
- check\-mx ( fail | warn | ignore );
- check\-integrity \fIboolean\fR;
- check\-mx\-cname ( fail | warn | ignore );
- check\-srv\-cname ( fail | warn | ignore );
- dialup \fIdialuptype\fR;
- ixfr\-from\-differences \fIboolean\fR;
- journal \fIquoted_string\fR;
- zero\-no\-soa\-ttl \fIboolean\fR;
- dnssec\-secure\-to\-insecure \fIboolean\fR;
+zone \fIstring\fR [ \fIclass\fR ] {
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
- update\-policy \fIlocal\fR | \fI {
- ( grant | deny ) \fR\fI\fIstring\fR\fR\fI
- ( name | subdomain | wildcard | self | selfsub | selfwild |
- krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
- tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
- \fR\fI\fIrrtypelist\fR\fR\fI;
- \fR\fI[\&.\&.\&.]\fR\fI
- }\fR;
- update\-check\-ksk \fIboolean\fR;
+ also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
+ \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
+ alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
+ alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
+ * ) ] [ dscp \fIinteger\fR ];
+ auto\-dnssec ( allow | maintain | off );
+ check\-dup\-records ( fail | warn | ignore );
+ check\-integrity \fIboolean\fR;
+ check\-mx ( fail | warn | ignore );
+ check\-mx\-cname ( fail | warn | ignore );
+ check\-names ( fail | warn | ignore );
+ check\-sibling \fIboolean\fR;
+ check\-spf ( warn | ignore );
+ check\-srv\-cname ( fail | warn | ignore );
+ check\-wildcard \fIboolean\fR;
+ database \fIstring\fR;
+ delegation\-only \fIboolean\fR;
+ dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR );
+ dlz \fIstring\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
- masterfile\-format ( text | raw | map );
- notify \fInotifytype\fR;
- notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
- notify\-delay \fIseconds\fR;
- notify\-to\-soa \fIboolean\fR;
- also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
- [ port \fIinteger\fR ]; \&.\&.\&.
- [ key \fIkeyname\fR ] \&.\&.\&. };
- allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
+ dnssec\-loadkeys\-interval \fIinteger\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
+ dnssec\-update\-mode ( maintain | no\-resign );
+ file \fIquoted_string\fR;
forward ( first | only );
- forwarders [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
- };
+ forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
+ | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
+ in\-view \fIstring\fR;
+ inline\-signing \fIboolean\fR;
+ ixfr\-from\-differences \fIboolean\fR;
+ journal \fIquoted_string\fR;
+ key\-directory \fIquoted_string\fR;
+ masterfile\-format ( map | raw | text );
+ masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR |
+ \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port
+ \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. };
max\-journal\-size \fIsize_no_default\fR;
max\-records \fIinteger\fR;
- max\-transfer\-time\-in \fIinteger\fR;
- max\-transfer\-time\-out \fIinteger\fR;
+ max\-refresh\-time \fIinteger\fR;
+ max\-retry\-time \fIinteger\fR;
max\-transfer\-idle\-in \fIinteger\fR;
max\-transfer\-idle\-out \fIinteger\fR;
- max\-retry\-time \fIinteger\fR;
- min\-retry\-time \fIinteger\fR;
- max\-refresh\-time \fIinteger\fR;
+ max\-transfer\-time\-in \fIinteger\fR;
+ max\-transfer\-time\-out \fIinteger\fR;
+ max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
+ min\-retry\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
+ notify ( explicit | master\-only | \fIboolean\fR );
+ notify\-delay \fIinteger\fR;
+ notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
+ [ dscp \fIinteger\fR ];
+ notify\-to\-soa \fIboolean\fR;
+ nsec3\-test\-zone \fIboolean\fR; // test only
+ pubkey \fIinteger\fR \fIinteger\fR
request\-ixfr \fIboolean\fR;
- sig\-validity\-interval \fIinteger\fR;
- transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- alt\-transfer\-source ( \fIipv4_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
- [ port ( \fIinteger\fR | * ) ];
- use\-alt\-transfer\-source \fIboolean\fR;
- zone\-statistics \fIboolean\fR;
+ serial\-update\-method ( increment | unixtime );
+ server\-addresses { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port
+ \fIinteger\fR ]; \&.\&.\&. };
+ server\-names { \fIquoted_string\fR; \&.\&.\&. };
+ sig\-signing\-nodes \fIinteger\fR;
+ sig\-signing\-signatures \fIinteger\fR;
+ sig\-signing\-type \fIinteger\fR;
+ sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
+ transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
+ dscp \fIinteger\fR ];
+ transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
+ ] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
- key\-directory \fIquoted_string\fR;
- nsec3\-test\-zone \fIboolean\fR; // testing only
- ixfr\-base \fIquoted_string\fR; // obsolete
- ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
- maintain\-ixfr\-base \fIboolean\fR; // obsolete
- max\-ixfr\-log\-size \fIsize\fR; // obsolete
- pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
+ type ( delegation\-only | forward | hint | master | redirect | slave
+ | static\-stub | stub );
+ update\-check\-ksk \fIboolean\fR;
+ update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
+ external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain
+ | name | self | selfsub | selfwild | subdomain | tcp\-self |
+ wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
+ use\-alt\-transfer\-source \fIboolean\fR;
+ zero\-no\-soa\-ttl \fIboolean\fR;
+ zone\-statistics ( full | terse | none | \fIboolean\fR );
};
.fi
.if n \{\
/etc/named\&.conf
.SH "SEE ALSO"
.PP
+\fBddns-confgen\fR(8),
\fBnamed\fR(8),
\fBnamed-checkconf\fR(8),
\fBrndc\fR(8),
+\fBrndc-confgen\fR(8),
BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
<h2>Name</h2>
<p>
<code class="filename">named.conf</code>
- — configuration file for named
+ — configuration file for <span class="command"><strong>named</strong></span>
</p>
</div>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.9"></a><h2>KEY</h2>
+<a name="id-1.9"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
-key <em class="replaceable"><code>domain_name</code></em> {<br>
- algorithm <em class="replaceable"><code>string</code></em>;<br>
- secret <em class="replaceable"><code>string</code></em>;<br>
+controls {<br>
+ inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> |<br>
+ * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] allow<br>
+ { <em class="replaceable"><code>address_match_element</code></em>; ... } [<span class="optional"><br>
+ keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
+ unix <em class="replaceable"><code>quoted_string</code></em> perm <em class="replaceable"><code>integer</code></em><br>
+ owner <em class="replaceable"><code>integer</code></em> group <em class="replaceable"><code>integer</code></em> [<span class="optional"><br>
+ keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.10"></a><h2>MASTERS</h2>
+<a name="id-1.10"></a><h2>DLZ</h2>
<div class="literallayout"><p><br>
-masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+dlz <em class="replaceable"><code>string</code></em> {<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ search <em class="replaceable"><code>boolean</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.11"></a><h2>SERVER</h2>
+<a name="id-1.11"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
-server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
- bogus <em class="replaceable"><code>boolean</code></em>;<br>
- edns <em class="replaceable"><code>boolean</code></em>;<br>
- edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- tcp-only <em class="replaceable"><code>boolean</code></em>;<br>
- provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- keys <em class="replaceable"><code>server_key</code></em>;<br>
- transfers <em class="replaceable"><code>integer</code></em>;<br>
- transfer-format ( many-answers | one-answer );<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+key <em class="replaceable"><code>string</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.12"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.12"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
-trusted-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
+logging {<br>
+ category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+ channel <em class="replaceable"><code>string</code></em> {<br>
+ file <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> versions ( "unlimited" | <em class="replaceable"><code>integer</code></em> )<br>
+ </span>] [<span class="optional"> size <em class="replaceable"><code>size</code></em> </span>];<br>
+ null;<br>
+ print-category <em class="replaceable"><code>boolean</code></em>;<br>
+ print-severity <em class="replaceable"><code>boolean</code></em>;<br>
+ print-time <em class="replaceable"><code>boolean</code></em>;<br>
+ severity <em class="replaceable"><code>log_severity</code></em>;<br>
+ stderr;<br>
+ syslog [<span class="optional"> <em class="replaceable"><code>syslog_facility</code></em> </span>];<br>
+ };<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.13"></a><h2>MANAGED-KEYS</h2>
+<a name="id-1.13"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
-managed-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
+lwres {<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ ndots <em class="replaceable"><code>integer</code></em>;<br>
+ search { <em class="replaceable"><code>string</code></em>; ... };<br>
+ view <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>];<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14"></a><h2>CONTROLS</h2>
+<a name="id-1.14"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
-controls {<br>
- inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
- allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
- [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
- unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
-};<br>
+managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.15"></a><h2>LOGGING</h2>
+<a name="id-1.15"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
-logging {<br>
- channel <em class="replaceable"><code>string</code></em> {<br>
- file <em class="replaceable"><code>log_file</code></em>;<br>
- syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
- null;<br>
- stderr;<br>
- severity <em class="replaceable"><code>log_severity</code></em>;<br>
- print-time <em class="replaceable"><code>boolean</code></em>;<br>
- print-severity <em class="replaceable"><code>boolean</code></em>;<br>
- print-category <em class="replaceable"><code>boolean</code></em>;<br>
- };<br>
- category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
-};<br>
+masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp<br>
+ <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"><br>
+ port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.16"></a><h2>LWRES</h2>
-
- <div class="literallayout"><p><br>
-lwres {<br>
- listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- };<br>
- view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
- search { <em class="replaceable"><code>string</code></em>; ... };<br>
- ndots <em class="replaceable"><code>integer</code></em>;<br>
-};<br>
-</p></div>
- </div>
-
- <div class="refsection">
-<a name="id-1.17"></a><h2>OPTIONS</h2>
+<a name="id-1.16"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
- avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
- avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+ acache-cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ acache-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ allow-new-zones <em class="replaceable"><code>boolean</code></em>;<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ attach-cache <em class="replaceable"><code>string</code></em>;<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ automatic-interface-scan <em class="replaceable"><code>boolean</code></em>;<br>
+ avoid-v4-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ avoid-v6-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ bindkeys-file <em class="replaceable"><code>quoted_string</code></em>;<br>
blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- coresize <em class="replaceable"><code>size</code></em>;<br>
- datasize <em class="replaceable"><code>size</code></em>;<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ check-dup-records ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( master | slave | response<br>
+ ) ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
+ coresize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
+ datasize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
+ deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<span class="optional"><br>
+ except-from { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ deny-answer-aliases { <em class="replaceable"><code>quoted_string</code></em>; ... } [<span class="optional"> except-from {<br>
+ <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+ dns64 <em class="replaceable"><code>netprefix</code></em> {<br>
+ break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
+ clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ exclude { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ mapped { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+ suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
+ };<br>
+ dns64-contact <em class="replaceable"><code>string</code></em>;<br>
+ dns64-server <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
+ <em class="replaceable"><code>string</code></em> | auto | no );<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ dnssec-validation ( yes | no | auto );<br>
+ dscp <em class="replaceable"><code>integer</code></em>;<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] ); ... };<br>
dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- files <em class="replaceable"><code>size</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
+ empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em><br>
+ <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
+ fetches-per-server <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ fetches-per-zone <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ files ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
+ filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
+ filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
+ flush-zones-on-shutdown <em class="replaceable"><code>boolean</code></em>;<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ geoip-directory ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
- host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
- host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
interface-interval <em class="replaceable"><code>integer</code></em>;<br>
- listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ ixfr-from-differences ( master | slave | <em class="replaceable"><code>boolean</code></em> );<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp<br>
+ <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp<br>
+ <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ masterfile-format ( map | raw | text );<br>
match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-records <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-depth <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-queries <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-rsa-exponent-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
+ memstatistics <em class="replaceable"><code>boolean</code></em>;<br>
memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ no-case-compress { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ nosit-udp-size <em class="replaceable"><code>integer</code></em>;, experimental<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
port <em class="replaceable"><code>integer</code></em>;<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ prefetch <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
querylog <em class="replaceable"><code>boolean</code></em>;<br>
- recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
+ rate-limit {<br>
+ all-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ errors-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ exempt-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ ipv4-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ ipv6-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ log-only <em class="replaceable"><code>boolean</code></em>;<br>
+ max-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ min-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ nodata-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ nxdomains-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ qps-scale <em class="replaceable"><code>integer</code></em>;<br>
+ referrals-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ responses-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ slip <em class="replaceable"><code>integer</code></em>;<br>
+ window <em class="replaceable"><code>integer</code></em>;<br>
+ };<br>
+ recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
+ resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
+ response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> policy ( cname | disabled<br>
+ | drop | given | no-op | nodata | nxdomain | passthru |<br>
+ tcp-only <em class="replaceable"><code>quoted_string</code></em> ) </span>] [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"><br>
+ max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>]; ... } [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>]<br>
+ [<span class="optional"> break-dnssec <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"><br>
+ min-ns-dots <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> qname-wait-recurse <em class="replaceable"><code>boolean</code></em> </span>];<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ rrset-order { [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> name<br>
+ <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
+ secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
- server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br>
- stacksize <em class="replaceable"><code>size</code></em>;<br>
+ serial-update-method ( increment | unixtime );<br>
+ server-id ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );<br>
+ session-keyalg <em class="replaceable"><code>string</code></em>;<br>
+ session-keyfile ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ session-keyname <em class="replaceable"><code>string</code></em>;<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ sit-secret <em class="replaceable"><code>string</code></em>;, experimental<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ stacksize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
+ tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
- tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
- transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
transfers-in <em class="replaceable"><code>integer</code></em>;<br>
transfers-out <em class="replaceable"><code>integer</code></em>;<br>
- version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
- allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
- auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
- minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
- recursion <em class="replaceable"><code>boolean</code></em>;<br>
- rrset-order {<br>
- [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
- [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
- };<br>
- provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
- additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
- additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
- queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
- queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
- cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
- resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
- min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
- lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- transfer-format ( many-answers | one-answer );<br>
- max-cache-size <em class="replaceable"><code>size</code></em>;<br>
- max-acache-size <em class="replaceable"><code>size</code></em>;<br>
- clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- check-names ( master | slave | response )<br>
- ( fail | warn | ignore );<br>
- check-mx ( fail | warn | ignore );<br>
- check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
- check-mx-cname ( fail | warn | ignore );<br>
- check-srv-cname ( fail | warn | ignore );<br>
- cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
- suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
- preferred-glue <em class="replaceable"><code>string</code></em>;<br>
- dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
- };<br>
- edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
- disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
- dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- dns64-server <em class="replaceable"><code>string</code></em>;<br>
- dns64-contact <em class="replaceable"><code>string</code></em>;<br>
- dns64 <em class="replaceable"><code>prefix</code></em> {<br>
- clients { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
- recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
- suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
- };<br>
-<br>
- empty-server <em class="replaceable"><code>string</code></em>;<br>
- empty-contact <em class="replaceable"><code>string</code></em>;<br>
- empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
- disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
-<br>
- dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
- ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
-<br>
- allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+ trust-anchor-telemetry <em class="replaceable"><code>boolean</code></em>; // experimental<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- masterfile-format ( text | raw | map );<br>
- notify <em class="replaceable"><code>notifytype</code></em>;<br>
- notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
- notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
- [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
- allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
- forward ( first | only );<br>
- forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- };<br>
-<br>
- max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
- max-records <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
- max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
- min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
- multi-master <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
- sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
- sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
- sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
- sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
-<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
- key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
- managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
- auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
- try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ use-v4-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ use-v6-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
- automatic-interface-scan <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- deny-answer-addresses {<br>
- <em class="replaceable"><code>address_match_list</code></em><br>
- } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
- deny-answer-aliases {<br>
- <em class="replaceable"><code>namelist</code></em><br>
- } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
-<br>
- nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br>
-<br>
- allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
- deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
- multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
- serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
- treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.18"></a><h2>VIEW</h2>
+<a name="id-1.17"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
-view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
- match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- key <em class="replaceable"><code>string</code></em> {<br>
- algorithm <em class="replaceable"><code>string</code></em>;<br>
- secret <em class="replaceable"><code>string</code></em>;<br>
- };<br>
-<br>
- zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
- ...<br>
- };<br>
-<br>
- server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
- ...<br>
- };<br>
-<br>
- trusted-keys {<br>
- <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
- [<span class="optional">...</span>]<br>
- };<br>
-<br>
- managed-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>;<br>
- [<span class="optional">...</span>]<br>
- };<br>
-<br>
- allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
- auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
- minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
- recursion <em class="replaceable"><code>boolean</code></em>;<br>
- rrset-order {<br>
- [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
- [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
- };<br>
+server <em class="replaceable"><code>netprefix</code></em> {<br>
+ bogus <em class="replaceable"><code>boolean</code></em>;<br>
+ edns <em class="replaceable"><code>boolean</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ keys <em class="replaceable"><code>server_key</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ tcp-only <em class="replaceable"><code>boolean</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfers <em class="replaceable"><code>integer</code></em>;<br>
+};<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.18"></a><h2>STATISTICS-CHANNELS</h2>
+
+ <div class="literallayout"><p><br>
+statistics-channels {<br>
+ inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> |<br>
+ * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ allow { <em class="replaceable"><code>address_match_element</code></em>; ...<br>
+ } </span>];<br>
+};<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.19"></a><h2>TRUSTED-KEYS</h2>
+
+ <div class="literallayout"><p><br>
+trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.20"></a><h2>VIEW</h2>
+
+ <div class="literallayout"><p><br>
+view <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>] {<br>
+ acache-cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ acache-enable <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
- queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
- queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
- cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
- resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
- min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
- lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- transfer-format ( many-answers | one-answer );<br>
- max-cache-size <em class="replaceable"><code>size</code></em>;<br>
- max-acache-size <em class="replaceable"><code>size</code></em>;<br>
- clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- check-names ( master | slave | response )<br>
- ( fail | warn | ignore );<br>
- check-mx ( fail | warn | ignore );<br>
+ allow-new-zones <em class="replaceable"><code>boolean</code></em>;<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ attach-cache <em class="replaceable"><code>string</code></em>;<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ check-dup-records ( fail | warn | ignore );<br>
check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( master | slave | response<br>
+ ) ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
- cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
- suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
- preferred-glue <em class="replaceable"><code>string</code></em>;<br>
- dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
+ deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<span class="optional"><br>
+ except-from { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ deny-answer-aliases { <em class="replaceable"><code>quoted_string</code></em>; ... } [<span class="optional"> except-from {<br>
+ <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+ dlz <em class="replaceable"><code>string</code></em> {<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ search <em class="replaceable"><code>boolean</code></em>;<br>
};<br>
- edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
- disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
- dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- dns64-server <em class="replaceable"><code>string</code></em>;<br>
- dns64-contact <em class="replaceable"><code>string</code></em>;<br>
- dns64 <em class="replaceable"><code>prefix</code></em> {<br>
- clients { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br>
+ dns64 <em class="replaceable"><code>netprefix</code></em> {<br>
break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
+ clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ exclude { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ mapped { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
};<br>
-<br>
- empty-server <em class="replaceable"><code>string</code></em>;<br>
+ dns64-contact <em class="replaceable"><code>string</code></em>;<br>
+ dns64-server <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
+ <em class="replaceable"><code>string</code></em> | auto | no );<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ dnssec-validation ( yes | no | auto );<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] ); ... };<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
- disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
-<br>
- dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
- ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
-<br>
- allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- masterfile-format ( text | raw | map );<br>
- notify <em class="replaceable"><code>notifytype</code></em>;<br>
- notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
- notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
- [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
- allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
+ fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em><br>
+ <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
+ fetches-per-server <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ fetches-per-zone <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
+ filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
forward ( first | only );<br>
- forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
+ ixfr-from-differences ( master | slave | <em class="replaceable"><code>boolean</code></em> );<br>
+ key <em class="replaceable"><code>string</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
};<br>
-<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+ masterfile-format ( map | raw | text );<br>
+ match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-depth <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-queries <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
- max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
- sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
-<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ no-case-compress { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ nosit-udp-size <em class="replaceable"><code>integer</code></em>;, experimental<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ prefetch <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ rate-limit {<br>
+ all-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ errors-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ exempt-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ ipv4-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ ipv6-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ log-only <em class="replaceable"><code>boolean</code></em>;<br>
+ max-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ min-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ nodata-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ nxdomains-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ qps-scale <em class="replaceable"><code>integer</code></em>;<br>
+ referrals-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ responses-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ slip <em class="replaceable"><code>integer</code></em>;<br>
+ window <em class="replaceable"><code>integer</code></em>;<br>
+ };<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
+ response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> policy ( cname | disabled<br>
+ | drop | given | no-op | nodata | nxdomain | passthru |<br>
+ tcp-only <em class="replaceable"><code>quoted_string</code></em> ) </span>] [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"><br>
+ max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>]; ... } [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>]<br>
+ [<span class="optional"> break-dnssec <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"><br>
+ min-ns-dots <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> qname-wait-recurse <em class="replaceable"><code>boolean</code></em> </span>];<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ rrset-order { [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> name<br>
+ <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
+ serial-update-method ( increment | unixtime );<br>
+ server <em class="replaceable"><code>netprefix</code></em> {<br>
+ bogus <em class="replaceable"><code>boolean</code></em>;<br>
+ edns <em class="replaceable"><code>boolean</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ keys <em class="replaceable"><code>server_key</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | *<br>
+ ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em><br>
+ | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port<br>
+ ( <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] (<br>
+ <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"><br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] (<br>
+ <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ tcp-only <em class="replaceable"><code>boolean</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfers <em class="replaceable"><code>integer</code></em>;<br>
+ };<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ trust-anchor-telemetry <em class="replaceable"><code>boolean</code></em>; // experimental<br>
+ trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
+ ... };<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
- key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
- fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+ zone <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>] {<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { (<br>
+ <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>];<br>
+ ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ check-dup-records ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+ dialup ( notify | notify-passive | passive | refresh |<br>
+ <em class="replaceable"><code>boolean</code></em> );<br>
+ dlz <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { (<br>
+ <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ in-view <em class="replaceable"><code>string</code></em>;<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+ journal <em class="replaceable"><code>quoted_string</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ masterfile-format ( map | raw | text );<br>
+ masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em><br>
+ | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"><br>
+ port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ max-ixfr-log-size ( default | unlimited |<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-records <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | *<br>
+ ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em><br>
+ | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
+ pubkey <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em><br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ serial-update-method ( increment | unixtime );<br>
+ server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"><br>
+ port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ server-names { <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ type ( delegation-only | forward | hint | master | redirect<br>
+ | slave | static-stub | stub );<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
+ 6to4-self | external | krb5-self | krb5-subdomain |<br>
+ ms-self | ms-subdomain | name | self | selfsub |<br>
+ selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
+ [<span class="optional"> <em class="replaceable"><code>string</code></em> </span>] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
+ };<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.19"></a><h2>ZONE</h2>
+<a name="id-1.21"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
-zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
- type ( master | slave | stub | hint | redirect |<br>
- forward | delegation-only );<br>
- file <em class="replaceable"><code>quoted_string</code></em>;<br>
-<br>
- masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>masters</code></em> |<br>
- <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
- };<br>
-<br>
- database <em class="replaceable"><code>string</code></em>;<br>
- delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
- check-names ( fail | warn | ignore );<br>
- check-mx ( fail | warn | ignore );<br>
- check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
- check-mx-cname ( fail | warn | ignore );<br>
- check-srv-cname ( fail | warn | ignore );<br>
- dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
- ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
- journal <em class="replaceable"><code>quoted_string</code></em>;<br>
- zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
+zone <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>] {<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
- ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
- ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
- krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
- tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
- <em class="replaceable"><code>rrtypelist</code></em>;<br>
- [<span class="optional">...</span>]<br>
- }</code></em>;<br>
- update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ check-dup-records ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+ dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
+ dlz <em class="replaceable"><code>string</code></em>;<br>
dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- masterfile-format ( text | raw | map );<br>
- notify <em class="replaceable"><code>notifytype</code></em>;<br>
- notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
- notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
- [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
- allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ file <em class="replaceable"><code>quoted_string</code></em>;<br>
forward ( first | only );<br>
- forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- };<br>
-<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ in-view <em class="replaceable"><code>string</code></em>;<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+ journal <em class="replaceable"><code>quoted_string</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ masterfile-format ( map | raw | text );<br>
+ masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
- max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
+ pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
-<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ serial-update-method ( increment | unixtime );<br>
+ server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ server-names { <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
- key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
-<br>
- nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br>
-<br>
- ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
- ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
- maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
- pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ type ( delegation-only | forward | hint | master | redirect | slave<br>
+ | static-stub | stub );<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
+ external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
+ | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
+ wildcard | zonesub ) [<span class="optional"> <em class="replaceable"><code>string</code></em> </span>] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.20"></a><h2>FILES</h2>
+<a name="id-1.22"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.21"></a><h2>SEE ALSO</h2>
+<a name="id-1.23"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
- <span class="refentrytitle">named</span>(8)
+ <span class="refentrytitle">ddns-confgen</span>(8)
+ </span>,
+ <span class="citerefentry">
+ <span class="refentrytitle">named</span>(8)
+ </span>,
+ <span class="citerefentry">
+ <span class="refentrytitle">named-checkconf</span>(8)
</span>,
<span class="citerefentry">
- <span class="refentrytitle">named-checkconf</span>(8)
+ <span class="refentrytitle">rndc</span>(8)
</span>,
<span class="citerefentry">
- <span class="refentrytitle">rndc</span>(8)
+ <span class="refentrytitle">rndc-confgen</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
\fBrndc addzone\fR\&.
.RE
.PP
-\fBdumpdb \fR\fB[\-all|\-cache|\-zone|\-adb|\-bad]\fR\fB \fR\fB[\fIview \&.\&.\&.\fR]\fR
+\fBdumpdb \fR\fB[\-all|\-cache|\-zones|\-adb|\-bad]\fR\fB \fR\fB[\fIview \&.\&.\&.\fR]\fR
.RS 4
Dump the server\*(Aqs caches (default) and/or zones to the dump file for the specified views\&. If no view is specified, all views are dumped\&. (See the
\fBdump\-file\fR
See also <span class="command"><strong>rndc addzone</strong></span>.
</p>
</dd>
-<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zones|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
<dd>
<p>
Dump the server's caches (default) and/or zones to
- the
- dump file for the specified views. If no view is
- specified, all
- views are dumped.
+ the dump file for the specified views. If no view
+ is specified, all views are dumped.
(See the <span class="command"><strong>dump-file</strong></span> option in
the BIND 9 Administrator Reference Manual.)
</p>
docdir
oldincludedir
includedir
-runstatedir
localstatedir
sharedstatedir
sysconfdir
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
+ libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.6b1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_maint">Maintenance</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.5</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.6b1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>rndc ""</strong></span> could trigger an assertion failure
- in <span class="command"><strong>named</strong></span>. This flaw is disclosed in
- (CVE-2017-3138). [RT #44924]
- </p>
- </li>
-<li class="listitem">
- <p>
- Some chaining (i.e., type CNAME or DNAME) responses to upstream
- queries could trigger assertion failures. This flaw is disclosed
- in CVE-2017-3137. [RT #44734]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
- can result in an assertion failure. This flaw is disclosed in
- CVE-2017-3136. [RT #44653]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a server is configured with a response policy zone (RPZ)
- that rewrites an answer with local data, and is also configured
- for DNS64 address mapping, a NULL pointer can be read
- triggering a server crash. This flaw is disclosed in
- CVE-2017-3135. [RT #44434]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could mishandle authority sections
- with missing RRSIGs, triggering an assertion failure. This
- flaw is disclosed in CVE-2016-9444. [RT #43632]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> mishandled some responses where
- covering RRSIG records were returned without the requested
- data, resulting in an assertion failure. This flaw is
- disclosed in CVE-2016-9147. [RT #43548]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
- records which could trigger an assertion failure when there was
- a class mismatch. This flaw is disclosed in CVE-2016-9131.
- [RT #43522]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger assertions when processing
- responses containing answers of type DNAME. This flaw is
- disclosed in CVE-2016-8864. [RT #43465]
- </p>
- </li>
-<li class="listitem">
- <p>
- Added the ability to specify the maximum number of records
- permitted in a zone (<code class="option">max-records #;</code>).
- This provides a mechanism to block overly large zone
- transfers, which is a potential risk with slave zones from
- other parties, as described in CVE-2016-6170.
- [RT #42143]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger an assertion when rendering a
- message using a specially crafted request. This flaw is
- disclosed in CVE-2016-2776. [RT #43139]
- </p>
- </li>
-<li class="listitem">
- <p>
- Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non
- absolute name could trigger an infinite recursion bug in
- <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
- <span class="command"><strong>lwres</strong></span> configured if, when combined with
- a search list entry from <code class="filename">resolv.conf</code>,
- the resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> now provides feedback to the
- owners of zones which have trust anchors configured
- (<span class="command"><strong>trusted-keys</strong></span>,
- <span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
- auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
- by sending a daily query which encodes the keyids of the
- configured trust anchors for the zone. This is controlled
- by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
- to yes.
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- A new <span class="command"><strong>tcp-only</strong></span> option has been added to
- <span class="command"><strong>server</strong></span> clauses, to indicate that UDP should
- not be used when sending queries to a specified IP address or
- prefix.
+ None.
</p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
- to be disabled in 2017. A warning is now logged when
- <span class="command"><strong>named</strong></span> is configured to use this service,
- either explicitly or via <code class="option">dnssec-lookaside auto;</code>.
- [RT #42207]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- If an ACL is specified with an address prefix in which the
- prefix length is longer than the address portion (for example,
- 192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
- In future releases this will be a fatal configuration error.
- [RT #43367]
+ Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
+ names to assist debugging on operating systems that support that.
+ Threads will have names such as "isc-timer", "isc-sockmgr",
+ "isc-worker0001", and so on. This will affect the reporting of
+ subsidiary thread names in <span class="command"><strong>ps</strong></span> and
+ <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
</p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- A synthesized CNAME record appearing in a response before the
- associated DNAME could be cached, when it should not have been.
- This was a regression introduced while addressing CVE-2016-8864.
- [RT #44318]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could deadlock if multiple changes
- to NSEC/NSEC3 parameters for the same zone were being processed
- at the same time. [RT #42770]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could trigger an assertion when
- sending NOTIFY messages. [RT #44019]
- </p>
- </li>
-<li class="listitem">
- <p>
- Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
- Windows builds: some Visual Studio compilers generate code that
- crashes when the "%z" printf() format specifier is used. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Windows installs were failing due to triggering UAC without
- the installation binary being signed.
- </p>
- </li>
-<li class="listitem">
- <p>
- A change in the internal binary representation of the RBT database
- node structure enabled a race condition to occur (especially when
- BIND was built with certain compilers or optimizer settings),
- leading to inconsistent database state which caused random
- assertion failures. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
- statement could cause an assertion failure during configuration.
- [RT #43787]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>rndc addzone</strong></span> could cause a crash
- when attempting to add a zone with a type other than
- <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
- Such zones are now rejected. [RT #43665]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could hang when encountering log
- file names with large apparent gaps in version number (for
- example, when files exist called "logfile.0", "logfile.1",
- and "logfile.1482954169"). This is now handled correctly.
- [RT #38688]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a zone was updated while <span class="command"><strong>named</strong></span> was
- processing a query for nonexistent data, it could return
- out-of-sync NSEC3 records causing potential DNSSEC validation
- failure. [RT #43247]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when loading a zone
- which had RRISG records whose expiry fields were far enough
- apart to cause an integer overflow when comparing them.
- [RT #40571]
- </p>
- </li>
-<li class="listitem">
- <p>
- The <span class="command"><strong>arpaname</strong></span> and <span class="command"><strong>named-rrchecker</strong></span>
- commands were not installed into the correct
- <span class="command"><strong>prefix</strong></span><code class="filename">/bin</code> directory.
- [RT #42910]
- </p>
- </li>
-<li class="listitem">
- <p>
- When receiving a response from an authoritative server with
- a TTL value of zero, <span class="command"><strong>named></strong></span> will now only use
- that response once, to answer the currently active clients that
- were waiting for it. Previously, such response could be cached
- and reused for up to one second. [RT #42142]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named-checkconf</strong></span> now checks the
- <span class="command"><strong>rate-limit</strong></span> clause for correctness.
- [RT #42970]
- </p>
- </li>
-<li class="listitem">
- <p>
- Corrected a bug in the <span class="command"><strong>rndc</strong></span> control channel
- that could allow a read past the end of a buffer, crashing
- <span class="command"><strong>named</strong></span>. Thanks to Lian Yihan for reporting
- this error.
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- The built-in root hints have been updated to include
- IPv6 addresses for B.ROOT-SERVERS.NET (2001:500:84::b),
- E.ROOT-SERVERS.NET (2001:500:a8::e) and
- G.ROOT-SERVERS.NET (2001:500:12::d0d).
+ None.
</p>
</li></ul></div>
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
<span class="refentrytitle"><a href="man.named.html"><span class="application">named</span></a></span><span class="refpurpose"> — Internet domain name server</span>
</dt>
<dt>
-<span class="refentrytitle"><a href="man.named.conf.html"><code class="filename">named.conf</code></a></span><span class="refpurpose"> — configuration file for named</span>
+<span class="refentrytitle"><a href="man.named.conf.html"><code class="filename">named.conf</code></a></span><span class="refpurpose"> — configuration file for <span class="command"><strong>named</strong></span></span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.lwresd.html"><span class="application">lwresd</span></a></span><span class="refpurpose"> — lightweight resolver daemon</span>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.5</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.6b1</p></div>
<div><p class="copyright">Copyright © 2004-2016 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.6b1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#root_key">New DNSSEC Root Key</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_maint">Maintenance</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
<span class="refentrytitle"><a href="man.named.html"><span class="application">named</span></a></span><span class="refpurpose"> — Internet domain name server</span>
</dt>
<dt>
-<span class="refentrytitle"><a href="man.named.conf.html"><code class="filename">named.conf</code></a></span><span class="refpurpose"> — configuration file for named</span>
+<span class="refentrytitle"><a href="man.named.conf.html"><code class="filename">named.conf</code></a></span><span class="refpurpose"> — configuration file for <span class="command"><strong>named</strong></span></span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.lwresd.html"><span class="application">lwresd</span></a></span><span class="refpurpose"> — lightweight resolver daemon</span>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
<h2>Name</h2>
<p>
<code class="filename">named.conf</code>
- — configuration file for named
+ — configuration file for <span class="command"><strong>named</strong></span>
</p>
</div>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.9"></a><h2>KEY</h2>
+<a name="id-1.14.18.9"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
-key <em class="replaceable"><code>domain_name</code></em> {<br>
- algorithm <em class="replaceable"><code>string</code></em>;<br>
- secret <em class="replaceable"><code>string</code></em>;<br>
+controls {<br>
+ inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> |<br>
+ * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] allow<br>
+ { <em class="replaceable"><code>address_match_element</code></em>; ... } [<span class="optional"><br>
+ keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
+ unix <em class="replaceable"><code>quoted_string</code></em> perm <em class="replaceable"><code>integer</code></em><br>
+ owner <em class="replaceable"><code>integer</code></em> group <em class="replaceable"><code>integer</code></em> [<span class="optional"><br>
+ keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.10"></a><h2>MASTERS</h2>
+<a name="id-1.14.18.10"></a><h2>DLZ</h2>
<div class="literallayout"><p><br>
-masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+dlz <em class="replaceable"><code>string</code></em> {<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ search <em class="replaceable"><code>boolean</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.11"></a><h2>SERVER</h2>
+<a name="id-1.14.18.11"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
-server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
- bogus <em class="replaceable"><code>boolean</code></em>;<br>
- edns <em class="replaceable"><code>boolean</code></em>;<br>
- edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- tcp-only <em class="replaceable"><code>boolean</code></em>;<br>
- provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- keys <em class="replaceable"><code>server_key</code></em>;<br>
- transfers <em class="replaceable"><code>integer</code></em>;<br>
- transfer-format ( many-answers | one-answer );<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+key <em class="replaceable"><code>string</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.12"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.14.18.12"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
-trusted-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
+logging {<br>
+ category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+ channel <em class="replaceable"><code>string</code></em> {<br>
+ file <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> versions ( "unlimited" | <em class="replaceable"><code>integer</code></em> )<br>
+ </span>] [<span class="optional"> size <em class="replaceable"><code>size</code></em> </span>];<br>
+ null;<br>
+ print-category <em class="replaceable"><code>boolean</code></em>;<br>
+ print-severity <em class="replaceable"><code>boolean</code></em>;<br>
+ print-time <em class="replaceable"><code>boolean</code></em>;<br>
+ severity <em class="replaceable"><code>log_severity</code></em>;<br>
+ stderr;<br>
+ syslog [<span class="optional"> <em class="replaceable"><code>syslog_facility</code></em> </span>];<br>
+ };<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.13"></a><h2>MANAGED-KEYS</h2>
+<a name="id-1.14.18.13"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
-managed-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
+lwres {<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ ndots <em class="replaceable"><code>integer</code></em>;<br>
+ search { <em class="replaceable"><code>string</code></em>; ... };<br>
+ view <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>];<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.14"></a><h2>CONTROLS</h2>
+<a name="id-1.14.18.14"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
-controls {<br>
- inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
- allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
- [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
- unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
-};<br>
+managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.15"></a><h2>LOGGING</h2>
+<a name="id-1.14.18.15"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
-logging {<br>
- channel <em class="replaceable"><code>string</code></em> {<br>
- file <em class="replaceable"><code>log_file</code></em>;<br>
- syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
- null;<br>
- stderr;<br>
- severity <em class="replaceable"><code>log_severity</code></em>;<br>
- print-time <em class="replaceable"><code>boolean</code></em>;<br>
- print-severity <em class="replaceable"><code>boolean</code></em>;<br>
- print-category <em class="replaceable"><code>boolean</code></em>;<br>
- };<br>
- category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
-};<br>
+masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp<br>
+ <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"><br>
+ port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.16"></a><h2>LWRES</h2>
-
- <div class="literallayout"><p><br>
-lwres {<br>
- listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- };<br>
- view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
- search { <em class="replaceable"><code>string</code></em>; ... };<br>
- ndots <em class="replaceable"><code>integer</code></em>;<br>
-};<br>
-</p></div>
- </div>
-
- <div class="refsection">
-<a name="id-1.14.18.17"></a><h2>OPTIONS</h2>
+<a name="id-1.14.18.16"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
- avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
- avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+ acache-cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ acache-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ allow-new-zones <em class="replaceable"><code>boolean</code></em>;<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ attach-cache <em class="replaceable"><code>string</code></em>;<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ automatic-interface-scan <em class="replaceable"><code>boolean</code></em>;<br>
+ avoid-v4-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ avoid-v6-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ bindkeys-file <em class="replaceable"><code>quoted_string</code></em>;<br>
blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- coresize <em class="replaceable"><code>size</code></em>;<br>
- datasize <em class="replaceable"><code>size</code></em>;<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ check-dup-records ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( master | slave | response<br>
+ ) ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
+ coresize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
+ datasize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
+ deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<span class="optional"><br>
+ except-from { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ deny-answer-aliases { <em class="replaceable"><code>quoted_string</code></em>; ... } [<span class="optional"> except-from {<br>
+ <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+ dns64 <em class="replaceable"><code>netprefix</code></em> {<br>
+ break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
+ clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ exclude { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ mapped { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+ suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
+ };<br>
+ dns64-contact <em class="replaceable"><code>string</code></em>;<br>
+ dns64-server <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
+ <em class="replaceable"><code>string</code></em> | auto | no );<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ dnssec-validation ( yes | no | auto );<br>
+ dscp <em class="replaceable"><code>integer</code></em>;<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] ); ... };<br>
dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- files <em class="replaceable"><code>size</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
+ empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em><br>
+ <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
+ fetches-per-server <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ fetches-per-zone <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ files ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
+ filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
+ filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
+ flush-zones-on-shutdown <em class="replaceable"><code>boolean</code></em>;<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ geoip-directory ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
- host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
- host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
interface-interval <em class="replaceable"><code>integer</code></em>;<br>
- listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ ixfr-from-differences ( master | slave | <em class="replaceable"><code>boolean</code></em> );<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp<br>
+ <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp<br>
+ <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ masterfile-format ( map | raw | text );<br>
match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-records <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-depth <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-queries <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-rsa-exponent-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
+ memstatistics <em class="replaceable"><code>boolean</code></em>;<br>
memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ no-case-compress { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ nosit-udp-size <em class="replaceable"><code>integer</code></em>;, experimental<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
port <em class="replaceable"><code>integer</code></em>;<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ prefetch <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
querylog <em class="replaceable"><code>boolean</code></em>;<br>
- recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
+ rate-limit {<br>
+ all-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ errors-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ exempt-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ ipv4-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ ipv6-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ log-only <em class="replaceable"><code>boolean</code></em>;<br>
+ max-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ min-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ nodata-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ nxdomains-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ qps-scale <em class="replaceable"><code>integer</code></em>;<br>
+ referrals-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ responses-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ slip <em class="replaceable"><code>integer</code></em>;<br>
+ window <em class="replaceable"><code>integer</code></em>;<br>
+ };<br>
+ recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
+ resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
+ response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> policy ( cname | disabled<br>
+ | drop | given | no-op | nodata | nxdomain | passthru |<br>
+ tcp-only <em class="replaceable"><code>quoted_string</code></em> ) </span>] [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"><br>
+ max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>]; ... } [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>]<br>
+ [<span class="optional"> break-dnssec <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"><br>
+ min-ns-dots <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> qname-wait-recurse <em class="replaceable"><code>boolean</code></em> </span>];<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ rrset-order { [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> name<br>
+ <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
+ secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
- server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br>
- stacksize <em class="replaceable"><code>size</code></em>;<br>
+ serial-update-method ( increment | unixtime );<br>
+ server-id ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );<br>
+ session-keyalg <em class="replaceable"><code>string</code></em>;<br>
+ session-keyfile ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ session-keyname <em class="replaceable"><code>string</code></em>;<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ sit-secret <em class="replaceable"><code>string</code></em>;, experimental<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ stacksize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
+ tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
- tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
- transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
transfers-in <em class="replaceable"><code>integer</code></em>;<br>
transfers-out <em class="replaceable"><code>integer</code></em>;<br>
- version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
- allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
- auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
- minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
- recursion <em class="replaceable"><code>boolean</code></em>;<br>
- rrset-order {<br>
- [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
- [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
- };<br>
- provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
- additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
- additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
- queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
- queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
- cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
- resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
- min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
- lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- transfer-format ( many-answers | one-answer );<br>
- max-cache-size <em class="replaceable"><code>size</code></em>;<br>
- max-acache-size <em class="replaceable"><code>size</code></em>;<br>
- clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- check-names ( master | slave | response )<br>
- ( fail | warn | ignore );<br>
- check-mx ( fail | warn | ignore );<br>
- check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
- check-mx-cname ( fail | warn | ignore );<br>
- check-srv-cname ( fail | warn | ignore );<br>
- cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
- suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
- preferred-glue <em class="replaceable"><code>string</code></em>;<br>
- dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
- };<br>
- edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
- disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
- dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- dns64-server <em class="replaceable"><code>string</code></em>;<br>
- dns64-contact <em class="replaceable"><code>string</code></em>;<br>
- dns64 <em class="replaceable"><code>prefix</code></em> {<br>
- clients { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
- recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
- suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
- };<br>
-<br>
- empty-server <em class="replaceable"><code>string</code></em>;<br>
- empty-contact <em class="replaceable"><code>string</code></em>;<br>
- empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
- disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
-<br>
- dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
- ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
-<br>
- allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+ trust-anchor-telemetry <em class="replaceable"><code>boolean</code></em>; // experimental<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- masterfile-format ( text | raw | map );<br>
- notify <em class="replaceable"><code>notifytype</code></em>;<br>
- notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
- notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
- [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
- allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
- forward ( first | only );<br>
- forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- };<br>
-<br>
- max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
- max-records <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
- max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
- min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
- multi-master <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
- sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
- sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
- sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
- sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
-<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
- key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
- managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
- auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
- try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ use-v4-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ use-v6-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
+ version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
- automatic-interface-scan <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- deny-answer-addresses {<br>
- <em class="replaceable"><code>address_match_list</code></em><br>
- } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
- deny-answer-aliases {<br>
- <em class="replaceable"><code>namelist</code></em><br>
- } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
-<br>
- nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br>
-<br>
- allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
- deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
- multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
- serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
- treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.18"></a><h2>VIEW</h2>
+<a name="id-1.14.18.17"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
-view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
- match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- key <em class="replaceable"><code>string</code></em> {<br>
- algorithm <em class="replaceable"><code>string</code></em>;<br>
- secret <em class="replaceable"><code>string</code></em>;<br>
- };<br>
-<br>
- zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
- ...<br>
- };<br>
-<br>
- server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
- ...<br>
- };<br>
-<br>
- trusted-keys {<br>
- <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
- [<span class="optional">...</span>]<br>
- };<br>
-<br>
- managed-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>;<br>
- [<span class="optional">...</span>]<br>
- };<br>
-<br>
- allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
- auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
- minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
- recursion <em class="replaceable"><code>boolean</code></em>;<br>
- rrset-order {<br>
- [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
- [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
- };<br>
+server <em class="replaceable"><code>netprefix</code></em> {<br>
+ bogus <em class="replaceable"><code>boolean</code></em>;<br>
+ edns <em class="replaceable"><code>boolean</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ keys <em class="replaceable"><code>server_key</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ tcp-only <em class="replaceable"><code>boolean</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfers <em class="replaceable"><code>integer</code></em>;<br>
+};<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.14.18.18"></a><h2>STATISTICS-CHANNELS</h2>
+
+ <div class="literallayout"><p><br>
+statistics-channels {<br>
+ inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> |<br>
+ * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ allow { <em class="replaceable"><code>address_match_element</code></em>; ...<br>
+ } </span>];<br>
+};<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.14.18.19"></a><h2>TRUSTED-KEYS</h2>
+
+ <div class="literallayout"><p><br>
+trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.14.18.20"></a><h2>VIEW</h2>
+
+ <div class="literallayout"><p><br>
+view <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>] {<br>
+ acache-cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ acache-enable <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
- queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
- queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
- cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
- resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
- min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
- lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
- transfer-format ( many-answers | one-answer );<br>
- max-cache-size <em class="replaceable"><code>size</code></em>;<br>
- max-acache-size <em class="replaceable"><code>size</code></em>;<br>
- clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
- check-names ( master | slave | response )<br>
- ( fail | warn | ignore );<br>
- check-mx ( fail | warn | ignore );<br>
+ allow-new-zones <em class="replaceable"><code>boolean</code></em>;<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ attach-cache <em class="replaceable"><code>string</code></em>;<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ check-dup-records ( fail | warn | ignore );<br>
check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( master | slave | response<br>
+ ) ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
- cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
- suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
- preferred-glue <em class="replaceable"><code>string</code></em>;<br>
- dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
+ deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<span class="optional"><br>
+ except-from { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ deny-answer-aliases { <em class="replaceable"><code>quoted_string</code></em>; ... } [<span class="optional"> except-from {<br>
+ <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
+ ... };<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+ dlz <em class="replaceable"><code>string</code></em> {<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ search <em class="replaceable"><code>boolean</code></em>;<br>
};<br>
- edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
- root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
- disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- disable-ds-digests <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
- dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
- dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- dns64-server <em class="replaceable"><code>string</code></em>;<br>
- dns64-contact <em class="replaceable"><code>string</code></em>;<br>
- dns64 <em class="replaceable"><code>prefix</code></em> {<br>
- clients { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br>
- mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br>
+ dns64 <em class="replaceable"><code>netprefix</code></em> {<br>
break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
+ clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ exclude { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ mapped { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
};<br>
-<br>
- empty-server <em class="replaceable"><code>string</code></em>;<br>
+ dns64-contact <em class="replaceable"><code>string</code></em>;<br>
+ dns64-server <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
+ <em class="replaceable"><code>string</code></em> | auto | no );<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ dnssec-validation ( yes | no | auto );<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] ); ... };<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
- disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
-<br>
- dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
- ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
-<br>
- allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- masterfile-format ( text | raw | map );<br>
- notify <em class="replaceable"><code>notifytype</code></em>;<br>
- notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
- notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
- [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
- allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
+ fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em><br>
+ <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
+ fetches-per-server <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ fetches-per-zone <em class="replaceable"><code>integer</code></em> [<span class="optional"> ( drop | fail ) </span>];<br>
+ filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
+ filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
forward ( first | only );<br>
- forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
+ ixfr-from-differences ( master | slave | <em class="replaceable"><code>boolean</code></em> );<br>
+ key <em class="replaceable"><code>string</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
};<br>
-<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+ masterfile-format ( map | raw | text );<br>
+ match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-depth <em class="replaceable"><code>integer</code></em>;<br>
+ max-recursion-queries <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
- max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
- sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
-<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ no-case-compress { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ nosit-udp-size <em class="replaceable"><code>integer</code></em>;, experimental<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ prefetch <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>]<br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ rate-limit {<br>
+ all-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ errors-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ exempt-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ ipv4-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ ipv6-prefix-length <em class="replaceable"><code>integer</code></em>;<br>
+ log-only <em class="replaceable"><code>boolean</code></em>;<br>
+ max-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ min-table-size <em class="replaceable"><code>integer</code></em>;<br>
+ nodata-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ nxdomains-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ qps-scale <em class="replaceable"><code>integer</code></em>;<br>
+ referrals-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ responses-per-second <em class="replaceable"><code>integer</code></em>;<br>
+ slip <em class="replaceable"><code>integer</code></em>;<br>
+ window <em class="replaceable"><code>integer</code></em>;<br>
+ };<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
+ response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [<span class="optional"> policy ( cname | disabled<br>
+ | drop | given | no-op | nodata | nxdomain | passthru |<br>
+ tcp-only <em class="replaceable"><code>quoted_string</code></em> ) </span>] [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"><br>
+ max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>]; ... } [<span class="optional"> recursive-only <em class="replaceable"><code>boolean</code></em> </span>]<br>
+ [<span class="optional"> break-dnssec <em class="replaceable"><code>boolean</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"><br>
+ min-ns-dots <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> qname-wait-recurse <em class="replaceable"><code>boolean</code></em> </span>];<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ rrset-order { [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> name<br>
+ <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
+ serial-update-method ( increment | unixtime );<br>
+ server <em class="replaceable"><code>netprefix</code></em> {<br>
+ bogus <em class="replaceable"><code>boolean</code></em>;<br>
+ edns <em class="replaceable"><code>boolean</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ keys <em class="replaceable"><code>server_key</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | *<br>
+ ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em><br>
+ | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port<br>
+ ( <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] (<br>
+ <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ query-source-v6 ( ( [<span class="optional"> address </span>] ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"><br>
+ port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] ) | ( [<span class="optional"> [<span class="optional"> address </span>] (<br>
+ <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-nsid <em class="replaceable"><code>boolean</code></em>;<br>
+ request-sit <em class="replaceable"><code>boolean</code></em>;, experimental<br>
+ tcp-only <em class="replaceable"><code>boolean</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfers <em class="replaceable"><code>integer</code></em>;<br>
+ };<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ trust-anchor-telemetry <em class="replaceable"><code>boolean</code></em>; // experimental<br>
+ trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
+ ... };<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
- key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
- fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+ zone <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>] {<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { (<br>
+ <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>];<br>
+ ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ check-dup-records ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+ dialup ( notify | notify-passive | passive | refresh |<br>
+ <em class="replaceable"><code>boolean</code></em> );<br>
+ dlz <em class="replaceable"><code>string</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { (<br>
+ <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ in-view <em class="replaceable"><code>string</code></em>;<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+ journal <em class="replaceable"><code>quoted_string</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ masterfile-format ( map | raw | text );<br>
+ masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em><br>
+ | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"><br>
+ port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ max-ixfr-log-size ( default | unlimited |<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-records <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | *<br>
+ ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em><br>
+ | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
+ pubkey <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em><br>
+ <em class="replaceable"><code>integer</code></em><br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ serial-update-method ( increment | unixtime );<br>
+ server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"><br>
+ port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ server-names { <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port (<br>
+ <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ type ( delegation-only | forward | hint | master | redirect<br>
+ | slave | static-stub | stub );<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
+ 6to4-self | external | krb5-self | krb5-subdomain |<br>
+ ms-self | ms-subdomain | name | self | selfsub |<br>
+ selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
+ [<span class="optional"> <em class="replaceable"><code>string</code></em> </span>] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
+ };<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.19"></a><h2>ZONE</h2>
+<a name="id-1.14.18.21"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
-zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
- type ( master | slave | stub | hint | redirect |<br>
- forward | delegation-only );<br>
- file <em class="replaceable"><code>quoted_string</code></em>;<br>
-<br>
- masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>masters</code></em> |<br>
- <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
- <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
- };<br>
-<br>
- database <em class="replaceable"><code>string</code></em>;<br>
- delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
- check-names ( fail | warn | ignore );<br>
- check-mx ( fail | warn | ignore );<br>
- check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
- check-mx-cname ( fail | warn | ignore );<br>
- check-srv-cname ( fail | warn | ignore );<br>
- dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
- ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
- journal <em class="replaceable"><code>quoted_string</code></em>;<br>
- zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
- dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
+zone <em class="replaceable"><code>string</code></em> [<span class="optional"> <em class="replaceable"><code>class</code></em> </span>] {<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
- ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
- ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
- krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
- tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
- <em class="replaceable"><code>rrtypelist</code></em>;<br>
- [<span class="optional">...</span>]<br>
- }</code></em>;<br>
- update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> |<br>
+ * ) </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ auto-dnssec ( allow | maintain | off );<br>
+ check-dup-records ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-names ( fail | warn | ignore );<br>
+ check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
+ check-spf ( warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+ dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
+ dlz <em class="replaceable"><code>string</code></em>;<br>
dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- masterfile-format ( text | raw | map );<br>
- notify <em class="replaceable"><code>notifytype</code></em>;<br>
- notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
- notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
- [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
- allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-<br>
+ dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-update-mode ( maintain | no-resign );<br>
+ file <em class="replaceable"><code>quoted_string</code></em>;<br>
forward ( first | only );<br>
- forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
- ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
- };<br>
-<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
+ | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ in-view <em class="replaceable"><code>string</code></em>;<br>
+ inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+ journal <em class="replaceable"><code>quoted_string</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ masterfile-format ( map | raw | text );<br>
+ masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] | <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ... };<br>
max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
- max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
- max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
- max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
+ notify-delay <em class="replaceable"><code>integer</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // test only<br>
+ pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
- sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
-<br>
- transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-<br>
- alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
- [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
- use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
-<br>
- zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ serial-update-method ( increment | unixtime );<br>
+ server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port<br>
+ <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+ server-names { <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
+ dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * )<br>
+ </span>] [<span class="optional"> dscp <em class="replaceable"><code>integer</code></em> </span>];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
- key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
-<br>
- nsec3-test-zone <em class="replaceable"><code>boolean</code></em>; // testing only<br>
-<br>
- ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
- ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
- maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
- max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
- pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ type ( delegation-only | forward | hint | master | redirect | slave<br>
+ | static-stub | stub );<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
+ external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
+ | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
+ wildcard | zonesub ) [<span class="optional"> <em class="replaceable"><code>string</code></em> </span>] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
};<br>
</p></div>
</div>
<div class="refsection">
-<a name="id-1.14.18.20"></a><h2>FILES</h2>
+<a name="id-1.14.18.22"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.14.18.21"></a><h2>SEE ALSO</h2>
+<a name="id-1.14.18.23"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
- <span class="refentrytitle">named</span>(8)
+ <span class="refentrytitle">ddns-confgen</span>(8)
+ </span>,
+ <span class="citerefentry">
+ <span class="refentrytitle">named</span>(8)
+ </span>,
+ <span class="citerefentry">
+ <span class="refentrytitle">named-checkconf</span>(8)
</span>,
<span class="citerefentry">
- <span class="refentrytitle">named-checkconf</span>(8)
+ <span class="refentrytitle">rndc</span>(8)
</span>,
<span class="citerefentry">
- <span class="refentrytitle">rndc</span>(8)
+ <span class="refentrytitle">rndc-confgen</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
See also <span class="command"><strong>rndc addzone</strong></span>.
</p>
</dd>
-<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
+<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zones|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
<dd>
<p>
Dump the server's caches (default) and/or zones to
- the
- dump file for the specified views. If no view is
- specified, all
- views are dumped.
+ the dump file for the specified views. If no view
+ is specified, all views are dumped.
(See the <span class="command"><strong>dump-file</strong></span> option in
the BIND 9 Administrator Reference Manual.)
</p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.5</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.6b1</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.10.5</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.10.6b1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>rndc ""</strong></span> could trigger an assertion failure
- in <span class="command"><strong>named</strong></span>. This flaw is disclosed in
- (CVE-2017-3138). [RT #44924]
- </p>
- </li>
-<li class="listitem">
- <p>
- Some chaining (i.e., type CNAME or DNAME) responses to upstream
- queries could trigger assertion failures. This flaw is disclosed
- in CVE-2017-3137. [RT #44734]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>dns64</strong></span> with <span class="command"><strong>break-dnssec yes;</strong></span>
- can result in an assertion failure. This flaw is disclosed in
- CVE-2017-3136. [RT #44653]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a server is configured with a response policy zone (RPZ)
- that rewrites an answer with local data, and is also configured
- for DNS64 address mapping, a NULL pointer can be read
- triggering a server crash. This flaw is disclosed in
- CVE-2017-3135. [RT #44434]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could mishandle authority sections
- with missing RRSIGs, triggering an assertion failure. This
- flaw is disclosed in CVE-2016-9444. [RT #43632]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> mishandled some responses where
- covering RRSIG records were returned without the requested
- data, resulting in an assertion failure. This flaw is
- disclosed in CVE-2016-9147. [RT #43548]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY
- records which could trigger an assertion failure when there was
- a class mismatch. This flaw is disclosed in CVE-2016-9131.
- [RT #43522]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger assertions when processing
- responses containing answers of type DNAME. This flaw is
- disclosed in CVE-2016-8864. [RT #43465]
- </p>
- </li>
-<li class="listitem">
- <p>
- Added the ability to specify the maximum number of records
- permitted in a zone (<code class="option">max-records #;</code>).
- This provides a mechanism to block overly large zone
- transfers, which is a potential risk with slave zones from
- other parties, as described in CVE-2016-6170.
- [RT #42143]
- </p>
- </li>
-<li class="listitem">
- <p>
- It was possible to trigger an assertion when rendering a
- message using a specially crafted request. This flaw is
- disclosed in CVE-2016-2776. [RT #43139]
- </p>
- </li>
-<li class="listitem">
- <p>
- Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non
- absolute name could trigger an infinite recursion bug in
- <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with
- <span class="command"><strong>lwres</strong></span> configured if, when combined with
- a search list entry from <code class="filename">resolv.conf</code>,
- the resulting name is too long. This flaw is disclosed in
- CVE-2016-2775. [RT #42694]
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> now provides feedback to the
- owners of zones which have trust anchors configured
- (<span class="command"><strong>trusted-keys</strong></span>,
- <span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
- auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
- by sending a daily query which encodes the keyids of the
- configured trust anchors for the zone. This is controlled
- by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
- to yes.
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- A new <span class="command"><strong>tcp-only</strong></span> option has been added to
- <span class="command"><strong>server</strong></span> clauses, to indicate that UDP should
- not be used when sending queries to a specified IP address or
- prefix.
+ None.
</p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
- to be disabled in 2017. A warning is now logged when
- <span class="command"><strong>named</strong></span> is configured to use this service,
- either explicitly or via <code class="option">dnssec-lookaside auto;</code>.
- [RT #42207]
- </p>
- </li>
-<li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- If an ACL is specified with an address prefix in which the
- prefix length is longer than the address portion (for example,
- 192.0.2.1/8), <span class="command"><strong>named</strong></span> will now log a warning.
- In future releases this will be a fatal configuration error.
- [RT #43367]
+ Threads in <span class="command"><strong>named</strong></span> are now set to human-readable
+ names to assist debugging on operating systems that support that.
+ Threads will have names such as "isc-timer", "isc-sockmgr",
+ "isc-worker0001", and so on. This will affect the reporting of
+ subsidiary thread names in <span class="command"><strong>ps</strong></span> and
+ <span class="command"><strong>top</strong></span>, but not the main thread. [RT #43234]
</p>
- </li>
-</ul></div>
+ </li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem">
- <p>
- A synthesized CNAME record appearing in a response before the
- associated DNAME could be cached, when it should not have been.
- This was a regression introduced while addressing CVE-2016-8864.
- [RT #44318]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could deadlock if multiple changes
- to NSEC/NSEC3 parameters for the same zone were being processed
- at the same time. [RT #42770]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could trigger an assertion when
- sending NOTIFY messages. [RT #44019]
- </p>
- </li>
-<li class="listitem">
- <p>
- Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
- Windows builds: some Visual Studio compilers generate code that
- crashes when the "%z" printf() format specifier is used. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Windows installs were failing due to triggering UAC without
- the installation binary being signed.
- </p>
- </li>
-<li class="listitem">
- <p>
- A change in the internal binary representation of the RBT database
- node structure enabled a race condition to occur (especially when
- BIND was built with certain compilers or optimizer settings),
- leading to inconsistent database state which caused random
- assertion failures. [RT #42380]
- </p>
- </li>
-<li class="listitem">
- <p>
- Referencing a nonexistent zone in a <span class="command"><strong>response-policy</strong></span>
- statement could cause an assertion failure during configuration.
- [RT #43787]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>rndc addzone</strong></span> could cause a crash
- when attempting to add a zone with a type other than
- <span class="command"><strong>master</strong></span> or <span class="command"><strong>slave</strong></span>.
- Such zones are now rejected. [RT #43665]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could hang when encountering log
- file names with large apparent gaps in version number (for
- example, when files exist called "logfile.0", "logfile.1",
- and "logfile.1482954169"). This is now handled correctly.
- [RT #38688]
- </p>
- </li>
-<li class="listitem">
- <p>
- If a zone was updated while <span class="command"><strong>named</strong></span> was
- processing a query for nonexistent data, it could return
- out-of-sync NSEC3 records causing potential DNSSEC validation
- failure. [RT #43247]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named</strong></span> could crash when loading a zone
- which had RRISG records whose expiry fields were far enough
- apart to cause an integer overflow when comparing them.
- [RT #40571]
- </p>
- </li>
-<li class="listitem">
- <p>
- The <span class="command"><strong>arpaname</strong></span> and <span class="command"><strong>named-rrchecker</strong></span>
- commands were not installed into the correct
- <span class="command"><strong>prefix</strong></span><code class="filename">/bin</code> directory.
- [RT #42910]
- </p>
- </li>
-<li class="listitem">
- <p>
- When receiving a response from an authoritative server with
- a TTL value of zero, <span class="command"><strong>named></strong></span> will now only use
- that response once, to answer the currently active clients that
- were waiting for it. Previously, such response could be cached
- and reused for up to one second. [RT #42142]
- </p>
- </li>
-<li class="listitem">
- <p>
- <span class="command"><strong>named-checkconf</strong></span> now checks the
- <span class="command"><strong>rate-limit</strong></span> clause for correctness.
- [RT #42970]
- </p>
- </li>
-<li class="listitem">
- <p>
- Corrected a bug in the <span class="command"><strong>rndc</strong></span> control channel
- that could allow a read past the end of a buffer, crashing
- <span class="command"><strong>named</strong></span>. Thanks to Lian Yihan for reporting
- this error.
- </p>
- </li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_maint"></a>Maintenance</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
- The built-in root hints have been updated to include
- IPv6 addresses for B.ROOT-SERVERS.NET (2001:500:84::b),
- E.ROOT-SERVERS.NET (2001:500:a8::e) and
- G.ROOT-SERVERS.NET (2001:500:12::d0d).
+ None.
</p>
</li></ul></div>
</div>
projects / thirdparty / bind9.git / commitdiff
