1 acl <string> { <address_match_element>; ... }; // may occur multiple times 2 3 controls { 4 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times 5 unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times 6 }; // may occur multiple times 7 8 dlz <string> { 9 database <string>; 10 search <boolean>; 11 }; // may occur multiple times 12 13 dnssec-policy <string> { 14 cdnskey <boolean>; 15 cds-digest-types { <string>; ... }; 16 dnskey-ttl <duration>; 17 inline-signing <boolean>; 18 keys { ( csk | ksk | zsk ) [ key-directory | key-store <string> ] lifetime <duration_or_unlimited> algorithm <string> [ tag-range <integer> <integer> ] [ <integer> ]; ... }; 19 manual-mode <boolean>; 20 max-zone-ttl <duration>; 21 nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ]; 22 offline-ksk <boolean>; 23 parent-ds-ttl <duration>; 24 parent-propagation-delay <duration>; 25 publish-safety <duration>; 26 purge-keys <duration>; 27 retire-safety <duration>; 28 signatures-jitter <duration>; 29 signatures-refresh <duration>; 30 signatures-validity <duration>; 31 signatures-validity-dnskey <duration>; 32 zone-propagation-delay <duration>; 33 }; // may occur multiple times 34 35 dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times 36 37 http <string> { 38 endpoints { <quoted_string>; ... }; 39 listener-clients <integer>; 40 streams-per-connection <integer>; 41 }; // may occur multiple times 42 43 key <string> { 44 algorithm <string>; 45 secret <string>; 46 }; // may occur multiple times 47 48 key-store <string> { 49 directory <string>; 50 pkcs11-uri <quoted_string>; 51 }; // may occur multiple times 52 53 logging { 54 category <string> { <string>; ... }; // may occur multiple times 55 channel <string> { 56 buffered <boolean>; 57 file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ]; 58 null; 59 print-category <boolean>; 60 print-severity <boolean>; 61 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 62 severity <log_severity>; 63 stderr; 64 syslog [ <syslog_facility> ]; 65 }; // may occur multiple times 66 }; 67 68 managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 69 70 options { 71 allow-new-zones <boolean>; 72 allow-notify { <address_match_element>; ... }; 73 allow-proxy { <address_match_element>; ... }; // experimental 74 allow-proxy-on { <address_match_element>; ... }; // experimental 75 allow-query { <address_match_element>; ... }; 76 allow-query-cache { <address_match_element>; ... }; 77 allow-query-cache-on { <address_match_element>; ... }; 78 allow-query-on { <address_match_element>; ... }; 79 allow-recursion { <address_match_element>; ... }; 80 allow-recursion-on { <address_match_element>; ... }; 81 allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... }; 82 allow-update { <address_match_element>; ... }; 83 allow-update-forwarding { <address_match_element>; ... }; 84 also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; 85 answer-cookie <boolean>; 86 attach-cache <string>; 87 auth-nxdomain <boolean>; 88 automatic-interface-scan <boolean>; 89 avoid-v4-udp-ports { <portrange>; ... }; // deprecated 90 avoid-v6-udp-ports { <portrange>; ... }; // deprecated 91 bindkeys-file <quoted_string>; // test only 92 blackhole { <address_match_element>; ... }; 93 catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 94 check-dup-records ( fail | warn | ignore ); 95 check-integrity <boolean>; 96 check-mx ( fail | warn | ignore ); 97 check-mx-cname ( fail | warn | ignore ); 98 check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times 99 check-sibling <boolean>; 100 check-spf ( warn | ignore ); 101 check-srv-cname ( fail | warn | ignore ); 102 check-svcb <boolean>; 103 check-wildcard <boolean>; 104 clients-per-query <integer>; 105 cookie-algorithm ( siphash24 ); 106 cookie-secret <string>; // may occur multiple times 107 deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ]; 108 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ]; 109 dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated 110 directory <quoted_string>; 111 disable-algorithms <string> { <string>; ... }; // may occur multiple times 112 disable-ds-digests <string> { <string>; ... }; // may occur multiple times 113 disable-empty-zone <string>; // may occur multiple times 114 dns64 <netprefix> { 115 break-dnssec <boolean>; 116 clients { <address_match_element>; ... }; 117 exclude { <address_match_element>; ... }; 118 mapped { <address_match_element>; ... }; 119 recursive-only <boolean>; 120 suffix <ipv6_address>; 121 }; // may occur multiple times 122 dns64-contact <string>; 123 dns64-server <string>; 124 dnskey-sig-validity <integer>; // obsolete 125 dnsrps-enable <boolean>; // not configured 126 dnsrps-library <quoted_string>; // not configured 127 dnsrps-options { <unspecified-text> }; // not configured 128 dnssec-accept-expired <boolean>; 129 dnssec-dnskey-kskonly <boolean>; // obsolete 130 dnssec-loadkeys-interval <integer>; 131 dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated 132 dnssec-policy <string>; 133 dnssec-secure-to-insecure <boolean>; // obsolete 134 dnssec-update-mode ( maintain | no-resign ); // obsolete 135 dnssec-validation ( yes | no | auto ); 136 dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured 137 dnstap-identity ( <quoted_string> | none | hostname ); // not configured 138 dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured 139 dnstap-version ( <quoted_string> | none ); // not configured 140 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }; 141 dump-file <quoted_string>; 142 edns-udp-size <integer>; 143 empty-contact <string>; 144 empty-server <string>; 145 empty-zones-enable <boolean>; 146 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 147 fetches-per-server <integer> [ ( drop | fail ) ]; 148 fetches-per-zone <integer> [ ( drop | fail ) ]; 149 flush-zones-on-shutdown <boolean>; 150 forward ( first | only ); 151 forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }; 152 fstrm-set-buffer-hint <integer>; // not configured 153 fstrm-set-flush-timeout <integer>; // not configured 154 fstrm-set-input-queue-size <integer>; // not configured 155 fstrm-set-output-notify-threshold <integer>; // not configured 156 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 157 fstrm-set-output-queue-size <integer>; // not configured 158 fstrm-set-reopen-interval <duration>; // not configured 159 geoip-directory ( <quoted_string> | none ); 160 heartbeat-interval <integer>; // deprecated 161 hostname ( <quoted_string> | none ); 162 http-listener-clients <integer>; 163 http-port <integer>; 164 http-streams-per-connection <integer>; 165 https-port <integer>; 166 interface-interval <duration>; 167 ipv4only-contact <string>; 168 ipv4only-enable <boolean>; 169 ipv4only-server <string>; 170 ixfr-from-differences ( primary | master | secondary | slave | <boolean> ); 171 keep-response-order { <address_match_element>; ... }; // obsolete 172 key-directory <quoted_string>; 173 lame-ttl <duration>; 174 listen-on [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times 175 listen-on-v6 [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times 176 lmdb-mapsize <sizeval>; 177 managed-keys-directory <quoted_string>; 178 masterfile-format ( raw | text ); 179 masterfile-style ( full | relative ); 180 match-mapped-addresses <boolean>; 181 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 182 max-cache-ttl <duration>; 183 max-clients-per-query <integer>; 184 max-ixfr-ratio ( unlimited | <percentage> ); 185 max-journal-size ( default | unlimited | <sizeval> ); 186 max-ncache-ttl <duration>; 187 max-query-count <integer>; 188 max-query-restarts <integer>; 189 max-records <integer>; 190 max-records-per-type <integer>; 191 max-recursion-depth <integer>; 192 max-recursion-queries <integer>; 193 max-refresh-time <integer>; 194 max-retry-time <integer>; 195 max-rsa-exponent-size <integer>; 196 max-stale-ttl <duration>; 197 max-transfer-idle-in <integer>; 198 max-transfer-idle-out <integer>; 199 max-transfer-time-in <integer>; 200 max-transfer-time-out <integer>; 201 max-types-per-name <integer>; 202 max-udp-size <integer>; 203 max-validation-failures-per-fetch <integer>; // experimental 204 max-validations-per-fetch <integer>; // experimental 205 max-zone-ttl ( unlimited | <duration> ); // deprecated 206 memstatistics <boolean>; 207 memstatistics-file <quoted_string>; 208 message-compression <boolean>; 209 min-cache-ttl <duration>; 210 min-ncache-ttl <duration>; 211 min-refresh-time <integer>; 212 min-retry-time <integer>; 213 min-transfer-rate-in <integer> <integer>; 214 minimal-any <boolean>; 215 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 216 multi-master <boolean>; 217 new-zones-directory <quoted_string>; 218 no-case-compress { <address_match_element>; ... }; 219 nocookie-udp-size <integer>; 220 notify ( explicit | master-only | primary-only | <boolean> ); 221 notify-defer <integer>; 222 notify-delay <integer>; 223 notify-rate <integer>; 224 notify-source ( <ipv4_address> | * ); 225 notify-source-v6 ( <ipv6_address> | * ); 226 notify-to-soa <boolean>; 227 nsec3-test-zone <boolean>; // test only 228 nta-lifetime <duration>; 229 nta-recheck <duration>; 230 nxdomain-redirect <string>; 231 parental-source ( <ipv4_address> | * ); 232 parental-source-v6 ( <ipv6_address> | * ); 233 pid-file ( <quoted_string> | none ); 234 port <integer>; 235 preferred-glue <string>; 236 prefetch <integer> [ <integer> ]; 237 provide-ixfr <boolean>; 238 qname-minimization ( strict | relaxed | disabled | off ); 239 query-source [ address ] ( <ipv4_address> | * | none ); 240 query-source-v6 [ address ] ( <ipv6_address> | * | none ); 241 querylog <boolean>; 242 rate-limit { 243 all-per-second <integer>; 244 errors-per-second <integer>; 245 exempt-clients { <address_match_element>; ... }; 246 ipv4-prefix-length <integer>; 247 ipv6-prefix-length <integer>; 248 log-only <boolean>; 249 max-table-size <integer>; 250 min-table-size <integer>; 251 nodata-per-second <integer>; 252 nxdomains-per-second <integer>; 253 qps-scale <integer>; 254 referrals-per-second <integer>; 255 responses-per-second <integer>; 256 slip <integer>; 257 window <integer>; 258 }; 259 recursing-file <quoted_string>; 260 recursion <boolean>; 261 recursive-clients <integer>; 262 request-expire <boolean>; 263 request-ixfr <boolean>; 264 request-nsid <boolean>; 265 require-server-cookie <boolean>; 266 resolver-query-timeout <integer>; 267 resolver-use-dns64 <boolean>; 268 response-padding { <address_match_element>; ... } block-size <integer>; 269 response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ servfail-until-ready <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ]; 270 responselog <boolean>; 271 reuseport <boolean>; 272 root-key-sentinel <boolean>; 273 rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }; 274 secroots-file <quoted_string>; 275 send-cookie <boolean>; 276 serial-query-rate <integer>; 277 serial-update-method ( date | increment | unixtime ); 278 server-id ( <quoted_string> | none | hostname ); 279 servfail-ttl <duration>; 280 session-keyalg <string>; 281 session-keyfile ( <quoted_string> | none ); 282 session-keyname <string>; 283 sig-signing-nodes <integer>; 284 sig-signing-signatures <integer>; 285 sig-signing-type <integer>; 286 sig-validity-interval <integer> [ <integer> ]; // obsolete 287 sig0checks-quota <integer>; // experimental 288 sig0checks-quota-exempt { <address_match_element>; ... }; // experimental 289 sig0key-checks-limit <integer>; 290 sig0message-checks-limit <integer>; 291 sortlist { <address_match_element>; ... }; // deprecated 292 stale-answer-client-timeout ( disabled | off | <integer> ); 293 stale-answer-enable <boolean>; 294 stale-answer-ttl <duration>; 295 stale-cache-enable <boolean>; 296 stale-refresh-time <duration>; 297 startup-notify-rate <integer>; 298 statistics-file <quoted_string>; 299 synth-from-dnssec <boolean>; 300 tcp-advertised-timeout <integer>; 301 tcp-clients <integer>; 302 tcp-idle-timeout <integer>; 303 tcp-initial-timeout <integer>; 304 tcp-keepalive-timeout <integer>; 305 tcp-listen-queue <integer>; 306 tcp-receive-buffer <integer>; 307 tcp-send-buffer <integer>; 308 tkey-domain <quoted_string>; // obsolete 309 tkey-gssapi-credential <quoted_string>; // deprecated 310 tkey-gssapi-keytab <quoted_string>; 311 tls-port <integer>; 312 transfer-format ( many-answers | one-answer ); 313 transfer-message-size <integer>; 314 transfer-source ( <ipv4_address> | * ); 315 transfer-source-v6 ( <ipv6_address> | * ); 316 transfers-in <integer>; 317 transfers-out <integer>; 318 transfers-per-ns <integer>; 319 trust-anchor-telemetry <boolean>; 320 try-tcp-refresh <boolean>; 321 udp-receive-buffer <integer>; 322 udp-send-buffer <integer>; 323 update-check-ksk <boolean>; // obsolete 324 update-quota <integer>; 325 use-v4-udp-ports { <portrange>; ... }; // deprecated 326 use-v6-udp-ports { <portrange>; ... }; // deprecated 327 v6-bias <integer>; 328 validate-except { <string>; ... }; 329 version ( <quoted_string> | none ); 330 zero-no-soa-ttl <boolean>; 331 zero-no-soa-ttl-cache <boolean>; 332 zone-statistics ( full | terse | none | <boolean> ); 333 }; 334 335 plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times 336 337 remote-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times 338 339 server <netprefix> { 340 bogus <boolean>; 341 edns <boolean>; 342 edns-udp-size <integer>; 343 edns-version <integer>; 344 keys <server_key>; 345 max-udp-size <integer>; 346 notify-source ( <ipv4_address> | * ); 347 notify-source-v6 ( <ipv6_address> | * ); 348 padding <integer>; 349 provide-ixfr <boolean>; 350 query-source [ address ] ( <ipv4_address> | * ); 351 query-source-v6 [ address ] ( <ipv6_address> | * ); 352 request-expire <boolean>; 353 request-ixfr <boolean>; 354 request-nsid <boolean>; 355 require-cookie <boolean>; 356 send-cookie <boolean>; 357 tcp-keepalive <boolean>; 358 tcp-only <boolean>; 359 transfer-format ( many-answers | one-answer ); 360 transfer-source ( <ipv4_address> | * ); 361 transfer-source-v6 ( <ipv6_address> | * ); 362 transfers <integer>; 363 }; // may occur multiple times 364 365 statistics-channels { 366 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times 367 }; // may occur multiple times 368 369 tls <string> { 370 ca-file <quoted_string>; 371 cert-file <quoted_string>; 372 cipher-suites <string>; 373 ciphers <string>; 374 dhparam-file <quoted_string>; 375 key-file <quoted_string>; 376 prefer-server-ciphers <boolean>; 377 protocols { <string>; ... }; 378 remote-hostname <quoted_string>; 379 session-tickets <boolean>; 380 }; // may occur multiple times 381 382 trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times 383 384 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 385 386 view <string> [ <class> ] { 387 allow-new-zones <boolean>; 388 allow-notify { <address_match_element>; ... }; 389 allow-proxy { <address_match_element>; ... }; // experimental 390 allow-proxy-on { <address_match_element>; ... }; // experimental 391 allow-query { <address_match_element>; ... }; 392 allow-query-cache { <address_match_element>; ... }; 393 allow-query-cache-on { <address_match_element>; ... }; 394 allow-query-on { <address_match_element>; ... }; 395 allow-recursion { <address_match_element>; ... }; 396 allow-recursion-on { <address_match_element>; ... }; 397 allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... }; 398 allow-update { <address_match_element>; ... }; 399 allow-update-forwarding { <address_match_element>; ... }; 400 also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; 401 attach-cache <string>; 402 auth-nxdomain <boolean>; 403 catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 404 check-dup-records ( fail | warn | ignore ); 405 check-integrity <boolean>; 406 check-mx ( fail | warn | ignore ); 407 check-mx-cname ( fail | warn | ignore ); 408 check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times 409 check-sibling <boolean>; 410 check-spf ( warn | ignore ); 411 check-srv-cname ( fail | warn | ignore ); 412 check-svcb <boolean>; 413 check-wildcard <boolean>; 414 clients-per-query <integer>; 415 deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ]; 416 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ]; 417 dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated 418 disable-algorithms <string> { <string>; ... }; // may occur multiple times 419 disable-ds-digests <string> { <string>; ... }; // may occur multiple times 420 disable-empty-zone <string>; // may occur multiple times 421 dlz <string> { 422 database <string>; 423 search <boolean>; 424 }; // may occur multiple times 425 dns64 <netprefix> { 426 break-dnssec <boolean>; 427 clients { <address_match_element>; ... }; 428 exclude { <address_match_element>; ... }; 429 mapped { <address_match_element>; ... }; 430 recursive-only <boolean>; 431 suffix <ipv6_address>; 432 }; // may occur multiple times 433 dns64-contact <string>; 434 dns64-server <string>; 435 dnskey-sig-validity <integer>; // obsolete 436 dnsrps-enable <boolean>; // not configured 437 dnsrps-options { <unspecified-text> }; // not configured 438 dnssec-accept-expired <boolean>; 439 dnssec-dnskey-kskonly <boolean>; // obsolete 440 dnssec-loadkeys-interval <integer>; 441 dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated 442 dnssec-policy <string>; 443 dnssec-secure-to-insecure <boolean>; // obsolete 444 dnssec-update-mode ( maintain | no-resign ); // obsolete 445 dnssec-validation ( yes | no | auto ); 446 dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured 447 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }; 448 dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times 449 edns-udp-size <integer>; 450 empty-contact <string>; 451 empty-server <string>; 452 empty-zones-enable <boolean>; 453 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 454 fetches-per-server <integer> [ ( drop | fail ) ]; 455 fetches-per-zone <integer> [ ( drop | fail ) ]; 456 forward ( first | only ); 457 forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }; 458 ipv4only-contact <string>; 459 ipv4only-enable <boolean>; 460 ipv4only-server <string>; 461 ixfr-from-differences ( primary | master | secondary | slave | <boolean> ); 462 key <string> { 463 algorithm <string>; 464 secret <string>; 465 }; // may occur multiple times 466 key-directory <quoted_string>; 467 lame-ttl <duration>; 468 lmdb-mapsize <sizeval>; 469 managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 470 masterfile-format ( raw | text ); 471 masterfile-style ( full | relative ); 472 match-clients { <address_match_element>; ... }; 473 match-destinations { <address_match_element>; ... }; 474 match-recursive-only <boolean>; 475 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 476 max-cache-ttl <duration>; 477 max-clients-per-query <integer>; 478 max-ixfr-ratio ( unlimited | <percentage> ); 479 max-journal-size ( default | unlimited | <sizeval> ); 480 max-ncache-ttl <duration>; 481 max-query-count <integer>; 482 max-query-restarts <integer>; 483 max-records <integer>; 484 max-records-per-type <integer>; 485 max-recursion-depth <integer>; 486 max-recursion-queries <integer>; 487 max-refresh-time <integer>; 488 max-retry-time <integer>; 489 max-stale-ttl <duration>; 490 max-transfer-idle-in <integer>; 491 max-transfer-idle-out <integer>; 492 max-transfer-time-in <integer>; 493 max-transfer-time-out <integer>; 494 max-types-per-name <integer>; 495 max-udp-size <integer>; 496 max-validation-failures-per-fetch <integer>; // experimental 497 max-validations-per-fetch <integer>; // experimental 498 max-zone-ttl ( unlimited | <duration> ); // deprecated 499 message-compression <boolean>; 500 min-cache-ttl <duration>; 501 min-ncache-ttl <duration>; 502 min-refresh-time <integer>; 503 min-retry-time <integer>; 504 min-transfer-rate-in <integer> <integer>; 505 minimal-any <boolean>; 506 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 507 multi-master <boolean>; 508 new-zones-directory <quoted_string>; 509 no-case-compress { <address_match_element>; ... }; 510 nocookie-udp-size <integer>; 511 notify ( explicit | master-only | primary-only | <boolean> ); 512 notify-defer <integer>; 513 notify-delay <integer>; 514 notify-source ( <ipv4_address> | * ); 515 notify-source-v6 ( <ipv6_address> | * ); 516 notify-to-soa <boolean>; 517 nsec3-test-zone <boolean>; // test only 518 nta-lifetime <duration>; 519 nta-recheck <duration>; 520 nxdomain-redirect <string>; 521 parental-source ( <ipv4_address> | * ); 522 parental-source-v6 ( <ipv6_address> | * ); 523 plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times 524 preferred-glue <string>; 525 prefetch <integer> [ <integer> ]; 526 provide-ixfr <boolean>; 527 qname-minimization ( strict | relaxed | disabled | off ); 528 query-source [ address ] ( <ipv4_address> | * | none ); 529 query-source-v6 [ address ] ( <ipv6_address> | * | none ); 530 rate-limit { 531 all-per-second <integer>; 532 errors-per-second <integer>; 533 exempt-clients { <address_match_element>; ... }; 534 ipv4-prefix-length <integer>; 535 ipv6-prefix-length <integer>; 536 log-only <boolean>; 537 max-table-size <integer>; 538 min-table-size <integer>; 539 nodata-per-second <integer>; 540 nxdomains-per-second <integer>; 541 qps-scale <integer>; 542 referrals-per-second <integer>; 543 responses-per-second <integer>; 544 slip <integer>; 545 window <integer>; 546 }; 547 recursion <boolean>; 548 request-expire <boolean>; 549 request-ixfr <boolean>; 550 request-nsid <boolean>; 551 require-server-cookie <boolean>; 552 resolver-query-timeout <integer>; 553 resolver-use-dns64 <boolean>; 554 response-padding { <address_match_element>; ... } block-size <integer>; 555 response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ servfail-until-ready <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ]; 556 root-key-sentinel <boolean>; 557 rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }; 558 send-cookie <boolean>; 559 serial-update-method ( date | increment | unixtime ); 560 server <netprefix> { 561 bogus <boolean>; 562 edns <boolean>; 563 edns-udp-size <integer>; 564 edns-version <integer>; 565 keys <server_key>; 566 max-udp-size <integer>; 567 notify-source ( <ipv4_address> | * ); 568 notify-source-v6 ( <ipv6_address> | * ); 569 padding <integer>; 570 provide-ixfr <boolean>; 571 query-source [ address ] ( <ipv4_address> | * ); 572 query-source-v6 [ address ] ( <ipv6_address> | * ); 573 request-expire <boolean>; 574 request-ixfr <boolean>; 575 request-nsid <boolean>; 576 require-cookie <boolean>; 577 send-cookie <boolean>; 578 tcp-keepalive <boolean>; 579 tcp-only <boolean>; 580 transfer-format ( many-answers | one-answer ); 581 transfer-source ( <ipv4_address> | * ); 582 transfer-source-v6 ( <ipv6_address> | * ); 583 transfers <integer>; 584 }; // may occur multiple times 585 servfail-ttl <duration>; 586 sig-signing-nodes <integer>; 587 sig-signing-signatures <integer>; 588 sig-signing-type <integer>; 589 sig-validity-interval <integer> [ <integer> ]; // obsolete 590 sig0key-checks-limit <integer>; 591 sig0message-checks-limit <integer>; 592 sortlist { <address_match_element>; ... }; // deprecated 593 stale-answer-client-timeout ( disabled | off | <integer> ); 594 stale-answer-enable <boolean>; 595 stale-answer-ttl <duration>; 596 stale-cache-enable <boolean>; 597 stale-refresh-time <duration>; 598 synth-from-dnssec <boolean>; 599 transfer-format ( many-answers | one-answer ); 600 transfer-source ( <ipv4_address> | * ); 601 transfer-source-v6 ( <ipv6_address> | * ); 602 trust-anchor-telemetry <boolean>; 603 trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times 604 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 605 try-tcp-refresh <boolean>; 606 update-check-ksk <boolean>; // obsolete 607 v6-bias <integer>; 608 validate-except { <string>; ... }; 609 zero-no-soa-ttl <boolean>; 610 zero-no-soa-ttl-cache <boolean>; 611 zone-statistics ( full | terse | none | <boolean> ); 612 }; // may occur multiple times 613 614
Indexes created Tue Mar 03 05:31:39 UTC 2026