named.conf
— configuration file for named
named.conf
named.conf
is the configuration file
for
named. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
controls {
inet ( ipv4_address
| ipv6_address
|
* ) [ port ( integer
| * ) ] allow
{ address_match_element
; ... } [
keys { string
; ... } ] [ read-only
boolean
];
unix quoted_string
perm integer
owner integer
group integer
[
keys { string
; ... } ] [ read-only
boolean
];
};
logging {
category string
{ string
; ... };
channel string
{
buffered boolean
;
file quoted_string
[ versions ( unlimited | integer
) ]
[ size size
] [ suffix ( increment | timestamp ) ];
null;
print-category boolean
;
print-severity boolean
;
print-time ( iso8601 | iso8601-utc | local | boolean
);
severity log_severity
;
stderr;
syslog [ syslog_facility
];
};
};
masters string
[ port integer
] [ dscp
integer
] { ( masters
| ipv4_address
[
port integer
] | ipv6_address
[ port
integer
] ) [ key string
]; ... };
options {
allow-new-zones boolean
;
allow-notify { address_match_element
; ... };
allow-query { address_match_element
; ... };
allow-query-cache { address_match_element
; ... };
allow-query-cache-on { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-recursion { address_match_element
; ... };
allow-recursion-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
also-notify [ port integer
] [ dscp integer
] { ( masters
|
ipv4_address
[ port integer
] | ipv6_address
[ port
integer
] ) [ key string
]; ... };
alt-transfer-source ( ipv4_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
alt-transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
|
* ) ] [ dscp integer
];
answer-cookie boolean
;
attach-cache string
;
auth-nxdomain boolean
; // default changed
auto-dnssec ( allow | maintain | off );
automatic-interface-scan boolean
;
avoid-v4-udp-ports { portrange
; ... };
avoid-v6-udp-ports { portrange
; ... };
bindkeys-file quoted_string
;
blackhole { address_match_element
; ... };
cache-file quoted_string
;
catalog-zones { zone string
[ default-masters [ port integer
]
[ dscp integer
] { ( masters
| ipv4_address
[ port
integer
] | ipv6_address
[ port integer
] ) [ key
string
]; ... } ] [ zone-directory quoted_string
] [
in-memory boolean
] [ min-update-interval ttlval
]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean
;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling boolean
;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean
;
cleaning-interval integer
;
clients-per-query integer
;
cookie-algorithm ( aes | sha1 | sha256 | siphash24 );
cookie-secret string
;
coresize ( default | unlimited | sizeval
);
datasize ( default | unlimited | sizeval
);
deny-answer-addresses { address_match_element
; ... } [
except-from { string
; ... } ];
deny-answer-aliases { string
; ... } [ except-from { string
; ...
} ];
dialup ( notify | notify-passive | passive | refresh | boolean
);
directory quoted_string
;
disable-algorithms string
{ string
;
... };
disable-ds-digests string
{ string
;
... };
disable-empty-zone string
;
dns64 netprefix
{
break-dnssec boolean
;
clients { address_match_element
; ... };
exclude { address_match_element
; ... };
mapped { address_match_element
; ... };
recursive-only boolean
;
suffix ipv6_address
;
};
dns64-contact string
;
dns64-server string
;
dnskey-sig-validity integer
;
dnsrps-enable boolean
;
dnsrps-options { unspecified-text
};
dnssec-accept-expired boolean
;
dnssec-dnskey-kskonly boolean
;
dnssec-enable boolean
;
dnssec-loadkeys-interval integer
;
dnssec-lookaside ( string
trust-anchor
string
| auto | no );
dnssec-must-be-secure string
boolean
;
dnssec-secure-to-insecure boolean
;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
... };
dnstap-identity ( quoted_string
| none |
hostname );
dnstap-output ( file | unix ) quoted_string
[
size ( unlimited | size
) ] [ versions (
unlimited | integer
) ] [ suffix ( increment
| timestamp ) ];
dnstap-version ( quoted_string
| none );
dscp integer
;
dual-stack-servers [ port integer
] { ( quoted_string
[ port
integer
] [ dscp integer
] | ipv4_address
[ port
integer
] [ dscp integer
] | ipv6_address
[ port
integer
] [ dscp integer
] ); ... };
dump-file quoted_string
;
edns-udp-size integer
;
empty-contact string
;
empty-server string
;
empty-zones-enable boolean
;
fetch-quota-params integer
fixedpoint
fixedpoint
fixedpoint
;
fetches-per-server integer
[ ( drop | fail ) ];
fetches-per-zone integer
[ ( drop | fail ) ];
files ( default | unlimited | sizeval
);
flush-zones-on-shutdown boolean
;
forward ( first | only );
forwarders [ port integer
] [ dscp integer
] { ( ipv4_address
| ipv6_address
) [ port integer
] [ dscp integer
]; ... };
fstrm-set-buffer-hint integer
;
fstrm-set-flush-timeout integer
;
fstrm-set-input-queue-size integer
;
fstrm-set-output-notify-threshold integer
;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size integer
;
fstrm-set-reopen-interval ttlval
;
geoip-directory ( quoted_string
| none );
glue-cache boolean
;
heartbeat-interval integer
;
hostname ( quoted_string
| none );
inline-signing boolean
;
interface-interval ttlval
;
ixfr-from-differences ( primary | master | secondary | slave |
boolean
);
keep-response-order { address_match_element
; ... };
key-directory quoted_string
;
lame-ttl ttlval
;
listen-on [ port integer
] [ dscp
integer
] {
address_match_element
; ... };
listen-on-v6 [ port integer
] [ dscp
integer
] {
address_match_element
; ... };
lmdb-mapsize sizeval
;
lock-file ( quoted_string
| none );
managed-keys-directory quoted_string
;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses boolean
;
max-cache-size ( default | unlimited | sizeval
| percentage
);
max-cache-ttl ttlval
;
max-clients-per-query integer
;
max-journal-size ( default | unlimited | sizeval
);
max-ncache-ttl ttlval
;
max-records integer
;
max-recursion-depth integer
;
max-recursion-queries integer
;
max-refresh-time integer
;
max-retry-time integer
;
max-rsa-exponent-size integer
;
max-stale-ttl ttlval
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-udp-size integer
;
max-zone-ttl ( unlimited | ttlval
);
memstatistics boolean
;
memstatistics-file quoted_string
;
message-compression boolean
;
min-cache-ttl ttlval
;
min-ncache-ttl ttlval
;
min-refresh-time integer
;
min-retry-time integer
;
minimal-any boolean
;
minimal-responses ( no-auth | no-auth-recursive | boolean
);
multi-master boolean
;
new-zones-directory quoted_string
;
no-case-compress { address_match_element
; ... };
nocookie-udp-size integer
;
notify ( explicit | master-only | boolean
);
notify-delay integer
;
notify-rate integer
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ]
[ dscp integer
];
notify-to-soa boolean
;
nta-lifetime ttlval
;
nta-recheck ttlval
;
nxdomain-redirect string
;
pid-file ( quoted_string
| none );
port integer
;
preferred-glue string
;
prefetch integer
[ integer
];
provide-ixfr boolean
;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( ipv4_address
| * ) [ port (
integer
| * ) ] ) | ( [ [ address ] ( ipv4_address
| * ) ]
port ( integer
| * ) ) ) [ dscp integer
];
query-source-v6 ( ( [ address ] ( ipv6_address
| * ) [ port (
integer
| * ) ] ) | ( [ [ address ] ( ipv6_address
| * ) ]
port ( integer
| * ) ) ) [ dscp integer
];
querylog boolean
;
random-device ( quoted_string
| none );
rate-limit {
all-per-second integer
;
errors-per-second integer
;
exempt-clients { address_match_element
; ... };
ipv4-prefix-length integer
;
ipv6-prefix-length integer
;
log-only boolean
;
max-table-size integer
;
min-table-size integer
;
nodata-per-second integer
;
nxdomains-per-second integer
;
qps-scale integer
;
referrals-per-second integer
;
responses-per-second integer
;
slip integer
;
window integer
;
};
recursing-file quoted_string
;
recursion boolean
;
recursive-clients integer
;
request-expire boolean
;
request-ixfr boolean
;
request-nsid boolean
;
require-server-cookie boolean
;
reserved-sockets integer
;
resolver-nonbackoff-tries integer
;
resolver-query-timeout integer
;
resolver-retry-interval integer
;
response-padding { address_match_element
; ... } block-size
integer
;
response-policy { zone string
[ add-soa boolean
] [ log
boolean
] [ max-policy-ttl ttlval
] [ min-update-interval
ttlval
] [ policy ( cname | disabled | drop | given | no-op |
nodata | nxdomain | passthru | tcp-only quoted_string
) ] [
recursive-only boolean
] [ nsip-enable boolean
] [
nsdname-enable boolean
]; ... } [ add-soa boolean
] [
break-dnssec boolean
] [ max-policy-ttl ttlval
] [
min-update-interval ttlval
] [ min-ns-dots integer
] [
nsip-wait-recurse boolean
] [ qname-wait-recurse boolean
]
[ recursive-only boolean
] [ nsip-enable boolean
] [
nsdname-enable boolean
] [ dnsrps-enable boolean
] [
dnsrps-options { unspecified-text
} ];
root-delegation-only [ exclude { string
; ... } ];
root-key-sentinel boolean
;
rrset-order { [ class string
] [ type string
] [ name
quoted_string
] string
string
; ... };
secroots-file quoted_string
;
send-cookie boolean
;
serial-query-rate integer
;
serial-update-method ( date | increment | unixtime );
server-id ( quoted_string
| none | hostname );
servfail-ttl ttlval
;
session-keyalg string
;
session-keyfile ( quoted_string
| none );
session-keyname string
;
sig-signing-nodes integer
;
sig-signing-signatures integer
;
sig-signing-type integer
;
sig-validity-interval integer
[ integer
];
sortlist { address_match_element
; ... };
stacksize ( default | unlimited | sizeval
);
stale-answer-enable boolean
;
stale-answer-ttl ttlval
;
startup-notify-rate integer
;
statistics-file quoted_string
;
synth-from-dnssec boolean
;
tcp-advertised-timeout integer
;
tcp-clients integer
;
tcp-idle-timeout integer
;
tcp-initial-timeout integer
;
tcp-keepalive-timeout integer
;
tcp-listen-queue integer
;
tkey-dhkey quoted_string
integer
;
tkey-domain quoted_string
;
tkey-gssapi-credential quoted_string
;
tkey-gssapi-keytab quoted_string
;
transfer-format ( many-answers | one-answer );
transfer-message-size integer
;
transfer-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
transfers-in integer
;
transfers-out integer
;
transfers-per-ns integer
;
trust-anchor-telemetry boolean
; // experimental
try-tcp-refresh boolean
;
update-check-ksk boolean
;
use-alt-transfer-source boolean
;
use-v4-udp-ports { portrange
; ... };
use-v6-udp-ports { portrange
; ... };
v6-bias integer
;
validate-except { string
; ... };
version ( quoted_string
| none );
zero-no-soa-ttl boolean
;
zero-no-soa-ttl-cache boolean
;
zone-statistics ( full | terse | none | boolean
);
};
server netprefix
{
bogus boolean
;
edns boolean
;
edns-udp-size integer
;
edns-version integer
;
keys server_key
;
max-udp-size integer
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ]
[ dscp integer
];
padding integer
;
provide-ixfr boolean
;
query-source ( ( [ address ] ( ipv4_address
| * ) [ port (
integer
| * ) ] ) | ( [ [ address ] ( ipv4_address
| * ) ]
port ( integer
| * ) ) ) [ dscp integer
];
query-source-v6 ( ( [ address ] ( ipv6_address
| * ) [ port (
integer
| * ) ] ) | ( [ [ address ] ( ipv6_address
| * ) ]
port ( integer
| * ) ) ) [ dscp integer
];
request-expire boolean
;
request-ixfr boolean
;
request-nsid boolean
;
send-cookie boolean
;
tcp-keepalive boolean
;
tcp-only boolean
;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
transfers integer
;
};
statistics-channels {
inet ( ipv4_address
| ipv6_address
|
* ) [ port ( integer
| * ) ] [
allow { address_match_element
; ...
} ];
};
view string
[ class
] {
allow-new-zones boolean
;
allow-notify { address_match_element
; ... };
allow-query { address_match_element
; ... };
allow-query-cache { address_match_element
; ... };
allow-query-cache-on { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-recursion { address_match_element
; ... };
allow-recursion-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
also-notify [ port integer
] [ dscp integer
] { ( masters
|
ipv4_address
[ port integer
] | ipv6_address
[ port
integer
] ) [ key string
]; ... };
alt-transfer-source ( ipv4_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
alt-transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
|
* ) ] [ dscp integer
];
attach-cache string
;
auth-nxdomain boolean
; // default changed
auto-dnssec ( allow | maintain | off );
cache-file quoted_string
;
catalog-zones { zone string
[ default-masters [ port integer
]
[ dscp integer
] { ( masters
| ipv4_address
[ port
integer
] | ipv6_address
[ port integer
] ) [ key
string
]; ... } ] [ zone-directory quoted_string
] [
in-memory boolean
] [ min-update-interval ttlval
]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean
;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling boolean
;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean
;
cleaning-interval integer
;
clients-per-query integer
;
deny-answer-addresses { address_match_element
; ... } [
except-from { string
; ... } ];
deny-answer-aliases { string
; ... } [ except-from { string
; ...
} ];
dialup ( notify | notify-passive | passive | refresh | boolean
);
disable-algorithms string
{ string
;
... };
disable-ds-digests string
{ string
;
... };
disable-empty-zone string
;
dlz string
{
database string
;
search boolean
;
};
dns64 netprefix
{
break-dnssec boolean
;
clients { address_match_element
; ... };
exclude { address_match_element
; ... };
mapped { address_match_element
; ... };
recursive-only boolean
;
suffix ipv6_address
;
};
dns64-contact string
;
dns64-server string
;
dnskey-sig-validity integer
;
dnsrps-enable boolean
;
dnsrps-options { unspecified-text
};
dnssec-accept-expired boolean
;
dnssec-dnskey-kskonly boolean
;
dnssec-enable boolean
;
dnssec-loadkeys-interval integer
;
dnssec-lookaside ( string
trust-anchor
string
| auto | no );
dnssec-must-be-secure string
boolean
;
dnssec-secure-to-insecure boolean
;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
... };
dual-stack-servers [ port integer
] { ( quoted_string
[ port
integer
] [ dscp integer
] | ipv4_address
[ port
integer
] [ dscp integer
] | ipv6_address
[ port
integer
] [ dscp integer
] ); ... };
dyndb string
quoted_string
{
unspecified-text
};
edns-udp-size integer
;
empty-contact string
;
empty-server string
;
empty-zones-enable boolean
;
fetch-quota-params integer
fixedpoint
fixedpoint
fixedpoint
;
fetches-per-server integer
[ ( drop | fail ) ];
fetches-per-zone integer
[ ( drop | fail ) ];
forward ( first | only );
forwarders [ port integer
] [ dscp integer
] { ( ipv4_address
| ipv6_address
) [ port integer
] [ dscp integer
]; ... };
glue-cache boolean
;
inline-signing boolean
;
ixfr-from-differences ( primary | master | secondary | slave |
boolean
);
key string
{
algorithm string
;
secret string
;
};
key-directory quoted_string
;
lame-ttl ttlval
;
lmdb-mapsize sizeval
;
managed-keys { string
string
integer
integer
integer
quoted_string
; ... };
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-clients { address_match_element
; ... };
match-destinations { address_match_element
; ... };
match-recursive-only boolean
;
max-cache-size ( default | unlimited | sizeval
| percentage
);
max-cache-ttl ttlval
;
max-clients-per-query integer
;
max-journal-size ( default | unlimited | sizeval
);
max-ncache-ttl ttlval
;
max-records integer
;
max-recursion-depth integer
;
max-recursion-queries integer
;
max-refresh-time integer
;
max-retry-time integer
;
max-stale-ttl ttlval
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-udp-size integer
;
max-zone-ttl ( unlimited | ttlval
);
message-compression boolean
;
min-cache-ttl ttlval
;
min-ncache-ttl ttlval
;
min-refresh-time integer
;
min-retry-time integer
;
minimal-any boolean
;
minimal-responses ( no-auth | no-auth-recursive | boolean
);
multi-master boolean
;
new-zones-directory quoted_string
;
no-case-compress { address_match_element
; ... };
nocookie-udp-size integer
;
notify ( explicit | master-only | boolean
);
notify-delay integer
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ]
[ dscp integer
];
notify-to-soa boolean
;
nta-lifetime ttlval
;
nta-recheck ttlval
;
nxdomain-redirect string
;
plugin ( query ) string
[ {
unspecified-text
} ];
preferred-glue string
;
prefetch integer
[ integer
];
provide-ixfr boolean
;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( ipv4_address
| * ) [ port (
integer
| * ) ] ) | ( [ [ address ] ( ipv4_address
| * ) ]
port ( integer
| * ) ) ) [ dscp integer
];
query-source-v6 ( ( [ address ] ( ipv6_address
| * ) [ port (
integer
| * ) ] ) | ( [ [ address ] ( ipv6_address
| * ) ]
port ( integer
| * ) ) ) [ dscp integer
];
rate-limit {
all-per-second integer
;
errors-per-second integer
;
exempt-clients { address_match_element
; ... };
ipv4-prefix-length integer
;
ipv6-prefix-length integer
;
log-only boolean
;
max-table-size integer
;
min-table-size integer
;
nodata-per-second integer
;
nxdomains-per-second integer
;
qps-scale integer
;
referrals-per-second integer
;
responses-per-second integer
;
slip integer
;
window integer
;
};
recursion boolean
;
request-expire boolean
;
request-ixfr boolean
;
request-nsid boolean
;
require-server-cookie boolean
;
resolver-nonbackoff-tries integer
;
resolver-query-timeout integer
;
resolver-retry-interval integer
;
response-padding { address_match_element
; ... } block-size
integer
;
response-policy { zone string
[ add-soa boolean
] [ log
boolean
] [ max-policy-ttl ttlval
] [ min-update-interval
ttlval
] [ policy ( cname | disabled | drop | given | no-op |
nodata | nxdomain | passthru | tcp-only quoted_string
) ] [
recursive-only boolean
] [ nsip-enable boolean
] [
nsdname-enable boolean
]; ... } [ add-soa boolean
] [
break-dnssec boolean
] [ max-policy-ttl ttlval
] [
min-update-interval ttlval
] [ min-ns-dots integer
] [
nsip-wait-recurse boolean
] [ qname-wait-recurse boolean
]
[ recursive-only boolean
] [ nsip-enable boolean
] [
nsdname-enable boolean
] [ dnsrps-enable boolean
] [
dnsrps-options { unspecified-text
} ];
root-delegation-only [ exclude { string
; ... } ];
root-key-sentinel boolean
;
rrset-order { [ class string
] [ type string
] [ name
quoted_string
] string
string
; ... };
send-cookie boolean
;
serial-update-method ( date | increment | unixtime );
server netprefix
{
bogus boolean
;
edns boolean
;
edns-udp-size integer
;
edns-version integer
;
keys server_key
;
max-udp-size integer
;
notify-source ( ipv4_address
| * ) [ port ( integer
| *
) ] [ dscp integer
];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ] [ dscp integer
];
padding integer
;
provide-ixfr boolean
;
query-source ( ( [ address ] ( ipv4_address
| * ) [ port
( integer
| * ) ] ) | ( [ [ address ] (
ipv4_address
| * ) ] port ( integer
| * ) ) ) [
dscp integer
];
query-source-v6 ( ( [ address ] ( ipv6_address
| * ) [
port ( integer
| * ) ] ) | ( [ [ address ] (
ipv6_address
| * ) ] port ( integer
| * ) ) ) [
dscp integer
];
request-expire boolean
;
request-ixfr boolean
;
request-nsid boolean
;
send-cookie boolean
;
tcp-keepalive boolean
;
tcp-only boolean
;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address
| * ) [ port ( integer
|
* ) ] [ dscp integer
];
transfer-source-v6 ( ipv6_address
| * ) [ port (
integer
| * ) ] [ dscp integer
];
transfers integer
;
};
servfail-ttl ttlval
;
sig-signing-nodes integer
;
sig-signing-signatures integer
;
sig-signing-type integer
;
sig-validity-interval integer
[ integer
];
sortlist { address_match_element
; ... };
stale-answer-enable boolean
;
stale-answer-ttl ttlval
;
synth-from-dnssec boolean
;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
trust-anchor-telemetry boolean
; // experimental
trusted-keys { string
integer
integer
integer
quoted_string
;
... };
try-tcp-refresh boolean
;
update-check-ksk boolean
;
use-alt-transfer-source boolean
;
v6-bias integer
;
validate-except { string
; ... };
zero-no-soa-ttl boolean
;
zero-no-soa-ttl-cache boolean
;
zone string
[ class
] {
allow-notify { address_match_element
; ... };
allow-query { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
also-notify [ port integer
] [ dscp integer
] { (
masters
| ipv4_address
[ port integer
] |
ipv6_address
[ port integer
] ) [ key string
];
... };
alt-transfer-source ( ipv4_address
| * ) [ port (
integer
| * ) ] [ dscp integer
];
alt-transfer-source-v6 ( ipv6_address
| * ) [ port (
integer
| * ) ] [ dscp integer
];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity boolean
;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling boolean
;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean
;
database string
;
delegation-only boolean
;
dialup ( notify | notify-passive | passive | refresh |
boolean
);
dlz string
;
dnskey-sig-validity integer
;
dnssec-dnskey-kskonly boolean
;
dnssec-loadkeys-interval integer
;
dnssec-secure-to-insecure boolean
;
dnssec-update-mode ( maintain | no-resign );
file quoted_string
;
forward ( first | only );
forwarders [ port integer
] [ dscp integer
] { (
ipv4_address
| ipv6_address
) [ port integer
] [
dscp integer
]; ... };
in-view string
;
inline-signing boolean
;
ixfr-from-differences boolean
;
journal quoted_string
;
key-directory quoted_string
;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port integer
] [ dscp integer
] { ( masters
| ipv4_address
[ port integer
] | ipv6_address
[
port integer
] ) [ key string
]; ... };
max-ixfr-log-size ( default | unlimited |
max-journal-size ( default | unlimited | sizeval
);
max-records integer
;
max-refresh-time integer
;
max-retry-time integer
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-zone-ttl ( unlimited | ttlval
);
min-refresh-time integer
;
min-retry-time integer
;
multi-master boolean
;
notify ( explicit | master-only | boolean
);
notify-delay integer
;
notify-source ( ipv4_address
| * ) [ port ( integer
| *
) ] [ dscp integer
];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ] [ dscp integer
];
notify-to-soa boolean
;
pubkey integer
integer
integer
request-expire boolean
;
request-ixfr boolean
;
serial-update-method ( date | increment | unixtime );
server-addresses { ( ipv4_address
| ipv6_address
); ... };
server-names { string
; ... };
sig-signing-nodes integer
;
sig-signing-signatures integer
;
sig-signing-type integer
;
sig-validity-interval integer
[ integer
];
transfer-source ( ipv4_address
| * ) [ port ( integer
|
* ) ] [ dscp integer
];
transfer-source-v6 ( ipv6_address
| * ) [ port (
integer
| * ) ] [ dscp integer
];
try-tcp-refresh boolean
;
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk boolean
;
update-policy ( local | { ( deny | grant ) string
(
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ string
] rrtypelist
; ... };
use-alt-transfer-source boolean
;
zero-no-soa-ttl boolean
;
zone-statistics ( full | terse | none | boolean
);
};
zone-statistics ( full | terse | none | boolean
);
};
zone string
[ class
] {
allow-notify { address_match_element
; ... };
allow-query { address_match_element
; ... };
allow-query-on { address_match_element
; ... };
allow-transfer { address_match_element
; ... };
allow-update { address_match_element
; ... };
allow-update-forwarding { address_match_element
; ... };
also-notify [ port integer
] [ dscp integer
] { ( masters
|
ipv4_address
[ port integer
] | ipv6_address
[ port
integer
] ) [ key string
]; ... };
alt-transfer-source ( ipv4_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
alt-transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
|
* ) ] [ dscp integer
];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity boolean
;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling boolean
;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean
;
database string
;
delegation-only boolean
;
dialup ( notify | notify-passive | passive | refresh | boolean
);
dlz string
;
dnskey-sig-validity integer
;
dnssec-dnskey-kskonly boolean
;
dnssec-loadkeys-interval integer
;
dnssec-secure-to-insecure boolean
;
dnssec-update-mode ( maintain | no-resign );
file quoted_string
;
forward ( first | only );
forwarders [ port integer
] [ dscp integer
] { ( ipv4_address
| ipv6_address
) [ port integer
] [ dscp integer
]; ... };
in-view string
;
inline-signing boolean
;
ixfr-from-differences boolean
;
journal quoted_string
;
key-directory quoted_string
;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port integer
] [ dscp integer
] { ( masters
|
ipv4_address
[ port integer
] | ipv6_address
[ port
integer
] ) [ key string
]; ... };
max-journal-size ( default | unlimited | sizeval
);
max-records integer
;
max-refresh-time integer
;
max-retry-time integer
;
max-transfer-idle-in integer
;
max-transfer-idle-out integer
;
max-transfer-time-in integer
;
max-transfer-time-out integer
;
max-zone-ttl ( unlimited | ttlval
);
min-refresh-time integer
;
min-retry-time integer
;
multi-master boolean
;
notify ( explicit | master-only | boolean
);
notify-delay integer
;
notify-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
notify-source-v6 ( ipv6_address
| * ) [ port ( integer
| * ) ]
[ dscp integer
];
notify-to-soa boolean
;
request-expire boolean
;
request-ixfr boolean
;
serial-update-method ( date | increment | unixtime );
server-addresses { ( ipv4_address
| ipv6_address
); ... };
server-names { string
; ... };
sig-signing-nodes integer
;
sig-signing-signatures integer
;
sig-signing-type integer
;
sig-validity-interval integer
[ integer
];
transfer-source ( ipv4_address
| * ) [ port ( integer
| * ) ] [
dscp integer
];
transfer-source-v6 ( ipv6_address
| * ) [ port ( integer
| * )
] [ dscp integer
];
try-tcp-refresh boolean
;
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk boolean
;
update-policy ( local | { ( deny | grant ) string
( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ string
]
rrtypelist
; ... };
use-alt-transfer-source boolean
;
zero-no-soa-ttl boolean
;
zone-statistics ( full | terse | none | boolean
);
};