2 This is a summary of the named.conf options supported by
3 this version of BIND 9.
5 acl <string> { <address_match_element>; ... };
8 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
9 ) ] allow { <address_match_element>; ... } [ keys { <string>;
11 unix <quoted_string> perm <integer> owner <integer> group <integer>
12 [ keys { <string>; ... } ];
25 category <string> { <string>; ... };
27 file <quoted_string> [ versions ( "unlimited" | <integer> )
30 print-category <boolean>;
31 print-severity <boolean>;
33 severity <log_severity>;
35 syslog <optional_facility>;
40 listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
41 [ port <integer> ]; ... };
43 search { <string>; ... };
44 view <string> <optional_class>;
47 managed-keys { <string> <string> <integer> <integer> <integer>
48 <quoted_string>; ... };
50 masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
51 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
54 acache-cleaning-interval <integer>;
55 acache-enable <boolean>;
56 additional-from-auth <boolean>;
57 additional-from-cache <boolean>;
58 allow-new-zones <boolean>;
59 allow-notify { <address_match_element>; ... };
60 allow-query { <address_match_element>; ... };
61 allow-query-cache { <address_match_element>; ... };
62 allow-query-cache-on { <address_match_element>; ... };
63 allow-query-on { <address_match_element>; ... };
64 allow-recursion { <address_match_element>; ... };
65 allow-recursion-on { <address_match_element>; ... };
66 allow-transfer { <address_match_element>; ... };
67 allow-update { <address_match_element>; ... };
68 allow-update-forwarding { <address_match_element>; ... };
69 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
70 also-notify [ port <integer> ] { ( <masters> | <ipv4_address> [
71 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
73 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
74 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
76 attach-cache <string>;
77 auth-nxdomain <boolean>; // default changed
78 auto-dnssec ( allow | maintain | off );
79 avoid-v4-udp-ports { <portrange>; ... };
80 avoid-v6-udp-ports { <portrange>; ... };
81 bindkeys-file <quoted_string>;
82 blackhole { <address_match_element>; ... };
83 cache-file <quoted_string>;
84 check-dup-records ( fail | warn | ignore );
85 check-integrity <boolean>;
86 check-mx ( fail | warn | ignore );
87 check-mx-cname ( fail | warn | ignore );
88 check-names ( master | slave | response ) ( fail | warn | ignore );
89 check-sibling <boolean>;
90 check-spf ( warn | ignore );
91 check-srv-cname ( fail | warn | ignore );
92 check-wildcard <boolean>;
93 cleaning-interval <integer>;
94 clients-per-query <integer>;
97 deallocate-on-exit <boolean>; // obsolete
98 deny-answer-addresses { <address_match_element>; ... } [
99 except-from { <quoted_string>; ... } ];
100 deny-answer-aliases { <quoted_string>; ... } [ except-from {
101 <quoted_string>; ... } ];
103 directory <quoted_string>;
104 disable-algorithms <string> { <string>; ... };
105 disable-empty-zone <string>;
107 break-dnssec <boolean>;
108 clients { <address_match_element>; ... };
109 exclude { <address_match_element>; ... };
110 mapped { <address_match_element>; ... };
111 recursive-only <boolean>;
112 suffix <ipv6_address>;
114 dns64-contact <string>;
115 dns64-server <string>;
116 dnssec-accept-expired <boolean>;
117 dnssec-dnskey-kskonly <boolean>;
118 dnssec-enable <boolean>;
119 dnssec-loadkeys-interval <integer>;
120 dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
121 dnssec-must-be-secure <string> <boolean>;
122 dnssec-secure-to-insecure <boolean>;
123 dnssec-update-mode ( maintain | no-resign );
124 dnssec-validation ( yes | no | auto );
125 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
126 <integer> ] | <ipv4_address> [ port <integer> ] |
127 <ipv6_address> [ port <integer> ] ); ... };
128 dump-file <quoted_string>;
129 edns-udp-size <integer>;
130 empty-contact <string>;
131 empty-server <string>;
132 empty-zones-enable <boolean>;
133 fake-iquery <boolean>; // obsolete
134 fetch-glue <boolean>; // obsolete
136 filter-aaaa { <address_match_element>; ... }; // not configured
137 filter-aaaa-on-v4 <v4_aaaa>; // not configured
138 flush-zones-on-shutdown <boolean>;
139 forward ( first | only );
140 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
141 [ port <integer> ]; ... };
142 has-old-clients <boolean>; // obsolete
143 heartbeat-interval <integer>;
144 host-statistics <boolean>; // not implemented
145 host-statistics-max <integer>; // not implemented
146 hostname ( <quoted_string> | none );
147 inline-signing <boolean>;
148 interface-interval <integer>;
149 ixfr-from-differences <ixfrdiff>;
150 key-directory <quoted_string>;
152 listen-on [ port <integer> ] { <address_match_element>; ... };
153 listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
154 maintain-ixfr-base <boolean>; // obsolete
155 managed-keys-directory <quoted_string>;
156 masterfile-format ( text | raw );
157 match-mapped-addresses <boolean>;
158 max-acache-size <size_no_default>;
159 max-cache-size <size_no_default>;
160 max-cache-ttl <integer>;
161 max-clients-per-query <integer>;
162 max-ixfr-log-size <size>; // obsolete
163 max-journal-size <size_no_default>;
164 max-ncache-ttl <integer>;
165 max-refresh-time <integer>;
166 max-retry-time <integer>;
167 max-rsa-exponent-size <integer>;
168 max-transfer-idle-in <integer>;
169 max-transfer-idle-out <integer>;
170 max-transfer-time-in <integer>;
171 max-transfer-time-out <integer>;
172 max-udp-size <integer>;
173 memstatistics <boolean>;
174 memstatistics-file <quoted_string>;
175 min-refresh-time <integer>;
176 min-retry-time <integer>;
177 min-roots <integer>; // not implemented
178 minimal-responses <boolean>;
179 multi-master <boolean>;
180 multiple-cnames <boolean>; // obsolete
181 named-xfer <quoted_string>; // obsolete
183 notify-delay <integer>;
184 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
185 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
186 notify-to-soa <boolean>;
187 nsec3-test-zone <boolean>; // test only
188 pid-file ( <quoted_string> | none );
190 preferred-glue <string>;
191 provide-ixfr <boolean>;
192 query-source <querysource4>;
193 query-source-v6 <querysource6>;
195 queryport-pool-ports <integer>; // obsolete
196 queryport-pool-updateinterval <integer>; // obsolete
197 random-device <quoted_string>;
198 recursing-file <quoted_string>;
200 recursive-clients <integer>;
201 request-ixfr <boolean>;
202 request-nsid <boolean>;
203 reserved-sockets <integer>;
204 resolver-query-timeout <integer>;
205 response-policy { zone <quoted_string> [ policy ( given | disabled
206 | passthru | no-op | nxdomain | nodata | cname <quoted_string>
207 ) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
208 ... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
209 max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
210 rfc2308-type1 <boolean>; // not yet implemented
211 root-delegation-only [ exclude { <quoted_string>; ... } ];
212 rrset-order { [ class <string> ] [ type <string> ] [ name
213 <quoted_string> ] <string> <string>; ... };
214 secroots-file <quoted_string>;
215 serial-queries <integer>; // obsolete
216 serial-query-rate <integer>;
217 serial-update-method ( increment | unixtime );
218 server-id ( <quoted_string> | none | hostname );
219 session-keyalg <string>;
220 session-keyfile ( <quoted_string> | none );
221 session-keyname <string>;
222 sig-signing-nodes <integer>;
223 sig-signing-signatures <integer>;
224 sig-signing-type <integer>;
225 sig-validity-interval <integer> [ <integer> ];
226 sortlist { <address_match_element>; ... };
228 statistics-file <quoted_string>;
229 statistics-interval <integer>; // not yet implemented
230 suppress-initial-notify <boolean>; // not yet implemented
231 tcp-clients <integer>;
232 tcp-listen-queue <integer>;
233 tkey-dhkey <quoted_string> <integer>;
234 tkey-domain <quoted_string>;
235 tkey-gssapi-credential <quoted_string>;
236 tkey-gssapi-keytab <quoted_string>;
237 topology { <address_match_element>; ... }; // not implemented
238 transfer-format ( many-answers | one-answer );
239 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
240 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
241 transfers-in <integer>;
242 transfers-out <integer>;
243 transfers-per-ns <integer>;
244 treat-cr-as-space <boolean>; // obsolete
245 try-tcp-refresh <boolean>;
246 update-check-ksk <boolean>;
247 use-alt-transfer-source <boolean>;
248 use-id-pool <boolean>; // obsolete
250 use-queryport-pool <boolean>; // obsolete
251 use-v4-udp-ports { <portrange>; ... };
252 use-v6-udp-ports { <portrange>; ... };
253 version ( <quoted_string> | none );
254 zero-no-soa-ttl <boolean>;
255 zero-no-soa-ttl-cache <boolean>;
256 zone-statistics <zonestat>;
262 edns-udp-size <integer>;
264 max-udp-size <integer>;
265 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
266 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
267 provide-ixfr <boolean>;
268 query-source <querysource4>;
269 query-source-v6 <querysource6>;
270 request-ixfr <boolean>;
271 support-ixfr <boolean>; // obsolete
272 transfer-format ( many-answers | one-answer );
273 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
274 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
278 statistics-channels {
279 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
280 ) ] [ allow { <address_match_element>; ... } ];
283 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
285 view <string> <optional_class> {
286 acache-cleaning-interval <integer>;
287 acache-enable <boolean>;
288 additional-from-auth <boolean>;
289 additional-from-cache <boolean>;
290 allow-new-zones <boolean>;
291 allow-notify { <address_match_element>; ... };
292 allow-query { <address_match_element>; ... };
293 allow-query-cache { <address_match_element>; ... };
294 allow-query-cache-on { <address_match_element>; ... };
295 allow-query-on { <address_match_element>; ... };
296 allow-recursion { <address_match_element>; ... };
297 allow-recursion-on { <address_match_element>; ... };
298 allow-transfer { <address_match_element>; ... };
299 allow-update { <address_match_element>; ... };
300 allow-update-forwarding { <address_match_element>; ... };
301 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
302 also-notify [ port <integer> ] { ( <masters> | <ipv4_address> [
303 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
305 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
306 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
308 attach-cache <string>;
309 auth-nxdomain <boolean>; // default changed
310 auto-dnssec ( allow | maintain | off );
311 cache-file <quoted_string>;
312 check-dup-records ( fail | warn | ignore );
313 check-integrity <boolean>;
314 check-mx ( fail | warn | ignore );
315 check-mx-cname ( fail | warn | ignore );
316 check-names ( master | slave | response ) ( fail | warn | ignore );
317 check-sibling <boolean>;
318 check-spf ( warn | ignore );
319 check-srv-cname ( fail | warn | ignore );
320 check-wildcard <boolean>;
321 cleaning-interval <integer>;
322 clients-per-query <integer>;
324 deny-answer-addresses { <address_match_element>; ... } [
325 except-from { <quoted_string>; ... } ];
326 deny-answer-aliases { <quoted_string>; ... } [ except-from {
327 <quoted_string>; ... } ];
329 disable-algorithms <string> { <string>; ... };
330 disable-empty-zone <string>;
335 break-dnssec <boolean>;
336 clients { <address_match_element>; ... };
337 exclude { <address_match_element>; ... };
338 mapped { <address_match_element>; ... };
339 recursive-only <boolean>;
340 suffix <ipv6_address>;
342 dns64-contact <string>;
343 dns64-server <string>;
344 dnssec-accept-expired <boolean>;
345 dnssec-dnskey-kskonly <boolean>;
346 dnssec-enable <boolean>;
347 dnssec-loadkeys-interval <integer>;
348 dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
349 dnssec-must-be-secure <string> <boolean>;
350 dnssec-secure-to-insecure <boolean>;
351 dnssec-update-mode ( maintain | no-resign );
352 dnssec-validation ( yes | no | auto );
353 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
354 <integer> ] | <ipv4_address> [ port <integer> ] |
355 <ipv6_address> [ port <integer> ] ); ... };
356 edns-udp-size <integer>;
357 empty-contact <string>;
358 empty-server <string>;
359 empty-zones-enable <boolean>;
360 fetch-glue <boolean>; // obsolete
361 filter-aaaa { <address_match_element>; ... }; // not configured
362 filter-aaaa-on-v4 <v4_aaaa>; // not configured
363 forward ( first | only );
364 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
365 [ port <integer> ]; ... };
366 inline-signing <boolean>;
367 ixfr-from-differences <ixfrdiff>;
372 key-directory <quoted_string>;
374 maintain-ixfr-base <boolean>; // obsolete
375 managed-keys { <string> <string> <integer> <integer> <integer>
376 <quoted_string>; ... };
377 masterfile-format ( text | raw );
378 match-clients { <address_match_element>; ... };
379 match-destinations { <address_match_element>; ... };
380 match-recursive-only <boolean>;
381 max-acache-size <size_no_default>;
382 max-cache-size <size_no_default>;
383 max-cache-ttl <integer>;
384 max-clients-per-query <integer>;
385 max-ixfr-log-size <size>; // obsolete
386 max-journal-size <size_no_default>;
387 max-ncache-ttl <integer>;
388 max-refresh-time <integer>;
389 max-retry-time <integer>;
390 max-transfer-idle-in <integer>;
391 max-transfer-idle-out <integer>;
392 max-transfer-time-in <integer>;
393 max-transfer-time-out <integer>;
394 max-udp-size <integer>;
395 min-refresh-time <integer>;
396 min-retry-time <integer>;
397 min-roots <integer>; // not implemented
398 minimal-responses <boolean>;
399 multi-master <boolean>;
401 notify-delay <integer>;
402 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
403 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
404 notify-to-soa <boolean>;
405 nsec3-test-zone <boolean>; // test only
406 preferred-glue <string>;
407 provide-ixfr <boolean>;
408 query-source <querysource4>;
409 query-source-v6 <querysource6>;
410 queryport-pool-ports <integer>; // obsolete
411 queryport-pool-updateinterval <integer>; // obsolete
413 request-ixfr <boolean>;
414 request-nsid <boolean>;
415 resolver-query-timeout <integer>;
416 response-policy { zone <quoted_string> [ policy ( given | disabled
417 | passthru | no-op | nxdomain | nodata | cname <quoted_string>
418 ) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
419 ... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
420 max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
421 rfc2308-type1 <boolean>; // not yet implemented
422 root-delegation-only [ exclude { <quoted_string>; ... } ];
423 rrset-order { [ class <string> ] [ type <string> ] [ name
424 <quoted_string> ] <string> <string>; ... };
425 serial-update-method ( increment | unixtime );
429 edns-udp-size <integer>;
431 max-udp-size <integer>;
432 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
434 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
436 provide-ixfr <boolean>;
437 query-source <querysource4>;
438 query-source-v6 <querysource6>;
439 request-ixfr <boolean>;
440 support-ixfr <boolean>; // obsolete
441 transfer-format ( many-answers | one-answer );
442 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
444 transfer-source-v6 ( <ipv6_address> | * ) [ port (
448 sig-signing-nodes <integer>;
449 sig-signing-signatures <integer>;
450 sig-signing-type <integer>;
451 sig-validity-interval <integer> [ <integer> ];
452 sortlist { <address_match_element>; ... };
453 suppress-initial-notify <boolean>; // not yet implemented
454 topology { <address_match_element>; ... }; // not implemented
455 transfer-format ( many-answers | one-answer );
456 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
457 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
458 trusted-keys { <string> <integer> <integer> <integer>
459 <quoted_string>; ... };
460 try-tcp-refresh <boolean>;
461 update-check-ksk <boolean>;
462 use-alt-transfer-source <boolean>;
463 use-queryport-pool <boolean>; // obsolete
464 zero-no-soa-ttl <boolean>;
465 zero-no-soa-ttl-cache <boolean>;
466 zone <string> <optional_class> {
467 allow-notify { <address_match_element>; ... };
468 allow-query { <address_match_element>; ... };
469 allow-query-on { <address_match_element>; ... };
470 allow-transfer { <address_match_element>; ... };
471 allow-update { <address_match_element>; ... };
472 allow-update-forwarding { <address_match_element>; ... };
473 also-notify [ port <integer> ] { ( <masters> |
474 <ipv4_address> [ port <integer> ] | <ipv6_address> [
475 port <integer> ] ) [ key <string> ]; ... };
476 alt-transfer-source ( <ipv4_address> | * ) [ port (
478 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
480 auto-dnssec ( allow | maintain | off );
481 check-dup-records ( fail | warn | ignore );
482 check-integrity <boolean>;
483 check-mx ( fail | warn | ignore );
484 check-mx-cname ( fail | warn | ignore );
485 check-names ( fail | warn | ignore );
486 check-sibling <boolean>;
487 check-spf ( warn | ignore );
488 check-srv-cname ( fail | warn | ignore );
489 check-wildcard <boolean>;
491 delegation-only <boolean>;
493 dnssec-dnskey-kskonly <boolean>;
494 dnssec-loadkeys-interval <integer>;
495 dnssec-secure-to-insecure <boolean>;
496 dnssec-update-mode ( maintain | no-resign );
497 file <quoted_string>;
498 forward ( first | only );
499 forwarders [ port <integer> ] { ( <ipv4_address> |
500 <ipv6_address> ) [ port <integer> ]; ... };
501 inline-signing <boolean>;
502 ixfr-base <quoted_string>; // obsolete
503 ixfr-from-differences <boolean>;
504 ixfr-tmp-file <quoted_string>; // obsolete
505 journal <quoted_string>;
506 key-directory <quoted_string>;
507 maintain-ixfr-base <boolean>; // obsolete
508 masterfile-format ( text | raw );
509 masters [ port <integer> ] { ( <masters> | <ipv4_address> [
510 port <integer> ] | <ipv6_address> [ port <integer> ] )
511 [ key <string> ]; ... };
512 max-ixfr-log-size <size>; // obsolete
513 max-journal-size <size_no_default>;
514 max-refresh-time <integer>;
515 max-retry-time <integer>;
516 max-transfer-idle-in <integer>;
517 max-transfer-idle-out <integer>;
518 max-transfer-time-in <integer>;
519 max-transfer-time-out <integer>;
520 min-refresh-time <integer>;
521 min-retry-time <integer>;
522 multi-master <boolean>;
524 notify-delay <integer>;
525 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
527 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
529 notify-to-soa <boolean>;
530 nsec3-test-zone <boolean>; // test only
531 pubkey <integer> <integer> <integer>
532 <quoted_string>; // obsolete
533 request-ixfr <boolean>;
534 serial-update-method ( increment | unixtime );
535 server-addresses { ( <ipv4_address> | <ipv6_address> ) [
536 port <integer> ]; ... };
537 server-names { <quoted_string>; ... };
538 sig-signing-nodes <integer>;
539 sig-signing-signatures <integer>;
540 sig-signing-type <integer>;
541 sig-validity-interval <integer> [ <integer> ];
542 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
544 transfer-source-v6 ( <ipv6_address> | * ) [ port (
546 try-tcp-refresh <boolean>;
547 type ( master | slave | stub | static-stub | hint | forward
548 | delegation-only | redirect );
549 update-check-ksk <boolean>;
550 update-policy ( local | { ( grant | deny ) <string> ( name
551 | subdomain | wildcard | self | selfsub | selfwild |
552 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
553 tcp-self | 6to4-self | zonesub | external ) [ <string>
554 ] <rrtypelist>; ... };
555 use-alt-transfer-source <boolean>;
556 zero-no-soa-ttl <boolean>;
557 zone-statistics <zonestat>;
559 zone-statistics <zonestat>;
562 zone <string> <optional_class> {
563 allow-notify { <address_match_element>; ... };
564 allow-query { <address_match_element>; ... };
565 allow-query-on { <address_match_element>; ... };
566 allow-transfer { <address_match_element>; ... };
567 allow-update { <address_match_element>; ... };
568 allow-update-forwarding { <address_match_element>; ... };
569 also-notify [ port <integer> ] { ( <masters> | <ipv4_address> [
570 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
572 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
573 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
575 auto-dnssec ( allow | maintain | off );
576 check-dup-records ( fail | warn | ignore );
577 check-integrity <boolean>;
578 check-mx ( fail | warn | ignore );
579 check-mx-cname ( fail | warn | ignore );
580 check-names ( fail | warn | ignore );
581 check-sibling <boolean>;
582 check-spf ( warn | ignore );
583 check-srv-cname ( fail | warn | ignore );
584 check-wildcard <boolean>;
586 delegation-only <boolean>;
588 dnssec-dnskey-kskonly <boolean>;
589 dnssec-loadkeys-interval <integer>;
590 dnssec-secure-to-insecure <boolean>;
591 dnssec-update-mode ( maintain | no-resign );
592 file <quoted_string>;
593 forward ( first | only );
594 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
595 [ port <integer> ]; ... };
596 inline-signing <boolean>;
597 ixfr-base <quoted_string>; // obsolete
598 ixfr-from-differences <boolean>;
599 ixfr-tmp-file <quoted_string>; // obsolete
600 journal <quoted_string>;
601 key-directory <quoted_string>;
602 maintain-ixfr-base <boolean>; // obsolete
603 masterfile-format ( text | raw );
604 masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
605 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
607 max-ixfr-log-size <size>; // obsolete
608 max-journal-size <size_no_default>;
609 max-refresh-time <integer>;
610 max-retry-time <integer>;
611 max-transfer-idle-in <integer>;
612 max-transfer-idle-out <integer>;
613 max-transfer-time-in <integer>;
614 max-transfer-time-out <integer>;
615 min-refresh-time <integer>;
616 min-retry-time <integer>;
617 multi-master <boolean>;
619 notify-delay <integer>;
620 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
621 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
622 notify-to-soa <boolean>;
623 nsec3-test-zone <boolean>; // test only
624 pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
625 request-ixfr <boolean>;
626 serial-update-method ( increment | unixtime );
627 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
629 server-names { <quoted_string>; ... };
630 sig-signing-nodes <integer>;
631 sig-signing-signatures <integer>;
632 sig-signing-type <integer>;
633 sig-validity-interval <integer> [ <integer> ];
634 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
635 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
636 try-tcp-refresh <boolean>;
637 type ( master | slave | stub | static-stub | hint | forward |
638 delegation-only | redirect );
639 update-check-ksk <boolean>;
640 update-policy ( local | { ( grant | deny ) <string> ( name |
641 subdomain | wildcard | self | selfsub | selfwild | krb5-self |
642 ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
643 | zonesub | external ) [ <string> ] <rrtypelist>; ... };
644 use-alt-transfer-source <boolean>;
645 zero-no-soa-ttl <boolean>;
646 zone-statistics <zonestat>;