2 This is a summary of the named.conf options supported by
3 this version of BIND 9.
5 acl <string> { <address_match_element>; ... };
8 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
9 ) ] allow { <address_match_element>; ... } [ keys { <string>;
11 unix <quoted_string> perm <integer> owner <integer> group <integer>
12 [ keys { <string>; ... } ];
25 category <string> { <string>; ... };
27 file <quoted_string> [ versions ( "unlimited" | <integer> )
30 print-category <boolean>;
31 print-severity <boolean>;
33 severity <log_severity>;
35 syslog <optional_facility>;
40 listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
41 [ port <integer> ]; ... };
43 search { <string>; ... };
44 view <string> <optional_class>;
47 managed-keys { <string> <string> <integer> <integer> <integer>
48 <quoted_string>; ... };
50 masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
51 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
54 acache-cleaning-interval <integer>;
55 acache-enable <boolean>;
56 additional-from-auth <boolean>;
57 additional-from-cache <boolean>;
58 allow-new-zones <boolean>;
59 allow-notify { <address_match_element>; ... };
60 allow-query { <address_match_element>; ... };
61 allow-query-cache { <address_match_element>; ... };
62 allow-query-cache-on { <address_match_element>; ... };
63 allow-query-on { <address_match_element>; ... };
64 allow-recursion { <address_match_element>; ... };
65 allow-recursion-on { <address_match_element>; ... };
66 allow-transfer { <address_match_element>; ... };
67 allow-update { <address_match_element>; ... };
68 allow-update-forwarding { <address_match_element>; ... };
69 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
70 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
71 ) [ port <integer> ]; ... };
72 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
73 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
75 attach-cache <string>;
76 auth-nxdomain <boolean>; // default changed
77 auto-dnssec ( allow | maintain | off );
78 avoid-v4-udp-ports { <portrange>; ... };
79 avoid-v6-udp-ports { <portrange>; ... };
80 bindkeys-file <quoted_string>;
81 blackhole { <address_match_element>; ... };
82 cache-file <quoted_string>;
83 check-dup-records ( fail | warn | ignore );
84 check-integrity <boolean>;
85 check-mx ( fail | warn | ignore );
86 check-mx-cname ( fail | warn | ignore );
87 check-names ( master | slave | response ) ( fail | warn | ignore );
88 check-sibling <boolean>;
89 check-spf ( warn | ignore );
90 check-srv-cname ( fail | warn | ignore );
91 check-wildcard <boolean>;
92 cleaning-interval <integer>;
93 clients-per-query <integer>;
96 deallocate-on-exit <boolean>; // obsolete
97 deny-answer-addresses { <address_match_element>; ... } [
98 except-from { <quoted_string>; ... } ];
99 deny-answer-aliases { <quoted_string>; ... } [ except-from {
100 <quoted_string>; ... } ];
102 directory <quoted_string>;
103 disable-algorithms <string> { <string>; ... };
104 disable-empty-zone <string>;
106 break-dnssec <boolean>;
107 clients { <address_match_element>; ... };
108 exclude { <address_match_element>; ... };
109 mapped { <address_match_element>; ... };
110 recursive-only <boolean>;
111 suffix <ipv6_address>;
113 dns64-contact <string>;
114 dns64-server <string>;
115 dnssec-accept-expired <boolean>;
116 dnssec-dnskey-kskonly <boolean>;
117 dnssec-enable <boolean>;
118 dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
119 dnssec-must-be-secure <string> <boolean>;
120 dnssec-secure-to-insecure <boolean>;
121 dnssec-validation ( yes | no | auto );
122 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
123 <integer> ] | <ipv4_address> [ port <integer> ] |
124 <ipv6_address> [ port <integer> ] ); ... };
125 dump-file <quoted_string>;
126 edns-udp-size <integer>;
127 empty-contact <string>;
128 empty-server <string>;
129 empty-zones-enable <boolean>;
130 fake-iquery <boolean>; // obsolete
131 fetch-glue <boolean>; // obsolete
133 filter-aaaa { <address_match_element>; ... }; // not configured
134 filter-aaaa-on-v4 <v4_aaaa>; // not configured
135 flush-zones-on-shutdown <boolean>;
136 forward ( first | only );
137 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
138 [ port <integer> ]; ... };
139 has-old-clients <boolean>; // obsolete
140 heartbeat-interval <integer>;
141 host-statistics <boolean>; // not implemented
142 host-statistics-max <integer>; // not implemented
143 hostname ( <quoted_string> | none );
144 interface-interval <integer>;
145 ixfr-from-differences <ixfrdiff>;
146 key-directory <quoted_string>;
148 listen-on [ port <integer> ] { <address_match_element>; ... };
149 listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
150 maintain-ixfr-base <boolean>; // obsolete
151 managed-keys-directory <quoted_string>;
152 masterfile-format ( text | raw );
153 match-mapped-addresses <boolean>;
154 max-acache-size <size_no_default>;
155 max-cache-size <size_no_default>;
156 max-cache-ttl <integer>;
157 max-clients-per-query <integer>;
158 max-ixfr-log-size <size>; // obsolete
159 max-journal-size <size_no_default>;
160 max-ncache-ttl <integer>;
161 max-refresh-time <integer>;
162 max-retry-time <integer>;
163 max-transfer-idle-in <integer>;
164 max-transfer-idle-out <integer>;
165 max-transfer-time-in <integer>;
166 max-transfer-time-out <integer>;
167 max-udp-size <integer>;
168 memstatistics <boolean>;
169 memstatistics-file <quoted_string>;
170 min-refresh-time <integer>;
171 min-retry-time <integer>;
172 min-roots <integer>; // not implemented
173 minimal-responses <boolean>;
174 multi-master <boolean>;
175 multiple-cnames <boolean>; // obsolete
176 named-xfer <quoted_string>; // obsolete
178 notify-delay <integer>;
179 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
180 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
181 notify-to-soa <boolean>;
182 nsec3-test-zone <boolean>; // test only
183 pid-file ( <quoted_string> | none );
185 preferred-glue <string>;
186 provide-ixfr <boolean>;
187 query-source <querysource4>;
188 query-source-v6 <querysource6>;
190 queryport-pool-ports <integer>; // obsolete
191 queryport-pool-updateinterval <integer>; // obsolete
192 random-device <quoted_string>;
193 recursing-file <quoted_string>;
195 recursive-clients <integer>;
196 request-ixfr <boolean>;
197 request-nsid <boolean>;
198 reserved-sockets <integer>;
199 resolver-query-timeout <integer>;
200 response-policy { zone <quoted_string> [ policy ( given | disabled
201 | passthru | no-op | nxdomain | nodata | cname <quoted_string>
202 ) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
203 ... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
204 max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
205 rfc2308-type1 <boolean>; // not yet implemented
206 root-delegation-only [ exclude { <quoted_string>; ... } ];
207 rrset-order { [ class <string> ] [ type <string> ] [ name
208 <quoted_string> ] <string> <string>; ... };
209 secroots-file <quoted_string>;
210 serial-queries <integer>; // obsolete
211 serial-query-rate <integer>;
212 server-id ( <quoted_string> | none | hostname );
213 session-keyalg <string>;
214 session-keyfile ( <quoted_string> | none );
215 session-keyname <string>;
216 sig-signing-nodes <integer>;
217 sig-signing-signatures <integer>;
218 sig-signing-type <integer>;
219 sig-validity-interval <integer> [ <integer> ];
220 sortlist { <address_match_element>; ... };
222 statistics-file <quoted_string>;
223 statistics-interval <integer>; // not yet implemented
224 suppress-initial-notify <boolean>; // not yet implemented
225 tcp-clients <integer>;
226 tcp-listen-queue <integer>;
227 tkey-dhkey <quoted_string> <integer>;
228 tkey-domain <quoted_string>;
229 tkey-gssapi-credential <quoted_string>;
230 tkey-gssapi-keytab <quoted_string>;
231 topology { <address_match_element>; ... }; // not implemented
232 transfer-format ( many-answers | one-answer );
233 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
234 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
235 transfers-in <integer>;
236 transfers-out <integer>;
237 transfers-per-ns <integer>;
238 treat-cr-as-space <boolean>; // obsolete
239 try-tcp-refresh <boolean>;
240 update-check-ksk <boolean>;
241 use-alt-transfer-source <boolean>;
242 use-id-pool <boolean>; // obsolete
244 use-queryport-pool <boolean>; // obsolete
245 use-v4-udp-ports { <portrange>; ... };
246 use-v6-udp-ports { <portrange>; ... };
247 version ( <quoted_string> | none );
248 zero-no-soa-ttl <boolean>;
249 zero-no-soa-ttl-cache <boolean>;
250 zone-statistics <boolean>;
256 edns-udp-size <integer>;
258 max-udp-size <integer>;
259 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
260 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
261 provide-ixfr <boolean>;
262 query-source <querysource4>;
263 query-source-v6 <querysource6>;
264 request-ixfr <boolean>;
265 support-ixfr <boolean>; // obsolete
266 transfer-format ( many-answers | one-answer );
267 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
268 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
272 statistics-channels {
273 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
274 ) ] [ allow { <address_match_element>; ... } ];
277 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
279 view <string> <optional_class> {
280 acache-cleaning-interval <integer>;
281 acache-enable <boolean>;
282 additional-from-auth <boolean>;
283 additional-from-cache <boolean>;
284 allow-new-zones <boolean>;
285 allow-notify { <address_match_element>; ... };
286 allow-query { <address_match_element>; ... };
287 allow-query-cache { <address_match_element>; ... };
288 allow-query-cache-on { <address_match_element>; ... };
289 allow-query-on { <address_match_element>; ... };
290 allow-recursion { <address_match_element>; ... };
291 allow-recursion-on { <address_match_element>; ... };
292 allow-transfer { <address_match_element>; ... };
293 allow-update { <address_match_element>; ... };
294 allow-update-forwarding { <address_match_element>; ... };
295 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
296 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
297 ) [ port <integer> ]; ... };
298 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
299 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
301 attach-cache <string>;
302 auth-nxdomain <boolean>; // default changed
303 auto-dnssec ( allow | maintain | off );
304 cache-file <quoted_string>;
305 check-dup-records ( fail | warn | ignore );
306 check-integrity <boolean>;
307 check-mx ( fail | warn | ignore );
308 check-mx-cname ( fail | warn | ignore );
309 check-names ( master | slave | response ) ( fail | warn | ignore );
310 check-sibling <boolean>;
311 check-spf ( warn | ignore );
312 check-srv-cname ( fail | warn | ignore );
313 check-wildcard <boolean>;
314 cleaning-interval <integer>;
315 clients-per-query <integer>;
317 deny-answer-addresses { <address_match_element>; ... } [
318 except-from { <quoted_string>; ... } ];
319 deny-answer-aliases { <quoted_string>; ... } [ except-from {
320 <quoted_string>; ... } ];
322 disable-algorithms <string> { <string>; ... };
323 disable-empty-zone <string>;
328 break-dnssec <boolean>;
329 clients { <address_match_element>; ... };
330 exclude { <address_match_element>; ... };
331 mapped { <address_match_element>; ... };
332 recursive-only <boolean>;
333 suffix <ipv6_address>;
335 dns64-contact <string>;
336 dns64-server <string>;
337 dnssec-accept-expired <boolean>;
338 dnssec-dnskey-kskonly <boolean>;
339 dnssec-enable <boolean>;
340 dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
341 dnssec-must-be-secure <string> <boolean>;
342 dnssec-secure-to-insecure <boolean>;
343 dnssec-validation ( yes | no | auto );
344 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
345 <integer> ] | <ipv4_address> [ port <integer> ] |
346 <ipv6_address> [ port <integer> ] ); ... };
347 edns-udp-size <integer>;
348 empty-contact <string>;
349 empty-server <string>;
350 empty-zones-enable <boolean>;
351 fetch-glue <boolean>; // obsolete
352 filter-aaaa { <address_match_element>; ... }; // not configured
353 filter-aaaa-on-v4 <v4_aaaa>; // not configured
354 forward ( first | only );
355 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
356 [ port <integer> ]; ... };
357 ixfr-from-differences <ixfrdiff>;
362 key-directory <quoted_string>;
364 maintain-ixfr-base <boolean>; // obsolete
365 managed-keys { <string> <string> <integer> <integer> <integer>
366 <quoted_string>; ... };
367 masterfile-format ( text | raw );
368 match-clients { <address_match_element>; ... };
369 match-destinations { <address_match_element>; ... };
370 match-recursive-only <boolean>;
371 max-acache-size <size_no_default>;
372 max-cache-size <size_no_default>;
373 max-cache-ttl <integer>;
374 max-clients-per-query <integer>;
375 max-ixfr-log-size <size>; // obsolete
376 max-journal-size <size_no_default>;
377 max-ncache-ttl <integer>;
378 max-refresh-time <integer>;
379 max-retry-time <integer>;
380 max-transfer-idle-in <integer>;
381 max-transfer-idle-out <integer>;
382 max-transfer-time-in <integer>;
383 max-transfer-time-out <integer>;
384 max-udp-size <integer>;
385 min-refresh-time <integer>;
386 min-retry-time <integer>;
387 min-roots <integer>; // not implemented
388 minimal-responses <boolean>;
389 multi-master <boolean>;
391 notify-delay <integer>;
392 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
393 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
394 notify-to-soa <boolean>;
395 nsec3-test-zone <boolean>; // test only
396 preferred-glue <string>;
397 provide-ixfr <boolean>;
398 query-source <querysource4>;
399 query-source-v6 <querysource6>;
400 queryport-pool-ports <integer>; // obsolete
401 queryport-pool-updateinterval <integer>; // obsolete
403 request-ixfr <boolean>;
404 request-nsid <boolean>;
405 resolver-query-timeout <integer>;
406 response-policy { zone <quoted_string> [ policy ( given | disabled
407 | passthru | no-op | nxdomain | nodata | cname <quoted_string>
408 ) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
409 ... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
410 max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
411 rfc2308-type1 <boolean>; // not yet implemented
412 root-delegation-only [ exclude { <quoted_string>; ... } ];
413 rrset-order { [ class <string> ] [ type <string> ] [ name
414 <quoted_string> ] <string> <string>; ... };
418 edns-udp-size <integer>;
420 max-udp-size <integer>;
421 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
423 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
425 provide-ixfr <boolean>;
426 query-source <querysource4>;
427 query-source-v6 <querysource6>;
428 request-ixfr <boolean>;
429 support-ixfr <boolean>; // obsolete
430 transfer-format ( many-answers | one-answer );
431 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
433 transfer-source-v6 ( <ipv6_address> | * ) [ port (
437 sig-signing-nodes <integer>;
438 sig-signing-signatures <integer>;
439 sig-signing-type <integer>;
440 sig-validity-interval <integer> [ <integer> ];
441 sortlist { <address_match_element>; ... };
442 suppress-initial-notify <boolean>; // not yet implemented
443 topology { <address_match_element>; ... }; // not implemented
444 transfer-format ( many-answers | one-answer );
445 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
446 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
447 trusted-keys { <string> <integer> <integer> <integer>
448 <quoted_string>; ... };
449 try-tcp-refresh <boolean>;
450 update-check-ksk <boolean>;
451 use-alt-transfer-source <boolean>;
452 use-queryport-pool <boolean>; // obsolete
453 zero-no-soa-ttl <boolean>;
454 zero-no-soa-ttl-cache <boolean>;
455 zone <string> <optional_class> {
456 allow-notify { <address_match_element>; ... };
457 allow-query { <address_match_element>; ... };
458 allow-query-on { <address_match_element>; ... };
459 allow-transfer { <address_match_element>; ... };
460 allow-update { <address_match_element>; ... };
461 allow-update-forwarding { <address_match_element>; ... };
462 also-notify [ port <integer> ] { ( <ipv4_address> |
463 <ipv6_address> ) [ port <integer> ]; ... };
464 alt-transfer-source ( <ipv4_address> | * ) [ port (
466 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
468 auto-dnssec ( allow | maintain | off );
469 check-dup-records ( fail | warn | ignore );
470 check-integrity <boolean>;
471 check-mx ( fail | warn | ignore );
472 check-mx-cname ( fail | warn | ignore );
473 check-names ( fail | warn | ignore );
474 check-sibling <boolean>;
475 check-spf ( warn | ignore );
476 check-srv-cname ( fail | warn | ignore );
477 check-wildcard <boolean>;
479 delegation-only <boolean>;
481 dnssec-dnskey-kskonly <boolean>;
482 dnssec-secure-to-insecure <boolean>;
483 file <quoted_string>;
484 forward ( first | only );
485 forwarders [ port <integer> ] { ( <ipv4_address> |
486 <ipv6_address> ) [ port <integer> ]; ... };
487 ixfr-base <quoted_string>; // obsolete
488 ixfr-from-differences <boolean>;
489 ixfr-tmp-file <quoted_string>; // obsolete
490 journal <quoted_string>;
491 key-directory <quoted_string>;
492 maintain-ixfr-base <boolean>; // obsolete
493 masterfile-format ( text | raw );
494 masters [ port <integer> ] { ( <masters> | <ipv4_address> [
495 port <integer> ] | <ipv6_address> [ port <integer> ] )
496 [ key <string> ]; ... };
497 max-ixfr-log-size <size>; // obsolete
498 max-journal-size <size_no_default>;
499 max-refresh-time <integer>;
500 max-retry-time <integer>;
501 max-transfer-idle-in <integer>;
502 max-transfer-idle-out <integer>;
503 max-transfer-time-in <integer>;
504 max-transfer-time-out <integer>;
505 min-refresh-time <integer>;
506 min-retry-time <integer>;
507 multi-master <boolean>;
509 notify-delay <integer>;
510 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
512 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
514 notify-to-soa <boolean>;
515 nsec3-test-zone <boolean>; // test only
516 pubkey <integer> <integer> <integer>
517 <quoted_string>; // obsolete
518 server-addresses { ( <ipv4_address> | <ipv6_address> ) [
519 port <integer> ]; ... };
520 server-names { <quoted_string>; ... };
521 sig-signing-nodes <integer>;
522 sig-signing-signatures <integer>;
523 sig-signing-type <integer>;
524 sig-validity-interval <integer> [ <integer> ];
525 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
527 transfer-source-v6 ( <ipv6_address> | * ) [ port (
529 try-tcp-refresh <boolean>;
530 type ( master | slave | stub | static-stub | hint | forward
532 update-check-ksk <boolean>;
533 update-policy ( local | { ( grant | deny ) <string> ( name
534 | subdomain | wildcard | self | selfsub | selfwild |
535 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
536 tcp-self | 6to4-self | zonesub | external ) [ <string>
537 ] <rrtypelist>; ... };
538 use-alt-transfer-source <boolean>;
539 zero-no-soa-ttl <boolean>;
540 zone-statistics <boolean>;
542 zone-statistics <boolean>;
545 zone <string> <optional_class> {
546 allow-notify { <address_match_element>; ... };
547 allow-query { <address_match_element>; ... };
548 allow-query-on { <address_match_element>; ... };
549 allow-transfer { <address_match_element>; ... };
550 allow-update { <address_match_element>; ... };
551 allow-update-forwarding { <address_match_element>; ... };
552 also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
553 ) [ port <integer> ]; ... };
554 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
555 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
557 auto-dnssec ( allow | maintain | off );
558 check-dup-records ( fail | warn | ignore );
559 check-integrity <boolean>;
560 check-mx ( fail | warn | ignore );
561 check-mx-cname ( fail | warn | ignore );
562 check-names ( fail | warn | ignore );
563 check-sibling <boolean>;
564 check-spf ( warn | ignore );
565 check-srv-cname ( fail | warn | ignore );
566 check-wildcard <boolean>;
568 delegation-only <boolean>;
570 dnssec-dnskey-kskonly <boolean>;
571 dnssec-secure-to-insecure <boolean>;
572 file <quoted_string>;
573 forward ( first | only );
574 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
575 [ port <integer> ]; ... };
576 ixfr-base <quoted_string>; // obsolete
577 ixfr-from-differences <boolean>;
578 ixfr-tmp-file <quoted_string>; // obsolete
579 journal <quoted_string>;
580 key-directory <quoted_string>;
581 maintain-ixfr-base <boolean>; // obsolete
582 masterfile-format ( text | raw );
583 masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
584 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
586 max-ixfr-log-size <size>; // obsolete
587 max-journal-size <size_no_default>;
588 max-refresh-time <integer>;
589 max-retry-time <integer>;
590 max-transfer-idle-in <integer>;
591 max-transfer-idle-out <integer>;
592 max-transfer-time-in <integer>;
593 max-transfer-time-out <integer>;
594 min-refresh-time <integer>;
595 min-retry-time <integer>;
596 multi-master <boolean>;
598 notify-delay <integer>;
599 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
600 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
601 notify-to-soa <boolean>;
602 nsec3-test-zone <boolean>; // test only
603 pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
604 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
606 server-names { <quoted_string>; ... };
607 sig-signing-nodes <integer>;
608 sig-signing-signatures <integer>;
609 sig-signing-type <integer>;
610 sig-validity-interval <integer> [ <integer> ];
611 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
612 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
613 try-tcp-refresh <boolean>;
614 type ( master | slave | stub | static-stub | hint | forward |
616 update-check-ksk <boolean>;
617 update-policy ( local | { ( grant | deny ) <string> ( name |
618 subdomain | wildcard | self | selfsub | selfwild | krb5-self |
619 ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
620 | zonesub | external ) [ <string> ] <rrtypelist>; ... };
621 use-alt-transfer-source <boolean>;
622 zero-no-soa-ttl <boolean>;
623 zone-statistics <boolean>;