2 This is a summary of the named.conf options supported by
3 this version of BIND 9.
5 acl <string> { <address_match_element>; ... };
8 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
9 ) ] allow { <address_match_element>; ... } [ keys { <string>;
11 unix <quoted_string> perm <integer> owner <integer> group <integer>
12 [ keys { <string>; ... } ];
25 category <string> { <string>; ... };
27 file <quoted_string> [ versions ( "unlimited" | <integer> )
30 print-category <boolean>;
31 print-severity <boolean>;
33 severity <log_severity>;
35 syslog [ <syslog_facility> ];
40 listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
41 [ port <integer> ]; ... };
43 search { <string>; ... };
44 view <string> [ <class> ];
47 managed-keys { <string> <string> <integer> <integer> <integer>
48 <quoted_string>; ... };
50 masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
51 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
54 acache-cleaning-interval <integer>;
55 acache-enable <boolean>;
56 additional-from-auth <boolean>;
57 additional-from-cache <boolean>;
58 allow-new-zones <boolean>;
59 allow-notify { <address_match_element>; ... };
60 allow-query { <address_match_element>; ... };
61 allow-query-cache { <address_match_element>; ... };
62 allow-query-cache-on { <address_match_element>; ... };
63 allow-query-on { <address_match_element>; ... };
64 allow-recursion { <address_match_element>; ... };
65 allow-recursion-on { <address_match_element>; ... };
66 allow-transfer { <address_match_element>; ... };
67 allow-update { <address_match_element>; ... };
68 allow-update-forwarding { <address_match_element>; ... };
69 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
70 also-notify [ port <integer> ] { ( <masters> | <ipv4_address> [
71 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
73 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
74 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
76 attach-cache <string>;
77 auth-nxdomain <boolean>; // default changed
78 auto-dnssec ( allow | maintain | off );
79 avoid-v4-udp-ports { <portrange>; ... };
80 avoid-v6-udp-ports { <portrange>; ... };
81 bindkeys-file <quoted_string>;
82 blackhole { <address_match_element>; ... };
83 cache-file <quoted_string>;
84 check-dup-records ( fail | warn | ignore );
85 check-integrity <boolean>;
86 check-mx ( fail | warn | ignore );
87 check-mx-cname ( fail | warn | ignore );
88 check-names ( master | slave | response ) ( fail | warn | ignore );
89 check-sibling <boolean>;
90 check-spf ( warn | ignore );
91 check-srv-cname ( fail | warn | ignore );
92 check-wildcard <boolean>;
93 cleaning-interval <integer>;
94 clients-per-query <integer>;
95 coresize ( unlimited | default | <sizeval> );
96 datasize ( unlimited | default | <sizeval> );
97 deallocate-on-exit <boolean>; // obsolete
98 deny-answer-addresses { <address_match_element>; ... } [
99 except-from { <quoted_string>; ... } ];
100 deny-answer-aliases { <quoted_string>; ... } [ except-from {
101 <quoted_string>; ... } ];
102 dialup ( notify | notify-passive | refresh | passive | <boolean> );
103 directory <quoted_string>;
104 disable-algorithms <string> { <string>; ... };
105 disable-empty-zone <string>;
107 break-dnssec <boolean>;
108 clients { <address_match_element>; ... };
109 exclude { <address_match_element>; ... };
110 mapped { <address_match_element>; ... };
111 recursive-only <boolean>;
112 suffix <ipv6_address>;
114 dns64-contact <string>;
115 dns64-server <string>;
116 dnssec-accept-expired <boolean>;
117 dnssec-dnskey-kskonly <boolean>;
118 dnssec-enable <boolean>;
119 dnssec-loadkeys-interval <integer>;
120 dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
121 dnssec-must-be-secure <string> <boolean>;
122 dnssec-secure-to-insecure <boolean>;
123 dnssec-update-mode ( maintain | no-resign );
124 dnssec-validation ( yes | no | auto );
125 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
126 <integer> ] | <ipv4_address> [ port <integer> ] |
127 <ipv6_address> [ port <integer> ] ); ... };
128 dump-file <quoted_string>;
129 edns-udp-size <integer>;
130 empty-contact <string>;
131 empty-server <string>;
132 empty-zones-enable <boolean>;
133 fake-iquery <boolean>; // obsolete
134 fetch-glue <boolean>; // obsolete
135 fetch-quota-params <integer> <fixedpoint>
136 <fixedpoint> <fixedpoint>; // not configured
137 fetches-per-server <integer> [ ( drop | fail ) ]; // not configured
138 fetches-per-zone <integer> [ ( drop | fail ) ]; // not configured
139 files ( unlimited | default | <sizeval> );
140 filter-aaaa { <address_match_element>; ... }; // not configured
141 filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
142 flush-zones-on-shutdown <boolean>;
143 forward ( first | only );
144 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
145 [ port <integer> ]; ... };
146 has-old-clients <boolean>; // obsolete
147 heartbeat-interval <integer>;
148 host-statistics <boolean>; // not implemented
149 host-statistics-max <integer>; // not implemented
150 hostname ( <quoted_string> | none );
151 inline-signing <boolean>;
152 interface-interval <integer>;
153 ixfr-from-differences ( master | slave | <boolean> );
154 key-directory <quoted_string>;
156 listen-on [ port <integer> ] { <address_match_element>; ... };
157 listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
158 maintain-ixfr-base <boolean>; // obsolete
159 managed-keys-directory <quoted_string>;
160 masterfile-format ( text | raw );
161 match-mapped-addresses <boolean>;
162 max-acache-size <size_no_default>;
163 max-cache-size <size_no_default>;
164 max-cache-ttl <integer>;
165 max-clients-per-query <integer>;
166 max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
167 max-journal-size <size_no_default>;
168 max-ncache-ttl <integer>;
169 max-recursion-depth <integer>;
170 max-recursion-queries <integer>;
171 max-refresh-time <integer>;
172 max-retry-time <integer>;
173 max-rsa-exponent-size <integer>;
174 max-transfer-idle-in <integer>;
175 max-transfer-idle-out <integer>;
176 max-transfer-time-in <integer>;
177 max-transfer-time-out <integer>;
178 max-udp-size <integer>;
179 memstatistics <boolean>;
180 memstatistics-file <quoted_string>;
181 min-refresh-time <integer>;
182 min-retry-time <integer>;
183 min-roots <integer>; // not implemented
184 minimal-responses <boolean>;
185 multi-master <boolean>;
186 multiple-cnames <boolean>; // obsolete
187 named-xfer <quoted_string>; // obsolete
188 no-case-compress { <address_match_element>; ... };
189 notify ( explicit | master-only | <boolean> );
190 notify-delay <integer>;
191 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
192 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
193 notify-to-soa <boolean>;
194 nsec3-test-zone <boolean>; // test only
195 pid-file ( <quoted_string> | none );
197 preferred-glue <string>;
198 provide-ixfr <boolean>;
199 query-source <querysource4>;
200 query-source-v6 <querysource6>;
202 queryport-pool-ports <integer>; // obsolete
203 queryport-pool-updateinterval <integer>; // obsolete
204 random-device <quoted_string>;
205 recursing-file <quoted_string>;
207 recursive-clients <integer>;
208 request-ixfr <boolean>;
209 request-nsid <boolean>;
210 reserved-sockets <integer>;
211 resolver-query-timeout <integer>;
212 response-policy { zone <quoted_string> [ policy ( given | disabled
213 | passthru | no-op | nxdomain | nodata | cname <quoted_string>
214 ) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
215 ... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
216 max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
217 rfc2308-type1 <boolean>; // not yet implemented
218 root-delegation-only [ exclude { <quoted_string>; ... } ];
219 rrset-order { [ class <string> ] [ type <string> ] [ name
220 <quoted_string> ] <string> <string>; ... };
221 secroots-file <quoted_string>;
222 serial-queries <integer>; // obsolete
223 serial-query-rate <integer>;
224 serial-update-method ( increment | unixtime );
225 server-id ( <quoted_string> | none | hostname );
226 session-keyalg <string>;
227 session-keyfile ( <quoted_string> | none );
228 session-keyname <string>;
229 sig-signing-nodes <integer>;
230 sig-signing-signatures <integer>;
231 sig-signing-type <integer>;
232 sig-validity-interval <integer> [ <integer> ];
233 sortlist { <address_match_element>; ... };
234 stacksize ( unlimited | default | <sizeval> );
235 statistics-file <quoted_string>;
236 statistics-interval <integer>; // not yet implemented
237 suppress-initial-notify <boolean>; // not yet implemented
238 tcp-clients <integer>;
239 tcp-listen-queue <integer>;
240 tkey-dhkey <quoted_string> <integer>;
241 tkey-domain <quoted_string>;
242 tkey-gssapi-credential <quoted_string>;
243 tkey-gssapi-keytab <quoted_string>;
244 topology { <address_match_element>; ... }; // not implemented
245 transfer-format ( many-answers | one-answer );
246 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
247 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
248 transfers-in <integer>;
249 transfers-out <integer>;
250 transfers-per-ns <integer>;
251 treat-cr-as-space <boolean>; // obsolete
252 try-tcp-refresh <boolean>;
253 update-check-ksk <boolean>;
254 use-alt-transfer-source <boolean>;
255 use-id-pool <boolean>; // obsolete
256 use-ixfr <boolean>; // obsolete
257 use-queryport-pool <boolean>; // obsolete
258 use-v4-udp-ports { <portrange>; ... };
259 use-v6-udp-ports { <portrange>; ... };
260 version ( <quoted_string> | none );
261 zero-no-soa-ttl <boolean>;
262 zero-no-soa-ttl-cache <boolean>;
263 zone-statistics ( full | terse | none | <boolean> );
269 edns-udp-size <integer>;
271 max-udp-size <integer>;
272 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
273 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
274 provide-ixfr <boolean>;
275 query-source <querysource4>;
276 query-source-v6 <querysource6>;
277 request-ixfr <boolean>;
278 support-ixfr <boolean>; // obsolete
279 transfer-format ( many-answers | one-answer );
280 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
281 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
285 statistics-channels {
286 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
287 ) ] [ allow { <address_match_element>; ... } ];
290 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
292 view <string> [ <class> ] {
293 acache-cleaning-interval <integer>;
294 acache-enable <boolean>;
295 additional-from-auth <boolean>;
296 additional-from-cache <boolean>;
297 allow-new-zones <boolean>;
298 allow-notify { <address_match_element>; ... };
299 allow-query { <address_match_element>; ... };
300 allow-query-cache { <address_match_element>; ... };
301 allow-query-cache-on { <address_match_element>; ... };
302 allow-query-on { <address_match_element>; ... };
303 allow-recursion { <address_match_element>; ... };
304 allow-recursion-on { <address_match_element>; ... };
305 allow-transfer { <address_match_element>; ... };
306 allow-update { <address_match_element>; ... };
307 allow-update-forwarding { <address_match_element>; ... };
308 allow-v6-synthesis { <address_match_element>; ... }; // obsolete
309 also-notify [ port <integer> ] { ( <masters> | <ipv4_address> [
310 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
312 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
313 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
315 attach-cache <string>;
316 auth-nxdomain <boolean>; // default changed
317 auto-dnssec ( allow | maintain | off );
318 cache-file <quoted_string>;
319 check-dup-records ( fail | warn | ignore );
320 check-integrity <boolean>;
321 check-mx ( fail | warn | ignore );
322 check-mx-cname ( fail | warn | ignore );
323 check-names ( master | slave | response ) ( fail | warn | ignore );
324 check-sibling <boolean>;
325 check-spf ( warn | ignore );
326 check-srv-cname ( fail | warn | ignore );
327 check-wildcard <boolean>;
328 cleaning-interval <integer>;
329 clients-per-query <integer>;
330 deny-answer-addresses { <address_match_element>; ... } [
331 except-from { <quoted_string>; ... } ];
332 deny-answer-aliases { <quoted_string>; ... } [ except-from {
333 <quoted_string>; ... } ];
334 dialup ( notify | notify-passive | refresh | passive | <boolean> );
335 disable-algorithms <string> { <string>; ... };
336 disable-empty-zone <string>;
341 break-dnssec <boolean>;
342 clients { <address_match_element>; ... };
343 exclude { <address_match_element>; ... };
344 mapped { <address_match_element>; ... };
345 recursive-only <boolean>;
346 suffix <ipv6_address>;
348 dns64-contact <string>;
349 dns64-server <string>;
350 dnssec-accept-expired <boolean>;
351 dnssec-dnskey-kskonly <boolean>;
352 dnssec-enable <boolean>;
353 dnssec-loadkeys-interval <integer>;
354 dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
355 dnssec-must-be-secure <string> <boolean>;
356 dnssec-secure-to-insecure <boolean>;
357 dnssec-update-mode ( maintain | no-resign );
358 dnssec-validation ( yes | no | auto );
359 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
360 <integer> ] | <ipv4_address> [ port <integer> ] |
361 <ipv6_address> [ port <integer> ] ); ... };
362 edns-udp-size <integer>;
363 empty-contact <string>;
364 empty-server <string>;
365 empty-zones-enable <boolean>;
366 fetch-glue <boolean>; // obsolete
367 fetch-quota-params <integer> <fixedpoint>
368 <fixedpoint> <fixedpoint>; // not configured
369 fetches-per-server <integer> [ ( drop | fail ) ]; // not configured
370 fetches-per-zone <integer> [ ( drop | fail ) ]; // not configured
371 filter-aaaa { <address_match_element>; ... }; // not configured
372 filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
373 forward ( first | only );
374 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
375 [ port <integer> ]; ... };
376 inline-signing <boolean>;
377 ixfr-from-differences ( master | slave | <boolean> );
382 key-directory <quoted_string>;
384 maintain-ixfr-base <boolean>; // obsolete
385 managed-keys { <string> <string> <integer> <integer> <integer>
386 <quoted_string>; ... };
387 masterfile-format ( text | raw );
388 match-clients { <address_match_element>; ... };
389 match-destinations { <address_match_element>; ... };
390 match-recursive-only <boolean>;
391 max-acache-size <size_no_default>;
392 max-cache-size <size_no_default>;
393 max-cache-ttl <integer>;
394 max-clients-per-query <integer>;
395 max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
396 max-journal-size <size_no_default>;
397 max-ncache-ttl <integer>;
398 max-recursion-depth <integer>;
399 max-recursion-queries <integer>;
400 max-refresh-time <integer>;
401 max-retry-time <integer>;
402 max-transfer-idle-in <integer>;
403 max-transfer-idle-out <integer>;
404 max-transfer-time-in <integer>;
405 max-transfer-time-out <integer>;
406 max-udp-size <integer>;
407 min-refresh-time <integer>;
408 min-retry-time <integer>;
409 min-roots <integer>; // not implemented
410 minimal-responses <boolean>;
411 multi-master <boolean>;
412 no-case-compress { <address_match_element>; ... };
413 notify ( explicit | master-only | <boolean> );
414 notify-delay <integer>;
415 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
416 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
417 notify-to-soa <boolean>;
418 nsec3-test-zone <boolean>; // test only
419 preferred-glue <string>;
420 provide-ixfr <boolean>;
421 query-source <querysource4>;
422 query-source-v6 <querysource6>;
423 queryport-pool-ports <integer>; // obsolete
424 queryport-pool-updateinterval <integer>; // obsolete
426 request-ixfr <boolean>;
427 request-nsid <boolean>;
428 resolver-query-timeout <integer>;
429 response-policy { zone <quoted_string> [ policy ( given | disabled
430 | passthru | no-op | nxdomain | nodata | cname <quoted_string>
431 ) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
432 ... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
433 max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
434 rfc2308-type1 <boolean>; // not yet implemented
435 root-delegation-only [ exclude { <quoted_string>; ... } ];
436 rrset-order { [ class <string> ] [ type <string> ] [ name
437 <quoted_string> ] <string> <string>; ... };
438 serial-update-method ( increment | unixtime );
442 edns-udp-size <integer>;
444 max-udp-size <integer>;
445 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
447 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
449 provide-ixfr <boolean>;
450 query-source <querysource4>;
451 query-source-v6 <querysource6>;
452 request-ixfr <boolean>;
453 support-ixfr <boolean>; // obsolete
454 transfer-format ( many-answers | one-answer );
455 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
457 transfer-source-v6 ( <ipv6_address> | * ) [ port (
461 sig-signing-nodes <integer>;
462 sig-signing-signatures <integer>;
463 sig-signing-type <integer>;
464 sig-validity-interval <integer> [ <integer> ];
465 sortlist { <address_match_element>; ... };
466 suppress-initial-notify <boolean>; // not yet implemented
467 topology { <address_match_element>; ... }; // not implemented
468 transfer-format ( many-answers | one-answer );
469 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
470 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
471 trusted-keys { <string> <integer> <integer> <integer>
472 <quoted_string>; ... };
473 try-tcp-refresh <boolean>;
474 update-check-ksk <boolean>;
475 use-alt-transfer-source <boolean>;
476 use-queryport-pool <boolean>; // obsolete
477 zero-no-soa-ttl <boolean>;
478 zero-no-soa-ttl-cache <boolean>;
479 zone <string> [ <class> ] {
480 allow-notify { <address_match_element>; ... };
481 allow-query { <address_match_element>; ... };
482 allow-query-on { <address_match_element>; ... };
483 allow-transfer { <address_match_element>; ... };
484 allow-update { <address_match_element>; ... };
485 allow-update-forwarding { <address_match_element>; ... };
486 also-notify [ port <integer> ] { ( <masters> |
487 <ipv4_address> [ port <integer> ] | <ipv6_address> [
488 port <integer> ] ) [ key <string> ]; ... };
489 alt-transfer-source ( <ipv4_address> | * ) [ port (
491 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
493 auto-dnssec ( allow | maintain | off );
494 check-dup-records ( fail | warn | ignore );
495 check-integrity <boolean>;
496 check-mx ( fail | warn | ignore );
497 check-mx-cname ( fail | warn | ignore );
498 check-names ( fail | warn | ignore );
499 check-sibling <boolean>;
500 check-spf ( warn | ignore );
501 check-srv-cname ( fail | warn | ignore );
502 check-wildcard <boolean>;
504 delegation-only <boolean>;
505 dialup ( notify | notify-passive | refresh | passive |
507 dnssec-dnskey-kskonly <boolean>;
508 dnssec-loadkeys-interval <integer>;
509 dnssec-secure-to-insecure <boolean>;
510 dnssec-update-mode ( maintain | no-resign );
511 file <quoted_string>;
512 forward ( first | only );
513 forwarders [ port <integer> ] { ( <ipv4_address> |
514 <ipv6_address> ) [ port <integer> ]; ... };
515 inline-signing <boolean>;
516 ixfr-base <quoted_string>; // obsolete
517 ixfr-from-differences <boolean>;
518 ixfr-tmp-file <quoted_string>; // obsolete
519 journal <quoted_string>;
520 key-directory <quoted_string>;
521 maintain-ixfr-base <boolean>; // obsolete
522 masterfile-format ( text | raw );
523 masters [ port <integer> ] { ( <masters> | <ipv4_address> [
524 port <integer> ] | <ipv6_address> [ port <integer> ] )
525 [ key <string> ]; ... };
526 max-ixfr-log-size ( unlimited | default |
527 <sizeval> ); // obsolete
528 max-journal-size <size_no_default>;
529 max-refresh-time <integer>;
530 max-retry-time <integer>;
531 max-transfer-idle-in <integer>;
532 max-transfer-idle-out <integer>;
533 max-transfer-time-in <integer>;
534 max-transfer-time-out <integer>;
535 min-refresh-time <integer>;
536 min-retry-time <integer>;
537 multi-master <boolean>;
538 notify ( explicit | master-only | <boolean> );
539 notify-delay <integer>;
540 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
542 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
544 notify-to-soa <boolean>;
545 nsec3-test-zone <boolean>; // test only
546 pubkey <integer> <integer> <integer>
547 <quoted_string>; // obsolete
548 request-ixfr <boolean>;
549 serial-update-method ( increment | unixtime );
550 server-addresses { ( <ipv4_address> | <ipv6_address> ) [
551 port <integer> ]; ... };
552 server-names { <quoted_string>; ... };
553 sig-signing-nodes <integer>;
554 sig-signing-signatures <integer>;
555 sig-signing-type <integer>;
556 sig-validity-interval <integer> [ <integer> ];
557 transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
559 transfer-source-v6 ( <ipv6_address> | * ) [ port (
561 try-tcp-refresh <boolean>;
562 type ( master | slave | stub | static-stub | hint | forward
563 | delegation-only | redirect );
564 update-check-ksk <boolean>;
565 update-policy ( local | { ( grant | deny ) <string> ( name
566 | subdomain | wildcard | self | selfsub | selfwild |
567 krb5-self | ms-self | krb5-subdomain | ms-subdomain |
568 tcp-self | 6to4-self | zonesub | external ) [ <string>
569 ] <rrtypelist>; ... };
570 use-alt-transfer-source <boolean>;
571 zero-no-soa-ttl <boolean>;
572 zone-statistics ( full | terse | none | <boolean> );
574 zone-statistics ( full | terse | none | <boolean> );
577 zone <string> [ <class> ] {
578 allow-notify { <address_match_element>; ... };
579 allow-query { <address_match_element>; ... };
580 allow-query-on { <address_match_element>; ... };
581 allow-transfer { <address_match_element>; ... };
582 allow-update { <address_match_element>; ... };
583 allow-update-forwarding { <address_match_element>; ... };
584 also-notify [ port <integer> ] { ( <masters> | <ipv4_address> [
585 port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
587 alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
588 alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
590 auto-dnssec ( allow | maintain | off );
591 check-dup-records ( fail | warn | ignore );
592 check-integrity <boolean>;
593 check-mx ( fail | warn | ignore );
594 check-mx-cname ( fail | warn | ignore );
595 check-names ( fail | warn | ignore );
596 check-sibling <boolean>;
597 check-spf ( warn | ignore );
598 check-srv-cname ( fail | warn | ignore );
599 check-wildcard <boolean>;
601 delegation-only <boolean>;
602 dialup ( notify | notify-passive | refresh | passive | <boolean> );
603 dnssec-dnskey-kskonly <boolean>;
604 dnssec-loadkeys-interval <integer>;
605 dnssec-secure-to-insecure <boolean>;
606 dnssec-update-mode ( maintain | no-resign );
607 file <quoted_string>;
608 forward ( first | only );
609 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
610 [ port <integer> ]; ... };
611 inline-signing <boolean>;
612 ixfr-base <quoted_string>; // obsolete
613 ixfr-from-differences <boolean>;
614 ixfr-tmp-file <quoted_string>; // obsolete
615 journal <quoted_string>;
616 key-directory <quoted_string>;
617 maintain-ixfr-base <boolean>; // obsolete
618 masterfile-format ( text | raw );
619 masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
620 <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
622 max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
623 max-journal-size <size_no_default>;
624 max-refresh-time <integer>;
625 max-retry-time <integer>;
626 max-transfer-idle-in <integer>;
627 max-transfer-idle-out <integer>;
628 max-transfer-time-in <integer>;
629 max-transfer-time-out <integer>;
630 min-refresh-time <integer>;
631 min-retry-time <integer>;
632 multi-master <boolean>;
633 notify ( explicit | master-only | <boolean> );
634 notify-delay <integer>;
635 notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
636 notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
637 notify-to-soa <boolean>;
638 nsec3-test-zone <boolean>; // test only
639 pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
640 request-ixfr <boolean>;
641 serial-update-method ( increment | unixtime );
642 server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
644 server-names { <quoted_string>; ... };
645 sig-signing-nodes <integer>;
646 sig-signing-signatures <integer>;
647 sig-signing-type <integer>;
648 sig-validity-interval <integer> [ <integer> ];
649 transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
650 transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
651 try-tcp-refresh <boolean>;
652 type ( master | slave | stub | static-stub | hint | forward |
653 delegation-only | redirect );
654 update-check-ksk <boolean>;
655 update-policy ( local | { ( grant | deny ) <string> ( name |
656 subdomain | wildcard | self | selfsub | selfwild | krb5-self |
657 ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
658 | zonesub | external ) [ <string> ] <rrtypelist>; ... };
659 use-alt-transfer-source <boolean>;
660 zero-no-soa-ttl <boolean>;
661 zone-statistics ( full | terse | none | <boolean> );