xref: /netbsd-src/external/mpl/bind/dist/doc/misc/primary.zoneopt (revision 9689912e6b171cbda866ec33f15ae94a04e2c02d) 
1zone <string> [ <class> ] {
2	type primary;
3	allow-query { <address_match_element>; ... };
4	allow-query-on { <address_match_element>; ... };
5	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
6	allow-update { <address_match_element>; ... };
7	also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
8	check-dup-records ( fail | warn | ignore );
9	check-integrity <boolean>;
10	check-mx ( fail | warn | ignore );
11	check-mx-cname ( fail | warn | ignore );
12	check-names ( fail | warn | ignore );
13	check-sibling <boolean>;
14	check-spf ( warn | ignore );
15	check-srv-cname ( fail | warn | ignore );
16	check-svcb <boolean>;
17	check-wildcard <boolean>;
18	checkds ( explicit | <boolean> );
19	database <string>;
20	dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
21	dlz <string>;
22	dnskey-sig-validity <integer>; // obsolete
23	dnssec-dnskey-kskonly <boolean>; // obsolete
24	dnssec-loadkeys-interval <integer>;
25	dnssec-policy <string>;
26	dnssec-secure-to-insecure <boolean>; // obsolete
27	dnssec-update-mode ( maintain | no-resign ); // obsolete
28	file <quoted_string>;
29	forward ( first | only );
30	forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
31	inline-signing <boolean>;
32	ixfr-from-differences <boolean>;
33	journal <quoted_string>;
34	key-directory <quoted_string>;
35	masterfile-format ( raw | text );
36	masterfile-style ( full | relative );
37	max-ixfr-ratio ( unlimited | <percentage> );
38	max-journal-size ( default | unlimited | <sizeval> );
39	max-records <integer>;
40	max-records-per-type <integer>;
41	max-transfer-idle-out <integer>;
42	max-transfer-time-out <integer>;
43	max-types-per-name <integer>;
44	max-zone-ttl ( unlimited | <duration> ); // deprecated
45	notify ( explicit | master-only | primary-only | <boolean> );
46	notify-delay <integer>;
47	notify-source ( <ipv4_address> | * );
48	notify-source-v6 ( <ipv6_address> | * );
49	notify-to-soa <boolean>;
50	nsec3-test-zone <boolean>; // test only
51	parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
52	parental-source ( <ipv4_address> | * );
53	parental-source-v6 ( <ipv6_address> | * );
54	serial-update-method ( date | increment | unixtime );
55	sig-signing-nodes <integer>;
56	sig-signing-signatures <integer>;
57	sig-signing-type <integer>;
58	sig-validity-interval <integer> [ <integer> ]; // obsolete
59	update-check-ksk <boolean>; // obsolete
60	update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
61	zero-no-soa-ttl <boolean>;
62	zone-statistics ( full | terse | none | <boolean> );
63};
64