xref: /netbsd-src/external/mpl/bind/dist/doc/misc/options (revision 7bdf38e5b7a28439665f2fdeff81e36913eef7dd) 
1acl <string> { <address_match_element>; ... }; // may occur multiple times
2
3controls {
4	inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
5	unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
6}; // may occur multiple times
7
8dlz <string> {
9	database <string>;
10	search <boolean>;
11}; // may occur multiple times
12
13dnssec-policy <string> {
14	dnskey-ttl <duration>;
15	keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
16	max-zone-ttl <duration>;
17	nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
18	parent-ds-ttl <duration>;
19	parent-propagation-delay <duration>;
20	parent-registration-delay <duration>; // obsolete
21	publish-safety <duration>;
22	purge-keys <duration>;
23	retire-safety <duration>;
24	signatures-jitter <duration>;
25	signatures-refresh <duration>;
26	signatures-validity <duration>;
27	signatures-validity-dnskey <duration>;
28	zone-propagation-delay <duration>;
29}; // may occur multiple times
30
31dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
32
33http <string> {
34	endpoints { <quoted_string>; ... };
35	listener-clients <integer>;
36	streams-per-connection <integer>;
37}; // may occur multiple times
38
39key <string> {
40	algorithm <string>;
41	secret <string>;
42}; // may occur multiple times
43
44logging {
45	category <string> { <string>; ... }; // may occur multiple times
46	channel <string> {
47		buffered <boolean>;
48		file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
49		null;
50		print-category <boolean>;
51		print-severity <boolean>;
52		print-time ( iso8601 | iso8601-utc | local | <boolean> );
53		severity <log_severity>;
54		stderr;
55		syslog [ <syslog_facility> ];
56	}; // may occur multiple times
57};
58
59managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
60
61options {
62	allow-new-zones <boolean>;
63	allow-notify { <address_match_element>; ... };
64	allow-query { <address_match_element>; ... };
65	allow-query-cache { <address_match_element>; ... };
66	allow-query-cache-on { <address_match_element>; ... };
67	allow-query-on { <address_match_element>; ... };
68	allow-recursion { <address_match_element>; ... };
69	allow-recursion-on { <address_match_element>; ... };
70	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
71	allow-update { <address_match_element>; ... };
72	allow-update-forwarding { <address_match_element>; ... };
73	also-notify [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
74	alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
75	alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
76	answer-cookie <boolean>;
77	attach-cache <string>;
78	auth-nxdomain <boolean>;
79	auto-dnssec ( allow | maintain | off ); // deprecated
80	automatic-interface-scan <boolean>;
81	avoid-v4-udp-ports { <portrange>; ... }; // deprecated
82	avoid-v6-udp-ports { <portrange>; ... }; // deprecated
83	bindkeys-file <quoted_string>;
84	blackhole { <address_match_element>; ... };
85	catalog-zones { zone <string> [ default-primaries [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
86	check-dup-records ( fail | warn | ignore );
87	check-integrity <boolean>;
88	check-mx ( fail | warn | ignore );
89	check-mx-cname ( fail | warn | ignore );
90	check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
91	check-sibling <boolean>;
92	check-spf ( warn | ignore );
93	check-srv-cname ( fail | warn | ignore );
94	check-wildcard <boolean>;
95	clients-per-query <integer>;
96	cookie-algorithm ( aes | siphash24 );
97	cookie-secret <string>; // may occur multiple times
98	coresize ( default | unlimited | <sizeval> ); // deprecated
99	datasize ( default | unlimited | <sizeval> ); // deprecated
100	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
101	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
102	dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
103	directory <quoted_string>;
104	disable-algorithms <string> { <string>; ... }; // may occur multiple times
105	disable-ds-digests <string> { <string>; ... }; // may occur multiple times
106	disable-empty-zone <string>; // may occur multiple times
107	dns64 <netprefix> {
108		break-dnssec <boolean>;
109		clients { <address_match_element>; ... };
110		exclude { <address_match_element>; ... };
111		mapped { <address_match_element>; ... };
112		recursive-only <boolean>;
113		suffix <ipv6_address>;
114	}; // may occur multiple times
115	dns64-contact <string>;
116	dns64-server <string>;
117	dnskey-sig-validity <integer>;
118	dnsrps-enable <boolean>; // not configured
119	dnsrps-options { <unspecified-text> }; // not configured
120	dnssec-accept-expired <boolean>;
121	dnssec-dnskey-kskonly <boolean>;
122	dnssec-loadkeys-interval <integer>;
123	dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
124	dnssec-policy <string>;
125	dnssec-secure-to-insecure <boolean>;
126	dnssec-update-mode ( maintain | no-resign );
127	dnssec-validation ( yes | no | auto );
128	dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
129	dnstap-identity ( <quoted_string> | none | hostname ); // not configured
130	dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
131	dnstap-version ( <quoted_string> | none ); // not configured
132	dscp <integer>; // obsolete
133	dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
134	dump-file <quoted_string>;
135	edns-udp-size <integer>;
136	empty-contact <string>;
137	empty-server <string>;
138	empty-zones-enable <boolean>;
139	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
140	fetches-per-server <integer> [ ( drop | fail ) ];
141	fetches-per-zone <integer> [ ( drop | fail ) ];
142	files ( default | unlimited | <sizeval> ); // deprecated
143	flush-zones-on-shutdown <boolean>;
144	forward ( first | only );
145	forwarders [ port <integer> ]  { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
146	fstrm-set-buffer-hint <integer>; // not configured
147	fstrm-set-flush-timeout <integer>; // not configured
148	fstrm-set-input-queue-size <integer>; // not configured
149	fstrm-set-output-notify-threshold <integer>; // not configured
150	fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
151	fstrm-set-output-queue-size <integer>; // not configured
152	fstrm-set-reopen-interval <duration>; // not configured
153	geoip-directory ( <quoted_string> | none );
154	glue-cache <boolean>; // deprecated
155	heartbeat-interval <integer>; // deprecated
156	hostname ( <quoted_string> | none );
157	http-listener-clients <integer>;
158	http-port <integer>;
159	http-streams-per-connection <integer>;
160	https-port <integer>;
161	interface-interval <duration>;
162	ipv4only-contact <string>;
163	ipv4only-enable <boolean>;
164	ipv4only-server <string>;
165	ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
166	keep-response-order { <address_match_element>; ... };
167	key-directory <quoted_string>;
168	lame-ttl <duration>;
169	listen-on [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
170	listen-on-v6 [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
171	lmdb-mapsize <sizeval>;
172	lock-file ( <quoted_string> | none );
173	managed-keys-directory <quoted_string>;
174	masterfile-format ( raw | text );
175	masterfile-style ( full | relative );
176	match-mapped-addresses <boolean>;
177	max-cache-size ( default | unlimited | <sizeval> | <percentage> );
178	max-cache-ttl <duration>;
179	max-clients-per-query <integer>;
180	max-ixfr-ratio ( unlimited | <percentage> );
181	max-journal-size ( default | unlimited | <sizeval> );
182	max-ncache-ttl <duration>;
183	max-query-restarts <integer>;
184	max-records <integer>;
185	max-records-per-type <integer>;
186	max-recursion-depth <integer>;
187	max-recursion-queries <integer>;
188	max-refresh-time <integer>;
189	max-retry-time <integer>;
190	max-rsa-exponent-size <integer>;
191	max-stale-ttl <duration>;
192	max-transfer-idle-in <integer>;
193	max-transfer-idle-out <integer>;
194	max-transfer-time-in <integer>;
195	max-transfer-time-out <integer>;
196	max-types-per-name <integer>;
197	max-udp-size <integer>;
198	max-zone-ttl ( unlimited | <duration> );
199	memstatistics <boolean>;
200	memstatistics-file <quoted_string>;
201	message-compression <boolean>;
202	min-cache-ttl <duration>;
203	min-ncache-ttl <duration>;
204	min-refresh-time <integer>;
205	min-retry-time <integer>;
206	minimal-any <boolean>;
207	minimal-responses ( no-auth | no-auth-recursive | <boolean> );
208	multi-master <boolean>;
209	new-zones-directory <quoted_string>;
210	no-case-compress { <address_match_element>; ... };
211	nocookie-udp-size <integer>;
212	notify ( explicit | master-only | primary-only | <boolean> );
213	notify-delay <integer>;
214	notify-rate <integer>;
215	notify-source ( <ipv4_address> | * ) ;
216	notify-source-v6 ( <ipv6_address> | * ) ;
217	notify-to-soa <boolean>;
218	nsec3-test-zone <boolean>; // test only
219	nta-lifetime <duration>;
220	nta-recheck <duration>;
221	nxdomain-redirect <string>;
222	parental-source ( <ipv4_address> | * ) ;
223	parental-source-v6 ( <ipv6_address> | * ) ;
224	pid-file ( <quoted_string> | none );
225	port <integer>;
226	preferred-glue <string>;
227	prefetch <integer> [ <integer> ];
228	provide-ixfr <boolean>;
229	qname-minimization ( strict | relaxed | disabled | off );
230	query-source [ address ] ( <ipv4_address> | * );
231	query-source-v6 [ address ] ( <ipv6_address> | * );
232	querylog <boolean>;
233	random-device ( <quoted_string> | none ); // obsolete
234	rate-limit {
235		all-per-second <integer>;
236		errors-per-second <integer>;
237		exempt-clients { <address_match_element>; ... };
238		ipv4-prefix-length <integer>;
239		ipv6-prefix-length <integer>;
240		log-only <boolean>;
241		max-table-size <integer>;
242		min-table-size <integer>;
243		nodata-per-second <integer>;
244		nxdomains-per-second <integer>;
245		qps-scale <integer>;
246		referrals-per-second <integer>;
247		responses-per-second <integer>;
248		slip <integer>;
249		window <integer>;
250	};
251	recursing-file <quoted_string>;
252	recursion <boolean>;
253	recursive-clients <integer>;
254	request-expire <boolean>;
255	request-ixfr <boolean>;
256	request-nsid <boolean>;
257	require-server-cookie <boolean>;
258	reserved-sockets <integer>; // deprecated
259	resolver-nonbackoff-tries <integer>; // deprecated
260	resolver-query-timeout <integer>;
261	resolver-retry-interval <integer>; // deprecated
262	response-padding { <address_match_element>; ... } block-size <integer>;
263	response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
264	reuseport <boolean>;
265	root-delegation-only [ exclude { <string>; ... } ]; // deprecated
266	root-key-sentinel <boolean>;
267	rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
268	secroots-file <quoted_string>;
269	send-cookie <boolean>;
270	serial-query-rate <integer>;
271	serial-update-method ( date | increment | unixtime );
272	server-id ( <quoted_string> | none | hostname );
273	servfail-ttl <duration>;
274	session-keyalg <string>;
275	session-keyfile ( <quoted_string> | none );
276	session-keyname <string>;
277	sig-signing-nodes <integer>;
278	sig-signing-signatures <integer>;
279	sig-signing-type <integer>;
280	sig-validity-interval <integer> [ <integer> ];
281	sortlist { <address_match_element>; ... };
282	stacksize ( default | unlimited | <sizeval> ); // deprecated
283	stale-answer-client-timeout ( disabled | off | <integer> );
284	stale-answer-enable <boolean>;
285	stale-answer-ttl <duration>;
286	stale-cache-enable <boolean>;
287	stale-refresh-time <duration>;
288	startup-notify-rate <integer>;
289	statistics-file <quoted_string>;
290	suppress-initial-notify <boolean>; // obsolete
291	synth-from-dnssec <boolean>;
292	tcp-advertised-timeout <integer>;
293	tcp-clients <integer>;
294	tcp-idle-timeout <integer>;
295	tcp-initial-timeout <integer>;
296	tcp-keepalive-timeout <integer>;
297	tcp-listen-queue <integer>;
298	tcp-receive-buffer <integer>;
299	tcp-send-buffer <integer>;
300	tkey-dhkey <quoted_string> <integer>; // deprecated
301	tkey-domain <quoted_string>;
302	tkey-gssapi-credential <quoted_string>;
303	tkey-gssapi-keytab <quoted_string>;
304	tls-port <integer>;
305	transfer-format ( many-answers | one-answer );
306	transfer-message-size <integer>;
307	transfer-source ( <ipv4_address> | * ) ;
308	transfer-source-v6 ( <ipv6_address> | * ) ;
309	transfers-in <integer>;
310	transfers-out <integer>;
311	transfers-per-ns <integer>;
312	trust-anchor-telemetry <boolean>;
313	try-tcp-refresh <boolean>;
314	udp-receive-buffer <integer>;
315	udp-send-buffer <integer>;
316	update-check-ksk <boolean>;
317	update-quota <integer>;
318	use-alt-transfer-source <boolean>; // deprecated
319	use-v4-udp-ports { <portrange>; ... }; // deprecated
320	use-v6-udp-ports { <portrange>; ... }; // deprecated
321	v6-bias <integer>;
322	validate-except { <string>; ... };
323	version ( <quoted_string> | none );
324	zero-no-soa-ttl <boolean>;
325	zero-no-soa-ttl-cache <boolean>;
326	zone-statistics ( full | terse | none | <boolean> );
327};
328
329parental-agents <string> [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
330
331plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
332
333primaries <string> [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
334
335server <netprefix> {
336	bogus <boolean>;
337	edns <boolean>;
338	edns-udp-size <integer>;
339	edns-version <integer>;
340	keys <server_key>;
341	max-udp-size <integer>;
342	notify-source ( <ipv4_address> | * ) ;
343	notify-source-v6 ( <ipv6_address> | * ) ;
344	padding <integer>;
345	provide-ixfr <boolean>;
346	query-source [ address ] ( <ipv4_address> | * );
347	query-source-v6 [ address ] ( <ipv6_address> | * );
348	request-expire <boolean>;
349	request-ixfr <boolean>;
350	request-nsid <boolean>;
351	send-cookie <boolean>;
352	tcp-keepalive <boolean>;
353	tcp-only <boolean>;
354	transfer-format ( many-answers | one-answer );
355	transfer-source ( <ipv4_address> | * ) ;
356	transfer-source-v6 ( <ipv6_address> | * ) ;
357	transfers <integer>;
358}; // may occur multiple times
359
360statistics-channels {
361	inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
362}; // may occur multiple times
363
364tls <string> {
365	ca-file <quoted_string>;
366	cert-file <quoted_string>;
367	ciphers <string>;
368	dhparam-file <quoted_string>;
369	key-file <quoted_string>;
370	prefer-server-ciphers <boolean>;
371	protocols { <string>; ... };
372	remote-hostname <quoted_string>;
373	session-tickets <boolean>;
374}; // may occur multiple times
375
376trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
377
378trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
379
380view <string> [ <class> ] {
381	allow-new-zones <boolean>;
382	allow-notify { <address_match_element>; ... };
383	allow-query { <address_match_element>; ... };
384	allow-query-cache { <address_match_element>; ... };
385	allow-query-cache-on { <address_match_element>; ... };
386	allow-query-on { <address_match_element>; ... };
387	allow-recursion { <address_match_element>; ... };
388	allow-recursion-on { <address_match_element>; ... };
389	allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
390	allow-update { <address_match_element>; ... };
391	allow-update-forwarding { <address_match_element>; ... };
392	also-notify [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
393	alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
394	alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
395	attach-cache <string>;
396	auth-nxdomain <boolean>;
397	auto-dnssec ( allow | maintain | off ); // deprecated
398	catalog-zones { zone <string> [ default-primaries [ port <integer> ]  { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
399	check-dup-records ( fail | warn | ignore );
400	check-integrity <boolean>;
401	check-mx ( fail | warn | ignore );
402	check-mx-cname ( fail | warn | ignore );
403	check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
404	check-sibling <boolean>;
405	check-spf ( warn | ignore );
406	check-srv-cname ( fail | warn | ignore );
407	check-wildcard <boolean>;
408	clients-per-query <integer>;
409	deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
410	deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
411	dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
412	disable-algorithms <string> { <string>; ... }; // may occur multiple times
413	disable-ds-digests <string> { <string>; ... }; // may occur multiple times
414	disable-empty-zone <string>; // may occur multiple times
415	dlz <string> {
416		database <string>;
417		search <boolean>;
418	}; // may occur multiple times
419	dns64 <netprefix> {
420		break-dnssec <boolean>;
421		clients { <address_match_element>; ... };
422		exclude { <address_match_element>; ... };
423		mapped { <address_match_element>; ... };
424		recursive-only <boolean>;
425		suffix <ipv6_address>;
426	}; // may occur multiple times
427	dns64-contact <string>;
428	dns64-server <string>;
429	dnskey-sig-validity <integer>;
430	dnsrps-enable <boolean>; // not configured
431	dnsrps-options { <unspecified-text> }; // not configured
432	dnssec-accept-expired <boolean>;
433	dnssec-dnskey-kskonly <boolean>;
434	dnssec-loadkeys-interval <integer>;
435	dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
436	dnssec-policy <string>;
437	dnssec-secure-to-insecure <boolean>;
438	dnssec-update-mode ( maintain | no-resign );
439	dnssec-validation ( yes | no | auto );
440	dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
441	dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
442	dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
443	edns-udp-size <integer>;
444	empty-contact <string>;
445	empty-server <string>;
446	empty-zones-enable <boolean>;
447	fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
448	fetches-per-server <integer> [ ( drop | fail ) ];
449	fetches-per-zone <integer> [ ( drop | fail ) ];
450	forward ( first | only );
451	forwarders [ port <integer> ]  { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
452	glue-cache <boolean>; // deprecated
453	ipv4only-contact <string>;
454	ipv4only-enable <boolean>;
455	ipv4only-server <string>;
456	ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
457	key <string> {
458		algorithm <string>;
459		secret <string>;
460	}; // may occur multiple times
461	key-directory <quoted_string>;
462	lame-ttl <duration>;
463	lmdb-mapsize <sizeval>;
464	managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
465	masterfile-format ( raw | text );
466	masterfile-style ( full | relative );
467	match-clients { <address_match_element>; ... };
468	match-destinations { <address_match_element>; ... };
469	match-recursive-only <boolean>;
470	max-cache-size ( default | unlimited | <sizeval> | <percentage> );
471	max-cache-ttl <duration>;
472	max-clients-per-query <integer>;
473	max-ixfr-ratio ( unlimited | <percentage> );
474	max-journal-size ( default | unlimited | <sizeval> );
475	max-ncache-ttl <duration>;
476	max-query-restarts <integer>;
477	max-records <integer>;
478	max-records-per-type <integer>;
479	max-recursion-depth <integer>;
480	max-recursion-queries <integer>;
481	max-refresh-time <integer>;
482	max-retry-time <integer>;
483	max-stale-ttl <duration>;
484	max-transfer-idle-in <integer>;
485	max-transfer-idle-out <integer>;
486	max-transfer-time-in <integer>;
487	max-transfer-time-out <integer>;
488	max-types-per-name <integer>;
489	max-udp-size <integer>;
490	max-zone-ttl ( unlimited | <duration> );
491	message-compression <boolean>;
492	min-cache-ttl <duration>;
493	min-ncache-ttl <duration>;
494	min-refresh-time <integer>;
495	min-retry-time <integer>;
496	minimal-any <boolean>;
497	minimal-responses ( no-auth | no-auth-recursive | <boolean> );
498	multi-master <boolean>;
499	new-zones-directory <quoted_string>;
500	no-case-compress { <address_match_element>; ... };
501	nocookie-udp-size <integer>;
502	notify ( explicit | master-only | primary-only | <boolean> );
503	notify-delay <integer>;
504	notify-source ( <ipv4_address> | * ) ;
505	notify-source-v6 ( <ipv6_address> | * ) ;
506	notify-to-soa <boolean>;
507	nsec3-test-zone <boolean>; // test only
508	nta-lifetime <duration>;
509	nta-recheck <duration>;
510	nxdomain-redirect <string>;
511	parental-source ( <ipv4_address> | * ) ;
512	parental-source-v6 ( <ipv6_address> | * ) ;
513	plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
514	preferred-glue <string>;
515	prefetch <integer> [ <integer> ];
516	provide-ixfr <boolean>;
517	qname-minimization ( strict | relaxed | disabled | off );
518	query-source [ address ] ( <ipv4_address> | * );
519	query-source-v6 [ address ] ( <ipv6_address> | * );
520	rate-limit {
521		all-per-second <integer>;
522		errors-per-second <integer>;
523		exempt-clients { <address_match_element>; ... };
524		ipv4-prefix-length <integer>;
525		ipv6-prefix-length <integer>;
526		log-only <boolean>;
527		max-table-size <integer>;
528		min-table-size <integer>;
529		nodata-per-second <integer>;
530		nxdomains-per-second <integer>;
531		qps-scale <integer>;
532		referrals-per-second <integer>;
533		responses-per-second <integer>;
534		slip <integer>;
535		window <integer>;
536	};
537	recursion <boolean>;
538	request-expire <boolean>;
539	request-ixfr <boolean>;
540	request-nsid <boolean>;
541	require-server-cookie <boolean>;
542	resolver-nonbackoff-tries <integer>; // deprecated
543	resolver-query-timeout <integer>;
544	resolver-retry-interval <integer>; // deprecated
545	response-padding { <address_match_element>; ... } block-size <integer>;
546	response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
547	root-delegation-only [ exclude { <string>; ... } ]; // deprecated
548	root-key-sentinel <boolean>;
549	rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
550	send-cookie <boolean>;
551	serial-update-method ( date | increment | unixtime );
552	server <netprefix> {
553		bogus <boolean>;
554		edns <boolean>;
555		edns-udp-size <integer>;
556		edns-version <integer>;
557		keys <server_key>;
558		max-udp-size <integer>;
559		notify-source ( <ipv4_address> | * ) ;
560		notify-source-v6 ( <ipv6_address> | * ) ;
561		padding <integer>;
562		provide-ixfr <boolean>;
563		query-source [ address ] ( <ipv4_address> | * );
564		query-source-v6 [ address ] ( <ipv6_address> | * );
565		request-expire <boolean>;
566		request-ixfr <boolean>;
567		request-nsid <boolean>;
568		send-cookie <boolean>;
569		tcp-keepalive <boolean>;
570		tcp-only <boolean>;
571		transfer-format ( many-answers | one-answer );
572		transfer-source ( <ipv4_address> | * ) ;
573		transfer-source-v6 ( <ipv6_address> | * ) ;
574		transfers <integer>;
575	}; // may occur multiple times
576	servfail-ttl <duration>;
577	sig-signing-nodes <integer>;
578	sig-signing-signatures <integer>;
579	sig-signing-type <integer>;
580	sig-validity-interval <integer> [ <integer> ];
581	sortlist { <address_match_element>; ... };
582	stale-answer-client-timeout ( disabled | off | <integer> );
583	stale-answer-enable <boolean>;
584	stale-answer-ttl <duration>;
585	stale-cache-enable <boolean>;
586	stale-refresh-time <duration>;
587	suppress-initial-notify <boolean>; // obsolete
588	synth-from-dnssec <boolean>;
589	transfer-format ( many-answers | one-answer );
590	transfer-source ( <ipv4_address> | * ) ;
591	transfer-source-v6 ( <ipv6_address> | * ) ;
592	trust-anchor-telemetry <boolean>;
593	trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
594	trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
595	try-tcp-refresh <boolean>;
596	update-check-ksk <boolean>;
597	use-alt-transfer-source <boolean>; // deprecated
598	v6-bias <integer>;
599	validate-except { <string>; ... };
600	zero-no-soa-ttl <boolean>;
601	zero-no-soa-ttl-cache <boolean>;
602	zone-statistics ( full | terse | none | <boolean> );
603}; // may occur multiple times
604
605