1acl <string> { <address_match_element>; ... }; // may occur multiple times 2 3controls { 4 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times 5 unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times 6}; // may occur multiple times 7 8dlz <string> { 9 database <string>; 10 search <boolean>; 11}; // may occur multiple times 12 13dnssec-policy <string> { 14 dnskey-ttl <duration>; 15 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... }; 16 max-zone-ttl <duration>; 17 nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ]; 18 parent-ds-ttl <duration>; 19 parent-propagation-delay <duration>; 20 parent-registration-delay <duration>; // obsolete 21 publish-safety <duration>; 22 purge-keys <duration>; 23 retire-safety <duration>; 24 signatures-refresh <duration>; 25 signatures-validity <duration>; 26 signatures-validity-dnskey <duration>; 27 zone-propagation-delay <duration>; 28}; // may occur multiple times 29 30dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times 31 32http <string> { 33 endpoints { <quoted_string>; ... }; 34 listener-clients <integer>; 35 streams-per-connection <integer>; 36}; // may occur multiple times 37 38key <string> { 39 algorithm <string>; 40 secret <string>; 41}; // may occur multiple times 42 43logging { 44 category <string> { <string>; ... }; // may occur multiple times 45 channel <string> { 46 buffered <boolean>; 47 file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ]; 48 null; 49 print-category <boolean>; 50 print-severity <boolean>; 51 print-time ( iso8601 | iso8601-utc | local | <boolean> ); 52 severity <log_severity>; 53 stderr; 54 syslog [ <syslog_facility> ]; 55 }; // may occur multiple times 56}; 57 58managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 59 60options { 61 allow-new-zones <boolean>; 62 allow-notify { <address_match_element>; ... }; 63 allow-query { <address_match_element>; ... }; 64 allow-query-cache { <address_match_element>; ... }; 65 allow-query-cache-on { <address_match_element>; ... }; 66 allow-query-on { <address_match_element>; ... }; 67 allow-recursion { <address_match_element>; ... }; 68 allow-recursion-on { <address_match_element>; ... }; 69 allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... }; 70 allow-update { <address_match_element>; ... }; 71 allow-update-forwarding { <address_match_element>; ... }; 72 also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; 73 alt-transfer-source ( <ipv4_address> | * ) ; // deprecated 74 alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated 75 answer-cookie <boolean>; 76 attach-cache <string>; 77 auth-nxdomain <boolean>; 78 auto-dnssec ( allow | maintain | off ); // deprecated 79 automatic-interface-scan <boolean>; 80 avoid-v4-udp-ports { <portrange>; ... }; // deprecated 81 avoid-v6-udp-ports { <portrange>; ... }; // deprecated 82 bindkeys-file <quoted_string>; 83 blackhole { <address_match_element>; ... }; 84 catalog-zones { zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 85 check-dup-records ( fail | warn | ignore ); 86 check-integrity <boolean>; 87 check-mx ( fail | warn | ignore ); 88 check-mx-cname ( fail | warn | ignore ); 89 check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times 90 check-sibling <boolean>; 91 check-spf ( warn | ignore ); 92 check-srv-cname ( fail | warn | ignore ); 93 check-wildcard <boolean>; 94 clients-per-query <integer>; 95 cookie-algorithm ( aes | siphash24 ); 96 cookie-secret <string>; // may occur multiple times 97 coresize ( default | unlimited | <sizeval> ); // deprecated 98 datasize ( default | unlimited | <sizeval> ); // deprecated 99 deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ]; 100 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ]; 101 dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated 102 directory <quoted_string>; 103 disable-algorithms <string> { <string>; ... }; // may occur multiple times 104 disable-ds-digests <string> { <string>; ... }; // may occur multiple times 105 disable-empty-zone <string>; // may occur multiple times 106 dns64 <netprefix> { 107 break-dnssec <boolean>; 108 clients { <address_match_element>; ... }; 109 exclude { <address_match_element>; ... }; 110 mapped { <address_match_element>; ... }; 111 recursive-only <boolean>; 112 suffix <ipv6_address>; 113 }; // may occur multiple times 114 dns64-contact <string>; 115 dns64-server <string>; 116 dnskey-sig-validity <integer>; 117 dnsrps-enable <boolean>; // not configured 118 dnsrps-options { <unspecified-text> }; // not configured 119 dnssec-accept-expired <boolean>; 120 dnssec-dnskey-kskonly <boolean>; 121 dnssec-loadkeys-interval <integer>; 122 dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated 123 dnssec-policy <string>; 124 dnssec-secure-to-insecure <boolean>; 125 dnssec-update-mode ( maintain | no-resign ); 126 dnssec-validation ( yes | no | auto ); 127 dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured 128 dnstap-identity ( <quoted_string> | none | hostname ); // not configured 129 dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured 130 dnstap-version ( <quoted_string> | none ); // not configured 131 dscp <integer>; // obsolete 132 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }; 133 dump-file <quoted_string>; 134 edns-udp-size <integer>; 135 empty-contact <string>; 136 empty-server <string>; 137 empty-zones-enable <boolean>; 138 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 139 fetches-per-server <integer> [ ( drop | fail ) ]; 140 fetches-per-zone <integer> [ ( drop | fail ) ]; 141 files ( default | unlimited | <sizeval> ); // deprecated 142 flush-zones-on-shutdown <boolean>; 143 forward ( first | only ); 144 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; 145 fstrm-set-buffer-hint <integer>; // not configured 146 fstrm-set-flush-timeout <integer>; // not configured 147 fstrm-set-input-queue-size <integer>; // not configured 148 fstrm-set-output-notify-threshold <integer>; // not configured 149 fstrm-set-output-queue-model ( mpsc | spsc ); // not configured 150 fstrm-set-output-queue-size <integer>; // not configured 151 fstrm-set-reopen-interval <duration>; // not configured 152 geoip-directory ( <quoted_string> | none ); 153 glue-cache <boolean>; // deprecated 154 heartbeat-interval <integer>; // deprecated 155 hostname ( <quoted_string> | none ); 156 http-listener-clients <integer>; 157 http-port <integer>; 158 http-streams-per-connection <integer>; 159 https-port <integer>; 160 interface-interval <duration>; 161 ipv4only-contact <string>; 162 ipv4only-enable <boolean>; 163 ipv4only-server <string>; 164 ixfr-from-differences ( primary | master | secondary | slave | <boolean> ); 165 keep-response-order { <address_match_element>; ... }; 166 key-directory <quoted_string>; 167 lame-ttl <duration>; 168 listen-on [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times 169 listen-on-v6 [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times 170 lmdb-mapsize <sizeval>; 171 lock-file ( <quoted_string> | none ); 172 managed-keys-directory <quoted_string>; 173 masterfile-format ( raw | text ); 174 masterfile-style ( full | relative ); 175 match-mapped-addresses <boolean>; 176 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 177 max-cache-ttl <duration>; 178 max-clients-per-query <integer>; 179 max-ixfr-ratio ( unlimited | <percentage> ); 180 max-journal-size ( default | unlimited | <sizeval> ); 181 max-ncache-ttl <duration>; 182 max-records <integer>; 183 max-recursion-depth <integer>; 184 max-recursion-queries <integer>; 185 max-refresh-time <integer>; 186 max-retry-time <integer>; 187 max-rsa-exponent-size <integer>; 188 max-stale-ttl <duration>; 189 max-transfer-idle-in <integer>; 190 max-transfer-idle-out <integer>; 191 max-transfer-time-in <integer>; 192 max-transfer-time-out <integer>; 193 max-udp-size <integer>; 194 max-zone-ttl ( unlimited | <duration> ); 195 memstatistics <boolean>; 196 memstatistics-file <quoted_string>; 197 message-compression <boolean>; 198 min-cache-ttl <duration>; 199 min-ncache-ttl <duration>; 200 min-refresh-time <integer>; 201 min-retry-time <integer>; 202 minimal-any <boolean>; 203 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 204 multi-master <boolean>; 205 new-zones-directory <quoted_string>; 206 no-case-compress { <address_match_element>; ... }; 207 nocookie-udp-size <integer>; 208 notify ( explicit | master-only | primary-only | <boolean> ); 209 notify-delay <integer>; 210 notify-rate <integer>; 211 notify-source ( <ipv4_address> | * ) ; 212 notify-source-v6 ( <ipv6_address> | * ) ; 213 notify-to-soa <boolean>; 214 nsec3-test-zone <boolean>; // test only 215 nta-lifetime <duration>; 216 nta-recheck <duration>; 217 nxdomain-redirect <string>; 218 parental-source ( <ipv4_address> | * ) ; 219 parental-source-v6 ( <ipv6_address> | * ) ; 220 pid-file ( <quoted_string> | none ); 221 port <integer>; 222 preferred-glue <string>; 223 prefetch <integer> [ <integer> ]; 224 provide-ixfr <boolean>; 225 qname-minimization ( strict | relaxed | disabled | off ); 226 query-source [ address ] ( <ipv4_address> | * ); 227 query-source-v6 [ address ] ( <ipv6_address> | * ); 228 querylog <boolean>; 229 random-device ( <quoted_string> | none ); // obsolete 230 rate-limit { 231 all-per-second <integer>; 232 errors-per-second <integer>; 233 exempt-clients { <address_match_element>; ... }; 234 ipv4-prefix-length <integer>; 235 ipv6-prefix-length <integer>; 236 log-only <boolean>; 237 max-table-size <integer>; 238 min-table-size <integer>; 239 nodata-per-second <integer>; 240 nxdomains-per-second <integer>; 241 qps-scale <integer>; 242 referrals-per-second <integer>; 243 responses-per-second <integer>; 244 slip <integer>; 245 window <integer>; 246 }; 247 recursing-file <quoted_string>; 248 recursion <boolean>; 249 recursive-clients <integer>; 250 request-expire <boolean>; 251 request-ixfr <boolean>; 252 request-nsid <boolean>; 253 require-server-cookie <boolean>; 254 reserved-sockets <integer>; // deprecated 255 resolver-nonbackoff-tries <integer>; // deprecated 256 resolver-query-timeout <integer>; 257 resolver-retry-interval <integer>; // deprecated 258 response-padding { <address_match_element>; ... } block-size <integer>; 259 response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ]; 260 reuseport <boolean>; 261 root-delegation-only [ exclude { <string>; ... } ]; // deprecated 262 root-key-sentinel <boolean>; 263 rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }; 264 secroots-file <quoted_string>; 265 send-cookie <boolean>; 266 serial-query-rate <integer>; 267 serial-update-method ( date | increment | unixtime ); 268 server-id ( <quoted_string> | none | hostname ); 269 servfail-ttl <duration>; 270 session-keyalg <string>; 271 session-keyfile ( <quoted_string> | none ); 272 session-keyname <string>; 273 sig-signing-nodes <integer>; 274 sig-signing-signatures <integer>; 275 sig-signing-type <integer>; 276 sig-validity-interval <integer> [ <integer> ]; 277 sortlist { <address_match_element>; ... }; 278 stacksize ( default | unlimited | <sizeval> ); // deprecated 279 stale-answer-client-timeout ( disabled | off | <integer> ); 280 stale-answer-enable <boolean>; 281 stale-answer-ttl <duration>; 282 stale-cache-enable <boolean>; 283 stale-refresh-time <duration>; 284 startup-notify-rate <integer>; 285 statistics-file <quoted_string>; 286 suppress-initial-notify <boolean>; // obsolete 287 synth-from-dnssec <boolean>; 288 tcp-advertised-timeout <integer>; 289 tcp-clients <integer>; 290 tcp-idle-timeout <integer>; 291 tcp-initial-timeout <integer>; 292 tcp-keepalive-timeout <integer>; 293 tcp-listen-queue <integer>; 294 tcp-receive-buffer <integer>; 295 tcp-send-buffer <integer>; 296 tkey-dhkey <quoted_string> <integer>; // deprecated 297 tkey-domain <quoted_string>; 298 tkey-gssapi-credential <quoted_string>; 299 tkey-gssapi-keytab <quoted_string>; 300 tls-port <integer>; 301 transfer-format ( many-answers | one-answer ); 302 transfer-message-size <integer>; 303 transfer-source ( <ipv4_address> | * ) ; 304 transfer-source-v6 ( <ipv6_address> | * ) ; 305 transfers-in <integer>; 306 transfers-out <integer>; 307 transfers-per-ns <integer>; 308 trust-anchor-telemetry <boolean>; 309 try-tcp-refresh <boolean>; 310 udp-receive-buffer <integer>; 311 udp-send-buffer <integer>; 312 update-check-ksk <boolean>; 313 update-quota <integer>; 314 use-alt-transfer-source <boolean>; // deprecated 315 use-v4-udp-ports { <portrange>; ... }; // deprecated 316 use-v6-udp-ports { <portrange>; ... }; // deprecated 317 v6-bias <integer>; 318 validate-except { <string>; ... }; 319 version ( <quoted_string> | none ); 320 zero-no-soa-ttl <boolean>; 321 zero-no-soa-ttl-cache <boolean>; 322 zone-statistics ( full | terse | none | <boolean> ); 323}; 324 325parental-agents <string> [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times 326 327plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times 328 329primaries <string> [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times 330 331server <netprefix> { 332 bogus <boolean>; 333 edns <boolean>; 334 edns-udp-size <integer>; 335 edns-version <integer>; 336 keys <server_key>; 337 max-udp-size <integer>; 338 notify-source ( <ipv4_address> | * ) ; 339 notify-source-v6 ( <ipv6_address> | * ) ; 340 padding <integer>; 341 provide-ixfr <boolean>; 342 query-source [ address ] ( <ipv4_address> | * ); 343 query-source-v6 [ address ] ( <ipv6_address> | * ); 344 request-expire <boolean>; 345 request-ixfr <boolean>; 346 request-nsid <boolean>; 347 send-cookie <boolean>; 348 tcp-keepalive <boolean>; 349 tcp-only <boolean>; 350 transfer-format ( many-answers | one-answer ); 351 transfer-source ( <ipv4_address> | * ) ; 352 transfer-source-v6 ( <ipv6_address> | * ) ; 353 transfers <integer>; 354}; // may occur multiple times 355 356statistics-channels { 357 inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times 358}; // may occur multiple times 359 360tls <string> { 361 ca-file <quoted_string>; 362 cert-file <quoted_string>; 363 ciphers <string>; 364 dhparam-file <quoted_string>; 365 key-file <quoted_string>; 366 prefer-server-ciphers <boolean>; 367 protocols { <string>; ... }; 368 remote-hostname <quoted_string>; 369 session-tickets <boolean>; 370}; // may occur multiple times 371 372trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times 373 374trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 375 376view <string> [ <class> ] { 377 allow-new-zones <boolean>; 378 allow-notify { <address_match_element>; ... }; 379 allow-query { <address_match_element>; ... }; 380 allow-query-cache { <address_match_element>; ... }; 381 allow-query-cache-on { <address_match_element>; ... }; 382 allow-query-on { <address_match_element>; ... }; 383 allow-recursion { <address_match_element>; ... }; 384 allow-recursion-on { <address_match_element>; ... }; 385 allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... }; 386 allow-update { <address_match_element>; ... }; 387 allow-update-forwarding { <address_match_element>; ... }; 388 also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; 389 alt-transfer-source ( <ipv4_address> | * ) ; // deprecated 390 alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated 391 attach-cache <string>; 392 auth-nxdomain <boolean>; 393 auto-dnssec ( allow | maintain | off ); // deprecated 394 catalog-zones { zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... }; 395 check-dup-records ( fail | warn | ignore ); 396 check-integrity <boolean>; 397 check-mx ( fail | warn | ignore ); 398 check-mx-cname ( fail | warn | ignore ); 399 check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times 400 check-sibling <boolean>; 401 check-spf ( warn | ignore ); 402 check-srv-cname ( fail | warn | ignore ); 403 check-wildcard <boolean>; 404 clients-per-query <integer>; 405 deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ]; 406 deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ]; 407 dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated 408 disable-algorithms <string> { <string>; ... }; // may occur multiple times 409 disable-ds-digests <string> { <string>; ... }; // may occur multiple times 410 disable-empty-zone <string>; // may occur multiple times 411 dlz <string> { 412 database <string>; 413 search <boolean>; 414 }; // may occur multiple times 415 dns64 <netprefix> { 416 break-dnssec <boolean>; 417 clients { <address_match_element>; ... }; 418 exclude { <address_match_element>; ... }; 419 mapped { <address_match_element>; ... }; 420 recursive-only <boolean>; 421 suffix <ipv6_address>; 422 }; // may occur multiple times 423 dns64-contact <string>; 424 dns64-server <string>; 425 dnskey-sig-validity <integer>; 426 dnsrps-enable <boolean>; // not configured 427 dnsrps-options { <unspecified-text> }; // not configured 428 dnssec-accept-expired <boolean>; 429 dnssec-dnskey-kskonly <boolean>; 430 dnssec-loadkeys-interval <integer>; 431 dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated 432 dnssec-policy <string>; 433 dnssec-secure-to-insecure <boolean>; 434 dnssec-update-mode ( maintain | no-resign ); 435 dnssec-validation ( yes | no | auto ); 436 dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured 437 dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }; 438 dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times 439 edns-udp-size <integer>; 440 empty-contact <string>; 441 empty-server <string>; 442 empty-zones-enable <boolean>; 443 fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>; 444 fetches-per-server <integer> [ ( drop | fail ) ]; 445 fetches-per-zone <integer> [ ( drop | fail ) ]; 446 forward ( first | only ); 447 forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... }; 448 glue-cache <boolean>; // deprecated 449 ipv4only-contact <string>; 450 ipv4only-enable <boolean>; 451 ipv4only-server <string>; 452 ixfr-from-differences ( primary | master | secondary | slave | <boolean> ); 453 key <string> { 454 algorithm <string>; 455 secret <string>; 456 }; // may occur multiple times 457 key-directory <quoted_string>; 458 lame-ttl <duration>; 459 lmdb-mapsize <sizeval>; 460 managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 461 masterfile-format ( raw | text ); 462 masterfile-style ( full | relative ); 463 match-clients { <address_match_element>; ... }; 464 match-destinations { <address_match_element>; ... }; 465 match-recursive-only <boolean>; 466 max-cache-size ( default | unlimited | <sizeval> | <percentage> ); 467 max-cache-ttl <duration>; 468 max-clients-per-query <integer>; 469 max-ixfr-ratio ( unlimited | <percentage> ); 470 max-journal-size ( default | unlimited | <sizeval> ); 471 max-ncache-ttl <duration>; 472 max-records <integer>; 473 max-recursion-depth <integer>; 474 max-recursion-queries <integer>; 475 max-refresh-time <integer>; 476 max-retry-time <integer>; 477 max-stale-ttl <duration>; 478 max-transfer-idle-in <integer>; 479 max-transfer-idle-out <integer>; 480 max-transfer-time-in <integer>; 481 max-transfer-time-out <integer>; 482 max-udp-size <integer>; 483 max-zone-ttl ( unlimited | <duration> ); 484 message-compression <boolean>; 485 min-cache-ttl <duration>; 486 min-ncache-ttl <duration>; 487 min-refresh-time <integer>; 488 min-retry-time <integer>; 489 minimal-any <boolean>; 490 minimal-responses ( no-auth | no-auth-recursive | <boolean> ); 491 multi-master <boolean>; 492 new-zones-directory <quoted_string>; 493 no-case-compress { <address_match_element>; ... }; 494 nocookie-udp-size <integer>; 495 notify ( explicit | master-only | primary-only | <boolean> ); 496 notify-delay <integer>; 497 notify-source ( <ipv4_address> | * ) ; 498 notify-source-v6 ( <ipv6_address> | * ) ; 499 notify-to-soa <boolean>; 500 nsec3-test-zone <boolean>; // test only 501 nta-lifetime <duration>; 502 nta-recheck <duration>; 503 nxdomain-redirect <string>; 504 parental-source ( <ipv4_address> | * ) ; 505 parental-source-v6 ( <ipv6_address> | * ) ; 506 plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times 507 preferred-glue <string>; 508 prefetch <integer> [ <integer> ]; 509 provide-ixfr <boolean>; 510 qname-minimization ( strict | relaxed | disabled | off ); 511 query-source [ address ] ( <ipv4_address> | * ); 512 query-source-v6 [ address ] ( <ipv6_address> | * ); 513 rate-limit { 514 all-per-second <integer>; 515 errors-per-second <integer>; 516 exempt-clients { <address_match_element>; ... }; 517 ipv4-prefix-length <integer>; 518 ipv6-prefix-length <integer>; 519 log-only <boolean>; 520 max-table-size <integer>; 521 min-table-size <integer>; 522 nodata-per-second <integer>; 523 nxdomains-per-second <integer>; 524 qps-scale <integer>; 525 referrals-per-second <integer>; 526 responses-per-second <integer>; 527 slip <integer>; 528 window <integer>; 529 }; 530 recursion <boolean>; 531 request-expire <boolean>; 532 request-ixfr <boolean>; 533 request-nsid <boolean>; 534 require-server-cookie <boolean>; 535 resolver-nonbackoff-tries <integer>; // deprecated 536 resolver-query-timeout <integer>; 537 resolver-retry-interval <integer>; // deprecated 538 response-padding { <address_match_element>; ... } block-size <integer>; 539 response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ]; 540 root-delegation-only [ exclude { <string>; ... } ]; // deprecated 541 root-key-sentinel <boolean>; 542 rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }; 543 send-cookie <boolean>; 544 serial-update-method ( date | increment | unixtime ); 545 server <netprefix> { 546 bogus <boolean>; 547 edns <boolean>; 548 edns-udp-size <integer>; 549 edns-version <integer>; 550 keys <server_key>; 551 max-udp-size <integer>; 552 notify-source ( <ipv4_address> | * ) ; 553 notify-source-v6 ( <ipv6_address> | * ) ; 554 padding <integer>; 555 provide-ixfr <boolean>; 556 query-source [ address ] ( <ipv4_address> | * ); 557 query-source-v6 [ address ] ( <ipv6_address> | * ); 558 request-expire <boolean>; 559 request-ixfr <boolean>; 560 request-nsid <boolean>; 561 send-cookie <boolean>; 562 tcp-keepalive <boolean>; 563 tcp-only <boolean>; 564 transfer-format ( many-answers | one-answer ); 565 transfer-source ( <ipv4_address> | * ) ; 566 transfer-source-v6 ( <ipv6_address> | * ) ; 567 transfers <integer>; 568 }; // may occur multiple times 569 servfail-ttl <duration>; 570 sig-signing-nodes <integer>; 571 sig-signing-signatures <integer>; 572 sig-signing-type <integer>; 573 sig-validity-interval <integer> [ <integer> ]; 574 sortlist { <address_match_element>; ... }; 575 stale-answer-client-timeout ( disabled | off | <integer> ); 576 stale-answer-enable <boolean>; 577 stale-answer-ttl <duration>; 578 stale-cache-enable <boolean>; 579 stale-refresh-time <duration>; 580 suppress-initial-notify <boolean>; // obsolete 581 synth-from-dnssec <boolean>; 582 transfer-format ( many-answers | one-answer ); 583 transfer-source ( <ipv4_address> | * ) ; 584 transfer-source-v6 ( <ipv6_address> | * ) ; 585 trust-anchor-telemetry <boolean>; 586 trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times 587 trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated 588 try-tcp-refresh <boolean>; 589 update-check-ksk <boolean>; 590 use-alt-transfer-source <boolean>; // deprecated 591 v6-bias <integer>; 592 validate-except { <string>; ... }; 593 zero-no-soa-ttl <boolean>; 594 zero-no-soa-ttl-cache <boolean>; 595 zone-statistics ( full | terse | none | <boolean> ); 596}; // may occur multiple times 597 598