mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 10:10:06 +00:00
ce53db34d6
The current serve-stale implementation in BIND 9 stores all received records in the cache for a max-stale-ttl interval (default 12 hours). This allows DNS operators to turn the serve-stale answers in an event of large authoritative DNS outage. The caching of the stale answers needs to be enabled before the outage happens or the feature would be otherwise useless. The negative consequence of the default setting is the inevitable cache-bloat that happens for every and each DNS operator running named. In this MR, a new configuration option `stale-cache-enable` is introduced that allows the operators to selectively enable or disable the serve-stale feature of BIND 9 based on their decision. The newly introduced option has been disabled by default, e.g. serve-stale is disabled in the default configuration and has to be enabled if required.
908 lines
41 KiB
Plaintext
908 lines
41 KiB
Plaintext
|
|
This is a summary of the named.conf options supported by
|
|
this version of BIND 9.
|
|
|
|
acl <string> { <address_match_element>; ... }; // may occur multiple times
|
|
|
|
controls {
|
|
inet ( <ipv4_address> | <ipv6_address> |
|
|
* ) [ port ( <integer> | * ) ] allow
|
|
{ <address_match_element>; ... } [
|
|
keys { <string>; ... } ] [ read-only
|
|
<boolean> ]; // may occur multiple times
|
|
unix <quoted_string> perm <integer>
|
|
owner <integer> group <integer> [
|
|
keys { <string>; ... } ] [ read-only
|
|
<boolean> ]; // may occur multiple times
|
|
}; // may occur multiple times
|
|
|
|
dlz <string> {
|
|
database <string>;
|
|
search <boolean>;
|
|
}; // may occur multiple times
|
|
|
|
dnssec-policy <string> {
|
|
dnskey-ttl <duration>;
|
|
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
|
|
<duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
|
|
max-zone-ttl <duration>;
|
|
parent-ds-ttl <duration>;
|
|
parent-propagation-delay <duration>;
|
|
parent-registration-delay <duration>;
|
|
publish-safety <duration>;
|
|
retire-safety <duration>;
|
|
signatures-refresh <duration>;
|
|
signatures-validity <duration>;
|
|
signatures-validity-dnskey <duration>;
|
|
zone-propagation-delay <duration>;
|
|
}; // may occur multiple times
|
|
|
|
dyndb <string> <quoted_string> {
|
|
<unspecified-text> }; // may occur multiple times
|
|
|
|
key <string> {
|
|
algorithm <string>;
|
|
secret <string>;
|
|
}; // may occur multiple times
|
|
|
|
logging {
|
|
category <string> { <string>; ... }; // may occur multiple times
|
|
channel <string> {
|
|
buffered <boolean>;
|
|
file <quoted_string> [ versions ( unlimited | <integer> ) ]
|
|
[ size <size> ] [ suffix ( increment | timestamp ) ];
|
|
null;
|
|
print-category <boolean>;
|
|
print-severity <boolean>;
|
|
print-time ( iso8601 | iso8601-utc | local | <boolean> );
|
|
severity <log_severity>;
|
|
stderr;
|
|
syslog [ <syslog_facility> ];
|
|
}; // may occur multiple times
|
|
};
|
|
|
|
managed-keys { <string> ( static-key
|
|
| initial-key | static-ds |
|
|
initial-ds ) <integer> <integer>
|
|
<integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
|
|
|
masters <string> [ port <integer> ] [ dscp
|
|
<integer> ] { ( <primaries> | <ipv4_address>
|
|
[ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... }; // may occur multiple times
|
|
|
|
options {
|
|
allow-new-zones <boolean>;
|
|
allow-notify { <address_match_element>; ... };
|
|
allow-query { <address_match_element>; ... };
|
|
allow-query-cache { <address_match_element>; ... };
|
|
allow-query-cache-on { <address_match_element>; ... };
|
|
allow-query-on { <address_match_element>; ... };
|
|
allow-recursion { <address_match_element>; ... };
|
|
allow-recursion-on { <address_match_element>; ... };
|
|
allow-transfer { <address_match_element>; ... };
|
|
allow-update { <address_match_element>; ... };
|
|
allow-update-forwarding { <address_match_element>; ... };
|
|
also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
|
|
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... };
|
|
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
|
|
* ) ] [ dscp <integer> ];
|
|
answer-cookie <boolean>;
|
|
attach-cache <string>;
|
|
auth-nxdomain <boolean>; // default changed
|
|
auto-dnssec ( allow | maintain | off );
|
|
automatic-interface-scan <boolean>;
|
|
avoid-v4-udp-ports { <portrange>; ... };
|
|
avoid-v6-udp-ports { <portrange>; ... };
|
|
bindkeys-file <quoted_string>;
|
|
blackhole { <address_match_element>; ... };
|
|
cache-file <quoted_string>;
|
|
catalog-zones { zone <string> [ default-masters [ port <integer> ]
|
|
[ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
|
|
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
|
|
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
|
|
in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
|
|
check-dup-records ( fail | warn | ignore );
|
|
check-integrity <boolean>;
|
|
check-mx ( fail | warn | ignore );
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-names ( primary | master |
|
|
secondary | slave | response ) (
|
|
fail | warn | ignore ); // may occur multiple times
|
|
check-sibling <boolean>;
|
|
check-spf ( warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
check-wildcard <boolean>;
|
|
clients-per-query <integer>;
|
|
cookie-algorithm ( aes | siphash24 );
|
|
cookie-secret <string>; // may occur multiple times
|
|
coresize ( default | unlimited | <sizeval> );
|
|
datasize ( default | unlimited | <sizeval> );
|
|
deny-answer-addresses { <address_match_element>; ... } [
|
|
except-from { <string>; ... } ];
|
|
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
|
|
} ];
|
|
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
|
directory <quoted_string>;
|
|
disable-algorithms <string> { <string>;
|
|
... }; // may occur multiple times
|
|
disable-ds-digests <string> { <string>;
|
|
... }; // may occur multiple times
|
|
disable-empty-zone <string>; // may occur multiple times
|
|
dns64 <netprefix> {
|
|
break-dnssec <boolean>;
|
|
clients { <address_match_element>; ... };
|
|
exclude { <address_match_element>; ... };
|
|
mapped { <address_match_element>; ... };
|
|
recursive-only <boolean>;
|
|
suffix <ipv6_address>;
|
|
}; // may occur multiple times
|
|
dns64-contact <string>;
|
|
dns64-server <string>;
|
|
dnskey-sig-validity <integer>;
|
|
dnsrps-enable <boolean>;
|
|
dnsrps-options { <unspecified-text> };
|
|
dnssec-accept-expired <boolean>;
|
|
dnssec-dnskey-kskonly <boolean>;
|
|
dnssec-loadkeys-interval <integer>;
|
|
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
|
|
dnssec-policy <string>;
|
|
dnssec-secure-to-insecure <boolean>;
|
|
dnssec-update-mode ( maintain | no-resign );
|
|
dnssec-validation ( yes | no | auto );
|
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [
|
|
( query | response ) ]; ... };
|
|
dnstap-identity ( <quoted_string> | none | hostname );
|
|
dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited |
|
|
<size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix (
|
|
increment | timestamp ) ];
|
|
dnstap-version ( <quoted_string> | none );
|
|
dscp <integer>;
|
|
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
|
|
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
|
|
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
|
|
<integer> ] [ dscp <integer> ] ); ... };
|
|
dump-file <quoted_string>;
|
|
edns-udp-size <integer>;
|
|
empty-contact <string>;
|
|
empty-server <string>;
|
|
empty-zones-enable <boolean>;
|
|
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
|
fetches-per-server <integer> [ ( drop | fail ) ];
|
|
fetches-per-zone <integer> [ ( drop | fail ) ];
|
|
files ( default | unlimited | <sizeval> );
|
|
flush-zones-on-shutdown <boolean>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
|
|
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
|
|
fstrm-set-buffer-hint <integer>;
|
|
fstrm-set-flush-timeout <integer>;
|
|
fstrm-set-input-queue-size <integer>;
|
|
fstrm-set-output-notify-threshold <integer>;
|
|
fstrm-set-output-queue-model ( mpsc | spsc );
|
|
fstrm-set-output-queue-size <integer>;
|
|
fstrm-set-reopen-interval <duration>;
|
|
geoip-directory ( <quoted_string> | none );
|
|
glue-cache <boolean>;
|
|
heartbeat-interval <integer>;
|
|
hostname ( <quoted_string> | none );
|
|
inline-signing <boolean>;
|
|
interface-interval <duration>;
|
|
ixfr-from-differences ( primary | master | secondary | slave |
|
|
<boolean> );
|
|
keep-response-order { <address_match_element>; ... };
|
|
key-directory <quoted_string>;
|
|
lame-ttl <duration>;
|
|
listen-on [ port <integer> ] [ dscp
|
|
<integer> ] {
|
|
<address_match_element>; ... }; // may occur multiple times
|
|
listen-on-v6 [ port <integer> ] [ dscp
|
|
<integer> ] {
|
|
<address_match_element>; ... }; // may occur multiple times
|
|
lmdb-mapsize <sizeval>;
|
|
lock-file ( <quoted_string> | none );
|
|
managed-keys-directory <quoted_string>;
|
|
masterfile-format ( map | raw | text );
|
|
masterfile-style ( full | relative );
|
|
match-mapped-addresses <boolean>;
|
|
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
|
|
max-cache-ttl <duration>;
|
|
max-clients-per-query <integer>;
|
|
max-ixfr-ratio ( unlimited | <percentage> );
|
|
max-journal-size ( default | unlimited | <sizeval> );
|
|
max-ncache-ttl <duration>;
|
|
max-records <integer>;
|
|
max-recursion-depth <integer>;
|
|
max-recursion-queries <integer>;
|
|
max-refresh-time <integer>;
|
|
max-retry-time <integer>;
|
|
max-rsa-exponent-size <integer>;
|
|
max-stale-ttl <duration>;
|
|
max-transfer-idle-in <integer>;
|
|
max-transfer-idle-out <integer>;
|
|
max-transfer-time-in <integer>;
|
|
max-transfer-time-out <integer>;
|
|
max-udp-size <integer>;
|
|
max-zone-ttl ( unlimited | <duration> );
|
|
memstatistics <boolean>;
|
|
memstatistics-file <quoted_string>;
|
|
message-compression <boolean>;
|
|
min-cache-ttl <duration>;
|
|
min-ncache-ttl <duration>;
|
|
min-refresh-time <integer>;
|
|
min-retry-time <integer>;
|
|
minimal-any <boolean>;
|
|
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
|
|
multi-master <boolean>;
|
|
new-zones-directory <quoted_string>;
|
|
no-case-compress { <address_match_element>; ... };
|
|
nocookie-udp-size <integer>;
|
|
notify ( explicit | master-only | primary-only | <boolean> );
|
|
notify-delay <integer>;
|
|
notify-rate <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
|
|
[ dscp <integer> ];
|
|
notify-to-soa <boolean>;
|
|
nta-lifetime <duration>;
|
|
nta-recheck <duration>;
|
|
nxdomain-redirect <string>;
|
|
pid-file ( <quoted_string> | none );
|
|
port <integer>;
|
|
preferred-glue <string>;
|
|
prefetch <integer> [ <integer> ];
|
|
provide-ixfr <boolean>;
|
|
qname-minimization ( strict | relaxed | disabled | off );
|
|
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
|
|
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
|
|
port ( <integer> | * ) ) ) [ dscp <integer> ];
|
|
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
|
|
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
|
|
port ( <integer> | * ) ) ) [ dscp <integer> ];
|
|
querylog <boolean>;
|
|
random-device ( <quoted_string> | none );
|
|
rate-limit {
|
|
all-per-second <integer>;
|
|
errors-per-second <integer>;
|
|
exempt-clients { <address_match_element>; ... };
|
|
ipv4-prefix-length <integer>;
|
|
ipv6-prefix-length <integer>;
|
|
log-only <boolean>;
|
|
max-table-size <integer>;
|
|
min-table-size <integer>;
|
|
nodata-per-second <integer>;
|
|
nxdomains-per-second <integer>;
|
|
qps-scale <integer>;
|
|
referrals-per-second <integer>;
|
|
responses-per-second <integer>;
|
|
slip <integer>;
|
|
window <integer>;
|
|
};
|
|
recursing-file <quoted_string>;
|
|
recursion <boolean>;
|
|
recursive-clients <integer>;
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
request-nsid <boolean>;
|
|
require-server-cookie <boolean>;
|
|
reserved-sockets <integer>;
|
|
resolver-nonbackoff-tries <integer>;
|
|
resolver-query-timeout <integer>;
|
|
resolver-retry-interval <integer>;
|
|
response-padding { <address_match_element>; ... } block-size
|
|
<integer>;
|
|
response-policy { zone <string> [ add-soa <boolean> ] [ log
|
|
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
|
|
<duration> ] [ policy ( cname | disabled | drop | given | no-op
|
|
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
|
|
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
|
|
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
|
|
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
|
|
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
|
|
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
|
|
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
|
|
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
|
|
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
|
|
} ];
|
|
root-delegation-only [ exclude { <string>; ... } ];
|
|
root-key-sentinel <boolean>;
|
|
rrset-order { [ class <string> ] [ type <string> ] [ name
|
|
<quoted_string> ] <string> <string>; ... };
|
|
secroots-file <quoted_string>;
|
|
send-cookie <boolean>;
|
|
serial-query-rate <integer>;
|
|
serial-update-method ( date | increment | unixtime );
|
|
server-id ( <quoted_string> | none | hostname );
|
|
servfail-ttl <duration>;
|
|
session-keyalg <string>;
|
|
session-keyfile ( <quoted_string> | none );
|
|
session-keyname <string>;
|
|
sig-signing-nodes <integer>;
|
|
sig-signing-signatures <integer>;
|
|
sig-signing-type <integer>;
|
|
sig-validity-interval <integer> [ <integer> ];
|
|
sortlist { <address_match_element>; ... };
|
|
stacksize ( default | unlimited | <sizeval> );
|
|
stale-answer-enable <boolean>;
|
|
stale-answer-ttl <duration>;
|
|
stale-cache-enable <boolean>;
|
|
startup-notify-rate <integer>;
|
|
statistics-file <quoted_string>;
|
|
synth-from-dnssec <boolean>;
|
|
tcp-advertised-timeout <integer>;
|
|
tcp-clients <integer>;
|
|
tcp-idle-timeout <integer>;
|
|
tcp-initial-timeout <integer>;
|
|
tcp-keepalive-timeout <integer>;
|
|
tcp-listen-queue <integer>;
|
|
tkey-dhkey <quoted_string> <integer>;
|
|
tkey-domain <quoted_string>;
|
|
tkey-gssapi-credential <quoted_string>;
|
|
tkey-gssapi-keytab <quoted_string>;
|
|
transfer-format ( many-answers | one-answer );
|
|
transfer-message-size <integer>;
|
|
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
transfers-in <integer>;
|
|
transfers-out <integer>;
|
|
transfers-per-ns <integer>;
|
|
trust-anchor-telemetry <boolean>; // experimental
|
|
try-tcp-refresh <boolean>;
|
|
update-check-ksk <boolean>;
|
|
use-alt-transfer-source <boolean>;
|
|
use-v4-udp-ports { <portrange>; ... };
|
|
use-v6-udp-ports { <portrange>; ... };
|
|
v6-bias <integer>;
|
|
validate-except { <string>; ... };
|
|
version ( <quoted_string> | none );
|
|
zero-no-soa-ttl <boolean>;
|
|
zero-no-soa-ttl-cache <boolean>;
|
|
zone-statistics ( full | terse | none | <boolean> );
|
|
};
|
|
|
|
plugin ( query ) <string> [ { <unspecified-text>
|
|
} ]; // may occur multiple times
|
|
|
|
primaries <string> [ port <integer> ] [ dscp
|
|
<integer> ] { ( <primaries> | <ipv4_address>
|
|
[ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... }; // may occur multiple times
|
|
|
|
server <netprefix> {
|
|
bogus <boolean>;
|
|
edns <boolean>;
|
|
edns-udp-size <integer>;
|
|
edns-version <integer>;
|
|
keys <server_key>;
|
|
max-udp-size <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
|
|
[ dscp <integer> ];
|
|
padding <integer>;
|
|
provide-ixfr <boolean>;
|
|
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
|
|
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
|
|
port ( <integer> | * ) ) ) [ dscp <integer> ];
|
|
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
|
|
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
|
|
port ( <integer> | * ) ) ) [ dscp <integer> ];
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
request-nsid <boolean>;
|
|
send-cookie <boolean>;
|
|
tcp-keepalive <boolean>;
|
|
tcp-only <boolean>;
|
|
transfer-format ( many-answers | one-answer );
|
|
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
transfers <integer>;
|
|
}; // may occur multiple times
|
|
|
|
statistics-channels {
|
|
inet ( <ipv4_address> | <ipv6_address> |
|
|
* ) [ port ( <integer> | * ) ] [
|
|
allow { <address_match_element>; ...
|
|
} ]; // may occur multiple times
|
|
}; // may occur multiple times
|
|
|
|
trust-anchors { <string> ( static-key |
|
|
initial-key | static-ds | initial-ds )
|
|
<integer> <integer> <integer>
|
|
<quoted_string>; ... }; // may occur multiple times
|
|
|
|
trusted-keys { <string> <integer>
|
|
<integer> <integer>
|
|
<quoted_string>; ... }; // may occur multiple times, deprecated
|
|
|
|
view <string> [ <class> ] {
|
|
allow-new-zones <boolean>;
|
|
allow-notify { <address_match_element>; ... };
|
|
allow-query { <address_match_element>; ... };
|
|
allow-query-cache { <address_match_element>; ... };
|
|
allow-query-cache-on { <address_match_element>; ... };
|
|
allow-query-on { <address_match_element>; ... };
|
|
allow-recursion { <address_match_element>; ... };
|
|
allow-recursion-on { <address_match_element>; ... };
|
|
allow-transfer { <address_match_element>; ... };
|
|
allow-update { <address_match_element>; ... };
|
|
allow-update-forwarding { <address_match_element>; ... };
|
|
also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
|
|
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... };
|
|
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
|
|
* ) ] [ dscp <integer> ];
|
|
attach-cache <string>;
|
|
auth-nxdomain <boolean>; // default changed
|
|
auto-dnssec ( allow | maintain | off );
|
|
cache-file <quoted_string>;
|
|
catalog-zones { zone <string> [ default-masters [ port <integer> ]
|
|
[ dscp <integer> ] { ( <primaries> | <ipv4_address> [ port
|
|
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
|
|
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
|
|
in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
|
|
check-dup-records ( fail | warn | ignore );
|
|
check-integrity <boolean>;
|
|
check-mx ( fail | warn | ignore );
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-names ( primary | master |
|
|
secondary | slave | response ) (
|
|
fail | warn | ignore ); // may occur multiple times
|
|
check-sibling <boolean>;
|
|
check-spf ( warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
check-wildcard <boolean>;
|
|
clients-per-query <integer>;
|
|
deny-answer-addresses { <address_match_element>; ... } [
|
|
except-from { <string>; ... } ];
|
|
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
|
|
} ];
|
|
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
|
disable-algorithms <string> { <string>;
|
|
... }; // may occur multiple times
|
|
disable-ds-digests <string> { <string>;
|
|
... }; // may occur multiple times
|
|
disable-empty-zone <string>; // may occur multiple times
|
|
dlz <string> {
|
|
database <string>;
|
|
search <boolean>;
|
|
}; // may occur multiple times
|
|
dns64 <netprefix> {
|
|
break-dnssec <boolean>;
|
|
clients { <address_match_element>; ... };
|
|
exclude { <address_match_element>; ... };
|
|
mapped { <address_match_element>; ... };
|
|
recursive-only <boolean>;
|
|
suffix <ipv6_address>;
|
|
}; // may occur multiple times
|
|
dns64-contact <string>;
|
|
dns64-server <string>;
|
|
dnskey-sig-validity <integer>;
|
|
dnsrps-enable <boolean>;
|
|
dnsrps-options { <unspecified-text> };
|
|
dnssec-accept-expired <boolean>;
|
|
dnssec-dnskey-kskonly <boolean>;
|
|
dnssec-loadkeys-interval <integer>;
|
|
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
|
|
dnssec-policy <string>;
|
|
dnssec-secure-to-insecure <boolean>;
|
|
dnssec-update-mode ( maintain | no-resign );
|
|
dnssec-validation ( yes | no | auto );
|
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [
|
|
( query | response ) ]; ... };
|
|
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
|
|
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
|
|
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
|
|
<integer> ] [ dscp <integer> ] ); ... };
|
|
dyndb <string> <quoted_string> {
|
|
<unspecified-text> }; // may occur multiple times
|
|
edns-udp-size <integer>;
|
|
empty-contact <string>;
|
|
empty-server <string>;
|
|
empty-zones-enable <boolean>;
|
|
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
|
fetches-per-server <integer> [ ( drop | fail ) ];
|
|
fetches-per-zone <integer> [ ( drop | fail ) ];
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
|
|
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
|
|
glue-cache <boolean>;
|
|
inline-signing <boolean>;
|
|
ixfr-from-differences ( primary | master | secondary | slave |
|
|
<boolean> );
|
|
key <string> {
|
|
algorithm <string>;
|
|
secret <string>;
|
|
}; // may occur multiple times
|
|
key-directory <quoted_string>;
|
|
lame-ttl <duration>;
|
|
lmdb-mapsize <sizeval>;
|
|
managed-keys { <string> (
|
|
static-key | initial-key
|
|
| static-ds | initial-ds
|
|
) <integer> <integer>
|
|
<integer>
|
|
<quoted_string>; ... }; // may occur multiple times, deprecated
|
|
masterfile-format ( map | raw | text );
|
|
masterfile-style ( full | relative );
|
|
match-clients { <address_match_element>; ... };
|
|
match-destinations { <address_match_element>; ... };
|
|
match-recursive-only <boolean>;
|
|
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
|
|
max-cache-ttl <duration>;
|
|
max-clients-per-query <integer>;
|
|
max-ixfr-ratio ( unlimited | <percentage> );
|
|
max-journal-size ( default | unlimited | <sizeval> );
|
|
max-ncache-ttl <duration>;
|
|
max-records <integer>;
|
|
max-recursion-depth <integer>;
|
|
max-recursion-queries <integer>;
|
|
max-refresh-time <integer>;
|
|
max-retry-time <integer>;
|
|
max-stale-ttl <duration>;
|
|
max-transfer-idle-in <integer>;
|
|
max-transfer-idle-out <integer>;
|
|
max-transfer-time-in <integer>;
|
|
max-transfer-time-out <integer>;
|
|
max-udp-size <integer>;
|
|
max-zone-ttl ( unlimited | <duration> );
|
|
message-compression <boolean>;
|
|
min-cache-ttl <duration>;
|
|
min-ncache-ttl <duration>;
|
|
min-refresh-time <integer>;
|
|
min-retry-time <integer>;
|
|
minimal-any <boolean>;
|
|
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
|
|
multi-master <boolean>;
|
|
new-zones-directory <quoted_string>;
|
|
no-case-compress { <address_match_element>; ... };
|
|
nocookie-udp-size <integer>;
|
|
notify ( explicit | master-only | primary-only | <boolean> );
|
|
notify-delay <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
|
|
[ dscp <integer> ];
|
|
notify-to-soa <boolean>;
|
|
nta-lifetime <duration>;
|
|
nta-recheck <duration>;
|
|
nxdomain-redirect <string>;
|
|
plugin ( query ) <string> [ {
|
|
<unspecified-text> } ]; // may occur multiple times
|
|
preferred-glue <string>;
|
|
prefetch <integer> [ <integer> ];
|
|
provide-ixfr <boolean>;
|
|
qname-minimization ( strict | relaxed | disabled | off );
|
|
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
|
|
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
|
|
port ( <integer> | * ) ) ) [ dscp <integer> ];
|
|
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
|
|
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
|
|
port ( <integer> | * ) ) ) [ dscp <integer> ];
|
|
rate-limit {
|
|
all-per-second <integer>;
|
|
errors-per-second <integer>;
|
|
exempt-clients { <address_match_element>; ... };
|
|
ipv4-prefix-length <integer>;
|
|
ipv6-prefix-length <integer>;
|
|
log-only <boolean>;
|
|
max-table-size <integer>;
|
|
min-table-size <integer>;
|
|
nodata-per-second <integer>;
|
|
nxdomains-per-second <integer>;
|
|
qps-scale <integer>;
|
|
referrals-per-second <integer>;
|
|
responses-per-second <integer>;
|
|
slip <integer>;
|
|
window <integer>;
|
|
};
|
|
recursion <boolean>;
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
request-nsid <boolean>;
|
|
require-server-cookie <boolean>;
|
|
resolver-nonbackoff-tries <integer>;
|
|
resolver-query-timeout <integer>;
|
|
resolver-retry-interval <integer>;
|
|
response-padding { <address_match_element>; ... } block-size
|
|
<integer>;
|
|
response-policy { zone <string> [ add-soa <boolean> ] [ log
|
|
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
|
|
<duration> ] [ policy ( cname | disabled | drop | given | no-op
|
|
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
|
|
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
|
|
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
|
|
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
|
|
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
|
|
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
|
|
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
|
|
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
|
|
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
|
|
} ];
|
|
root-delegation-only [ exclude { <string>; ... } ];
|
|
root-key-sentinel <boolean>;
|
|
rrset-order { [ class <string> ] [ type <string> ] [ name
|
|
<quoted_string> ] <string> <string>; ... };
|
|
send-cookie <boolean>;
|
|
serial-update-method ( date | increment | unixtime );
|
|
server <netprefix> {
|
|
bogus <boolean>;
|
|
edns <boolean>;
|
|
edns-udp-size <integer>;
|
|
edns-version <integer>;
|
|
keys <server_key>;
|
|
max-udp-size <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
|
|
) ] [ dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
|
|
| * ) ] [ dscp <integer> ];
|
|
padding <integer>;
|
|
provide-ixfr <boolean>;
|
|
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
|
|
( <integer> | * ) ] ) | ( [ [ address ] (
|
|
<ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
|
|
dscp <integer> ];
|
|
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
|
|
port ( <integer> | * ) ] ) | ( [ [ address ] (
|
|
<ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
|
|
dscp <integer> ];
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
request-nsid <boolean>;
|
|
send-cookie <boolean>;
|
|
tcp-keepalive <boolean>;
|
|
tcp-only <boolean>;
|
|
transfer-format ( many-answers | one-answer );
|
|
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
|
|
* ) ] [ dscp <integer> ];
|
|
transfer-source-v6 ( <ipv6_address> | * ) [ port (
|
|
<integer> | * ) ] [ dscp <integer> ];
|
|
transfers <integer>;
|
|
}; // may occur multiple times
|
|
servfail-ttl <duration>;
|
|
sig-signing-nodes <integer>;
|
|
sig-signing-signatures <integer>;
|
|
sig-signing-type <integer>;
|
|
sig-validity-interval <integer> [ <integer> ];
|
|
sortlist { <address_match_element>; ... };
|
|
stale-answer-enable <boolean>;
|
|
stale-answer-ttl <duration>;
|
|
stale-cache-enable <boolean>;
|
|
synth-from-dnssec <boolean>;
|
|
transfer-format ( many-answers | one-answer );
|
|
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
trust-anchor-telemetry <boolean>; // experimental
|
|
trust-anchors { <string> ( static-key |
|
|
initial-key | static-ds | initial-ds
|
|
) <integer> <integer> <integer>
|
|
<quoted_string>; ... }; // may occur multiple times
|
|
trusted-keys { <string>
|
|
<integer> <integer>
|
|
<integer>
|
|
<quoted_string>; ... }; // may occur multiple times, deprecated
|
|
try-tcp-refresh <boolean>;
|
|
update-check-ksk <boolean>;
|
|
use-alt-transfer-source <boolean>;
|
|
v6-bias <integer>;
|
|
validate-except { <string>; ... };
|
|
zero-no-soa-ttl <boolean>;
|
|
zero-no-soa-ttl-cache <boolean>;
|
|
zone <string> [ <class> ] {
|
|
allow-notify { <address_match_element>; ... };
|
|
allow-query { <address_match_element>; ... };
|
|
allow-query-on { <address_match_element>; ... };
|
|
allow-transfer { <address_match_element>; ... };
|
|
allow-update { <address_match_element>; ... };
|
|
allow-update-forwarding { <address_match_element>; ... };
|
|
also-notify [ port <integer> ] [ dscp <integer> ] { (
|
|
<primaries> | <ipv4_address> [ port <integer> ] |
|
|
<ipv6_address> [ port <integer> ] ) [ key <string> ];
|
|
... };
|
|
alt-transfer-source ( <ipv4_address> | * ) [ port (
|
|
<integer> | * ) ] [ dscp <integer> ];
|
|
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
|
|
<integer> | * ) ] [ dscp <integer> ];
|
|
auto-dnssec ( allow | maintain | off );
|
|
check-dup-records ( fail | warn | ignore );
|
|
check-integrity <boolean>;
|
|
check-mx ( fail | warn | ignore );
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-names ( fail | warn | ignore );
|
|
check-sibling <boolean>;
|
|
check-spf ( warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
check-wildcard <boolean>;
|
|
database <string>;
|
|
delegation-only <boolean>;
|
|
dialup ( notify | notify-passive | passive | refresh |
|
|
<boolean> );
|
|
dlz <string>;
|
|
dnskey-sig-validity <integer>;
|
|
dnssec-dnskey-kskonly <boolean>;
|
|
dnssec-loadkeys-interval <integer>;
|
|
dnssec-policy <string>;
|
|
dnssec-secure-to-insecure <boolean>;
|
|
dnssec-update-mode ( maintain | no-resign );
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ dscp <integer> ] { (
|
|
<ipv4_address> | <ipv6_address> ) [ port <integer> ] [
|
|
dscp <integer> ]; ... };
|
|
in-view <string>;
|
|
inline-signing <boolean>;
|
|
ixfr-from-differences <boolean>;
|
|
journal <quoted_string>;
|
|
key-directory <quoted_string>;
|
|
masterfile-format ( map | raw | text );
|
|
masterfile-style ( full | relative );
|
|
masters [ port <integer> ] [ dscp <integer> ] { (
|
|
<primaries> | <ipv4_address> [ port <integer> ] |
|
|
<ipv6_address> [ port <integer> ] ) [ key <string> ];
|
|
... };
|
|
max-ixfr-ratio ( unlimited | <percentage> );
|
|
max-journal-size ( default | unlimited | <sizeval> );
|
|
max-records <integer>;
|
|
max-refresh-time <integer>;
|
|
max-retry-time <integer>;
|
|
max-transfer-idle-in <integer>;
|
|
max-transfer-idle-out <integer>;
|
|
max-transfer-time-in <integer>;
|
|
max-transfer-time-out <integer>;
|
|
max-zone-ttl ( unlimited | <duration> );
|
|
min-refresh-time <integer>;
|
|
min-retry-time <integer>;
|
|
multi-master <boolean>;
|
|
notify ( explicit | master-only | primary-only | <boolean> );
|
|
notify-delay <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
|
|
) ] [ dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
|
|
| * ) ] [ dscp <integer> ];
|
|
notify-to-soa <boolean>;
|
|
primaries [ port <integer> ] [ dscp <integer> ] { (
|
|
<primaries> | <ipv4_address> [ port <integer> ] |
|
|
<ipv6_address> [ port <integer> ] ) [ key <string> ];
|
|
... };
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
serial-update-method ( date | increment | unixtime );
|
|
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
|
|
server-names { <string>; ... };
|
|
sig-signing-nodes <integer>;
|
|
sig-signing-signatures <integer>;
|
|
sig-signing-type <integer>;
|
|
sig-validity-interval <integer> [ <integer> ];
|
|
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
|
|
* ) ] [ dscp <integer> ];
|
|
transfer-source-v6 ( <ipv6_address> | * ) [ port (
|
|
<integer> | * ) ] [ dscp <integer> ];
|
|
try-tcp-refresh <boolean>;
|
|
type ( primary | master | secondary | slave | mirror |
|
|
delegation-only | forward | hint | redirect |
|
|
static-stub | stub );
|
|
update-check-ksk <boolean>;
|
|
update-policy ( local | { ( deny | grant ) <string> (
|
|
6to4-self | external | krb5-self | krb5-selfsub |
|
|
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
|
|
name | self | selfsub | selfwild | subdomain | tcp-self
|
|
| wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
|
|
use-alt-transfer-source <boolean>;
|
|
zero-no-soa-ttl <boolean>;
|
|
zone-statistics ( full | terse | none | <boolean> );
|
|
}; // may occur multiple times
|
|
zone-statistics ( full | terse | none | <boolean> );
|
|
}; // may occur multiple times
|
|
|
|
zone <string> [ <class> ] {
|
|
allow-notify { <address_match_element>; ... };
|
|
allow-query { <address_match_element>; ... };
|
|
allow-query-on { <address_match_element>; ... };
|
|
allow-transfer { <address_match_element>; ... };
|
|
allow-update { <address_match_element>; ... };
|
|
allow-update-forwarding { <address_match_element>; ... };
|
|
also-notify [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
|
|
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... };
|
|
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
|
|
* ) ] [ dscp <integer> ];
|
|
auto-dnssec ( allow | maintain | off );
|
|
check-dup-records ( fail | warn | ignore );
|
|
check-integrity <boolean>;
|
|
check-mx ( fail | warn | ignore );
|
|
check-mx-cname ( fail | warn | ignore );
|
|
check-names ( fail | warn | ignore );
|
|
check-sibling <boolean>;
|
|
check-spf ( warn | ignore );
|
|
check-srv-cname ( fail | warn | ignore );
|
|
check-wildcard <boolean>;
|
|
database <string>;
|
|
delegation-only <boolean>;
|
|
dialup ( notify | notify-passive | passive | refresh | <boolean> );
|
|
dlz <string>;
|
|
dnskey-sig-validity <integer>;
|
|
dnssec-dnskey-kskonly <boolean>;
|
|
dnssec-loadkeys-interval <integer>;
|
|
dnssec-policy <string>;
|
|
dnssec-secure-to-insecure <boolean>;
|
|
dnssec-update-mode ( maintain | no-resign );
|
|
file <quoted_string>;
|
|
forward ( first | only );
|
|
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
|
|
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
|
|
in-view <string>;
|
|
inline-signing <boolean>;
|
|
ixfr-from-differences <boolean>;
|
|
journal <quoted_string>;
|
|
key-directory <quoted_string>;
|
|
masterfile-format ( map | raw | text );
|
|
masterfile-style ( full | relative );
|
|
masters [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
|
|
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... };
|
|
max-ixfr-ratio ( unlimited | <percentage> );
|
|
max-journal-size ( default | unlimited | <sizeval> );
|
|
max-records <integer>;
|
|
max-refresh-time <integer>;
|
|
max-retry-time <integer>;
|
|
max-transfer-idle-in <integer>;
|
|
max-transfer-idle-out <integer>;
|
|
max-transfer-time-in <integer>;
|
|
max-transfer-time-out <integer>;
|
|
max-zone-ttl ( unlimited | <duration> );
|
|
min-refresh-time <integer>;
|
|
min-retry-time <integer>;
|
|
multi-master <boolean>;
|
|
notify ( explicit | master-only | primary-only | <boolean> );
|
|
notify-delay <integer>;
|
|
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
|
|
[ dscp <integer> ];
|
|
notify-to-soa <boolean>;
|
|
primaries [ port <integer> ] [ dscp <integer> ] { ( <primaries> |
|
|
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
|
|
<integer> ] ) [ key <string> ]; ... };
|
|
request-expire <boolean>;
|
|
request-ixfr <boolean>;
|
|
serial-update-method ( date | increment | unixtime );
|
|
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
|
|
server-names { <string>; ... };
|
|
sig-signing-nodes <integer>;
|
|
sig-signing-signatures <integer>;
|
|
sig-signing-type <integer>;
|
|
sig-validity-interval <integer> [ <integer> ];
|
|
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
|
|
dscp <integer> ];
|
|
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
|
|
] [ dscp <integer> ];
|
|
try-tcp-refresh <boolean>;
|
|
type ( primary | master | secondary | slave | mirror |
|
|
delegation-only | forward | hint | redirect | static-stub |
|
|
stub );
|
|
update-check-ksk <boolean>;
|
|
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
|
|
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
|
|
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
|
|
| subdomain | tcp-self | wildcard | zonesub ) [ <string> ]
|
|
<rrtypelist>; ... };
|
|
use-alt-transfer-source <boolean>;
|
|
zero-no-soa-ttl <boolean>;
|
|
zone-statistics ( full | terse | none | <boolean> );
|
|
}; // may occur multiple times
|
|
|