.\" $NetBSD: named.conf.5,v 1.5.4.1 2019/09/12 19:18:00 martin Exp $ .\" .\" Copyright (C) 2004-2019 Internet Systems Consortium, Inc. ("ISC") .\" .\" This Source Code Form is subject to the terms of the Mozilla Public .\" License, v. 2.0. If a copy of the MPL was not distributed with this .\" file, You can obtain one at http://mozilla.org/MPL/2.0/. .\" .hy 0 .ad l '\" t .\" Title: named.conf .\" Author: .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 2019-07-21 .\" Manual: BIND9 .\" Source: ISC .\" Language: English .\" .TH "NAMED\&.CONF" "5" "2019\-07\-21" "ISC" "BIND9" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" named.conf \- configuration file for \fBnamed\fR .SH "SYNOPSIS" .HP \w'\fBnamed\&.conf\fR\ 'u \fBnamed\&.conf\fR .SH "DESCRIPTION" .PP named\&.conf is the configuration file for \fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported: .PP C style: /* */ .PP C++ style: // to end of line .PP Unix style: # to end of line .SH "ACL" .sp .if n \{\ .RS 4 .\} .nf acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "CONTROLS" .sp .if n \{\ .RS 4 .\} .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] allow { \fIaddress_match_element\fR; \&.\&.\&. } [ keys { \fIstring\fR; \&.\&.\&. } ] [ read\-only \fIboolean\fR ]; unix \fIquoted_string\fR perm \fIinteger\fR owner \fIinteger\fR group \fIinteger\fR [ keys { \fIstring\fR; \&.\&.\&. } ] [ read\-only \fIboolean\fR ]; }; .fi .if n \{\ .RE .\} .SH "DLZ" .sp .if n \{\ .RS 4 .\} .nf dlz \fIstring\fR { database \fIstring\fR; search \fIboolean\fR; }; .fi .if n \{\ .RE .\} .SH "DYNDB" .sp .if n \{\ .RS 4 .\} .nf dyndb \fIstring\fR \fIquoted_string\fR { \fIunspecified\-text\fR }; .fi .if n \{\ .RE .\} .SH "KEY" .sp .if n \{\ .RS 4 .\} .nf key \fIstring\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; .fi .if n \{\ .RE .\} .SH "LOGGING" .sp .if n \{\ .RS 4 .\} .nf logging { category \fIstring\fR { \fIstring\fR; \&.\&.\&. }; channel \fIstring\fR { buffered \fIboolean\fR; file \fIquoted_string\fR [ versions ( unlimited | \fIinteger\fR ) ] [ size \fIsize\fR ] [ suffix ( increment | timestamp ) ]; null; print\-category \fIboolean\fR; print\-severity \fIboolean\fR; print\-time ( iso8601 | iso8601\-utc | local | \fIboolean\fR ); severity \fIlog_severity\fR; stderr; syslog [ \fIsyslog_facility\fR ]; }; }; .fi .if n \{\ .RE .\} .SH "MANAGED-KEYS" .sp .if n \{\ .RS 4 .\} .nf managed\-keys { \fIstring\fR \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "MASTERS" .sp .if n \{\ .RS 4 .\} .nf masters \fIstring\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "OPTIONS" .sp .if n \{\ .RS 4 .\} .nf options { allow\-new\-zones \fIboolean\fR; allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; answer\-cookie \fIboolean\fR; attach\-cache \fIstring\fR; auth\-nxdomain \fIboolean\fR; // default changed auto\-dnssec ( allow | maintain | off ); automatic\-interface\-scan \fIboolean\fR; avoid\-v4\-udp\-ports { \fIportrange\fR; \&.\&.\&. }; avoid\-v6\-udp\-ports { \fIportrange\fR; \&.\&.\&. }; bindkeys\-file \fIquoted_string\fR; blackhole { \fIaddress_match_element\fR; \&.\&.\&. }; cache\-file \fIquoted_string\fR; catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [ in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. }; check\-dup\-records ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling \fIboolean\fR; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard \fIboolean\fR; cleaning\-interval \fIinteger\fR; clients\-per\-query \fIinteger\fR; cookie\-algorithm ( aes | sha1 | sha256 | siphash24 ); cookie\-secret \fIstring\fR; coresize ( default | unlimited | \fIsizeval\fR ); datasize ( default | unlimited | \fIsizeval\fR ); deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [ except\-from { \fIstring\fR; \&.\&.\&. } ]; deny\-answer\-aliases { \fIstring\fR; \&.\&.\&. } [ except\-from { \fIstring\fR; \&.\&.\&. } ]; dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR ); directory \fIquoted_string\fR; disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. }; disable\-empty\-zone \fIstring\fR; dns64 \fInetprefix\fR { break\-dnssec \fIboolean\fR; clients { \fIaddress_match_element\fR; \&.\&.\&. }; exclude { \fIaddress_match_element\fR; \&.\&.\&. }; mapped { \fIaddress_match_element\fR; \&.\&.\&. }; recursive\-only \fIboolean\fR; suffix \fIipv6_address\fR; }; dns64\-contact \fIstring\fR; dns64\-server \fIstring\fR; dnskey\-sig\-validity \fIinteger\fR; dnsrps\-enable \fIboolean\fR; dnsrps\-options { \fIunspecified\-text\fR }; dnssec\-accept\-expired \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; dnssec\-enable \fIboolean\fR; dnssec\-loadkeys\-interval \fIinteger\fR; dnssec\-lookaside ( \fIstring\fR trust\-anchor \fIstring\fR | auto | no ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; \&.\&.\&. }; dnstap\-identity ( \fIquoted_string\fR | none | hostname ); dnstap\-output ( file | unix ) \fIquoted_string\fR [ size ( unlimited | \fIsize\fR ) ] [ versions ( unlimited | \fIinteger\fR ) ] [ suffix ( increment | timestamp ) ]; dnstap\-version ( \fIquoted_string\fR | none ); dscp \fIinteger\fR; dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] ); \&.\&.\&. }; dump\-file \fIquoted_string\fR; edns\-udp\-size \fIinteger\fR; empty\-contact \fIstring\fR; empty\-server \fIstring\fR; empty\-zones\-enable \fIboolean\fR; fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR \fIfixedpoint\fR \fIfixedpoint\fR; fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ]; fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ]; files ( default | unlimited | \fIsizeval\fR ); flush\-zones\-on\-shutdown \fIboolean\fR; forward ( first | only ); forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. }; fstrm\-set\-buffer\-hint \fIinteger\fR; fstrm\-set\-flush\-timeout \fIinteger\fR; fstrm\-set\-input\-queue\-size \fIinteger\fR; fstrm\-set\-output\-notify\-threshold \fIinteger\fR; fstrm\-set\-output\-queue\-model ( mpsc | spsc ); fstrm\-set\-output\-queue\-size \fIinteger\fR; fstrm\-set\-reopen\-interval \fIttlval\fR; geoip\-directory ( \fIquoted_string\fR | none ); glue\-cache \fIboolean\fR; heartbeat\-interval \fIinteger\fR; hostname ( \fIquoted_string\fR | none ); inline\-signing \fIboolean\fR; interface\-interval \fIttlval\fR; ixfr\-from\-differences ( primary | master | secondary | slave | \fIboolean\fR ); keep\-response\-order { \fIaddress_match_element\fR; \&.\&.\&. }; key\-directory \fIquoted_string\fR; lame\-ttl \fIttlval\fR; listen\-on [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; listen\-on\-v6 [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; lmdb\-mapsize \fIsizeval\fR; lock\-file ( \fIquoted_string\fR | none ); managed\-keys\-directory \fIquoted_string\fR; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); match\-mapped\-addresses \fIboolean\fR; max\-cache\-size ( default | unlimited | \fIsizeval\fR | \fIpercentage\fR ); max\-cache\-ttl \fIttlval\fR; max\-clients\-per\-query \fIinteger\fR; max\-journal\-size ( default | unlimited | \fIsizeval\fR ); max\-ncache\-ttl \fIttlval\fR; max\-records \fIinteger\fR; max\-recursion\-depth \fIinteger\fR; max\-recursion\-queries \fIinteger\fR; max\-refresh\-time \fIinteger\fR; max\-retry\-time \fIinteger\fR; max\-rsa\-exponent\-size \fIinteger\fR; max\-stale\-ttl \fIttlval\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-udp\-size \fIinteger\fR; max\-zone\-ttl ( unlimited | \fIttlval\fR ); memstatistics \fIboolean\fR; memstatistics\-file \fIquoted_string\fR; message\-compression \fIboolean\fR; min\-cache\-ttl \fIttlval\fR; min\-ncache\-ttl \fIttlval\fR; min\-refresh\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; minimal\-any \fIboolean\fR; minimal\-responses ( no\-auth | no\-auth\-recursive | \fIboolean\fR ); multi\-master \fIboolean\fR; new\-zones\-directory \fIquoted_string\fR; no\-case\-compress { \fIaddress_match_element\fR; \&.\&.\&. }; nocookie\-udp\-size \fIinteger\fR; notify ( explicit | master\-only | \fIboolean\fR ); notify\-delay \fIinteger\fR; notify\-rate \fIinteger\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-to\-soa \fIboolean\fR; nta\-lifetime \fIttlval\fR; nta\-recheck \fIttlval\fR; nxdomain\-redirect \fIstring\fR; pid\-file ( \fIquoted_string\fR | none ); port \fIinteger\fR; preferred\-glue \fIstring\fR; prefetch \fIinteger\fR [ \fIinteger\fR ]; provide\-ixfr \fIboolean\fR; qname\-minimization ( strict | relaxed | disabled | off ); query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; querylog \fIboolean\fR; random\-device ( \fIquoted_string\fR | none ); rate\-limit { all\-per\-second \fIinteger\fR; errors\-per\-second \fIinteger\fR; exempt\-clients { \fIaddress_match_element\fR; \&.\&.\&. }; ipv4\-prefix\-length \fIinteger\fR; ipv6\-prefix\-length \fIinteger\fR; log\-only \fIboolean\fR; max\-table\-size \fIinteger\fR; min\-table\-size \fIinteger\fR; nodata\-per\-second \fIinteger\fR; nxdomains\-per\-second \fIinteger\fR; qps\-scale \fIinteger\fR; referrals\-per\-second \fIinteger\fR; responses\-per\-second \fIinteger\fR; slip \fIinteger\fR; window \fIinteger\fR; }; recursing\-file \fIquoted_string\fR; recursion \fIboolean\fR; recursive\-clients \fIinteger\fR; request\-expire \fIboolean\fR; request\-ixfr \fIboolean\fR; request\-nsid \fIboolean\fR; require\-server\-cookie \fIboolean\fR; reserved\-sockets \fIinteger\fR; resolver\-nonbackoff\-tries \fIinteger\fR; resolver\-query\-timeout \fIinteger\fR; resolver\-retry\-interval \fIinteger\fR; response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size \fIinteger\fR; response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR } ]; root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ]; root\-key\-sentinel \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. }; secroots\-file \fIquoted_string\fR; send\-cookie \fIboolean\fR; serial\-query\-rate \fIinteger\fR; serial\-update\-method ( date | increment | unixtime ); server\-id ( \fIquoted_string\fR | none | hostname ); servfail\-ttl \fIttlval\fR; session\-keyalg \fIstring\fR; session\-keyfile ( \fIquoted_string\fR | none ); session\-keyname \fIstring\fR; sig\-signing\-nodes \fIinteger\fR; sig\-signing\-signatures \fIinteger\fR; sig\-signing\-type \fIinteger\fR; sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ]; sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; stacksize ( default | unlimited | \fIsizeval\fR ); stale\-answer\-enable \fIboolean\fR; stale\-answer\-ttl \fIttlval\fR; startup\-notify\-rate \fIinteger\fR; statistics\-file \fIquoted_string\fR; synth\-from\-dnssec \fIboolean\fR; tcp\-advertised\-timeout \fIinteger\fR; tcp\-clients \fIinteger\fR; tcp\-idle\-timeout \fIinteger\fR; tcp\-initial\-timeout \fIinteger\fR; tcp\-keepalive\-timeout \fIinteger\fR; tcp\-listen\-queue \fIinteger\fR; tkey\-dhkey \fIquoted_string\fR \fIinteger\fR; tkey\-domain \fIquoted_string\fR; tkey\-gssapi\-credential \fIquoted_string\fR; tkey\-gssapi\-keytab \fIquoted_string\fR; transfer\-format ( many\-answers | one\-answer ); transfer\-message\-size \fIinteger\fR; transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfers\-in \fIinteger\fR; transfers\-out \fIinteger\fR; transfers\-per\-ns \fIinteger\fR; trust\-anchor\-telemetry \fIboolean\fR; // experimental try\-tcp\-refresh \fIboolean\fR; update\-check\-ksk \fIboolean\fR; use\-alt\-transfer\-source \fIboolean\fR; use\-v4\-udp\-ports { \fIportrange\fR; \&.\&.\&. }; use\-v6\-udp\-ports { \fIportrange\fR; \&.\&.\&. }; v6\-bias \fIinteger\fR; validate\-except { \fIstring\fR; \&.\&.\&. }; version ( \fIquoted_string\fR | none ); zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl\-cache \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); }; .fi .if n \{\ .RE .\} .SH "PLUGIN" .sp .if n \{\ .RS 4 .\} .nf plugin ( query ) \fIstring\fR [ { \fIunspecified\-text\fR } ]; .fi .if n \{\ .RE .\} .SH "SERVER" .sp .if n \{\ .RS 4 .\} .nf server \fInetprefix\fR { bogus \fIboolean\fR; edns \fIboolean\fR; edns\-udp\-size \fIinteger\fR; edns\-version \fIinteger\fR; keys \fIserver_key\fR; max\-udp\-size \fIinteger\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; padding \fIinteger\fR; provide\-ixfr \fIboolean\fR; query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; request\-expire \fIboolean\fR; request\-ixfr \fIboolean\fR; request\-nsid \fIboolean\fR; send\-cookie \fIboolean\fR; tcp\-keepalive \fIboolean\fR; tcp\-only \fIboolean\fR; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfers \fIinteger\fR; }; .fi .if n \{\ .RE .\} .SH "STATISTICS-CHANNELS" .sp .if n \{\ .RS 4 .\} .nf statistics\-channels { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ allow { \fIaddress_match_element\fR; \&.\&.\&. } ]; }; .fi .if n \{\ .RE .\} .SH "TRUSTED-KEYS" .sp .if n \{\ .RS 4 .\} .nf trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. }; .fi .if n \{\ .RE .\} .SH "VIEW" .sp .if n \{\ .RS 4 .\} .nf view \fIstring\fR [ \fIclass\fR ] { allow\-new\-zones \fIboolean\fR; allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; attach\-cache \fIstring\fR; auth\-nxdomain \fIboolean\fR; // default changed auto\-dnssec ( allow | maintain | off ); cache\-file \fIquoted_string\fR; catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [ in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. }; check\-dup\-records ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling \fIboolean\fR; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard \fIboolean\fR; cleaning\-interval \fIinteger\fR; clients\-per\-query \fIinteger\fR; deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [ except\-from { \fIstring\fR; \&.\&.\&. } ]; deny\-answer\-aliases { \fIstring\fR; \&.\&.\&. } [ except\-from { \fIstring\fR; \&.\&.\&. } ]; dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR ); disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; disable\-ds\-digests \fIstring\fR { \fIstring\fR; \&.\&.\&. }; disable\-empty\-zone \fIstring\fR; dlz \fIstring\fR { database \fIstring\fR; search \fIboolean\fR; }; dns64 \fInetprefix\fR { break\-dnssec \fIboolean\fR; clients { \fIaddress_match_element\fR; \&.\&.\&. }; exclude { \fIaddress_match_element\fR; \&.\&.\&. }; mapped { \fIaddress_match_element\fR; \&.\&.\&. }; recursive\-only \fIboolean\fR; suffix \fIipv6_address\fR; }; dns64\-contact \fIstring\fR; dns64\-server \fIstring\fR; dnskey\-sig\-validity \fIinteger\fR; dnsrps\-enable \fIboolean\fR; dnsrps\-options { \fIunspecified\-text\fR }; dnssec\-accept\-expired \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; dnssec\-enable \fIboolean\fR; dnssec\-loadkeys\-interval \fIinteger\fR; dnssec\-lookaside ( \fIstring\fR trust\-anchor \fIstring\fR | auto | no ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; \&.\&.\&. }; dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] ); \&.\&.\&. }; dyndb \fIstring\fR \fIquoted_string\fR { \fIunspecified\-text\fR }; edns\-udp\-size \fIinteger\fR; empty\-contact \fIstring\fR; empty\-server \fIstring\fR; empty\-zones\-enable \fIboolean\fR; fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR \fIfixedpoint\fR \fIfixedpoint\fR; fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ]; fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ]; forward ( first | only ); forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. }; glue\-cache \fIboolean\fR; inline\-signing \fIboolean\fR; ixfr\-from\-differences ( primary | master | secondary | slave | \fIboolean\fR ); key \fIstring\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; key\-directory \fIquoted_string\fR; lame\-ttl \fIttlval\fR; lmdb\-mapsize \fIsizeval\fR; managed\-keys { \fIstring\fR \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. }; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); match\-clients { \fIaddress_match_element\fR; \&.\&.\&. }; match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. }; match\-recursive\-only \fIboolean\fR; max\-cache\-size ( default | unlimited | \fIsizeval\fR | \fIpercentage\fR ); max\-cache\-ttl \fIttlval\fR; max\-clients\-per\-query \fIinteger\fR; max\-journal\-size ( default | unlimited | \fIsizeval\fR ); max\-ncache\-ttl \fIttlval\fR; max\-records \fIinteger\fR; max\-recursion\-depth \fIinteger\fR; max\-recursion\-queries \fIinteger\fR; max\-refresh\-time \fIinteger\fR; max\-retry\-time \fIinteger\fR; max\-stale\-ttl \fIttlval\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-udp\-size \fIinteger\fR; max\-zone\-ttl ( unlimited | \fIttlval\fR ); message\-compression \fIboolean\fR; min\-cache\-ttl \fIttlval\fR; min\-ncache\-ttl \fIttlval\fR; min\-refresh\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; minimal\-any \fIboolean\fR; minimal\-responses ( no\-auth | no\-auth\-recursive | \fIboolean\fR ); multi\-master \fIboolean\fR; new\-zones\-directory \fIquoted_string\fR; no\-case\-compress { \fIaddress_match_element\fR; \&.\&.\&. }; nocookie\-udp\-size \fIinteger\fR; notify ( explicit | master\-only | \fIboolean\fR ); notify\-delay \fIinteger\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-to\-soa \fIboolean\fR; nta\-lifetime \fIttlval\fR; nta\-recheck \fIttlval\fR; nxdomain\-redirect \fIstring\fR; plugin ( query ) \fIstring\fR [ { \fIunspecified\-text\fR } ]; preferred\-glue \fIstring\fR; prefetch \fIinteger\fR [ \fIinteger\fR ]; provide\-ixfr \fIboolean\fR; qname\-minimization ( strict | relaxed | disabled | off ); query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; rate\-limit { all\-per\-second \fIinteger\fR; errors\-per\-second \fIinteger\fR; exempt\-clients { \fIaddress_match_element\fR; \&.\&.\&. }; ipv4\-prefix\-length \fIinteger\fR; ipv6\-prefix\-length \fIinteger\fR; log\-only \fIboolean\fR; max\-table\-size \fIinteger\fR; min\-table\-size \fIinteger\fR; nodata\-per\-second \fIinteger\fR; nxdomains\-per\-second \fIinteger\fR; qps\-scale \fIinteger\fR; referrals\-per\-second \fIinteger\fR; responses\-per\-second \fIinteger\fR; slip \fIinteger\fR; window \fIinteger\fR; }; recursion \fIboolean\fR; request\-expire \fIboolean\fR; request\-ixfr \fIboolean\fR; request\-nsid \fIboolean\fR; require\-server\-cookie \fIboolean\fR; resolver\-nonbackoff\-tries \fIinteger\fR; resolver\-query\-timeout \fIinteger\fR; resolver\-retry\-interval \fIinteger\fR; response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size \fIinteger\fR; response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR } ]; root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ]; root\-key\-sentinel \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. }; send\-cookie \fIboolean\fR; serial\-update\-method ( date | increment | unixtime ); server \fInetprefix\fR { bogus \fIboolean\fR; edns \fIboolean\fR; edns\-udp\-size \fIinteger\fR; edns\-version \fIinteger\fR; keys \fIserver_key\fR; max\-udp\-size \fIinteger\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; padding \fIinteger\fR; provide\-ixfr \fIboolean\fR; query\-source ( ( [ address ] ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv4_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; query\-source\-v6 ( ( [ address ] ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] ) | ( [ [ address ] ( \fIipv6_address\fR | * ) ] port ( \fIinteger\fR | * ) ) ) [ dscp \fIinteger\fR ]; request\-expire \fIboolean\fR; request\-ixfr \fIboolean\fR; request\-nsid \fIboolean\fR; send\-cookie \fIboolean\fR; tcp\-keepalive \fIboolean\fR; tcp\-only \fIboolean\fR; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfers \fIinteger\fR; }; servfail\-ttl \fIttlval\fR; sig\-signing\-nodes \fIinteger\fR; sig\-signing\-signatures \fIinteger\fR; sig\-signing\-type \fIinteger\fR; sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ]; sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; stale\-answer\-enable \fIboolean\fR; stale\-answer\-ttl \fIttlval\fR; synth\-from\-dnssec \fIboolean\fR; transfer\-format ( many\-answers | one\-answer ); transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; trust\-anchor\-telemetry \fIboolean\fR; // experimental trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; \&.\&.\&. }; try\-tcp\-refresh \fIboolean\fR; update\-check\-ksk \fIboolean\fR; use\-alt\-transfer\-source \fIboolean\fR; v6\-bias \fIinteger\fR; validate\-except { \fIstring\fR; \&.\&.\&. }; zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl\-cache \fIboolean\fR; zone \fIstring\fR [ \fIclass\fR ] { allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; auto\-dnssec ( allow | maintain | off ); check\-dup\-records ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); check\-sibling \fIboolean\fR; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard \fIboolean\fR; database \fIstring\fR; delegation\-only \fIboolean\fR; dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR ); dlz \fIstring\fR; dnskey\-sig\-validity \fIinteger\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; dnssec\-loadkeys\-interval \fIinteger\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; dnssec\-update\-mode ( maintain | no\-resign ); file \fIquoted_string\fR; forward ( first | only ); forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. }; in\-view \fIstring\fR; inline\-signing \fIboolean\fR; ixfr\-from\-differences \fIboolean\fR; journal \fIquoted_string\fR; key\-directory \fIquoted_string\fR; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; max\-ixfr\-log\-size ( default | unlimited | max\-journal\-size ( default | unlimited | \fIsizeval\fR ); max\-records \fIinteger\fR; max\-refresh\-time \fIinteger\fR; max\-retry\-time \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-zone\-ttl ( unlimited | \fIttlval\fR ); min\-refresh\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; multi\-master \fIboolean\fR; notify ( explicit | master\-only | \fIboolean\fR ); notify\-delay \fIinteger\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-to\-soa \fIboolean\fR; pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR request\-expire \fIboolean\fR; request\-ixfr \fIboolean\fR; serial\-update\-method ( date | increment | unixtime ); server\-addresses { ( \fIipv4_address\fR | \fIipv6_address\fR ); \&.\&.\&. }; server\-names { \fIstring\fR; \&.\&.\&. }; sig\-signing\-nodes \fIinteger\fR; sig\-signing\-signatures \fIinteger\fR; sig\-signing\-type \fIinteger\fR; sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ]; transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; try\-tcp\-refresh \fIboolean\fR; type ( primary | master | secondary | slave | mirror | delegation\-only | forward | hint | redirect | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; use\-alt\-transfer\-source \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); }; zone\-statistics ( full | terse | none | \fIboolean\fR ); }; .fi .if n \{\ .RE .\} .SH "ZONE" .sp .if n \{\ .RS 4 .\} .nf zone \fIstring\fR [ \fIclass\fR ] { allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; also\-notify [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; alt\-transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; auto\-dnssec ( allow | maintain | off ); check\-dup\-records ( fail | warn | ignore ); check\-integrity \fIboolean\fR; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); check\-sibling \fIboolean\fR; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard \fIboolean\fR; database \fIstring\fR; delegation\-only \fIboolean\fR; dialup ( notify | notify\-passive | passive | refresh | \fIboolean\fR ); dlz \fIstring\fR; dnskey\-sig\-validity \fIinteger\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; dnssec\-loadkeys\-interval \fIinteger\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; dnssec\-update\-mode ( maintain | no\-resign ); file \fIquoted_string\fR; forward ( first | only ); forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. }; in\-view \fIstring\fR; inline\-signing \fIboolean\fR; ixfr\-from\-differences \fIboolean\fR; journal \fIquoted_string\fR; key\-directory \fIquoted_string\fR; masterfile\-format ( map | raw | text ); masterfile\-style ( full | relative ); masters [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; max\-journal\-size ( default | unlimited | \fIsizeval\fR ); max\-records \fIinteger\fR; max\-refresh\-time \fIinteger\fR; max\-retry\-time \fIinteger\fR; max\-transfer\-idle\-in \fIinteger\fR; max\-transfer\-idle\-out \fIinteger\fR; max\-transfer\-time\-in \fIinteger\fR; max\-transfer\-time\-out \fIinteger\fR; max\-zone\-ttl ( unlimited | \fIttlval\fR ); min\-refresh\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; multi\-master \fIboolean\fR; notify ( explicit | master\-only | \fIboolean\fR ); notify\-delay \fIinteger\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; notify\-to\-soa \fIboolean\fR; request\-expire \fIboolean\fR; request\-ixfr \fIboolean\fR; serial\-update\-method ( date | increment | unixtime ); server\-addresses { ( \fIipv4_address\fR | \fIipv6_address\fR ); \&.\&.\&. }; server\-names { \fIstring\fR; \&.\&.\&. }; sig\-signing\-nodes \fIinteger\fR; sig\-signing\-signatures \fIinteger\fR; sig\-signing\-type \fIinteger\fR; sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ]; transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; try\-tcp\-refresh \fIboolean\fR; type ( primary | master | secondary | slave | mirror | delegation\-only | forward | hint | redirect | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; use\-alt\-transfer\-source \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zone\-statistics ( full | terse | none | \fIboolean\fR ); }; .fi .if n \{\ .RE .\} .SH "FILES" .PP /etc/named\&.conf .SH "SEE ALSO" .PP \fBddns-confgen\fR(8), \fBnamed\fR(8), \fBnamed-checkconf\fR(8), \fBrndc\fR(8), \fBrndc-confgen\fR(8), BIND 9 Administrator Reference Manual\&. .SH "AUTHOR" .PP \fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" .br Copyright \(co 2004-2019 Internet Systems Consortium, Inc. ("ISC") .br