Commit 8a28d9f1 authored by Evan Hunt's avatar Evan Hunt

[master] auto-generate named.conf.docbook

4603.	[doc]		Automatically generate named.conf(5) man page
			from doc/misc/options. Thanks to Tony Finch.
			[RT #43525]
parent d26ae7fc
4603. [doc] Automatically generate named.conf(5) man page
from doc/misc/options. Thanks to Tony Finch.
[RT #43525]
4602. [func] Threads are now set to human-readable
names to assist debugging, when supported by
the OS. [RT #43234]
......
<!--
- Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
<!-- Converted by db4-upgrade version 1.0 -->
<!-- Generated by doc/misc/docbook-options.pl -->
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
<date>2014-01-08</date>
<date>2017-03-08</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
......@@ -77,119 +78,105 @@
<literallayout class="normal">
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
</literallayout>
</refsection>
<refsection><info><title>KEY</title></info>
<refsection><info><title>CONTROLS</title></info>
<literallayout class="normal">
key <replaceable>domain_name</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> |
* ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> allow
{ <replaceable>address_match_element</replaceable>; ... } <optional>
keys { <replaceable>string</replaceable>; ... } </optional> <optional> read-only
<replaceable>boolean</replaceable> </optional>;
unix <replaceable>quoted_string</replaceable> perm <replaceable>integer</replaceable>
owner <replaceable>integer</replaceable> group <replaceable>integer</replaceable> <optional>
keys { <replaceable>string</replaceable>; ... } </optional> <optional> read-only
<replaceable>boolean</replaceable> </optional>;
};
</literallayout>
</refsection>
<refsection><info><title>MASTERS</title></info>
<refsection><info><title>DLZ</title></info>
<literallayout class="normal">
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
dlz <replaceable>string</replaceable> {
database <replaceable>string</replaceable>;
search <replaceable>boolean</replaceable>;
};
</literallayout>
</refsection>
<refsection><info><title>SERVER</title></info>
<refsection><info><title>DYNDB</title></info>
<literallayout class="normal">
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
bogus <replaceable>boolean</replaceable>;
edns <replaceable>boolean</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
padding <replaceable>integer</replaceable>;
tcp-only <replaceable>boolean</replaceable>;
tcp-keepalive <replaceable>boolean</replaceable>;
provide-ixfr <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
keys <replaceable>server_key</replaceable>;
transfers <replaceable>integer</replaceable>;
transfer-format ( many-answers | one-answer );
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
support-ixfr <replaceable>boolean</replaceable>; // obsolete
};
dyndb <replaceable>string</replaceable> <replaceable>quoted_string</replaceable> {
<replaceable>unspecified-text</replaceable> };
</literallayout>
</refsection>
<refsection><info><title>TRUSTED-KEYS</title></info>
<refsection><info><title>KEY</title></info>
<literallayout class="normal">
trusted-keys {
<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
key <replaceable>string</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
</literallayout>
</refsection>
<refsection><info><title>MANAGED-KEYS</title></info>
<refsection><info><title>LOGGING</title></info>
<literallayout class="normal">
managed-keys {
<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
logging {
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
channel <replaceable>string</replaceable> {
buffered <replaceable>boolean</replaceable>;
file <replaceable>quoted_string</replaceable> <optional> versions ( unlimited | <replaceable>integer</replaceable> ) </optional>
<optional> size <replaceable>size</replaceable> </optional> <optional> suffix ( increment | timestamp ) </optional>;
null;
print-category <replaceable>boolean</replaceable>;
print-severity <replaceable>boolean</replaceable>;
print-time ( iso8601 | iso8601-utc | local | <replaceable>boolean</replaceable> );
severity <replaceable>log_severity</replaceable>;
stderr;
syslog <optional> <replaceable>syslog_facility</replaceable> </optional>;
};
};
</literallayout>
</refsection>
<refsection><info><title>CONTROLS</title></info>
<refsection><info><title>LWRES</title></info>
<literallayout class="normal">
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
allow { <replaceable>address_match_element</replaceable>; ... }
<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
unix <replaceable>unsupported</replaceable>; // not implemented
lwres {
listen-on <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional>; ... };
lwres-clients <replaceable>integer</replaceable>;
lwres-tasks <replaceable>integer</replaceable>;
ndots <replaceable>integer</replaceable>;
search { <replaceable>string</replaceable>; ... };
view <replaceable>string</replaceable> <optional> <replaceable>class</replaceable> </optional>;
};
</literallayout>
</refsection>
<refsection><info><title>LOGGING</title></info>
<refsection><info><title>MANAGED-KEYS</title></info>
<literallayout class="normal">
logging {
channel <replaceable>string</replaceable> {
file <replaceable>log_file</replaceable>;
syslog <replaceable>optional_facility</replaceable>;
null;
stderr;
severity <replaceable>log_severity</replaceable>;
print-time <replaceable>boolean</replaceable>;
print-severity <replaceable>boolean</replaceable>;
print-category <replaceable>boolean</replaceable>;
};
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
managed-keys { <replaceable>string</replaceable> <replaceable>string</replaceable> <replaceable>integer</replaceable>
<replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... };
</literallayout>
</refsection>
<refsection><info><title>LWRES</title></info>
<refsection><info><title>MASTERS</title></info>
<literallayout class="normal">
lwres {
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
};
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
search { <replaceable>string</replaceable>; ... };
ndots <replaceable>integer</replaceable>;
lwres-tasks <replaceable>integer</replaceable>;
lwres-clients <replaceable>integer</replaceable>;
};
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp
<replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>
port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
<replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
</literallayout>
</refsection>
......@@ -197,419 +184,705 @@ lwres {
<literallayout class="normal">
options {
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
acache-cleaning-interval <replaceable>integer</replaceable>;
acache-enable <replaceable>boolean</replaceable>;
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
allow-new-zones <replaceable>boolean</replaceable>;
allow-notify { <replaceable>address_match_element</replaceable>; ... };
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
also-notify <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> |
<replaceable>ipv4_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
<replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... };
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
</optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> |
* ) </optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
attach-cache <replaceable>string</replaceable>;
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <replaceable>boolean</replaceable>;
avoid-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
avoid-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
bindkeys-file <replaceable>quoted_string</replaceable>;
blackhole { <replaceable>address_match_element</replaceable>; ... };
coresize <replaceable>size</replaceable>;
datasize <replaceable>size</replaceable>;
cache-file <replaceable>quoted_string</replaceable>;
catalog-zones { zone <replaceable>quoted_string</replaceable> <optional> default-masters <optional> port
<replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>
port <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key
<replaceable>string</replaceable> </optional>; ... } </optional> <optional> zone-directory <replaceable>quoted_string</replaceable> </optional> <optional>
in-memory <replaceable>boolean</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional>; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <replaceable>boolean</replaceable>;
cleaning-interval <replaceable>integer</replaceable>;
clients-per-query <replaceable>integer</replaceable>;
cookie-algorithm ( aes | sha1 | sha256 );
cookie-secret <replaceable>string</replaceable>;
coresize ( default | unlimited | <replaceable>sizeval</replaceable> );
datasize ( default | unlimited | <replaceable>sizeval</replaceable> );
deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } <optional>
except-from { <replaceable>quoted_string</replaceable>; ... } </optional>;
deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } <optional> except-from {
<replaceable>quoted_string</replaceable>; ... } </optional>;
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
directory <replaceable>quoted_string</replaceable>;
dnstap { <replaceable>message_type</replaceable>; ... };
dnstap-output ( <literal>file</literal> | <literal>unix</literal> ) <replaceable>path_name</replaceable>;
dnstap-identity ( <replaceable>string</replaceable> | <literal>hostname</literal> | <literal>none</literal> );
dnstap-version ( <replaceable>string</replaceable> | <literal>none</literal> );
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
disable-empty-zone <replaceable>string</replaceable>;
dns64 <replaceable>netprefix</replaceable> {
break-dnssec <replaceable>boolean</replaceable>;
clients { <replaceable>address_match_element</replaceable>; ... };
exclude { <replaceable>address_match_element</replaceable>; ... };
mapped { <replaceable>address_match_element</replaceable>; ... };
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
dns64-contact <replaceable>string</replaceable>;
dns64-server <replaceable>string</replaceable>;
dnssec-accept-expired <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-enable <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-lookaside ( <replaceable>string</replaceable> trust-anchor
<replaceable>string</replaceable> | auto | no );
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) <optional> ( query | response ) </optional>; ... };
dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
hostname );
dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> <optional>
size ( unlimited | <replaceable>size</replaceable> ) </optional> <optional> versions (
unlimited | <replaceable>integer</replaceable> ) </optional> <optional> suffix ( increment
| timestamp ) </optional>;
dnstap-version ( <replaceable>quoted_string</replaceable> | none );
dscp <replaceable>integer</replaceable>;
dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>quoted_string</replaceable> <optional> port
<replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> | <replaceable>ipv4_address</replaceable> <optional> port
<replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> | <replaceable>ipv6_address</replaceable> <optional> port
<replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> ); ... };
dump-file <replaceable>quoted_string</replaceable>;
files <replaceable>size</replaceable>;
fstrm-set-buffer-hint <replaceable>number</replaceable>;
fstrm-set-flush-timeout <replaceable>number</replaceable>;
fstrm-set-input-queue-size <replaceable>number</replaceable>;
fstrm-set-output-notify-threshold <replaceable>number</replaceable>;
fstrm-set-output-queue-model ( <replaceable>mpsc</replaceable> | <replaceable>spsc</replaceable> ) ;
fstrm-set-output-queue-size <replaceable>number</replaceable>;
fstrm-set-reopen-interval <replaceable>number</replaceable>;
edns-udp-size <replaceable>integer</replaceable>;
empty-contact <replaceable>string</replaceable>;
empty-server <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
fetches-per-server <replaceable>integer</replaceable> <optional> ( drop | fail ) </optional>;
fetches-per-zone <replaceable>integer</replaceable> <optional> ( drop | fail ) </optional>;
files ( default | unlimited | <replaceable>sizeval</replaceable> );
filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
flush-zones-on-shutdown <replaceable>boolean</replaceable>;
forward ( first | only );
forwarders <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp <replaceable>integer</replaceable> </optional>; ... };
fstrm-set-buffer-hint <replaceable>integer</replaceable>;
fstrm-set-flush-timeout <replaceable>integer</replaceable>;
fstrm-set-input-queue-size <replaceable>integer</replaceable>;
fstrm-set-output-notify-threshold <replaceable>integer</replaceable>;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size <replaceable>integer</replaceable>;
fstrm-set-reopen-interval <replaceable>integer</replaceable>;
geoip-directory ( <replaceable>quoted_string</replaceable> | none );
geoip-use-ecs ( <replaceable>quoted_string</replaceable> | none );
heartbeat-interval <replaceable>integer</replaceable>;
host-statistics <replaceable>boolean</replaceable>; // not implemented
host-statistics-max <replaceable>number</replaceable>; // not implemented
hostname ( <replaceable>quoted_string</replaceable> | none );
inline-signing <replaceable>boolean</replaceable>;
interface-interval <replaceable>integer</replaceable>;
ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
keep-response-order { <replaceable>address_match_element</replaceable>; ... };
listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
key-directory <replaceable>quoted_string</replaceable>;
lame-ttl <replaceable>ttlval</replaceable>;
listen-on <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp
<replaceable>integer</replaceable> </optional> {
<replaceable>address_match_element</replaceable>; ... };
listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> <optional> dscp
<replaceable>integer</replaceable> </optional> {
<replaceable>address_match_element</replaceable>; ... };
lock-file ( <replaceable>quoted_string</replaceable> | none );
managed-keys-directory <replaceable>quoted_string</replaceable>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <replaceable>boolean</replaceable>;
max-acache-size ( unlimited | <replaceable>sizeval</replaceable> );
max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
max-cache-ttl <replaceable>integer</replaceable>;
max-clients-per-query <replaceable>integer</replaceable>;
max-journal-size ( unlimited | <replaceable>sizeval</replaceable> );
max-ncache-ttl <replaceable>integer</replaceable>;
max-records <replaceable>integer</replaceable>;
max-recursion-depth <replaceable>integer</replaceable>;
max-recursion-queries <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
max-rsa-exponent-size <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
memstatistics <replaceable>boolean</replaceable>;
memstatistics-file <replaceable>quoted_string</replaceable>;
message-compression <replaceable>boolean</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
multi-master <replaceable>boolean</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
nocookie-udp-size <replaceable>integer</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
notify-rate <replaceable>integer</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
dscp <replaceable>integer</replaceable> </optional>;
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>
<optional> dscp <replaceable>integer</replaceable> </optional>;
notify-to-soa <replaceable>boolean</replaceable>;
nsec3-test-zone <replaceable>boolean</replaceable>; // test only
nta-lifetime <replaceable>ttlval</replaceable>;
nta-recheck <replaceable>ttlval</replaceable>;
nxdomain-redirect <replaceable>string</replaceable>;
pid-file ( <replaceable>quoted_string</replaceable> | none );
port <replaceable>integer</replaceable>;
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
provide-ixfr <replaceable>boolean</replaceable>;
query-source ( ( <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) <optional> port (
<replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv4_address</replaceable> | * ) </optional>
port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
query-source-v6 ( ( <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) <optional> port (
<replaceable>integer</replaceable> | * ) </optional> ) | ( <optional> <optional> address </optional> ( <replaceable>ipv6_address</replaceable> | * ) </optional>
port ( <replaceable>integer</replaceable> | * ) ) ) <optional> dscp <replaceable>integer</replaceable> </optional>;
querylog <replaceable>boolean</replaceable>;
recursing-file <replaceable>quoted_string</replaceable>;
reserved-sockets <replaceable>integer</replaceable>;
random-device <replaceable>quoted_string</replaceable>;
rate-limit {
all-per-second <replaceable>integer</replaceable>;
errors-per-second <replaceable>integer</replaceable>;
exempt-clients { <replaceable>address_match_element</replaceable>; ... };
ipv4-prefix-length <replaceable>integer</replaceable>;
ipv6-prefix-length <replaceable>integer</replaceable>;
log-only <replaceable>boolean</replaceable>;
max-table-size <replaceable>integer</replaceable>;
min-table-size <replaceable>integer</replaceable>;
nodata-per-second <replaceable>integer</replaceable>;
nxdomains-per-second <replaceable>integer</replaceable>;
qps-scale <replaceable>integer</replaceable>;
referrals-per-second <replaceable>integer</replaceable>;
responses-per-second <replaceable>integer</replaceable>;
slip <replaceable>integer</replaceable>;
window <replaceable>integer</replaceable>;
};
recursing-file <replaceable>quoted_string</replaceable>;
recursion <replaceable>boolean</replaceable>;
recursive-clients <replaceable>integer</replaceable>;
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
request-nsid <replaceable>boolean</replaceable>;
require-server-cookie <replaceable>boolean</replaceable>;
reserved-sockets <replaceable>integer</replaceable>;
resolver-query-timeout <replaceable>integer</replaceable>;
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> <optional> log <replaceable>boolean</replaceable> </optional> <optional>
max-policy-ttl <replaceable>integer</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional> <optional>
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) </optional> <optional>
recursive-only <replaceable>boolean</replaceable> </optional>; ... } <optional> break-dnssec <replaceable>boolean</replaceable> </optional> <optional>
max-policy-ttl <replaceable>integer</replaceable> </optional> <optional> min-update-interval <replaceable>integer</replaceable> </optional> <optional>
min-ns-dots <replaceable>integer</replaceable> </optional> <optional> nsip-wait-recurse <replaceable>boolean</replaceable> </optional> <optional>
qname-wait-recurse <replaceable>boolean</replaceable> </optional> <optional> recursive-only <replaceable>boolean</replaceable> </optional>;
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
rrset-order { <optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional> <optional> name
<replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
secroots-file <replaceable>quoted_string</replaceable>;
send-cookie <replaceable>boolean</replaceable>;
serial-query-rate <replaceable>integer</replaceable>;
server-id ( <replaceable>quoted_string</replaceable> | hostname | none );
stacksize <replaceable>size</replaceable>;
serial-update-method ( date | increment | unixtime );
server-id ( <replaceable>quoted_string</replaceable> | none | hostname );
servfail-ttl <replaceable>ttlval</replaceable>;
session-keyalg <replaceable>string</replaceable>;
session-keyfile ( <replaceable>quoted_string</replaceable> | none );
session-keyname <replaceable>string</replaceable>;
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
sig-validity-interval <replaceable>integer</replaceable> <optional> <replaceable>integer</replaceable> </optional>;
sortlist { <replaceable>address_match_element</replaceable>; ... };
stacksize ( default | unlimited | <replaceable>sizeval</replaceable> );
startup-notify-rate <replaceable>integer</replaceable>;
statistics-file <replaceable>quoted_string</replaceable>;
statistics-interval <replaceable>integer</replaceable>; // not yet implemented
tcp-advertised-timeout <replaceable>integer</replaceable>;
tcp-clients <replaceable>integer</replaceable>;
tcp-idle-timeout <replaceable>integer</replaceable>;
tcp-initial-timeout <replaceable>integer</replaceable>;
tcp-keepalive-timeout <replaceable>integer</replaceable>;
tcp-listen-queue <replaceable>integer</replaceable>;
tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
tkey-domain <replaceable>quoted_string</replaceable>;
tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
tkey-gssapi-keytab <replaceable>quoted_string</replaceable>;
tkey-domain <replaceable>quoted_string</replaceable>;
transfer-format ( many-answers | one-answer );
transfer-message-size <replaceable>integer</replaceable>;
transfers-per-ns <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> <optional>
dscp <replaceable>integer</replaceable> </optional>;
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * )
</optional> <optional> dscp <replaceable>integer</replaceable> </optional>;
transfers-in <replaceable>integer</replaceable>;
transfers-out <replaceable>integer</replaceable>;
version ( <replaceable>quoted_string</replaceable> | none );
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
sortlist { <replaceable>address_match_element</replaceable>; ... };
topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( <replaceable>boolean</replaceable> | no-auth | no-auth-recursive );
recursion <replaceable>boolean</replaceable>;
rrset-order {
<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
};
provide-ixfr <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
additional-from-auth <replaceable>boolean</replaceable>;
additional-from-cache <replaceable>boolean</replaceable>;
query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-queryport-pool <replaceable>boolean</replaceable>;
queryport-pool-ports <replaceable>integer</replaceable>;
queryport-pool-updateinterval <replaceable>integer</replaceable>;
cleaning-interval <replaceable>integer</replaceable>;
resolver-query-timeout <replaceable>integer</replaceable>;
min-roots <replaceable>integer</replaceable>; // not implemented
lame-ttl <replaceable>integer</replaceable>;
max-ncache-ttl <replaceable>integer</replaceable>;
max-cache-ttl <replaceable>integer</replaceable>;
transfer-format ( many-answers | one-answer );
max-cache-size <replaceable>size</replaceable>;
max-acache-size <replaceable>size</replaceable>;
clients-per-query <replaceable>number</replaceable>;
max-clients-per-query <replaceable>number</replaceable>;
check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
cache-file <replaceable>quoted_string</replaceable>; // test option
catalog-zones {
zone <replaceable>quoted_string</replaceable>
<optional> default-masters
<optional>port <replaceable>ip_port</replaceable></optional>
<optional>dscp <replaceable>ip_dscp</replaceable></optional>
{ ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }</optional>
<optional>in-memory <replaceable>yes_or_no</replaceable></optional>
<optional>min-update-interval <replaceable>interval</replaceable></optional>
; ... };
;
suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
preferred-glue <replaceable>string</replaceable>;
dual-stack-servers <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>quoted_string</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ); ...
};
edns-udp-size <replaceable>integer</replaceable>;
max-udp-size <replaceable>integer</replaceable>;
root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
disable-ds-digests <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
dnssec-enable <replaceable>boolean</replaceable>;
dnssec-validation <replaceable>boolean</replaceable>;
dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
dnssec-accept-expired <replaceable>boolean</replaceable>;
dns64-server <replaceable>string</replaceable>;
dns64-contact <replaceable>string</replaceable>;
dns64 <replaceable>prefix</replaceable> {
clients { <replaceable>acl</replaceable>; };
exclude { <replaceable>acl</replaceable>; };
mapped { <replaceable>acl</replaceable>; };
break-dnssec <replaceable>boolean</replaceable>;
recursive-only <replaceable>boolean</replaceable>;
suffix <replaceable>ipv6_address</replaceable>;
};
empty-server <replaceable>string</replaceable>;
empty-contact <replaceable>string</replaceable>;
empty-zones-enable <replaceable>boolean</replaceable>;
disable-empty-zone <replaceable>string</replaceable>;
dialup <replaceable>dialuptype</replaceable>;
ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
allow-query { <replaceable>address_match_element</replaceable>; ... };
allow-query-on { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
allow-transfer { <replaceable>address_match_element</replaceable>; ... };
allow-update { <replaceable>address_match_element</replaceable>; ... };
allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
transfers-per-ns <replaceable>integer</replaceable>;
trust-anchor-telemetry <replaceable>boolean</replaceable>; // experimental
try-tcp-refresh <replaceable>boolean</replaceable>;
update-check-ksk <replaceable>boolean</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
masterfile-format ( text | raw | map );
notify <replaceable>notifytype</replaceable>;
notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
forwarders <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
};
max-journal-size <replaceable>size_no_default</replaceable>;
max-records <replaceable>integer</replaceable>;
max-transfer-time-in <replaceable>integer</replaceable>;
max-transfer-time-out <replaceable>integer</replaceable>;
max-transfer-idle-in <replaceable>integer</replaceable>;
max-transfer-idle-out <replaceable>integer</replaceable>;
max-retry-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
max-refresh-time <replaceable>integer</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
sig-validity-interval <replaceable>integer</replaceable>;
sig-re-signing-interval <replaceable>integer</replaceable>;
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source ( <replaceable>ipv4_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
zone-statistics <replaceable>boolean</replaceable>;
key-directory <replaceable>quoted_string</replaceable>;
managed-keys-directory <replaceable>quoted_string</replaceable>;
auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>;
try-tcp-refresh <replaceable>boolean</replaceable>;
use-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
use-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
v6-bias <replaceable>integer</replaceable>;
version ( <replaceable>quoted_string</replaceable> | none );
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;