Grammar: port <integer>;
Blocks: options
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
\n \nThis is the UDP/TCP port number the server uses to receive and send DNS\n protocol traffic. The default is 53. This option is mainly intended\n for server testing; a server using a port other than 53 is not\n able to communicate with the global DNS.
\nGrammar: tls-port <integer>;
Blocks: options
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
\n \nThis is the TCP port number the server uses to receive and send\n DNS-over-TLS protocol traffic. The default is 853.
\nGrammar: https-port <integer>;
Blocks: options
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
\n \nThis is the TCP port number the server uses to receive and send\n DNS-over-HTTPS protocol traffic. The default is 443.
\nGrammar: http-port <integer>;
Blocks: options
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
\n \nThis is the TCP port number the server uses to receive and send\n unencrypted DNS traffic via HTTP (a configuration that may be useful\n when encryption is handled by third-party software or by a reverse\n proxy).
\nGrammar: disable-ds-digests <string> { <string>; ... }; // may occur multiple times
Blocks: options, view
\n-Tags: dnssec, zone
\n+Tags: zone, dnssec
\nDisables DS digest types from a specified zone.
\n \nThis disables the specified DS digest types at and below the specified\n name. Multiple disable-ds-digests statements are allowed. Only\n the best-match disable-ds-digests clause is used to\n determine the digest types.
If all supported digest types are disabled, the zones covered by\n@@ -2530,15 +2530,15 @@\n
Grammar: ipv4only-server <string>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies the name of the server for the IPV4ONLY.ARPA zone created by dns64.
Grammar: zone-statistics ( full | terse | none | <boolean> );
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
\n-Tags: zone, logging
\n+Tags: logging, zone
\nControls the level of statistics gathered for all zones.
\n \nIf full, the server collects statistical data on all zones,\n unless specifically turned off on a per-zone basis by specifying\n zone-statistics terse or zone-statistics none in the zone\n statement. The statistical data includes, for example, DNSSEC signing\n operations and the number of authoritative answers per query type. The\n@@ -2755,15 +2755,15 @@\n
Grammar: allow-new-zones <boolean>;
Blocks: options, view
\n-Tags: zone, server
\n+Tags: server, zone
\nControls the ability to add zones at runtime via rndc addzone.
If yes, then zones can be added at runtime via rndc addzone.\n The default is no.
Newly added zones\u2019 configuration parameters are stored so that they\n can persist after the server is restarted. The configuration\n information is saved in a file called viewname.nzf (or, if\n@@ -3193,15 +3193,15 @@\n
Grammar: stale-answer-enable <boolean>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nEnables the returning of \u201cstale\u201d cached answers when the name servers for a zone are not answering.
\n \nIf yes, enable the returning of \u201cstale\u201d cached answers when the name\n servers for a zone are not answering and the stale-cache-enable option is\n also enabled. The default is not to return stale answers.
Stale answers can also be enabled or disabled at runtime via\n rndc serve-stale on or rndc serve-stale off; these override\n@@ -3216,15 +3216,15 @@\n
Grammar: stale-answer-client-timeout ( disabled | off | <integer> );
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nDefines the amount of time (in milliseconds) that named waits before attempting to answer a query with a stale RRset from cache.
This option defines the amount of time (in milliseconds) that named\n waits before attempting to answer the query with a stale RRset from cache.\n If a stale answer is found, named continues the ongoing fetches,\n attempting to refresh the RRset in cache until the\n resolver-query-timeout interval is reached.
Grammar: stale-cache-enable <boolean>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nEnables the retention of \u201cstale\u201d cached answers.
\n \nIf yes, enable the retaining of \u201cstale\u201d cached answers. Default no.
Grammar: stale-refresh-time <duration>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSets the time window for the return of \u201cstale\u201d cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
\n \nIf the name servers for a given zone are not answering, this sets the time\n window for which named will promptly return \u201cstale\u201d cached answers for\n that RRSet being requested before a new attempt in contacting the servers\n is made. For convenience, TTL-style time-unit suffixes may be used to\n specify the value. It also accepts ISO 8601 duration formats.
Grammar zone (hint, mirror, primary, secondary, stub): check-names ( fail | warn | ignore );
Grammar options, view: check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
Blocks: options, view, zone (hint, mirror, primary, secondary, stub)
\n-Tags: query, server
\n+Tags: server, query
\nRestricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
\n \nThis option is used to restrict the character set and syntax of\n certain domain names in primary files and/or DNS responses received\n from the network. The default varies according to usage area. For\n type primary zones the default is fail. For type secondary zones the\n default is warn. For answers received from the network\n@@ -3586,15 +3586,15 @@\n
Grammar: check-dup-records ( fail | warn | ignore );
Blocks: options, view, zone (primary)
\n-Tags: dnssec, query
\n+Tags: query, dnssec
\nChecks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
\n \nThis checks primary zones for records that are treated as different by\n DNSSEC but are semantically equal in plain DNS. The default is to\n warn. Other possible values are fail and ignore.
Grammar: zero-no-soa-ttl <boolean>;
Blocks: options, view, zone (mirror, primary, secondary)
\n-Tags: zone, query, server
\n+Tags: server, query, zone
\nSpecifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
\n \nIf yes, when returning authoritative negative responses to SOA queries, set\n the TTL of the SOA record returned in the authority section to zero.\n The default is yes.
Grammar: zero-no-soa-ttl-cache <boolean>;
Blocks: options, view
\n-Tags: zone, query, server
\n+Tags: server, query, zone
\nSets the time to live (TTL) to zero when caching a negative response to an SOA query.
\n \nIf yes, when caching a negative response to an SOA query set the TTL to zero.\n The default is no.
Grammar: allow-recursion-on { <address_match_element>; ... };
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies which local addresses can accept recursive queries.
\n \nThis specifies which local addresses can accept recursive queries. If\n allow-recursion-on is not set, then allow-query-cache-on is\n used if set; otherwise, the default is to allow recursive queries on\n all addresses. Any client permitted to send recursive queries can\n send them to any address on which named is listening. Note: both\n@@ -4628,30 +4628,30 @@\n
Grammar: notify-rate <integer>;
Blocks: options
\n-Tags: zone, transfer
\n+Tags: transfer, zone
\nSpecifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
\n \nThis specifies the rate at which NOTIFY requests are sent during normal zone\n maintenance operations. (NOTIFY requests due to initial zone loading\n are subject to a separate rate limit; see below.) The default is 20\n per second. The lowest possible rate is one per second; when set to\n zero, it is silently raised to one.
\nGrammar: startup-notify-rate <integer>;
Blocks: options
\n-Tags: zone, transfer
\n+Tags: transfer, zone
\nSpecifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
\n \nThis is the rate at which NOTIFY requests are sent when the name server\n is first starting up, or when zones have been newly added to the\n name server. The default is 20 per second. The lowest possible rate is\n one per second; when set to zero, it is silently raised to one.
\nGrammar: max-records <integer>;
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
\n-Tags: zone, server
\n+Tags: server, zone
\nSets the maximum number of records permitted in a zone.
\n \nThis sets the maximum number of records permitted in a zone. The default is\n zero, which means the maximum is unlimited.
\nGrammar: fetches-per-zone <integer> [ ( drop | fail ) ];
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
\n \nThis sets the maximum number of simultaneous iterative queries to any one\n domain that the server permits before blocking new queries for\n data in or beneath that zone. This value should reflect how many\n fetches would normally be sent to any one zone in the time it would\n take to resolve them. It should be smaller than\n@@ -5037,15 +5037,15 @@\n
Grammar: fetches-per-server <integer> [ ( drop | fail ) ];
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
\n \nThis sets the maximum number of simultaneous iterative queries that the server\n allows to be sent to a single upstream name server before\n blocking additional queries. This value should reflect how many\n fetches would normally be sent to any one server in the time it would\n take to resolve them. It should be smaller than\n@@ -5070,15 +5070,15 @@\n
Grammar: fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSets the parameters for dynamic resizing of the fetches-per-server quota in response to detected congestion.
This sets the parameters to use for dynamic resizing of the\n fetches-per-server quota in response to detected congestion.
The first argument is an integer value indicating how frequently to\n recalculate the moving average of the ratio of timeouts to responses\n for each server. The default is 100, meaning that BIND recalculates the\n@@ -5166,15 +5166,15 @@\n
Grammar: tcp-initial-timeout <integer>;
Blocks: options
\n-Tags: query, server
\n+Tags: server, query
\nSets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
\n \nThis sets the amount of time (in units of 100 milliseconds) that the server waits on\n a new TCP connection for the first message from the client. The\n default is 300 (30 seconds), the minimum is 25 (2.5 seconds), and the\n maximum is 1200 (two minutes). Values above the maximum or below the\n minimum are adjusted with a logged warning. (Note: this value\n@@ -5837,15 +5837,15 @@\n
Grammar: masterfile-format ( raw | text );
Blocks: options, view, zone (mirror, primary, redirect, secondary, stub)
\n-Tags: zone, server
\n+Tags: server, zone
\nSpecifies the file format of zone files.
\n \nThis specifies the file format of zone files (see Additional File Formats\n for details). The default value is text, which is the standard\n textual representation, except for secondary zones, in which the default\n value is raw. Files in formats other than text are typically\n expected to be generated by the named-compilezone tool, or dumped by\n@@ -5900,28 +5900,28 @@\n
Grammar: max-recursion-queries <integer>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nSets the maximum number of iterative queries while servicing a recursive query.
\n \nThis sets the maximum number of iterative queries that may be sent while\n servicing a recursive query. If more queries are sent, the recursive\n query is terminated and returns SERVFAIL. The default is 100.
\nGrammar: notify-delay <integer>;
Blocks: options, view, zone (mirror, primary, secondary)
\n-Tags: zone, transfer
\n+Tags: transfer, zone
\nSets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
\n \nThis sets the delay, in seconds, between sending sets of NOTIFY messages\n for a zone. Whenever a NOTIFY message is sent for a zone, a timer will\n be set for this duration. If the zone is updated again before the timer\n expires, the NOTIFY for that update will be postponed. The default is 5\n seconds.
\n@@ -5930,15 +5930,15 @@\nGrammar: max-rsa-exponent-size <integer>;
Blocks: options
\n-Tags: dnssec, query
\n+Tags: query, dnssec
\nSets the maximum RSA exponent size (in bits) when validating.
\n \nThis sets the maximum RSA exponent size, in bits, that is accepted when\n validating. Valid values are 35 to 4096 bits. The default, zero, is\n also accepted and is equivalent to 4096.
\nGrammar: v6-bias <integer>;
Blocks: options, view
\n-Tags: query, server
\n+Tags: server, query
\nIndicates the number of milliseconds of preference to give to IPv6 name servers.
\n \nWhen determining the next name server to try, this indicates by how many\n milliseconds to prefer IPv6 name servers. The default is 50\n milliseconds.
Grammar: empty-server <string>;
Blocks: options, view
\n-Tags: zone, server
\n+Tags: server, zone
\nSpecifies the server name in the returned SOA record for empty zones.
\n \nThis specifies the server name that appears in the returned SOA record for\n empty zones. If none is specified, the zone\u2019s name is used.
\nGrammar: empty-contact <string>;
Blocks: options, view
\n-Tags: zone, server
\n+Tags: server, zone
\nSpecifies the contact name in the returned SOA record for empty zones.
\n \nThis specifies the contact name that appears in the returned SOA record for\n empty zones. If none is specified, \u201c.\u201d is used.
\nGrammar: empty-zones-enable <boolean>;
Blocks: options, view
\n-Tags: zone, server
\n+Tags: server, zone
\nEnables or disables all empty zones.
\n \nThis enables or disables all empty zones. By default, they are enabled.
\nGrammar: disable-empty-zone <string>; // may occur multiple times
Blocks: options, view
\n-Tags: zone, server
\n+Tags: server, zone
\nDisables individual empty zones.
\n \nThis disables individual empty zones. By default, none are disabled. This\n option can be specified multiple times.
\nGrammar: response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
Blocks: options, view
\n-Tags: zone, query, security, server
\n+Tags: security, server, query, zone
\nSpecifies response policy zones for the view or among global options.
\n \nResponse policy zones are named in the response-policy option for\n the view, or among the global options if there is no response-policy\n option for the view. Response policy zones are ordinary DNS zones\n containing RRsets that can be queried normally if allowed. It is usually\n best to restrict those queries with something like\n@@ -6607,42 +6607,42 @@\n such as SERVFAIL to appear to be rewritten, since no recursion is being\n done to discover problems at the authoritative server.
Grammar: dnsrps-enable <boolean>;
Blocks: options, view
\n-Tags: security, server
\n+Tags: server, security
\nTurns on the DNS Response Policy Service (DNSRPS) interface.
\n \nThe dnsrps-enable yes option turns on the DNS Response Policy Service\n (DNSRPS) interface, if it has been compiled in named using\n configure --enable-dnsrps.
Grammar: dnsrps-library <quoted_string>;
Blocks: options
\n-Tags: security, server
\n+Tags: server, security
\nTurns on the DNS Response Policy Service (DNSRPS) interface.
\n \nThis option specifies the path to the DNSRPS provider library. Typically\n this library is detected when building with configure --enable-dnsrps\n and does not need to be specified in named.conf; the option exists\n to override the default library for testing purposes.
Grammar: dnsrps-options { <unspecified-text> };
Blocks: options, view
\n-Tags: security, server
\n+Tags: server, security
\nProvides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
\n \nThe block provides additional RPZ configuration\n settings, which are passed through to the DNSRPS provider library.\n Multiple DNSRPS settings in an dnsrps-options string should be\n separated with semi-colons (;). The DNSRPS provider library is passed a\n configuration string consisting of the dnsrps-options text,\n@@ -7067,15 +7067,15 @@\n
Grammar: log-only <boolean>;
Blocks: options.rate-limit, view.rate-limit
\n-Tags: query, logging
\n+Tags: logging, query
\nTests rate-limiting parameters without actually dropping any requests.
\n \nUse log-only yes to test rate-limiting parameters without actually\n dropping any requests.
Responses dropped by rate limits are included in the RateDropped and\n@@ -7272,15 +7272,15 @@\n option.
Blocks: dnssec-policy, server, view.server
\n-Tags: security, server
\n+Tags: server, security
\nSpecifies one or more server_key s to be used with a remote server.
Warning
\nNot to be confused with keys in dnssec-policy specification.\n Although statements with the same name exist in both contexts, they refer\n to fundamentally incompatible concepts.
tls can only be set at the top level of named.conf.
The following options can be specified in a tls statement:
Grammar: key-file <quoted_string>;
Blocks: tls
\n-Tags: security, server
\n+Tags: server, security
\nSpecifies the path to a file containing the private TLS key for a connection.
\n \n\n\nPath to a file containing the private TLS key to be used for\n the connection.
\n
Grammar: cert-file <quoted_string>;
Blocks: tls
\n-Tags: security, server
\n+Tags: server, security
\nSpecifies the path to a file containing the TLS certificate for a connection.
\n \n\n\nPath to a file containing the TLS certificate to be used for\n the connection.
\n
Grammar: ca-file <quoted_string>;
Blocks: tls
\n-Tags: security, server
\n+Tags: server, security
\nSpecifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
\n \n\n\n \nPath to a file containing trusted CA authorities\u2019 TLS\n certificates used to verify remote peer certificates. Specifying\n this option enables remote peer certificates\u2019 verification. For\n incoming connections, specifying this option makes BIND require\n@@ -7481,15 +7481,15 @@\n \n \n
\n
- \n dhparam-file\uf0c1
\nGrammar:
\ndhparam-file <quoted_string>;Blocks: tls
\n-Tags: security, server
\n+Tags: server, security
\nSpecifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
\n \n\n\nPath to a file containing Diffie-Hellman parameters,\n which is needed to enable the cipher suites depending on the\n Diffie-Hellman ephemeral key exchange (DHE). Having these parameters\n specified is essential for enabling perfect forward secrecy capable\n@@ -7550,15 +7550,15 @@\n \n \n
\n
\n \n@@ -7673,15 +7673,15 @@\n \tlistener-clients <integer>;\n \tstreams-per-connection <integer>;\n }; // may occur multiple times\n- \n prefer-server-ciphers\uf0c1
\nGrammar:
\nprefer-server-ciphers <boolean>;Blocks: tls
\n-Tags: security, server
\n+Tags: server, security
\nSpecifies that server ciphers should be preferred over client ones.
\n \n\n\nSpecifies that server ciphers should be preferred over client ones.
\nBlocks: topmost
\n-Tags: query, server
\n+Tags: server, query
\nConfigures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
\n \n
http Block Definition and Usage\uf0c1http can only be set at the top level of named.conf.
The following options can be specified in an http statement:
Grammar: endpoints { <quoted_string>; ... };
Blocks: http
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies a list of HTTP query paths on which to listen.
\n \n\n\nA list of HTTP query paths on which to listen. This is the portion\n of an RFC 3986-compliant URI following the hostname; it must be\n an absolute path, beginning with \u201c/\u201d. The default value\n is
\n@@ -7708,28 +7708,28 @@\n \n \n"/dns-query", if omitted.\n
\n \n- \n listener-clients\uf0c1
\nGrammar:
\nlistener-clients <integer>;Blocks: http
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies a per-listener quota for active connections.
\n \n\n\nThe option specifies a per-listener quota for active connections.
\n\n
\n@@ -8247,15 +8247,15 @@\n \n \n- \n streams-per-connection\uf0c1
\nGrammar:
\nstreams-per-connection <integer>;Blocks: http
\n-Tags: query, server
\n+Tags: server, query
\nSpecifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
\n \n\n\nThe option specifies the hard limit on the number of concurrent\n HTTP/2 streams over an HTTP/2 connection.
\n\n
\n \n- \n zone-propagation-delay\uf0c1
\nGrammar:
\nzone-propagation-delay <duration>;Blocks: dnssec-policy
\n-Tags: dnssec, zone
\n+Tags: zone, dnssec
\nSets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.
\n \n\n\n@@ -8276,15 +8276,15 @@\nThis is the expected propagation delay from the time when a zone is\n first updated to the time when the new version of the zone is served\n by all secondary servers. The default is
\nPT5M(5 minutes).\n
- \n parent-propagation-delay\uf0c1
\nGrammar:
\nparent-propagation-delay <duration>;Blocks: dnssec-policy
\n-Tags: dnssec, zone
\n+Tags: zone, dnssec
\nSets the propagation delay from the time the parent zone is updated to when the new version is served by all of the parent zone\u2019s name servers.
\n \n\n\n@@ -9506,15 +9506,15 @@\n \tin-view <string>;\n };\nThis is the expected propagation delay from the time when the parent\n zone is updated to the time when the new version is served by all of\n the parent zone\u2019s name servers. The default is
\nPT1H(1 hour).
Grammar zone (in-view): in-view <string>;
Blocks: zone, zone (in-view), view.zone
\n-Tags: zone, view
\n+Tags: view, zone
\nSpecifies the view in which a given zone is defined.
\n \nWhen using multiple views, a type primary or type secondary zone configured\n in one view can be referenced in a subsequent view. This allows both views\n to use the same zone without the overhead of loading it more than once. This\n is configured using a zone statement, with an in-view option\n specifying the view in which the zone is defined. A zone statement\n@@ -9682,15 +9682,15 @@\n
Grammar: server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
Blocks: zone (static-stub)
\n-Tags: zone, query
\n+Tags: query, zone
\nSpecifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
\n \nThis option is only meaningful for static-stub zones. This is a list of IP addresses\n to which queries should be sent in recursive resolution for the zone.\n A non-empty list for this option internally configures the apex\n NS RR with associated glue A or AAAA RRs.
\nFor example, if \u201cexample.com\u201d is configured as a static-stub zone\n@@ -9771,15 +9771,15 @@\n
Grammar: inline-signing <boolean>;
Blocks: dnssec-policy, zone (primary, secondary)
\n-Tags: dnssec, zone
\n+Tags: zone, dnssec
\nSpecifies whether BIND 9 maintains a separate signed version of a zone.
\n \nThe use of inline signing is determined by the dnssec-policy for\n the zone. If inline-signing is explicitly set to yes or no\n in zone, then it overrides any value from dnssec-policy.
Limits UDP responses of all kinds.
\nquery
Controls the ability to add zones at runtime via rndc addzone.
zone, server
server, zone
Defines an address_match_list that is allowed to send NOTIFY messages for the zone, in addition to addresses defined in the primaries option for the zone.
transfer
Defines an address_match_list of clients that are allowed to perform recursive queries.
query
Specifies which local addresses can accept recursive queries.
\nquery, server
server, query
Defines an address_match_list of hosts that are allowed to transfer the zone information from this server.
transfer
Controls flushing of log messages.
\nlogging
Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
\nsecurity, server
server, security
Configures catalog zones in named.conf.
zone
Specifies the digest types to use for CDS resource records.
\ndnssec
Specifies the path to a file containing the TLS certificate for a connection.
\nsecurity, server
server, security
Defines a stream of data that can be independently logged.
\nlogging
Checks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
\ndnssec, query
query, dnssec
Performs post-load zone integrity checks on primary zones.
\nzone
Sets the response to MX records that refer to CNAMEs.
\nzone
Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
\nquery, server
server, query
Specifies whether to check for sibling glue when performing integrity checks.
\nzone
Rejects CNAME or DNAME records if the "alias" name matches a given list of domain_name elements.
query
Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
\nsecurity, server
server, security
Concentrates zone maintenance so that all transfers take place once every heartbeat-interval, ideally during a single call.
deprecated
Disables DNSSEC algorithms from a specified zone.
\ndnssec
Disables DS digest types from a specified zone.
\ndnssec, zone
zone, dnssec
Disables individual empty zones.
\nzone, server
server, zone
Configures a Dynamically Loadable Zone (DLZ) database in named.conf.
zone
Specifies the time to live (TTL) for DNSKEY resource records.
\ndnssec
Turns on the DNS Response Policy Service (DNSRPS) interface.
\nsecurity, server
server, security
Turns on the DNS Response Policy Service (DNSRPS) interface.
\nsecurity, server
server, security
Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
\nsecurity, server
server, security
Instructs BIND 9 to accept expired DNSSEC signatures when validating.
\ndnssec
Sets the maximum EDNS VERSION that is sent to the server(s) by the resolver.
\nserver
Specifies the contact name in the returned SOA record for empty zones.
\nzone, server
server, zone
Specifies the server name in the returned SOA record for empty zones.
\nzone, server
server, zone
Enables or disables all empty zones.
\nzone, server
server, zone
Specifies a list of HTTP query paths on which to listen.
\nquery, server
server, query
Limits the number of errors for a valid domain name and record type.
\nserver
Exempts specific clients or client groups from rate limiting.
\nquery
Sets the parameters for dynamic resizing of the fetches-per-server quota in response to detected congestion.
query, server
server, query
Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
\nquery, server
server, query
Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
\nquery, server
server, query
Specifies the zone's filename.
\nzone
Specifies the hostname of the server to return in response to a hostname.bind query.
server
Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
\nquery, server
server, query
Limits the number of active concurrent connections on a per-listener basis.
\nserver
Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
\nquery, server
server, query
Limits the number of active concurrent HTTP/2 streams on a per-connection basis.
\nserver
Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
\nquery, server
server, query
Specifies the view in which a given zone is defined.
\nzone, view
view, zone
Specifies a TCP socket as a control channel.
\nserver
Specifies whether BIND 9 maintains a separate signed version of a zone.
\ndnssec, zone
zone, dnssec
Sets the interval at which the server scans the network interface list.
\nserver
Enables automatic IPv4 zones if a dns64 block is configured.
query
Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64.
query, server
server, query
Specifies the prefix lengths of IPv6 address blocks.
\nserver
Indicates the directory where public and private DNSSEC key files are found.
\ndnssec
Specifies the path to a file containing the private TLS key for a connection.
\nsecurity, server
server, security
Specifies one or more server_key s to be used with a remote server.
security, server
server, security
Sets the resolver's lame cache.
\nserver
Specifies the IPv6 addresses on which a server listens for DNS queries.
\nserver
Specifies a per-listener quota for active connections.
\nquery, server
server, query
Sets a maximum size for the memory map of the new-zone database in LMDB database format.
\nserver
Tests rate-limiting parameters without actually dropping any requests.
\nquery, logging
logging, query
Configures logging options for the name server.
\nlogging
Specifies an access control list (ACL) of IPv4 addresses that are to be mapped to the corresponding A RRset in dns64.
query
Specifies the file format of zone files.
\nzone, server
server, zone
Specifies the format of zone files during a dump, when the masterfile-format is text.
server
Specifies the maximum retention time (in seconds) for storage of negative answers in the server's cache.
\nserver
Sets the maximum number of records permitted in a zone.
\nzone, server
server, zone
Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.
\nserver
Sets the maximum number of iterative queries while servicing a recursive query.
\nquery, server
server, query
Limits the zone refresh interval to no less often than the specified value, in seconds.
\ntransfer
Limits the zone refresh retry interval to no less often than the specified value, in seconds.
\ntransfer
Sets the maximum RSA exponent size (in bits) when validating.
\ndnssec, query
query, dnssec
Specifies the maximum time that the server retains records past their normal expiry, to return them as stale records.
\nserver
Controls whether NOTIFY messages are sent on zone changes.
transfer
Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
\nzone, transfer
transfer, zone
Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
\nzone, transfer
transfer, zone
Defines the IPv4 address (and optional port) to be used for outgoing NOTIFY messages.
transfer
Sets the time to live (TTL) of the DS RRset used by the parent zone.
\ndnssec
Sets the propagation delay from the time the parent zone is updated to when the new version is served by all of the parent zone's name servers.
\ndnssec, zone
zone, dnssec
Defines a list of delegation agents to be used by primary and secondary zones.
\nzone
Configures plugins in named.conf.
server
Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
\nquery, server
server, query
Specifies that server ciphers should be preferred over client ones.
\nsecurity, server
server, security
Controls the order of glue records in an A or AAAA response.
\nquery
Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.
\nquery
Specifies response policy zones for the view or among global options.
\nzone, query, security, server
security, server, query, zone
Limits the number of non-empty responses for a valid domain name and record type.
\nquery
Defines characteristics to be associated with a remote name server.
\nserver
Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
\nzone, query
query, zone
Specifies the ID of the server to return in response to a ID.SERVER query.
server
Controls the ordering of RRs returned to the client, based on the client's IP address.
\nquery
Defines the amount of time (in milliseconds) that named waits before attempting to answer a query with a stale RRset from cache.
query, server
server, query
Enables the returning of "stale" cached answers when the name servers for a zone are not answering.
\nquery, server
server, query
Specifies the time to live (TTL) to be returned on stale answers, in seconds.
\nquery
Enables the retention of "stale" cached answers.
\nquery, server
server, query
Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
\nquery, server
server, query
Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
\nzone, transfer
transfer, zone
Specifies the communication channels to be used by system administrators to access statistics information on the name server.
\nlogging
Directs the logging channel output to the server's standard error stream.
\nlogging
Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
\nquery, server
server, query
Defines trailing bits for mapped IPv4 address bits in dns64.
query
Sets the amount of time (in milliseconds) that the server waits on an idle TCP connection before closing it, if the EDNS TCP keepalive option is not in use.
\nquery
Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
\nquery, server
server, query
Adds EDNS TCP keepalive to messages sent over TCP.
\nserver
Configures a TLS connection.
\nsecurity
Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
\nquery, server
server, query
Controls whether multiple records can be packed into a message during zone transfers.
\ntransfer
Specifies a list of ports that are valid sources for UDP/IPv6 messages.
\ndeprecated
Indicates the number of milliseconds of preference to give to IPv6 name servers.
\nquery, server
server, query
Specifies a list of domain names at and beneath which DNSSEC validation should not be performed.
\ndnssec
Specifies the length of time during which responses are tracked.
\nquery
Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
\nzone, query, server
server, query, zone
Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
\nzone, query, server
server, query, zone
Specifies the zone in a BIND 9 configuration.
\nzone
Sets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.
\ndnssec, zone
zone, dnssec
Controls the level of statistics gathered for all zones.
\nzone, logging
logging, zone
These tables group the various statements permissible in named.conf by\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -2364,1178 +2364,1218 @@\n _\bZ_\bo_\bn_\be_\b _\bT_\ba_\bg_\b _\bS_\bt_\ba_\bt_\be_\bm_\be_\bn_\bt_\bs relate to or control zone behavior, and typically only\n appear in a zone block.\n _\bD_\be_\bp_\br_\be_\bc_\ba_\bt_\be_\bd_\b _\bT_\ba_\bg_\b _\bS_\bt_\ba_\bt_\be_\bm_\be_\bn_\bt_\bs are those that are now deprecated, but are included\n here for historical reference.\n The following table lists all statements permissible in named.conf, with their\n associated tags; the next section groups the statements by tag. Please note\n that these sections are a work in progress.\n-S\bSt\bta\bat\bte\bem\bme\ben\bnt\bt D\bDe\bes\bsc\bcr\bri\bip\bpt\bti\bio\bon\bn T\bTa\bag\bgs\bs\n-_\ba_\bc_\bl Assigns a symbolic name to server\n- an address match list.\n-_\ba_\bl_\bg_\bo_\br_\bi_\bt_\bh_\bm Defines the algorithm to be security\n- used in a key clause.\n-_\ba_\bl_\bl_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd Limits UDP responses of all query\n- kinds.\n- Controls the ability to add\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bn_\be_\bw_\b-_\bz_\bo_\bn_\be_\bs zones at runtime via _\br_\bn_\bd_\bc zone, server\n- _\ba_\bd_\bd_\bz_\bo_\bn_\be.\n- Defines an\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt that is\n- allowed to send NOTIFY\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bn_\bo_\bt_\bi_\bf_\by messages for the zone, in transfer\n- addition to addresses\n- defined in the _\bp_\br_\bi_\bm_\ba_\br_\bi_\be_\bs\n- option for the zone.\n- Defines an\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bp_\br_\bo_\bx_\by _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt for the server\n- client addresses allowed to\n- send PROXYv2 headers.\n- Defines an\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt for the\n- interface addresses allowed\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bp_\br_\bo_\bx_\by_\b-_\bo_\bn to accept PROXYv2 headers. server\n- The option is mostly\n- intended for multi-homed\n- configurations.\n- Specifies which hosts (an IP\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by address list) are allowed to query\n- send queries to this\n- resolver.\n- Specifies which hosts (an IP\n- address list) can access\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by_\b-_\bc_\ba_\bc_\bh_\be this server's cache and thus query\n- effectively controls\n- recursion.\n- Specifies which hosts (an IP\n- address list) can access\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bo_\bn this server's cache. Used on query\n- servers with multiple\n- interfaces.\n- Specifies which local\n- addresses (an IP address\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by_\b-_\bo_\bn list) are allowed to send query\n- queries to this resolver.\n- Used in multi-homed\n- configurations.\n- Defines an\n-_\ba_\bl_\bl_\bo_\bw_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of query\n- clients that are allowed to\n- perform recursive queries.\n- Specifies which local\n-_\ba_\bl_\bl_\bo_\bw_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn_\b-_\bo_\bn addresses can accept query, server\n- recursive queries.\n- Defines an\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br that are allowed to transfer transfer\n- the zone information from\n- this server.\n- Defines an\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bu_\bp_\bd_\ba_\bt_\be that are allowed to submit transfer\n- dynamic updates for primary\n- zones.\n- Defines an\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n-_\ba_\bl_\bl_\bo_\bw_\b-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bf_\bo_\br_\bw_\ba_\br_\bd_\bi_\bn_\bg that are allowed to submit transfer\n- dynamic updates to a\n- secondary server for\n- transmission to a primary.\n- Defines one or more hosts\n-_\ba_\bl_\bs_\bo_\b-_\bn_\bo_\bt_\bi_\bf_\by that are sent NOTIFY transfer\n- messages when zone changes\n- occur.\n- Controls whether COOKIE EDNS\n-_\ba_\bn_\bs_\bw_\be_\br_\b-_\bc_\bo_\bo_\bk_\bi_\be replies are sent in response query\n- to client queries.\n- Allows multiple views to\n-_\ba_\bt_\bt_\ba_\bc_\bh_\b-_\bc_\ba_\bc_\bh_\be share a single cache view\n- database.\n- Controls whether BIND,\n- acting as a resolver,\n-_\ba_\bu_\bt_\bh_\b-_\bn_\bx_\bd_\bo_\bm_\ba_\bi_\bn provides authoritative query\n- NXDOMAIN (domain does not\n- exist) answers.\n- Controls the automatic\n-_\ba_\bu_\bt_\bo_\bm_\ba_\bt_\bi_\bc_\b-_\bi_\bn_\bt_\be_\br_\bf_\ba_\bc_\be_\b-_\bs_\bc_\ba_\bn rescanning of network server\n- interfaces when addresses\n- are added or removed.\n- Specifies the range(s) of\n-_\ba_\bv_\bo_\bi_\bd_\b-_\bv_\b4_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs ports to be excluded from deprecated\n- use as sources for UDP/IPv4\n- messages.\n- Specifies the range(s) of\n-_\ba_\bv_\bo_\bi_\bd_\b-_\bv_\b6_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs ports to be excluded from deprecated\n- use as sources for UDP/IPv6\n- messages.\n- Specifies the pathname of a\n-_\bb_\bi_\bn_\bd_\bk_\be_\by_\bs_\b-_\bf_\bi_\bl_\be file to override the built- dnssec\n- in trusted keys provided by\n- _\bn_\ba_\bm_\be_\bd.\n- Defines an\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n-_\bb_\bl_\ba_\bc_\bk_\bh_\bo_\bl_\be to ignore. The server will query\n- neither respond to queries\n- from nor send queries to\n- these addresses.\n-_\bb_\bo_\bg_\bu_\bs Allows a remote server to be server\n- ignored.\n- Enables _\bd_\bn_\bs_\b6_\b4 synthesis even\n-_\bb_\br_\be_\ba_\bk_\b-_\bd_\bn_\bs_\bs_\be_\bc if the validated result query\n- would cause a DNSSEC\n- validation failure.\n-_\bb_\bu_\bf_\bf_\be_\br_\be_\bd Controls flushing of log logging\n- messages.\n- Specifies the path to a file\n- containing TLS certificates\n-_\bc_\ba_\b-_\bf_\bi_\bl_\be for trusted CA authorities, security, server\n- used to verify remote peer\n- certificates.\n-_\bc_\ba_\bt_\ba_\bl_\bo_\bg_\b-_\bz_\bo_\bn_\be_\bs Configures catalog zones in zone\n- _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n- Specifies the type of data\n-_\bc_\ba_\bt_\be_\bg_\bo_\br_\by logged to a particular logging\n- channel.\n- Specifies whether a CDNSKEY\n-_\bc_\bd_\bn_\bs_\bk_\be_\by record should be published dnssec\n- during KSK rollover.\n- Specifies the digest types\n-_\bc_\bd_\bs_\b-_\bd_\bi_\bg_\be_\bs_\bt_\b-_\bt_\by_\bp_\be_\bs to use for CDS resource dnssec\n- records.\n- Specifies the path to a file\n-_\bc_\be_\br_\bt_\b-_\bf_\bi_\bl_\be containing the TLS security, server\n- certificate for a\n- connection.\n- Defines a stream of data\n-_\bc_\bh_\ba_\bn_\bn_\be_\bl that can be independently logging\n- logged.\n- Checks primary zones for\n- records that are treated as\n-_\bc_\bh_\be_\bc_\bk_\b-_\bd_\bu_\bp_\b-_\br_\be_\bc_\bo_\br_\bd_\bs different by DNSSEC but are dnssec, query\n- semantically equal in plain\n- DNS.\n- Performs post-load zone\n-_\bc_\bh_\be_\bc_\bk_\b-_\bi_\bn_\bt_\be_\bg_\br_\bi_\bt_\by integrity checks on primary zone\n- zones.\n- Checks whether an MX record\n-_\bc_\bh_\be_\bc_\bk_\b-_\bm_\bx appears to refer to an IP zone\n- address.\n- Sets the response to MX\n-_\bc_\bh_\be_\bc_\bk_\b-_\bm_\bx_\b-_\bc_\bn_\ba_\bm_\be records that refer to zone\n- CNAMEs.\n- Restricts the character set\n- and syntax of certain domain\n-_\bc_\bh_\be_\bc_\bk_\b-_\bn_\ba_\bm_\be_\bs names in primary files and/ query, server\n- or DNS responses received\n- from the network.\n- Specifies whether to check\n-_\bc_\bh_\be_\bc_\bk_\b-_\bs_\bi_\bb_\bl_\bi_\bn_\bg for sibling glue when zone\n- performing integrity checks.\n- Specifies whether to check\n-_\bc_\bh_\be_\bc_\bk_\b-_\bs_\bp_\bf for a TXT Sender Policy zone\n- Framework record, if an SPF\n- record is present.\n- Sets the response to SRV\n-_\bc_\bh_\be_\bc_\bk_\b-_\bs_\br_\bv_\b-_\bc_\bn_\ba_\bm_\be records that refer to zone\n- CNAMEs.\n- Specifies whether to perform\n-_\bc_\bh_\be_\bc_\bk_\b-_\bs_\bv_\bc_\bb additional checks on SVCB zone\n- records.\n-_\bc_\bh_\be_\bc_\bk_\b-_\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd Checks for non-terminal zone\n- wildcards.\n-_\bc_\bh_\be_\bc_\bk_\bd_\bs Controls whether DS queries dnssec\n- are sent to parental agents.\n-_\bc_\bi_\bp_\bh_\be_\br_\bs Specifies a list of allowed security\n- ciphers.\n- Specifies an access control\n-_\bc_\bl_\bi_\be_\bn_\bt_\bs list (ACL) of clients that query\n- are affected by a given\n- _\bd_\bn_\bs_\b6_\b4 directive.\n- Sets the initial minimum\n- number of simultaneous\n-_\bc_\bl_\bi_\be_\bn_\bt_\bs_\b-_\bp_\be_\br_\b-_\bq_\bu_\be_\br_\by recursive clients accepted server\n- by the server for any given\n- query before the server\n- drops additional clients.\n- Specifies control channels\n-_\bc_\bo_\bn_\bt_\br_\bo_\bl_\bs to be used to manage the server\n- name server.\n- Sets the algorithm to be\n-_\bc_\bo_\bo_\bk_\bi_\be_\b-_\ba_\bl_\bg_\bo_\br_\bi_\bt_\bh_\bm used when generating a server\n- server cookie.\n- Specifies a shared secret\n- used for generating and\n-_\bc_\bo_\bo_\bk_\bi_\be_\b-_\bs_\be_\bc_\br_\be_\bt verifying EDNS COOKIE server\n- options within an anycast\n- cluster.\n- Specifies the type of\n-_\bd_\ba_\bt_\ba_\bb_\ba_\bs_\be database to be used to store zone\n- zone data.\n- Rejects A or AAAA records if\n-_\bd_\be_\bn_\by_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\ba_\bd_\bd_\br_\be_\bs_\bs_\be_\bs the corresponding IPv4 or query\n- IPv6 addresses match a given\n- _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt.\n- Rejects CNAME or DNAME\n-_\bd_\be_\bn_\by_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\ba_\bl_\bi_\ba_\bs_\be_\bs records if the \"alias\" name query\n- matches a given list of\n- _\bd_\bo_\bm_\ba_\bi_\bn_\b__\bn_\ba_\bm_\be elements.\n- Specifies the path to a file\n-_\bd_\bh_\bp_\ba_\br_\ba_\bm_\b-_\bf_\bi_\bl_\be containing Diffie-Hellman security, server\n- parameters, for enabling\n- cipher suites.\n- Concentrates zone\n- maintenance so that all\n-_\bd_\bi_\ba_\bl_\bu_\bp transfers take place once deprecated\n- every _\bh_\be_\ba_\br_\bt_\bb_\be_\ba_\bt_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl,\n- ideally during a single\n- call.\n-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by Sets the server's working server\n- directory.\n-_\bd_\bi_\bs_\ba_\bb_\bl_\be_\b-_\ba_\bl_\bg_\bo_\br_\bi_\bt_\bh_\bm_\bs Disables DNSSEC algorithms dnssec\n- from a specified zone.\n-_\bd_\bi_\bs_\ba_\bb_\bl_\be_\b-_\bd_\bs_\b-_\bd_\bi_\bg_\be_\bs_\bt_\bs Disables DS digest types dnssec, zone\n- from a specified zone.\n-_\bd_\bi_\bs_\ba_\bb_\bl_\be_\b-_\be_\bm_\bp_\bt_\by_\b-_\bz_\bo_\bn_\be Disables individual empty zone, server\n- zones.\n- Configures a Dynamically\n-_\bd_\bl_\bz Loadable Zone (DLZ) database zone\n- in _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n- Instructs _\bn_\ba_\bm_\be_\bd to return\n-_\bd_\bn_\bs_\b6_\b4 mapped IPv4 addresses to query\n- AAAA queries when there are\n- no AAAA records.\n-_\bd_\bn_\bs_\b6_\b4_\b-_\bc_\bo_\bn_\bt_\ba_\bc_\bt Specifies the name of the server\n- contact for _\bd_\bn_\bs_\b6_\b4 zones.\n-_\bd_\bn_\bs_\b6_\b4_\b-_\bs_\be_\br_\bv_\be_\br Specifies the name of the server\n- server for _\bd_\bn_\bs_\b6_\b4 zones.\n-_\bd_\bn_\bs_\bk_\be_\by_\b-_\bs_\bi_\bg_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by obsolete\n- Specifies the time to live\n-_\bd_\bn_\bs_\bk_\be_\by_\b-_\bt_\bt_\bl (TTL) for DNSKEY resource dnssec\n- records.\n- Turns on the DNS Response\n-_\bd_\bn_\bs_\br_\bp_\bs_\b-_\be_\bn_\ba_\bb_\bl_\be Policy Service (DNSRPS) security, server\n- interface.\n- Turns on the DNS Response\n-_\bd_\bn_\bs_\br_\bp_\bs_\b-_\bl_\bi_\bb_\br_\ba_\br_\by Policy Service (DNSRPS) security, server\n- interface.\n- Provides additional RPZ\n- configuration settings,\n-_\bd_\bn_\bs_\br_\bp_\bs_\b-_\bo_\bp_\bt_\bi_\bo_\bn_\bs which are passed to the DNS security, server\n- Response Policy Service\n- (DNSRPS) provider library.\n- Instructs BIND 9 to accept\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\ba_\bc_\bc_\be_\bp_\bt_\b-_\be_\bx_\bp_\bi_\br_\be_\bd expired DNSSEC signatures dnssec\n- when validating.\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bd_\bn_\bs_\bk_\be_\by_\b-_\bk_\bs_\bk_\bo_\bn_\bl_\by obsolete\n- Sets the frequency of\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bl_\bo_\ba_\bd_\bk_\be_\by_\bs_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl automatic checks of the dnssec\n- DNSSEC key repository.\n- Defines hierarchies that\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bm_\bu_\bs_\bt_\b-_\bb_\be_\b-_\bs_\be_\bc_\bu_\br_\be must or may not be secure deprecated\n- (signed and validated).\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bp_\bo_\bl_\bi_\bc_\by Defines a key and signing dnssec\n- policy (KASP) for zones.\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bs_\be_\bc_\bu_\br_\be_\b-_\bt_\bo_\b-_\bi_\bn_\bs_\be_\bc_\bu_\br_\be obsolete\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bm_\bo_\bd_\be obsolete\n-_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\bi_\bo_\bn Enables DNSSEC validation in dnssec\n- _\bn_\ba_\bm_\be_\bd.\n-_\bd_\bn_\bs_\bt_\ba_\bp Enables logging of _\bd_\bn_\bs_\bt_\ba_\bp logging\n- messages.\n-_\bd_\bn_\bs_\bt_\ba_\bp_\b-_\bi_\bd_\be_\bn_\bt_\bi_\bt_\by Specifies an identity string logging\n- to send in _\bd_\bn_\bs_\bt_\ba_\bp messages.\n- Configures the path to which\n-_\bd_\bn_\bs_\bt_\ba_\bp_\b-_\bo_\bu_\bt_\bp_\bu_\bt the _\bd_\bn_\bs_\bt_\ba_\bp frame stream is logging\n- sent.\n-_\bd_\bn_\bs_\bt_\ba_\bp_\b-_\bv_\be_\br_\bs_\bi_\bo_\bn Specifies a _\bv_\be_\br_\bs_\bi_\bo_\bn string logging\n- to send in _\bd_\bn_\bs_\bt_\ba_\bp messages.\n- Specifies host names or\n-_\bd_\bu_\ba_\bl_\b-_\bs_\bt_\ba_\bc_\bk_\b-_\bs_\be_\br_\bv_\be_\br_\bs addresses of machines with server\n- access to both IPv4 and IPv6\n- transports.\n- Indicates the pathname of\n-_\bd_\bu_\bm_\bp_\b-_\bf_\bi_\bl_\be the file where the server logging\n- dumps the database after\n- _\br_\bn_\bd_\bc_\b _\bd_\bu_\bm_\bp_\bd_\bb.\n-_\bd_\by_\bn_\bd_\bb Configures a DynDB database zone\n- in _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n-_\be_\bd_\bn_\bs Controls the use of the server\n- EDNS0 (_\bR\bR_\bF\bF_\bC\bC_\b _\b2\b2_\b6\b6_\b7\b7_\b1\b1) feature.\n- Sets the maximum advertised\n- EDNS UDP buffer size to\n-_\be_\bd_\bn_\bs_\b-_\bu_\bd_\bp_\b-_\bs_\bi_\bz_\be control the size of packets query\n- received from authoritative\n- servers in response to\n- recursive queries.\n- Sets the maximum EDNS\n-_\be_\bd_\bn_\bs_\b-_\bv_\be_\br_\bs_\bi_\bo_\bn VERSION that is sent to the server\n- server(s) by the resolver.\n- Specifies the contact name\n-_\be_\bm_\bp_\bt_\by_\b-_\bc_\bo_\bn_\bt_\ba_\bc_\bt in the returned SOA record zone, server\n- for empty zones.\n- Specifies the server name in\n-_\be_\bm_\bp_\bt_\by_\b-_\bs_\be_\br_\bv_\be_\br the returned SOA record for zone, server\n- empty zones.\n-_\be_\bm_\bp_\bt_\by_\b-_\bz_\bo_\bn_\be_\bs_\b-_\be_\bn_\ba_\bb_\bl_\be Enables or disables all zone, server\n- empty zones.\n- Specifies a list of HTTP\n-_\be_\bn_\bd_\bp_\bo_\bi_\bn_\bt_\bs query paths on which to query, server\n- listen.\n- Limits the number of errors\n-_\be_\br_\br_\bo_\br_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd for a valid domain name and server\n- record type.\n- Allows a list of IPv6\n- addresses to be ignored if\n-_\be_\bx_\bc_\bl_\bu_\bd_\be they appear in a domain query\n- name's AAAA records in\n- _\bd_\bn_\bs_\b6_\b4.\n- Exempts specific clients or\n-_\be_\bx_\be_\bm_\bp_\bt_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs client groups from rate query\n- limiting.\n- Sets the parameters for\n- dynamic resizing of the\n-_\bf_\be_\bt_\bc_\bh_\b-_\bq_\bu_\bo_\bt_\ba_\b-_\bp_\ba_\br_\ba_\bm_\bs _\bf_\be_\bt_\bc_\bh_\be_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\br_\bv_\be_\br quota in query, server\n- response to detected\n- congestion.\n- Sets the maximum number of\n- simultaneous iterative\n- queries allowed to be sent\n-_\bf_\be_\bt_\bc_\bh_\be_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\br_\bv_\be_\br by a server to an upstream query, server\n- name server before the\n- server blocks additional\n- queries.\n- Sets the maximum number of\n- simultaneous iterative\n-_\bf_\be_\bt_\bc_\bh_\be_\bs_\b-_\bp_\be_\br_\b-_\bz_\bo_\bn_\be queries allowed to any one query, server\n- domain before the server\n- blocks new queries for data\n- in or beneath that zone.\n-_\bf_\bi_\bl_\be Specifies the zone's zone\n- filename.\n- Controls whether pending\n-_\bf_\bl_\bu_\bs_\bh_\b-_\bz_\bo_\bn_\be_\bs_\b-_\bo_\bn_\b-_\bs_\bh_\bu_\bt_\bd_\bo_\bw_\bn zone writes are flushed when zone\n- the name server exits.\n- Allows or disallows fallback\n- to recursion if forwarding\n-_\bf_\bo_\br_\bw_\ba_\br_\bd has failed; it is always query\n- used in conjunction with the\n- _\bf_\bo_\br_\bw_\ba_\br_\bd_\be_\br_\bs statement.\n-_\bf_\bo_\br_\bw_\ba_\br_\bd_\be_\br_\bs Defines one or more hosts to query\n- which queries are forwarded.\n- Sets the number of\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bb_\bu_\bf_\bf_\be_\br_\b-_\bh_\bi_\bn_\bt accumulated bytes in the logging\n- output buffer before forcing\n- a buffer flush.\n- Sets the number of seconds\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bf_\bl_\bu_\bs_\bh_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt that unflushed data remains logging\n- in the output buffer.\n- Sets the number of queue\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bi_\bn_\bp_\bu_\bt_\b-_\bq_\bu_\be_\bu_\be_\b-_\bs_\bi_\bz_\be entries to allocate for each logging\n- input queue.\n- Sets the number of\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bo_\bu_\bt_\bp_\bu_\bt_\b-_\bn_\bo_\bt_\bi_\bf_\by_\b- outstanding queue entries\n-_\bt_\bh_\br_\be_\bs_\bh_\bo_\bl_\bd allowed on an input queue logging\n- before waking the I/\n- O thread.\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bo_\bu_\bt_\bp_\bu_\bt_\b-_\bq_\bu_\be_\bu_\be_\b- Sets the queuing semantics logging\n-_\bm_\bo_\bd_\be_\bl to use for queue objects.\n- Sets the number of queue\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bo_\bu_\bt_\bp_\bu_\bt_\b-_\bq_\bu_\be_\bu_\be_\b-_\bs_\bi_\bz_\be entries allocated for each logging\n- output queue.\n- Sets the number of seconds\n-_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\br_\be_\bo_\bp_\be_\bn_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl to wait between attempts to logging\n- reopen a closed output\n- stream.\n- Specifies the directory\n-_\bg_\be_\bo_\bi_\bp_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by containing GeoIP database server\n- files.\n- Sets the interval at which\n-_\bh_\be_\ba_\br_\bt_\bb_\be_\ba_\bt_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl the server performs zone deprecated\n- maintenance tasks for all\n- zones marked as _\bd_\bi_\ba_\bl_\bu_\bp.\n- Specifies the hostname of\n-_\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be the server to return in server\n- response to a hostname.bind\n- query.\n- Configures HTTP endpoints on\n-_\bh_\bt_\bt_\bp which to listen for DNS- query, server\n- over-HTTPS (DoH) queries.\n- Limits the number of active\n-_\bh_\bt_\bt_\bp_\b-_\bl_\bi_\bs_\bt_\be_\bn_\be_\br_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs concurrent connections on a server\n- per-listener basis.\n- Specifies the TCP port\n-_\bh_\bt_\bt_\bp_\b-_\bp_\bo_\br_\bt number the server uses to query, server\n- receive and send unencrypted\n- DNS traffic via HTTP.\n- Limits the number of active\n-_\bh_\bt_\bt_\bp_\b-_\bs_\bt_\br_\be_\ba_\bm_\bs_\b-_\bp_\be_\br_\b-_\bc_\bo_\bn_\bn_\be_\bc_\bt_\bi_\bo_\bn concurrent HTTP/2 streams on server\n- a per-connection basis.\n- Specifies the TCP port\n-_\bh_\bt_\bt_\bp_\bs_\b-_\bp_\bo_\br_\bt number the server uses to query, server\n- receive and send DNS-over-\n- HTTPS protocol traffic.\n-_\bi_\bn_\b-_\bv_\bi_\be_\bw Specifies the view in which zone, view\n- a given zone is defined.\n-_\bi_\bn_\be_\bt Specifies a TCP socket as a server\n- control channel.\n- Specifies whether BIND 9\n-_\bi_\bn_\bl_\bi_\bn_\be_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg maintains a separate signed dnssec, zone\n- version of a zone.\n- Sets the interval at which\n-_\bi_\bn_\bt_\be_\br_\bf_\ba_\bc_\be_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl the server scans the network server\n- interface list.\n-_\bi_\bp_\bv_\b4_\b-_\bp_\br_\be_\bf_\bi_\bx_\b-_\bl_\be_\bn_\bg_\bt_\bh Specifies the prefix lengths server\n- of IPv4 address blocks.\n- Specifies the contact for\n-_\bi_\bp_\bv_\b4_\bo_\bn_\bl_\by_\b-_\bc_\bo_\bn_\bt_\ba_\bc_\bt the IPV4ONLY.ARPA zone server\n- created by _\bd_\bn_\bs_\b6_\b4.\n- Enables automatic IPv4 zones\n-_\bi_\bp_\bv_\b4_\bo_\bn_\bl_\by_\b-_\be_\bn_\ba_\bb_\bl_\be if a _\bd_\bn_\bs_\b6_\b4 block is query\n- configured.\n- Specifies the name of the\n-_\bi_\bp_\bv_\b4_\bo_\bn_\bl_\by_\b-_\bs_\be_\br_\bv_\be_\br server for the IPV4ONLY.ARPA query, server\n- zone created by _\bd_\bn_\bs_\b6_\b4.\n-_\bi_\bp_\bv_\b6_\b-_\bp_\br_\be_\bf_\bi_\bx_\b-_\bl_\be_\bn_\bg_\bt_\bh Specifies the prefix lengths server\n- of IPv6 address blocks.\n-_\bi_\bx_\bf_\br_\b-_\bf_\br_\bo_\bm_\b-_\bd_\bi_\bf_\bf_\be_\br_\be_\bn_\bc_\be_\bs Controls how IXFR transfers transfer\n- are calculated.\n-_\bj_\bo_\bu_\br_\bn_\ba_\bl Allows the default journal's zone\n- filename to be overridden.\n- Defines a shared secret key\n-_\bk_\be_\by for use with _\bT_\bS_\bI_\bG or the security\n- command channel.\n- Indicates the directory\n-_\bk_\be_\by_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by where public and private dnssec\n- DNSSEC key files are found.\n- Specifies the path to a file\n-_\bk_\be_\by_\b-_\bf_\bi_\bl_\be containing the private TLS security, server\n- key for a connection.\n- Specifies one or more\n-_\bk_\be_\by_\bs _\bs_\be_\br_\bv_\be_\br_\b__\bk_\be_\by s to be used with security, server\n- a remote server.\n-_\bl_\ba_\bm_\be_\b-_\bt_\bt_\bl Sets the resolver's lame server\n- cache.\n- Specifies the IPv4 addresses\n-_\bl_\bi_\bs_\bt_\be_\bn_\b-_\bo_\bn on which a server listens server\n- for DNS queries.\n- Specifies the IPv6 addresses\n-_\bl_\bi_\bs_\bt_\be_\bn_\b-_\bo_\bn_\b-_\bv_\b6 on which a server listens server\n- for DNS queries.\n- Specifies a per-listener\n-_\bl_\bi_\bs_\bt_\be_\bn_\be_\br_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs quota for active query, server\n- connections.\n- Sets a maximum size for the\n-_\bl_\bm_\bd_\bb_\b-_\bm_\ba_\bp_\bs_\bi_\bz_\be memory map of the new-zone server\n- database in LMDB database\n- format.\n- Tests rate-limiting\n-_\bl_\bo_\bg_\b-_\bo_\bn_\bl_\by parameters without actually query, logging\n- dropping any requests.\n-_\bl_\bo_\bg_\bg_\bi_\bn_\bg Configures logging options logging\n- for the name server.\n-_\bm_\ba_\bn_\ba_\bg_\be_\bd_\b-_\bk_\be_\by_\bs deprecated\n- Specifies the directory in\n-_\bm_\ba_\bn_\ba_\bg_\be_\bd_\b-_\bk_\be_\by_\bs_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by which to store the files dnssec\n- that track managed DNSSEC\n- keys.\n- Specifies an access control\n- list (ACL) of IPv4 addresses\n-_\bm_\ba_\bp_\bp_\be_\bd that are to be mapped to the query\n- corresponding A RRset in\n- _\bd_\bn_\bs_\b6_\b4.\n-_\bm_\ba_\bs_\bt_\be_\br_\bf_\bi_\bl_\be_\b-_\bf_\bo_\br_\bm_\ba_\bt Specifies the file format of zone, server\n- zone files.\n- Specifies the format of zone\n-_\bm_\ba_\bs_\bt_\be_\br_\bf_\bi_\bl_\be_\b-_\bs_\bt_\by_\bl_\be files during a dump, when server\n- the _\bm_\ba_\bs_\bt_\be_\br_\bf_\bi_\bl_\be_\b-_\bf_\bo_\br_\bm_\ba_\bt is\n- text.\n- Specifies a view of DNS\n-_\bm_\ba_\bt_\bc_\bh_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs namespace for a given subset view\n- of client IP addresses.\n- Specifies a view of DNS\n-_\bm_\ba_\bt_\bc_\bh_\b-_\bd_\be_\bs_\bt_\bi_\bn_\ba_\bt_\bi_\bo_\bn_\bs namespace for a given subset view\n- of destination IP addresses.\n- Allows IPv4-mapped IPv6\n- addresses to match address-\n-_\bm_\ba_\bt_\bc_\bh_\b-_\bm_\ba_\bp_\bp_\be_\bd_\b-_\ba_\bd_\bd_\br_\be_\bs_\bs_\be_\bs match list entries for server\n- corresponding IPv4\n- addresses.\n- Specifies that only\n-_\bm_\ba_\bt_\bc_\bh_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bv_\be_\b-_\bo_\bn_\bl_\by recursive requests can match view\n- this view of the DNS\n- namespace.\n- Sets the maximum amount of\n-_\bm_\ba_\bx_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bs_\bi_\bz_\be memory to use for an server\n- individual cache database\n- and its associated metadata.\n- Specifies the maximum time\n-_\bm_\ba_\bx_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl (in seconds) that the server server\n- caches ordinary (positive)\n- answers.\n- Sets the maximum number of\n- simultaneous recursive\n-_\bm_\ba_\bx_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs_\b-_\bp_\be_\br_\b-_\bq_\bu_\be_\br_\by clients accepted by the server\n- server for any given query\n- before the server drops\n- additional clients.\n- Sets the maximum size for\n-_\bm_\ba_\bx_\b-_\bi_\bx_\bf_\br_\b-_\br_\ba_\bt_\bi_\bo IXFR responses to zone transfer\n- transfer requests.\n-_\bm_\ba_\bx_\b-_\bj_\bo_\bu_\br_\bn_\ba_\bl_\b-_\bs_\bi_\bz_\be Controls the size of journal transfer\n- files.\n- Specifies the maximum\n- retention time (in seconds)\n-_\bm_\ba_\bx_\b-_\bn_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl for storage of negative server\n- answers in the server's\n- cache.\n-_\bm_\ba_\bx_\b-_\br_\be_\bc_\bo_\br_\bd_\bs Sets the maximum number of zone, server\n- records permitted in a zone.\n- Sets the maximum number of\n- levels of recursion\n-_\bm_\ba_\bx_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn_\b-_\bd_\be_\bp_\bt_\bh permitted at any one time server\n- while servicing a recursive\n- query.\n- Sets the maximum number of\n-_\bm_\ba_\bx_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn_\b-_\bq_\bu_\be_\br_\bi_\be_\bs iterative queries while query, server\n- servicing a recursive query.\n- Limits the zone refresh\n-_\bm_\ba_\bx_\b-_\br_\be_\bf_\br_\be_\bs_\bh_\b-_\bt_\bi_\bm_\be interval to no less often transfer\n- than the specified value, in\n- seconds.\n- Limits the zone refresh\n-_\bm_\ba_\bx_\b-_\br_\be_\bt_\br_\by_\b-_\bt_\bi_\bm_\be retry interval to no less transfer\n- often than the specified\n- value, in seconds.\n- Sets the maximum RSA\n-_\bm_\ba_\bx_\b-_\br_\bs_\ba_\b-_\be_\bx_\bp_\bo_\bn_\be_\bn_\bt_\b-_\bs_\bi_\bz_\be exponent size (in bits) when dnssec, query\n- validating.\n- Specifies the maximum time\n- that the server retains\n-_\bm_\ba_\bx_\b-_\bs_\bt_\ba_\bl_\be_\b-_\bt_\bt_\bl records past their normal server\n- expiry, to return them as\n- stale records.\n- Sets the maximum size of the\n-_\bm_\ba_\bx_\b-_\bt_\ba_\bb_\bl_\be_\b-_\bs_\bi_\bz_\be table used to track requests server\n- and rate-limit responses.\n- Specifies the number of\n-_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bi_\bd_\bl_\be_\b-_\bi_\bn minutes after which inbound transfer\n- zone transfers making no\n- progress are terminated.\n- Specifies the number of\n-_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bi_\bd_\bl_\be_\b-_\bo_\bu_\bt minutes after which outbound transfer\n- zone transfers making no\n- progress are terminated.\n- Specifies the number of\n-_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bt_\bi_\bm_\be_\b-_\bi_\bn minutes after which inbound transfer\n- zone transfers are\n- terminated.\n- Specifies the number of\n-_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bt_\bi_\bm_\be_\b-_\bo_\bu_\bt minutes after which outbound transfer\n- zone transfers are\n- terminated.\n-_\bm_\ba_\bx_\b-_\bu_\bd_\bp_\b-_\bs_\bi_\bz_\be Sets the maximum EDNS UDP query\n- message size sent by _\bn_\ba_\bm_\be_\bd.\n- Set the maximum number of\n-_\bm_\ba_\bx_\b-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\bi_\bo_\bn_\b-_\bf_\ba_\bi_\bl_\bu_\br_\be_\bs_\b- DNSSEC validation failures server\n-_\bp_\be_\br_\b-_\bf_\be_\bt_\bc_\bh that can happen in single\n- fetch\n- Set the maximum number of\n-_\bm_\ba_\bx_\b-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\bi_\bo_\bn_\bs_\b-_\bp_\be_\br_\b-_\bf_\be_\bt_\bc_\bh DNSSEC validations that can server\n- happen in single fetch\n- Specifies a maximum\n-_\bm_\ba_\bx_\b-_\bz_\bo_\bn_\be_\b-_\bt_\bt_\bl permissible time-to-live deprecated\n- (TTL) value, in seconds.\n- Controls whether memory\n-_\bm_\be_\bm_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs statistics are written to logging, server\n- the file specified by\n- _\bm_\be_\bm_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bf_\bi_\bl_\be at exit.\n- Sets the pathname of the\n-_\bm_\be_\bm_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bf_\bi_\bl_\be file where the server writes logging\n- memory usage statistics on\n- exit.\n- Controls whether DNS name\n-_\bm_\be_\bs_\bs_\ba_\bg_\be_\b-_\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn compression is used in query\n- responses to regular\n- queries.\n- Specifies the minimum time\n-_\bm_\bi_\bn_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl (in seconds) that the server server\n- caches ordinary (positive)\n- answers.\n- Specifies the minimum\n- retention time (in seconds)\n-_\bm_\bi_\bn_\b-_\bn_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl for storage of negative server\n- answers in the server's\n- cache.\n- Limits the zone refresh\n-_\bm_\bi_\bn_\b-_\br_\be_\bf_\br_\be_\bs_\bh_\b-_\bt_\bi_\bm_\be interval to no more often transfer\n- than the specified value, in\n- seconds.\n- Limits the zone refresh\n-_\bm_\bi_\bn_\b-_\br_\be_\bt_\br_\by_\b-_\bt_\bi_\bm_\be retry interval to no more transfer\n- often than the specified\n- value, in seconds.\n- Sets the minimum size of the\n-_\bm_\bi_\bn_\b-_\bt_\ba_\bb_\bl_\be_\b-_\bs_\bi_\bz_\be table used to track requests query\n- and rate-limit responses.\n- Controls whether the server\n- replies with only one of the\n-_\bm_\bi_\bn_\bi_\bm_\ba_\bl_\b-_\ba_\bn_\by RRsets for a query name, query\n- when generating a positive\n- response to a query of type\n- ANY over UDP.\n- Controls whether the server\n- only adds records to the\n- authority and additional\n-_\bm_\bi_\bn_\bi_\bm_\ba_\bl_\b-_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\bs data sections when they are query\n- required (e.g. delegations,\n- negative responses). This\n- improves server performance.\n- Controls whether serial\n-_\bm_\bu_\bl_\bt_\bi_\b-_\bm_\ba_\bs_\bt_\be_\br number mismatch errors are transfer\n- logged.\n- Specifies the directory\n-_\bn_\be_\bw_\b-_\bz_\bo_\bn_\be_\bs_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by where configuration zone\n- parameters are stored for\n- zones added by _\br_\bn_\bd_\bc_\b _\ba_\bd_\bd_\bz_\bo_\bn_\be.\n- Specifies a list of\n-_\bn_\bo_\b-_\bc_\ba_\bs_\be_\b-_\bc_\bo_\bm_\bp_\br_\be_\bs_\bs addresses that require case- server\n- insensitive compression in\n- responses.\n- Sets the maximum size of UDP\n-_\bn_\bo_\bc_\bo_\bo_\bk_\bi_\be_\b-_\bu_\bd_\bp_\b-_\bs_\bi_\bz_\be responses that are sent to query\n- queries without a valid\n- server COOKIE.\n- Limits the number of empty\n-_\bn_\bo_\bd_\ba_\bt_\ba_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd (NODATA) responses for a query\n- valid domain name.\n- Controls whether NOTIFY\n-_\bn_\bo_\bt_\bi_\bf_\by messages are sent on zone transfer\n- changes.\n- Sets the delay (in seconds)\n-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bd_\be_\bl_\ba_\by between sending sets of zone, transfer\n- NOTIFY messages for a zone.\n- Specifies the rate at which\n-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\br_\ba_\bt_\be NOTIFY requests are sent zone, transfer\n- during normal zone\n- maintenance operations.\n- Defines the IPv4 address\n-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bs_\bo_\bu_\br_\bc_\be (and optional port) to be transfer\n- used for outgoing NOTIFY\n- messages.\n- Defines the IPv6 address\n-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 (and optional port) to be transfer\n- used for outgoing NOTIFY\n- messages.\n- Controls whether the name\n-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bt_\bo_\b-_\bs_\bo_\ba servers in the NS RRset are transfer\n- checked against the SOA\n- MNAME.\n- Specifies the use of NSEC3\n-_\bn_\bs_\be_\bc_\b3_\bp_\ba_\br_\ba_\bm instead of NSEC, and sets dnssec\n- NSEC3 parameters.\n- Specifies the lifetime, in\n-_\bn_\bt_\ba_\b-_\bl_\bi_\bf_\be_\bt_\bi_\bm_\be seconds, for negative trust dnssec\n- anchors added via _\br_\bn_\bd_\bc_\b _\bn_\bt_\ba.\n- Specifies the time interval\n- for checking whether\n-_\bn_\bt_\ba_\b-_\br_\be_\bc_\bh_\be_\bc_\bk negative trust anchors added dnssec\n- via _\br_\bn_\bd_\bc_\b _\bn_\bt_\ba are still\n- necessary.\n- Causes all messages sent to\n-_\bn_\bu_\bl_\bl the logging channel to be logging\n- discarded.\n- Appends the specified suffix\n-_\bn_\bx_\bd_\bo_\bm_\ba_\bi_\bn_\b-_\br_\be_\bd_\bi_\br_\be_\bc_\bt to the original query name, query\n- when replacing an NXDOMAIN\n- with a redirect namespace.\n- Limits the number of\n-_\bn_\bx_\bd_\bo_\bm_\ba_\bi_\bn_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd undefined subdomains for a query\n- valid domain name.\n-_\bo_\bp_\bt_\bi_\bo_\bn_\bs Defines global options to be server\n- used by BIND 9.\n- Adds EDNS Padding options to\n-_\bp_\ba_\bd_\bd_\bi_\bn_\bg outgoing messages to server\n- increase the packet size.\n- Sets the time to live (TTL)\n-_\bp_\ba_\br_\be_\bn_\bt_\b-_\bd_\bs_\b-_\bt_\bt_\bl of the DS RRset used by the dnssec\n- parent zone.\n- Sets the propagation delay\n- from the time the parent\n-_\bp_\ba_\br_\be_\bn_\bt_\b-_\bp_\br_\bo_\bp_\ba_\bg_\ba_\bt_\bi_\bo_\bn_\b-_\bd_\be_\bl_\ba_\by zone is updated to when the dnssec, zone\n- new version is served by all\n- of the parent zone's name\n- servers.\n- Defines a list of delegation\n-_\bp_\ba_\br_\be_\bn_\bt_\ba_\bl_\b-_\ba_\bg_\be_\bn_\bt_\bs agents to be used by primary zone\n- and secondary zones.\n- Specifies which local IPv4\n-_\bp_\ba_\br_\be_\bn_\bt_\ba_\bl_\b-_\bs_\bo_\bu_\br_\bc_\be source address is used to dnssec\n- send parental DS queries.\n- Specifies which local IPv6\n-_\bp_\ba_\br_\be_\bn_\bt_\ba_\bl_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 source address is used to dnssec\n- send parental DS queries.\n- Specifies the pathname of\n-_\bp_\bi_\bd_\b-_\bf_\bi_\bl_\be the file where the server server\n- writes its process ID.\n-_\bp_\bl_\bu_\bg_\bi_\bn Configures plugins in server\n- _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n- Specifies the UDP/TCP port\n-_\bp_\bo_\br_\bt number the server uses to query, server\n- receive and send DNS\n- protocol traffic.\n- Specifies that server\n-_\bp_\br_\be_\bf_\be_\br_\b-_\bs_\be_\br_\bv_\be_\br_\b-_\bc_\bi_\bp_\bh_\be_\br_\bs ciphers should be preferred security, server\n- over client ones.\n- Controls the order of glue\n-_\bp_\br_\be_\bf_\be_\br_\br_\be_\bd_\b-_\bg_\bl_\bu_\be records in an A or AAAA query\n- response.\n- Specifies the \"trigger\"\n-_\bp_\br_\be_\bf_\be_\bt_\bc_\bh time-to-live (TTL) value at query\n- which prefetch of the\n- current query takes place.\n-_\bp_\br_\bi_\bm_\ba_\br_\bi_\be_\bs Defines one or more primary zone\n- servers for a zone.\n-_\bp_\br_\bi_\bn_\bt_\b-_\bc_\ba_\bt_\be_\bg_\bo_\br_\by Includes the category in log logging\n- messages.\n-_\bp_\br_\bi_\bn_\bt_\b-_\bs_\be_\bv_\be_\br_\bi_\bt_\by Includes the severity in log logging\n- messages.\n-_\bp_\br_\bi_\bn_\bt_\b-_\bt_\bi_\bm_\be Specifies the time format logging\n- for log messages.\n- Specifies the allowed\n-_\bp_\br_\bo_\bt_\bo_\bc_\bo_\bl_\bs versions of the TLS security\n- protocol.\n- Controls whether a primary\n- responds to an incremental\n-_\bp_\br_\bo_\bv_\bi_\bd_\be_\b-_\bi_\bx_\bf_\br zone request (IXFR) or only transfer\n- responds with a full zone\n- transfer (AXFR).\n- Increases the amount of time\n- between when keys are\n-_\bp_\bu_\bb_\bl_\bi_\bs_\bh_\b-_\bs_\ba_\bf_\be_\bt_\by published and when they dnssec\n- become active, to allow for\n- unforeseen events.\n- Specifies the amount of time\n- after which DNSSEC keys that\n-_\bp_\bu_\br_\bg_\be_\b-_\bk_\be_\by_\bs have been deleted from the dnssec\n- zone can be removed from\n- disk.\n- Controls QNAME minimization\n-_\bq_\bn_\ba_\bm_\be_\b-_\bm_\bi_\bn_\bi_\bm_\bi_\bz_\ba_\bt_\bi_\bo_\bn behavior in the BIND 9 query\n- resolver.\n- Tightens defenses during DNS\n-_\bq_\bp_\bs_\b-_\bs_\bc_\ba_\bl_\be attacks by scaling back the query\n- ratio of the current query-\n- per-second rate.\n- Controls the IPv4 address\n-_\bq_\bu_\be_\br_\by_\b-_\bs_\bo_\bu_\br_\bc_\be from which queries are query\n- issued.\n- Controls the IPv6 address\n-_\bq_\bu_\be_\br_\by_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 from which queries are query\n- issued.\n- Specifies whether query\n-_\bq_\bu_\be_\br_\by_\bl_\bo_\bg logging should be active logging, server\n- when _\bn_\ba_\bm_\be_\bd first starts.\n- Controls excessive UDP\n- responses, to prevent BIND 9\n-_\br_\ba_\bt_\be_\b-_\bl_\bi_\bm_\bi_\bt from being used to amplify query\n- reflection denial-of-service\n- (DoS) attacks.\n- Specifies the pathname of\n- the file where the server\n-_\br_\be_\bc_\bu_\br_\bs_\bi_\bn_\bg_\b-_\bf_\bi_\bl_\be dumps queries that are server\n- currently recursing via _\br_\bn_\bd_\bc\n- _\br_\be_\bc_\bu_\br_\bs_\bi_\bn_\bg.\n-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn Defines whether recursion query\n- and caching are allowed.\n- Specifies the maximum number\n-_\br_\be_\bc_\bu_\br_\bs_\bi_\bv_\be_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs of concurrent recursive query\n- queries the server can\n- perform.\n- Toggles whether _\bd_\bn_\bs_\b6_\b4\n-_\br_\be_\bc_\bu_\br_\bs_\bi_\bv_\be_\b-_\bo_\bn_\bl_\by synthesis occurs only for query\n- recursive queries.\n- Limits the number of\n-_\br_\be_\bf_\be_\br_\br_\ba_\bl_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd referrals or delegations to query\n- a server for a given domain.\n- Specifies the expected\n-_\br_\be_\bm_\bo_\bt_\be_\b-_\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be hostname in the TLS security\n- certificate of the remote\n- server.\n- Specifies whether the local\n-_\br_\be_\bq_\bu_\be_\bs_\bt_\b-_\be_\bx_\bp_\bi_\br_\be server requests the EDNS query, transfer\n- EXPIRE value, when acting as\n- a secondary.\n- Controls whether a secondary\n-_\br_\be_\bq_\bu_\be_\bs_\bt_\b-_\bi_\bx_\bf_\br requests an incremental zone transfer\n- transfer (IXFR) or a full\n- zone transfer (AXFR).\n- Controls whether an empty\n- EDNS(0) NSID (Name Server\n-_\br_\be_\bq_\bu_\be_\bs_\bt_\b-_\bn_\bs_\bi_\bd Identifier) option is sent query\n- with all queries to\n- authoritative name servers\n- during iterative resolution.\n- Controls whether responses\n-_\br_\be_\bq_\bu_\bi_\br_\be_\b-_\bc_\bo_\bo_\bk_\bi_\be without a server cookie are query\n- accepted\n- Controls whether a valid\n-_\br_\be_\bq_\bu_\bi_\br_\be_\b-_\bs_\be_\br_\bv_\be_\br_\b-_\bc_\bo_\bo_\bk_\bi_\be server cookie is required query\n- before sending a full\n- response to a UDP request.\n- Specifies the length of\n- time, in milliseconds, that\n-_\br_\be_\bs_\bo_\bl_\bv_\be_\br_\b-_\bq_\bu_\be_\br_\by_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt a resolver attempts to query\n- resolve a recursive query\n- before failing.\n- Specifies whether to apply\n-_\br_\be_\bs_\bo_\bl_\bv_\be_\br_\b-_\bu_\bs_\be_\b-_\bd_\bn_\bs_\b6_\b4 DNS64 mappings when sending server\n- queries.\n- Adds an EDNS Padding option\n- to encrypted messages, to\n-_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\b-_\bp_\ba_\bd_\bd_\bi_\bn_\bg reduce the chance of query\n- guessing the contents based\n- on size.\n- Specifies response policy zone, query, security,\n-_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\b-_\bp_\bo_\bl_\bi_\bc_\by zones for the view or among server\n- global options.\n- Limits the number of non-\n-_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd empty responses for a valid query\n- domain name and record type.\n- Increases the amount of time\n- a key remains published\n-_\br_\be_\bt_\bi_\br_\be_\b-_\bs_\ba_\bf_\be_\bt_\by after it is no longer dnssec\n- active, to allow for\n- unforeseen events.\n-_\br_\be_\bu_\bs_\be_\bp_\bo_\br_\bt Enables kernel load- server\n- balancing of sockets.\n- Controls whether BIND 9\n-_\br_\bo_\bo_\bt_\b-_\bk_\be_\by_\b-_\bs_\be_\bn_\bt_\bi_\bn_\be_\bl responds to root key server\n- sentinel probes.\n- Defines the order in which\n-_\br_\br_\bs_\be_\bt_\b-_\bo_\br_\bd_\be_\br equal RRs (RRsets) are query\n- returned.\n- Specifies whether a\n-_\bs_\be_\ba_\br_\bc_\bh Dynamically Loadable Zone query\n- (DLZ) module is queried for\n- an answer to a query name.\n- Defines a Base64-encoded\n-_\bs_\be_\bc_\br_\be_\bt string to be used as the security\n- secret by the algorithm.\n- Specifies the pathname of\n-_\bs_\be_\bc_\br_\bo_\bo_\bt_\bs_\b-_\bf_\bi_\bl_\be the file where the server dnssec\n- dumps security roots, when\n- using _\br_\bn_\bd_\bc_\b _\bs_\be_\bc_\br_\bo_\bo_\bt_\bs.\n- Controls whether a COOKIE\n-_\bs_\be_\bn_\bd_\b-_\bc_\bo_\bo_\bk_\bi_\be EDNS option is sent along query\n- with a query.\n- Defines an upper limit on\n- the number of queries per\n-_\bs_\be_\br_\bi_\ba_\bl_\b-_\bq_\bu_\be_\br_\by_\b-_\br_\ba_\bt_\be second issued by the server, transfer\n- when querying the SOA RRs\n- used for zone transfers.\n- Specifies the update method\n-_\bs_\be_\br_\bi_\ba_\bl_\b-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bm_\be_\bt_\bh_\bo_\bd to be used for the zone zone\n- serial number in the SOA\n- record.\n- Defines characteristics to\n-_\bs_\be_\br_\bv_\be_\br be associated with a remote server\n- name server.\n- Specifies a list of IP\n- addresses to which queries\n-_\bs_\be_\br_\bv_\be_\br_\b-_\ba_\bd_\bd_\br_\be_\bs_\bs_\be_\bs should be sent in recursive zone, query\n- resolution for a static-stub\n- zone.\n- Specifies the ID of the\n-_\bs_\be_\br_\bv_\be_\br_\b-_\bi_\bd server to return in response server\n- to a ID.SERVER query.\n- Specifies a list of domain\n-_\bs_\be_\br_\bv_\be_\br_\b-_\bn_\ba_\bm_\be_\bs names of name servers that zone\n- act as authoritative servers\n- of a static-stub zone.\n- Sets the length of time (in\n-_\bs_\be_\br_\bv_\bf_\ba_\bi_\bl_\b-_\bt_\bt_\bl seconds) that a SERVFAIL server\n- response is cached.\n- Specifies the algorithm to\n-_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bk_\be_\by_\ba_\bl_\bg use for the TSIG session security\n- key.\n- Specifies the pathname of\n- the file where a TSIG\n-_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bk_\be_\by_\bf_\bi_\bl_\be session key is written, when security\n- generated by _\bn_\ba_\bm_\be_\bd for use\n- by nsupdate -l.\n-_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bk_\be_\by_\bn_\ba_\bm_\be Specifies the key name for security\n- the TSIG session key.\n- Enables or disables session\n-_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bt_\bi_\bc_\bk_\be_\bt_\bs resumption through TLS security\n- session tickets.\n-_\bs_\be_\bv_\be_\br_\bi_\bt_\by Defines the priority level logging\n- of log messages.\n- Specifies the maximum number\n-_\bs_\bi_\bg_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg_\b-_\bn_\bo_\bd_\be_\bs of nodes to be examined in dnssec\n- each quantum, when signing a\n- zone with a new DNSKEY.\n- Specifies the threshold for\n- the number of signatures\n-_\bs_\bi_\bg_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg_\b-_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs that terminates processing a dnssec\n- quantum, when signing a zone\n- with a new DNSKEY.\n- Specifies a private RDATA\n-_\bs_\bi_\bg_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg_\b-_\bt_\by_\bp_\be type to use when generating dnssec\n- signing-state records.\n-_\bs_\bi_\bg_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl obsolete\n-_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs_\b-_\br_\be_\bf_\br_\be_\bs_\bh Specifies how frequently an dnssec\n- RRSIG record is refreshed.\n-_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by Indicates the validity dnssec\n- period of an RRSIG record.\n-_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by_\b-_\bd_\bn_\bs_\bk_\be_\by Indicates the validity dnssec\n- period of DNSKEY records.\n- Sets the number of \"slipped\"\n-_\bs_\bl_\bi_\bp responses to minimize the query\n- use of forged source\n- addresses for an attack.\n- Controls the ordering of RRs\n-_\bs_\bo_\br_\bt_\bl_\bi_\bs_\bt returned to the client, query\n- based on the client's IP\n- address.\n- Defines the amount of time\n- (in milliseconds) that _\bn_\ba_\bm_\be_\bd\n-_\bs_\bt_\ba_\bl_\be_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\bc_\bl_\bi_\be_\bn_\bt_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt waits before attempting to query, server\n- answer a query with a stale\n- RRset from cache.\n- Enables the returning of\n-_\bs_\bt_\ba_\bl_\be_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\be_\bn_\ba_\bb_\bl_\be \"stale\" cached answers when query, server\n- the name servers for a zone\n- are not answering.\n- Specifies the time to live\n-_\bs_\bt_\ba_\bl_\be_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\bt_\bt_\bl (TTL) to be returned on query\n- stale answers, in seconds.\n-_\bs_\bt_\ba_\bl_\be_\b-_\bc_\ba_\bc_\bh_\be_\b-_\be_\bn_\ba_\bb_\bl_\be Enables the retention of query, server\n- \"stale\" cached answers.\n- Sets the time window for the\n- return of \"stale\" cached\n-_\bs_\bt_\ba_\bl_\be_\b-_\br_\be_\bf_\br_\be_\bs_\bh_\b-_\bt_\bi_\bm_\be answers before the next query, server\n- attempt to contact, if the\n- name servers for a given\n- zone are not responding.\n- Specifies the rate at which\n- NOTIFY requests are sent\n-_\bs_\bt_\ba_\br_\bt_\bu_\bp_\b-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\br_\ba_\bt_\be when the name server is zone, transfer\n- first starting, or when new\n- zones have been added.\n- Specifies the communication\n- channels to be used by\n-_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bc_\bh_\ba_\bn_\bn_\be_\bl_\bs system administrators to logging\n- access statistics\n- information on the name\n- server.\n- Specifies the pathname of\n-_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bf_\bi_\bl_\be the file where the server logging, server\n- appends statistics, when\n- using _\br_\bn_\bd_\bc_\b _\bs_\bt_\ba_\bt_\bs.\n- Directs the logging channel\n-_\bs_\bt_\bd_\be_\br_\br output to the server's logging\n- standard error stream.\n- Specifies the maximum number\n-_\bs_\bt_\br_\be_\ba_\bm_\bs_\b-_\bp_\be_\br_\b-_\bc_\bo_\bn_\bn_\be_\bc_\bt_\bi_\bo_\bn of concurrent HTTP/2 streams query, server\n- over an HTTP/2 connection.\n- Defines trailing bits for\n-_\bs_\bu_\bf_\bf_\bi_\bx mapped IPv4 address bits in query\n- _\bd_\bn_\bs_\b6_\b4.\n- Enables support for _\bR\bR_\bF\bF_\bC\bC\n-_\bs_\by_\bn_\bt_\bh_\b-_\bf_\br_\bo_\bm_\b-_\bd_\bn_\bs_\bs_\be_\bc _\b8\b8_\b1\b1_\b9\b9_\b8\b8, Aggressive Use of dnssec\n- DNSSEC-Validated Cache.\n-_\bs_\by_\bs_\bl_\bo_\bg Directs the logging channel logging\n- to the system log.\n- Sets the timeout value (in\n- milliseconds) that the\n-_\bt_\bc_\bp_\b-_\ba_\bd_\bv_\be_\br_\bt_\bi_\bs_\be_\bd_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt server sends in responses query\n- containing the EDNS TCP\n- keepalive option.\n- Specifies the maximum number\n-_\bt_\bc_\bp_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs of simultaneous client TCP server\n- connections accepted by the\n- server.\n- Sets the amount of time (in\n- milliseconds) that the\n- server waits on an idle TCP\n-_\bt_\bc_\bp_\b-_\bi_\bd_\bl_\be_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt connection before closing query\n- it, if the EDNS TCP\n- keepalive option is not in\n- use.\n- Sets the amount of time (in\n- milliseconds) that the\n-_\bt_\bc_\bp_\b-_\bi_\bn_\bi_\bt_\bi_\ba_\bl_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt server waits on a new TCP query, server\n- connection for the first\n- message from the client.\n-_\bt_\bc_\bp_\b-_\bk_\be_\be_\bp_\ba_\bl_\bi_\bv_\be Adds EDNS TCP keepalive to server\n- messages sent over TCP.\n- Sets the amount of time (in\n- milliseconds) that the\n-_\bt_\bc_\bp_\b-_\bk_\be_\be_\bp_\ba_\bl_\bi_\bv_\be_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt server waits on an idle TCP query\n- connection before closing\n- it, if the EDNS TCP\n- keepalive option is in use.\n-_\bt_\bc_\bp_\b-_\bl_\bi_\bs_\bt_\be_\bn_\b-_\bq_\bu_\be_\bu_\be Sets the listen-queue depth. server\n-_\bt_\bc_\bp_\b-_\bo_\bn_\bl_\by Sets the transport protocol server\n- to TCP.\n- Sets the operating system's\n-_\bt_\bc_\bp_\b-_\br_\be_\bc_\be_\bi_\bv_\be_\b-_\bb_\bu_\bf_\bf_\be_\br receive buffer size for TCP server\n- sockets.\n- Sets the operating system's\n-_\bt_\bc_\bp_\b-_\bs_\be_\bn_\bd_\b-_\bb_\bu_\bf_\bf_\be_\br send buffer size for TCP server\n- sockets.\n- Sets the domain appended to\n-_\bt_\bk_\be_\by_\b-_\bd_\bo_\bm_\ba_\bi_\bn the names of all shared keys security\n- generated with TKEY.\n- Sets the security credential\n-_\bt_\bk_\be_\by_\b-_\bg_\bs_\bs_\ba_\bp_\bi_\b-_\bc_\br_\be_\bd_\be_\bn_\bt_\bi_\ba_\bl for authentication keys security\n- requested by the GSS-TSIG\n- protocol.\n-_\bt_\bk_\be_\by_\b-_\bg_\bs_\bs_\ba_\bp_\bi_\b-_\bk_\be_\by_\bt_\ba_\bb Sets the KRB5 keytab file to security\n- use for GSS-TSIG updates.\n-_\bt_\bl_\bs Configures a TLS connection. security\n- Specifies the TCP port\n-_\bt_\bl_\bs_\b-_\bp_\bo_\br_\bt number the server uses to query, server\n- receive and send DNS-over-\n- TLS protocol traffic.\n- Controls whether multiple\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bf_\bo_\br_\bm_\ba_\bt records can be packed into a transfer\n- message during zone\n- transfers.\n- Limits the uncompressed size\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bm_\be_\bs_\bs_\ba_\bg_\be_\b-_\bs_\bi_\bz_\be of DNS messages used in zone transfer\n- transfers over TCP.\n- Defines which local IPv4\n- address(es) are bound to TCP\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bs_\bo_\bu_\br_\bc_\be connections used to fetch transfer\n- zones transferred inbound by\n- the server.\n- Defines which local IPv6\n- address(es) are bound to TCP\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 connections used to fetch transfer\n- zones transferred inbound by\n- the server.\n- Limits the number of\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs concurrent inbound zone server\n- transfers from a server.\n- Limits the number of\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs_\b-_\bi_\bn concurrent inbound zone transfer\n- transfers.\n- Limits the number of\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs_\b-_\bo_\bu_\bt concurrent outbound zone transfer\n- transfers.\n- Limits the number of\n-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs_\b-_\bp_\be_\br_\b-_\bn_\bs concurrent inbound zone transfer\n- transfers from a remote\n- server.\n- Instructs _\bn_\ba_\bm_\be_\bd to send\n- specially formed queries\n-_\bt_\br_\bu_\bs_\bt_\b-_\ba_\bn_\bc_\bh_\bo_\br_\b-_\bt_\be_\bl_\be_\bm_\be_\bt_\br_\by once per day to domains for dnssec\n- which trust anchors have\n- been configured.\n-_\bt_\br_\bu_\bs_\bt_\b-_\ba_\bn_\bc_\bh_\bo_\br_\bs Defines _\bD_\bN_\bS_\bS_\bE_\bC trust dnssec\n- anchors.\n-_\bt_\br_\bu_\bs_\bt_\be_\bd_\b-_\bk_\be_\by_\bs deprecated\n- Specifies that BIND 9 should\n-_\bt_\br_\by_\b-_\bt_\bc_\bp_\b-_\br_\be_\bf_\br_\be_\bs_\bh attempt to refresh a zone transfer\n- using TCP if UDP queries\n- fail.\n-_\bt_\by_\bp_\be Specifies the kind of zone zone\n- in a given configuration.\n- Contains forwarding\n-_\bt_\by_\bp_\be_\b _\bf_\bo_\br_\bw_\ba_\br_\bd statements that apply to zone\n- queries within a given\n- domain.\n- Contains the initial set of\n-_\bt_\by_\bp_\be_\b _\bh_\bi_\bn_\bt root name servers to be used zone\n- at BIND 9 startup.\n- Contains a DNSSEC-validated\n-_\bt_\by_\bp_\be_\b _\bm_\bi_\br_\br_\bo_\br duplicate of the main data zone\n- for a zone.\n-_\bt_\by_\bp_\be_\b _\bp_\br_\bi_\bm_\ba_\br_\by Contains the main copy of zone\n- the data for a zone.\n- Contains information to\n-_\bt_\by_\bp_\be_\b _\br_\be_\bd_\bi_\br_\be_\bc_\bt answer queries when normal zone\n- resolution would return\n- NXDOMAIN.\n- Contains a duplicate of the\n-_\bt_\by_\bp_\be_\b _\bs_\be_\bc_\bo_\bn_\bd_\ba_\br_\by data for a zone that has zone\n- been transferred from a\n- primary server.\n- Contains a duplicate of the\n- NS records of a primary\n-_\bt_\by_\bp_\be_\b _\bs_\bt_\ba_\bt_\bi_\bc_\b-_\bs_\bt_\bu_\bb zone, but statically zone\n- configured rather than\n- transferred from a primary\n- server.\n- Contains a duplicate of the\n-_\bt_\by_\bp_\be_\b _\bs_\bt_\bu_\bb NS records of a primary zone\n- zone.\n- Sets the operating system's\n-_\bu_\bd_\bp_\b-_\br_\be_\bc_\be_\bi_\bv_\be_\b-_\bb_\bu_\bf_\bf_\be_\br receive buffer size for UDP server\n- sockets.\n- Sets the operating system's\n-_\bu_\bd_\bp_\b-_\bs_\be_\bn_\bd_\b-_\bb_\bu_\bf_\bf_\be_\br send buffer size for UDP server\n- sockets.\n-_\bu_\bn_\bi_\bx Specifies a Unix domain obsolete\n- socket as a control channel.\n-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bc_\bh_\be_\bc_\bk_\b-_\bk_\bs_\bk obsolete\n- Sets fine-grained rules to\n- allow or deny dynamic\n-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bp_\bo_\bl_\bi_\bc_\by updates (DDNS), based on transfer\n- requester identity, updated\n- content, etc.\n- Specifies the maximum number\n-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bq_\bu_\bo_\bt_\ba of concurrent DNS UPDATE server\n- messages that can be\n- processed by the server.\n- Specifies a list of ports\n-_\bu_\bs_\be_\b-_\bv_\b4_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs that are valid sources for deprecated\n- UDP/IPv4 messages.\n- Specifies a list of ports\n-_\bu_\bs_\be_\b-_\bv_\b6_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs that are valid sources for deprecated\n- UDP/IPv6 messages.\n- Indicates the number of\n-_\bv_\b6_\b-_\bb_\bi_\ba_\bs milliseconds of preference query, server\n- to give to IPv6 name\n- servers.\n- Specifies a list of domain\n-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be_\b-_\be_\bx_\bc_\be_\bp_\bt names at and beneath which dnssec\n- DNSSEC validation should not\n- be performed.\n- Specifies the version number\n-_\bv_\be_\br_\bs_\bi_\bo_\bn of the server to return in server\n- response to a version.bind\n- query.\n- Allows a name server to\n-_\bv_\bi_\be_\bw answer a DNS query view\n- differently depending on who\n- is asking.\n- Specifies the length of time\n-_\bw_\bi_\bn_\bd_\bo_\bw during which responses are query\n- tracked.\n- Specifies whether to set the\n- time to live (TTL) of the\n-_\bz_\be_\br_\bo_\b-_\bn_\bo_\b-_\bs_\bo_\ba_\b-_\bt_\bt_\bl SOA record to zero, when zone, query, server\n- returning authoritative\n- negative responses to SOA\n- queries.\n- Sets the time to live (TTL)\n-_\bz_\be_\br_\bo_\b-_\bn_\bo_\b-_\bs_\bo_\ba_\b-_\bt_\bt_\bl_\b-_\bc_\ba_\bc_\bh_\be to zero when caching a zone, query, server\n- negative response to an SOA\n- query.\n-_\bz_\bo_\bn_\be Specifies the zone in a BIND zone\n- 9 configuration.\n- Sets the propagation delay\n- from the time a zone is\n-_\bz_\bo_\bn_\be_\b-_\bp_\br_\bo_\bp_\ba_\bg_\ba_\bt_\bi_\bo_\bn_\b-_\bd_\be_\bl_\ba_\by first updated to when the dnssec, zone\n- new version of the zone is\n- served by all secondary\n- servers.\n- Controls the level of\n-_\bz_\bo_\bn_\be_\b-_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs statistics gathered for all zone, logging\n- zones.\n+S\bSt\bta\bat\bte\bem\bme\ben\bnt\bt D\bDe\bes\bsc\bcr\bri\bip\bpt\bti\bio\bon\bn T\bTa\bag\bgs\bs\n+_\ba_\bc_\bl Assigns a symbolic name to server\n+ an address match list.\n+_\ba_\bl_\bg_\bo_\br_\bi_\bt_\bh_\bm Defines the algorithm to be security\n+ used in a key clause.\n+_\ba_\bl_\bl_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd Limits UDP responses of all query\n+ kinds.\n+ Controls the ability to add\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bn_\be_\bw_\b-_\bz_\bo_\bn_\be_\bs zones at runtime via _\br_\bn_\bd_\bc server, zone\n+ _\ba_\bd_\bd_\bz_\bo_\bn_\be.\n+ Defines an\n+ _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt that is\n+ allowed to send NOTIFY\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bn_\bo_\bt_\bi_\bf_\by messages for the zone, in transfer\n+ addition to addresses\n+ defined in the _\bp_\br_\bi_\bm_\ba_\br_\bi_\be_\bs\n+ option for the zone.\n+ Defines an\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bp_\br_\bo_\bx_\by _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt for the server\n+ client addresses allowed to\n+ send PROXYv2 headers.\n+ Defines an\n+ _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt for the\n+ interface addresses allowed\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bp_\br_\bo_\bx_\by_\b-_\bo_\bn to accept PROXYv2 headers. server\n+ The option is mostly\n+ intended for multi-homed\n+ configurations.\n+ Specifies which hosts (an\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by IP address list) are query\n+ allowed to send queries to\n+ this resolver.\n+ Specifies which hosts (an\n+ IP address list) can access\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by_\b-_\bc_\ba_\bc_\bh_\be this server's cache and query\n+ thus effectively controls\n+ recursion.\n+ Specifies which hosts (an\n+ IP address list) can access\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bo_\bn this server's cache. Used query\n+ on servers with multiple\n+ interfaces.\n+ Specifies which local\n+ addresses (an IP address\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bq_\bu_\be_\br_\by_\b-_\bo_\bn list) are allowed to send query\n+ queries to this resolver.\n+ Used in multi-homed\n+ configurations.\n+ Defines an\n+_\ba_\bl_\bl_\bo_\bw_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of query\n+ clients that are allowed to\n+ perform recursive queries.\n+ Specifies which local\n+_\ba_\bl_\bl_\bo_\bw_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn_\b-_\bo_\bn addresses can accept server, query\n+ recursive queries.\n+ Defines an\n+ _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br that are allowed to transfer\n+ transfer the zone\n+ information from this\n+ server.\n+ Defines an\n+ _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bu_\bp_\bd_\ba_\bt_\be that are allowed to submit transfer\n+ dynamic updates for primary\n+ zones.\n+ Defines an\n+ _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n+_\ba_\bl_\bl_\bo_\bw_\b-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bf_\bo_\br_\bw_\ba_\br_\bd_\bi_\bn_\bg that are allowed to submit transfer\n+ dynamic updates to a\n+ secondary server for\n+ transmission to a primary.\n+ Defines one or more hosts\n+_\ba_\bl_\bs_\bo_\b-_\bn_\bo_\bt_\bi_\bf_\by that are sent NOTIFY transfer\n+ messages when zone changes\n+ occur.\n+ Controls whether COOKIE\n+_\ba_\bn_\bs_\bw_\be_\br_\b-_\bc_\bo_\bo_\bk_\bi_\be EDNS replies are sent in query\n+ response to client queries.\n+ Allows multiple views to\n+_\ba_\bt_\bt_\ba_\bc_\bh_\b-_\bc_\ba_\bc_\bh_\be share a single cache view\n+ database.\n+ Controls whether BIND,\n+ acting as a resolver,\n+_\ba_\bu_\bt_\bh_\b-_\bn_\bx_\bd_\bo_\bm_\ba_\bi_\bn provides authoritative query\n+ NXDOMAIN (domain does not\n+ exist) answers.\n+ Controls the automatic\n+_\ba_\bu_\bt_\bo_\bm_\ba_\bt_\bi_\bc_\b-_\bi_\bn_\bt_\be_\br_\bf_\ba_\bc_\be_\b-_\bs_\bc_\ba_\bn rescanning of network server\n+ interfaces when addresses\n+ are added or removed.\n+ Specifies the range(s) of\n+_\ba_\bv_\bo_\bi_\bd_\b-_\bv_\b4_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs ports to be excluded from deprecated\n+ use as sources for UDP/IPv4\n+ messages.\n+ Specifies the range(s) of\n+_\ba_\bv_\bo_\bi_\bd_\b-_\bv_\b6_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs ports to be excluded from deprecated\n+ use as sources for UDP/IPv6\n+ messages.\n+ Specifies the pathname of a\n+_\bb_\bi_\bn_\bd_\bk_\be_\by_\bs_\b-_\bf_\bi_\bl_\be file to override the built- dnssec\n+ in trusted keys provided by\n+ _\bn_\ba_\bm_\be_\bd.\n+ Defines an\n+ _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt of hosts\n+_\bb_\bl_\ba_\bc_\bk_\bh_\bo_\bl_\be to ignore. The server will query\n+ neither respond to queries\n+ from nor send queries to\n+ these addresses.\n+_\bb_\bo_\bg_\bu_\bs Allows a remote server to server\n+ be ignored.\n+ Enables _\bd_\bn_\bs_\b6_\b4 synthesis\n+_\bb_\br_\be_\ba_\bk_\b-_\bd_\bn_\bs_\bs_\be_\bc even if the validated query\n+ result would cause a DNSSEC\n+ validation failure.\n+_\bb_\bu_\bf_\bf_\be_\br_\be_\bd Controls flushing of log logging\n+ messages.\n+ Specifies the path to a\n+ file containing TLS\n+_\bc_\ba_\b-_\bf_\bi_\bl_\be certificates for trusted CA server, security\n+ authorities, used to verify\n+ remote peer certificates.\n+_\bc_\ba_\bt_\ba_\bl_\bo_\bg_\b-_\bz_\bo_\bn_\be_\bs Configures catalog zones in zone\n+ _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n+ Specifies the type of data\n+_\bc_\ba_\bt_\be_\bg_\bo_\br_\by logged to a particular logging\n+ channel.\n+ Specifies whether a CDNSKEY\n+_\bc_\bd_\bn_\bs_\bk_\be_\by record should be published dnssec\n+ during KSK rollover.\n+ Specifies the digest types\n+_\bc_\bd_\bs_\b-_\bd_\bi_\bg_\be_\bs_\bt_\b-_\bt_\by_\bp_\be_\bs to use for CDS resource dnssec\n+ records.\n+ Specifies the path to a\n+_\bc_\be_\br_\bt_\b-_\bf_\bi_\bl_\be file containing the TLS server, security\n+ certificate for a\n+ connection.\n+ Defines a stream of data\n+_\bc_\bh_\ba_\bn_\bn_\be_\bl that can be independently logging\n+ logged.\n+ Checks primary zones for\n+ records that are treated as\n+_\bc_\bh_\be_\bc_\bk_\b-_\bd_\bu_\bp_\b-_\br_\be_\bc_\bo_\br_\bd_\bs different by DNSSEC but are query, dnssec\n+ semantically equal in plain\n+ DNS.\n+ Performs post-load zone\n+_\bc_\bh_\be_\bc_\bk_\b-_\bi_\bn_\bt_\be_\bg_\br_\bi_\bt_\by integrity checks on primary zone\n+ zones.\n+ Checks whether an MX record\n+_\bc_\bh_\be_\bc_\bk_\b-_\bm_\bx appears to refer to an IP zone\n+ address.\n+ Sets the response to MX\n+_\bc_\bh_\be_\bc_\bk_\b-_\bm_\bx_\b-_\bc_\bn_\ba_\bm_\be records that refer to zone\n+ CNAMEs.\n+ Restricts the character set\n+ and syntax of certain\n+_\bc_\bh_\be_\bc_\bk_\b-_\bn_\ba_\bm_\be_\bs domain names in primary server, query\n+ files and/or DNS responses\n+ received from the network.\n+ Specifies whether to check\n+_\bc_\bh_\be_\bc_\bk_\b-_\bs_\bi_\bb_\bl_\bi_\bn_\bg for sibling glue when zone\n+ performing integrity\n+ checks.\n+ Specifies whether to check\n+_\bc_\bh_\be_\bc_\bk_\b-_\bs_\bp_\bf for a TXT Sender Policy zone\n+ Framework record, if an SPF\n+ record is present.\n+ Sets the response to SRV\n+_\bc_\bh_\be_\bc_\bk_\b-_\bs_\br_\bv_\b-_\bc_\bn_\ba_\bm_\be records that refer to zone\n+ CNAMEs.\n+ Specifies whether to\n+_\bc_\bh_\be_\bc_\bk_\b-_\bs_\bv_\bc_\bb perform additional checks zone\n+ on SVCB records.\n+_\bc_\bh_\be_\bc_\bk_\b-_\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd Checks for non-terminal zone\n+ wildcards.\n+ Controls whether DS queries\n+_\bc_\bh_\be_\bc_\bk_\bd_\bs are sent to parental dnssec\n+ agents.\n+_\bc_\bi_\bp_\bh_\be_\br_\bs Specifies a list of allowed security\n+ ciphers.\n+ Specifies an access control\n+_\bc_\bl_\bi_\be_\bn_\bt_\bs list (ACL) of clients that query\n+ are affected by a given\n+ _\bd_\bn_\bs_\b6_\b4 directive.\n+ Sets the initial minimum\n+ number of simultaneous\n+_\bc_\bl_\bi_\be_\bn_\bt_\bs_\b-_\bp_\be_\br_\b-_\bq_\bu_\be_\br_\by recursive clients accepted server\n+ by the server for any given\n+ query before the server\n+ drops additional clients.\n+ Specifies control channels\n+_\bc_\bo_\bn_\bt_\br_\bo_\bl_\bs to be used to manage the server\n+ name server.\n+ Sets the algorithm to be\n+_\bc_\bo_\bo_\bk_\bi_\be_\b-_\ba_\bl_\bg_\bo_\br_\bi_\bt_\bh_\bm used when generating a server\n+ server cookie.\n+ Specifies a shared secret\n+ used for generating and\n+_\bc_\bo_\bo_\bk_\bi_\be_\b-_\bs_\be_\bc_\br_\be_\bt verifying EDNS COOKIE server\n+ options within an anycast\n+ cluster.\n+ Specifies the type of\n+_\bd_\ba_\bt_\ba_\bb_\ba_\bs_\be database to be used to zone\n+ store zone data.\n+ Rejects A or AAAA records\n+_\bd_\be_\bn_\by_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\ba_\bd_\bd_\br_\be_\bs_\bs_\be_\bs if the corresponding IPv4 query\n+ or IPv6 addresses match a\n+ given _\ba_\bd_\bd_\br_\be_\bs_\bs_\b__\bm_\ba_\bt_\bc_\bh_\b__\bl_\bi_\bs_\bt.\n+ Rejects CNAME or DNAME\n+_\bd_\be_\bn_\by_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\ba_\bl_\bi_\ba_\bs_\be_\bs records if the \"alias\" name query\n+ matches a given list of\n+ _\bd_\bo_\bm_\ba_\bi_\bn_\b__\bn_\ba_\bm_\be elements.\n+ Specifies the path to a\n+_\bd_\bh_\bp_\ba_\br_\ba_\bm_\b-_\bf_\bi_\bl_\be file containing Diffie- server, security\n+ Hellman parameters, for\n+ enabling cipher suites.\n+ Concentrates zone\n+ maintenance so that all\n+_\bd_\bi_\ba_\bl_\bu_\bp transfers take place once deprecated\n+ every _\bh_\be_\ba_\br_\bt_\bb_\be_\ba_\bt_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl,\n+ ideally during a single\n+ call.\n+_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by Sets the server's working server\n+ directory.\n+_\bd_\bi_\bs_\ba_\bb_\bl_\be_\b-_\ba_\bl_\bg_\bo_\br_\bi_\bt_\bh_\bm_\bs Disables DNSSEC algorithms dnssec\n+ from a specified zone.\n+_\bd_\bi_\bs_\ba_\bb_\bl_\be_\b-_\bd_\bs_\b-_\bd_\bi_\bg_\be_\bs_\bt_\bs Disables DS digest types zone, dnssec\n+ from a specified zone.\n+_\bd_\bi_\bs_\ba_\bb_\bl_\be_\b-_\be_\bm_\bp_\bt_\by_\b-_\bz_\bo_\bn_\be Disables individual empty server, zone\n+ zones.\n+ Configures a Dynamically\n+_\bd_\bl_\bz Loadable Zone (DLZ) zone\n+ database in _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n+ Instructs _\bn_\ba_\bm_\be_\bd to return\n+_\bd_\bn_\bs_\b6_\b4 mapped IPv4 addresses to query\n+ AAAA queries when there are\n+ no AAAA records.\n+_\bd_\bn_\bs_\b6_\b4_\b-_\bc_\bo_\bn_\bt_\ba_\bc_\bt Specifies the name of the server\n+ contact for _\bd_\bn_\bs_\b6_\b4 zones.\n+_\bd_\bn_\bs_\b6_\b4_\b-_\bs_\be_\br_\bv_\be_\br Specifies the name of the server\n+ server for _\bd_\bn_\bs_\b6_\b4 zones.\n+_\bd_\bn_\bs_\bk_\be_\by_\b-_\bs_\bi_\bg_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by obsolete\n+ Specifies the time to live\n+_\bd_\bn_\bs_\bk_\be_\by_\b-_\bt_\bt_\bl (TTL) for DNSKEY resource dnssec\n+ records.\n+ Turns on the DNS Response\n+_\bd_\bn_\bs_\br_\bp_\bs_\b-_\be_\bn_\ba_\bb_\bl_\be Policy Service (DNSRPS) server, security\n+ interface.\n+ Turns on the DNS Response\n+_\bd_\bn_\bs_\br_\bp_\bs_\b-_\bl_\bi_\bb_\br_\ba_\br_\by Policy Service (DNSRPS) server, security\n+ interface.\n+ Provides additional RPZ\n+ configuration settings,\n+_\bd_\bn_\bs_\br_\bp_\bs_\b-_\bo_\bp_\bt_\bi_\bo_\bn_\bs which are passed to the DNS server, security\n+ Response Policy Service\n+ (DNSRPS) provider library.\n+ Instructs BIND 9 to accept\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\ba_\bc_\bc_\be_\bp_\bt_\b-_\be_\bx_\bp_\bi_\br_\be_\bd expired DNSSEC signatures dnssec\n+ when validating.\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bd_\bn_\bs_\bk_\be_\by_\b-_\bk_\bs_\bk_\bo_\bn_\bl_\by obsolete\n+ Sets the frequency of\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bl_\bo_\ba_\bd_\bk_\be_\by_\bs_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl automatic checks of the dnssec\n+ DNSSEC key repository.\n+ Defines hierarchies that\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bm_\bu_\bs_\bt_\b-_\bb_\be_\b-_\bs_\be_\bc_\bu_\br_\be must or may not be secure deprecated\n+ (signed and validated).\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bp_\bo_\bl_\bi_\bc_\by Defines a key and signing dnssec\n+ policy (KASP) for zones.\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bs_\be_\bc_\bu_\br_\be_\b-_\bt_\bo_\b-_\bi_\bn_\bs_\be_\bc_\bu_\br_\be obsolete\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bm_\bo_\bd_\be obsolete\n+_\bd_\bn_\bs_\bs_\be_\bc_\b-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\bi_\bo_\bn Enables DNSSEC validation dnssec\n+ in _\bn_\ba_\bm_\be_\bd.\n+_\bd_\bn_\bs_\bt_\ba_\bp Enables logging of _\bd_\bn_\bs_\bt_\ba_\bp logging\n+ messages.\n+ Specifies an identity\n+_\bd_\bn_\bs_\bt_\ba_\bp_\b-_\bi_\bd_\be_\bn_\bt_\bi_\bt_\by string to send in _\bd_\bn_\bs_\bt_\ba_\bp logging\n+ messages.\n+ Configures the path to\n+_\bd_\bn_\bs_\bt_\ba_\bp_\b-_\bo_\bu_\bt_\bp_\bu_\bt which the _\bd_\bn_\bs_\bt_\ba_\bp frame logging\n+ stream is sent.\n+_\bd_\bn_\bs_\bt_\ba_\bp_\b-_\bv_\be_\br_\bs_\bi_\bo_\bn Specifies a _\bv_\be_\br_\bs_\bi_\bo_\bn string logging\n+ to send in _\bd_\bn_\bs_\bt_\ba_\bp messages.\n+ Specifies host names or\n+_\bd_\bu_\ba_\bl_\b-_\bs_\bt_\ba_\bc_\bk_\b-_\bs_\be_\br_\bv_\be_\br_\bs addresses of machines with server\n+ access to both IPv4 and\n+ IPv6 transports.\n+ Indicates the pathname of\n+_\bd_\bu_\bm_\bp_\b-_\bf_\bi_\bl_\be the file where the server logging\n+ dumps the database after\n+ _\br_\bn_\bd_\bc_\b _\bd_\bu_\bm_\bp_\bd_\bb.\n+_\bd_\by_\bn_\bd_\bb Configures a DynDB database zone\n+ in _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n+_\be_\bd_\bn_\bs Controls the use of the server\n+ EDNS0 (_\bR\bR_\bF\bF_\bC\bC_\b _\b2\b2_\b6\b6_\b7\b7_\b1\b1) feature.\n+ Sets the maximum advertised\n+ EDNS UDP buffer size to\n+_\be_\bd_\bn_\bs_\b-_\bu_\bd_\bp_\b-_\bs_\bi_\bz_\be control the size of packets query\n+ received from authoritative\n+ servers in response to\n+ recursive queries.\n+ Sets the maximum EDNS\n+_\be_\bd_\bn_\bs_\b-_\bv_\be_\br_\bs_\bi_\bo_\bn VERSION that is sent to the server\n+ server(s) by the resolver.\n+ Specifies the contact name\n+_\be_\bm_\bp_\bt_\by_\b-_\bc_\bo_\bn_\bt_\ba_\bc_\bt in the returned SOA record server, zone\n+ for empty zones.\n+ Specifies the server name\n+_\be_\bm_\bp_\bt_\by_\b-_\bs_\be_\br_\bv_\be_\br in the returned SOA record server, zone\n+ for empty zones.\n+_\be_\bm_\bp_\bt_\by_\b-_\bz_\bo_\bn_\be_\bs_\b-_\be_\bn_\ba_\bb_\bl_\be Enables or disables all server, zone\n+ empty zones.\n+ Specifies a list of HTTP\n+_\be_\bn_\bd_\bp_\bo_\bi_\bn_\bt_\bs query paths on which to server, query\n+ listen.\n+ Limits the number of errors\n+_\be_\br_\br_\bo_\br_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd for a valid domain name and server\n+ record type.\n+ Allows a list of IPv6\n+ addresses to be ignored if\n+_\be_\bx_\bc_\bl_\bu_\bd_\be they appear in a domain query\n+ name's AAAA records in\n+ _\bd_\bn_\bs_\b6_\b4.\n+ Exempts specific clients or\n+_\be_\bx_\be_\bm_\bp_\bt_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs client groups from rate query\n+ limiting.\n+ Sets the parameters for\n+ dynamic resizing of the\n+_\bf_\be_\bt_\bc_\bh_\b-_\bq_\bu_\bo_\bt_\ba_\b-_\bp_\ba_\br_\ba_\bm_\bs _\bf_\be_\bt_\bc_\bh_\be_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\br_\bv_\be_\br quota in server, query\n+ response to detected\n+ congestion.\n+ Sets the maximum number of\n+ simultaneous iterative\n+ queries allowed to be sent\n+_\bf_\be_\bt_\bc_\bh_\be_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\br_\bv_\be_\br by a server to an upstream server, query\n+ name server before the\n+ server blocks additional\n+ queries.\n+ Sets the maximum number of\n+ simultaneous iterative\n+_\bf_\be_\bt_\bc_\bh_\be_\bs_\b-_\bp_\be_\br_\b-_\bz_\bo_\bn_\be queries allowed to any one server, query\n+ domain before the server\n+ blocks new queries for data\n+ in or beneath that zone.\n+_\bf_\bi_\bl_\be Specifies the zone's zone\n+ filename.\n+ Controls whether pending\n+_\bf_\bl_\bu_\bs_\bh_\b-_\bz_\bo_\bn_\be_\bs_\b-_\bo_\bn_\b-_\bs_\bh_\bu_\bt_\bd_\bo_\bw_\bn zone writes are flushed zone\n+ when the name server exits.\n+ Allows or disallows\n+ fallback to recursion if\n+_\bf_\bo_\br_\bw_\ba_\br_\bd forwarding has failed; it query\n+ is always used in\n+ conjunction with the\n+ _\bf_\bo_\br_\bw_\ba_\br_\bd_\be_\br_\bs statement.\n+ Defines one or more hosts\n+_\bf_\bo_\br_\bw_\ba_\br_\bd_\be_\br_\bs to which queries are query\n+ forwarded.\n+ Sets the number of\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bb_\bu_\bf_\bf_\be_\br_\b-_\bh_\bi_\bn_\bt accumulated bytes in the logging\n+ output buffer before\n+ forcing a buffer flush.\n+ Sets the number of seconds\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bf_\bl_\bu_\bs_\bh_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt that unflushed data remains logging\n+ in the output buffer.\n+ Sets the number of queue\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bi_\bn_\bp_\bu_\bt_\b-_\bq_\bu_\be_\bu_\be_\b-_\bs_\bi_\bz_\be entries to allocate for logging\n+ each input queue.\n+ Sets the number of\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bo_\bu_\bt_\bp_\bu_\bt_\b-_\bn_\bo_\bt_\bi_\bf_\by_\b- outstanding queue entries\n+_\bt_\bh_\br_\be_\bs_\bh_\bo_\bl_\bd allowed on an input queue logging\n+ before waking the I/\n+ O thread.\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bo_\bu_\bt_\bp_\bu_\bt_\b-_\bq_\bu_\be_\bu_\be_\b- Sets the queuing semantics logging\n+_\bm_\bo_\bd_\be_\bl to use for queue objects.\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\bo_\bu_\bt_\bp_\bu_\bt_\b-_\bq_\bu_\be_\bu_\be_\b- Sets the number of queue\n+_\bs_\bi_\bz_\be entries allocated for each logging\n+ output queue.\n+ Sets the number of seconds\n+_\bf_\bs_\bt_\br_\bm_\b-_\bs_\be_\bt_\b-_\br_\be_\bo_\bp_\be_\bn_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl to wait between attempts to logging\n+ reopen a closed output\n+ stream.\n+ Specifies the directory\n+_\bg_\be_\bo_\bi_\bp_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by containing GeoIP database server\n+ files.\n+ Sets the interval at which\n+_\bh_\be_\ba_\br_\bt_\bb_\be_\ba_\bt_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl the server performs zone deprecated\n+ maintenance tasks for all\n+ zones marked as _\bd_\bi_\ba_\bl_\bu_\bp.\n+ Specifies the hostname of\n+_\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be the server to return in server\n+ response to a hostname.bind\n+ query.\n+ Configures HTTP endpoints\n+_\bh_\bt_\bt_\bp on which to listen for DNS- server, query\n+ over-HTTPS (DoH) queries.\n+ Limits the number of active\n+_\bh_\bt_\bt_\bp_\b-_\bl_\bi_\bs_\bt_\be_\bn_\be_\br_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs concurrent connections on a server\n+ per-listener basis.\n+ Specifies the TCP port\n+ number the server uses to\n+_\bh_\bt_\bt_\bp_\b-_\bp_\bo_\br_\bt receive and send server, query\n+ unencrypted DNS traffic via\n+ HTTP.\n+_\bh_\bt_\bt_\bp_\b-_\bs_\bt_\br_\be_\ba_\bm_\bs_\b-_\bp_\be_\br_\b- Limits the number of active\n+_\bc_\bo_\bn_\bn_\be_\bc_\bt_\bi_\bo_\bn concurrent HTTP/2 streams server\n+ on a per-connection basis.\n+ Specifies the TCP port\n+_\bh_\bt_\bt_\bp_\bs_\b-_\bp_\bo_\br_\bt number the server uses to server, query\n+ receive and send DNS-over-\n+ HTTPS protocol traffic.\n+_\bi_\bn_\b-_\bv_\bi_\be_\bw Specifies the view in which view, zone\n+ a given zone is defined.\n+_\bi_\bn_\be_\bt Specifies a TCP socket as a server\n+ control channel.\n+ Specifies whether BIND 9\n+_\bi_\bn_\bl_\bi_\bn_\be_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg maintains a separate signed zone, dnssec\n+ version of a zone.\n+ Sets the interval at which\n+_\bi_\bn_\bt_\be_\br_\bf_\ba_\bc_\be_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl the server scans the server\n+ network interface list.\n+ Specifies the prefix\n+_\bi_\bp_\bv_\b4_\b-_\bp_\br_\be_\bf_\bi_\bx_\b-_\bl_\be_\bn_\bg_\bt_\bh lengths of IPv4 address server\n+ blocks.\n+ Specifies the contact for\n+_\bi_\bp_\bv_\b4_\bo_\bn_\bl_\by_\b-_\bc_\bo_\bn_\bt_\ba_\bc_\bt the IPV4ONLY.ARPA zone server\n+ created by _\bd_\bn_\bs_\b6_\b4.\n+ Enables automatic IPv4\n+_\bi_\bp_\bv_\b4_\bo_\bn_\bl_\by_\b-_\be_\bn_\ba_\bb_\bl_\be zones if a _\bd_\bn_\bs_\b6_\b4 block is query\n+ configured.\n+ Specifies the name of the\n+_\bi_\bp_\bv_\b4_\bo_\bn_\bl_\by_\b-_\bs_\be_\br_\bv_\be_\br server for the server, query\n+ IPV4ONLY.ARPA zone created\n+ by _\bd_\bn_\bs_\b6_\b4.\n+ Specifies the prefix\n+_\bi_\bp_\bv_\b6_\b-_\bp_\br_\be_\bf_\bi_\bx_\b-_\bl_\be_\bn_\bg_\bt_\bh lengths of IPv6 address server\n+ blocks.\n+_\bi_\bx_\bf_\br_\b-_\bf_\br_\bo_\bm_\b-_\bd_\bi_\bf_\bf_\be_\br_\be_\bn_\bc_\be_\bs Controls how IXFR transfers transfer\n+ are calculated.\n+ Allows the default\n+_\bj_\bo_\bu_\br_\bn_\ba_\bl journal's filename to be zone\n+ overridden.\n+ Defines a shared secret key\n+_\bk_\be_\by for use with _\bT_\bS_\bI_\bG or the security\n+ command channel.\n+ Indicates the directory\n+_\bk_\be_\by_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by where public and private dnssec\n+ DNSSEC key files are found.\n+ Specifies the path to a\n+_\bk_\be_\by_\b-_\bf_\bi_\bl_\be file containing the private server, security\n+ TLS key for a connection.\n+ Specifies one or more\n+_\bk_\be_\by_\bs _\bs_\be_\br_\bv_\be_\br_\b__\bk_\be_\by s to be used server, security\n+ with a remote server.\n+_\bl_\ba_\bm_\be_\b-_\bt_\bt_\bl Sets the resolver's lame server\n+ cache.\n+ Specifies the IPv4\n+_\bl_\bi_\bs_\bt_\be_\bn_\b-_\bo_\bn addresses on which a server server\n+ listens for DNS queries.\n+ Specifies the IPv6\n+_\bl_\bi_\bs_\bt_\be_\bn_\b-_\bo_\bn_\b-_\bv_\b6 addresses on which a server server\n+ listens for DNS queries.\n+ Specifies a per-listener\n+_\bl_\bi_\bs_\bt_\be_\bn_\be_\br_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs quota for active server, query\n+ connections.\n+ Sets a maximum size for the\n+_\bl_\bm_\bd_\bb_\b-_\bm_\ba_\bp_\bs_\bi_\bz_\be memory map of the new-zone server\n+ database in LMDB database\n+ format.\n+ Tests rate-limiting\n+_\bl_\bo_\bg_\b-_\bo_\bn_\bl_\by parameters without actually logging, query\n+ dropping any requests.\n+_\bl_\bo_\bg_\bg_\bi_\bn_\bg Configures logging options logging\n+ for the name server.\n+_\bm_\ba_\bn_\ba_\bg_\be_\bd_\b-_\bk_\be_\by_\bs deprecated\n+ Specifies the directory in\n+_\bm_\ba_\bn_\ba_\bg_\be_\bd_\b-_\bk_\be_\by_\bs_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by which to store the files dnssec\n+ that track managed DNSSEC\n+ keys.\n+ Specifies an access control\n+ list (ACL) of IPv4\n+_\bm_\ba_\bp_\bp_\be_\bd addresses that are to be query\n+ mapped to the corresponding\n+ A RRset in _\bd_\bn_\bs_\b6_\b4.\n+_\bm_\ba_\bs_\bt_\be_\br_\bf_\bi_\bl_\be_\b-_\bf_\bo_\br_\bm_\ba_\bt Specifies the file format server, zone\n+ of zone files.\n+ Specifies the format of\n+_\bm_\ba_\bs_\bt_\be_\br_\bf_\bi_\bl_\be_\b-_\bs_\bt_\by_\bl_\be zone files during a dump, server\n+ when the _\bm_\ba_\bs_\bt_\be_\br_\bf_\bi_\bl_\be_\b-_\bf_\bo_\br_\bm_\ba_\bt\n+ is text.\n+ Specifies a view of DNS\n+_\bm_\ba_\bt_\bc_\bh_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs namespace for a given view\n+ subset of client IP\n+ addresses.\n+ Specifies a view of DNS\n+_\bm_\ba_\bt_\bc_\bh_\b-_\bd_\be_\bs_\bt_\bi_\bn_\ba_\bt_\bi_\bo_\bn_\bs namespace for a given view\n+ subset of destination IP\n+ addresses.\n+ Allows IPv4-mapped IPv6\n+ addresses to match address-\n+_\bm_\ba_\bt_\bc_\bh_\b-_\bm_\ba_\bp_\bp_\be_\bd_\b-_\ba_\bd_\bd_\br_\be_\bs_\bs_\be_\bs match list entries for server\n+ corresponding IPv4\n+ addresses.\n+ Specifies that only\n+_\bm_\ba_\bt_\bc_\bh_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bv_\be_\b-_\bo_\bn_\bl_\by recursive requests can view\n+ match this view of the DNS\n+ namespace.\n+ Sets the maximum amount of\n+ memory to use for an\n+_\bm_\ba_\bx_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bs_\bi_\bz_\be individual cache database server\n+ and its associated\n+ metadata.\n+ Specifies the maximum time\n+_\bm_\ba_\bx_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl (in seconds) that the server\n+ server caches ordinary\n+ (positive) answers.\n+ Sets the maximum number of\n+ simultaneous recursive\n+_\bm_\ba_\bx_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs_\b-_\bp_\be_\br_\b-_\bq_\bu_\be_\br_\by clients accepted by the server\n+ server for any given query\n+ before the server drops\n+ additional clients.\n+ Sets the maximum size for\n+_\bm_\ba_\bx_\b-_\bi_\bx_\bf_\br_\b-_\br_\ba_\bt_\bi_\bo IXFR responses to zone transfer\n+ transfer requests.\n+_\bm_\ba_\bx_\b-_\bj_\bo_\bu_\br_\bn_\ba_\bl_\b-_\bs_\bi_\bz_\be Controls the size of transfer\n+ journal files.\n+ Specifies the maximum\n+ retention time (in seconds)\n+_\bm_\ba_\bx_\b-_\bn_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl for storage of negative server\n+ answers in the server's\n+ cache.\n+ Sets the maximum number of\n+_\bm_\ba_\bx_\b-_\br_\be_\bc_\bo_\br_\bd_\bs records permitted in a server, zone\n+ zone.\n+ Sets the maximum number of\n+ levels of recursion\n+_\bm_\ba_\bx_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn_\b-_\bd_\be_\bp_\bt_\bh permitted at any one time server\n+ while servicing a recursive\n+ query.\n+ Sets the maximum number of\n+_\bm_\ba_\bx_\b-_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn_\b-_\bq_\bu_\be_\br_\bi_\be_\bs iterative queries while server, query\n+ servicing a recursive\n+ query.\n+ Limits the zone refresh\n+_\bm_\ba_\bx_\b-_\br_\be_\bf_\br_\be_\bs_\bh_\b-_\bt_\bi_\bm_\be interval to no less often transfer\n+ than the specified value,\n+ in seconds.\n+ Limits the zone refresh\n+_\bm_\ba_\bx_\b-_\br_\be_\bt_\br_\by_\b-_\bt_\bi_\bm_\be retry interval to no less transfer\n+ often than the specified\n+ value, in seconds.\n+ Sets the maximum RSA\n+_\bm_\ba_\bx_\b-_\br_\bs_\ba_\b-_\be_\bx_\bp_\bo_\bn_\be_\bn_\bt_\b-_\bs_\bi_\bz_\be exponent size (in bits) query, dnssec\n+ when validating.\n+ Specifies the maximum time\n+ that the server retains\n+_\bm_\ba_\bx_\b-_\bs_\bt_\ba_\bl_\be_\b-_\bt_\bt_\bl records past their normal server\n+ expiry, to return them as\n+ stale records.\n+ Sets the maximum size of\n+_\bm_\ba_\bx_\b-_\bt_\ba_\bb_\bl_\be_\b-_\bs_\bi_\bz_\be the table used to track server\n+ requests and rate-limit\n+ responses.\n+ Specifies the number of\n+_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bi_\bd_\bl_\be_\b-_\bi_\bn minutes after which inbound transfer\n+ zone transfers making no\n+ progress are terminated.\n+ Specifies the number of\n+ minutes after which\n+_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bi_\bd_\bl_\be_\b-_\bo_\bu_\bt outbound zone transfers transfer\n+ making no progress are\n+ terminated.\n+ Specifies the number of\n+_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bt_\bi_\bm_\be_\b-_\bi_\bn minutes after which inbound transfer\n+ zone transfers are\n+ terminated.\n+ Specifies the number of\n+_\bm_\ba_\bx_\b-_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bt_\bi_\bm_\be_\b-_\bo_\bu_\bt minutes after which transfer\n+ outbound zone transfers are\n+ terminated.\n+_\bm_\ba_\bx_\b-_\bu_\bd_\bp_\b-_\bs_\bi_\bz_\be Sets the maximum EDNS UDP query\n+ message size sent by _\bn_\ba_\bm_\be_\bd.\n+ Set the maximum number of\n+_\bm_\ba_\bx_\b-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\bi_\bo_\bn_\b-_\bf_\ba_\bi_\bl_\bu_\br_\be_\bs_\b- DNSSEC validation failures server\n+_\bp_\be_\br_\b-_\bf_\be_\bt_\bc_\bh that can happen in single\n+ fetch\n+ Set the maximum number of\n+_\bm_\ba_\bx_\b-_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\bi_\bo_\bn_\bs_\b-_\bp_\be_\br_\b-_\bf_\be_\bt_\bc_\bh DNSSEC validations that can server\n+ happen in single fetch\n+ Specifies a maximum\n+_\bm_\ba_\bx_\b-_\bz_\bo_\bn_\be_\b-_\bt_\bt_\bl permissible time-to-live deprecated\n+ (TTL) value, in seconds.\n+ Controls whether memory\n+_\bm_\be_\bm_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs statistics are written to logging, server\n+ the file specified by\n+ _\bm_\be_\bm_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bf_\bi_\bl_\be at exit.\n+ Sets the pathname of the\n+_\bm_\be_\bm_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bf_\bi_\bl_\be file where the server logging\n+ writes memory usage\n+ statistics on exit.\n+ Controls whether DNS name\n+_\bm_\be_\bs_\bs_\ba_\bg_\be_\b-_\bc_\bo_\bm_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn compression is used in query\n+ responses to regular\n+ queries.\n+ Specifies the minimum time\n+_\bm_\bi_\bn_\b-_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl (in seconds) that the server\n+ server caches ordinary\n+ (positive) answers.\n+ Specifies the minimum\n+ retention time (in seconds)\n+_\bm_\bi_\bn_\b-_\bn_\bc_\ba_\bc_\bh_\be_\b-_\bt_\bt_\bl for storage of negative server\n+ answers in the server's\n+ cache.\n+ Limits the zone refresh\n+_\bm_\bi_\bn_\b-_\br_\be_\bf_\br_\be_\bs_\bh_\b-_\bt_\bi_\bm_\be interval to no more often transfer\n+ than the specified value,\n+ in seconds.\n+ Limits the zone refresh\n+_\bm_\bi_\bn_\b-_\br_\be_\bt_\br_\by_\b-_\bt_\bi_\bm_\be retry interval to no more transfer\n+ often than the specified\n+ value, in seconds.\n+ Sets the minimum size of\n+_\bm_\bi_\bn_\b-_\bt_\ba_\bb_\bl_\be_\b-_\bs_\bi_\bz_\be the table used to track query\n+ requests and rate-limit\n+ responses.\n+ Controls whether the server\n+ replies with only one of\n+_\bm_\bi_\bn_\bi_\bm_\ba_\bl_\b-_\ba_\bn_\by the RRsets for a query query\n+ name, when generating a\n+ positive response to a\n+ query of type ANY over UDP.\n+ Controls whether the server\n+ only adds records to the\n+ authority and additional\n+_\bm_\bi_\bn_\bi_\bm_\ba_\bl_\b-_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\bs data sections when they are query\n+ required (e.g. delegations,\n+ negative responses). This\n+ improves server\n+ performance.\n+ Controls whether serial\n+_\bm_\bu_\bl_\bt_\bi_\b-_\bm_\ba_\bs_\bt_\be_\br number mismatch errors are transfer\n+ logged.\n+ Specifies the directory\n+ where configuration\n+_\bn_\be_\bw_\b-_\bz_\bo_\bn_\be_\bs_\b-_\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by parameters are stored for zone\n+ zones added by _\br_\bn_\bd_\bc\n+ _\ba_\bd_\bd_\bz_\bo_\bn_\be.\n+ Specifies a list of\n+_\bn_\bo_\b-_\bc_\ba_\bs_\be_\b-_\bc_\bo_\bm_\bp_\br_\be_\bs_\bs addresses that require server\n+ case-insensitive\n+ compression in responses.\n+ Sets the maximum size of\n+_\bn_\bo_\bc_\bo_\bo_\bk_\bi_\be_\b-_\bu_\bd_\bp_\b-_\bs_\bi_\bz_\be UDP responses that are sent query\n+ to queries without a valid\n+ server COOKIE.\n+ Limits the number of empty\n+_\bn_\bo_\bd_\ba_\bt_\ba_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd (NODATA) responses for a query\n+ valid domain name.\n+ Controls whether NOTIFY\n+_\bn_\bo_\bt_\bi_\bf_\by messages are sent on zone transfer\n+ changes.\n+ Sets the delay (in seconds)\n+_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bd_\be_\bl_\ba_\by between sending sets of transfer, zone\n+ NOTIFY messages for a zone.\n+ Specifies the rate at which\n+_\bn_\bo_\bt_\bi_\bf_\by_\b-_\br_\ba_\bt_\be NOTIFY requests are sent transfer, zone\n+ during normal zone\n+ maintenance operations.\n+ Defines the IPv4 address\n+_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bs_\bo_\bu_\br_\bc_\be (and optional port) to be transfer\n+ used for outgoing NOTIFY\n+ messages.\n+ Defines the IPv6 address\n+_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 (and optional port) to be transfer\n+ used for outgoing NOTIFY\n+ messages.\n+ Controls whether the name\n+_\bn_\bo_\bt_\bi_\bf_\by_\b-_\bt_\bo_\b-_\bs_\bo_\ba servers in the NS RRset are transfer\n+ checked against the SOA\n+ MNAME.\n+ Specifies the use of NSEC3\n+_\bn_\bs_\be_\bc_\b3_\bp_\ba_\br_\ba_\bm instead of NSEC, and sets dnssec\n+ NSEC3 parameters.\n+ Specifies the lifetime, in\n+_\bn_\bt_\ba_\b-_\bl_\bi_\bf_\be_\bt_\bi_\bm_\be seconds, for negative trust dnssec\n+ anchors added via _\br_\bn_\bd_\bc_\b _\bn_\bt_\ba.\n+ Specifies the time interval\n+ for checking whether\n+_\bn_\bt_\ba_\b-_\br_\be_\bc_\bh_\be_\bc_\bk negative trust anchors dnssec\n+ added via _\br_\bn_\bd_\bc_\b _\bn_\bt_\ba are\n+ still necessary.\n+ Causes all messages sent to\n+_\bn_\bu_\bl_\bl the logging channel to be logging\n+ discarded.\n+ Appends the specified\n+ suffix to the original\n+_\bn_\bx_\bd_\bo_\bm_\ba_\bi_\bn_\b-_\br_\be_\bd_\bi_\br_\be_\bc_\bt query name, when replacing query\n+ an NXDOMAIN with a redirect\n+ namespace.\n+ Limits the number of\n+_\bn_\bx_\bd_\bo_\bm_\ba_\bi_\bn_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd undefined subdomains for a query\n+ valid domain name.\n+_\bo_\bp_\bt_\bi_\bo_\bn_\bs Defines global options to server\n+ be used by BIND 9.\n+ Adds EDNS Padding options\n+_\bp_\ba_\bd_\bd_\bi_\bn_\bg to outgoing messages to server\n+ increase the packet size.\n+ Sets the time to live (TTL)\n+_\bp_\ba_\br_\be_\bn_\bt_\b-_\bd_\bs_\b-_\bt_\bt_\bl of the DS RRset used by the dnssec\n+ parent zone.\n+ Sets the propagation delay\n+ from the time the parent\n+_\bp_\ba_\br_\be_\bn_\bt_\b-_\bp_\br_\bo_\bp_\ba_\bg_\ba_\bt_\bi_\bo_\bn_\b-_\bd_\be_\bl_\ba_\by zone is updated to when the zone, dnssec\n+ new version is served by\n+ all of the parent zone's\n+ name servers.\n+ Defines a list of\n+_\bp_\ba_\br_\be_\bn_\bt_\ba_\bl_\b-_\ba_\bg_\be_\bn_\bt_\bs delegation agents to be zone\n+ used by primary and\n+ secondary zones.\n+ Specifies which local IPv4\n+_\bp_\ba_\br_\be_\bn_\bt_\ba_\bl_\b-_\bs_\bo_\bu_\br_\bc_\be source address is used to dnssec\n+ send parental DS queries.\n+ Specifies which local IPv6\n+_\bp_\ba_\br_\be_\bn_\bt_\ba_\bl_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 source address is used to dnssec\n+ send parental DS queries.\n+ Specifies the pathname of\n+_\bp_\bi_\bd_\b-_\bf_\bi_\bl_\be the file where the server server\n+ writes its process ID.\n+_\bp_\bl_\bu_\bg_\bi_\bn Configures plugins in server\n+ _\bn_\ba_\bm_\be_\bd_\b._\bc_\bo_\bn_\bf.\n+ Specifies the UDP/TCP port\n+_\bp_\bo_\br_\bt number the server uses to server, query\n+ receive and send DNS\n+ protocol traffic.\n+ Specifies that server\n+_\bp_\br_\be_\bf_\be_\br_\b-_\bs_\be_\br_\bv_\be_\br_\b-_\bc_\bi_\bp_\bh_\be_\br_\bs ciphers should be preferred server, security\n+ over client ones.\n+ Controls the order of glue\n+_\bp_\br_\be_\bf_\be_\br_\br_\be_\bd_\b-_\bg_\bl_\bu_\be records in an A or AAAA query\n+ response.\n+ Specifies the \"trigger\"\n+_\bp_\br_\be_\bf_\be_\bt_\bc_\bh time-to-live (TTL) value at query\n+ which prefetch of the\n+ current query takes place.\n+_\bp_\br_\bi_\bm_\ba_\br_\bi_\be_\bs Defines one or more primary zone\n+ servers for a zone.\n+_\bp_\br_\bi_\bn_\bt_\b-_\bc_\ba_\bt_\be_\bg_\bo_\br_\by Includes the category in logging\n+ log messages.\n+_\bp_\br_\bi_\bn_\bt_\b-_\bs_\be_\bv_\be_\br_\bi_\bt_\by Includes the severity in logging\n+ log messages.\n+_\bp_\br_\bi_\bn_\bt_\b-_\bt_\bi_\bm_\be Specifies the time format logging\n+ for log messages.\n+ Specifies the allowed\n+_\bp_\br_\bo_\bt_\bo_\bc_\bo_\bl_\bs versions of the TLS security\n+ protocol.\n+ Controls whether a primary\n+ responds to an incremental\n+_\bp_\br_\bo_\bv_\bi_\bd_\be_\b-_\bi_\bx_\bf_\br zone request (IXFR) or only transfer\n+ responds with a full zone\n+ transfer (AXFR).\n+ Increases the amount of\n+ time between when keys are\n+_\bp_\bu_\bb_\bl_\bi_\bs_\bh_\b-_\bs_\ba_\bf_\be_\bt_\by published and when they dnssec\n+ become active, to allow for\n+ unforeseen events.\n+ Specifies the amount of\n+ time after which DNSSEC\n+_\bp_\bu_\br_\bg_\be_\b-_\bk_\be_\by_\bs keys that have been deleted dnssec\n+ from the zone can be\n+ removed from disk.\n+ Controls QNAME minimization\n+_\bq_\bn_\ba_\bm_\be_\b-_\bm_\bi_\bn_\bi_\bm_\bi_\bz_\ba_\bt_\bi_\bo_\bn behavior in the BIND 9 query\n+ resolver.\n+ Tightens defenses during\n+_\bq_\bp_\bs_\b-_\bs_\bc_\ba_\bl_\be DNS attacks by scaling back query\n+ the ratio of the current\n+ query-per-second rate.\n+ Controls the IPv4 address\n+_\bq_\bu_\be_\br_\by_\b-_\bs_\bo_\bu_\br_\bc_\be from which queries are query\n+ issued.\n+ Controls the IPv6 address\n+_\bq_\bu_\be_\br_\by_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 from which queries are query\n+ issued.\n+ Specifies whether query\n+_\bq_\bu_\be_\br_\by_\bl_\bo_\bg logging should be active logging, server\n+ when _\bn_\ba_\bm_\be_\bd first starts.\n+ Controls excessive UDP\n+ responses, to prevent BIND\n+_\br_\ba_\bt_\be_\b-_\bl_\bi_\bm_\bi_\bt 9 from being used to query\n+ amplify reflection denial-\n+ of-service (DoS) attacks.\n+ Specifies the pathname of\n+ the file where the server\n+_\br_\be_\bc_\bu_\br_\bs_\bi_\bn_\bg_\b-_\bf_\bi_\bl_\be dumps queries that are server\n+ currently recursing via\n+ _\br_\bn_\bd_\bc_\b _\br_\be_\bc_\bu_\br_\bs_\bi_\bn_\bg.\n+_\br_\be_\bc_\bu_\br_\bs_\bi_\bo_\bn Defines whether recursion query\n+ and caching are allowed.\n+ Specifies the maximum\n+_\br_\be_\bc_\bu_\br_\bs_\bi_\bv_\be_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs number of concurrent query\n+ recursive queries the\n+ server can perform.\n+ Toggles whether _\bd_\bn_\bs_\b6_\b4\n+_\br_\be_\bc_\bu_\br_\bs_\bi_\bv_\be_\b-_\bo_\bn_\bl_\by synthesis occurs only for query\n+ recursive queries.\n+ Limits the number of\n+_\br_\be_\bf_\be_\br_\br_\ba_\bl_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd referrals or delegations to query\n+ a server for a given\n+ domain.\n+ Specifies the expected\n+_\br_\be_\bm_\bo_\bt_\be_\b-_\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be hostname in the TLS security\n+ certificate of the remote\n+ server.\n+ Specifies whether the local\n+_\br_\be_\bq_\bu_\be_\bs_\bt_\b-_\be_\bx_\bp_\bi_\br_\be server requests the EDNS query, transfer\n+ EXPIRE value, when acting\n+ as a secondary.\n+ Controls whether a\n+ secondary requests an\n+_\br_\be_\bq_\bu_\be_\bs_\bt_\b-_\bi_\bx_\bf_\br incremental zone transfer transfer\n+ (IXFR) or a full zone\n+ transfer (AXFR).\n+ Controls whether an empty\n+ EDNS(0) NSID (Name Server\n+ Identifier) option is sent\n+_\br_\be_\bq_\bu_\be_\bs_\bt_\b-_\bn_\bs_\bi_\bd with all queries to query\n+ authoritative name servers\n+ during iterative\n+ resolution.\n+ Controls whether responses\n+_\br_\be_\bq_\bu_\bi_\br_\be_\b-_\bc_\bo_\bo_\bk_\bi_\be without a server cookie are query\n+ accepted\n+ Controls whether a valid\n+_\br_\be_\bq_\bu_\bi_\br_\be_\b-_\bs_\be_\br_\bv_\be_\br_\b-_\bc_\bo_\bo_\bk_\bi_\be server cookie is required query\n+ before sending a full\n+ response to a UDP request.\n+ Specifies the length of\n+ time, in milliseconds, that\n+_\br_\be_\bs_\bo_\bl_\bv_\be_\br_\b-_\bq_\bu_\be_\br_\by_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt a resolver attempts to query\n+ resolve a recursive query\n+ before failing.\n+ Specifies whether to apply\n+_\br_\be_\bs_\bo_\bl_\bv_\be_\br_\b-_\bu_\bs_\be_\b-_\bd_\bn_\bs_\b6_\b4 DNS64 mappings when sending server\n+ queries.\n+ Adds an EDNS Padding option\n+ to encrypted messages, to\n+_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\b-_\bp_\ba_\bd_\bd_\bi_\bn_\bg reduce the chance of query\n+ guessing the contents based\n+ on size.\n+ Specifies response policy security, server, query,\n+_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\b-_\bp_\bo_\bl_\bi_\bc_\by zones for the view or among zone\n+ global options.\n+ Limits the number of non-\n+_\br_\be_\bs_\bp_\bo_\bn_\bs_\be_\bs_\b-_\bp_\be_\br_\b-_\bs_\be_\bc_\bo_\bn_\bd empty responses for a valid query\n+ domain name and record\n+ type.\n+ Increases the amount of\n+ time a key remains\n+_\br_\be_\bt_\bi_\br_\be_\b-_\bs_\ba_\bf_\be_\bt_\by published after it is no dnssec\n+ longer active, to allow for\n+ unforeseen events.\n+_\br_\be_\bu_\bs_\be_\bp_\bo_\br_\bt Enables kernel load- server\n+ balancing of sockets.\n+ Controls whether BIND 9\n+_\br_\bo_\bo_\bt_\b-_\bk_\be_\by_\b-_\bs_\be_\bn_\bt_\bi_\bn_\be_\bl responds to root key server\n+ sentinel probes.\n+ Defines the order in which\n+_\br_\br_\bs_\be_\bt_\b-_\bo_\br_\bd_\be_\br equal RRs (RRsets) are query\n+ returned.\n+ Specifies whether a\n+_\bs_\be_\ba_\br_\bc_\bh Dynamically Loadable Zone query\n+ (DLZ) module is queried for\n+ an answer to a query name.\n+ Defines a Base64-encoded\n+_\bs_\be_\bc_\br_\be_\bt string to be used as the security\n+ secret by the algorithm.\n+ Specifies the pathname of\n+_\bs_\be_\bc_\br_\bo_\bo_\bt_\bs_\b-_\bf_\bi_\bl_\be the file where the server dnssec\n+ dumps security roots, when\n+ using _\br_\bn_\bd_\bc_\b _\bs_\be_\bc_\br_\bo_\bo_\bt_\bs.\n+ Controls whether a COOKIE\n+_\bs_\be_\bn_\bd_\b-_\bc_\bo_\bo_\bk_\bi_\be EDNS option is sent along query\n+ with a query.\n+ Defines an upper limit on\n+ the number of queries per\n+_\bs_\be_\br_\bi_\ba_\bl_\b-_\bq_\bu_\be_\br_\by_\b-_\br_\ba_\bt_\be second issued by the transfer\n+ server, when querying the\n+ SOA RRs used for zone\n+ transfers.\n+ Specifies the update method\n+_\bs_\be_\br_\bi_\ba_\bl_\b-_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bm_\be_\bt_\bh_\bo_\bd to be used for the zone zone\n+ serial number in the SOA\n+ record.\n+ Defines characteristics to\n+_\bs_\be_\br_\bv_\be_\br be associated with a remote server\n+ name server.\n+ Specifies a list of IP\n+ addresses to which queries\n+_\bs_\be_\br_\bv_\be_\br_\b-_\ba_\bd_\bd_\br_\be_\bs_\bs_\be_\bs should be sent in recursive query, zone\n+ resolution for a static-\n+ stub zone.\n+ Specifies the ID of the\n+_\bs_\be_\br_\bv_\be_\br_\b-_\bi_\bd server to return in server\n+ response to a ID.SERVER\n+ query.\n+ Specifies a list of domain\n+ names of name servers that\n+_\bs_\be_\br_\bv_\be_\br_\b-_\bn_\ba_\bm_\be_\bs act as authoritative zone\n+ servers of a static-stub\n+ zone.\n+ Sets the length of time (in\n+_\bs_\be_\br_\bv_\bf_\ba_\bi_\bl_\b-_\bt_\bt_\bl seconds) that a SERVFAIL server\n+ response is cached.\n+ Specifies the algorithm to\n+_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bk_\be_\by_\ba_\bl_\bg use for the TSIG session security\n+ key.\n+ Specifies the pathname of\n+ the file where a TSIG\n+_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bk_\be_\by_\bf_\bi_\bl_\be session key is written, security\n+ when generated by _\bn_\ba_\bm_\be_\bd for\n+ use by nsupdate -l.\n+_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bk_\be_\by_\bn_\ba_\bm_\be Specifies the key name for security\n+ the TSIG session key.\n+ Enables or disables session\n+_\bs_\be_\bs_\bs_\bi_\bo_\bn_\b-_\bt_\bi_\bc_\bk_\be_\bt_\bs resumption through TLS security\n+ session tickets.\n+_\bs_\be_\bv_\be_\br_\bi_\bt_\by Defines the priority level logging\n+ of log messages.\n+ Specifies the maximum\n+ number of nodes to be\n+_\bs_\bi_\bg_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg_\b-_\bn_\bo_\bd_\be_\bs examined in each quantum, dnssec\n+ when signing a zone with a\n+ new DNSKEY.\n+ Specifies the threshold for\n+ the number of signatures\n+_\bs_\bi_\bg_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg_\b-_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs that terminates processing dnssec\n+ a quantum, when signing a\n+ zone with a new DNSKEY.\n+ Specifies a private RDATA\n+_\bs_\bi_\bg_\b-_\bs_\bi_\bg_\bn_\bi_\bn_\bg_\b-_\bt_\by_\bp_\be type to use when generating dnssec\n+ signing-state records.\n+_\bs_\bi_\bg_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by_\b-_\bi_\bn_\bt_\be_\br_\bv_\ba_\bl obsolete\n+_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs_\b-_\br_\be_\bf_\br_\be_\bs_\bh Specifies how frequently an dnssec\n+ RRSIG record is refreshed.\n+_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by Indicates the validity dnssec\n+ period of an RRSIG record.\n+_\bs_\bi_\bg_\bn_\ba_\bt_\bu_\br_\be_\bs_\b-_\bv_\ba_\bl_\bi_\bd_\bi_\bt_\by_\b-_\bd_\bn_\bs_\bk_\be_\by Indicates the validity dnssec\n+ period of DNSKEY records.\n+ Sets the number of\n+ \"slipped\" responses to\n+_\bs_\bl_\bi_\bp minimize the use of forged query\n+ source addresses for an\n+ attack.\n+ Controls the ordering of\n+_\bs_\bo_\br_\bt_\bl_\bi_\bs_\bt RRs returned to the client, query\n+ based on the client's IP\n+ address.\n+ Defines the amount of time\n+ (in milliseconds) that\n+_\bs_\bt_\ba_\bl_\be_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\bc_\bl_\bi_\be_\bn_\bt_\b- _\bn_\ba_\bm_\be_\bd waits before server, query\n+_\bt_\bi_\bm_\be_\bo_\bu_\bt attempting to answer a\n+ query with a stale RRset\n+ from cache.\n+ Enables the returning of\n+_\bs_\bt_\ba_\bl_\be_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\be_\bn_\ba_\bb_\bl_\be \"stale\" cached answers when server, query\n+ the name servers for a zone\n+ are not answering.\n+ Specifies the time to live\n+_\bs_\bt_\ba_\bl_\be_\b-_\ba_\bn_\bs_\bw_\be_\br_\b-_\bt_\bt_\bl (TTL) to be returned on query\n+ stale answers, in seconds.\n+_\bs_\bt_\ba_\bl_\be_\b-_\bc_\ba_\bc_\bh_\be_\b-_\be_\bn_\ba_\bb_\bl_\be Enables the retention of server, query\n+ \"stale\" cached answers.\n+ Sets the time window for\n+ the return of \"stale\"\n+ cached answers before the\n+_\bs_\bt_\ba_\bl_\be_\b-_\br_\be_\bf_\br_\be_\bs_\bh_\b-_\bt_\bi_\bm_\be next attempt to contact, if server, query\n+ the name servers for a\n+ given zone are not\n+ responding.\n+ Specifies the rate at which\n+ NOTIFY requests are sent\n+_\bs_\bt_\ba_\br_\bt_\bu_\bp_\b-_\bn_\bo_\bt_\bi_\bf_\by_\b-_\br_\ba_\bt_\be when the name server is transfer, zone\n+ first starting, or when new\n+ zones have been added.\n+ Specifies the communication\n+ channels to be used by\n+_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bc_\bh_\ba_\bn_\bn_\be_\bl_\bs system administrators to logging\n+ access statistics\n+ information on the name\n+ server.\n+ Specifies the pathname of\n+_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs_\b-_\bf_\bi_\bl_\be the file where the server logging, server\n+ appends statistics, when\n+ using _\br_\bn_\bd_\bc_\b _\bs_\bt_\ba_\bt_\bs.\n+ Directs the logging channel\n+_\bs_\bt_\bd_\be_\br_\br output to the server's logging\n+ standard error stream.\n+ Specifies the maximum\n+_\bs_\bt_\br_\be_\ba_\bm_\bs_\b-_\bp_\be_\br_\b-_\bc_\bo_\bn_\bn_\be_\bc_\bt_\bi_\bo_\bn number of concurrent HTTP/ server, query\n+ 2 streams over an HTTP/\n+ 2 connection.\n+ Defines trailing bits for\n+_\bs_\bu_\bf_\bf_\bi_\bx mapped IPv4 address bits in query\n+ _\bd_\bn_\bs_\b6_\b4.\n+ Enables support for _\bR\bR_\bF\bF_\bC\bC\n+_\bs_\by_\bn_\bt_\bh_\b-_\bf_\br_\bo_\bm_\b-_\bd_\bn_\bs_\bs_\be_\bc _\b8\b8_\b1\b1_\b9\b9_\b8\b8, Aggressive Use of dnssec\n+ DNSSEC-Validated Cache.\n+_\bs_\by_\bs_\bl_\bo_\bg Directs the logging channel logging\n+ to the system log.\n+ Sets the timeout value (in\n+ milliseconds) that the\n+_\bt_\bc_\bp_\b-_\ba_\bd_\bv_\be_\br_\bt_\bi_\bs_\be_\bd_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt server sends in responses query\n+ containing the EDNS TCP\n+ keepalive option.\n+ Specifies the maximum\n+_\bt_\bc_\bp_\b-_\bc_\bl_\bi_\be_\bn_\bt_\bs number of simultaneous server\n+ client TCP connections\n+ accepted by the server.\n+ Sets the amount of time (in\n+ milliseconds) that the\n+ server waits on an idle TCP\n+_\bt_\bc_\bp_\b-_\bi_\bd_\bl_\be_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt connection before closing query\n+ it, if the EDNS TCP\n+ keepalive option is not in\n+ use.\n+ Sets the amount of time (in\n+ milliseconds) that the\n+_\bt_\bc_\bp_\b-_\bi_\bn_\bi_\bt_\bi_\ba_\bl_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt server waits on a new TCP server, query\n+ connection for the first\n+ message from the client.\n+_\bt_\bc_\bp_\b-_\bk_\be_\be_\bp_\ba_\bl_\bi_\bv_\be Adds EDNS TCP keepalive to server\n+ messages sent over TCP.\n+ Sets the amount of time (in\n+ milliseconds) that the\n+_\bt_\bc_\bp_\b-_\bk_\be_\be_\bp_\ba_\bl_\bi_\bv_\be_\b-_\bt_\bi_\bm_\be_\bo_\bu_\bt server waits on an idle TCP query\n+ connection before closing\n+ it, if the EDNS TCP\n+ keepalive option is in use.\n+_\bt_\bc_\bp_\b-_\bl_\bi_\bs_\bt_\be_\bn_\b-_\bq_\bu_\be_\bu_\be Sets the listen-queue server\n+ depth.\n+_\bt_\bc_\bp_\b-_\bo_\bn_\bl_\by Sets the transport protocol server\n+ to TCP.\n+ Sets the operating system's\n+_\bt_\bc_\bp_\b-_\br_\be_\bc_\be_\bi_\bv_\be_\b-_\bb_\bu_\bf_\bf_\be_\br receive buffer size for TCP server\n+ sockets.\n+ Sets the operating system's\n+_\bt_\bc_\bp_\b-_\bs_\be_\bn_\bd_\b-_\bb_\bu_\bf_\bf_\be_\br send buffer size for TCP server\n+ sockets.\n+ Sets the domain appended to\n+_\bt_\bk_\be_\by_\b-_\bd_\bo_\bm_\ba_\bi_\bn the names of all shared security\n+ keys generated with TKEY.\n+ Sets the security\n+ credential for\n+_\bt_\bk_\be_\by_\b-_\bg_\bs_\bs_\ba_\bp_\bi_\b-_\bc_\br_\be_\bd_\be_\bn_\bt_\bi_\ba_\bl authentication keys security\n+ requested by the GSS-TSIG\n+ protocol.\n+ Sets the KRB5 keytab file\n+_\bt_\bk_\be_\by_\b-_\bg_\bs_\bs_\ba_\bp_\bi_\b-_\bk_\be_\by_\bt_\ba_\bb to use for GSS-TSIG security\n+ updates.\n+_\bt_\bl_\bs Configures a TLS security\n+ connection.\n+ Specifies the TCP port\n+_\bt_\bl_\bs_\b-_\bp_\bo_\br_\bt number the server uses to server, query\n+ receive and send DNS-over-\n+ TLS protocol traffic.\n+ Controls whether multiple\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bf_\bo_\br_\bm_\ba_\bt records can be packed into transfer\n+ a message during zone\n+ transfers.\n+ Limits the uncompressed\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bm_\be_\bs_\bs_\ba_\bg_\be_\b-_\bs_\bi_\bz_\be size of DNS messages used transfer\n+ in zone transfers over TCP.\n+ Defines which local IPv4\n+ address(es) are bound to\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bs_\bo_\bu_\br_\bc_\be TCP connections used to transfer\n+ fetch zones transferred\n+ inbound by the server.\n+ Defines which local IPv6\n+ address(es) are bound to\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\b-_\bs_\bo_\bu_\br_\bc_\be_\b-_\bv_\b6 TCP connections used to transfer\n+ fetch zones transferred\n+ inbound by the server.\n+ Limits the number of\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs concurrent inbound zone server\n+ transfers from a server.\n+ Limits the number of\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs_\b-_\bi_\bn concurrent inbound zone transfer\n+ transfers.\n+ Limits the number of\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs_\b-_\bo_\bu_\bt concurrent outbound zone transfer\n+ transfers.\n+ Limits the number of\n+_\bt_\br_\ba_\bn_\bs_\bf_\be_\br_\bs_\b-_\bp_\be_\br_\b-_\bn_\bs concurrent inbound zone transfer\n+ transfers from a remote\n+ server.\n+ Instructs _\bn_\ba_\bm_\be_\bd to send\n+ specially formed queries\n+_\bt_\br_\bu_\bs_\bt_\b-_\ba_\bn_\bc_\bh_\bo_\br_\b-_\bt_\be_\bl_\be_\bm_\be_\bt_\br_\by once per day to domains for dnssec\n+ which trust anchors have\n+ been configured.\n+_\bt_\br_\bu_\bs_\bt_\b-_\ba_\bn_\bc_\bh_\bo_\br_\bs Defines _\bD_\bN_\bS_\bS_\bE_\bC trust dnssec\n+ anchors.\n+_\bt_\br_\bu_\bs_\bt_\be_\bd_\b-_\bk_\be_\by_\bs deprecated\n+ Specifies that BIND 9\n+_\bt_\br_\by_\b-_\bt_\bc_\bp_\b-_\br_\be_\bf_\br_\be_\bs_\bh should attempt to refresh a transfer\n+ zone using TCP if UDP\n+ queries fail.\n+_\bt_\by_\bp_\be Specifies the kind of zone zone\n+ in a given configuration.\n+ Contains forwarding\n+_\bt_\by_\bp_\be_\b _\bf_\bo_\br_\bw_\ba_\br_\bd statements that apply to zone\n+ queries within a given\n+ domain.\n+ Contains the initial set of\n+_\bt_\by_\bp_\be_\b _\bh_\bi_\bn_\bt root name servers to be zone\n+ used at BIND 9 startup.\n+ Contains a DNSSEC-validated\n+_\bt_\by_\bp_\be_\b _\bm_\bi_\br_\br_\bo_\br duplicate of the main data zone\n+ for a zone.\n+_\bt_\by_\bp_\be_\b _\bp_\br_\bi_\bm_\ba_\br_\by Contains the main copy of zone\n+ the data for a zone.\n+ Contains information to\n+_\bt_\by_\bp_\be_\b _\br_\be_\bd_\bi_\br_\be_\bc_\bt answer queries when normal zone\n+ resolution would return\n+ NXDOMAIN.\n+ Contains a duplicate of the\n+_\bt_\by_\bp_\be_\b _\bs_\be_\bc_\bo_\bn_\bd_\ba_\br_\by data for a zone that has zone\n+ been transferred from a\n+ primary server.\n+ Contains a duplicate of the\n+ NS records of a primary\n+_\bt_\by_\bp_\be_\b _\bs_\bt_\ba_\bt_\bi_\bc_\b-_\bs_\bt_\bu_\bb zone, but statically zone\n+ configured rather than\n+ transferred from a primary\n+ server.\n+ Contains a duplicate of the\n+_\bt_\by_\bp_\be_\b _\bs_\bt_\bu_\bb NS records of a primary zone\n+ zone.\n+ Sets the operating system's\n+_\bu_\bd_\bp_\b-_\br_\be_\bc_\be_\bi_\bv_\be_\b-_\bb_\bu_\bf_\bf_\be_\br receive buffer size for UDP server\n+ sockets.\n+ Sets the operating system's\n+_\bu_\bd_\bp_\b-_\bs_\be_\bn_\bd_\b-_\bb_\bu_\bf_\bf_\be_\br send buffer size for UDP server\n+ sockets.\n+ Specifies a Unix domain\n+_\bu_\bn_\bi_\bx socket as a control obsolete\n+ channel.\n+_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bc_\bh_\be_\bc_\bk_\b-_\bk_\bs_\bk obsolete\n+ Sets fine-grained rules to\n+ allow or deny dynamic\n+_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bp_\bo_\bl_\bi_\bc_\by updates (DDNS), based on transfer\n+ requester identity, updated\n+ content, etc.\n+ Specifies the maximum\n+_\bu_\bp_\bd_\ba_\bt_\be_\b-_\bq_\bu_\bo_\bt_\ba number of concurrent DNS server\n+ UPDATE messages that can be\n+ processed by the server.\n+ Specifies a list of ports\n+_\bu_\bs_\be_\b-_\bv_\b4_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs that are valid sources for deprecated\n+ UDP/IPv4 messages.\n+ Specifies a list of ports\n+_\bu_\bs_\be_\b-_\bv_\b6_\b-_\bu_\bd_\bp_\b-_\bp_\bo_\br_\bt_\bs that are valid sources for deprecated\n+ UDP/IPv6 messages.\n+ Indicates the number of\n+_\bv_\b6_\b-_\bb_\bi_\ba_\bs milliseconds of preference server, query\n+ to give to IPv6 name\n+ servers.\n+ Specifies a list of domain\n+_\bv_\ba_\bl_\bi_\bd_\ba_\bt_\be_\b-_\be_\bx_\bc_\be_\bp_\bt names at and beneath which dnssec\n+ DNSSEC validation should\n+ not be performed.\n+ Specifies the version\n+_\bv_\be_\br_\bs_\bi_\bo_\bn number of the server to server\n+ return in response to a\n+ version.bind query.\n+ Allows a name server to\n+_\bv_\bi_\be_\bw answer a DNS query view\n+ differently depending on\n+ who is asking.\n+ Specifies the length of\n+_\bw_\bi_\bn_\bd_\bo_\bw time during which responses query\n+ are tracked.\n+ Specifies whether to set\n+ the time to live (TTL) of\n+_\bz_\be_\br_\bo_\b-_\bn_\bo_\b-_\bs_\bo_\ba_\b-_\bt_\bt_\bl the SOA record to zero, server, query, zone\n+ when returning\n+ authoritative negative\n+ responses to SOA queries.\n+ Sets the time to live (TTL)\n+_\bz_\be_\br_\bo_\b-_\bn_\bo_\b-_\bs_\bo_\ba_\b-_\bt_\bt_\bl_\b-_\bc_\ba_\bc_\bh_\be to zero when caching a server, query, zone\n+ negative response to an SOA\n+ query.\n+_\bz_\bo_\bn_\be Specifies the zone in a zone\n+ BIND 9 configuration.\n+ Sets the propagation delay\n+ from the time a zone is\n+_\bz_\bo_\bn_\be_\b-_\bp_\br_\bo_\bp_\ba_\bg_\ba_\bt_\bi_\bo_\bn_\b-_\bd_\be_\bl_\ba_\by first updated to when the zone, dnssec\n+ new version of the zone is\n+ served by all secondary\n+ servers.\n+ Controls the level of\n+_\bz_\bo_\bn_\be_\b-_\bs_\bt_\ba_\bt_\bi_\bs_\bt_\bi_\bc_\bs statistics gathered for all logging, zone\n+ zones.\n *\b**\b**\b**\b**\b* 8\b8.\b.4\b4.\b. S\bSt\bta\bat\bte\bem\bme\ben\bnt\bts\bs b\bby\by T\bTa\bag\bg_\b?\b\uf0c1 *\b**\b**\b**\b**\b*\n These tables group the various statements permissible in named.conf by their\n corresponding tag.\n *\b**\b**\b**\b* 8\b8.\b.4\b4.\b.1\b1.\b. D\bDN\bNS\bSS\bSE\bEC\bC T\bTa\bag\bg S\bSt\bta\bat\bte\bem\bme\ben\bnt\bts\bs_\b?\b\uf0c1 *\b**\b**\b**\b*\n S\bSt\bta\bat\bte\bem\bme\ben\bnt\bt D\bDe\bes\bsc\bcr\bri\bip\bpt\bti\bio\bon\bn\n _\bb_\bi_\bn_\bd_\bk_\be_\by_\bs_\b-_\bf_\bi_\bl_\be Specifies the pathname of a file to override the\n built-in trusted keys provided by _\bn_\ba_\bm_\be_\bd.\n"}]}]}]}]}]}