--- /srv/reproducible-results/rbuild-debian/r-b-build.gMLkNCAw/b1/bind9_9.19.21-1_amd64.changes +++ /srv/reproducible-results/rbuild-debian/r-b-build.gMLkNCAw/b2/bind9_9.19.21-1_amd64.changes ├── Files │ @@ -1,13 +1,13 @@ │ │ d71523badb5bada932f294bca75c6cf8 660344 debug optional bind9-dbgsym_9.19.21-1_amd64.deb │ 8c800fa4edba8cfda764a6d2ba6c8433 546284 devel optional bind9-dev_9.19.21-1_amd64.deb │ 09f5074b048949e7d99ce107377d1489 428640 debug optional bind9-dnsutils-dbgsym_9.19.21-1_amd64.deb │ 53590c4de26c54a9d2023fe38591f34f 422884 net standard bind9-dnsutils_9.19.21-1_amd64.deb │ - c0aebcb5e7711df5d4a231c64c4073c0 3488956 doc optional bind9-doc_9.19.21-1_all.deb │ + fbcac7fd84aafc18c30a4d2ea892bfab 3488984 doc optional bind9-doc_9.19.21-1_all.deb │ f0459b99f09138293ed06fd8c0f2baee 105704 debug optional bind9-host-dbgsym_9.19.21-1_amd64.deb │ d026f63d5970d667d40aaedc7fb9d0f1 313988 net standard bind9-host_9.19.21-1_amd64.deb │ df1d0b360caacf07693d4448fca54022 3865560 debug optional bind9-libs-dbgsym_9.19.21-1_amd64.deb │ 2d66602c7bf4db6a308dda56c89e3ff7 1420888 libs standard bind9-libs_9.19.21-1_amd64.deb │ 0a1c47fe2b008e0c2075a104e3766a70 412472 debug optional bind9-utils-dbgsym_9.19.21-1_amd64.deb │ 8fa6236c177f4339fe2e3b5a0e673e93 421472 net optional bind9-utils_9.19.21-1_amd64.deb │ 0bf3998323ef1a7c0475137d92ab0c3f 504812 net optional bind9_9.19.21-1_amd64.deb ├── bind9-doc_9.19.21-1_all.deb │ ├── file list │ │ @@ -1,3 +1,3 @@ │ │ -rw-r--r-- 0 0 0 4 2024-02-12 16:04:19.000000 debian-binary │ │ -rw-r--r-- 0 0 0 2000 2024-02-12 16:04:19.000000 control.tar.xz │ │ --rw-r--r-- 0 0 0 3486764 2024-02-12 16:04:19.000000 data.tar.xz │ │ +-rw-r--r-- 0 0 0 3486792 2024-02-12 16:04:19.000000 data.tar.xz │ ├── control.tar.xz │ │ ├── control.tar │ │ │ ├── ./md5sums │ │ │ │ ├── ./md5sums │ │ │ │ │┄ Files differ │ ├── data.tar.xz │ │ ├── data.tar │ │ │ ├── ./usr/share/doc/bind9-doc/arm/reference.html │ │ │ │ @@ -2203,53 +2203,53 @@ │ │ │ │ │ │ │ │ │ │ │ │
Grammar: port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ │ │ │ │ │This is the UDP/TCP port number the server uses to receive and send DNS │ │ │ │ protocol traffic. The default is 53. This option is mainly intended │ │ │ │ for server testing; a server using a port other than 53 is not │ │ │ │ able to communicate with the global DNS.
│ │ │ │Grammar: tls-port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-TLS protocol traffic. The default is 853.
│ │ │ │Grammar: https-port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-HTTPS protocol traffic. The default is 443.
│ │ │ │Grammar: http-port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ unencrypted DNS traffic via HTTP (a configuration that may be useful │ │ │ │ when encryption is handled by third-party software or by a reverse │ │ │ │ proxy).
│ │ │ │Grammar: disable-ds-digests <string> { <string>; ... }; // may occur multiple times
Blocks: options, view
│ │ │ │ -Tags: dnssec, zone
│ │ │ │ +Tags: zone, dnssec
│ │ │ │Disables DS digest types from a specified zone.
│ │ │ │ │ │ │ │This disables the specified DS digest types at and below the specified
│ │ │ │ name. Multiple disable-ds-digests
statements are allowed. Only
│ │ │ │ the best-match disable-ds-digests
clause is used to
│ │ │ │ determine the digest types.
If all supported digest types are disabled, the zones covered by │ │ │ │ @@ -2530,15 +2530,15 @@ │ │ │ │
Grammar: ipv4only-server <string>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64
.
Grammar: zone-statistics ( full | terse | none | <boolean> );
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
│ │ │ │ -Tags: zone, logging
│ │ │ │ +Tags: logging, zone
│ │ │ │Controls the level of statistics gathered for all zones.
│ │ │ │ │ │ │ │If full
, the server collects statistical data on all zones,
│ │ │ │ unless specifically turned off on a per-zone basis by specifying
│ │ │ │ zone-statistics terse
or zone-statistics none
in the zone
│ │ │ │ statement. The statistical data includes, for example, DNSSEC signing
│ │ │ │ operations and the number of authoritative answers per query type. The
│ │ │ │ @@ -2755,15 +2755,15 @@
│ │ │ │
Grammar: allow-new-zones <boolean>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Controls the ability to add zones at runtime via rndc addzone
.
If yes
, then zones can be added at runtime via rndc addzone
.
│ │ │ │ The default is no
.
Newly added zones’ configuration parameters are stored so that they
│ │ │ │ can persist after the server is restarted. The configuration
│ │ │ │ information is saved in a file called viewname.nzf
(or, if
│ │ │ │ @@ -3193,15 +3193,15 @@
│ │ │ │
Grammar: stale-answer-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Enables the returning of “stale” cached answers when the name servers for a zone are not answering.
│ │ │ │ │ │ │ │If yes
, enable the returning of “stale” cached answers when the name
│ │ │ │ servers for a zone are not answering and the stale-cache-enable
option is
│ │ │ │ also enabled. The default is not to return stale answers.
Stale answers can also be enabled or disabled at runtime via
│ │ │ │ rndc serve-stale on
or rndc serve-stale off
; these override
│ │ │ │ @@ -3216,15 +3216,15 @@
│ │ │ │
Grammar: stale-answer-client-timeout ( disabled | off | <integer> );
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Defines the amount of time (in milliseconds) that named
waits before attempting to answer a query with a stale RRset from cache.
This option defines the amount of time (in milliseconds) that named
│ │ │ │ waits before attempting to answer the query with a stale RRset from cache.
│ │ │ │ If a stale answer is found, named
continues the ongoing fetches,
│ │ │ │ attempting to refresh the RRset in cache until the
│ │ │ │ resolver-query-timeout
interval is reached.
Grammar: stale-cache-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Enables the retention of “stale” cached answers.
│ │ │ │ │ │ │ │If yes
, enable the retaining of “stale” cached answers. Default no
.
Grammar: stale-refresh-time <duration>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the time window for the return of “stale” cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │ │ │ │ │If the name servers for a given zone are not answering, this sets the time
│ │ │ │ window for which named
will promptly return “stale” cached answers for
│ │ │ │ that RRSet being requested before a new attempt in contacting the servers
│ │ │ │ is made. For convenience, TTL-style time-unit suffixes may be used to
│ │ │ │ specify the value. It also accepts ISO 8601 duration formats.
Grammar zone (hint, mirror, primary, secondary, stub): check-names ( fail | warn | ignore );
Grammar options, view: check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
Blocks: options, view, zone (hint, mirror, primary, secondary, stub)
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
│ │ │ │ │ │ │ │This option is used to restrict the character set and syntax of
│ │ │ │ certain domain names in primary files and/or DNS responses received
│ │ │ │ from the network. The default varies according to usage area. For
│ │ │ │ type primary
zones the default is fail
. For type secondary
zones the
│ │ │ │ default is warn
. For answers received from the network
│ │ │ │ @@ -3586,15 +3586,15 @@
│ │ │ │
Grammar: check-dup-records ( fail | warn | ignore );
Blocks: options, view, zone (primary)
│ │ │ │ -Tags: dnssec, query
│ │ │ │ +Tags: query, dnssec
│ │ │ │Checks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
│ │ │ │ │ │ │ │This checks primary zones for records that are treated as different by
│ │ │ │ DNSSEC but are semantically equal in plain DNS. The default is to
│ │ │ │ warn
. Other possible values are fail
and ignore
.
Grammar: zero-no-soa-ttl <boolean>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: zone, query, server
│ │ │ │ +Tags: server, query, zone
│ │ │ │Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │ │ │ │ │If yes
, when returning authoritative negative responses to SOA queries, set
│ │ │ │ the TTL of the SOA record returned in the authority section to zero.
│ │ │ │ The default is yes
.
Grammar: zero-no-soa-ttl-cache <boolean>;
Blocks: options, view
│ │ │ │ -Tags: zone, query, server
│ │ │ │ +Tags: server, query, zone
│ │ │ │Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │ │ │ │ │If yes
, when caching a negative response to an SOA query set the TTL to zero.
│ │ │ │ The default is no
.
Grammar: allow-recursion-on { <address_match_element>; ... };
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies which local addresses can accept recursive queries.
│ │ │ │ │ │ │ │This specifies which local addresses can accept recursive queries. If
│ │ │ │ allow-recursion-on
is not set, then allow-query-cache-on
is
│ │ │ │ used if set; otherwise, the default is to allow recursive queries on
│ │ │ │ all addresses. Any client permitted to send recursive queries can
│ │ │ │ send them to any address on which named
is listening. Note: both
│ │ │ │ @@ -4628,30 +4628,30 @@
│ │ │ │
Grammar: notify-rate <integer>;
Blocks: options
│ │ │ │ -Tags: zone, transfer
│ │ │ │ +Tags: transfer, zone
│ │ │ │Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │ │ │ │ │This specifies the rate at which NOTIFY requests are sent during normal zone │ │ │ │ maintenance operations. (NOTIFY requests due to initial zone loading │ │ │ │ are subject to a separate rate limit; see below.) The default is 20 │ │ │ │ per second. The lowest possible rate is one per second; when set to │ │ │ │ zero, it is silently raised to one.
│ │ │ │Grammar: startup-notify-rate <integer>;
Blocks: options
│ │ │ │ -Tags: zone, transfer
│ │ │ │ +Tags: transfer, zone
│ │ │ │Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │ │ │ │ │This is the rate at which NOTIFY requests are sent when the name server │ │ │ │ is first starting up, or when zones have been newly added to the │ │ │ │ name server. The default is 20 per second. The lowest possible rate is │ │ │ │ one per second; when set to zero, it is silently raised to one.
│ │ │ │Grammar: max-records <integer>;
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Sets the maximum number of records permitted in a zone.
│ │ │ │ │ │ │ │This sets the maximum number of records permitted in a zone. The default is │ │ │ │ zero, which means the maximum is unlimited.
│ │ │ │Grammar: fetches-per-zone <integer> [ ( drop | fail ) ];
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ │ │ │ │ │This sets the maximum number of simultaneous iterative queries to any one │ │ │ │ domain that the server permits before blocking new queries for │ │ │ │ data in or beneath that zone. This value should reflect how many │ │ │ │ fetches would normally be sent to any one zone in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5037,15 +5037,15 @@ │ │ │ │
Grammar: fetches-per-server <integer> [ ( drop | fail ) ];
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ │ │ │ │ │This sets the maximum number of simultaneous iterative queries that the server │ │ │ │ allows to be sent to a single upstream name server before │ │ │ │ blocking additional queries. This value should reflect how many │ │ │ │ fetches would normally be sent to any one server in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5070,15 +5070,15 @@ │ │ │ │
Grammar: fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the parameters for dynamic resizing of the fetches-per-server
quota in response to detected congestion.
This sets the parameters to use for dynamic resizing of the
│ │ │ │ fetches-per-server
quota in response to detected congestion.
The first argument is an integer value indicating how frequently to │ │ │ │ recalculate the moving average of the ratio of timeouts to responses │ │ │ │ for each server. The default is 100, meaning that BIND recalculates the │ │ │ │ @@ -5166,15 +5166,15 @@ │ │ │ │
Grammar: tcp-initial-timeout <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ │ │ │ │ │This sets the amount of time (in units of 100 milliseconds) that the server waits on │ │ │ │ a new TCP connection for the first message from the client. The │ │ │ │ default is 300 (30 seconds), the minimum is 25 (2.5 seconds), and the │ │ │ │ maximum is 1200 (two minutes). Values above the maximum or below the │ │ │ │ minimum are adjusted with a logged warning. (Note: this value │ │ │ │ @@ -5837,15 +5837,15 @@ │ │ │ │
Grammar: masterfile-format ( raw | text );
Blocks: options, view, zone (mirror, primary, redirect, secondary, stub)
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Specifies the file format of zone files.
│ │ │ │ │ │ │ │This specifies the file format of zone files (see Additional File Formats
│ │ │ │ for details). The default value is text
, which is the standard
│ │ │ │ textual representation, except for secondary zones, in which the default
│ │ │ │ value is raw
. Files in formats other than text
are typically
│ │ │ │ expected to be generated by the named-compilezone
tool, or dumped by
│ │ │ │ @@ -5900,28 +5900,28 @@
│ │ │ │
Grammar: max-recursion-queries <integer>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ │ │ │ │ │This sets the maximum number of iterative queries that may be sent while │ │ │ │ servicing a recursive query. If more queries are sent, the recursive │ │ │ │ query is terminated and returns SERVFAIL. The default is 100.
│ │ │ │Grammar: notify-delay <integer>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: zone, transfer
│ │ │ │ +Tags: transfer, zone
│ │ │ │Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │ │ │ │ │This sets the delay, in seconds, between sending sets of NOTIFY messages │ │ │ │ for a zone. Whenever a NOTIFY message is sent for a zone, a timer will │ │ │ │ be set for this duration. If the zone is updated again before the timer │ │ │ │ expires, the NOTIFY for that update will be postponed. The default is 5 │ │ │ │ seconds.
│ │ │ │ @@ -5930,15 +5930,15 @@ │ │ │ │Grammar: max-rsa-exponent-size <integer>;
Blocks: options
│ │ │ │ -Tags: dnssec, query
│ │ │ │ +Tags: query, dnssec
│ │ │ │Sets the maximum RSA exponent size (in bits) when validating.
│ │ │ │ │ │ │ │This sets the maximum RSA exponent size, in bits, that is accepted when │ │ │ │ validating. Valid values are 35 to 4096 bits. The default, zero, is │ │ │ │ also accepted and is equivalent to 4096.
│ │ │ │Grammar: v6-bias <integer>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ │ │ │ │ │When determining the next name server to try, this indicates by how many
│ │ │ │ milliseconds to prefer IPv6 name servers. The default is 50
│ │ │ │ milliseconds.
Grammar: empty-server <string>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Specifies the server name in the returned SOA record for empty zones.
│ │ │ │ │ │ │ │This specifies the server name that appears in the returned SOA record for │ │ │ │ empty zones. If none is specified, the zone’s name is used.
│ │ │ │Grammar: empty-contact <string>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Specifies the contact name in the returned SOA record for empty zones.
│ │ │ │ │ │ │ │This specifies the contact name that appears in the returned SOA record for │ │ │ │ empty zones. If none is specified, “.” is used.
│ │ │ │Grammar: empty-zones-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Enables or disables all empty zones.
│ │ │ │ │ │ │ │This enables or disables all empty zones. By default, they are enabled.
│ │ │ │Grammar: disable-empty-zone <string>; // may occur multiple times
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Disables individual empty zones.
│ │ │ │ │ │ │ │This disables individual empty zones. By default, none are disabled. This │ │ │ │ option can be specified multiple times.
│ │ │ │Grammar: response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
Blocks: options, view
│ │ │ │ -Tags: zone, query, security, server
│ │ │ │ +Tags: security, server, query, zone
│ │ │ │Specifies response policy zones for the view or among global options.
│ │ │ │ │ │ │ │Response policy zones are named in the response-policy
option for
│ │ │ │ the view, or among the global options if there is no response-policy
│ │ │ │ option for the view. Response policy zones are ordinary DNS zones
│ │ │ │ containing RRsets that can be queried normally if allowed. It is usually
│ │ │ │ best to restrict those queries with something like
│ │ │ │ @@ -6607,42 +6607,42 @@
│ │ │ │ such as SERVFAIL to appear to be rewritten, since no recursion is being
│ │ │ │ done to discover problems at the authoritative server.
Grammar: dnsrps-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ │ │ │ │The dnsrps-enable yes
option turns on the DNS Response Policy Service
│ │ │ │ (DNSRPS) interface, if it has been compiled in named
using
│ │ │ │ configure --enable-dnsrps
.
Grammar: dnsrps-library <quoted_string>;
Blocks: options
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ │ │ │ │This option specifies the path to the DNSRPS provider library. Typically
│ │ │ │ this library is detected when building with configure --enable-dnsrps
│ │ │ │ and does not need to be specified in named.conf
; the option exists
│ │ │ │ to override the default library for testing purposes.
Grammar: dnsrps-options { <unspecified-text> };
Blocks: options, view
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ │ │ │ │ │The block provides additional RPZ configuration
│ │ │ │ settings, which are passed through to the DNSRPS provider library.
│ │ │ │ Multiple DNSRPS settings in an dnsrps-options
string should be
│ │ │ │ separated with semi-colons (;). The DNSRPS provider library is passed a
│ │ │ │ configuration string consisting of the dnsrps-options
text,
│ │ │ │ @@ -7067,15 +7067,15 @@
│ │ │ │
Grammar: log-only <boolean>;
Blocks: options.rate-limit, view.rate-limit
│ │ │ │ -Tags: query, logging
│ │ │ │ +Tags: logging, query
│ │ │ │Tests rate-limiting parameters without actually dropping any requests.
│ │ │ │ │ │ │ │Use log-only yes
to test rate-limiting parameters without actually
│ │ │ │ dropping any requests.
Responses dropped by rate limits are included in the RateDropped
and
│ │ │ │ @@ -7272,15 +7272,15 @@
│ │ │ │ option.
Blocks: dnssec-policy, server, view.server
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies one or more server_key
s to be used with a remote server.
Warning
│ │ │ │Not to be confused with keys
in dnssec-policy
specification.
│ │ │ │ Although statements with the same name exist in both contexts, they refer
│ │ │ │ to fundamentally incompatible concepts.
tls
can only be set at the top level of named.conf
.
The following options can be specified in a tls
statement:
Grammar: key-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing the private TLS key for a connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing the private TLS key to be used for │ │ │ │ the connection.
│ │ │ │
Grammar: cert-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing the TLS certificate to be used for │ │ │ │ the connection.
│ │ │ │
Grammar: ca-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │ │ │ │ │Path to a file containing trusted CA authorities’ TLS │ │ │ │ certificates used to verify remote peer certificates. Specifying │ │ │ │ this option enables remote peer certificates’ verification. For │ │ │ │ incoming connections, specifying this option makes BIND require │ │ │ │ @@ -7481,15 +7481,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
- │ │ │ │ dhparam-file
│ │ │ │Grammar:
│ │ │ │dhparam-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing Diffie-Hellman parameters, │ │ │ │ which is needed to enable the cipher suites depending on the │ │ │ │ Diffie-Hellman ephemeral key exchange (DHE). Having these parameters │ │ │ │ specified is essential for enabling perfect forward secrecy capable │ │ │ │ @@ -7550,15 +7550,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │ @@ -7673,15 +7673,15 @@ │ │ │ │ listener-clients <integer>; │ │ │ │ streams-per-connection <integer>; │ │ │ │ }; // may occur multiple times │ │ │ │- │ │ │ │ prefer-server-ciphers
│ │ │ │Grammar:
│ │ │ │prefer-server-ciphers <boolean>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies that server ciphers should be preferred over client ones.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Specifies that server ciphers should be preferred over client ones.
│ │ │ │Blocks: topmost
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ │ │ │ │ │
http
Block Definition and Usagehttp
can only be set at the top level of named.conf
.
The following options can be specified in an http
statement:
Grammar: endpoints { <quoted_string>; ... };
Blocks: http
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies a list of HTTP query paths on which to listen.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │A list of HTTP query paths on which to listen. This is the portion │ │ │ │ of an RFC 3986-compliant URI following the hostname; it must be │ │ │ │ an absolute path, beginning with “/”. The default value │ │ │ │ is
│ │ │ │ @@ -7708,28 +7708,28 @@ │ │ │ │ │ │ │ │ │ │ │ │"/dns-query"
, if omitted.│ │ │ │
│ │ │ │ │ │ │ │- │ │ │ │ listener-clients
│ │ │ │Grammar:
│ │ │ │listener-clients <integer>;
Blocks: http
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies a per-listener quota for active connections.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │The option specifies a per-listener quota for active connections.
│ │ │ ││ │ │ │
│ │ │ │ @@ -8247,15 +8247,15 @@ │ │ │ │ │ │ │ │ │ │ │ │- │ │ │ │ streams-per-connection
│ │ │ │Grammar:
│ │ │ │streams-per-connection <integer>;
Blocks: http
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │The option specifies the hard limit on the number of concurrent │ │ │ │ HTTP/2 streams over an HTTP/2 connection.
│ │ │ ││ │ │ │
│ │ │ │ │ │ │ │- │ │ │ │ zone-propagation-delay
│ │ │ │Grammar:
│ │ │ │zone-propagation-delay <duration>;
Blocks: dnssec-policy
│ │ │ │ -Tags: dnssec, zone
│ │ │ │ +Tags: zone, dnssec
│ │ │ │Sets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │ @@ -8276,15 +8276,15 @@ │ │ │ │This is the expected propagation delay from the time when a zone is │ │ │ │ first updated to the time when the new version of the zone is served │ │ │ │ by all secondary servers. The default is
│ │ │ │PT5M
(5 minutes).│ │ │ │
- │ │ │ │ parent-propagation-delay
│ │ │ │Grammar:
│ │ │ │parent-propagation-delay <duration>;
Blocks: dnssec-policy
│ │ │ │ -Tags: dnssec, zone
│ │ │ │ +Tags: zone, dnssec
│ │ │ │Sets the propagation delay from the time the parent zone is updated to when the new version is served by all of the parent zone’s name servers.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │ @@ -9506,15 +9506,15 @@ │ │ │ │ in-view <string>; │ │ │ │ }; │ │ │ │This is the expected propagation delay from the time when the parent │ │ │ │ zone is updated to the time when the new version is served by all of │ │ │ │ the parent zone’s name servers. The default is
│ │ │ │PT1H
(1 hour).
Grammar zone (in-view): in-view <string>;
Blocks: zone, zone (in-view), view.zone
│ │ │ │ -Tags: zone, view
│ │ │ │ +Tags: view, zone
│ │ │ │Specifies the view in which a given zone is defined.
│ │ │ │ │ │ │ │When using multiple views, a type primary
or type secondary
zone configured
│ │ │ │ in one view can be referenced in a subsequent view. This allows both views
│ │ │ │ to use the same zone without the overhead of loading it more than once. This
│ │ │ │ is configured using a zone
statement, with an in-view
option
│ │ │ │ specifying the view in which the zone is defined. A zone
statement
│ │ │ │ @@ -9682,15 +9682,15 @@
│ │ │ │
Grammar: server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
Blocks: zone (static-stub)
│ │ │ │ -Tags: zone, query
│ │ │ │ +Tags: query, zone
│ │ │ │Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
│ │ │ │ │ │ │ │This option is only meaningful for static-stub zones. This is a list of IP addresses │ │ │ │ to which queries should be sent in recursive resolution for the zone. │ │ │ │ A non-empty list for this option internally configures the apex │ │ │ │ NS RR with associated glue A or AAAA RRs.
│ │ │ │For example, if “example.com” is configured as a static-stub zone │ │ │ │ @@ -9771,15 +9771,15 @@ │ │ │ │
Grammar: inline-signing <boolean>;
Blocks: dnssec-policy, zone (primary, secondary)
│ │ │ │ -Tags: dnssec, zone
│ │ │ │ +Tags: zone, dnssec
│ │ │ │Specifies whether BIND 9 maintains a separate signed version of a zone.
│ │ │ │ │ │ │ │The use of inline signing is determined by the dnssec-policy
for
│ │ │ │ the zone. If inline-signing
is explicitly set to yes
or no
│ │ │ │ in zone
, then it overrides any value from dnssec-policy
.
Limits UDP responses of all kinds.
│ │ │ │query
Controls the ability to add zones at runtime via rndc addzone
.
zone, server
server, zone
Defines an address_match_list
that is allowed to send NOTIFY
messages for the zone, in addition to addresses defined in the primaries
option for the zone.
transfer
Defines an address_match_list
of clients that are allowed to perform recursive queries.
query
Specifies which local addresses can accept recursive queries.
│ │ │ │query, server
server, query
Defines an address_match_list
of hosts that are allowed to transfer the zone information from this server.
transfer
Controls flushing of log messages.
│ │ │ │logging
Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ │security, server
server, security
Configures catalog zones in named.conf
.
zone
Specifies the digest types to use for CDS resource records.
│ │ │ │dnssec
Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ │security, server
server, security
Defines a stream of data that can be independently logged.
│ │ │ │logging
Checks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
│ │ │ │dnssec, query
query, dnssec
Performs post-load zone integrity checks on primary zones.
│ │ │ │zone
Sets the response to MX records that refer to CNAMEs.
│ │ │ │zone
Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
│ │ │ │query, server
server, query
Specifies whether to check for sibling glue when performing integrity checks.
│ │ │ │zone
Rejects CNAME or DNAME records if the "alias" name matches a given list of domain_name
elements.
query
Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ │security, server
server, security
Concentrates zone maintenance so that all transfers take place once every heartbeat-interval
, ideally during a single call.
deprecated
Disables DNSSEC algorithms from a specified zone.
│ │ │ │dnssec
Disables DS digest types from a specified zone.
│ │ │ │dnssec, zone
zone, dnssec
Disables individual empty zones.
│ │ │ │zone, server
server, zone
Configures a Dynamically Loadable Zone (DLZ) database in named.conf
.
zone
Specifies the time to live (TTL) for DNSKEY resource records.
│ │ │ │dnssec
Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │security, server
server, security
Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │security, server
server, security
Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ │security, server
server, security
Instructs BIND 9 to accept expired DNSSEC signatures when validating.
│ │ │ │dnssec
Sets the maximum EDNS VERSION that is sent to the server(s) by the resolver.
│ │ │ │server
Specifies the contact name in the returned SOA record for empty zones.
│ │ │ │zone, server
server, zone
Specifies the server name in the returned SOA record for empty zones.
│ │ │ │zone, server
server, zone
Enables or disables all empty zones.
│ │ │ │zone, server
server, zone
Specifies a list of HTTP query paths on which to listen.
│ │ │ │query, server
server, query
Limits the number of errors for a valid domain name and record type.
│ │ │ │server
Exempts specific clients or client groups from rate limiting.
│ │ │ │query
Sets the parameters for dynamic resizing of the fetches-per-server
quota in response to detected congestion.
query, server
server, query
Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ │query, server
server, query
Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ │query, server
server, query
Specifies the zone's filename.
│ │ │ │zone
Specifies the hostname of the server to return in response to a hostname.bind
query.
server
Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ │query, server
server, query
Limits the number of active concurrent connections on a per-listener basis.
│ │ │ │server
Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ │query, server
server, query
Limits the number of active concurrent HTTP/2 streams on a per-connection basis.
│ │ │ │server
Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ │query, server
server, query
Specifies the view in which a given zone is defined.
│ │ │ │zone, view
view, zone
Specifies a TCP socket as a control channel.
│ │ │ │server
Specifies whether BIND 9 maintains a separate signed version of a zone.
│ │ │ │dnssec, zone
zone, dnssec
Sets the interval at which the server scans the network interface list.
│ │ │ │server
Enables automatic IPv4 zones if a dns64
block is configured.
query
Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64
.
query, server
server, query
Specifies the prefix lengths of IPv6 address blocks.
│ │ │ │server
Indicates the directory where public and private DNSSEC key files are found.
│ │ │ │dnssec
Specifies the path to a file containing the private TLS key for a connection.
│ │ │ │security, server
server, security
Specifies one or more server_key
s to be used with a remote server.
security, server
server, security
Sets the resolver's lame cache.
│ │ │ │server
Specifies the IPv6 addresses on which a server listens for DNS queries.
│ │ │ │server
Specifies a per-listener quota for active connections.
│ │ │ │query, server
server, query
Sets a maximum size for the memory map of the new-zone database in LMDB database format.
│ │ │ │server
Tests rate-limiting parameters without actually dropping any requests.
│ │ │ │query, logging
logging, query
Configures logging options for the name server.
│ │ │ │logging
Specifies an access control list (ACL) of IPv4 addresses that are to be mapped to the corresponding A RRset in dns64
.
query
Specifies the file format of zone files.
│ │ │ │zone, server
server, zone
Specifies the format of zone files during a dump, when the masterfile-format
is text
.
server
Specifies the maximum retention time (in seconds) for storage of negative answers in the server's cache.
│ │ │ │server
Sets the maximum number of records permitted in a zone.
│ │ │ │zone, server
server, zone
Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.
│ │ │ │server
Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ │query, server
server, query
Limits the zone refresh interval to no less often than the specified value, in seconds.
│ │ │ │transfer
Limits the zone refresh retry interval to no less often than the specified value, in seconds.
│ │ │ │transfer
Sets the maximum RSA exponent size (in bits) when validating.
│ │ │ │dnssec, query
query, dnssec
Specifies the maximum time that the server retains records past their normal expiry, to return them as stale records.
│ │ │ │server
Controls whether NOTIFY
messages are sent on zone changes.
transfer
Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │zone, transfer
transfer, zone
Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │zone, transfer
transfer, zone
Defines the IPv4 address (and optional port) to be used for outgoing NOTIFY
messages.
transfer
Sets the time to live (TTL) of the DS RRset used by the parent zone.
│ │ │ │dnssec
Sets the propagation delay from the time the parent zone is updated to when the new version is served by all of the parent zone's name servers.
│ │ │ │dnssec, zone
zone, dnssec
Defines a list of delegation agents to be used by primary and secondary zones.
│ │ │ │zone
Configures plugins in named.conf
.
server
Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ │query, server
server, query
Specifies that server ciphers should be preferred over client ones.
│ │ │ │security, server
server, security
Controls the order of glue records in an A or AAAA response.
│ │ │ │query
Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.
│ │ │ │query
Specifies response policy zones for the view or among global options.
│ │ │ │zone, query, security, server
security, server, query, zone
Limits the number of non-empty responses for a valid domain name and record type.
│ │ │ │query
Defines characteristics to be associated with a remote name server.
│ │ │ │server
Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
│ │ │ │zone, query
query, zone
Specifies the ID of the server to return in response to a ID.SERVER
query.
server
Controls the ordering of RRs returned to the client, based on the client's IP address.
│ │ │ │query
Defines the amount of time (in milliseconds) that named
waits before attempting to answer a query with a stale RRset from cache.
query, server
server, query
Enables the returning of "stale" cached answers when the name servers for a zone are not answering.
│ │ │ │query, server
server, query
Specifies the time to live (TTL) to be returned on stale answers, in seconds.
│ │ │ │query
Enables the retention of "stale" cached answers.
│ │ │ │query, server
server, query
Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │query, server
server, query
Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │zone, transfer
transfer, zone
Specifies the communication channels to be used by system administrators to access statistics information on the name server.
│ │ │ │logging
Directs the logging channel output to the server's standard error stream.
│ │ │ │logging
Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ │query, server
server, query
Defines trailing bits for mapped IPv4 address bits in dns64
.
query
Sets the amount of time (in milliseconds) that the server waits on an idle TCP connection before closing it, if the EDNS TCP keepalive option is not in use.
│ │ │ │query
Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ │query, server
server, query
Adds EDNS TCP keepalive to messages sent over TCP.
│ │ │ │server
Configures a TLS connection.
│ │ │ │security
Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ │query, server
server, query
Controls whether multiple records can be packed into a message during zone transfers.
│ │ │ │transfer
Specifies a list of ports that are valid sources for UDP/IPv6 messages.
│ │ │ │deprecated
Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ │query, server
server, query
Specifies a list of domain names at and beneath which DNSSEC validation should not be performed.
│ │ │ │dnssec
Specifies the length of time during which responses are tracked.
│ │ │ │query
Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │zone, query, server
server, query, zone
Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │zone, query, server
server, query, zone
Specifies the zone in a BIND 9 configuration.
│ │ │ │zone
Sets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.
│ │ │ │dnssec, zone
zone, dnssec
Controls the level of statistics gathered for all zones.
│ │ │ │zone, logging
logging, zone
These tables group the various statements permissible in named.conf
by
│ │ │ │ ├── html2text {}
│ │ │ │ │ @@ -2364,1178 +2364,1218 @@
│ │ │ │ │ _Z_o_n_e_ _T_a_g_ _S_t_a_t_e_m_e_n_t_s relate to or control zone behavior, and typically only
│ │ │ │ │ appear in a zone block.
│ │ │ │ │ _D_e_p_r_e_c_a_t_e_d_ _T_a_g_ _S_t_a_t_e_m_e_n_t_s are those that are now deprecated, but are included
│ │ │ │ │ here for historical reference.
│ │ │ │ │ The following table lists all statements permissible in named.conf, with their
│ │ │ │ │ associated tags; the next section groups the statements by tag. Please note
│ │ │ │ │ that these sections are a work in progress.
│ │ │ │ │ -SSttaatteemmeenntt DDeessccrriippttiioonn TTaaggss
│ │ │ │ │ -_a_c_l Assigns a symbolic name to server
│ │ │ │ │ - an address match list.
│ │ │ │ │ -_a_l_g_o_r_i_t_h_m Defines the algorithm to be security
│ │ │ │ │ - used in a key clause.
│ │ │ │ │ -_a_l_l_-_p_e_r_-_s_e_c_o_n_d Limits UDP responses of all query
│ │ │ │ │ - kinds.
│ │ │ │ │ - Controls the ability to add
│ │ │ │ │ -_a_l_l_o_w_-_n_e_w_-_z_o_n_e_s zones at runtime via _r_n_d_c zone, server
│ │ │ │ │ - _a_d_d_z_o_n_e.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t that is
│ │ │ │ │ - allowed to send NOTIFY
│ │ │ │ │ -_a_l_l_o_w_-_n_o_t_i_f_y messages for the zone, in transfer
│ │ │ │ │ - addition to addresses
│ │ │ │ │ - defined in the _p_r_i_m_a_r_i_e_s
│ │ │ │ │ - option for the zone.
│ │ │ │ │ - Defines an
│ │ │ │ │ -_a_l_l_o_w_-_p_r_o_x_y _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the server
│ │ │ │ │ - client addresses allowed to
│ │ │ │ │ - send PROXYv2 headers.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the
│ │ │ │ │ - interface addresses allowed
│ │ │ │ │ -_a_l_l_o_w_-_p_r_o_x_y_-_o_n to accept PROXYv2 headers. server
│ │ │ │ │ - The option is mostly
│ │ │ │ │ - intended for multi-homed
│ │ │ │ │ - configurations.
│ │ │ │ │ - Specifies which hosts (an IP
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y address list) are allowed to query
│ │ │ │ │ - send queries to this
│ │ │ │ │ - resolver.
│ │ │ │ │ - Specifies which hosts (an IP
│ │ │ │ │ - address list) can access
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e this server's cache and thus query
│ │ │ │ │ - effectively controls
│ │ │ │ │ - recursion.
│ │ │ │ │ - Specifies which hosts (an IP
│ │ │ │ │ - address list) can access
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e_-_o_n this server's cache. Used on query
│ │ │ │ │ - servers with multiple
│ │ │ │ │ - interfaces.
│ │ │ │ │ - Specifies which local
│ │ │ │ │ - addresses (an IP address
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_o_n list) are allowed to send query
│ │ │ │ │ - queries to this resolver.
│ │ │ │ │ - Used in multi-homed
│ │ │ │ │ - configurations.
│ │ │ │ │ - Defines an
│ │ │ │ │ -_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of query
│ │ │ │ │ - clients that are allowed to
│ │ │ │ │ - perform recursive queries.
│ │ │ │ │ - Specifies which local
│ │ │ │ │ -_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n_-_o_n addresses can accept query, server
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_a_l_l_o_w_-_t_r_a_n_s_f_e_r that are allowed to transfer transfer
│ │ │ │ │ - the zone information from
│ │ │ │ │ - this server.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_a_l_l_o_w_-_u_p_d_a_t_e that are allowed to submit transfer
│ │ │ │ │ - dynamic updates for primary
│ │ │ │ │ - zones.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_a_l_l_o_w_-_u_p_d_a_t_e_-_f_o_r_w_a_r_d_i_n_g that are allowed to submit transfer
│ │ │ │ │ - dynamic updates to a
│ │ │ │ │ - secondary server for
│ │ │ │ │ - transmission to a primary.
│ │ │ │ │ - Defines one or more hosts
│ │ │ │ │ -_a_l_s_o_-_n_o_t_i_f_y that are sent NOTIFY transfer
│ │ │ │ │ - messages when zone changes
│ │ │ │ │ - occur.
│ │ │ │ │ - Controls whether COOKIE EDNS
│ │ │ │ │ -_a_n_s_w_e_r_-_c_o_o_k_i_e replies are sent in response query
│ │ │ │ │ - to client queries.
│ │ │ │ │ - Allows multiple views to
│ │ │ │ │ -_a_t_t_a_c_h_-_c_a_c_h_e share a single cache view
│ │ │ │ │ - database.
│ │ │ │ │ - Controls whether BIND,
│ │ │ │ │ - acting as a resolver,
│ │ │ │ │ -_a_u_t_h_-_n_x_d_o_m_a_i_n provides authoritative query
│ │ │ │ │ - NXDOMAIN (domain does not
│ │ │ │ │ - exist) answers.
│ │ │ │ │ - Controls the automatic
│ │ │ │ │ -_a_u_t_o_m_a_t_i_c_-_i_n_t_e_r_f_a_c_e_-_s_c_a_n rescanning of network server
│ │ │ │ │ - interfaces when addresses
│ │ │ │ │ - are added or removed.
│ │ │ │ │ - Specifies the range(s) of
│ │ │ │ │ -_a_v_o_i_d_-_v_4_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ - use as sources for UDP/IPv4
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the range(s) of
│ │ │ │ │ -_a_v_o_i_d_-_v_6_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ - use as sources for UDP/IPv6
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the pathname of a
│ │ │ │ │ -_b_i_n_d_k_e_y_s_-_f_i_l_e file to override the built- dnssec
│ │ │ │ │ - in trusted keys provided by
│ │ │ │ │ - _n_a_m_e_d.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_b_l_a_c_k_h_o_l_e to ignore. The server will query
│ │ │ │ │ - neither respond to queries
│ │ │ │ │ - from nor send queries to
│ │ │ │ │ - these addresses.
│ │ │ │ │ -_b_o_g_u_s Allows a remote server to be server
│ │ │ │ │ - ignored.
│ │ │ │ │ - Enables _d_n_s_6_4 synthesis even
│ │ │ │ │ -_b_r_e_a_k_-_d_n_s_s_e_c if the validated result query
│ │ │ │ │ - would cause a DNSSEC
│ │ │ │ │ - validation failure.
│ │ │ │ │ -_b_u_f_f_e_r_e_d Controls flushing of log logging
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ - containing TLS certificates
│ │ │ │ │ -_c_a_-_f_i_l_e for trusted CA authorities, security, server
│ │ │ │ │ - used to verify remote peer
│ │ │ │ │ - certificates.
│ │ │ │ │ -_c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone
│ │ │ │ │ - _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ - Specifies the type of data
│ │ │ │ │ -_c_a_t_e_g_o_r_y logged to a particular logging
│ │ │ │ │ - channel.
│ │ │ │ │ - Specifies whether a CDNSKEY
│ │ │ │ │ -_c_d_n_s_k_e_y record should be published dnssec
│ │ │ │ │ - during KSK rollover.
│ │ │ │ │ - Specifies the digest types
│ │ │ │ │ -_c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec
│ │ │ │ │ - records.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ -_c_e_r_t_-_f_i_l_e containing the TLS security, server
│ │ │ │ │ - certificate for a
│ │ │ │ │ - connection.
│ │ │ │ │ - Defines a stream of data
│ │ │ │ │ -_c_h_a_n_n_e_l that can be independently logging
│ │ │ │ │ - logged.
│ │ │ │ │ - Checks primary zones for
│ │ │ │ │ - records that are treated as
│ │ │ │ │ -_c_h_e_c_k_-_d_u_p_-_r_e_c_o_r_d_s different by DNSSEC but are dnssec, query
│ │ │ │ │ - semantically equal in plain
│ │ │ │ │ - DNS.
│ │ │ │ │ - Performs post-load zone
│ │ │ │ │ -_c_h_e_c_k_-_i_n_t_e_g_r_i_t_y integrity checks on primary zone
│ │ │ │ │ - zones.
│ │ │ │ │ - Checks whether an MX record
│ │ │ │ │ -_c_h_e_c_k_-_m_x appears to refer to an IP zone
│ │ │ │ │ - address.
│ │ │ │ │ - Sets the response to MX
│ │ │ │ │ -_c_h_e_c_k_-_m_x_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ - CNAMEs.
│ │ │ │ │ - Restricts the character set
│ │ │ │ │ - and syntax of certain domain
│ │ │ │ │ -_c_h_e_c_k_-_n_a_m_e_s names in primary files and/ query, server
│ │ │ │ │ - or DNS responses received
│ │ │ │ │ - from the network.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ -_c_h_e_c_k_-_s_i_b_l_i_n_g for sibling glue when zone
│ │ │ │ │ - performing integrity checks.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ -_c_h_e_c_k_-_s_p_f for a TXT Sender Policy zone
│ │ │ │ │ - Framework record, if an SPF
│ │ │ │ │ - record is present.
│ │ │ │ │ - Sets the response to SRV
│ │ │ │ │ -_c_h_e_c_k_-_s_r_v_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ - CNAMEs.
│ │ │ │ │ - Specifies whether to perform
│ │ │ │ │ -_c_h_e_c_k_-_s_v_c_b additional checks on SVCB zone
│ │ │ │ │ - records.
│ │ │ │ │ -_c_h_e_c_k_-_w_i_l_d_c_a_r_d Checks for non-terminal zone
│ │ │ │ │ - wildcards.
│ │ │ │ │ -_c_h_e_c_k_d_s Controls whether DS queries dnssec
│ │ │ │ │ - are sent to parental agents.
│ │ │ │ │ -_c_i_p_h_e_r_s Specifies a list of allowed security
│ │ │ │ │ - ciphers.
│ │ │ │ │ - Specifies an access control
│ │ │ │ │ -_c_l_i_e_n_t_s list (ACL) of clients that query
│ │ │ │ │ - are affected by a given
│ │ │ │ │ - _d_n_s_6_4 directive.
│ │ │ │ │ - Sets the initial minimum
│ │ │ │ │ - number of simultaneous
│ │ │ │ │ -_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y recursive clients accepted server
│ │ │ │ │ - by the server for any given
│ │ │ │ │ - query before the server
│ │ │ │ │ - drops additional clients.
│ │ │ │ │ - Specifies control channels
│ │ │ │ │ -_c_o_n_t_r_o_l_s to be used to manage the server
│ │ │ │ │ - name server.
│ │ │ │ │ - Sets the algorithm to be
│ │ │ │ │ -_c_o_o_k_i_e_-_a_l_g_o_r_i_t_h_m used when generating a server
│ │ │ │ │ - server cookie.
│ │ │ │ │ - Specifies a shared secret
│ │ │ │ │ - used for generating and
│ │ │ │ │ -_c_o_o_k_i_e_-_s_e_c_r_e_t verifying EDNS COOKIE server
│ │ │ │ │ - options within an anycast
│ │ │ │ │ - cluster.
│ │ │ │ │ - Specifies the type of
│ │ │ │ │ -_d_a_t_a_b_a_s_e database to be used to store zone
│ │ │ │ │ - zone data.
│ │ │ │ │ - Rejects A or AAAA records if
│ │ │ │ │ -_d_e_n_y_-_a_n_s_w_e_r_-_a_d_d_r_e_s_s_e_s the corresponding IPv4 or query
│ │ │ │ │ - IPv6 addresses match a given
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t.
│ │ │ │ │ - Rejects CNAME or DNAME
│ │ │ │ │ -_d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query
│ │ │ │ │ - matches a given list of
│ │ │ │ │ - _d_o_m_a_i_n___n_a_m_e elements.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ -_d_h_p_a_r_a_m_-_f_i_l_e containing Diffie-Hellman security, server
│ │ │ │ │ - parameters, for enabling
│ │ │ │ │ - cipher suites.
│ │ │ │ │ - Concentrates zone
│ │ │ │ │ - maintenance so that all
│ │ │ │ │ -_d_i_a_l_u_p transfers take place once deprecated
│ │ │ │ │ - every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l,
│ │ │ │ │ - ideally during a single
│ │ │ │ │ - call.
│ │ │ │ │ -_d_i_r_e_c_t_o_r_y Sets the server's working server
│ │ │ │ │ - directory.
│ │ │ │ │ -_d_i_s_a_b_l_e_-_a_l_g_o_r_i_t_h_m_s Disables DNSSEC algorithms dnssec
│ │ │ │ │ - from a specified zone.
│ │ │ │ │ -_d_i_s_a_b_l_e_-_d_s_-_d_i_g_e_s_t_s Disables DS digest types dnssec, zone
│ │ │ │ │ - from a specified zone.
│ │ │ │ │ -_d_i_s_a_b_l_e_-_e_m_p_t_y_-_z_o_n_e Disables individual empty zone, server
│ │ │ │ │ - zones.
│ │ │ │ │ - Configures a Dynamically
│ │ │ │ │ -_d_l_z Loadable Zone (DLZ) database zone
│ │ │ │ │ - in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ - Instructs _n_a_m_e_d to return
│ │ │ │ │ -_d_n_s_6_4 mapped IPv4 addresses to query
│ │ │ │ │ - AAAA queries when there are
│ │ │ │ │ - no AAAA records.
│ │ │ │ │ -_d_n_s_6_4_-_c_o_n_t_a_c_t Specifies the name of the server
│ │ │ │ │ - contact for _d_n_s_6_4 zones.
│ │ │ │ │ -_d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server
│ │ │ │ │ - server for _d_n_s_6_4 zones.
│ │ │ │ │ -_d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete
│ │ │ │ │ - Specifies the time to live
│ │ │ │ │ -_d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec
│ │ │ │ │ - records.
│ │ │ │ │ - Turns on the DNS Response
│ │ │ │ │ -_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) security, server
│ │ │ │ │ - interface.
│ │ │ │ │ - Turns on the DNS Response
│ │ │ │ │ -_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) security, server
│ │ │ │ │ - interface.
│ │ │ │ │ - Provides additional RPZ
│ │ │ │ │ - configuration settings,
│ │ │ │ │ -_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS security, server
│ │ │ │ │ - Response Policy Service
│ │ │ │ │ - (DNSRPS) provider library.
│ │ │ │ │ - Instructs BIND 9 to accept
│ │ │ │ │ -_d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec
│ │ │ │ │ - when validating.
│ │ │ │ │ -_d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete
│ │ │ │ │ - Sets the frequency of
│ │ │ │ │ -_d_n_s_s_e_c_-_l_o_a_d_k_e_y_s_-_i_n_t_e_r_v_a_l automatic checks of the dnssec
│ │ │ │ │ - DNSSEC key repository.
│ │ │ │ │ - Defines hierarchies that
│ │ │ │ │ -_d_n_s_s_e_c_-_m_u_s_t_-_b_e_-_s_e_c_u_r_e must or may not be secure deprecated
│ │ │ │ │ - (signed and validated).
│ │ │ │ │ -_d_n_s_s_e_c_-_p_o_l_i_c_y Defines a key and signing dnssec
│ │ │ │ │ - policy (KASP) for zones.
│ │ │ │ │ -_d_n_s_s_e_c_-_s_e_c_u_r_e_-_t_o_-_i_n_s_e_c_u_r_e obsolete
│ │ │ │ │ -_d_n_s_s_e_c_-_u_p_d_a_t_e_-_m_o_d_e obsolete
│ │ │ │ │ -_d_n_s_s_e_c_-_v_a_l_i_d_a_t_i_o_n Enables DNSSEC validation in dnssec
│ │ │ │ │ - _n_a_m_e_d.
│ │ │ │ │ -_d_n_s_t_a_p Enables logging of _d_n_s_t_a_p logging
│ │ │ │ │ - messages.
│ │ │ │ │ -_d_n_s_t_a_p_-_i_d_e_n_t_i_t_y Specifies an identity string logging
│ │ │ │ │ - to send in _d_n_s_t_a_p messages.
│ │ │ │ │ - Configures the path to which
│ │ │ │ │ -_d_n_s_t_a_p_-_o_u_t_p_u_t the _d_n_s_t_a_p frame stream is logging
│ │ │ │ │ - sent.
│ │ │ │ │ -_d_n_s_t_a_p_-_v_e_r_s_i_o_n Specifies a _v_e_r_s_i_o_n string logging
│ │ │ │ │ - to send in _d_n_s_t_a_p messages.
│ │ │ │ │ - Specifies host names or
│ │ │ │ │ -_d_u_a_l_-_s_t_a_c_k_-_s_e_r_v_e_r_s addresses of machines with server
│ │ │ │ │ - access to both IPv4 and IPv6
│ │ │ │ │ - transports.
│ │ │ │ │ - Indicates the pathname of
│ │ │ │ │ -_d_u_m_p_-_f_i_l_e the file where the server logging
│ │ │ │ │ - dumps the database after
│ │ │ │ │ - _r_n_d_c_ _d_u_m_p_d_b.
│ │ │ │ │ -_d_y_n_d_b Configures a DynDB database zone
│ │ │ │ │ - in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ -_e_d_n_s Controls the use of the server
│ │ │ │ │ - EDNS0 (_RR_FF_CC_ _22_66_77_11) feature.
│ │ │ │ │ - Sets the maximum advertised
│ │ │ │ │ - EDNS UDP buffer size to
│ │ │ │ │ -_e_d_n_s_-_u_d_p_-_s_i_z_e control the size of packets query
│ │ │ │ │ - received from authoritative
│ │ │ │ │ - servers in response to
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Sets the maximum EDNS
│ │ │ │ │ -_e_d_n_s_-_v_e_r_s_i_o_n VERSION that is sent to the server
│ │ │ │ │ - server(s) by the resolver.
│ │ │ │ │ - Specifies the contact name
│ │ │ │ │ -_e_m_p_t_y_-_c_o_n_t_a_c_t in the returned SOA record zone, server
│ │ │ │ │ - for empty zones.
│ │ │ │ │ - Specifies the server name in
│ │ │ │ │ -_e_m_p_t_y_-_s_e_r_v_e_r the returned SOA record for zone, server
│ │ │ │ │ - empty zones.
│ │ │ │ │ -_e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all zone, server
│ │ │ │ │ - empty zones.
│ │ │ │ │ - Specifies a list of HTTP
│ │ │ │ │ -_e_n_d_p_o_i_n_t_s query paths on which to query, server
│ │ │ │ │ - listen.
│ │ │ │ │ - Limits the number of errors
│ │ │ │ │ -_e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server
│ │ │ │ │ - record type.
│ │ │ │ │ - Allows a list of IPv6
│ │ │ │ │ - addresses to be ignored if
│ │ │ │ │ -_e_x_c_l_u_d_e they appear in a domain query
│ │ │ │ │ - name's AAAA records in
│ │ │ │ │ - _d_n_s_6_4.
│ │ │ │ │ - Exempts specific clients or
│ │ │ │ │ -_e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query
│ │ │ │ │ - limiting.
│ │ │ │ │ - Sets the parameters for
│ │ │ │ │ - dynamic resizing of the
│ │ │ │ │ -_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in query, server
│ │ │ │ │ - response to detected
│ │ │ │ │ - congestion.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous iterative
│ │ │ │ │ - queries allowed to be sent
│ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream query, server
│ │ │ │ │ - name server before the
│ │ │ │ │ - server blocks additional
│ │ │ │ │ - queries.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous iterative
│ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one query, server
│ │ │ │ │ - domain before the server
│ │ │ │ │ - blocks new queries for data
│ │ │ │ │ - in or beneath that zone.
│ │ │ │ │ -_f_i_l_e Specifies the zone's zone
│ │ │ │ │ - filename.
│ │ │ │ │ - Controls whether pending
│ │ │ │ │ -_f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed when zone
│ │ │ │ │ - the name server exits.
│ │ │ │ │ - Allows or disallows fallback
│ │ │ │ │ - to recursion if forwarding
│ │ │ │ │ -_f_o_r_w_a_r_d has failed; it is always query
│ │ │ │ │ - used in conjunction with the
│ │ │ │ │ - _f_o_r_w_a_r_d_e_r_s statement.
│ │ │ │ │ -_f_o_r_w_a_r_d_e_r_s Defines one or more hosts to query
│ │ │ │ │ - which queries are forwarded.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_b_u_f_f_e_r_-_h_i_n_t accumulated bytes in the logging
│ │ │ │ │ - output buffer before forcing
│ │ │ │ │ - a buffer flush.
│ │ │ │ │ - Sets the number of seconds
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_f_l_u_s_h_-_t_i_m_e_o_u_t that unflushed data remains logging
│ │ │ │ │ - in the output buffer.
│ │ │ │ │ - Sets the number of queue
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_i_n_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries to allocate for each logging
│ │ │ │ │ - input queue.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_n_o_t_i_f_y_- outstanding queue entries
│ │ │ │ │ -_t_h_r_e_s_h_o_l_d allowed on an input queue logging
│ │ │ │ │ - before waking the I/
│ │ │ │ │ - O thread.
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_- Sets the queuing semantics logging
│ │ │ │ │ -_m_o_d_e_l to use for queue objects.
│ │ │ │ │ - Sets the number of queue
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries allocated for each logging
│ │ │ │ │ - output queue.
│ │ │ │ │ - Sets the number of seconds
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_r_e_o_p_e_n_-_i_n_t_e_r_v_a_l to wait between attempts to logging
│ │ │ │ │ - reopen a closed output
│ │ │ │ │ - stream.
│ │ │ │ │ - Specifies the directory
│ │ │ │ │ -_g_e_o_i_p_-_d_i_r_e_c_t_o_r_y containing GeoIP database server
│ │ │ │ │ - files.
│ │ │ │ │ - Sets the interval at which
│ │ │ │ │ -_h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l the server performs zone deprecated
│ │ │ │ │ - maintenance tasks for all
│ │ │ │ │ - zones marked as _d_i_a_l_u_p.
│ │ │ │ │ - Specifies the hostname of
│ │ │ │ │ -_h_o_s_t_n_a_m_e the server to return in server
│ │ │ │ │ - response to a hostname.bind
│ │ │ │ │ - query.
│ │ │ │ │ - Configures HTTP endpoints on
│ │ │ │ │ -_h_t_t_p which to listen for DNS- query, server
│ │ │ │ │ - over-HTTPS (DoH) queries.
│ │ │ │ │ - Limits the number of active
│ │ │ │ │ -_h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server
│ │ │ │ │ - per-listener basis.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -_h_t_t_p_-_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send unencrypted
│ │ │ │ │ - DNS traffic via HTTP.
│ │ │ │ │ - Limits the number of active
│ │ │ │ │ -_h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams on server
│ │ │ │ │ - a per-connection basis.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -_h_t_t_p_s_-_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send DNS-over-
│ │ │ │ │ - HTTPS protocol traffic.
│ │ │ │ │ -_i_n_-_v_i_e_w Specifies the view in which zone, view
│ │ │ │ │ - a given zone is defined.
│ │ │ │ │ -_i_n_e_t Specifies a TCP socket as a server
│ │ │ │ │ - control channel.
│ │ │ │ │ - Specifies whether BIND 9
│ │ │ │ │ -_i_n_l_i_n_e_-_s_i_g_n_i_n_g maintains a separate signed dnssec, zone
│ │ │ │ │ - version of a zone.
│ │ │ │ │ - Sets the interval at which
│ │ │ │ │ -_i_n_t_e_r_f_a_c_e_-_i_n_t_e_r_v_a_l the server scans the network server
│ │ │ │ │ - interface list.
│ │ │ │ │ -_i_p_v_4_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server
│ │ │ │ │ - of IPv4 address blocks.
│ │ │ │ │ - Specifies the contact for
│ │ │ │ │ -_i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server
│ │ │ │ │ - created by _d_n_s_6_4.
│ │ │ │ │ - Enables automatic IPv4 zones
│ │ │ │ │ -_i_p_v_4_o_n_l_y_-_e_n_a_b_l_e if a _d_n_s_6_4 block is query
│ │ │ │ │ - configured.
│ │ │ │ │ - Specifies the name of the
│ │ │ │ │ -_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the IPV4ONLY.ARPA query, server
│ │ │ │ │ - zone created by _d_n_s_6_4.
│ │ │ │ │ -_i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server
│ │ │ │ │ - of IPv6 address blocks.
│ │ │ │ │ -_i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer
│ │ │ │ │ - are calculated.
│ │ │ │ │ -_j_o_u_r_n_a_l Allows the default journal's zone
│ │ │ │ │ - filename to be overridden.
│ │ │ │ │ - Defines a shared secret key
│ │ │ │ │ -_k_e_y for use with _T_S_I_G or the security
│ │ │ │ │ - command channel.
│ │ │ │ │ - Indicates the directory
│ │ │ │ │ -_k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec
│ │ │ │ │ - DNSSEC key files are found.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ -_k_e_y_-_f_i_l_e containing the private TLS security, server
│ │ │ │ │ - key for a connection.
│ │ │ │ │ - Specifies one or more
│ │ │ │ │ -_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used with security, server
│ │ │ │ │ - a remote server.
│ │ │ │ │ -_l_a_m_e_-_t_t_l Sets the resolver's lame server
│ │ │ │ │ - cache.
│ │ │ │ │ - Specifies the IPv4 addresses
│ │ │ │ │ -_l_i_s_t_e_n_-_o_n on which a server listens server
│ │ │ │ │ - for DNS queries.
│ │ │ │ │ - Specifies the IPv6 addresses
│ │ │ │ │ -_l_i_s_t_e_n_-_o_n_-_v_6 on which a server listens server
│ │ │ │ │ - for DNS queries.
│ │ │ │ │ - Specifies a per-listener
│ │ │ │ │ -_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active query, server
│ │ │ │ │ - connections.
│ │ │ │ │ - Sets a maximum size for the
│ │ │ │ │ -_l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server
│ │ │ │ │ - database in LMDB database
│ │ │ │ │ - format.
│ │ │ │ │ - Tests rate-limiting
│ │ │ │ │ -_l_o_g_-_o_n_l_y parameters without actually query, logging
│ │ │ │ │ - dropping any requests.
│ │ │ │ │ -_l_o_g_g_i_n_g Configures logging options logging
│ │ │ │ │ - for the name server.
│ │ │ │ │ -_m_a_n_a_g_e_d_-_k_e_y_s deprecated
│ │ │ │ │ - Specifies the directory in
│ │ │ │ │ -_m_a_n_a_g_e_d_-_k_e_y_s_-_d_i_r_e_c_t_o_r_y which to store the files dnssec
│ │ │ │ │ - that track managed DNSSEC
│ │ │ │ │ - keys.
│ │ │ │ │ - Specifies an access control
│ │ │ │ │ - list (ACL) of IPv4 addresses
│ │ │ │ │ -_m_a_p_p_e_d that are to be mapped to the query
│ │ │ │ │ - corresponding A RRset in
│ │ │ │ │ - _d_n_s_6_4.
│ │ │ │ │ -_m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t Specifies the file format of zone, server
│ │ │ │ │ - zone files.
│ │ │ │ │ - Specifies the format of zone
│ │ │ │ │ -_m_a_s_t_e_r_f_i_l_e_-_s_t_y_l_e files during a dump, when server
│ │ │ │ │ - the _m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t is
│ │ │ │ │ - text.
│ │ │ │ │ - Specifies a view of DNS
│ │ │ │ │ -_m_a_t_c_h_-_c_l_i_e_n_t_s namespace for a given subset view
│ │ │ │ │ - of client IP addresses.
│ │ │ │ │ - Specifies a view of DNS
│ │ │ │ │ -_m_a_t_c_h_-_d_e_s_t_i_n_a_t_i_o_n_s namespace for a given subset view
│ │ │ │ │ - of destination IP addresses.
│ │ │ │ │ - Allows IPv4-mapped IPv6
│ │ │ │ │ - addresses to match address-
│ │ │ │ │ -_m_a_t_c_h_-_m_a_p_p_e_d_-_a_d_d_r_e_s_s_e_s match list entries for server
│ │ │ │ │ - corresponding IPv4
│ │ │ │ │ - addresses.
│ │ │ │ │ - Specifies that only
│ │ │ │ │ -_m_a_t_c_h_-_r_e_c_u_r_s_i_v_e_-_o_n_l_y recursive requests can match view
│ │ │ │ │ - this view of the DNS
│ │ │ │ │ - namespace.
│ │ │ │ │ - Sets the maximum amount of
│ │ │ │ │ -_m_a_x_-_c_a_c_h_e_-_s_i_z_e memory to use for an server
│ │ │ │ │ - individual cache database
│ │ │ │ │ - and its associated metadata.
│ │ │ │ │ - Specifies the maximum time
│ │ │ │ │ -_m_a_x_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server
│ │ │ │ │ - caches ordinary (positive)
│ │ │ │ │ - answers.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous recursive
│ │ │ │ │ -_m_a_x_-_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y clients accepted by the server
│ │ │ │ │ - server for any given query
│ │ │ │ │ - before the server drops
│ │ │ │ │ - additional clients.
│ │ │ │ │ - Sets the maximum size for
│ │ │ │ │ -_m_a_x_-_i_x_f_r_-_r_a_t_i_o IXFR responses to zone transfer
│ │ │ │ │ - transfer requests.
│ │ │ │ │ -_m_a_x_-_j_o_u_r_n_a_l_-_s_i_z_e Controls the size of journal transfer
│ │ │ │ │ - files.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ - retention time (in seconds)
│ │ │ │ │ -_m_a_x_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ - answers in the server's
│ │ │ │ │ - cache.
│ │ │ │ │ -_m_a_x_-_r_e_c_o_r_d_s Sets the maximum number of zone, server
│ │ │ │ │ - records permitted in a zone.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - levels of recursion
│ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server
│ │ │ │ │ - while servicing a recursive
│ │ │ │ │ - query.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while query, server
│ │ │ │ │ - servicing a recursive query.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer
│ │ │ │ │ - than the specified value, in
│ │ │ │ │ - seconds.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_a_x_-_r_e_t_r_y_-_t_i_m_e retry interval to no less transfer
│ │ │ │ │ - often than the specified
│ │ │ │ │ - value, in seconds.
│ │ │ │ │ - Sets the maximum RSA
│ │ │ │ │ -_m_a_x_-_r_s_a_-_e_x_p_o_n_e_n_t_-_s_i_z_e exponent size (in bits) when dnssec, query
│ │ │ │ │ - validating.
│ │ │ │ │ - Specifies the maximum time
│ │ │ │ │ - that the server retains
│ │ │ │ │ -_m_a_x_-_s_t_a_l_e_-_t_t_l records past their normal server
│ │ │ │ │ - expiry, to return them as
│ │ │ │ │ - stale records.
│ │ │ │ │ - Sets the maximum size of the
│ │ │ │ │ -_m_a_x_-_t_a_b_l_e_-_s_i_z_e table used to track requests server
│ │ │ │ │ - and rate-limit responses.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ - zone transfers making no
│ │ │ │ │ - progress are terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_o_u_t minutes after which outbound transfer
│ │ │ │ │ - zone transfers making no
│ │ │ │ │ - progress are terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ - zone transfers are
│ │ │ │ │ - terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_o_u_t minutes after which outbound transfer
│ │ │ │ │ - zone transfers are
│ │ │ │ │ - terminated.
│ │ │ │ │ -_m_a_x_-_u_d_p_-_s_i_z_e Sets the maximum EDNS UDP query
│ │ │ │ │ - message size sent by _n_a_m_e_d.
│ │ │ │ │ - Set the maximum number of
│ │ │ │ │ -_m_a_x_-_v_a_l_i_d_a_t_i_o_n_-_f_a_i_l_u_r_e_s_- DNSSEC validation failures server
│ │ │ │ │ -_p_e_r_-_f_e_t_c_h that can happen in single
│ │ │ │ │ - fetch
│ │ │ │ │ - Set the maximum number of
│ │ │ │ │ -_m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server
│ │ │ │ │ - happen in single fetch
│ │ │ │ │ - Specifies a maximum
│ │ │ │ │ -_m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated
│ │ │ │ │ - (TTL) value, in seconds.
│ │ │ │ │ - Controls whether memory
│ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to logging, server
│ │ │ │ │ - the file specified by
│ │ │ │ │ - _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit.
│ │ │ │ │ - Sets the pathname of the
│ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server writes logging
│ │ │ │ │ - memory usage statistics on
│ │ │ │ │ - exit.
│ │ │ │ │ - Controls whether DNS name
│ │ │ │ │ -_m_e_s_s_a_g_e_-_c_o_m_p_r_e_s_s_i_o_n compression is used in query
│ │ │ │ │ - responses to regular
│ │ │ │ │ - queries.
│ │ │ │ │ - Specifies the minimum time
│ │ │ │ │ -_m_i_n_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server
│ │ │ │ │ - caches ordinary (positive)
│ │ │ │ │ - answers.
│ │ │ │ │ - Specifies the minimum
│ │ │ │ │ - retention time (in seconds)
│ │ │ │ │ -_m_i_n_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ - answers in the server's
│ │ │ │ │ - cache.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_i_n_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no more often transfer
│ │ │ │ │ - than the specified value, in
│ │ │ │ │ - seconds.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_i_n_-_r_e_t_r_y_-_t_i_m_e retry interval to no more transfer
│ │ │ │ │ - often than the specified
│ │ │ │ │ - value, in seconds.
│ │ │ │ │ - Sets the minimum size of the
│ │ │ │ │ -_m_i_n_-_t_a_b_l_e_-_s_i_z_e table used to track requests query
│ │ │ │ │ - and rate-limit responses.
│ │ │ │ │ - Controls whether the server
│ │ │ │ │ - replies with only one of the
│ │ │ │ │ -_m_i_n_i_m_a_l_-_a_n_y RRsets for a query name, query
│ │ │ │ │ - when generating a positive
│ │ │ │ │ - response to a query of type
│ │ │ │ │ - ANY over UDP.
│ │ │ │ │ - Controls whether the server
│ │ │ │ │ - only adds records to the
│ │ │ │ │ - authority and additional
│ │ │ │ │ -_m_i_n_i_m_a_l_-_r_e_s_p_o_n_s_e_s data sections when they are query
│ │ │ │ │ - required (e.g. delegations,
│ │ │ │ │ - negative responses). This
│ │ │ │ │ - improves server performance.
│ │ │ │ │ - Controls whether serial
│ │ │ │ │ -_m_u_l_t_i_-_m_a_s_t_e_r number mismatch errors are transfer
│ │ │ │ │ - logged.
│ │ │ │ │ - Specifies the directory
│ │ │ │ │ -_n_e_w_-_z_o_n_e_s_-_d_i_r_e_c_t_o_r_y where configuration zone
│ │ │ │ │ - parameters are stored for
│ │ │ │ │ - zones added by _r_n_d_c_ _a_d_d_z_o_n_e.
│ │ │ │ │ - Specifies a list of
│ │ │ │ │ -_n_o_-_c_a_s_e_-_c_o_m_p_r_e_s_s addresses that require case- server
│ │ │ │ │ - insensitive compression in
│ │ │ │ │ - responses.
│ │ │ │ │ - Sets the maximum size of UDP
│ │ │ │ │ -_n_o_c_o_o_k_i_e_-_u_d_p_-_s_i_z_e responses that are sent to query
│ │ │ │ │ - queries without a valid
│ │ │ │ │ - server COOKIE.
│ │ │ │ │ - Limits the number of empty
│ │ │ │ │ -_n_o_d_a_t_a_-_p_e_r_-_s_e_c_o_n_d (NODATA) responses for a query
│ │ │ │ │ - valid domain name.
│ │ │ │ │ - Controls whether NOTIFY
│ │ │ │ │ -_n_o_t_i_f_y messages are sent on zone transfer
│ │ │ │ │ - changes.
│ │ │ │ │ - Sets the delay (in seconds)
│ │ │ │ │ -_n_o_t_i_f_y_-_d_e_l_a_y between sending sets of zone, transfer
│ │ │ │ │ - NOTIFY messages for a zone.
│ │ │ │ │ - Specifies the rate at which
│ │ │ │ │ -_n_o_t_i_f_y_-_r_a_t_e NOTIFY requests are sent zone, transfer
│ │ │ │ │ - during normal zone
│ │ │ │ │ - maintenance operations.
│ │ │ │ │ - Defines the IPv4 address
│ │ │ │ │ -_n_o_t_i_f_y_-_s_o_u_r_c_e (and optional port) to be transfer
│ │ │ │ │ - used for outgoing NOTIFY
│ │ │ │ │ - messages.
│ │ │ │ │ - Defines the IPv6 address
│ │ │ │ │ -_n_o_t_i_f_y_-_s_o_u_r_c_e_-_v_6 (and optional port) to be transfer
│ │ │ │ │ - used for outgoing NOTIFY
│ │ │ │ │ - messages.
│ │ │ │ │ - Controls whether the name
│ │ │ │ │ -_n_o_t_i_f_y_-_t_o_-_s_o_a servers in the NS RRset are transfer
│ │ │ │ │ - checked against the SOA
│ │ │ │ │ - MNAME.
│ │ │ │ │ - Specifies the use of NSEC3
│ │ │ │ │ -_n_s_e_c_3_p_a_r_a_m instead of NSEC, and sets dnssec
│ │ │ │ │ - NSEC3 parameters.
│ │ │ │ │ - Specifies the lifetime, in
│ │ │ │ │ -_n_t_a_-_l_i_f_e_t_i_m_e seconds, for negative trust dnssec
│ │ │ │ │ - anchors added via _r_n_d_c_ _n_t_a.
│ │ │ │ │ - Specifies the time interval
│ │ │ │ │ - for checking whether
│ │ │ │ │ -_n_t_a_-_r_e_c_h_e_c_k negative trust anchors added dnssec
│ │ │ │ │ - via _r_n_d_c_ _n_t_a are still
│ │ │ │ │ - necessary.
│ │ │ │ │ - Causes all messages sent to
│ │ │ │ │ -_n_u_l_l the logging channel to be logging
│ │ │ │ │ - discarded.
│ │ │ │ │ - Appends the specified suffix
│ │ │ │ │ -_n_x_d_o_m_a_i_n_-_r_e_d_i_r_e_c_t to the original query name, query
│ │ │ │ │ - when replacing an NXDOMAIN
│ │ │ │ │ - with a redirect namespace.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_n_x_d_o_m_a_i_n_s_-_p_e_r_-_s_e_c_o_n_d undefined subdomains for a query
│ │ │ │ │ - valid domain name.
│ │ │ │ │ -_o_p_t_i_o_n_s Defines global options to be server
│ │ │ │ │ - used by BIND 9.
│ │ │ │ │ - Adds EDNS Padding options to
│ │ │ │ │ -_p_a_d_d_i_n_g outgoing messages to server
│ │ │ │ │ - increase the packet size.
│ │ │ │ │ - Sets the time to live (TTL)
│ │ │ │ │ -_p_a_r_e_n_t_-_d_s_-_t_t_l of the DS RRset used by the dnssec
│ │ │ │ │ - parent zone.
│ │ │ │ │ - Sets the propagation delay
│ │ │ │ │ - from the time the parent
│ │ │ │ │ -_p_a_r_e_n_t_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y zone is updated to when the dnssec, zone
│ │ │ │ │ - new version is served by all
│ │ │ │ │ - of the parent zone's name
│ │ │ │ │ - servers.
│ │ │ │ │ - Defines a list of delegation
│ │ │ │ │ -_p_a_r_e_n_t_a_l_-_a_g_e_n_t_s agents to be used by primary zone
│ │ │ │ │ - and secondary zones.
│ │ │ │ │ - Specifies which local IPv4
│ │ │ │ │ -_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e source address is used to dnssec
│ │ │ │ │ - send parental DS queries.
│ │ │ │ │ - Specifies which local IPv6
│ │ │ │ │ -_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e_-_v_6 source address is used to dnssec
│ │ │ │ │ - send parental DS queries.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -_p_i_d_-_f_i_l_e the file where the server server
│ │ │ │ │ - writes its process ID.
│ │ │ │ │ -_p_l_u_g_i_n Configures plugins in server
│ │ │ │ │ - _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ - Specifies the UDP/TCP port
│ │ │ │ │ -_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send DNS
│ │ │ │ │ - protocol traffic.
│ │ │ │ │ - Specifies that server
│ │ │ │ │ -_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred security, server
│ │ │ │ │ - over client ones.
│ │ │ │ │ - Controls the order of glue
│ │ │ │ │ -_p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query
│ │ │ │ │ - response.
│ │ │ │ │ - Specifies the "trigger"
│ │ │ │ │ -_p_r_e_f_e_t_c_h time-to-live (TTL) value at query
│ │ │ │ │ - which prefetch of the
│ │ │ │ │ - current query takes place.
│ │ │ │ │ -_p_r_i_m_a_r_i_e_s Defines one or more primary zone
│ │ │ │ │ - servers for a zone.
│ │ │ │ │ -_p_r_i_n_t_-_c_a_t_e_g_o_r_y Includes the category in log logging
│ │ │ │ │ - messages.
│ │ │ │ │ -_p_r_i_n_t_-_s_e_v_e_r_i_t_y Includes the severity in log logging
│ │ │ │ │ - messages.
│ │ │ │ │ -_p_r_i_n_t_-_t_i_m_e Specifies the time format logging
│ │ │ │ │ - for log messages.
│ │ │ │ │ - Specifies the allowed
│ │ │ │ │ -_p_r_o_t_o_c_o_l_s versions of the TLS security
│ │ │ │ │ - protocol.
│ │ │ │ │ - Controls whether a primary
│ │ │ │ │ - responds to an incremental
│ │ │ │ │ -_p_r_o_v_i_d_e_-_i_x_f_r zone request (IXFR) or only transfer
│ │ │ │ │ - responds with a full zone
│ │ │ │ │ - transfer (AXFR).
│ │ │ │ │ - Increases the amount of time
│ │ │ │ │ - between when keys are
│ │ │ │ │ -_p_u_b_l_i_s_h_-_s_a_f_e_t_y published and when they dnssec
│ │ │ │ │ - become active, to allow for
│ │ │ │ │ - unforeseen events.
│ │ │ │ │ - Specifies the amount of time
│ │ │ │ │ - after which DNSSEC keys that
│ │ │ │ │ -_p_u_r_g_e_-_k_e_y_s have been deleted from the dnssec
│ │ │ │ │ - zone can be removed from
│ │ │ │ │ - disk.
│ │ │ │ │ - Controls QNAME minimization
│ │ │ │ │ -_q_n_a_m_e_-_m_i_n_i_m_i_z_a_t_i_o_n behavior in the BIND 9 query
│ │ │ │ │ - resolver.
│ │ │ │ │ - Tightens defenses during DNS
│ │ │ │ │ -_q_p_s_-_s_c_a_l_e attacks by scaling back the query
│ │ │ │ │ - ratio of the current query-
│ │ │ │ │ - per-second rate.
│ │ │ │ │ - Controls the IPv4 address
│ │ │ │ │ -_q_u_e_r_y_-_s_o_u_r_c_e from which queries are query
│ │ │ │ │ - issued.
│ │ │ │ │ - Controls the IPv6 address
│ │ │ │ │ -_q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query
│ │ │ │ │ - issued.
│ │ │ │ │ - Specifies whether query
│ │ │ │ │ -_q_u_e_r_y_l_o_g logging should be active logging, server
│ │ │ │ │ - when _n_a_m_e_d first starts.
│ │ │ │ │ - Controls excessive UDP
│ │ │ │ │ - responses, to prevent BIND 9
│ │ │ │ │ -_r_a_t_e_-_l_i_m_i_t from being used to amplify query
│ │ │ │ │ - reflection denial-of-service
│ │ │ │ │ - (DoS) attacks.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ - the file where the server
│ │ │ │ │ -_r_e_c_u_r_s_i_n_g_-_f_i_l_e dumps queries that are server
│ │ │ │ │ - currently recursing via _r_n_d_c
│ │ │ │ │ - _r_e_c_u_r_s_i_n_g.
│ │ │ │ │ -_r_e_c_u_r_s_i_o_n Defines whether recursion query
│ │ │ │ │ - and caching are allowed.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_r_e_c_u_r_s_i_v_e_-_c_l_i_e_n_t_s of concurrent recursive query
│ │ │ │ │ - queries the server can
│ │ │ │ │ - perform.
│ │ │ │ │ - Toggles whether _d_n_s_6_4
│ │ │ │ │ -_r_e_c_u_r_s_i_v_e_-_o_n_l_y synthesis occurs only for query
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_r_e_f_e_r_r_a_l_s_-_p_e_r_-_s_e_c_o_n_d referrals or delegations to query
│ │ │ │ │ - a server for a given domain.
│ │ │ │ │ - Specifies the expected
│ │ │ │ │ -_r_e_m_o_t_e_-_h_o_s_t_n_a_m_e hostname in the TLS security
│ │ │ │ │ - certificate of the remote
│ │ │ │ │ - server.
│ │ │ │ │ - Specifies whether the local
│ │ │ │ │ -_r_e_q_u_e_s_t_-_e_x_p_i_r_e server requests the EDNS query, transfer
│ │ │ │ │ - EXPIRE value, when acting as
│ │ │ │ │ - a secondary.
│ │ │ │ │ - Controls whether a secondary
│ │ │ │ │ -_r_e_q_u_e_s_t_-_i_x_f_r requests an incremental zone transfer
│ │ │ │ │ - transfer (IXFR) or a full
│ │ │ │ │ - zone transfer (AXFR).
│ │ │ │ │ - Controls whether an empty
│ │ │ │ │ - EDNS(0) NSID (Name Server
│ │ │ │ │ -_r_e_q_u_e_s_t_-_n_s_i_d Identifier) option is sent query
│ │ │ │ │ - with all queries to
│ │ │ │ │ - authoritative name servers
│ │ │ │ │ - during iterative resolution.
│ │ │ │ │ - Controls whether responses
│ │ │ │ │ -_r_e_q_u_i_r_e_-_c_o_o_k_i_e without a server cookie are query
│ │ │ │ │ - accepted
│ │ │ │ │ - Controls whether a valid
│ │ │ │ │ -_r_e_q_u_i_r_e_-_s_e_r_v_e_r_-_c_o_o_k_i_e server cookie is required query
│ │ │ │ │ - before sending a full
│ │ │ │ │ - response to a UDP request.
│ │ │ │ │ - Specifies the length of
│ │ │ │ │ - time, in milliseconds, that
│ │ │ │ │ -_r_e_s_o_l_v_e_r_-_q_u_e_r_y_-_t_i_m_e_o_u_t a resolver attempts to query
│ │ │ │ │ - resolve a recursive query
│ │ │ │ │ - before failing.
│ │ │ │ │ - Specifies whether to apply
│ │ │ │ │ -_r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server
│ │ │ │ │ - queries.
│ │ │ │ │ - Adds an EDNS Padding option
│ │ │ │ │ - to encrypted messages, to
│ │ │ │ │ -_r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query
│ │ │ │ │ - guessing the contents based
│ │ │ │ │ - on size.
│ │ │ │ │ - Specifies response policy zone, query, security,
│ │ │ │ │ -_r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among server
│ │ │ │ │ - global options.
│ │ │ │ │ - Limits the number of non-
│ │ │ │ │ -_r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query
│ │ │ │ │ - domain name and record type.
│ │ │ │ │ - Increases the amount of time
│ │ │ │ │ - a key remains published
│ │ │ │ │ -_r_e_t_i_r_e_-_s_a_f_e_t_y after it is no longer dnssec
│ │ │ │ │ - active, to allow for
│ │ │ │ │ - unforeseen events.
│ │ │ │ │ -_r_e_u_s_e_p_o_r_t Enables kernel load- server
│ │ │ │ │ - balancing of sockets.
│ │ │ │ │ - Controls whether BIND 9
│ │ │ │ │ -_r_o_o_t_-_k_e_y_-_s_e_n_t_i_n_e_l responds to root key server
│ │ │ │ │ - sentinel probes.
│ │ │ │ │ - Defines the order in which
│ │ │ │ │ -_r_r_s_e_t_-_o_r_d_e_r equal RRs (RRsets) are query
│ │ │ │ │ - returned.
│ │ │ │ │ - Specifies whether a
│ │ │ │ │ -_s_e_a_r_c_h Dynamically Loadable Zone query
│ │ │ │ │ - (DLZ) module is queried for
│ │ │ │ │ - an answer to a query name.
│ │ │ │ │ - Defines a Base64-encoded
│ │ │ │ │ -_s_e_c_r_e_t string to be used as the security
│ │ │ │ │ - secret by the algorithm.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -_s_e_c_r_o_o_t_s_-_f_i_l_e the file where the server dnssec
│ │ │ │ │ - dumps security roots, when
│ │ │ │ │ - using _r_n_d_c_ _s_e_c_r_o_o_t_s.
│ │ │ │ │ - Controls whether a COOKIE
│ │ │ │ │ -_s_e_n_d_-_c_o_o_k_i_e EDNS option is sent along query
│ │ │ │ │ - with a query.
│ │ │ │ │ - Defines an upper limit on
│ │ │ │ │ - the number of queries per
│ │ │ │ │ -_s_e_r_i_a_l_-_q_u_e_r_y_-_r_a_t_e second issued by the server, transfer
│ │ │ │ │ - when querying the SOA RRs
│ │ │ │ │ - used for zone transfers.
│ │ │ │ │ - Specifies the update method
│ │ │ │ │ -_s_e_r_i_a_l_-_u_p_d_a_t_e_-_m_e_t_h_o_d to be used for the zone zone
│ │ │ │ │ - serial number in the SOA
│ │ │ │ │ - record.
│ │ │ │ │ - Defines characteristics to
│ │ │ │ │ -_s_e_r_v_e_r be associated with a remote server
│ │ │ │ │ - name server.
│ │ │ │ │ - Specifies a list of IP
│ │ │ │ │ - addresses to which queries
│ │ │ │ │ -_s_e_r_v_e_r_-_a_d_d_r_e_s_s_e_s should be sent in recursive zone, query
│ │ │ │ │ - resolution for a static-stub
│ │ │ │ │ - zone.
│ │ │ │ │ - Specifies the ID of the
│ │ │ │ │ -_s_e_r_v_e_r_-_i_d server to return in response server
│ │ │ │ │ - to a ID.SERVER query.
│ │ │ │ │ - Specifies a list of domain
│ │ │ │ │ -_s_e_r_v_e_r_-_n_a_m_e_s names of name servers that zone
│ │ │ │ │ - act as authoritative servers
│ │ │ │ │ - of a static-stub zone.
│ │ │ │ │ - Sets the length of time (in
│ │ │ │ │ -_s_e_r_v_f_a_i_l_-_t_t_l seconds) that a SERVFAIL server
│ │ │ │ │ - response is cached.
│ │ │ │ │ - Specifies the algorithm to
│ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_a_l_g use for the TSIG session security
│ │ │ │ │ - key.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ - the file where a TSIG
│ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_f_i_l_e session key is written, when security
│ │ │ │ │ - generated by _n_a_m_e_d for use
│ │ │ │ │ - by nsupdate -l.
│ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_n_a_m_e Specifies the key name for security
│ │ │ │ │ - the TSIG session key.
│ │ │ │ │ - Enables or disables session
│ │ │ │ │ -_s_e_s_s_i_o_n_-_t_i_c_k_e_t_s resumption through TLS security
│ │ │ │ │ - session tickets.
│ │ │ │ │ -_s_e_v_e_r_i_t_y Defines the priority level logging
│ │ │ │ │ - of log messages.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_n_o_d_e_s of nodes to be examined in dnssec
│ │ │ │ │ - each quantum, when signing a
│ │ │ │ │ - zone with a new DNSKEY.
│ │ │ │ │ - Specifies the threshold for
│ │ │ │ │ - the number of signatures
│ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_s_i_g_n_a_t_u_r_e_s that terminates processing a dnssec
│ │ │ │ │ - quantum, when signing a zone
│ │ │ │ │ - with a new DNSKEY.
│ │ │ │ │ - Specifies a private RDATA
│ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_t_y_p_e type to use when generating dnssec
│ │ │ │ │ - signing-state records.
│ │ │ │ │ -_s_i_g_-_v_a_l_i_d_i_t_y_-_i_n_t_e_r_v_a_l obsolete
│ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_r_e_f_r_e_s_h Specifies how frequently an dnssec
│ │ │ │ │ - RRSIG record is refreshed.
│ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y Indicates the validity dnssec
│ │ │ │ │ - period of an RRSIG record.
│ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y_-_d_n_s_k_e_y Indicates the validity dnssec
│ │ │ │ │ - period of DNSKEY records.
│ │ │ │ │ - Sets the number of "slipped"
│ │ │ │ │ -_s_l_i_p responses to minimize the query
│ │ │ │ │ - use of forged source
│ │ │ │ │ - addresses for an attack.
│ │ │ │ │ - Controls the ordering of RRs
│ │ │ │ │ -_s_o_r_t_l_i_s_t returned to the client, query
│ │ │ │ │ - based on the client's IP
│ │ │ │ │ - address.
│ │ │ │ │ - Defines the amount of time
│ │ │ │ │ - (in milliseconds) that _n_a_m_e_d
│ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_-_t_i_m_e_o_u_t waits before attempting to query, server
│ │ │ │ │ - answer a query with a stale
│ │ │ │ │ - RRset from cache.
│ │ │ │ │ - Enables the returning of
│ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when query, server
│ │ │ │ │ - the name servers for a zone
│ │ │ │ │ - are not answering.
│ │ │ │ │ - Specifies the time to live
│ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query
│ │ │ │ │ - stale answers, in seconds.
│ │ │ │ │ -_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of query, server
│ │ │ │ │ - "stale" cached answers.
│ │ │ │ │ - Sets the time window for the
│ │ │ │ │ - return of "stale" cached
│ │ │ │ │ -_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e answers before the next query, server
│ │ │ │ │ - attempt to contact, if the
│ │ │ │ │ - name servers for a given
│ │ │ │ │ - zone are not responding.
│ │ │ │ │ - Specifies the rate at which
│ │ │ │ │ - NOTIFY requests are sent
│ │ │ │ │ -_s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is zone, transfer
│ │ │ │ │ - first starting, or when new
│ │ │ │ │ - zones have been added.
│ │ │ │ │ - Specifies the communication
│ │ │ │ │ - channels to be used by
│ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging
│ │ │ │ │ - access statistics
│ │ │ │ │ - information on the name
│ │ │ │ │ - server.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server logging, server
│ │ │ │ │ - appends statistics, when
│ │ │ │ │ - using _r_n_d_c_ _s_t_a_t_s.
│ │ │ │ │ - Directs the logging channel
│ │ │ │ │ -_s_t_d_e_r_r output to the server's logging
│ │ │ │ │ - standard error stream.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n of concurrent HTTP/2 streams query, server
│ │ │ │ │ - over an HTTP/2 connection.
│ │ │ │ │ - Defines trailing bits for
│ │ │ │ │ -_s_u_f_f_i_x mapped IPv4 address bits in query
│ │ │ │ │ - _d_n_s_6_4.
│ │ │ │ │ - Enables support for _RR_FF_CC
│ │ │ │ │ -_s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec
│ │ │ │ │ - DNSSEC-Validated Cache.
│ │ │ │ │ -_s_y_s_l_o_g Directs the logging channel logging
│ │ │ │ │ - to the system log.
│ │ │ │ │ - Sets the timeout value (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -_t_c_p_-_a_d_v_e_r_t_i_s_e_d_-_t_i_m_e_o_u_t server sends in responses query
│ │ │ │ │ - containing the EDNS TCP
│ │ │ │ │ - keepalive option.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_t_c_p_-_c_l_i_e_n_t_s of simultaneous client TCP server
│ │ │ │ │ - connections accepted by the
│ │ │ │ │ - server.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ - server waits on an idle TCP
│ │ │ │ │ -_t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query
│ │ │ │ │ - it, if the EDNS TCP
│ │ │ │ │ - keepalive option is not in
│ │ │ │ │ - use.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP query, server
│ │ │ │ │ - connection for the first
│ │ │ │ │ - message from the client.
│ │ │ │ │ -_t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server
│ │ │ │ │ - messages sent over TCP.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -_t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query
│ │ │ │ │ - connection before closing
│ │ │ │ │ - it, if the EDNS TCP
│ │ │ │ │ - keepalive option is in use.
│ │ │ │ │ -_t_c_p_-_l_i_s_t_e_n_-_q_u_e_u_e Sets the listen-queue depth. server
│ │ │ │ │ -_t_c_p_-_o_n_l_y Sets the transport protocol server
│ │ │ │ │ - to TCP.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_t_c_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for TCP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_t_c_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for TCP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the domain appended to
│ │ │ │ │ -_t_k_e_y_-_d_o_m_a_i_n the names of all shared keys security
│ │ │ │ │ - generated with TKEY.
│ │ │ │ │ - Sets the security credential
│ │ │ │ │ -_t_k_e_y_-_g_s_s_a_p_i_-_c_r_e_d_e_n_t_i_a_l for authentication keys security
│ │ │ │ │ - requested by the GSS-TSIG
│ │ │ │ │ - protocol.
│ │ │ │ │ -_t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b Sets the KRB5 keytab file to security
│ │ │ │ │ - use for GSS-TSIG updates.
│ │ │ │ │ -_t_l_s Configures a TLS connection. security
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -_t_l_s_-_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send DNS-over-
│ │ │ │ │ - TLS protocol traffic.
│ │ │ │ │ - Controls whether multiple
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into a transfer
│ │ │ │ │ - message during zone
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the uncompressed size
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_m_e_s_s_a_g_e_-_s_i_z_e of DNS messages used in zone transfer
│ │ │ │ │ - transfers over TCP.
│ │ │ │ │ - Defines which local IPv4
│ │ │ │ │ - address(es) are bound to TCP
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e connections used to fetch transfer
│ │ │ │ │ - zones transferred inbound by
│ │ │ │ │ - the server.
│ │ │ │ │ - Defines which local IPv6
│ │ │ │ │ - address(es) are bound to TCP
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e_-_v_6 connections used to fetch transfer
│ │ │ │ │ - zones transferred inbound by
│ │ │ │ │ - the server.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s concurrent inbound zone server
│ │ │ │ │ - transfers from a server.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_i_n concurrent inbound zone transfer
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_o_u_t concurrent outbound zone transfer
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_p_e_r_-_n_s concurrent inbound zone transfer
│ │ │ │ │ - transfers from a remote
│ │ │ │ │ - server.
│ │ │ │ │ - Instructs _n_a_m_e_d to send
│ │ │ │ │ - specially formed queries
│ │ │ │ │ -_t_r_u_s_t_-_a_n_c_h_o_r_-_t_e_l_e_m_e_t_r_y once per day to domains for dnssec
│ │ │ │ │ - which trust anchors have
│ │ │ │ │ - been configured.
│ │ │ │ │ -_t_r_u_s_t_-_a_n_c_h_o_r_s Defines _D_N_S_S_E_C trust dnssec
│ │ │ │ │ - anchors.
│ │ │ │ │ -_t_r_u_s_t_e_d_-_k_e_y_s deprecated
│ │ │ │ │ - Specifies that BIND 9 should
│ │ │ │ │ -_t_r_y_-_t_c_p_-_r_e_f_r_e_s_h attempt to refresh a zone transfer
│ │ │ │ │ - using TCP if UDP queries
│ │ │ │ │ - fail.
│ │ │ │ │ -_t_y_p_e Specifies the kind of zone zone
│ │ │ │ │ - in a given configuration.
│ │ │ │ │ - Contains forwarding
│ │ │ │ │ -_t_y_p_e_ _f_o_r_w_a_r_d statements that apply to zone
│ │ │ │ │ - queries within a given
│ │ │ │ │ - domain.
│ │ │ │ │ - Contains the initial set of
│ │ │ │ │ -_t_y_p_e_ _h_i_n_t root name servers to be used zone
│ │ │ │ │ - at BIND 9 startup.
│ │ │ │ │ - Contains a DNSSEC-validated
│ │ │ │ │ -_t_y_p_e_ _m_i_r_r_o_r duplicate of the main data zone
│ │ │ │ │ - for a zone.
│ │ │ │ │ -_t_y_p_e_ _p_r_i_m_a_r_y Contains the main copy of zone
│ │ │ │ │ - the data for a zone.
│ │ │ │ │ - Contains information to
│ │ │ │ │ -_t_y_p_e_ _r_e_d_i_r_e_c_t answer queries when normal zone
│ │ │ │ │ - resolution would return
│ │ │ │ │ - NXDOMAIN.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ -_t_y_p_e_ _s_e_c_o_n_d_a_r_y data for a zone that has zone
│ │ │ │ │ - been transferred from a
│ │ │ │ │ - primary server.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ - NS records of a primary
│ │ │ │ │ -_t_y_p_e_ _s_t_a_t_i_c_-_s_t_u_b zone, but statically zone
│ │ │ │ │ - configured rather than
│ │ │ │ │ - transferred from a primary
│ │ │ │ │ - server.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ -_t_y_p_e_ _s_t_u_b NS records of a primary zone
│ │ │ │ │ - zone.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_u_d_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for UDP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_u_d_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for UDP server
│ │ │ │ │ - sockets.
│ │ │ │ │ -_u_n_i_x Specifies a Unix domain obsolete
│ │ │ │ │ - socket as a control channel.
│ │ │ │ │ -_u_p_d_a_t_e_-_c_h_e_c_k_-_k_s_k obsolete
│ │ │ │ │ - Sets fine-grained rules to
│ │ │ │ │ - allow or deny dynamic
│ │ │ │ │ -_u_p_d_a_t_e_-_p_o_l_i_c_y updates (DDNS), based on transfer
│ │ │ │ │ - requester identity, updated
│ │ │ │ │ - content, etc.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_u_p_d_a_t_e_-_q_u_o_t_a of concurrent DNS UPDATE server
│ │ │ │ │ - messages that can be
│ │ │ │ │ - processed by the server.
│ │ │ │ │ - Specifies a list of ports
│ │ │ │ │ -_u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ - UDP/IPv4 messages.
│ │ │ │ │ - Specifies a list of ports
│ │ │ │ │ -_u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ - UDP/IPv6 messages.
│ │ │ │ │ - Indicates the number of
│ │ │ │ │ -_v_6_-_b_i_a_s milliseconds of preference query, server
│ │ │ │ │ - to give to IPv6 name
│ │ │ │ │ - servers.
│ │ │ │ │ - Specifies a list of domain
│ │ │ │ │ -_v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec
│ │ │ │ │ - DNSSEC validation should not
│ │ │ │ │ - be performed.
│ │ │ │ │ - Specifies the version number
│ │ │ │ │ -_v_e_r_s_i_o_n of the server to return in server
│ │ │ │ │ - response to a version.bind
│ │ │ │ │ - query.
│ │ │ │ │ - Allows a name server to
│ │ │ │ │ -_v_i_e_w answer a DNS query view
│ │ │ │ │ - differently depending on who
│ │ │ │ │ - is asking.
│ │ │ │ │ - Specifies the length of time
│ │ │ │ │ -_w_i_n_d_o_w during which responses are query
│ │ │ │ │ - tracked.
│ │ │ │ │ - Specifies whether to set the
│ │ │ │ │ - time to live (TTL) of the
│ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l SOA record to zero, when zone, query, server
│ │ │ │ │ - returning authoritative
│ │ │ │ │ - negative responses to SOA
│ │ │ │ │ - queries.
│ │ │ │ │ - Sets the time to live (TTL)
│ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a zone, query, server
│ │ │ │ │ - negative response to an SOA
│ │ │ │ │ - query.
│ │ │ │ │ -_z_o_n_e Specifies the zone in a BIND zone
│ │ │ │ │ - 9 configuration.
│ │ │ │ │ - Sets the propagation delay
│ │ │ │ │ - from the time a zone is
│ │ │ │ │ -_z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the dnssec, zone
│ │ │ │ │ - new version of the zone is
│ │ │ │ │ - served by all secondary
│ │ │ │ │ - servers.
│ │ │ │ │ - Controls the level of
│ │ │ │ │ -_z_o_n_e_-_s_t_a_t_i_s_t_i_c_s statistics gathered for all zone, logging
│ │ │ │ │ - zones.
│ │ │ │ │ +SSttaatteemmeenntt DDeessccrriippttiioonn TTaaggss
│ │ │ │ │ +_a_c_l Assigns a symbolic name to server
│ │ │ │ │ + an address match list.
│ │ │ │ │ +_a_l_g_o_r_i_t_h_m Defines the algorithm to be security
│ │ │ │ │ + used in a key clause.
│ │ │ │ │ +_a_l_l_-_p_e_r_-_s_e_c_o_n_d Limits UDP responses of all query
│ │ │ │ │ + kinds.
│ │ │ │ │ + Controls the ability to add
│ │ │ │ │ +_a_l_l_o_w_-_n_e_w_-_z_o_n_e_s zones at runtime via _r_n_d_c server, zone
│ │ │ │ │ + _a_d_d_z_o_n_e.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t that is
│ │ │ │ │ + allowed to send NOTIFY
│ │ │ │ │ +_a_l_l_o_w_-_n_o_t_i_f_y messages for the zone, in transfer
│ │ │ │ │ + addition to addresses
│ │ │ │ │ + defined in the _p_r_i_m_a_r_i_e_s
│ │ │ │ │ + option for the zone.
│ │ │ │ │ + Defines an
│ │ │ │ │ +_a_l_l_o_w_-_p_r_o_x_y _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the server
│ │ │ │ │ + client addresses allowed to
│ │ │ │ │ + send PROXYv2 headers.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the
│ │ │ │ │ + interface addresses allowed
│ │ │ │ │ +_a_l_l_o_w_-_p_r_o_x_y_-_o_n to accept PROXYv2 headers. server
│ │ │ │ │ + The option is mostly
│ │ │ │ │ + intended for multi-homed
│ │ │ │ │ + configurations.
│ │ │ │ │ + Specifies which hosts (an
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y IP address list) are query
│ │ │ │ │ + allowed to send queries to
│ │ │ │ │ + this resolver.
│ │ │ │ │ + Specifies which hosts (an
│ │ │ │ │ + IP address list) can access
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e this server's cache and query
│ │ │ │ │ + thus effectively controls
│ │ │ │ │ + recursion.
│ │ │ │ │ + Specifies which hosts (an
│ │ │ │ │ + IP address list) can access
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e_-_o_n this server's cache. Used query
│ │ │ │ │ + on servers with multiple
│ │ │ │ │ + interfaces.
│ │ │ │ │ + Specifies which local
│ │ │ │ │ + addresses (an IP address
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_o_n list) are allowed to send query
│ │ │ │ │ + queries to this resolver.
│ │ │ │ │ + Used in multi-homed
│ │ │ │ │ + configurations.
│ │ │ │ │ + Defines an
│ │ │ │ │ +_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of query
│ │ │ │ │ + clients that are allowed to
│ │ │ │ │ + perform recursive queries.
│ │ │ │ │ + Specifies which local
│ │ │ │ │ +_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n_-_o_n addresses can accept server, query
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_a_l_l_o_w_-_t_r_a_n_s_f_e_r that are allowed to transfer
│ │ │ │ │ + transfer the zone
│ │ │ │ │ + information from this
│ │ │ │ │ + server.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_a_l_l_o_w_-_u_p_d_a_t_e that are allowed to submit transfer
│ │ │ │ │ + dynamic updates for primary
│ │ │ │ │ + zones.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_a_l_l_o_w_-_u_p_d_a_t_e_-_f_o_r_w_a_r_d_i_n_g that are allowed to submit transfer
│ │ │ │ │ + dynamic updates to a
│ │ │ │ │ + secondary server for
│ │ │ │ │ + transmission to a primary.
│ │ │ │ │ + Defines one or more hosts
│ │ │ │ │ +_a_l_s_o_-_n_o_t_i_f_y that are sent NOTIFY transfer
│ │ │ │ │ + messages when zone changes
│ │ │ │ │ + occur.
│ │ │ │ │ + Controls whether COOKIE
│ │ │ │ │ +_a_n_s_w_e_r_-_c_o_o_k_i_e EDNS replies are sent in query
│ │ │ │ │ + response to client queries.
│ │ │ │ │ + Allows multiple views to
│ │ │ │ │ +_a_t_t_a_c_h_-_c_a_c_h_e share a single cache view
│ │ │ │ │ + database.
│ │ │ │ │ + Controls whether BIND,
│ │ │ │ │ + acting as a resolver,
│ │ │ │ │ +_a_u_t_h_-_n_x_d_o_m_a_i_n provides authoritative query
│ │ │ │ │ + NXDOMAIN (domain does not
│ │ │ │ │ + exist) answers.
│ │ │ │ │ + Controls the automatic
│ │ │ │ │ +_a_u_t_o_m_a_t_i_c_-_i_n_t_e_r_f_a_c_e_-_s_c_a_n rescanning of network server
│ │ │ │ │ + interfaces when addresses
│ │ │ │ │ + are added or removed.
│ │ │ │ │ + Specifies the range(s) of
│ │ │ │ │ +_a_v_o_i_d_-_v_4_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ + use as sources for UDP/IPv4
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the range(s) of
│ │ │ │ │ +_a_v_o_i_d_-_v_6_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ + use as sources for UDP/IPv6
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the pathname of a
│ │ │ │ │ +_b_i_n_d_k_e_y_s_-_f_i_l_e file to override the built- dnssec
│ │ │ │ │ + in trusted keys provided by
│ │ │ │ │ + _n_a_m_e_d.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_b_l_a_c_k_h_o_l_e to ignore. The server will query
│ │ │ │ │ + neither respond to queries
│ │ │ │ │ + from nor send queries to
│ │ │ │ │ + these addresses.
│ │ │ │ │ +_b_o_g_u_s Allows a remote server to server
│ │ │ │ │ + be ignored.
│ │ │ │ │ + Enables _d_n_s_6_4 synthesis
│ │ │ │ │ +_b_r_e_a_k_-_d_n_s_s_e_c even if the validated query
│ │ │ │ │ + result would cause a DNSSEC
│ │ │ │ │ + validation failure.
│ │ │ │ │ +_b_u_f_f_e_r_e_d Controls flushing of log logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ + file containing TLS
│ │ │ │ │ +_c_a_-_f_i_l_e certificates for trusted CA server, security
│ │ │ │ │ + authorities, used to verify
│ │ │ │ │ + remote peer certificates.
│ │ │ │ │ +_c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone
│ │ │ │ │ + _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ + Specifies the type of data
│ │ │ │ │ +_c_a_t_e_g_o_r_y logged to a particular logging
│ │ │ │ │ + channel.
│ │ │ │ │ + Specifies whether a CDNSKEY
│ │ │ │ │ +_c_d_n_s_k_e_y record should be published dnssec
│ │ │ │ │ + during KSK rollover.
│ │ │ │ │ + Specifies the digest types
│ │ │ │ │ +_c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec
│ │ │ │ │ + records.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ +_c_e_r_t_-_f_i_l_e file containing the TLS server, security
│ │ │ │ │ + certificate for a
│ │ │ │ │ + connection.
│ │ │ │ │ + Defines a stream of data
│ │ │ │ │ +_c_h_a_n_n_e_l that can be independently logging
│ │ │ │ │ + logged.
│ │ │ │ │ + Checks primary zones for
│ │ │ │ │ + records that are treated as
│ │ │ │ │ +_c_h_e_c_k_-_d_u_p_-_r_e_c_o_r_d_s different by DNSSEC but are query, dnssec
│ │ │ │ │ + semantically equal in plain
│ │ │ │ │ + DNS.
│ │ │ │ │ + Performs post-load zone
│ │ │ │ │ +_c_h_e_c_k_-_i_n_t_e_g_r_i_t_y integrity checks on primary zone
│ │ │ │ │ + zones.
│ │ │ │ │ + Checks whether an MX record
│ │ │ │ │ +_c_h_e_c_k_-_m_x appears to refer to an IP zone
│ │ │ │ │ + address.
│ │ │ │ │ + Sets the response to MX
│ │ │ │ │ +_c_h_e_c_k_-_m_x_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ + CNAMEs.
│ │ │ │ │ + Restricts the character set
│ │ │ │ │ + and syntax of certain
│ │ │ │ │ +_c_h_e_c_k_-_n_a_m_e_s domain names in primary server, query
│ │ │ │ │ + files and/or DNS responses
│ │ │ │ │ + received from the network.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ +_c_h_e_c_k_-_s_i_b_l_i_n_g for sibling glue when zone
│ │ │ │ │ + performing integrity
│ │ │ │ │ + checks.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ +_c_h_e_c_k_-_s_p_f for a TXT Sender Policy zone
│ │ │ │ │ + Framework record, if an SPF
│ │ │ │ │ + record is present.
│ │ │ │ │ + Sets the response to SRV
│ │ │ │ │ +_c_h_e_c_k_-_s_r_v_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ + CNAMEs.
│ │ │ │ │ + Specifies whether to
│ │ │ │ │ +_c_h_e_c_k_-_s_v_c_b perform additional checks zone
│ │ │ │ │ + on SVCB records.
│ │ │ │ │ +_c_h_e_c_k_-_w_i_l_d_c_a_r_d Checks for non-terminal zone
│ │ │ │ │ + wildcards.
│ │ │ │ │ + Controls whether DS queries
│ │ │ │ │ +_c_h_e_c_k_d_s are sent to parental dnssec
│ │ │ │ │ + agents.
│ │ │ │ │ +_c_i_p_h_e_r_s Specifies a list of allowed security
│ │ │ │ │ + ciphers.
│ │ │ │ │ + Specifies an access control
│ │ │ │ │ +_c_l_i_e_n_t_s list (ACL) of clients that query
│ │ │ │ │ + are affected by a given
│ │ │ │ │ + _d_n_s_6_4 directive.
│ │ │ │ │ + Sets the initial minimum
│ │ │ │ │ + number of simultaneous
│ │ │ │ │ +_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y recursive clients accepted server
│ │ │ │ │ + by the server for any given
│ │ │ │ │ + query before the server
│ │ │ │ │ + drops additional clients.
│ │ │ │ │ + Specifies control channels
│ │ │ │ │ +_c_o_n_t_r_o_l_s to be used to manage the server
│ │ │ │ │ + name server.
│ │ │ │ │ + Sets the algorithm to be
│ │ │ │ │ +_c_o_o_k_i_e_-_a_l_g_o_r_i_t_h_m used when generating a server
│ │ │ │ │ + server cookie.
│ │ │ │ │ + Specifies a shared secret
│ │ │ │ │ + used for generating and
│ │ │ │ │ +_c_o_o_k_i_e_-_s_e_c_r_e_t verifying EDNS COOKIE server
│ │ │ │ │ + options within an anycast
│ │ │ │ │ + cluster.
│ │ │ │ │ + Specifies the type of
│ │ │ │ │ +_d_a_t_a_b_a_s_e database to be used to zone
│ │ │ │ │ + store zone data.
│ │ │ │ │ + Rejects A or AAAA records
│ │ │ │ │ +_d_e_n_y_-_a_n_s_w_e_r_-_a_d_d_r_e_s_s_e_s if the corresponding IPv4 query
│ │ │ │ │ + or IPv6 addresses match a
│ │ │ │ │ + given _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t.
│ │ │ │ │ + Rejects CNAME or DNAME
│ │ │ │ │ +_d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query
│ │ │ │ │ + matches a given list of
│ │ │ │ │ + _d_o_m_a_i_n___n_a_m_e elements.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ +_d_h_p_a_r_a_m_-_f_i_l_e file containing Diffie- server, security
│ │ │ │ │ + Hellman parameters, for
│ │ │ │ │ + enabling cipher suites.
│ │ │ │ │ + Concentrates zone
│ │ │ │ │ + maintenance so that all
│ │ │ │ │ +_d_i_a_l_u_p transfers take place once deprecated
│ │ │ │ │ + every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l,
│ │ │ │ │ + ideally during a single
│ │ │ │ │ + call.
│ │ │ │ │ +_d_i_r_e_c_t_o_r_y Sets the server's working server
│ │ │ │ │ + directory.
│ │ │ │ │ +_d_i_s_a_b_l_e_-_a_l_g_o_r_i_t_h_m_s Disables DNSSEC algorithms dnssec
│ │ │ │ │ + from a specified zone.
│ │ │ │ │ +_d_i_s_a_b_l_e_-_d_s_-_d_i_g_e_s_t_s Disables DS digest types zone, dnssec
│ │ │ │ │ + from a specified zone.
│ │ │ │ │ +_d_i_s_a_b_l_e_-_e_m_p_t_y_-_z_o_n_e Disables individual empty server, zone
│ │ │ │ │ + zones.
│ │ │ │ │ + Configures a Dynamically
│ │ │ │ │ +_d_l_z Loadable Zone (DLZ) zone
│ │ │ │ │ + database in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ + Instructs _n_a_m_e_d to return
│ │ │ │ │ +_d_n_s_6_4 mapped IPv4 addresses to query
│ │ │ │ │ + AAAA queries when there are
│ │ │ │ │ + no AAAA records.
│ │ │ │ │ +_d_n_s_6_4_-_c_o_n_t_a_c_t Specifies the name of the server
│ │ │ │ │ + contact for _d_n_s_6_4 zones.
│ │ │ │ │ +_d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server
│ │ │ │ │ + server for _d_n_s_6_4 zones.
│ │ │ │ │ +_d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete
│ │ │ │ │ + Specifies the time to live
│ │ │ │ │ +_d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec
│ │ │ │ │ + records.
│ │ │ │ │ + Turns on the DNS Response
│ │ │ │ │ +_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) server, security
│ │ │ │ │ + interface.
│ │ │ │ │ + Turns on the DNS Response
│ │ │ │ │ +_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) server, security
│ │ │ │ │ + interface.
│ │ │ │ │ + Provides additional RPZ
│ │ │ │ │ + configuration settings,
│ │ │ │ │ +_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS server, security
│ │ │ │ │ + Response Policy Service
│ │ │ │ │ + (DNSRPS) provider library.
│ │ │ │ │ + Instructs BIND 9 to accept
│ │ │ │ │ +_d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec
│ │ │ │ │ + when validating.
│ │ │ │ │ +_d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete
│ │ │ │ │ + Sets the frequency of
│ │ │ │ │ +_d_n_s_s_e_c_-_l_o_a_d_k_e_y_s_-_i_n_t_e_r_v_a_l automatic checks of the dnssec
│ │ │ │ │ + DNSSEC key repository.
│ │ │ │ │ + Defines hierarchies that
│ │ │ │ │ +_d_n_s_s_e_c_-_m_u_s_t_-_b_e_-_s_e_c_u_r_e must or may not be secure deprecated
│ │ │ │ │ + (signed and validated).
│ │ │ │ │ +_d_n_s_s_e_c_-_p_o_l_i_c_y Defines a key and signing dnssec
│ │ │ │ │ + policy (KASP) for zones.
│ │ │ │ │ +_d_n_s_s_e_c_-_s_e_c_u_r_e_-_t_o_-_i_n_s_e_c_u_r_e obsolete
│ │ │ │ │ +_d_n_s_s_e_c_-_u_p_d_a_t_e_-_m_o_d_e obsolete
│ │ │ │ │ +_d_n_s_s_e_c_-_v_a_l_i_d_a_t_i_o_n Enables DNSSEC validation dnssec
│ │ │ │ │ + in _n_a_m_e_d.
│ │ │ │ │ +_d_n_s_t_a_p Enables logging of _d_n_s_t_a_p logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies an identity
│ │ │ │ │ +_d_n_s_t_a_p_-_i_d_e_n_t_i_t_y string to send in _d_n_s_t_a_p logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Configures the path to
│ │ │ │ │ +_d_n_s_t_a_p_-_o_u_t_p_u_t which the _d_n_s_t_a_p frame logging
│ │ │ │ │ + stream is sent.
│ │ │ │ │ +_d_n_s_t_a_p_-_v_e_r_s_i_o_n Specifies a _v_e_r_s_i_o_n string logging
│ │ │ │ │ + to send in _d_n_s_t_a_p messages.
│ │ │ │ │ + Specifies host names or
│ │ │ │ │ +_d_u_a_l_-_s_t_a_c_k_-_s_e_r_v_e_r_s addresses of machines with server
│ │ │ │ │ + access to both IPv4 and
│ │ │ │ │ + IPv6 transports.
│ │ │ │ │ + Indicates the pathname of
│ │ │ │ │ +_d_u_m_p_-_f_i_l_e the file where the server logging
│ │ │ │ │ + dumps the database after
│ │ │ │ │ + _r_n_d_c_ _d_u_m_p_d_b.
│ │ │ │ │ +_d_y_n_d_b Configures a DynDB database zone
│ │ │ │ │ + in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ +_e_d_n_s Controls the use of the server
│ │ │ │ │ + EDNS0 (_RR_FF_CC_ _22_66_77_11) feature.
│ │ │ │ │ + Sets the maximum advertised
│ │ │ │ │ + EDNS UDP buffer size to
│ │ │ │ │ +_e_d_n_s_-_u_d_p_-_s_i_z_e control the size of packets query
│ │ │ │ │ + received from authoritative
│ │ │ │ │ + servers in response to
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Sets the maximum EDNS
│ │ │ │ │ +_e_d_n_s_-_v_e_r_s_i_o_n VERSION that is sent to the server
│ │ │ │ │ + server(s) by the resolver.
│ │ │ │ │ + Specifies the contact name
│ │ │ │ │ +_e_m_p_t_y_-_c_o_n_t_a_c_t in the returned SOA record server, zone
│ │ │ │ │ + for empty zones.
│ │ │ │ │ + Specifies the server name
│ │ │ │ │ +_e_m_p_t_y_-_s_e_r_v_e_r in the returned SOA record server, zone
│ │ │ │ │ + for empty zones.
│ │ │ │ │ +_e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all server, zone
│ │ │ │ │ + empty zones.
│ │ │ │ │ + Specifies a list of HTTP
│ │ │ │ │ +_e_n_d_p_o_i_n_t_s query paths on which to server, query
│ │ │ │ │ + listen.
│ │ │ │ │ + Limits the number of errors
│ │ │ │ │ +_e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server
│ │ │ │ │ + record type.
│ │ │ │ │ + Allows a list of IPv6
│ │ │ │ │ + addresses to be ignored if
│ │ │ │ │ +_e_x_c_l_u_d_e they appear in a domain query
│ │ │ │ │ + name's AAAA records in
│ │ │ │ │ + _d_n_s_6_4.
│ │ │ │ │ + Exempts specific clients or
│ │ │ │ │ +_e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query
│ │ │ │ │ + limiting.
│ │ │ │ │ + Sets the parameters for
│ │ │ │ │ + dynamic resizing of the
│ │ │ │ │ +_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in server, query
│ │ │ │ │ + response to detected
│ │ │ │ │ + congestion.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous iterative
│ │ │ │ │ + queries allowed to be sent
│ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream server, query
│ │ │ │ │ + name server before the
│ │ │ │ │ + server blocks additional
│ │ │ │ │ + queries.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous iterative
│ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one server, query
│ │ │ │ │ + domain before the server
│ │ │ │ │ + blocks new queries for data
│ │ │ │ │ + in or beneath that zone.
│ │ │ │ │ +_f_i_l_e Specifies the zone's zone
│ │ │ │ │ + filename.
│ │ │ │ │ + Controls whether pending
│ │ │ │ │ +_f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed zone
│ │ │ │ │ + when the name server exits.
│ │ │ │ │ + Allows or disallows
│ │ │ │ │ + fallback to recursion if
│ │ │ │ │ +_f_o_r_w_a_r_d forwarding has failed; it query
│ │ │ │ │ + is always used in
│ │ │ │ │ + conjunction with the
│ │ │ │ │ + _f_o_r_w_a_r_d_e_r_s statement.
│ │ │ │ │ + Defines one or more hosts
│ │ │ │ │ +_f_o_r_w_a_r_d_e_r_s to which queries are query
│ │ │ │ │ + forwarded.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_b_u_f_f_e_r_-_h_i_n_t accumulated bytes in the logging
│ │ │ │ │ + output buffer before
│ │ │ │ │ + forcing a buffer flush.
│ │ │ │ │ + Sets the number of seconds
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_f_l_u_s_h_-_t_i_m_e_o_u_t that unflushed data remains logging
│ │ │ │ │ + in the output buffer.
│ │ │ │ │ + Sets the number of queue
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_i_n_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries to allocate for logging
│ │ │ │ │ + each input queue.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_n_o_t_i_f_y_- outstanding queue entries
│ │ │ │ │ +_t_h_r_e_s_h_o_l_d allowed on an input queue logging
│ │ │ │ │ + before waking the I/
│ │ │ │ │ + O thread.
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_- Sets the queuing semantics logging
│ │ │ │ │ +_m_o_d_e_l to use for queue objects.
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_- Sets the number of queue
│ │ │ │ │ +_s_i_z_e entries allocated for each logging
│ │ │ │ │ + output queue.
│ │ │ │ │ + Sets the number of seconds
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_r_e_o_p_e_n_-_i_n_t_e_r_v_a_l to wait between attempts to logging
│ │ │ │ │ + reopen a closed output
│ │ │ │ │ + stream.
│ │ │ │ │ + Specifies the directory
│ │ │ │ │ +_g_e_o_i_p_-_d_i_r_e_c_t_o_r_y containing GeoIP database server
│ │ │ │ │ + files.
│ │ │ │ │ + Sets the interval at which
│ │ │ │ │ +_h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l the server performs zone deprecated
│ │ │ │ │ + maintenance tasks for all
│ │ │ │ │ + zones marked as _d_i_a_l_u_p.
│ │ │ │ │ + Specifies the hostname of
│ │ │ │ │ +_h_o_s_t_n_a_m_e the server to return in server
│ │ │ │ │ + response to a hostname.bind
│ │ │ │ │ + query.
│ │ │ │ │ + Configures HTTP endpoints
│ │ │ │ │ +_h_t_t_p on which to listen for DNS- server, query
│ │ │ │ │ + over-HTTPS (DoH) queries.
│ │ │ │ │ + Limits the number of active
│ │ │ │ │ +_h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server
│ │ │ │ │ + per-listener basis.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ + number the server uses to
│ │ │ │ │ +_h_t_t_p_-_p_o_r_t receive and send server, query
│ │ │ │ │ + unencrypted DNS traffic via
│ │ │ │ │ + HTTP.
│ │ │ │ │ +_h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_- Limits the number of active
│ │ │ │ │ +_c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams server
│ │ │ │ │ + on a per-connection basis.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +_h_t_t_p_s_-_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send DNS-over-
│ │ │ │ │ + HTTPS protocol traffic.
│ │ │ │ │ +_i_n_-_v_i_e_w Specifies the view in which view, zone
│ │ │ │ │ + a given zone is defined.
│ │ │ │ │ +_i_n_e_t Specifies a TCP socket as a server
│ │ │ │ │ + control channel.
│ │ │ │ │ + Specifies whether BIND 9
│ │ │ │ │ +_i_n_l_i_n_e_-_s_i_g_n_i_n_g maintains a separate signed zone, dnssec
│ │ │ │ │ + version of a zone.
│ │ │ │ │ + Sets the interval at which
│ │ │ │ │ +_i_n_t_e_r_f_a_c_e_-_i_n_t_e_r_v_a_l the server scans the server
│ │ │ │ │ + network interface list.
│ │ │ │ │ + Specifies the prefix
│ │ │ │ │ +_i_p_v_4_-_p_r_e_f_i_x_-_l_e_n_g_t_h lengths of IPv4 address server
│ │ │ │ │ + blocks.
│ │ │ │ │ + Specifies the contact for
│ │ │ │ │ +_i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server
│ │ │ │ │ + created by _d_n_s_6_4.
│ │ │ │ │ + Enables automatic IPv4
│ │ │ │ │ +_i_p_v_4_o_n_l_y_-_e_n_a_b_l_e zones if a _d_n_s_6_4 block is query
│ │ │ │ │ + configured.
│ │ │ │ │ + Specifies the name of the
│ │ │ │ │ +_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the server, query
│ │ │ │ │ + IPV4ONLY.ARPA zone created
│ │ │ │ │ + by _d_n_s_6_4.
│ │ │ │ │ + Specifies the prefix
│ │ │ │ │ +_i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h lengths of IPv6 address server
│ │ │ │ │ + blocks.
│ │ │ │ │ +_i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer
│ │ │ │ │ + are calculated.
│ │ │ │ │ + Allows the default
│ │ │ │ │ +_j_o_u_r_n_a_l journal's filename to be zone
│ │ │ │ │ + overridden.
│ │ │ │ │ + Defines a shared secret key
│ │ │ │ │ +_k_e_y for use with _T_S_I_G or the security
│ │ │ │ │ + command channel.
│ │ │ │ │ + Indicates the directory
│ │ │ │ │ +_k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec
│ │ │ │ │ + DNSSEC key files are found.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ +_k_e_y_-_f_i_l_e file containing the private server, security
│ │ │ │ │ + TLS key for a connection.
│ │ │ │ │ + Specifies one or more
│ │ │ │ │ +_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used server, security
│ │ │ │ │ + with a remote server.
│ │ │ │ │ +_l_a_m_e_-_t_t_l Sets the resolver's lame server
│ │ │ │ │ + cache.
│ │ │ │ │ + Specifies the IPv4
│ │ │ │ │ +_l_i_s_t_e_n_-_o_n addresses on which a server server
│ │ │ │ │ + listens for DNS queries.
│ │ │ │ │ + Specifies the IPv6
│ │ │ │ │ +_l_i_s_t_e_n_-_o_n_-_v_6 addresses on which a server server
│ │ │ │ │ + listens for DNS queries.
│ │ │ │ │ + Specifies a per-listener
│ │ │ │ │ +_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active server, query
│ │ │ │ │ + connections.
│ │ │ │ │ + Sets a maximum size for the
│ │ │ │ │ +_l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server
│ │ │ │ │ + database in LMDB database
│ │ │ │ │ + format.
│ │ │ │ │ + Tests rate-limiting
│ │ │ │ │ +_l_o_g_-_o_n_l_y parameters without actually logging, query
│ │ │ │ │ + dropping any requests.
│ │ │ │ │ +_l_o_g_g_i_n_g Configures logging options logging
│ │ │ │ │ + for the name server.
│ │ │ │ │ +_m_a_n_a_g_e_d_-_k_e_y_s deprecated
│ │ │ │ │ + Specifies the directory in
│ │ │ │ │ +_m_a_n_a_g_e_d_-_k_e_y_s_-_d_i_r_e_c_t_o_r_y which to store the files dnssec
│ │ │ │ │ + that track managed DNSSEC
│ │ │ │ │ + keys.
│ │ │ │ │ + Specifies an access control
│ │ │ │ │ + list (ACL) of IPv4
│ │ │ │ │ +_m_a_p_p_e_d addresses that are to be query
│ │ │ │ │ + mapped to the corresponding
│ │ │ │ │ + A RRset in _d_n_s_6_4.
│ │ │ │ │ +_m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t Specifies the file format server, zone
│ │ │ │ │ + of zone files.
│ │ │ │ │ + Specifies the format of
│ │ │ │ │ +_m_a_s_t_e_r_f_i_l_e_-_s_t_y_l_e zone files during a dump, server
│ │ │ │ │ + when the _m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t
│ │ │ │ │ + is text.
│ │ │ │ │ + Specifies a view of DNS
│ │ │ │ │ +_m_a_t_c_h_-_c_l_i_e_n_t_s namespace for a given view
│ │ │ │ │ + subset of client IP
│ │ │ │ │ + addresses.
│ │ │ │ │ + Specifies a view of DNS
│ │ │ │ │ +_m_a_t_c_h_-_d_e_s_t_i_n_a_t_i_o_n_s namespace for a given view
│ │ │ │ │ + subset of destination IP
│ │ │ │ │ + addresses.
│ │ │ │ │ + Allows IPv4-mapped IPv6
│ │ │ │ │ + addresses to match address-
│ │ │ │ │ +_m_a_t_c_h_-_m_a_p_p_e_d_-_a_d_d_r_e_s_s_e_s match list entries for server
│ │ │ │ │ + corresponding IPv4
│ │ │ │ │ + addresses.
│ │ │ │ │ + Specifies that only
│ │ │ │ │ +_m_a_t_c_h_-_r_e_c_u_r_s_i_v_e_-_o_n_l_y recursive requests can view
│ │ │ │ │ + match this view of the DNS
│ │ │ │ │ + namespace.
│ │ │ │ │ + Sets the maximum amount of
│ │ │ │ │ + memory to use for an
│ │ │ │ │ +_m_a_x_-_c_a_c_h_e_-_s_i_z_e individual cache database server
│ │ │ │ │ + and its associated
│ │ │ │ │ + metadata.
│ │ │ │ │ + Specifies the maximum time
│ │ │ │ │ +_m_a_x_-_c_a_c_h_e_-_t_t_l (in seconds) that the server
│ │ │ │ │ + server caches ordinary
│ │ │ │ │ + (positive) answers.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous recursive
│ │ │ │ │ +_m_a_x_-_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y clients accepted by the server
│ │ │ │ │ + server for any given query
│ │ │ │ │ + before the server drops
│ │ │ │ │ + additional clients.
│ │ │ │ │ + Sets the maximum size for
│ │ │ │ │ +_m_a_x_-_i_x_f_r_-_r_a_t_i_o IXFR responses to zone transfer
│ │ │ │ │ + transfer requests.
│ │ │ │ │ +_m_a_x_-_j_o_u_r_n_a_l_-_s_i_z_e Controls the size of transfer
│ │ │ │ │ + journal files.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ + retention time (in seconds)
│ │ │ │ │ +_m_a_x_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ + answers in the server's
│ │ │ │ │ + cache.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ +_m_a_x_-_r_e_c_o_r_d_s records permitted in a server, zone
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + levels of recursion
│ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server
│ │ │ │ │ + while servicing a recursive
│ │ │ │ │ + query.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while server, query
│ │ │ │ │ + servicing a recursive
│ │ │ │ │ + query.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer
│ │ │ │ │ + than the specified value,
│ │ │ │ │ + in seconds.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_a_x_-_r_e_t_r_y_-_t_i_m_e retry interval to no less transfer
│ │ │ │ │ + often than the specified
│ │ │ │ │ + value, in seconds.
│ │ │ │ │ + Sets the maximum RSA
│ │ │ │ │ +_m_a_x_-_r_s_a_-_e_x_p_o_n_e_n_t_-_s_i_z_e exponent size (in bits) query, dnssec
│ │ │ │ │ + when validating.
│ │ │ │ │ + Specifies the maximum time
│ │ │ │ │ + that the server retains
│ │ │ │ │ +_m_a_x_-_s_t_a_l_e_-_t_t_l records past their normal server
│ │ │ │ │ + expiry, to return them as
│ │ │ │ │ + stale records.
│ │ │ │ │ + Sets the maximum size of
│ │ │ │ │ +_m_a_x_-_t_a_b_l_e_-_s_i_z_e the table used to track server
│ │ │ │ │ + requests and rate-limit
│ │ │ │ │ + responses.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ + zone transfers making no
│ │ │ │ │ + progress are terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ + minutes after which
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_o_u_t outbound zone transfers transfer
│ │ │ │ │ + making no progress are
│ │ │ │ │ + terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ + zone transfers are
│ │ │ │ │ + terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_o_u_t minutes after which transfer
│ │ │ │ │ + outbound zone transfers are
│ │ │ │ │ + terminated.
│ │ │ │ │ +_m_a_x_-_u_d_p_-_s_i_z_e Sets the maximum EDNS UDP query
│ │ │ │ │ + message size sent by _n_a_m_e_d.
│ │ │ │ │ + Set the maximum number of
│ │ │ │ │ +_m_a_x_-_v_a_l_i_d_a_t_i_o_n_-_f_a_i_l_u_r_e_s_- DNSSEC validation failures server
│ │ │ │ │ +_p_e_r_-_f_e_t_c_h that can happen in single
│ │ │ │ │ + fetch
│ │ │ │ │ + Set the maximum number of
│ │ │ │ │ +_m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server
│ │ │ │ │ + happen in single fetch
│ │ │ │ │ + Specifies a maximum
│ │ │ │ │ +_m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated
│ │ │ │ │ + (TTL) value, in seconds.
│ │ │ │ │ + Controls whether memory
│ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to logging, server
│ │ │ │ │ + the file specified by
│ │ │ │ │ + _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit.
│ │ │ │ │ + Sets the pathname of the
│ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server logging
│ │ │ │ │ + writes memory usage
│ │ │ │ │ + statistics on exit.
│ │ │ │ │ + Controls whether DNS name
│ │ │ │ │ +_m_e_s_s_a_g_e_-_c_o_m_p_r_e_s_s_i_o_n compression is used in query
│ │ │ │ │ + responses to regular
│ │ │ │ │ + queries.
│ │ │ │ │ + Specifies the minimum time
│ │ │ │ │ +_m_i_n_-_c_a_c_h_e_-_t_t_l (in seconds) that the server
│ │ │ │ │ + server caches ordinary
│ │ │ │ │ + (positive) answers.
│ │ │ │ │ + Specifies the minimum
│ │ │ │ │ + retention time (in seconds)
│ │ │ │ │ +_m_i_n_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ + answers in the server's
│ │ │ │ │ + cache.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_i_n_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no more often transfer
│ │ │ │ │ + than the specified value,
│ │ │ │ │ + in seconds.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_i_n_-_r_e_t_r_y_-_t_i_m_e retry interval to no more transfer
│ │ │ │ │ + often than the specified
│ │ │ │ │ + value, in seconds.
│ │ │ │ │ + Sets the minimum size of
│ │ │ │ │ +_m_i_n_-_t_a_b_l_e_-_s_i_z_e the table used to track query
│ │ │ │ │ + requests and rate-limit
│ │ │ │ │ + responses.
│ │ │ │ │ + Controls whether the server
│ │ │ │ │ + replies with only one of
│ │ │ │ │ +_m_i_n_i_m_a_l_-_a_n_y the RRsets for a query query
│ │ │ │ │ + name, when generating a
│ │ │ │ │ + positive response to a
│ │ │ │ │ + query of type ANY over UDP.
│ │ │ │ │ + Controls whether the server
│ │ │ │ │ + only adds records to the
│ │ │ │ │ + authority and additional
│ │ │ │ │ +_m_i_n_i_m_a_l_-_r_e_s_p_o_n_s_e_s data sections when they are query
│ │ │ │ │ + required (e.g. delegations,
│ │ │ │ │ + negative responses). This
│ │ │ │ │ + improves server
│ │ │ │ │ + performance.
│ │ │ │ │ + Controls whether serial
│ │ │ │ │ +_m_u_l_t_i_-_m_a_s_t_e_r number mismatch errors are transfer
│ │ │ │ │ + logged.
│ │ │ │ │ + Specifies the directory
│ │ │ │ │ + where configuration
│ │ │ │ │ +_n_e_w_-_z_o_n_e_s_-_d_i_r_e_c_t_o_r_y parameters are stored for zone
│ │ │ │ │ + zones added by _r_n_d_c
│ │ │ │ │ + _a_d_d_z_o_n_e.
│ │ │ │ │ + Specifies a list of
│ │ │ │ │ +_n_o_-_c_a_s_e_-_c_o_m_p_r_e_s_s addresses that require server
│ │ │ │ │ + case-insensitive
│ │ │ │ │ + compression in responses.
│ │ │ │ │ + Sets the maximum size of
│ │ │ │ │ +_n_o_c_o_o_k_i_e_-_u_d_p_-_s_i_z_e UDP responses that are sent query
│ │ │ │ │ + to queries without a valid
│ │ │ │ │ + server COOKIE.
│ │ │ │ │ + Limits the number of empty
│ │ │ │ │ +_n_o_d_a_t_a_-_p_e_r_-_s_e_c_o_n_d (NODATA) responses for a query
│ │ │ │ │ + valid domain name.
│ │ │ │ │ + Controls whether NOTIFY
│ │ │ │ │ +_n_o_t_i_f_y messages are sent on zone transfer
│ │ │ │ │ + changes.
│ │ │ │ │ + Sets the delay (in seconds)
│ │ │ │ │ +_n_o_t_i_f_y_-_d_e_l_a_y between sending sets of transfer, zone
│ │ │ │ │ + NOTIFY messages for a zone.
│ │ │ │ │ + Specifies the rate at which
│ │ │ │ │ +_n_o_t_i_f_y_-_r_a_t_e NOTIFY requests are sent transfer, zone
│ │ │ │ │ + during normal zone
│ │ │ │ │ + maintenance operations.
│ │ │ │ │ + Defines the IPv4 address
│ │ │ │ │ +_n_o_t_i_f_y_-_s_o_u_r_c_e (and optional port) to be transfer
│ │ │ │ │ + used for outgoing NOTIFY
│ │ │ │ │ + messages.
│ │ │ │ │ + Defines the IPv6 address
│ │ │ │ │ +_n_o_t_i_f_y_-_s_o_u_r_c_e_-_v_6 (and optional port) to be transfer
│ │ │ │ │ + used for outgoing NOTIFY
│ │ │ │ │ + messages.
│ │ │ │ │ + Controls whether the name
│ │ │ │ │ +_n_o_t_i_f_y_-_t_o_-_s_o_a servers in the NS RRset are transfer
│ │ │ │ │ + checked against the SOA
│ │ │ │ │ + MNAME.
│ │ │ │ │ + Specifies the use of NSEC3
│ │ │ │ │ +_n_s_e_c_3_p_a_r_a_m instead of NSEC, and sets dnssec
│ │ │ │ │ + NSEC3 parameters.
│ │ │ │ │ + Specifies the lifetime, in
│ │ │ │ │ +_n_t_a_-_l_i_f_e_t_i_m_e seconds, for negative trust dnssec
│ │ │ │ │ + anchors added via _r_n_d_c_ _n_t_a.
│ │ │ │ │ + Specifies the time interval
│ │ │ │ │ + for checking whether
│ │ │ │ │ +_n_t_a_-_r_e_c_h_e_c_k negative trust anchors dnssec
│ │ │ │ │ + added via _r_n_d_c_ _n_t_a are
│ │ │ │ │ + still necessary.
│ │ │ │ │ + Causes all messages sent to
│ │ │ │ │ +_n_u_l_l the logging channel to be logging
│ │ │ │ │ + discarded.
│ │ │ │ │ + Appends the specified
│ │ │ │ │ + suffix to the original
│ │ │ │ │ +_n_x_d_o_m_a_i_n_-_r_e_d_i_r_e_c_t query name, when replacing query
│ │ │ │ │ + an NXDOMAIN with a redirect
│ │ │ │ │ + namespace.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_n_x_d_o_m_a_i_n_s_-_p_e_r_-_s_e_c_o_n_d undefined subdomains for a query
│ │ │ │ │ + valid domain name.
│ │ │ │ │ +_o_p_t_i_o_n_s Defines global options to server
│ │ │ │ │ + be used by BIND 9.
│ │ │ │ │ + Adds EDNS Padding options
│ │ │ │ │ +_p_a_d_d_i_n_g to outgoing messages to server
│ │ │ │ │ + increase the packet size.
│ │ │ │ │ + Sets the time to live (TTL)
│ │ │ │ │ +_p_a_r_e_n_t_-_d_s_-_t_t_l of the DS RRset used by the dnssec
│ │ │ │ │ + parent zone.
│ │ │ │ │ + Sets the propagation delay
│ │ │ │ │ + from the time the parent
│ │ │ │ │ +_p_a_r_e_n_t_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y zone is updated to when the zone, dnssec
│ │ │ │ │ + new version is served by
│ │ │ │ │ + all of the parent zone's
│ │ │ │ │ + name servers.
│ │ │ │ │ + Defines a list of
│ │ │ │ │ +_p_a_r_e_n_t_a_l_-_a_g_e_n_t_s delegation agents to be zone
│ │ │ │ │ + used by primary and
│ │ │ │ │ + secondary zones.
│ │ │ │ │ + Specifies which local IPv4
│ │ │ │ │ +_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e source address is used to dnssec
│ │ │ │ │ + send parental DS queries.
│ │ │ │ │ + Specifies which local IPv6
│ │ │ │ │ +_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e_-_v_6 source address is used to dnssec
│ │ │ │ │ + send parental DS queries.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +_p_i_d_-_f_i_l_e the file where the server server
│ │ │ │ │ + writes its process ID.
│ │ │ │ │ +_p_l_u_g_i_n Configures plugins in server
│ │ │ │ │ + _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ + Specifies the UDP/TCP port
│ │ │ │ │ +_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send DNS
│ │ │ │ │ + protocol traffic.
│ │ │ │ │ + Specifies that server
│ │ │ │ │ +_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred server, security
│ │ │ │ │ + over client ones.
│ │ │ │ │ + Controls the order of glue
│ │ │ │ │ +_p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query
│ │ │ │ │ + response.
│ │ │ │ │ + Specifies the "trigger"
│ │ │ │ │ +_p_r_e_f_e_t_c_h time-to-live (TTL) value at query
│ │ │ │ │ + which prefetch of the
│ │ │ │ │ + current query takes place.
│ │ │ │ │ +_p_r_i_m_a_r_i_e_s Defines one or more primary zone
│ │ │ │ │ + servers for a zone.
│ │ │ │ │ +_p_r_i_n_t_-_c_a_t_e_g_o_r_y Includes the category in logging
│ │ │ │ │ + log messages.
│ │ │ │ │ +_p_r_i_n_t_-_s_e_v_e_r_i_t_y Includes the severity in logging
│ │ │ │ │ + log messages.
│ │ │ │ │ +_p_r_i_n_t_-_t_i_m_e Specifies the time format logging
│ │ │ │ │ + for log messages.
│ │ │ │ │ + Specifies the allowed
│ │ │ │ │ +_p_r_o_t_o_c_o_l_s versions of the TLS security
│ │ │ │ │ + protocol.
│ │ │ │ │ + Controls whether a primary
│ │ │ │ │ + responds to an incremental
│ │ │ │ │ +_p_r_o_v_i_d_e_-_i_x_f_r zone request (IXFR) or only transfer
│ │ │ │ │ + responds with a full zone
│ │ │ │ │ + transfer (AXFR).
│ │ │ │ │ + Increases the amount of
│ │ │ │ │ + time between when keys are
│ │ │ │ │ +_p_u_b_l_i_s_h_-_s_a_f_e_t_y published and when they dnssec
│ │ │ │ │ + become active, to allow for
│ │ │ │ │ + unforeseen events.
│ │ │ │ │ + Specifies the amount of
│ │ │ │ │ + time after which DNSSEC
│ │ │ │ │ +_p_u_r_g_e_-_k_e_y_s keys that have been deleted dnssec
│ │ │ │ │ + from the zone can be
│ │ │ │ │ + removed from disk.
│ │ │ │ │ + Controls QNAME minimization
│ │ │ │ │ +_q_n_a_m_e_-_m_i_n_i_m_i_z_a_t_i_o_n behavior in the BIND 9 query
│ │ │ │ │ + resolver.
│ │ │ │ │ + Tightens defenses during
│ │ │ │ │ +_q_p_s_-_s_c_a_l_e DNS attacks by scaling back query
│ │ │ │ │ + the ratio of the current
│ │ │ │ │ + query-per-second rate.
│ │ │ │ │ + Controls the IPv4 address
│ │ │ │ │ +_q_u_e_r_y_-_s_o_u_r_c_e from which queries are query
│ │ │ │ │ + issued.
│ │ │ │ │ + Controls the IPv6 address
│ │ │ │ │ +_q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query
│ │ │ │ │ + issued.
│ │ │ │ │ + Specifies whether query
│ │ │ │ │ +_q_u_e_r_y_l_o_g logging should be active logging, server
│ │ │ │ │ + when _n_a_m_e_d first starts.
│ │ │ │ │ + Controls excessive UDP
│ │ │ │ │ + responses, to prevent BIND
│ │ │ │ │ +_r_a_t_e_-_l_i_m_i_t 9 from being used to query
│ │ │ │ │ + amplify reflection denial-
│ │ │ │ │ + of-service (DoS) attacks.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ + the file where the server
│ │ │ │ │ +_r_e_c_u_r_s_i_n_g_-_f_i_l_e dumps queries that are server
│ │ │ │ │ + currently recursing via
│ │ │ │ │ + _r_n_d_c_ _r_e_c_u_r_s_i_n_g.
│ │ │ │ │ +_r_e_c_u_r_s_i_o_n Defines whether recursion query
│ │ │ │ │ + and caching are allowed.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +_r_e_c_u_r_s_i_v_e_-_c_l_i_e_n_t_s number of concurrent query
│ │ │ │ │ + recursive queries the
│ │ │ │ │ + server can perform.
│ │ │ │ │ + Toggles whether _d_n_s_6_4
│ │ │ │ │ +_r_e_c_u_r_s_i_v_e_-_o_n_l_y synthesis occurs only for query
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_r_e_f_e_r_r_a_l_s_-_p_e_r_-_s_e_c_o_n_d referrals or delegations to query
│ │ │ │ │ + a server for a given
│ │ │ │ │ + domain.
│ │ │ │ │ + Specifies the expected
│ │ │ │ │ +_r_e_m_o_t_e_-_h_o_s_t_n_a_m_e hostname in the TLS security
│ │ │ │ │ + certificate of the remote
│ │ │ │ │ + server.
│ │ │ │ │ + Specifies whether the local
│ │ │ │ │ +_r_e_q_u_e_s_t_-_e_x_p_i_r_e server requests the EDNS query, transfer
│ │ │ │ │ + EXPIRE value, when acting
│ │ │ │ │ + as a secondary.
│ │ │ │ │ + Controls whether a
│ │ │ │ │ + secondary requests an
│ │ │ │ │ +_r_e_q_u_e_s_t_-_i_x_f_r incremental zone transfer transfer
│ │ │ │ │ + (IXFR) or a full zone
│ │ │ │ │ + transfer (AXFR).
│ │ │ │ │ + Controls whether an empty
│ │ │ │ │ + EDNS(0) NSID (Name Server
│ │ │ │ │ + Identifier) option is sent
│ │ │ │ │ +_r_e_q_u_e_s_t_-_n_s_i_d with all queries to query
│ │ │ │ │ + authoritative name servers
│ │ │ │ │ + during iterative
│ │ │ │ │ + resolution.
│ │ │ │ │ + Controls whether responses
│ │ │ │ │ +_r_e_q_u_i_r_e_-_c_o_o_k_i_e without a server cookie are query
│ │ │ │ │ + accepted
│ │ │ │ │ + Controls whether a valid
│ │ │ │ │ +_r_e_q_u_i_r_e_-_s_e_r_v_e_r_-_c_o_o_k_i_e server cookie is required query
│ │ │ │ │ + before sending a full
│ │ │ │ │ + response to a UDP request.
│ │ │ │ │ + Specifies the length of
│ │ │ │ │ + time, in milliseconds, that
│ │ │ │ │ +_r_e_s_o_l_v_e_r_-_q_u_e_r_y_-_t_i_m_e_o_u_t a resolver attempts to query
│ │ │ │ │ + resolve a recursive query
│ │ │ │ │ + before failing.
│ │ │ │ │ + Specifies whether to apply
│ │ │ │ │ +_r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server
│ │ │ │ │ + queries.
│ │ │ │ │ + Adds an EDNS Padding option
│ │ │ │ │ + to encrypted messages, to
│ │ │ │ │ +_r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query
│ │ │ │ │ + guessing the contents based
│ │ │ │ │ + on size.
│ │ │ │ │ + Specifies response policy security, server, query,
│ │ │ │ │ +_r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among zone
│ │ │ │ │ + global options.
│ │ │ │ │ + Limits the number of non-
│ │ │ │ │ +_r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query
│ │ │ │ │ + domain name and record
│ │ │ │ │ + type.
│ │ │ │ │ + Increases the amount of
│ │ │ │ │ + time a key remains
│ │ │ │ │ +_r_e_t_i_r_e_-_s_a_f_e_t_y published after it is no dnssec
│ │ │ │ │ + longer active, to allow for
│ │ │ │ │ + unforeseen events.
│ │ │ │ │ +_r_e_u_s_e_p_o_r_t Enables kernel load- server
│ │ │ │ │ + balancing of sockets.
│ │ │ │ │ + Controls whether BIND 9
│ │ │ │ │ +_r_o_o_t_-_k_e_y_-_s_e_n_t_i_n_e_l responds to root key server
│ │ │ │ │ + sentinel probes.
│ │ │ │ │ + Defines the order in which
│ │ │ │ │ +_r_r_s_e_t_-_o_r_d_e_r equal RRs (RRsets) are query
│ │ │ │ │ + returned.
│ │ │ │ │ + Specifies whether a
│ │ │ │ │ +_s_e_a_r_c_h Dynamically Loadable Zone query
│ │ │ │ │ + (DLZ) module is queried for
│ │ │ │ │ + an answer to a query name.
│ │ │ │ │ + Defines a Base64-encoded
│ │ │ │ │ +_s_e_c_r_e_t string to be used as the security
│ │ │ │ │ + secret by the algorithm.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +_s_e_c_r_o_o_t_s_-_f_i_l_e the file where the server dnssec
│ │ │ │ │ + dumps security roots, when
│ │ │ │ │ + using _r_n_d_c_ _s_e_c_r_o_o_t_s.
│ │ │ │ │ + Controls whether a COOKIE
│ │ │ │ │ +_s_e_n_d_-_c_o_o_k_i_e EDNS option is sent along query
│ │ │ │ │ + with a query.
│ │ │ │ │ + Defines an upper limit on
│ │ │ │ │ + the number of queries per
│ │ │ │ │ +_s_e_r_i_a_l_-_q_u_e_r_y_-_r_a_t_e second issued by the transfer
│ │ │ │ │ + server, when querying the
│ │ │ │ │ + SOA RRs used for zone
│ │ │ │ │ + transfers.
│ │ │ │ │ + Specifies the update method
│ │ │ │ │ +_s_e_r_i_a_l_-_u_p_d_a_t_e_-_m_e_t_h_o_d to be used for the zone zone
│ │ │ │ │ + serial number in the SOA
│ │ │ │ │ + record.
│ │ │ │ │ + Defines characteristics to
│ │ │ │ │ +_s_e_r_v_e_r be associated with a remote server
│ │ │ │ │ + name server.
│ │ │ │ │ + Specifies a list of IP
│ │ │ │ │ + addresses to which queries
│ │ │ │ │ +_s_e_r_v_e_r_-_a_d_d_r_e_s_s_e_s should be sent in recursive query, zone
│ │ │ │ │ + resolution for a static-
│ │ │ │ │ + stub zone.
│ │ │ │ │ + Specifies the ID of the
│ │ │ │ │ +_s_e_r_v_e_r_-_i_d server to return in server
│ │ │ │ │ + response to a ID.SERVER
│ │ │ │ │ + query.
│ │ │ │ │ + Specifies a list of domain
│ │ │ │ │ + names of name servers that
│ │ │ │ │ +_s_e_r_v_e_r_-_n_a_m_e_s act as authoritative zone
│ │ │ │ │ + servers of a static-stub
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the length of time (in
│ │ │ │ │ +_s_e_r_v_f_a_i_l_-_t_t_l seconds) that a SERVFAIL server
│ │ │ │ │ + response is cached.
│ │ │ │ │ + Specifies the algorithm to
│ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_a_l_g use for the TSIG session security
│ │ │ │ │ + key.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ + the file where a TSIG
│ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_f_i_l_e session key is written, security
│ │ │ │ │ + when generated by _n_a_m_e_d for
│ │ │ │ │ + use by nsupdate -l.
│ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_n_a_m_e Specifies the key name for security
│ │ │ │ │ + the TSIG session key.
│ │ │ │ │ + Enables or disables session
│ │ │ │ │ +_s_e_s_s_i_o_n_-_t_i_c_k_e_t_s resumption through TLS security
│ │ │ │ │ + session tickets.
│ │ │ │ │ +_s_e_v_e_r_i_t_y Defines the priority level logging
│ │ │ │ │ + of log messages.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ + number of nodes to be
│ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_n_o_d_e_s examined in each quantum, dnssec
│ │ │ │ │ + when signing a zone with a
│ │ │ │ │ + new DNSKEY.
│ │ │ │ │ + Specifies the threshold for
│ │ │ │ │ + the number of signatures
│ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_s_i_g_n_a_t_u_r_e_s that terminates processing dnssec
│ │ │ │ │ + a quantum, when signing a
│ │ │ │ │ + zone with a new DNSKEY.
│ │ │ │ │ + Specifies a private RDATA
│ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_t_y_p_e type to use when generating dnssec
│ │ │ │ │ + signing-state records.
│ │ │ │ │ +_s_i_g_-_v_a_l_i_d_i_t_y_-_i_n_t_e_r_v_a_l obsolete
│ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_r_e_f_r_e_s_h Specifies how frequently an dnssec
│ │ │ │ │ + RRSIG record is refreshed.
│ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y Indicates the validity dnssec
│ │ │ │ │ + period of an RRSIG record.
│ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y_-_d_n_s_k_e_y Indicates the validity dnssec
│ │ │ │ │ + period of DNSKEY records.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ + "slipped" responses to
│ │ │ │ │ +_s_l_i_p minimize the use of forged query
│ │ │ │ │ + source addresses for an
│ │ │ │ │ + attack.
│ │ │ │ │ + Controls the ordering of
│ │ │ │ │ +_s_o_r_t_l_i_s_t RRs returned to the client, query
│ │ │ │ │ + based on the client's IP
│ │ │ │ │ + address.
│ │ │ │ │ + Defines the amount of time
│ │ │ │ │ + (in milliseconds) that
│ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_- _n_a_m_e_d waits before server, query
│ │ │ │ │ +_t_i_m_e_o_u_t attempting to answer a
│ │ │ │ │ + query with a stale RRset
│ │ │ │ │ + from cache.
│ │ │ │ │ + Enables the returning of
│ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when server, query
│ │ │ │ │ + the name servers for a zone
│ │ │ │ │ + are not answering.
│ │ │ │ │ + Specifies the time to live
│ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query
│ │ │ │ │ + stale answers, in seconds.
│ │ │ │ │ +_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of server, query
│ │ │ │ │ + "stale" cached answers.
│ │ │ │ │ + Sets the time window for
│ │ │ │ │ + the return of "stale"
│ │ │ │ │ + cached answers before the
│ │ │ │ │ +_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e next attempt to contact, if server, query
│ │ │ │ │ + the name servers for a
│ │ │ │ │ + given zone are not
│ │ │ │ │ + responding.
│ │ │ │ │ + Specifies the rate at which
│ │ │ │ │ + NOTIFY requests are sent
│ │ │ │ │ +_s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is transfer, zone
│ │ │ │ │ + first starting, or when new
│ │ │ │ │ + zones have been added.
│ │ │ │ │ + Specifies the communication
│ │ │ │ │ + channels to be used by
│ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging
│ │ │ │ │ + access statistics
│ │ │ │ │ + information on the name
│ │ │ │ │ + server.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server logging, server
│ │ │ │ │ + appends statistics, when
│ │ │ │ │ + using _r_n_d_c_ _s_t_a_t_s.
│ │ │ │ │ + Directs the logging channel
│ │ │ │ │ +_s_t_d_e_r_r output to the server's logging
│ │ │ │ │ + standard error stream.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n number of concurrent HTTP/ server, query
│ │ │ │ │ + 2 streams over an HTTP/
│ │ │ │ │ + 2 connection.
│ │ │ │ │ + Defines trailing bits for
│ │ │ │ │ +_s_u_f_f_i_x mapped IPv4 address bits in query
│ │ │ │ │ + _d_n_s_6_4.
│ │ │ │ │ + Enables support for _RR_FF_CC
│ │ │ │ │ +_s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec
│ │ │ │ │ + DNSSEC-Validated Cache.
│ │ │ │ │ +_s_y_s_l_o_g Directs the logging channel logging
│ │ │ │ │ + to the system log.
│ │ │ │ │ + Sets the timeout value (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +_t_c_p_-_a_d_v_e_r_t_i_s_e_d_-_t_i_m_e_o_u_t server sends in responses query
│ │ │ │ │ + containing the EDNS TCP
│ │ │ │ │ + keepalive option.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +_t_c_p_-_c_l_i_e_n_t_s number of simultaneous server
│ │ │ │ │ + client TCP connections
│ │ │ │ │ + accepted by the server.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ + server waits on an idle TCP
│ │ │ │ │ +_t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query
│ │ │ │ │ + it, if the EDNS TCP
│ │ │ │ │ + keepalive option is not in
│ │ │ │ │ + use.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP server, query
│ │ │ │ │ + connection for the first
│ │ │ │ │ + message from the client.
│ │ │ │ │ +_t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server
│ │ │ │ │ + messages sent over TCP.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +_t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query
│ │ │ │ │ + connection before closing
│ │ │ │ │ + it, if the EDNS TCP
│ │ │ │ │ + keepalive option is in use.
│ │ │ │ │ +_t_c_p_-_l_i_s_t_e_n_-_q_u_e_u_e Sets the listen-queue server
│ │ │ │ │ + depth.
│ │ │ │ │ +_t_c_p_-_o_n_l_y Sets the transport protocol server
│ │ │ │ │ + to TCP.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_t_c_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for TCP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_t_c_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for TCP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the domain appended to
│ │ │ │ │ +_t_k_e_y_-_d_o_m_a_i_n the names of all shared security
│ │ │ │ │ + keys generated with TKEY.
│ │ │ │ │ + Sets the security
│ │ │ │ │ + credential for
│ │ │ │ │ +_t_k_e_y_-_g_s_s_a_p_i_-_c_r_e_d_e_n_t_i_a_l authentication keys security
│ │ │ │ │ + requested by the GSS-TSIG
│ │ │ │ │ + protocol.
│ │ │ │ │ + Sets the KRB5 keytab file
│ │ │ │ │ +_t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b to use for GSS-TSIG security
│ │ │ │ │ + updates.
│ │ │ │ │ +_t_l_s Configures a TLS security
│ │ │ │ │ + connection.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +_t_l_s_-_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send DNS-over-
│ │ │ │ │ + TLS protocol traffic.
│ │ │ │ │ + Controls whether multiple
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into transfer
│ │ │ │ │ + a message during zone
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the uncompressed
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_m_e_s_s_a_g_e_-_s_i_z_e size of DNS messages used transfer
│ │ │ │ │ + in zone transfers over TCP.
│ │ │ │ │ + Defines which local IPv4
│ │ │ │ │ + address(es) are bound to
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e TCP connections used to transfer
│ │ │ │ │ + fetch zones transferred
│ │ │ │ │ + inbound by the server.
│ │ │ │ │ + Defines which local IPv6
│ │ │ │ │ + address(es) are bound to
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e_-_v_6 TCP connections used to transfer
│ │ │ │ │ + fetch zones transferred
│ │ │ │ │ + inbound by the server.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s concurrent inbound zone server
│ │ │ │ │ + transfers from a server.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_i_n concurrent inbound zone transfer
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_o_u_t concurrent outbound zone transfer
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_p_e_r_-_n_s concurrent inbound zone transfer
│ │ │ │ │ + transfers from a remote
│ │ │ │ │ + server.
│ │ │ │ │ + Instructs _n_a_m_e_d to send
│ │ │ │ │ + specially formed queries
│ │ │ │ │ +_t_r_u_s_t_-_a_n_c_h_o_r_-_t_e_l_e_m_e_t_r_y once per day to domains for dnssec
│ │ │ │ │ + which trust anchors have
│ │ │ │ │ + been configured.
│ │ │ │ │ +_t_r_u_s_t_-_a_n_c_h_o_r_s Defines _D_N_S_S_E_C trust dnssec
│ │ │ │ │ + anchors.
│ │ │ │ │ +_t_r_u_s_t_e_d_-_k_e_y_s deprecated
│ │ │ │ │ + Specifies that BIND 9
│ │ │ │ │ +_t_r_y_-_t_c_p_-_r_e_f_r_e_s_h should attempt to refresh a transfer
│ │ │ │ │ + zone using TCP if UDP
│ │ │ │ │ + queries fail.
│ │ │ │ │ +_t_y_p_e Specifies the kind of zone zone
│ │ │ │ │ + in a given configuration.
│ │ │ │ │ + Contains forwarding
│ │ │ │ │ +_t_y_p_e_ _f_o_r_w_a_r_d statements that apply to zone
│ │ │ │ │ + queries within a given
│ │ │ │ │ + domain.
│ │ │ │ │ + Contains the initial set of
│ │ │ │ │ +_t_y_p_e_ _h_i_n_t root name servers to be zone
│ │ │ │ │ + used at BIND 9 startup.
│ │ │ │ │ + Contains a DNSSEC-validated
│ │ │ │ │ +_t_y_p_e_ _m_i_r_r_o_r duplicate of the main data zone
│ │ │ │ │ + for a zone.
│ │ │ │ │ +_t_y_p_e_ _p_r_i_m_a_r_y Contains the main copy of zone
│ │ │ │ │ + the data for a zone.
│ │ │ │ │ + Contains information to
│ │ │ │ │ +_t_y_p_e_ _r_e_d_i_r_e_c_t answer queries when normal zone
│ │ │ │ │ + resolution would return
│ │ │ │ │ + NXDOMAIN.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ +_t_y_p_e_ _s_e_c_o_n_d_a_r_y data for a zone that has zone
│ │ │ │ │ + been transferred from a
│ │ │ │ │ + primary server.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ + NS records of a primary
│ │ │ │ │ +_t_y_p_e_ _s_t_a_t_i_c_-_s_t_u_b zone, but statically zone
│ │ │ │ │ + configured rather than
│ │ │ │ │ + transferred from a primary
│ │ │ │ │ + server.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ +_t_y_p_e_ _s_t_u_b NS records of a primary zone
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_u_d_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for UDP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_u_d_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for UDP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Specifies a Unix domain
│ │ │ │ │ +_u_n_i_x socket as a control obsolete
│ │ │ │ │ + channel.
│ │ │ │ │ +_u_p_d_a_t_e_-_c_h_e_c_k_-_k_s_k obsolete
│ │ │ │ │ + Sets fine-grained rules to
│ │ │ │ │ + allow or deny dynamic
│ │ │ │ │ +_u_p_d_a_t_e_-_p_o_l_i_c_y updates (DDNS), based on transfer
│ │ │ │ │ + requester identity, updated
│ │ │ │ │ + content, etc.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +_u_p_d_a_t_e_-_q_u_o_t_a number of concurrent DNS server
│ │ │ │ │ + UPDATE messages that can be
│ │ │ │ │ + processed by the server.
│ │ │ │ │ + Specifies a list of ports
│ │ │ │ │ +_u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ + UDP/IPv4 messages.
│ │ │ │ │ + Specifies a list of ports
│ │ │ │ │ +_u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ + UDP/IPv6 messages.
│ │ │ │ │ + Indicates the number of
│ │ │ │ │ +_v_6_-_b_i_a_s milliseconds of preference server, query
│ │ │ │ │ + to give to IPv6 name
│ │ │ │ │ + servers.
│ │ │ │ │ + Specifies a list of domain
│ │ │ │ │ +_v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec
│ │ │ │ │ + DNSSEC validation should
│ │ │ │ │ + not be performed.
│ │ │ │ │ + Specifies the version
│ │ │ │ │ +_v_e_r_s_i_o_n number of the server to server
│ │ │ │ │ + return in response to a
│ │ │ │ │ + version.bind query.
│ │ │ │ │ + Allows a name server to
│ │ │ │ │ +_v_i_e_w answer a DNS query view
│ │ │ │ │ + differently depending on
│ │ │ │ │ + who is asking.
│ │ │ │ │ + Specifies the length of
│ │ │ │ │ +_w_i_n_d_o_w time during which responses query
│ │ │ │ │ + are tracked.
│ │ │ │ │ + Specifies whether to set
│ │ │ │ │ + the time to live (TTL) of
│ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l the SOA record to zero, server, query, zone
│ │ │ │ │ + when returning
│ │ │ │ │ + authoritative negative
│ │ │ │ │ + responses to SOA queries.
│ │ │ │ │ + Sets the time to live (TTL)
│ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a server, query, zone
│ │ │ │ │ + negative response to an SOA
│ │ │ │ │ + query.
│ │ │ │ │ +_z_o_n_e Specifies the zone in a zone
│ │ │ │ │ + BIND 9 configuration.
│ │ │ │ │ + Sets the propagation delay
│ │ │ │ │ + from the time a zone is
│ │ │ │ │ +_z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the zone, dnssec
│ │ │ │ │ + new version of the zone is
│ │ │ │ │ + served by all secondary
│ │ │ │ │ + servers.
│ │ │ │ │ + Controls the level of
│ │ │ │ │ +_z_o_n_e_-_s_t_a_t_i_s_t_i_c_s statistics gathered for all logging, zone
│ │ │ │ │ + zones.
│ │ │ │ │ ********** 88..44.. SSttaatteemmeennttss bbyy TTaagg_? **********
│ │ │ │ │ These tables group the various statements permissible in named.conf by their
│ │ │ │ │ corresponding tag.
│ │ │ │ │ ******** 88..44..11.. DDNNSSSSEECC TTaagg SSttaatteemmeennttss_? ********
│ │ │ │ │ SSttaatteemmeenntt DDeessccrriippttiioonn
│ │ │ │ │ _b_i_n_d_k_e_y_s_-_f_i_l_e Specifies the pathname of a file to override the
│ │ │ │ │ built-in trusted keys provided by _n_a_m_e_d.