Grammar: server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
│ │ │ │ Blocks: zone (static-stub)
│ │ │ │ -Tags: query, zone
│ │ │ │ +Tags: zone, query
│ │ │ │ Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
│ │ │ │
│ │ │ │ This option is only meaningful for static-stub zones. This is a list of IP addresses
│ │ │ │ to which queries should be sent in recursive resolution for the zone.
│ │ │ │ A non-empty list for this option internally configures the apex
│ │ │ │ NS RR with associated glue A or AAAA RRs.
│ │ │ │ For example, if “example.com” is configured as a static-stub zone
│ │ │ │ @@ -10374,15 +10374,15 @@
│ │ │ │
Defines an address_match_list of clients that are allowed to perform recursive queries.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | allow-recursion-on |
│ │ │ │ Specifies which local addresses can accept recursive queries.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | allow-transfer |
│ │ │ │ Defines an address_match_list of hosts that are allowed to transfer the zone information from this server.
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | allow-update |
│ │ │ │ @@ -10469,40 +10469,40 @@
│ │ │ │ Controls flushing of log messages.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | ca-file |
│ │ │ │ Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | catalog-zones |
│ │ │ │ Configures catalog zones in named.conf.
│ │ │ │ |
│ │ │ │ zone |
│ │ │ │
│ │ │ │ | category |
│ │ │ │ Specifies the type of data logged to a particular channel.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | cert-file |
│ │ │ │ Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | channel |
│ │ │ │ Defines a stream of data that can be independently logged.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | check-dup-records |
│ │ │ │ Checks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
│ │ │ │ |
│ │ │ │ -query, dnssec |
│ │ │ │ +dnssec, query |
│ │ │ │
│ │ │ │ | check-integrity |
│ │ │ │ Performs post-load zone integrity checks on primary zones.
│ │ │ │ |
│ │ │ │ zone |
│ │ │ │
│ │ │ │ | check-mx |
│ │ │ │ @@ -10514,15 +10514,15 @@
│ │ │ │ Sets the response to MX records that refer to CNAMEs.
│ │ │ │ |
│ │ │ │ zone |
│ │ │ │
│ │ │ │ | check-names |
│ │ │ │ Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | check-sibling |
│ │ │ │ Specifies whether to check for sibling glue when performing integrity checks.
│ │ │ │ |
│ │ │ │ zone |
│ │ │ │
│ │ │ │ | check-spf |
│ │ │ │ @@ -10599,15 +10599,15 @@
│ │ │ │ Rejects CNAME or DNAME records if the "alias" name matches a given list of domain_name elements.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | dhparam-file |
│ │ │ │ Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | dialup |
│ │ │ │ Concentrates zone maintenance so that all transfers take place once every heartbeat-interval, ideally during a single call.
│ │ │ │ |
│ │ │ │ deprecated |
│ │ │ │
│ │ │ │ | directory |
│ │ │ │ @@ -10659,20 +10659,20 @@
│ │ │ │ Specifies the time to live (TTL) for DNSKEY resource records.
│ │ │ │ |
│ │ │ │ dnssec |
│ │ │ │
│ │ │ │ | dnsrps-enable |
│ │ │ │ Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | dnsrps-options |
│ │ │ │ Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | dnssec-accept-expired |
│ │ │ │ Instructs BIND 9 to accept expired DNSSEC signatures when validating.
│ │ │ │ |
│ │ │ │ dnssec |
│ │ │ │
│ │ │ │ | dnssec-dnskey-kskonly |
│ │ │ │ @@ -10729,15 +10729,15 @@
│ │ │ │ Specifies a version string to send in dnstap messages.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | dscp |
│ │ │ │ Sets the Differentiated Services Code Point (DSCP) value (obsolete).
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | dual-stack-servers |
│ │ │ │ Specifies host names or addresses of machines with access to both IPv4 and IPv6 transports.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | dump-file |
│ │ │ │ @@ -10779,15 +10779,15 @@
│ │ │ │ Enables or disables all empty zones.
│ │ │ │ |
│ │ │ │ server, zone |
│ │ │ │
│ │ │ │ | endpoints |
│ │ │ │ Specifies a list of HTTP query paths on which to listen.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | errors-per-second |
│ │ │ │ Limits the number of errors for a valid domain name and record type.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | exclude |
│ │ │ │ @@ -10799,25 +10799,25 @@
│ │ │ │ Exempts specific clients or client groups from rate limiting.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | fetch-quota-params |
│ │ │ │ Sets the parameters for dynamic resizing of the fetches-per-server quota in response to detected congestion.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | fetches-per-server |
│ │ │ │ Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | fetches-per-zone |
│ │ │ │ Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | file |
│ │ │ │ Specifies the zone's filename.
│ │ │ │ |
│ │ │ │ zone |
│ │ │ │
│ │ │ │ | files |
│ │ │ │ @@ -10894,40 +10894,40 @@
│ │ │ │ Specifies the hostname of the server to return in response to a hostname.bind query.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | http |
│ │ │ │ Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | http-listener-clients |
│ │ │ │ Limits the number of active concurrent connections on a per-listener basis.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | http-port |
│ │ │ │ Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | http-streams-per-connection |
│ │ │ │ Limits the number of active concurrent HTTP/2 streams on a per-connection basis.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | https-port |
│ │ │ │ Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | in-view |
│ │ │ │ Specifies the view in which a given zone is defined.
│ │ │ │ |
│ │ │ │ -view, zone |
│ │ │ │ +zone, view |
│ │ │ │
│ │ │ │ | inet |
│ │ │ │ Specifies a TCP socket as a control channel.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | inline-signing |
│ │ │ │ @@ -10954,15 +10954,15 @@
│ │ │ │ Enables automatic IPv4 zones if a dns64 block is configured.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | ipv4only-server |
│ │ │ │ Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | ipv6-prefix-length |
│ │ │ │ Specifies the prefix lengths of IPv6 address blocks.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | ixfr-from-differences |
│ │ │ │ @@ -10989,20 +10989,20 @@
│ │ │ │ Indicates the directory where public and private DNSSEC key files are found.
│ │ │ │ |
│ │ │ │ dnssec |
│ │ │ │
│ │ │ │ | key-file |
│ │ │ │ Specifies the path to a file containing the private TLS key for a connection.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | keys |
│ │ │ │ Specifies one or more server_key s to be used with a remote server.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | lame-ttl |
│ │ │ │ Sets the resolver's lame cache.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | listen-on |
│ │ │ │ @@ -11014,30 +11014,30 @@
│ │ │ │ Specifies the IPv6 addresses on which a server listens for DNS queries.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | listener-clients |
│ │ │ │ Specifies a per-listener quota for active connections.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | lmdb-mapsize |
│ │ │ │ Sets a maximum size for the memory map of the new-zone database in LMDB database format.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | lock-file |
│ │ │ │ Sets the pathname of the file on which named attempts to acquire a file lock when starting for the first time.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | log-only |
│ │ │ │ Tests rate-limiting parameters without actually dropping any requests.
│ │ │ │ |
│ │ │ │ -query, logging |
│ │ │ │ +logging, query |
│ │ │ │
│ │ │ │ | logging |
│ │ │ │ Configures logging options for the name server.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | managed-keys |
│ │ │ │ @@ -11124,30 +11124,30 @@
│ │ │ │ Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | max-recursion-queries |
│ │ │ │ Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | max-refresh-time |
│ │ │ │ Limits the zone refresh interval to no less often than the specified value, in seconds.
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | max-retry-time |
│ │ │ │ Limits the zone refresh retry interval to no less often than the specified value, in seconds.
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | max-rsa-exponent-size |
│ │ │ │ Sets the maximum RSA exponent size (in bits) when validating.
│ │ │ │ |
│ │ │ │ -query, dnssec |
│ │ │ │ +dnssec, query |
│ │ │ │
│ │ │ │ | max-stale-ttl |
│ │ │ │ Specifies the maximum time that the server retains records past their normal expiry, to return them as stale records.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | max-table-size |
│ │ │ │ @@ -11179,15 +11179,15 @@
│ │ │ │ Sets the maximum EDNS UDP message size sent by named.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | max-zone-ttl |
│ │ │ │ Specifies a maximum permissible time-to-live (TTL) value, in seconds.
│ │ │ │ |
│ │ │ │ -query, zone |
│ │ │ │ +zone, query |
│ │ │ │
│ │ │ │ | memstatistics |
│ │ │ │ Controls whether memory statistics are written to the file specified by memstatistics-file at exit.
│ │ │ │ |
│ │ │ │ logging, server |
│ │ │ │
│ │ │ │ | memstatistics-file |
│ │ │ │ @@ -11264,20 +11264,20 @@
│ │ │ │ Controls whether NOTIFY messages are sent on zone changes.
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | notify-delay |
│ │ │ │ Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │ |
│ │ │ │ -transfer, zone |
│ │ │ │ +zone, transfer |
│ │ │ │
│ │ │ │ | notify-rate |
│ │ │ │ Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │ |
│ │ │ │ -transfer, zone |
│ │ │ │ +zone, transfer |
│ │ │ │
│ │ │ │ | notify-source |
│ │ │ │ Defines the IPv4 address (and optional port) to be used for outgoing NOTIFY messages.
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | notify-source-v6 |
│ │ │ │ @@ -11364,20 +11364,20 @@
│ │ │ │ Configures plugins in named.conf.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | port |
│ │ │ │ Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | prefer-server-ciphers |
│ │ │ │ Specifies that server ciphers should be preferred over client ones.
│ │ │ │ |
│ │ │ │ -security, server |
│ │ │ │ +server, security |
│ │ │ │
│ │ │ │ | preferred-glue |
│ │ │ │ Controls the order of glue records in an A or AAAA response.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | prefetch |
│ │ │ │ @@ -11484,15 +11484,15 @@
│ │ │ │ Specifies the expected hostname in the TLS certificate of the remote server.
│ │ │ │ |
│ │ │ │ security |
│ │ │ │
│ │ │ │ | request-expire |
│ │ │ │ Specifies whether the local server requests the EDNS EXPIRE value, when acting as a secondary.
│ │ │ │ |
│ │ │ │ -transfer, query |
│ │ │ │ +query, transfer |
│ │ │ │
│ │ │ │ | request-ixfr |
│ │ │ │ Controls whether a secondary requests an incremental zone transfer (IXFR) or a full zone transfer (AXFR).
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | request-nsid |
│ │ │ │ @@ -11519,25 +11519,25 @@
│ │ │ │ Specifies the length of time, in milliseconds, that a resolver attempts to resolve a recursive query before failing.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | resolver-retry-interval |
│ │ │ │ Sets the base retry interval (in milliseconds).
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | response-padding |
│ │ │ │ Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | response-policy |
│ │ │ │ Specifies response policy zones for the view or among global options.
│ │ │ │ |
│ │ │ │ -security, query, server, zone |
│ │ │ │ +server, zone, security, query |
│ │ │ │
│ │ │ │ | responses-per-second |
│ │ │ │ Limits the number of non-empty responses for a valid domain name and record type.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | retire-safety |
│ │ │ │ @@ -11599,15 +11599,15 @@
│ │ │ │ Defines characteristics to be associated with a remote name server.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | server-addresses |
│ │ │ │ Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
│ │ │ │ |
│ │ │ │ -query, zone |
│ │ │ │ +zone, query |
│ │ │ │
│ │ │ │ | server-id |
│ │ │ │ Specifies the ID of the server to return in response to a ID.SERVER query.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | server-names |
│ │ │ │ @@ -11694,40 +11694,40 @@
│ │ │ │ Sets the maximum amount of stack memory that can be used by the server.
│ │ │ │ |
│ │ │ │ deprecated |
│ │ │ │
│ │ │ │ | stale-answer-client-timeout |
│ │ │ │ Defines the amount of time (in milliseconds) that named waits before attempting to answer a query with a stale RRset from cache.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | stale-answer-enable |
│ │ │ │ Enables the returning of "stale" cached answers when the name servers for a zone are not answering.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | stale-answer-ttl |
│ │ │ │ Specifies the time to live (TTL) to be returned on stale answers, in seconds.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | stale-cache-enable |
│ │ │ │ Enables the retention of "stale" cached answers.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | stale-refresh-time |
│ │ │ │ Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | startup-notify-rate |
│ │ │ │ Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │ |
│ │ │ │ -transfer, zone |
│ │ │ │ +zone, transfer |
│ │ │ │
│ │ │ │ | statistics-channels |
│ │ │ │ Specifies the communication channels to be used by system administrators to access statistics information on the name server.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | statistics-file |
│ │ │ │ @@ -11739,15 +11739,15 @@
│ │ │ │ Directs the logging channel output to the server's standard error stream.
│ │ │ │ |
│ │ │ │ logging |
│ │ │ │
│ │ │ │ | streams-per-connection |
│ │ │ │ Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | suffix |
│ │ │ │ Defines trailing bits for mapped IPv4 address bits in dns64.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | synth-from-dnssec |
│ │ │ │ @@ -11774,15 +11774,15 @@
│ │ │ │ Sets the amount of time (in milliseconds) that the server waits on an idle TCP connection before closing it, if the EDNS TCP keepalive option is not in use.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | tcp-initial-timeout |
│ │ │ │ Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | tcp-keepalive |
│ │ │ │ Adds EDNS TCP keepalive to messages sent over TCP.
│ │ │ │ |
│ │ │ │ server |
│ │ │ │
│ │ │ │ | tcp-keepalive-timeout |
│ │ │ │ @@ -11834,15 +11834,15 @@
│ │ │ │ Configures a TLS connection.
│ │ │ │ |
│ │ │ │ security |
│ │ │ │
│ │ │ │ | tls-port |
│ │ │ │ Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | transfer-format |
│ │ │ │ Controls whether multiple records can be packed into a message during zone transfers.
│ │ │ │ |
│ │ │ │ transfer |
│ │ │ │
│ │ │ │ | transfer-message-size |
│ │ │ │ @@ -11994,15 +11994,15 @@
│ │ │ │ Specifies a list of ports that are valid sources for UDP/IPv6 messages.
│ │ │ │ |
│ │ │ │ deprecated |
│ │ │ │
│ │ │ │ | v6-bias |
│ │ │ │ Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ │ |
│ │ │ │ -query, server |
│ │ │ │ +server, query |
│ │ │ │
│ │ │ │ | validate-except |
│ │ │ │ Specifies a list of domain names at and beneath which DNSSEC validation should not be performed.
│ │ │ │ |
│ │ │ │ dnssec |
│ │ │ │
│ │ │ │ | version |
│ │ │ │ @@ -12019,20 +12019,20 @@
│ │ │ │ Specifies the length of time during which responses are tracked.
│ │ │ │ |
│ │ │ │ query |
│ │ │ │
│ │ │ │ | zero-no-soa-ttl |
│ │ │ │ Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │ |
│ │ │ │ -server, query, zone |
│ │ │ │ +server, zone, query |
│ │ │ │
│ │ │ │ | zero-no-soa-ttl-cache |
│ │ │ │ Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │ |
│ │ │ │ -server, query, zone |
│ │ │ │ +server, zone, query |
│ │ │ │
│ │ │ │ | zone |
│ │ │ │ Specifies the zone in a BIND 9 configuration.
│ │ │ │ |
│ │ │ │ zone |
│ │ │ │
│ │ │ │ | zone-propagation-delay |
│ │ │ │ ├── html2text {}
│ │ │ │ │ @@ -2397,1266 +2397,1266 @@
│ │ │ │ │ Zone_Tag_Statements relate to or control zone behavior, and typically only
│ │ │ │ │ appear in a zone block.
│ │ │ │ │ Deprecated_Tag_Statements are those that are now deprecated, but are included
│ │ │ │ │ here for historical reference.
│ │ │ │ │ The following table lists all statements permissible in named.conf, with their
│ │ │ │ │ associated tags; the next section groups the statements by tag. Please note
│ │ │ │ │ that these sections are a work in progress.
│ │ │ │ │ -Statement Description Tags
│ │ │ │ │ -acl Assigns a symbolic name to server
│ │ │ │ │ - an address match list.
│ │ │ │ │ -algorithm Defines the algorithm to be security
│ │ │ │ │ - used in a key clause.
│ │ │ │ │ -all-per-second Limits UDP responses of all query
│ │ │ │ │ - kinds.
│ │ │ │ │ - Controls the ability to add
│ │ │ │ │ -allow-new-zones zones at runtime via rndc server, zone
│ │ │ │ │ - addzone.
│ │ │ │ │ - Defines an
│ │ │ │ │ - address_match_list that is
│ │ │ │ │ - allowed to send NOTIFY
│ │ │ │ │ -allow-notify messages for the zone, in transfer
│ │ │ │ │ - addition to addresses
│ │ │ │ │ - defined in the primaries
│ │ │ │ │ - option for the zone.
│ │ │ │ │ - Specifies which hosts (an
│ │ │ │ │ -allow-query IP address list) are query
│ │ │ │ │ - allowed to send queries to
│ │ │ │ │ - this resolver.
│ │ │ │ │ - Specifies which hosts (an
│ │ │ │ │ - IP address list) can access
│ │ │ │ │ -allow-query-cache this server's cache and query
│ │ │ │ │ - thus effectively controls
│ │ │ │ │ - recursion.
│ │ │ │ │ - Specifies which hosts (an
│ │ │ │ │ - IP address list) can access
│ │ │ │ │ -allow-query-cache-on this server's cache. Used query
│ │ │ │ │ - on servers with multiple
│ │ │ │ │ - interfaces.
│ │ │ │ │ - Specifies which local
│ │ │ │ │ - addresses (an IP address
│ │ │ │ │ -allow-query-on list) are allowed to send query
│ │ │ │ │ - queries to this resolver.
│ │ │ │ │ - Used in multi-homed
│ │ │ │ │ - configurations.
│ │ │ │ │ - Defines an
│ │ │ │ │ -allow-recursion address_match_list of query
│ │ │ │ │ - clients that are allowed to
│ │ │ │ │ - perform recursive queries.
│ │ │ │ │ - Specifies which local
│ │ │ │ │ -allow-recursion-on addresses can accept query, server
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Defines an
│ │ │ │ │ - address_match_list of hosts
│ │ │ │ │ -allow-transfer that are allowed to transfer
│ │ │ │ │ - transfer the zone
│ │ │ │ │ - information from this
│ │ │ │ │ - server.
│ │ │ │ │ - Defines an
│ │ │ │ │ - address_match_list of hosts
│ │ │ │ │ -allow-update that are allowed to submit transfer
│ │ │ │ │ - dynamic updates for primary
│ │ │ │ │ - zones.
│ │ │ │ │ - Defines an
│ │ │ │ │ - address_match_list of hosts
│ │ │ │ │ -allow-update-forwarding that are allowed to submit transfer
│ │ │ │ │ - dynamic updates to a
│ │ │ │ │ - secondary server for
│ │ │ │ │ - transmission to a primary.
│ │ │ │ │ - Defines one or more hosts
│ │ │ │ │ -also-notify that are sent NOTIFY transfer
│ │ │ │ │ - messages when zone changes
│ │ │ │ │ - occur.
│ │ │ │ │ - Defines alternate local
│ │ │ │ │ - IPv4 address(es) to be used
│ │ │ │ │ - by the server for inbound
│ │ │ │ │ -alt-transfer-source zone transfers, if the deprecated
│ │ │ │ │ - address(es) defined by
│ │ │ │ │ - transfer-source fail and
│ │ │ │ │ - use-alt-transfer-source is
│ │ │ │ │ - enabled.
│ │ │ │ │ - Defines alternate local
│ │ │ │ │ -alt-transfer-source-v6 IPv6 address(es) to be used deprecated
│ │ │ │ │ - by the server for inbound
│ │ │ │ │ - zone transfers.
│ │ │ │ │ - Controls whether COOKIE
│ │ │ │ │ -answer-cookie EDNS replies are sent in query
│ │ │ │ │ - response to client queries.
│ │ │ │ │ - Allows multiple views to
│ │ │ │ │ -attach-cache share a single cache view
│ │ │ │ │ - database.
│ │ │ │ │ - Controls whether BIND,
│ │ │ │ │ - acting as a resolver,
│ │ │ │ │ -auth-nxdomain provides authoritative query
│ │ │ │ │ - NXDOMAIN (domain does not
│ │ │ │ │ - exist) answers.
│ │ │ │ │ - Permits varying levels of
│ │ │ │ │ -auto-dnssec automatic DNSSEC key dnssec
│ │ │ │ │ - management.
│ │ │ │ │ - Controls the automatic
│ │ │ │ │ -automatic-interface-scan rescanning of network server
│ │ │ │ │ - interfaces when addresses
│ │ │ │ │ - are added or removed.
│ │ │ │ │ - Specifies the range(s) of
│ │ │ │ │ -avoid-v4-udp-ports ports to be excluded from deprecated
│ │ │ │ │ - use as sources for UDP/IPv4
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the range(s) of
│ │ │ │ │ -avoid-v6-udp-ports ports to be excluded from deprecated
│ │ │ │ │ - use as sources for UDP/IPv6
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the pathname of a
│ │ │ │ │ -bindkeys-file file to override the built- dnssec
│ │ │ │ │ - in trusted keys provided by
│ │ │ │ │ - named.
│ │ │ │ │ - Defines an
│ │ │ │ │ - address_match_list of hosts
│ │ │ │ │ -blackhole to ignore. The server will query
│ │ │ │ │ - neither respond to queries
│ │ │ │ │ - from nor send queries to
│ │ │ │ │ - these addresses.
│ │ │ │ │ -bogus Allows a remote server to server
│ │ │ │ │ - be ignored.
│ │ │ │ │ - Enables dns64 synthesis
│ │ │ │ │ -break-dnssec even if the validated query
│ │ │ │ │ - result would cause a DNSSEC
│ │ │ │ │ - validation failure.
│ │ │ │ │ -buffered Controls flushing of log logging
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the path to a
│ │ │ │ │ - file containing TLS
│ │ │ │ │ -ca-file certificates for trusted CA security, server
│ │ │ │ │ - authorities, used to verify
│ │ │ │ │ - remote peer certificates.
│ │ │ │ │ -catalog-zones Configures catalog zones in zone
│ │ │ │ │ - named.conf.
│ │ │ │ │ - Specifies the type of data
│ │ │ │ │ -category logged to a particular logging
│ │ │ │ │ - channel.
│ │ │ │ │ - Specifies the path to a
│ │ │ │ │ -cert-file file containing the TLS security, server
│ │ │ │ │ - certificate for a
│ │ │ │ │ - connection.
│ │ │ │ │ - Defines a stream of data
│ │ │ │ │ -channel that can be independently logging
│ │ │ │ │ - logged.
│ │ │ │ │ - Checks primary zones for
│ │ │ │ │ - records that are treated as
│ │ │ │ │ -check-dup-records different by DNSSEC but are query, dnssec
│ │ │ │ │ - semantically equal in plain
│ │ │ │ │ - DNS.
│ │ │ │ │ - Performs post-load zone
│ │ │ │ │ -check-integrity integrity checks on primary zone
│ │ │ │ │ - zones.
│ │ │ │ │ - Checks whether an MX record
│ │ │ │ │ -check-mx appears to refer to an IP zone
│ │ │ │ │ - address.
│ │ │ │ │ - Sets the response to MX
│ │ │ │ │ -check-mx-cname records that refer to zone
│ │ │ │ │ - CNAMEs.
│ │ │ │ │ - Restricts the character set
│ │ │ │ │ - and syntax of certain
│ │ │ │ │ -check-names domain names in primary query, server
│ │ │ │ │ - files and/or DNS responses
│ │ │ │ │ - received from the network.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ -check-sibling for sibling glue when zone
│ │ │ │ │ - performing integrity
│ │ │ │ │ - checks.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ -check-spf for a TXT Sender Policy zone
│ │ │ │ │ - Framework record, if an SPF
│ │ │ │ │ - record is present.
│ │ │ │ │ - Sets the response to SRV
│ │ │ │ │ -check-srv-cname records that refer to zone
│ │ │ │ │ - CNAMEs.
│ │ │ │ │ -check-wildcard Checks for non-terminal zone
│ │ │ │ │ - wildcards.
│ │ │ │ │ -ciphers Specifies a list of allowed security
│ │ │ │ │ - ciphers.
│ │ │ │ │ - Specifies an access control
│ │ │ │ │ -clients list (ACL) of clients that query
│ │ │ │ │ - are affected by a given
│ │ │ │ │ - dns64 directive.
│ │ │ │ │ - Sets the initial minimum
│ │ │ │ │ - number of simultaneous
│ │ │ │ │ -clients-per-query recursive clients accepted server
│ │ │ │ │ - by the server for any given
│ │ │ │ │ - query before the server
│ │ │ │ │ - drops additional clients.
│ │ │ │ │ - Specifies control channels
│ │ │ │ │ -controls to be used to manage the server
│ │ │ │ │ - name server.
│ │ │ │ │ - Sets the algorithm to be
│ │ │ │ │ -cookie-algorithm used when generating a server
│ │ │ │ │ - server cookie.
│ │ │ │ │ - Specifies a shared secret
│ │ │ │ │ - used for generating and
│ │ │ │ │ -cookie-secret verifying EDNS COOKIE server
│ │ │ │ │ - options within an anycast
│ │ │ │ │ - cluster.
│ │ │ │ │ -coresize Sets the maximum size of a deprecated
│ │ │ │ │ - core dump.
│ │ │ │ │ - Specifies the type of
│ │ │ │ │ -database database to be used to zone
│ │ │ │ │ - store zone data.
│ │ │ │ │ - Sets the maximum amount of
│ │ │ │ │ -datasize data memory that can be deprecated
│ │ │ │ │ - used by the server.
│ │ │ │ │ - Indicates that a forward,
│ │ │ │ │ -delegation-only hint, or stub zone is to be deprecated
│ │ │ │ │ - treated as a delegation-
│ │ │ │ │ - only type zone.
│ │ │ │ │ - Rejects A or AAAA records
│ │ │ │ │ -deny-answer-addresses if the corresponding IPv4 query
│ │ │ │ │ - or IPv6 addresses match a
│ │ │ │ │ - given address_match_list.
│ │ │ │ │ - Rejects CNAME or DNAME
│ │ │ │ │ -deny-answer-aliases records if the "alias" name query
│ │ │ │ │ - matches a given list of
│ │ │ │ │ - domain_name elements.
│ │ │ │ │ - Specifies the path to a
│ │ │ │ │ -dhparam-file file containing Diffie- security, server
│ │ │ │ │ - Hellman parameters, for
│ │ │ │ │ - enabling cipher suites.
│ │ │ │ │ - Concentrates zone
│ │ │ │ │ - maintenance so that all
│ │ │ │ │ -dialup transfers take place once deprecated
│ │ │ │ │ - every heartbeat-interval,
│ │ │ │ │ - ideally during a single
│ │ │ │ │ - call.
│ │ │ │ │ -directory Sets the server's working server
│ │ │ │ │ - directory.
│ │ │ │ │ -disable-algorithms Disables DNSSEC algorithms dnssec
│ │ │ │ │ - from a specified zone.
│ │ │ │ │ -disable-ds-digests Disables DS digest types zone, dnssec
│ │ │ │ │ - from a specified zone.
│ │ │ │ │ -disable-empty-zone Disables individual empty server, zone
│ │ │ │ │ - zones.
│ │ │ │ │ - Configures a Dynamically
│ │ │ │ │ -dlz Loadable Zone (DLZ) zone
│ │ │ │ │ - database in named.conf.
│ │ │ │ │ - Instructs named to return
│ │ │ │ │ -dns64 mapped IPv4 addresses to query
│ │ │ │ │ - AAAA queries when there are
│ │ │ │ │ - no AAAA records.
│ │ │ │ │ -dns64-contact Specifies the name of the server
│ │ │ │ │ - contact for dns64 zones.
│ │ │ │ │ -dns64-server Specifies the name of the server
│ │ │ │ │ - server for dns64 zones.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -dnskey-sig-validity days in the future when dnssec
│ │ │ │ │ - automatically generated
│ │ │ │ │ - DNSSEC signatures expire.
│ │ │ │ │ - Specifies the time to live
│ │ │ │ │ -dnskey-ttl (TTL) for DNSKEY resource dnssec
│ │ │ │ │ - records.
│ │ │ │ │ - Turns on the DNS Response
│ │ │ │ │ -dnsrps-enable Policy Service (DNSRPS) security, server
│ │ │ │ │ - interface.
│ │ │ │ │ - Provides additional RPZ
│ │ │ │ │ - configuration settings,
│ │ │ │ │ -dnsrps-options which are passed to the DNS security, server
│ │ │ │ │ - Response Policy Service
│ │ │ │ │ - (DNSRPS) provider library.
│ │ │ │ │ - Instructs BIND 9 to accept
│ │ │ │ │ -dnssec-accept-expired expired DNSSEC signatures dnssec
│ │ │ │ │ - when validating.
│ │ │ │ │ - Specifies that only key-
│ │ │ │ │ - signing keys are used to
│ │ │ │ │ -dnssec-dnskey-kskonly sign the DNSKEY, CDNSKEY, dnssec
│ │ │ │ │ - and CDS RRsets at a zone's
│ │ │ │ │ - apex.
│ │ │ │ │ - Sets the frequency of
│ │ │ │ │ -dnssec-loadkeys-interval automatic checks of the dnssec
│ │ │ │ │ - DNSSEC key repository.
│ │ │ │ │ - Defines hierarchies that
│ │ │ │ │ -dnssec-must-be-secure must or may not be secure deprecated
│ │ │ │ │ - (signed and validated).
│ │ │ │ │ -dnssec-policy Defines a key and signing dnssec
│ │ │ │ │ - policy (KASP) for zones.
│ │ │ │ │ - Allows a dynamic zone to
│ │ │ │ │ -dnssec-secure-to-insecure transition from secure to dnssec
│ │ │ │ │ - insecure by deleting all
│ │ │ │ │ - DNSKEY records.
│ │ │ │ │ - Controls the scheduled
│ │ │ │ │ -dnssec-update-mode maintenance of DNSSEC dnssec
│ │ │ │ │ - signatures.
│ │ │ │ │ -dnssec-validation Enables DNSSEC validation dnssec
│ │ │ │ │ - in named.
│ │ │ │ │ -dnstap Enables logging of dnstap logging
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies an identity
│ │ │ │ │ -dnstap-identity string to send in dnstap logging
│ │ │ │ │ - messages.
│ │ │ │ │ - Configures the path to
│ │ │ │ │ -dnstap-output which the dnstap frame logging
│ │ │ │ │ - stream is sent.
│ │ │ │ │ -dnstap-version Specifies a version string logging
│ │ │ │ │ - to send in dnstap messages.
│ │ │ │ │ - Sets the Differentiated
│ │ │ │ │ -dscp Services Code Point (DSCP) query, server
│ │ │ │ │ - value (obsolete).
│ │ │ │ │ - Specifies host names or
│ │ │ │ │ -dual-stack-servers addresses of machines with server
│ │ │ │ │ - access to both IPv4 and
│ │ │ │ │ - IPv6 transports.
│ │ │ │ │ - Indicates the pathname of
│ │ │ │ │ -dump-file the file where the server logging
│ │ │ │ │ - dumps the database after
│ │ │ │ │ - rndc_dumpdb.
│ │ │ │ │ -dyndb Configures a DynDB database zone
│ │ │ │ │ - in named.conf.
│ │ │ │ │ -edns Controls the use of the server
│ │ │ │ │ - EDNS0 (RFC_2671) feature.
│ │ │ │ │ - Sets the maximum advertised
│ │ │ │ │ - EDNS UDP buffer size to
│ │ │ │ │ -edns-udp-size control the size of packets query
│ │ │ │ │ - received from authoritative
│ │ │ │ │ - servers in response to
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Sets the maximum EDNS
│ │ │ │ │ -edns-version VERSION that is sent to the server
│ │ │ │ │ - server(s) by the resolver.
│ │ │ │ │ - Specifies the contact name
│ │ │ │ │ -empty-contact in the returned SOA record server, zone
│ │ │ │ │ - for empty zones.
│ │ │ │ │ - Specifies the server name
│ │ │ │ │ -empty-server in the returned SOA record server, zone
│ │ │ │ │ - for empty zones.
│ │ │ │ │ -empty-zones-enable Enables or disables all server, zone
│ │ │ │ │ - empty zones.
│ │ │ │ │ - Specifies a list of HTTP
│ │ │ │ │ -endpoints query paths on which to query, server
│ │ │ │ │ - listen.
│ │ │ │ │ - Limits the number of errors
│ │ │ │ │ -errors-per-second for a valid domain name and server
│ │ │ │ │ - record type.
│ │ │ │ │ - Allows a list of IPv6
│ │ │ │ │ - addresses to be ignored if
│ │ │ │ │ -exclude they appear in a domain query
│ │ │ │ │ - name's AAAA records in
│ │ │ │ │ - dns64.
│ │ │ │ │ - Exempts specific clients or
│ │ │ │ │ -exempt-clients client groups from rate query
│ │ │ │ │ - limiting.
│ │ │ │ │ - Sets the parameters for
│ │ │ │ │ - dynamic resizing of the
│ │ │ │ │ -fetch-quota-params fetches-per-server quota in query, server
│ │ │ │ │ - response to detected
│ │ │ │ │ - congestion.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous iterative
│ │ │ │ │ - queries allowed to be sent
│ │ │ │ │ -fetches-per-server by a server to an upstream query, server
│ │ │ │ │ - name server before the
│ │ │ │ │ - server blocks additional
│ │ │ │ │ - queries.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous iterative
│ │ │ │ │ -fetches-per-zone queries allowed to any one query, server
│ │ │ │ │ - domain before the server
│ │ │ │ │ - blocks new queries for data
│ │ │ │ │ - in or beneath that zone.
│ │ │ │ │ -file Specifies the zone's zone
│ │ │ │ │ - filename.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ -files files the server may have deprecated
│ │ │ │ │ - open concurrently.
│ │ │ │ │ - Controls whether pending
│ │ │ │ │ -flush-zones-on-shutdown zone writes are flushed zone
│ │ │ │ │ - when the name server exits.
│ │ │ │ │ - Allows or disallows
│ │ │ │ │ - fallback to recursion if
│ │ │ │ │ -forward forwarding has failed; it query
│ │ │ │ │ - is always used in
│ │ │ │ │ - conjunction with the
│ │ │ │ │ - forwarders statement.
│ │ │ │ │ - Defines one or more hosts
│ │ │ │ │ -forwarders to which queries are query
│ │ │ │ │ - forwarded.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ -fstrm-set-buffer-hint accumulated bytes in the logging
│ │ │ │ │ - output buffer before
│ │ │ │ │ - forcing a buffer flush.
│ │ │ │ │ - Sets the number of seconds
│ │ │ │ │ -fstrm-set-flush-timeout that unflushed data remains logging
│ │ │ │ │ - in the output buffer.
│ │ │ │ │ - Sets the number of queue
│ │ │ │ │ -fstrm-set-input-queue-size entries to allocate for logging
│ │ │ │ │ - each input queue.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ -fstrm-set-output-notify- outstanding queue entries
│ │ │ │ │ -threshold allowed on an input queue logging
│ │ │ │ │ - before waking the I/
│ │ │ │ │ - O thread.
│ │ │ │ │ -fstrm-set-output-queue- Sets the queuing semantics logging
│ │ │ │ │ -model to use for queue objects.
│ │ │ │ │ -fstrm-set-output-queue- Sets the number of queue
│ │ │ │ │ -size entries allocated for each logging
│ │ │ │ │ - output queue.
│ │ │ │ │ - Sets the number of seconds
│ │ │ │ │ -fstrm-set-reopen-interval to wait between attempts to logging
│ │ │ │ │ - reopen a closed output
│ │ │ │ │ - stream.
│ │ │ │ │ - Specifies the directory
│ │ │ │ │ -geoip-directory containing GeoIP database server
│ │ │ │ │ - files.
│ │ │ │ │ -glue-cache Deprecated. deprecated
│ │ │ │ │ - Sets the interval at which
│ │ │ │ │ -heartbeat-interval the server performs zone deprecated
│ │ │ │ │ - maintenance tasks for all
│ │ │ │ │ - zones marked as dialup.
│ │ │ │ │ - Specifies the hostname of
│ │ │ │ │ -hostname the server to return in server
│ │ │ │ │ - response to a hostname.bind
│ │ │ │ │ - query.
│ │ │ │ │ - Configures HTTP endpoints
│ │ │ │ │ -http on which to listen for DNS- query, server
│ │ │ │ │ - over-HTTPS (DoH) queries.
│ │ │ │ │ - Limits the number of active
│ │ │ │ │ -http-listener-clients concurrent connections on a server
│ │ │ │ │ - per-listener basis.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ - number the server uses to
│ │ │ │ │ -http-port receive and send query, server
│ │ │ │ │ - unencrypted DNS traffic via
│ │ │ │ │ - HTTP.
│ │ │ │ │ -http-streams-per- Limits the number of active
│ │ │ │ │ -connection concurrent HTTP/2 streams server
│ │ │ │ │ - on a per-connection basis.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -https-port number the server uses to query, server
│ │ │ │ │ - receive and send DNS-over-
│ │ │ │ │ - HTTPS protocol traffic.
│ │ │ │ │ -in-view Specifies the view in which view, zone
│ │ │ │ │ - a given zone is defined.
│ │ │ │ │ -inet Specifies a TCP socket as a server
│ │ │ │ │ - control channel.
│ │ │ │ │ - Specifies whether BIND 9
│ │ │ │ │ -inline-signing maintains a separate signed zone, dnssec
│ │ │ │ │ - version of a zone.
│ │ │ │ │ - Sets the interval at which
│ │ │ │ │ -interface-interval the server scans the server
│ │ │ │ │ - network interface list.
│ │ │ │ │ - Specifies the prefix
│ │ │ │ │ -ipv4-prefix-length lengths of IPv4 address server
│ │ │ │ │ - blocks.
│ │ │ │ │ - Specifies the contact for
│ │ │ │ │ -ipv4only-contact the IPV4ONLY.ARPA zone server
│ │ │ │ │ - created by dns64.
│ │ │ │ │ - Enables automatic IPv4
│ │ │ │ │ -ipv4only-enable zones if a dns64 block is query
│ │ │ │ │ - configured.
│ │ │ │ │ - Specifies the name of the
│ │ │ │ │ -ipv4only-server server for the query, server
│ │ │ │ │ - IPV4ONLY.ARPA zone created
│ │ │ │ │ - by dns64.
│ │ │ │ │ - Specifies the prefix
│ │ │ │ │ -ipv6-prefix-length lengths of IPv6 address server
│ │ │ │ │ - blocks.
│ │ │ │ │ -ixfr-from-differences Controls how IXFR transfers transfer
│ │ │ │ │ - are calculated.
│ │ │ │ │ - Allows the default
│ │ │ │ │ -journal journal's filename to be zone
│ │ │ │ │ - overridden.
│ │ │ │ │ - Defines an
│ │ │ │ │ - address_match_list of
│ │ │ │ │ -keep-response-order addresses which do not server
│ │ │ │ │ - accept reordered answers
│ │ │ │ │ - within a single TCP stream.
│ │ │ │ │ - Defines a shared secret key
│ │ │ │ │ -key for use with TSIG or the security
│ │ │ │ │ - command channel.
│ │ │ │ │ - Indicates the directory
│ │ │ │ │ -key-directory where public and private dnssec
│ │ │ │ │ - DNSSEC key files are found.
│ │ │ │ │ - Specifies the path to a
│ │ │ │ │ -key-file file containing the private security, server
│ │ │ │ │ - TLS key for a connection.
│ │ │ │ │ - Specifies one or more
│ │ │ │ │ -keys server_key s to be used security, server
│ │ │ │ │ - with a remote server.
│ │ │ │ │ -lame-ttl Sets the resolver's lame server
│ │ │ │ │ - cache.
│ │ │ │ │ - Specifies the IPv4
│ │ │ │ │ -listen-on addresses on which a server server
│ │ │ │ │ - listens for DNS queries.
│ │ │ │ │ - Specifies the IPv6
│ │ │ │ │ -listen-on-v6 addresses on which a server server
│ │ │ │ │ - listens for DNS queries.
│ │ │ │ │ - Specifies a per-listener
│ │ │ │ │ -listener-clients quota for active query, server
│ │ │ │ │ - connections.
│ │ │ │ │ - Sets a maximum size for the
│ │ │ │ │ -lmdb-mapsize memory map of the new-zone server
│ │ │ │ │ - database in LMDB database
│ │ │ │ │ - format.
│ │ │ │ │ - Sets the pathname of the
│ │ │ │ │ - file on which named
│ │ │ │ │ -lock-file attempts to acquire a file server
│ │ │ │ │ - lock when starting for the
│ │ │ │ │ - first time.
│ │ │ │ │ - Tests rate-limiting
│ │ │ │ │ -log-only parameters without actually query, logging
│ │ │ │ │ - dropping any requests.
│ │ │ │ │ -logging Configures logging options logging
│ │ │ │ │ - for the name server.
│ │ │ │ │ -managed-keys Deprecated, use trust- deprecated
│ │ │ │ │ - anchors.
│ │ │ │ │ - Specifies the directory in
│ │ │ │ │ -managed-keys-directory which to store the files dnssec
│ │ │ │ │ - that track managed DNSSEC
│ │ │ │ │ - keys.
│ │ │ │ │ - Specifies an access control
│ │ │ │ │ - list (ACL) of IPv4
│ │ │ │ │ -mapped addresses that are to be query
│ │ │ │ │ - mapped to the corresponding
│ │ │ │ │ - A RRset in dns64.
│ │ │ │ │ -masterfile-format Specifies the file format server, zone
│ │ │ │ │ - of zone files.
│ │ │ │ │ - Specifies the format of
│ │ │ │ │ -masterfile-style zone files during a dump, server
│ │ │ │ │ - when the masterfile-format
│ │ │ │ │ - is text.
│ │ │ │ │ - Specifies a view of DNS
│ │ │ │ │ -match-clients namespace for a given view
│ │ │ │ │ - subset of client IP
│ │ │ │ │ - addresses.
│ │ │ │ │ - Specifies a view of DNS
│ │ │ │ │ -match-destinations namespace for a given view
│ │ │ │ │ - subset of destination IP
│ │ │ │ │ - addresses.
│ │ │ │ │ - Allows IPv4-mapped IPv6
│ │ │ │ │ - addresses to match address-
│ │ │ │ │ -match-mapped-addresses match list entries for server
│ │ │ │ │ - corresponding IPv4
│ │ │ │ │ - addresses.
│ │ │ │ │ - Specifies that only
│ │ │ │ │ -match-recursive-only recursive requests can view
│ │ │ │ │ - match this view of the DNS
│ │ │ │ │ - namespace.
│ │ │ │ │ - Sets the maximum amount of
│ │ │ │ │ - memory to use for an
│ │ │ │ │ -max-cache-size individual cache database server
│ │ │ │ │ - and its associated
│ │ │ │ │ - metadata.
│ │ │ │ │ - Specifies the maximum time
│ │ │ │ │ -max-cache-ttl (in seconds) that the server
│ │ │ │ │ - server caches ordinary
│ │ │ │ │ - (positive) answers.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous recursive
│ │ │ │ │ -max-clients-per-query clients accepted by the server
│ │ │ │ │ - server for any given query
│ │ │ │ │ - before the server drops
│ │ │ │ │ - additional clients.
│ │ │ │ │ - Sets the maximum size for
│ │ │ │ │ -max-ixfr-ratio IXFR responses to zone transfer
│ │ │ │ │ - transfer requests.
│ │ │ │ │ -max-journal-size Controls the size of transfer
│ │ │ │ │ - journal files.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ - retention time (in seconds)
│ │ │ │ │ -max-ncache-ttl for storage of negative server
│ │ │ │ │ - answers in the server's
│ │ │ │ │ - cache.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ -max-records records permitted in a server, zone
│ │ │ │ │ - zone.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - levels of recursion
│ │ │ │ │ -max-recursion-depth permitted at any one time server
│ │ │ │ │ - while servicing a recursive
│ │ │ │ │ - query.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ -max-recursion-queries iterative queries while query, server
│ │ │ │ │ - servicing a recursive
│ │ │ │ │ - query.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -max-refresh-time interval to no less often transfer
│ │ │ │ │ - than the specified value,
│ │ │ │ │ - in seconds.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -max-retry-time retry interval to no less transfer
│ │ │ │ │ - often than the specified
│ │ │ │ │ - value, in seconds.
│ │ │ │ │ - Sets the maximum RSA
│ │ │ │ │ -max-rsa-exponent-size exponent size (in bits) query, dnssec
│ │ │ │ │ - when validating.
│ │ │ │ │ - Specifies the maximum time
│ │ │ │ │ - that the server retains
│ │ │ │ │ -max-stale-ttl records past their normal server
│ │ │ │ │ - expiry, to return them as
│ │ │ │ │ - stale records.
│ │ │ │ │ - Sets the maximum size of
│ │ │ │ │ -max-table-size the table used to track server
│ │ │ │ │ - requests and rate-limit
│ │ │ │ │ - responses.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -max-transfer-idle-in minutes after which inbound transfer
│ │ │ │ │ - zone transfers making no
│ │ │ │ │ - progress are terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ - minutes after which
│ │ │ │ │ -max-transfer-idle-out outbound zone transfers transfer
│ │ │ │ │ - making no progress are
│ │ │ │ │ - terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -max-transfer-time-in minutes after which inbound transfer
│ │ │ │ │ - zone transfers are
│ │ │ │ │ - terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -max-transfer-time-out minutes after which transfer
│ │ │ │ │ - outbound zone transfers are
│ │ │ │ │ - terminated.
│ │ │ │ │ -max-udp-size Sets the maximum EDNS UDP query
│ │ │ │ │ - message size sent by named.
│ │ │ │ │ - Specifies a maximum
│ │ │ │ │ -max-zone-ttl permissible time-to-live query, zone
│ │ │ │ │ - (TTL) value, in seconds.
│ │ │ │ │ - Controls whether memory
│ │ │ │ │ -memstatistics statistics are written to logging, server
│ │ │ │ │ - the file specified by
│ │ │ │ │ - memstatistics-file at exit.
│ │ │ │ │ - Sets the pathname of the
│ │ │ │ │ -memstatistics-file file where the server logging
│ │ │ │ │ - writes memory usage
│ │ │ │ │ - statistics on exit.
│ │ │ │ │ - Controls whether DNS name
│ │ │ │ │ -message-compression compression is used in query
│ │ │ │ │ - responses to regular
│ │ │ │ │ - queries.
│ │ │ │ │ - Specifies the minimum time
│ │ │ │ │ -min-cache-ttl (in seconds) that the server
│ │ │ │ │ - server caches ordinary
│ │ │ │ │ - (positive) answers.
│ │ │ │ │ - Specifies the minimum
│ │ │ │ │ - retention time (in seconds)
│ │ │ │ │ -min-ncache-ttl for storage of negative server
│ │ │ │ │ - answers in the server's
│ │ │ │ │ - cache.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -min-refresh-time interval to no more often transfer
│ │ │ │ │ - than the specified value,
│ │ │ │ │ - in seconds.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -min-retry-time retry interval to no more transfer
│ │ │ │ │ - often than the specified
│ │ │ │ │ - value, in seconds.
│ │ │ │ │ - Sets the minimum size of
│ │ │ │ │ -min-table-size the table used to track query
│ │ │ │ │ - requests and rate-limit
│ │ │ │ │ - responses.
│ │ │ │ │ - Controls whether the server
│ │ │ │ │ - replies with only one of
│ │ │ │ │ -minimal-any the RRsets for a query query
│ │ │ │ │ - name, when generating a
│ │ │ │ │ - positive response to a
│ │ │ │ │ - query of type ANY over UDP.
│ │ │ │ │ - Controls whether the server
│ │ │ │ │ - only adds records to the
│ │ │ │ │ - authority and additional
│ │ │ │ │ -minimal-responses data sections when they are query
│ │ │ │ │ - required (e.g. delegations,
│ │ │ │ │ - negative responses). This
│ │ │ │ │ - improves server
│ │ │ │ │ - performance.
│ │ │ │ │ - Controls whether serial
│ │ │ │ │ -multi-master number mismatch errors are transfer
│ │ │ │ │ - logged.
│ │ │ │ │ - Specifies the directory
│ │ │ │ │ - where configuration
│ │ │ │ │ -new-zones-directory parameters are stored for zone
│ │ │ │ │ - zones added by rndc
│ │ │ │ │ - addzone.
│ │ │ │ │ - Specifies a list of
│ │ │ │ │ -no-case-compress addresses that require server
│ │ │ │ │ - case-insensitive
│ │ │ │ │ - compression in responses.
│ │ │ │ │ - Sets the maximum size of
│ │ │ │ │ -nocookie-udp-size UDP responses that are sent query
│ │ │ │ │ - to queries without a valid
│ │ │ │ │ - server COOKIE.
│ │ │ │ │ - Limits the number of empty
│ │ │ │ │ -nodata-per-second (NODATA) responses for a query
│ │ │ │ │ - valid domain name.
│ │ │ │ │ - Controls whether NOTIFY
│ │ │ │ │ -notify messages are sent on zone transfer
│ │ │ │ │ - changes.
│ │ │ │ │ - Sets the delay (in seconds)
│ │ │ │ │ -notify-delay between sending sets of transfer, zone
│ │ │ │ │ - NOTIFY messages for a zone.
│ │ │ │ │ - Specifies the rate at which
│ │ │ │ │ -notify-rate NOTIFY requests are sent transfer, zone
│ │ │ │ │ - during normal zone
│ │ │ │ │ - maintenance operations.
│ │ │ │ │ - Defines the IPv4 address
│ │ │ │ │ -notify-source (and optional port) to be transfer
│ │ │ │ │ - used for outgoing NOTIFY
│ │ │ │ │ - messages.
│ │ │ │ │ - Defines the IPv6 address
│ │ │ │ │ -notify-source-v6 (and optional port) to be transfer
│ │ │ │ │ - used for outgoing NOTIFY
│ │ │ │ │ - messages.
│ │ │ │ │ - Controls whether the name
│ │ │ │ │ -notify-to-soa servers in the NS RRset are transfer
│ │ │ │ │ - checked against the SOA
│ │ │ │ │ - MNAME.
│ │ │ │ │ - Specifies the use of NSEC3
│ │ │ │ │ -nsec3param instead of NSEC, and sets dnssec
│ │ │ │ │ - NSEC3 parameters.
│ │ │ │ │ - Specifies the lifetime, in
│ │ │ │ │ -nta-lifetime seconds, for negative trust dnssec
│ │ │ │ │ - anchors added via rndc_nta.
│ │ │ │ │ - Specifies the time interval
│ │ │ │ │ - for checking whether
│ │ │ │ │ -nta-recheck negative trust anchors dnssec
│ │ │ │ │ - added via rndc_nta are
│ │ │ │ │ - still necessary.
│ │ │ │ │ - Causes all messages sent to
│ │ │ │ │ -null the logging channel to be logging
│ │ │ │ │ - discarded.
│ │ │ │ │ - Appends the specified
│ │ │ │ │ - suffix to the original
│ │ │ │ │ -nxdomain-redirect query name, when replacing query
│ │ │ │ │ - an NXDOMAIN with a redirect
│ │ │ │ │ - namespace.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -nxdomains-per-second undefined subdomains for a query
│ │ │ │ │ - valid domain name.
│ │ │ │ │ -options Defines global options to server
│ │ │ │ │ - be used by BIND 9.
│ │ │ │ │ - Adds EDNS Padding options
│ │ │ │ │ -padding to outgoing messages to server
│ │ │ │ │ - increase the packet size.
│ │ │ │ │ - Sets the time to live (TTL)
│ │ │ │ │ -parent-ds-ttl of the DS RRset used by the dnssec
│ │ │ │ │ - parent zone.
│ │ │ │ │ - Sets the propagation delay
│ │ │ │ │ - from the time the parent
│ │ │ │ │ -parent-propagation-delay zone is updated to when the zone, dnssec
│ │ │ │ │ - new version is served by
│ │ │ │ │ - all of the parent zone's
│ │ │ │ │ - name servers.
│ │ │ │ │ - Defines a list of
│ │ │ │ │ -parental-agents delegation agents to be zone
│ │ │ │ │ - used by primary and
│ │ │ │ │ - secondary zones.
│ │ │ │ │ - Specifies which local IPv4
│ │ │ │ │ -parental-source source address is used to dnssec
│ │ │ │ │ - send parental DS queries.
│ │ │ │ │ - Specifies which local IPv6
│ │ │ │ │ -parental-source-v6 source address is used to dnssec
│ │ │ │ │ - send parental DS queries.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -pid-file the file where the server server
│ │ │ │ │ - writes its process ID.
│ │ │ │ │ -plugin Configures plugins in server
│ │ │ │ │ - named.conf.
│ │ │ │ │ - Specifies the UDP/TCP port
│ │ │ │ │ -port number the server uses to query, server
│ │ │ │ │ - receive and send DNS
│ │ │ │ │ - protocol traffic.
│ │ │ │ │ - Specifies that server
│ │ │ │ │ -prefer-server-ciphers ciphers should be preferred security, server
│ │ │ │ │ - over client ones.
│ │ │ │ │ - Controls the order of glue
│ │ │ │ │ -preferred-glue records in an A or AAAA query
│ │ │ │ │ - response.
│ │ │ │ │ - Specifies the "trigger"
│ │ │ │ │ -prefetch time-to-live (TTL) value at query
│ │ │ │ │ - which prefetch of the
│ │ │ │ │ - current query takes place.
│ │ │ │ │ -primaries Defines one or more primary zone
│ │ │ │ │ - servers for a zone.
│ │ │ │ │ -print-category Includes the category in logging
│ │ │ │ │ - log messages.
│ │ │ │ │ -print-severity Includes the severity in logging
│ │ │ │ │ - log messages.
│ │ │ │ │ -print-time Specifies the time format logging
│ │ │ │ │ - for log messages.
│ │ │ │ │ - Specifies the allowed
│ │ │ │ │ -protocols versions of the TLS security
│ │ │ │ │ - protocol.
│ │ │ │ │ - Controls whether a primary
│ │ │ │ │ - responds to an incremental
│ │ │ │ │ -provide-ixfr zone request (IXFR) or only transfer
│ │ │ │ │ - responds with a full zone
│ │ │ │ │ - transfer (AXFR).
│ │ │ │ │ - Increases the amount of
│ │ │ │ │ - time between when keys are
│ │ │ │ │ -publish-safety published and when they dnssec
│ │ │ │ │ - become active, to allow for
│ │ │ │ │ - unforeseen events.
│ │ │ │ │ - Specifies the amount of
│ │ │ │ │ - time after which DNSSEC
│ │ │ │ │ -purge-keys keys that have been deleted dnssec
│ │ │ │ │ - from the zone can be
│ │ │ │ │ - removed from disk.
│ │ │ │ │ - Controls QNAME minimization
│ │ │ │ │ -qname-minimization behavior in the BIND 9 query
│ │ │ │ │ - resolver.
│ │ │ │ │ - Tightens defenses during
│ │ │ │ │ -qps-scale DNS attacks by scaling back query
│ │ │ │ │ - the ratio of the current
│ │ │ │ │ - query-per-second rate.
│ │ │ │ │ - Controls the IPv4 address
│ │ │ │ │ -query-source from which queries are query
│ │ │ │ │ - issued.
│ │ │ │ │ - Controls the IPv6 address
│ │ │ │ │ -query-source-v6 from which queries are query
│ │ │ │ │ - issued.
│ │ │ │ │ - Specifies whether query
│ │ │ │ │ -querylog logging should be active logging, server
│ │ │ │ │ - when named first starts.
│ │ │ │ │ - Controls excessive UDP
│ │ │ │ │ - responses, to prevent BIND
│ │ │ │ │ -rate-limit 9 from being used to query
│ │ │ │ │ - amplify reflection denial-
│ │ │ │ │ - of-service (DoS) attacks.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ - the file where the server
│ │ │ │ │ -recursing-file dumps queries that are server
│ │ │ │ │ - currently recursing via
│ │ │ │ │ - rndc_recursing.
│ │ │ │ │ -recursion Defines whether recursion query
│ │ │ │ │ - and caching are allowed.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ -recursive-clients number of concurrent query
│ │ │ │ │ - recursive queries the
│ │ │ │ │ - server can perform.
│ │ │ │ │ - Toggles whether dns64
│ │ │ │ │ -recursive-only synthesis occurs only for query
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -referrals-per-second referrals or delegations to query
│ │ │ │ │ - a server for a given
│ │ │ │ │ - domain.
│ │ │ │ │ - Specifies the expected
│ │ │ │ │ -remote-hostname hostname in the TLS security
│ │ │ │ │ - certificate of the remote
│ │ │ │ │ - server.
│ │ │ │ │ - Specifies whether the local
│ │ │ │ │ -request-expire server requests the EDNS transfer, query
│ │ │ │ │ - EXPIRE value, when acting
│ │ │ │ │ - as a secondary.
│ │ │ │ │ - Controls whether a
│ │ │ │ │ - secondary requests an
│ │ │ │ │ -request-ixfr incremental zone transfer transfer
│ │ │ │ │ - (IXFR) or a full zone
│ │ │ │ │ - transfer (AXFR).
│ │ │ │ │ - Controls whether an empty
│ │ │ │ │ - EDNS(0) NSID (Name Server
│ │ │ │ │ - Identifier) option is sent
│ │ │ │ │ -request-nsid with all queries to query
│ │ │ │ │ - authoritative name servers
│ │ │ │ │ - during iterative
│ │ │ │ │ - resolution.
│ │ │ │ │ - Controls whether a valid
│ │ │ │ │ -require-server-cookie server cookie is required query
│ │ │ │ │ - before sending a full
│ │ │ │ │ - response to a UDP request.
│ │ │ │ │ -reserved-sockets Deprecated. deprecated
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -resolver-nonbackoff-tries retries before exponential server
│ │ │ │ │ - backoff.
│ │ │ │ │ - Specifies the length of
│ │ │ │ │ - time, in milliseconds, that
│ │ │ │ │ -resolver-query-timeout a resolver attempts to query
│ │ │ │ │ - resolve a recursive query
│ │ │ │ │ - before failing.
│ │ │ │ │ -resolver-retry-interval Sets the base retry query, server
│ │ │ │ │ - interval (in milliseconds).
│ │ │ │ │ - Adds an EDNS Padding option
│ │ │ │ │ - to encrypted messages, to
│ │ │ │ │ -response-padding reduce the chance of query
│ │ │ │ │ - guessing the contents based
│ │ │ │ │ - on size.
│ │ │ │ │ - Specifies response policy security, query, server,
│ │ │ │ │ -response-policy zones for the view or among zone
│ │ │ │ │ - global options.
│ │ │ │ │ - Limits the number of non-
│ │ │ │ │ -responses-per-second empty responses for a valid query
│ │ │ │ │ - domain name and record
│ │ │ │ │ - type.
│ │ │ │ │ - Increases the amount of
│ │ │ │ │ - time a key remains
│ │ │ │ │ -retire-safety published after it is no dnssec
│ │ │ │ │ - longer active, to allow for
│ │ │ │ │ - unforeseen events.
│ │ │ │ │ -reuseport Enables kernel load- server
│ │ │ │ │ - balancing of sockets.
│ │ │ │ │ - Turns on enforcement of
│ │ │ │ │ - delegation-only in top-
│ │ │ │ │ -root-delegation-only level domains (TLDs) and deprecated
│ │ │ │ │ - root zones with an optional
│ │ │ │ │ - exclude list.
│ │ │ │ │ - Controls whether BIND 9
│ │ │ │ │ -root-key-sentinel responds to root key server
│ │ │ │ │ - sentinel probes.
│ │ │ │ │ - Defines the order in which
│ │ │ │ │ -rrset-order equal RRs (RRsets) are query
│ │ │ │ │ - returned.
│ │ │ │ │ - Specifies whether a
│ │ │ │ │ -search Dynamically Loadable Zone query
│ │ │ │ │ - (DLZ) module is queried for
│ │ │ │ │ - an answer to a query name.
│ │ │ │ │ - Defines a Base64-encoded
│ │ │ │ │ -secret string to be used as the security
│ │ │ │ │ - secret by the algorithm.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -secroots-file the file where the server dnssec
│ │ │ │ │ - dumps security roots, when
│ │ │ │ │ - using rndc_secroots.
│ │ │ │ │ - Controls whether a COOKIE
│ │ │ │ │ -send-cookie EDNS option is sent along query
│ │ │ │ │ - with a query.
│ │ │ │ │ - Defines an upper limit on
│ │ │ │ │ - the number of queries per
│ │ │ │ │ -serial-query-rate second issued by the transfer
│ │ │ │ │ - server, when querying the
│ │ │ │ │ - SOA RRs used for zone
│ │ │ │ │ - transfers.
│ │ │ │ │ - Specifies the update method
│ │ │ │ │ -serial-update-method to be used for the zone zone
│ │ │ │ │ - serial number in the SOA
│ │ │ │ │ - record.
│ │ │ │ │ - Defines characteristics to
│ │ │ │ │ -server be associated with a remote server
│ │ │ │ │ - name server.
│ │ │ │ │ - Specifies a list of IP
│ │ │ │ │ - addresses to which queries
│ │ │ │ │ -server-addresses should be sent in recursive query, zone
│ │ │ │ │ - resolution for a static-
│ │ │ │ │ - stub zone.
│ │ │ │ │ - Specifies the ID of the
│ │ │ │ │ -server-id server to return in server
│ │ │ │ │ - response to a ID.SERVER
│ │ │ │ │ - query.
│ │ │ │ │ - Specifies a list of domain
│ │ │ │ │ - names of name servers that
│ │ │ │ │ -server-names act as authoritative zone
│ │ │ │ │ - servers of a static-stub
│ │ │ │ │ - zone.
│ │ │ │ │ - Sets the length of time (in
│ │ │ │ │ -servfail-ttl seconds) that a SERVFAIL server
│ │ │ │ │ - response is cached.
│ │ │ │ │ - Specifies the algorithm to
│ │ │ │ │ -session-keyalg use for the TSIG session security
│ │ │ │ │ - key.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ - the file where a TSIG
│ │ │ │ │ -session-keyfile session key is written, security
│ │ │ │ │ - when generated by named for
│ │ │ │ │ - use by nsupdate -l.
│ │ │ │ │ -session-keyname Specifies the key name for security
│ │ │ │ │ - the TSIG session key.
│ │ │ │ │ - Enables or disables session
│ │ │ │ │ -session-tickets resumption through TLS security
│ │ │ │ │ - session tickets.
│ │ │ │ │ -severity Defines the priority level logging
│ │ │ │ │ - of log messages.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ - number of nodes to be
│ │ │ │ │ -sig-signing-nodes examined in each quantum, dnssec
│ │ │ │ │ - when signing a zone with a
│ │ │ │ │ - new DNSKEY.
│ │ │ │ │ - Specifies the threshold for
│ │ │ │ │ - the number of signatures
│ │ │ │ │ -sig-signing-signatures that terminates processing dnssec
│ │ │ │ │ - a quantum, when signing a
│ │ │ │ │ - zone with a new DNSKEY.
│ │ │ │ │ - Specifies a private RDATA
│ │ │ │ │ -sig-signing-type type to use when generating dnssec
│ │ │ │ │ - signing-state records.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ -sig-validity-interval number of days that RRSIGs dnssec
│ │ │ │ │ - generated by named are
│ │ │ │ │ - valid.
│ │ │ │ │ -signatures-refresh Specifies how frequently an dnssec
│ │ │ │ │ - RRSIG record is refreshed.
│ │ │ │ │ -signatures-validity Indicates the validity dnssec
│ │ │ │ │ - period of an RRSIG record.
│ │ │ │ │ -signatures-validity-dnskey Indicates the validity dnssec
│ │ │ │ │ - period of DNSKEY records.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ - "slipped" responses to
│ │ │ │ │ -slip minimize the use of forged query
│ │ │ │ │ - source addresses for an
│ │ │ │ │ - attack.
│ │ │ │ │ - Controls the ordering of
│ │ │ │ │ -sortlist RRs returned to the client, query
│ │ │ │ │ - based on the client's IP
│ │ │ │ │ - address.
│ │ │ │ │ - Sets the maximum amount of
│ │ │ │ │ -stacksize stack memory that can be deprecated
│ │ │ │ │ - used by the server.
│ │ │ │ │ - Defines the amount of time
│ │ │ │ │ - (in milliseconds) that
│ │ │ │ │ -stale-answer-client- named waits before query, server
│ │ │ │ │ -timeout attempting to answer a
│ │ │ │ │ - query with a stale RRset
│ │ │ │ │ - from cache.
│ │ │ │ │ - Enables the returning of
│ │ │ │ │ -stale-answer-enable "stale" cached answers when query, server
│ │ │ │ │ - the name servers for a zone
│ │ │ │ │ - are not answering.
│ │ │ │ │ - Specifies the time to live
│ │ │ │ │ -stale-answer-ttl (TTL) to be returned on query
│ │ │ │ │ - stale answers, in seconds.
│ │ │ │ │ -stale-cache-enable Enables the retention of query, server
│ │ │ │ │ - "stale" cached answers.
│ │ │ │ │ - Sets the time window for
│ │ │ │ │ - the return of "stale"
│ │ │ │ │ - cached answers before the
│ │ │ │ │ -stale-refresh-time next attempt to contact, if query, server
│ │ │ │ │ - the name servers for a
│ │ │ │ │ - given zone are not
│ │ │ │ │ - responding.
│ │ │ │ │ - Specifies the rate at which
│ │ │ │ │ - NOTIFY requests are sent
│ │ │ │ │ -startup-notify-rate when the name server is transfer, zone
│ │ │ │ │ - first starting, or when new
│ │ │ │ │ - zones have been added.
│ │ │ │ │ - Specifies the communication
│ │ │ │ │ - channels to be used by
│ │ │ │ │ -statistics-channels system administrators to logging
│ │ │ │ │ - access statistics
│ │ │ │ │ - information on the name
│ │ │ │ │ - server.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -statistics-file the file where the server logging, server
│ │ │ │ │ - appends statistics, when
│ │ │ │ │ - using rndc_stats.
│ │ │ │ │ - Directs the logging channel
│ │ │ │ │ -stderr output to the server's logging
│ │ │ │ │ - standard error stream.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ -streams-per-connection number of concurrent HTTP/ query, server
│ │ │ │ │ - 2 streams over an HTTP/
│ │ │ │ │ - 2 connection.
│ │ │ │ │ - Defines trailing bits for
│ │ │ │ │ -suffix mapped IPv4 address bits in query
│ │ │ │ │ - dns64.
│ │ │ │ │ - Enables support for RFC
│ │ │ │ │ -synth-from-dnssec 8198, Aggressive Use of dnssec
│ │ │ │ │ - DNSSEC-Validated Cache.
│ │ │ │ │ -syslog Directs the logging channel logging
│ │ │ │ │ - to the system log.
│ │ │ │ │ - Sets the timeout value (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -tcp-advertised-timeout server sends in responses query
│ │ │ │ │ - containing the EDNS TCP
│ │ │ │ │ - keepalive option.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ -tcp-clients number of simultaneous server
│ │ │ │ │ - client TCP connections
│ │ │ │ │ - accepted by the server.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ - server waits on an idle TCP
│ │ │ │ │ -tcp-idle-timeout connection before closing query
│ │ │ │ │ - it, if the EDNS TCP
│ │ │ │ │ - keepalive option is not in
│ │ │ │ │ - use.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -tcp-initial-timeout server waits on a new TCP query, server
│ │ │ │ │ - connection for the first
│ │ │ │ │ - message from the client.
│ │ │ │ │ -tcp-keepalive Adds EDNS TCP keepalive to server
│ │ │ │ │ - messages sent over TCP.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -tcp-keepalive-timeout server waits on an idle TCP query
│ │ │ │ │ - connection before closing
│ │ │ │ │ - it, if the EDNS TCP
│ │ │ │ │ - keepalive option is in use.
│ │ │ │ │ -tcp-listen-queue Sets the listen-queue server
│ │ │ │ │ - depth.
│ │ │ │ │ -tcp-only Sets the transport protocol server
│ │ │ │ │ - to TCP.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -tcp-receive-buffer receive buffer size for TCP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -tcp-send-buffer send buffer size for TCP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the Diffie-Hellman key
│ │ │ │ │ -tkey-dhkey used by the server to deprecated
│ │ │ │ │ - generate shared keys.
│ │ │ │ │ - Sets the domain appended to
│ │ │ │ │ -tkey-domain the names of all shared security
│ │ │ │ │ - keys generated with TKEY.
│ │ │ │ │ - Sets the security
│ │ │ │ │ - credential for
│ │ │ │ │ -tkey-gssapi-credential authentication keys security
│ │ │ │ │ - requested by the GSS-TSIG
│ │ │ │ │ - protocol.
│ │ │ │ │ - Sets the KRB5 keytab file
│ │ │ │ │ -tkey-gssapi-keytab to use for GSS-TSIG security
│ │ │ │ │ - updates.
│ │ │ │ │ -tls Configures a TLS security
│ │ │ │ │ - connection.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -tls-port number the server uses to query, server
│ │ │ │ │ - receive and send DNS-over-
│ │ │ │ │ - TLS protocol traffic.
│ │ │ │ │ - Controls whether multiple
│ │ │ │ │ -transfer-format records can be packed into transfer
│ │ │ │ │ - a message during zone
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the uncompressed
│ │ │ │ │ -transfer-message-size size of DNS messages used transfer
│ │ │ │ │ - in zone transfers over TCP.
│ │ │ │ │ - Defines which local IPv4
│ │ │ │ │ - address(es) are bound to
│ │ │ │ │ -transfer-source TCP connections used to transfer
│ │ │ │ │ - fetch zones transferred
│ │ │ │ │ - inbound by the server.
│ │ │ │ │ - Defines which local IPv6
│ │ │ │ │ - address(es) are bound to
│ │ │ │ │ -transfer-source-v6 TCP connections used to transfer
│ │ │ │ │ - fetch zones transferred
│ │ │ │ │ - inbound by the server.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -transfers concurrent inbound zone server
│ │ │ │ │ - transfers from a server.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -transfers-in concurrent inbound zone transfer
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -transfers-out concurrent outbound zone transfer
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -transfers-per-ns concurrent inbound zone transfer
│ │ │ │ │ - transfers from a remote
│ │ │ │ │ - server.
│ │ │ │ │ - Instructs named to send
│ │ │ │ │ - specially formed queries
│ │ │ │ │ -trust-anchor-telemetry once per day to domains for dnssec
│ │ │ │ │ - which trust anchors have
│ │ │ │ │ - been configured.
│ │ │ │ │ -trust-anchors Defines DNSSEC trust dnssec
│ │ │ │ │ - anchors.
│ │ │ │ │ -trusted-keys Deprecated, use trust- deprecated
│ │ │ │ │ - anchors.
│ │ │ │ │ - Specifies that BIND 9
│ │ │ │ │ -try-tcp-refresh should attempt to refresh a transfer
│ │ │ │ │ - zone using TCP if UDP
│ │ │ │ │ - queries fail.
│ │ │ │ │ -type Specifies the kind of zone zone
│ │ │ │ │ - in a given configuration.
│ │ │ │ │ - Enforces the delegation-
│ │ │ │ │ -type_delegation-only only status of deprecated
│ │ │ │ │ - infrastructure zones (COM,
│ │ │ │ │ - NET, ORG, etc.).
│ │ │ │ │ - Contains forwarding
│ │ │ │ │ -type_forward statements that apply to zone
│ │ │ │ │ - queries within a given
│ │ │ │ │ - domain.
│ │ │ │ │ - Contains the initial set of
│ │ │ │ │ -type_hint root name servers to be zone
│ │ │ │ │ - used at BIND 9 startup.
│ │ │ │ │ - Contains a DNSSEC-validated
│ │ │ │ │ -type_mirror duplicate of the main data zone
│ │ │ │ │ - for a zone.
│ │ │ │ │ -type_primary Contains the main copy of zone
│ │ │ │ │ - the data for a zone.
│ │ │ │ │ - Contains information to
│ │ │ │ │ -type_redirect answer queries when normal zone
│ │ │ │ │ - resolution would return
│ │ │ │ │ - NXDOMAIN.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ -type_secondary data for a zone that has zone
│ │ │ │ │ - been transferred from a
│ │ │ │ │ - primary server.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ - NS records of a primary
│ │ │ │ │ -type_static-stub zone, but statically zone
│ │ │ │ │ - configured rather than
│ │ │ │ │ - transferred from a primary
│ │ │ │ │ - server.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ -type_stub NS records of a primary zone
│ │ │ │ │ - zone.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -udp-receive-buffer receive buffer size for UDP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -udp-send-buffer send buffer size for UDP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Specifies a Unix domain
│ │ │ │ │ -unix socket as a control server
│ │ │ │ │ - channel.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ - the KSK bit to determine
│ │ │ │ │ -update-check-ksk how a key should be used, zone, dnssec
│ │ │ │ │ - when generating RRSIGs for
│ │ │ │ │ - a secure zone.
│ │ │ │ │ - Sets fine-grained rules to
│ │ │ │ │ - allow or deny dynamic
│ │ │ │ │ -update-policy updates (DDNS), based on transfer
│ │ │ │ │ - requester identity, updated
│ │ │ │ │ - content, etc.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ -update-quota number of concurrent DNS server
│ │ │ │ │ - UPDATE messages that can be
│ │ │ │ │ - processed by the server.
│ │ │ │ │ - Indicates whether alt-
│ │ │ │ │ -use-alt-transfer-source transfer-source and alt- deprecated
│ │ │ │ │ - transfer-source-v6 can be
│ │ │ │ │ - used.
│ │ │ │ │ - Specifies a list of ports
│ │ │ │ │ -use-v4-udp-ports that are valid sources for deprecated
│ │ │ │ │ - UDP/IPv4 messages.
│ │ │ │ │ - Specifies a list of ports
│ │ │ │ │ -use-v6-udp-ports that are valid sources for deprecated
│ │ │ │ │ - UDP/IPv6 messages.
│ │ │ │ │ - Indicates the number of
│ │ │ │ │ -v6-bias milliseconds of preference query, server
│ │ │ │ │ - to give to IPv6 name
│ │ │ │ │ - servers.
│ │ │ │ │ - Specifies a list of domain
│ │ │ │ │ -validate-except names at and beneath which dnssec
│ │ │ │ │ - DNSSEC validation should
│ │ │ │ │ - not be performed.
│ │ │ │ │ - Specifies the version
│ │ │ │ │ -version number of the server to server
│ │ │ │ │ - return in response to a
│ │ │ │ │ - version.bind query.
│ │ │ │ │ - Allows a name server to
│ │ │ │ │ -view answer a DNS query view
│ │ │ │ │ - differently depending on
│ │ │ │ │ - who is asking.
│ │ │ │ │ - Specifies the length of
│ │ │ │ │ -window time during which responses query
│ │ │ │ │ - are tracked.
│ │ │ │ │ - Specifies whether to set
│ │ │ │ │ - the time to live (TTL) of
│ │ │ │ │ -zero-no-soa-ttl the SOA record to zero, server, query, zone
│ │ │ │ │ - when returning
│ │ │ │ │ - authoritative negative
│ │ │ │ │ - responses to SOA queries.
│ │ │ │ │ - Sets the time to live (TTL)
│ │ │ │ │ -zero-no-soa-ttl-cache to zero when caching a server, query, zone
│ │ │ │ │ - negative response to an SOA
│ │ │ │ │ - query.
│ │ │ │ │ -zone Specifies the zone in a zone
│ │ │ │ │ - BIND 9 configuration.
│ │ │ │ │ - Sets the propagation delay
│ │ │ │ │ - from the time a zone is
│ │ │ │ │ -zone-propagation-delay first updated to when the zone, dnssec
│ │ │ │ │ - new version of the zone is
│ │ │ │ │ - served by all secondary
│ │ │ │ │ - servers.
│ │ │ │ │ - Controls the level of
│ │ │ │ │ -zone-statistics statistics gathered for all logging, zone
│ │ │ │ │ - zones.
│ │ │ │ │ +Statement Description Tags
│ │ │ │ │ +acl Assigns a symbolic name to server
│ │ │ │ │ + an address match list.
│ │ │ │ │ +algorithm Defines the algorithm to be security
│ │ │ │ │ + used in a key clause.
│ │ │ │ │ +all-per-second Limits UDP responses of all query
│ │ │ │ │ + kinds.
│ │ │ │ │ + Controls the ability to add
│ │ │ │ │ +allow-new-zones zones at runtime via rndc server, zone
│ │ │ │ │ + addzone.
│ │ │ │ │ + Defines an
│ │ │ │ │ + address_match_list that is
│ │ │ │ │ + allowed to send NOTIFY
│ │ │ │ │ +allow-notify messages for the zone, in transfer
│ │ │ │ │ + addition to addresses
│ │ │ │ │ + defined in the primaries
│ │ │ │ │ + option for the zone.
│ │ │ │ │ + Specifies which hosts (an
│ │ │ │ │ +allow-query IP address list) are query
│ │ │ │ │ + allowed to send queries to
│ │ │ │ │ + this resolver.
│ │ │ │ │ + Specifies which hosts (an
│ │ │ │ │ + IP address list) can access
│ │ │ │ │ +allow-query-cache this server's cache and query
│ │ │ │ │ + thus effectively controls
│ │ │ │ │ + recursion.
│ │ │ │ │ + Specifies which hosts (an
│ │ │ │ │ + IP address list) can access
│ │ │ │ │ +allow-query-cache-on this server's cache. Used query
│ │ │ │ │ + on servers with multiple
│ │ │ │ │ + interfaces.
│ │ │ │ │ + Specifies which local
│ │ │ │ │ + addresses (an IP address
│ │ │ │ │ +allow-query-on list) are allowed to send query
│ │ │ │ │ + queries to this resolver.
│ │ │ │ │ + Used in multi-homed
│ │ │ │ │ + configurations.
│ │ │ │ │ + Defines an
│ │ │ │ │ +allow-recursion address_match_list of query
│ │ │ │ │ + clients that are allowed to
│ │ │ │ │ + perform recursive queries.
│ │ │ │ │ + Specifies which local
│ │ │ │ │ +allow-recursion-on addresses can accept server, query
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Defines an
│ │ │ │ │ + address_match_list of hosts
│ │ │ │ │ +allow-transfer that are allowed to transfer
│ │ │ │ │ + transfer the zone
│ │ │ │ │ + information from this
│ │ │ │ │ + server.
│ │ │ │ │ + Defines an
│ │ │ │ │ + address_match_list of hosts
│ │ │ │ │ +allow-update that are allowed to submit transfer
│ │ │ │ │ + dynamic updates for primary
│ │ │ │ │ + zones.
│ │ │ │ │ + Defines an
│ │ │ │ │ + address_match_list of hosts
│ │ │ │ │ +allow-update-forwarding that are allowed to submit transfer
│ │ │ │ │ + dynamic updates to a
│ │ │ │ │ + secondary server for
│ │ │ │ │ + transmission to a primary.
│ │ │ │ │ + Defines one or more hosts
│ │ │ │ │ +also-notify that are sent NOTIFY transfer
│ │ │ │ │ + messages when zone changes
│ │ │ │ │ + occur.
│ │ │ │ │ + Defines alternate local
│ │ │ │ │ + IPv4 address(es) to be used
│ │ │ │ │ + by the server for inbound
│ │ │ │ │ +alt-transfer-source zone transfers, if the deprecated
│ │ │ │ │ + address(es) defined by
│ │ │ │ │ + transfer-source fail and
│ │ │ │ │ + use-alt-transfer-source is
│ │ │ │ │ + enabled.
│ │ │ │ │ + Defines alternate local
│ │ │ │ │ +alt-transfer-source-v6 IPv6 address(es) to be used deprecated
│ │ │ │ │ + by the server for inbound
│ │ │ │ │ + zone transfers.
│ │ │ │ │ + Controls whether COOKIE
│ │ │ │ │ +answer-cookie EDNS replies are sent in query
│ │ │ │ │ + response to client queries.
│ │ │ │ │ + Allows multiple views to
│ │ │ │ │ +attach-cache share a single cache view
│ │ │ │ │ + database.
│ │ │ │ │ + Controls whether BIND,
│ │ │ │ │ + acting as a resolver,
│ │ │ │ │ +auth-nxdomain provides authoritative query
│ │ │ │ │ + NXDOMAIN (domain does not
│ │ │ │ │ + exist) answers.
│ │ │ │ │ + Permits varying levels of
│ │ │ │ │ +auto-dnssec automatic DNSSEC key dnssec
│ │ │ │ │ + management.
│ │ │ │ │ + Controls the automatic
│ │ │ │ │ +automatic-interface-scan rescanning of network server
│ │ │ │ │ + interfaces when addresses
│ │ │ │ │ + are added or removed.
│ │ │ │ │ + Specifies the range(s) of
│ │ │ │ │ +avoid-v4-udp-ports ports to be excluded from deprecated
│ │ │ │ │ + use as sources for UDP/IPv4
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the range(s) of
│ │ │ │ │ +avoid-v6-udp-ports ports to be excluded from deprecated
│ │ │ │ │ + use as sources for UDP/IPv6
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the pathname of a
│ │ │ │ │ +bindkeys-file file to override the built- dnssec
│ │ │ │ │ + in trusted keys provided by
│ │ │ │ │ + named.
│ │ │ │ │ + Defines an
│ │ │ │ │ + address_match_list of hosts
│ │ │ │ │ +blackhole to ignore. The server will query
│ │ │ │ │ + neither respond to queries
│ │ │ │ │ + from nor send queries to
│ │ │ │ │ + these addresses.
│ │ │ │ │ +bogus Allows a remote server to server
│ │ │ │ │ + be ignored.
│ │ │ │ │ + Enables dns64 synthesis
│ │ │ │ │ +break-dnssec even if the validated query
│ │ │ │ │ + result would cause a DNSSEC
│ │ │ │ │ + validation failure.
│ │ │ │ │ +buffered Controls flushing of log logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ + file containing TLS
│ │ │ │ │ +ca-file certificates for trusted CA server, security
│ │ │ │ │ + authorities, used to verify
│ │ │ │ │ + remote peer certificates.
│ │ │ │ │ +catalog-zones Configures catalog zones in zone
│ │ │ │ │ + named.conf.
│ │ │ │ │ + Specifies the type of data
│ │ │ │ │ +category logged to a particular logging
│ │ │ │ │ + channel.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ +cert-file file containing the TLS server, security
│ │ │ │ │ + certificate for a
│ │ │ │ │ + connection.
│ │ │ │ │ + Defines a stream of data
│ │ │ │ │ +channel that can be independently logging
│ │ │ │ │ + logged.
│ │ │ │ │ + Checks primary zones for
│ │ │ │ │ + records that are treated as
│ │ │ │ │ +check-dup-records different by DNSSEC but are dnssec, query
│ │ │ │ │ + semantically equal in plain
│ │ │ │ │ + DNS.
│ │ │ │ │ + Performs post-load zone
│ │ │ │ │ +check-integrity integrity checks on primary zone
│ │ │ │ │ + zones.
│ │ │ │ │ + Checks whether an MX record
│ │ │ │ │ +check-mx appears to refer to an IP zone
│ │ │ │ │ + address.
│ │ │ │ │ + Sets the response to MX
│ │ │ │ │ +check-mx-cname records that refer to zone
│ │ │ │ │ + CNAMEs.
│ │ │ │ │ + Restricts the character set
│ │ │ │ │ + and syntax of certain
│ │ │ │ │ +check-names domain names in primary server, query
│ │ │ │ │ + files and/or DNS responses
│ │ │ │ │ + received from the network.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ +check-sibling for sibling glue when zone
│ │ │ │ │ + performing integrity
│ │ │ │ │ + checks.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ +check-spf for a TXT Sender Policy zone
│ │ │ │ │ + Framework record, if an SPF
│ │ │ │ │ + record is present.
│ │ │ │ │ + Sets the response to SRV
│ │ │ │ │ +check-srv-cname records that refer to zone
│ │ │ │ │ + CNAMEs.
│ │ │ │ │ +check-wildcard Checks for non-terminal zone
│ │ │ │ │ + wildcards.
│ │ │ │ │ +ciphers Specifies a list of allowed security
│ │ │ │ │ + ciphers.
│ │ │ │ │ + Specifies an access control
│ │ │ │ │ +clients list (ACL) of clients that query
│ │ │ │ │ + are affected by a given
│ │ │ │ │ + dns64 directive.
│ │ │ │ │ + Sets the initial minimum
│ │ │ │ │ + number of simultaneous
│ │ │ │ │ +clients-per-query recursive clients accepted server
│ │ │ │ │ + by the server for any given
│ │ │ │ │ + query before the server
│ │ │ │ │ + drops additional clients.
│ │ │ │ │ + Specifies control channels
│ │ │ │ │ +controls to be used to manage the server
│ │ │ │ │ + name server.
│ │ │ │ │ + Sets the algorithm to be
│ │ │ │ │ +cookie-algorithm used when generating a server
│ │ │ │ │ + server cookie.
│ │ │ │ │ + Specifies a shared secret
│ │ │ │ │ + used for generating and
│ │ │ │ │ +cookie-secret verifying EDNS COOKIE server
│ │ │ │ │ + options within an anycast
│ │ │ │ │ + cluster.
│ │ │ │ │ +coresize Sets the maximum size of a deprecated
│ │ │ │ │ + core dump.
│ │ │ │ │ + Specifies the type of
│ │ │ │ │ +database database to be used to zone
│ │ │ │ │ + store zone data.
│ │ │ │ │ + Sets the maximum amount of
│ │ │ │ │ +datasize data memory that can be deprecated
│ │ │ │ │ + used by the server.
│ │ │ │ │ + Indicates that a forward,
│ │ │ │ │ +delegation-only hint, or stub zone is to be deprecated
│ │ │ │ │ + treated as a delegation-
│ │ │ │ │ + only type zone.
│ │ │ │ │ + Rejects A or AAAA records
│ │ │ │ │ +deny-answer-addresses if the corresponding IPv4 query
│ │ │ │ │ + or IPv6 addresses match a
│ │ │ │ │ + given address_match_list.
│ │ │ │ │ + Rejects CNAME or DNAME
│ │ │ │ │ +deny-answer-aliases records if the "alias" name query
│ │ │ │ │ + matches a given list of
│ │ │ │ │ + domain_name elements.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ +dhparam-file file containing Diffie- server, security
│ │ │ │ │ + Hellman parameters, for
│ │ │ │ │ + enabling cipher suites.
│ │ │ │ │ + Concentrates zone
│ │ │ │ │ + maintenance so that all
│ │ │ │ │ +dialup transfers take place once deprecated
│ │ │ │ │ + every heartbeat-interval,
│ │ │ │ │ + ideally during a single
│ │ │ │ │ + call.
│ │ │ │ │ +directory Sets the server's working server
│ │ │ │ │ + directory.
│ │ │ │ │ +disable-algorithms Disables DNSSEC algorithms dnssec
│ │ │ │ │ + from a specified zone.
│ │ │ │ │ +disable-ds-digests Disables DS digest types zone, dnssec
│ │ │ │ │ + from a specified zone.
│ │ │ │ │ +disable-empty-zone Disables individual empty server, zone
│ │ │ │ │ + zones.
│ │ │ │ │ + Configures a Dynamically
│ │ │ │ │ +dlz Loadable Zone (DLZ) zone
│ │ │ │ │ + database in named.conf.
│ │ │ │ │ + Instructs named to return
│ │ │ │ │ +dns64 mapped IPv4 addresses to query
│ │ │ │ │ + AAAA queries when there are
│ │ │ │ │ + no AAAA records.
│ │ │ │ │ +dns64-contact Specifies the name of the server
│ │ │ │ │ + contact for dns64 zones.
│ │ │ │ │ +dns64-server Specifies the name of the server
│ │ │ │ │ + server for dns64 zones.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +dnskey-sig-validity days in the future when dnssec
│ │ │ │ │ + automatically generated
│ │ │ │ │ + DNSSEC signatures expire.
│ │ │ │ │ + Specifies the time to live
│ │ │ │ │ +dnskey-ttl (TTL) for DNSKEY resource dnssec
│ │ │ │ │ + records.
│ │ │ │ │ + Turns on the DNS Response
│ │ │ │ │ +dnsrps-enable Policy Service (DNSRPS) server, security
│ │ │ │ │ + interface.
│ │ │ │ │ + Provides additional RPZ
│ │ │ │ │ + configuration settings,
│ │ │ │ │ +dnsrps-options which are passed to the DNS server, security
│ │ │ │ │ + Response Policy Service
│ │ │ │ │ + (DNSRPS) provider library.
│ │ │ │ │ + Instructs BIND 9 to accept
│ │ │ │ │ +dnssec-accept-expired expired DNSSEC signatures dnssec
│ │ │ │ │ + when validating.
│ │ │ │ │ + Specifies that only key-
│ │ │ │ │ + signing keys are used to
│ │ │ │ │ +dnssec-dnskey-kskonly sign the DNSKEY, CDNSKEY, dnssec
│ │ │ │ │ + and CDS RRsets at a zone's
│ │ │ │ │ + apex.
│ │ │ │ │ + Sets the frequency of
│ │ │ │ │ +dnssec-loadkeys-interval automatic checks of the dnssec
│ │ │ │ │ + DNSSEC key repository.
│ │ │ │ │ + Defines hierarchies that
│ │ │ │ │ +dnssec-must-be-secure must or may not be secure deprecated
│ │ │ │ │ + (signed and validated).
│ │ │ │ │ +dnssec-policy Defines a key and signing dnssec
│ │ │ │ │ + policy (KASP) for zones.
│ │ │ │ │ + Allows a dynamic zone to
│ │ │ │ │ +dnssec-secure-to-insecure transition from secure to dnssec
│ │ │ │ │ + insecure by deleting all
│ │ │ │ │ + DNSKEY records.
│ │ │ │ │ + Controls the scheduled
│ │ │ │ │ +dnssec-update-mode maintenance of DNSSEC dnssec
│ │ │ │ │ + signatures.
│ │ │ │ │ +dnssec-validation Enables DNSSEC validation dnssec
│ │ │ │ │ + in named.
│ │ │ │ │ +dnstap Enables logging of dnstap logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies an identity
│ │ │ │ │ +dnstap-identity string to send in dnstap logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Configures the path to
│ │ │ │ │ +dnstap-output which the dnstap frame logging
│ │ │ │ │ + stream is sent.
│ │ │ │ │ +dnstap-version Specifies a version string logging
│ │ │ │ │ + to send in dnstap messages.
│ │ │ │ │ + Sets the Differentiated
│ │ │ │ │ +dscp Services Code Point (DSCP) server, query
│ │ │ │ │ + value (obsolete).
│ │ │ │ │ + Specifies host names or
│ │ │ │ │ +dual-stack-servers addresses of machines with server
│ │ │ │ │ + access to both IPv4 and
│ │ │ │ │ + IPv6 transports.
│ │ │ │ │ + Indicates the pathname of
│ │ │ │ │ +dump-file the file where the server logging
│ │ │ │ │ + dumps the database after
│ │ │ │ │ + rndc_dumpdb.
│ │ │ │ │ +dyndb Configures a DynDB database zone
│ │ │ │ │ + in named.conf.
│ │ │ │ │ +edns Controls the use of the server
│ │ │ │ │ + EDNS0 (RFC_2671) feature.
│ │ │ │ │ + Sets the maximum advertised
│ │ │ │ │ + EDNS UDP buffer size to
│ │ │ │ │ +edns-udp-size control the size of packets query
│ │ │ │ │ + received from authoritative
│ │ │ │ │ + servers in response to
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Sets the maximum EDNS
│ │ │ │ │ +edns-version VERSION that is sent to the server
│ │ │ │ │ + server(s) by the resolver.
│ │ │ │ │ + Specifies the contact name
│ │ │ │ │ +empty-contact in the returned SOA record server, zone
│ │ │ │ │ + for empty zones.
│ │ │ │ │ + Specifies the server name
│ │ │ │ │ +empty-server in the returned SOA record server, zone
│ │ │ │ │ + for empty zones.
│ │ │ │ │ +empty-zones-enable Enables or disables all server, zone
│ │ │ │ │ + empty zones.
│ │ │ │ │ + Specifies a list of HTTP
│ │ │ │ │ +endpoints query paths on which to server, query
│ │ │ │ │ + listen.
│ │ │ │ │ + Limits the number of errors
│ │ │ │ │ +errors-per-second for a valid domain name and server
│ │ │ │ │ + record type.
│ │ │ │ │ + Allows a list of IPv6
│ │ │ │ │ + addresses to be ignored if
│ │ │ │ │ +exclude they appear in a domain query
│ │ │ │ │ + name's AAAA records in
│ │ │ │ │ + dns64.
│ │ │ │ │ + Exempts specific clients or
│ │ │ │ │ +exempt-clients client groups from rate query
│ │ │ │ │ + limiting.
│ │ │ │ │ + Sets the parameters for
│ │ │ │ │ + dynamic resizing of the
│ │ │ │ │ +fetch-quota-params fetches-per-server quota in server, query
│ │ │ │ │ + response to detected
│ │ │ │ │ + congestion.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous iterative
│ │ │ │ │ + queries allowed to be sent
│ │ │ │ │ +fetches-per-server by a server to an upstream server, query
│ │ │ │ │ + name server before the
│ │ │ │ │ + server blocks additional
│ │ │ │ │ + queries.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous iterative
│ │ │ │ │ +fetches-per-zone queries allowed to any one server, query
│ │ │ │ │ + domain before the server
│ │ │ │ │ + blocks new queries for data
│ │ │ │ │ + in or beneath that zone.
│ │ │ │ │ +file Specifies the zone's zone
│ │ │ │ │ + filename.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ +files files the server may have deprecated
│ │ │ │ │ + open concurrently.
│ │ │ │ │ + Controls whether pending
│ │ │ │ │ +flush-zones-on-shutdown zone writes are flushed zone
│ │ │ │ │ + when the name server exits.
│ │ │ │ │ + Allows or disallows
│ │ │ │ │ + fallback to recursion if
│ │ │ │ │ +forward forwarding has failed; it query
│ │ │ │ │ + is always used in
│ │ │ │ │ + conjunction with the
│ │ │ │ │ + forwarders statement.
│ │ │ │ │ + Defines one or more hosts
│ │ │ │ │ +forwarders to which queries are query
│ │ │ │ │ + forwarded.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ +fstrm-set-buffer-hint accumulated bytes in the logging
│ │ │ │ │ + output buffer before
│ │ │ │ │ + forcing a buffer flush.
│ │ │ │ │ + Sets the number of seconds
│ │ │ │ │ +fstrm-set-flush-timeout that unflushed data remains logging
│ │ │ │ │ + in the output buffer.
│ │ │ │ │ + Sets the number of queue
│ │ │ │ │ +fstrm-set-input-queue-size entries to allocate for logging
│ │ │ │ │ + each input queue.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ +fstrm-set-output-notify- outstanding queue entries
│ │ │ │ │ +threshold allowed on an input queue logging
│ │ │ │ │ + before waking the I/
│ │ │ │ │ + O thread.
│ │ │ │ │ +fstrm-set-output-queue- Sets the queuing semantics logging
│ │ │ │ │ +model to use for queue objects.
│ │ │ │ │ + Sets the number of queue
│ │ │ │ │ +fstrm-set-output-queue-size entries allocated for each logging
│ │ │ │ │ + output queue.
│ │ │ │ │ + Sets the number of seconds
│ │ │ │ │ +fstrm-set-reopen-interval to wait between attempts to logging
│ │ │ │ │ + reopen a closed output
│ │ │ │ │ + stream.
│ │ │ │ │ + Specifies the directory
│ │ │ │ │ +geoip-directory containing GeoIP database server
│ │ │ │ │ + files.
│ │ │ │ │ +glue-cache Deprecated. deprecated
│ │ │ │ │ + Sets the interval at which
│ │ │ │ │ +heartbeat-interval the server performs zone deprecated
│ │ │ │ │ + maintenance tasks for all
│ │ │ │ │ + zones marked as dialup.
│ │ │ │ │ + Specifies the hostname of
│ │ │ │ │ +hostname the server to return in server
│ │ │ │ │ + response to a hostname.bind
│ │ │ │ │ + query.
│ │ │ │ │ + Configures HTTP endpoints
│ │ │ │ │ +http on which to listen for DNS- server, query
│ │ │ │ │ + over-HTTPS (DoH) queries.
│ │ │ │ │ + Limits the number of active
│ │ │ │ │ +http-listener-clients concurrent connections on a server
│ │ │ │ │ + per-listener basis.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ + number the server uses to
│ │ │ │ │ +http-port receive and send server, query
│ │ │ │ │ + unencrypted DNS traffic via
│ │ │ │ │ + HTTP.
│ │ │ │ │ + Limits the number of active
│ │ │ │ │ +http-streams-per-connection concurrent HTTP/2 streams server
│ │ │ │ │ + on a per-connection basis.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +https-port number the server uses to server, query
│ │ │ │ │ + receive and send DNS-over-
│ │ │ │ │ + HTTPS protocol traffic.
│ │ │ │ │ +in-view Specifies the view in which zone, view
│ │ │ │ │ + a given zone is defined.
│ │ │ │ │ +inet Specifies a TCP socket as a server
│ │ │ │ │ + control channel.
│ │ │ │ │ + Specifies whether BIND 9
│ │ │ │ │ +inline-signing maintains a separate signed zone, dnssec
│ │ │ │ │ + version of a zone.
│ │ │ │ │ + Sets the interval at which
│ │ │ │ │ +interface-interval the server scans the server
│ │ │ │ │ + network interface list.
│ │ │ │ │ + Specifies the prefix
│ │ │ │ │ +ipv4-prefix-length lengths of IPv4 address server
│ │ │ │ │ + blocks.
│ │ │ │ │ + Specifies the contact for
│ │ │ │ │ +ipv4only-contact the IPV4ONLY.ARPA zone server
│ │ │ │ │ + created by dns64.
│ │ │ │ │ + Enables automatic IPv4
│ │ │ │ │ +ipv4only-enable zones if a dns64 block is query
│ │ │ │ │ + configured.
│ │ │ │ │ + Specifies the name of the
│ │ │ │ │ +ipv4only-server server for the server, query
│ │ │ │ │ + IPV4ONLY.ARPA zone created
│ │ │ │ │ + by dns64.
│ │ │ │ │ + Specifies the prefix
│ │ │ │ │ +ipv6-prefix-length lengths of IPv6 address server
│ │ │ │ │ + blocks.
│ │ │ │ │ +ixfr-from-differences Controls how IXFR transfers transfer
│ │ │ │ │ + are calculated.
│ │ │ │ │ + Allows the default
│ │ │ │ │ +journal journal's filename to be zone
│ │ │ │ │ + overridden.
│ │ │ │ │ + Defines an
│ │ │ │ │ + address_match_list of
│ │ │ │ │ +keep-response-order addresses which do not server
│ │ │ │ │ + accept reordered answers
│ │ │ │ │ + within a single TCP stream.
│ │ │ │ │ + Defines a shared secret key
│ │ │ │ │ +key for use with TSIG or the security
│ │ │ │ │ + command channel.
│ │ │ │ │ + Indicates the directory
│ │ │ │ │ +key-directory where public and private dnssec
│ │ │ │ │ + DNSSEC key files are found.
│ │ │ │ │ + Specifies the path to a
│ │ │ │ │ +key-file file containing the private server, security
│ │ │ │ │ + TLS key for a connection.
│ │ │ │ │ + Specifies one or more
│ │ │ │ │ +keys server_key s to be used server, security
│ │ │ │ │ + with a remote server.
│ │ │ │ │ +lame-ttl Sets the resolver's lame server
│ │ │ │ │ + cache.
│ │ │ │ │ + Specifies the IPv4
│ │ │ │ │ +listen-on addresses on which a server server
│ │ │ │ │ + listens for DNS queries.
│ │ │ │ │ + Specifies the IPv6
│ │ │ │ │ +listen-on-v6 addresses on which a server server
│ │ │ │ │ + listens for DNS queries.
│ │ │ │ │ + Specifies a per-listener
│ │ │ │ │ +listener-clients quota for active server, query
│ │ │ │ │ + connections.
│ │ │ │ │ + Sets a maximum size for the
│ │ │ │ │ +lmdb-mapsize memory map of the new-zone server
│ │ │ │ │ + database in LMDB database
│ │ │ │ │ + format.
│ │ │ │ │ + Sets the pathname of the
│ │ │ │ │ + file on which named
│ │ │ │ │ +lock-file attempts to acquire a file server
│ │ │ │ │ + lock when starting for the
│ │ │ │ │ + first time.
│ │ │ │ │ + Tests rate-limiting
│ │ │ │ │ +log-only parameters without actually logging, query
│ │ │ │ │ + dropping any requests.
│ │ │ │ │ +logging Configures logging options logging
│ │ │ │ │ + for the name server.
│ │ │ │ │ +managed-keys Deprecated, use trust- deprecated
│ │ │ │ │ + anchors.
│ │ │ │ │ + Specifies the directory in
│ │ │ │ │ +managed-keys-directory which to store the files dnssec
│ │ │ │ │ + that track managed DNSSEC
│ │ │ │ │ + keys.
│ │ │ │ │ + Specifies an access control
│ │ │ │ │ + list (ACL) of IPv4
│ │ │ │ │ +mapped addresses that are to be query
│ │ │ │ │ + mapped to the corresponding
│ │ │ │ │ + A RRset in dns64.
│ │ │ │ │ +masterfile-format Specifies the file format server, zone
│ │ │ │ │ + of zone files.
│ │ │ │ │ + Specifies the format of
│ │ │ │ │ +masterfile-style zone files during a dump, server
│ │ │ │ │ + when the masterfile-format
│ │ │ │ │ + is text.
│ │ │ │ │ + Specifies a view of DNS
│ │ │ │ │ +match-clients namespace for a given view
│ │ │ │ │ + subset of client IP
│ │ │ │ │ + addresses.
│ │ │ │ │ + Specifies a view of DNS
│ │ │ │ │ +match-destinations namespace for a given view
│ │ │ │ │ + subset of destination IP
│ │ │ │ │ + addresses.
│ │ │ │ │ + Allows IPv4-mapped IPv6
│ │ │ │ │ + addresses to match address-
│ │ │ │ │ +match-mapped-addresses match list entries for server
│ │ │ │ │ + corresponding IPv4
│ │ │ │ │ + addresses.
│ │ │ │ │ + Specifies that only
│ │ │ │ │ +match-recursive-only recursive requests can view
│ │ │ │ │ + match this view of the DNS
│ │ │ │ │ + namespace.
│ │ │ │ │ + Sets the maximum amount of
│ │ │ │ │ + memory to use for an
│ │ │ │ │ +max-cache-size individual cache database server
│ │ │ │ │ + and its associated
│ │ │ │ │ + metadata.
│ │ │ │ │ + Specifies the maximum time
│ │ │ │ │ +max-cache-ttl (in seconds) that the server
│ │ │ │ │ + server caches ordinary
│ │ │ │ │ + (positive) answers.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous recursive
│ │ │ │ │ +max-clients-per-query clients accepted by the server
│ │ │ │ │ + server for any given query
│ │ │ │ │ + before the server drops
│ │ │ │ │ + additional clients.
│ │ │ │ │ + Sets the maximum size for
│ │ │ │ │ +max-ixfr-ratio IXFR responses to zone transfer
│ │ │ │ │ + transfer requests.
│ │ │ │ │ +max-journal-size Controls the size of transfer
│ │ │ │ │ + journal files.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ + retention time (in seconds)
│ │ │ │ │ +max-ncache-ttl for storage of negative server
│ │ │ │ │ + answers in the server's
│ │ │ │ │ + cache.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ +max-records records permitted in a server, zone
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + levels of recursion
│ │ │ │ │ +max-recursion-depth permitted at any one time server
│ │ │ │ │ + while servicing a recursive
│ │ │ │ │ + query.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ +max-recursion-queries iterative queries while server, query
│ │ │ │ │ + servicing a recursive
│ │ │ │ │ + query.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +max-refresh-time interval to no less often transfer
│ │ │ │ │ + than the specified value,
│ │ │ │ │ + in seconds.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +max-retry-time retry interval to no less transfer
│ │ │ │ │ + often than the specified
│ │ │ │ │ + value, in seconds.
│ │ │ │ │ + Sets the maximum RSA
│ │ │ │ │ +max-rsa-exponent-size exponent size (in bits) dnssec, query
│ │ │ │ │ + when validating.
│ │ │ │ │ + Specifies the maximum time
│ │ │ │ │ + that the server retains
│ │ │ │ │ +max-stale-ttl records past their normal server
│ │ │ │ │ + expiry, to return them as
│ │ │ │ │ + stale records.
│ │ │ │ │ + Sets the maximum size of
│ │ │ │ │ +max-table-size the table used to track server
│ │ │ │ │ + requests and rate-limit
│ │ │ │ │ + responses.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +max-transfer-idle-in minutes after which inbound transfer
│ │ │ │ │ + zone transfers making no
│ │ │ │ │ + progress are terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ + minutes after which
│ │ │ │ │ +max-transfer-idle-out outbound zone transfers transfer
│ │ │ │ │ + making no progress are
│ │ │ │ │ + terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +max-transfer-time-in minutes after which inbound transfer
│ │ │ │ │ + zone transfers are
│ │ │ │ │ + terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +max-transfer-time-out minutes after which transfer
│ │ │ │ │ + outbound zone transfers are
│ │ │ │ │ + terminated.
│ │ │ │ │ +max-udp-size Sets the maximum EDNS UDP query
│ │ │ │ │ + message size sent by named.
│ │ │ │ │ + Specifies a maximum
│ │ │ │ │ +max-zone-ttl permissible time-to-live zone, query
│ │ │ │ │ + (TTL) value, in seconds.
│ │ │ │ │ + Controls whether memory
│ │ │ │ │ +memstatistics statistics are written to logging, server
│ │ │ │ │ + the file specified by
│ │ │ │ │ + memstatistics-file at exit.
│ │ │ │ │ + Sets the pathname of the
│ │ │ │ │ +memstatistics-file file where the server logging
│ │ │ │ │ + writes memory usage
│ │ │ │ │ + statistics on exit.
│ │ │ │ │ + Controls whether DNS name
│ │ │ │ │ +message-compression compression is used in query
│ │ │ │ │ + responses to regular
│ │ │ │ │ + queries.
│ │ │ │ │ + Specifies the minimum time
│ │ │ │ │ +min-cache-ttl (in seconds) that the server
│ │ │ │ │ + server caches ordinary
│ │ │ │ │ + (positive) answers.
│ │ │ │ │ + Specifies the minimum
│ │ │ │ │ + retention time (in seconds)
│ │ │ │ │ +min-ncache-ttl for storage of negative server
│ │ │ │ │ + answers in the server's
│ │ │ │ │ + cache.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +min-refresh-time interval to no more often transfer
│ │ │ │ │ + than the specified value,
│ │ │ │ │ + in seconds.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +min-retry-time retry interval to no more transfer
│ │ │ │ │ + often than the specified
│ │ │ │ │ + value, in seconds.
│ │ │ │ │ + Sets the minimum size of
│ │ │ │ │ +min-table-size the table used to track query
│ │ │ │ │ + requests and rate-limit
│ │ │ │ │ + responses.
│ │ │ │ │ + Controls whether the server
│ │ │ │ │ + replies with only one of
│ │ │ │ │ +minimal-any the RRsets for a query query
│ │ │ │ │ + name, when generating a
│ │ │ │ │ + positive response to a
│ │ │ │ │ + query of type ANY over UDP.
│ │ │ │ │ + Controls whether the server
│ │ │ │ │ + only adds records to the
│ │ │ │ │ + authority and additional
│ │ │ │ │ +minimal-responses data sections when they are query
│ │ │ │ │ + required (e.g. delegations,
│ │ │ │ │ + negative responses). This
│ │ │ │ │ + improves server
│ │ │ │ │ + performance.
│ │ │ │ │ + Controls whether serial
│ │ │ │ │ +multi-master number mismatch errors are transfer
│ │ │ │ │ + logged.
│ │ │ │ │ + Specifies the directory
│ │ │ │ │ + where configuration
│ │ │ │ │ +new-zones-directory parameters are stored for zone
│ │ │ │ │ + zones added by rndc
│ │ │ │ │ + addzone.
│ │ │ │ │ + Specifies a list of
│ │ │ │ │ +no-case-compress addresses that require server
│ │ │ │ │ + case-insensitive
│ │ │ │ │ + compression in responses.
│ │ │ │ │ + Sets the maximum size of
│ │ │ │ │ +nocookie-udp-size UDP responses that are sent query
│ │ │ │ │ + to queries without a valid
│ │ │ │ │ + server COOKIE.
│ │ │ │ │ + Limits the number of empty
│ │ │ │ │ +nodata-per-second (NODATA) responses for a query
│ │ │ │ │ + valid domain name.
│ │ │ │ │ + Controls whether NOTIFY
│ │ │ │ │ +notify messages are sent on zone transfer
│ │ │ │ │ + changes.
│ │ │ │ │ + Sets the delay (in seconds)
│ │ │ │ │ +notify-delay between sending sets of zone, transfer
│ │ │ │ │ + NOTIFY messages for a zone.
│ │ │ │ │ + Specifies the rate at which
│ │ │ │ │ +notify-rate NOTIFY requests are sent zone, transfer
│ │ │ │ │ + during normal zone
│ │ │ │ │ + maintenance operations.
│ │ │ │ │ + Defines the IPv4 address
│ │ │ │ │ +notify-source (and optional port) to be transfer
│ │ │ │ │ + used for outgoing NOTIFY
│ │ │ │ │ + messages.
│ │ │ │ │ + Defines the IPv6 address
│ │ │ │ │ +notify-source-v6 (and optional port) to be transfer
│ │ │ │ │ + used for outgoing NOTIFY
│ │ │ │ │ + messages.
│ │ │ │ │ + Controls whether the name
│ │ │ │ │ +notify-to-soa servers in the NS RRset are transfer
│ │ │ │ │ + checked against the SOA
│ │ │ │ │ + MNAME.
│ │ │ │ │ + Specifies the use of NSEC3
│ │ │ │ │ +nsec3param instead of NSEC, and sets dnssec
│ │ │ │ │ + NSEC3 parameters.
│ │ │ │ │ + Specifies the lifetime, in
│ │ │ │ │ +nta-lifetime seconds, for negative trust dnssec
│ │ │ │ │ + anchors added via rndc_nta.
│ │ │ │ │ + Specifies the time interval
│ │ │ │ │ + for checking whether
│ │ │ │ │ +nta-recheck negative trust anchors dnssec
│ │ │ │ │ + added via rndc_nta are
│ │ │ │ │ + still necessary.
│ │ │ │ │ + Causes all messages sent to
│ │ │ │ │ +null the logging channel to be logging
│ │ │ │ │ + discarded.
│ │ │ │ │ + Appends the specified
│ │ │ │ │ + suffix to the original
│ │ │ │ │ +nxdomain-redirect query name, when replacing query
│ │ │ │ │ + an NXDOMAIN with a redirect
│ │ │ │ │ + namespace.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +nxdomains-per-second undefined subdomains for a query
│ │ │ │ │ + valid domain name.
│ │ │ │ │ +options Defines global options to server
│ │ │ │ │ + be used by BIND 9.
│ │ │ │ │ + Adds EDNS Padding options
│ │ │ │ │ +padding to outgoing messages to server
│ │ │ │ │ + increase the packet size.
│ │ │ │ │ + Sets the time to live (TTL)
│ │ │ │ │ +parent-ds-ttl of the DS RRset used by the dnssec
│ │ │ │ │ + parent zone.
│ │ │ │ │ + Sets the propagation delay
│ │ │ │ │ + from the time the parent
│ │ │ │ │ +parent-propagation-delay zone is updated to when the zone, dnssec
│ │ │ │ │ + new version is served by
│ │ │ │ │ + all of the parent zone's
│ │ │ │ │ + name servers.
│ │ │ │ │ + Defines a list of
│ │ │ │ │ +parental-agents delegation agents to be zone
│ │ │ │ │ + used by primary and
│ │ │ │ │ + secondary zones.
│ │ │ │ │ + Specifies which local IPv4
│ │ │ │ │ +parental-source source address is used to dnssec
│ │ │ │ │ + send parental DS queries.
│ │ │ │ │ + Specifies which local IPv6
│ │ │ │ │ +parental-source-v6 source address is used to dnssec
│ │ │ │ │ + send parental DS queries.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +pid-file the file where the server server
│ │ │ │ │ + writes its process ID.
│ │ │ │ │ +plugin Configures plugins in server
│ │ │ │ │ + named.conf.
│ │ │ │ │ + Specifies the UDP/TCP port
│ │ │ │ │ +port number the server uses to server, query
│ │ │ │ │ + receive and send DNS
│ │ │ │ │ + protocol traffic.
│ │ │ │ │ + Specifies that server
│ │ │ │ │ +prefer-server-ciphers ciphers should be preferred server, security
│ │ │ │ │ + over client ones.
│ │ │ │ │ + Controls the order of glue
│ │ │ │ │ +preferred-glue records in an A or AAAA query
│ │ │ │ │ + response.
│ │ │ │ │ + Specifies the "trigger"
│ │ │ │ │ +prefetch time-to-live (TTL) value at query
│ │ │ │ │ + which prefetch of the
│ │ │ │ │ + current query takes place.
│ │ │ │ │ +primaries Defines one or more primary zone
│ │ │ │ │ + servers for a zone.
│ │ │ │ │ +print-category Includes the category in logging
│ │ │ │ │ + log messages.
│ │ │ │ │ +print-severity Includes the severity in logging
│ │ │ │ │ + log messages.
│ │ │ │ │ +print-time Specifies the time format logging
│ │ │ │ │ + for log messages.
│ │ │ │ │ + Specifies the allowed
│ │ │ │ │ +protocols versions of the TLS security
│ │ │ │ │ + protocol.
│ │ │ │ │ + Controls whether a primary
│ │ │ │ │ + responds to an incremental
│ │ │ │ │ +provide-ixfr zone request (IXFR) or only transfer
│ │ │ │ │ + responds with a full zone
│ │ │ │ │ + transfer (AXFR).
│ │ │ │ │ + Increases the amount of
│ │ │ │ │ + time between when keys are
│ │ │ │ │ +publish-safety published and when they dnssec
│ │ │ │ │ + become active, to allow for
│ │ │ │ │ + unforeseen events.
│ │ │ │ │ + Specifies the amount of
│ │ │ │ │ + time after which DNSSEC
│ │ │ │ │ +purge-keys keys that have been deleted dnssec
│ │ │ │ │ + from the zone can be
│ │ │ │ │ + removed from disk.
│ │ │ │ │ + Controls QNAME minimization
│ │ │ │ │ +qname-minimization behavior in the BIND 9 query
│ │ │ │ │ + resolver.
│ │ │ │ │ + Tightens defenses during
│ │ │ │ │ +qps-scale DNS attacks by scaling back query
│ │ │ │ │ + the ratio of the current
│ │ │ │ │ + query-per-second rate.
│ │ │ │ │ + Controls the IPv4 address
│ │ │ │ │ +query-source from which queries are query
│ │ │ │ │ + issued.
│ │ │ │ │ + Controls the IPv6 address
│ │ │ │ │ +query-source-v6 from which queries are query
│ │ │ │ │ + issued.
│ │ │ │ │ + Specifies whether query
│ │ │ │ │ +querylog logging should be active logging, server
│ │ │ │ │ + when named first starts.
│ │ │ │ │ + Controls excessive UDP
│ │ │ │ │ + responses, to prevent BIND
│ │ │ │ │ +rate-limit 9 from being used to query
│ │ │ │ │ + amplify reflection denial-
│ │ │ │ │ + of-service (DoS) attacks.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ + the file where the server
│ │ │ │ │ +recursing-file dumps queries that are server
│ │ │ │ │ + currently recursing via
│ │ │ │ │ + rndc_recursing.
│ │ │ │ │ +recursion Defines whether recursion query
│ │ │ │ │ + and caching are allowed.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +recursive-clients number of concurrent query
│ │ │ │ │ + recursive queries the
│ │ │ │ │ + server can perform.
│ │ │ │ │ + Toggles whether dns64
│ │ │ │ │ +recursive-only synthesis occurs only for query
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +referrals-per-second referrals or delegations to query
│ │ │ │ │ + a server for a given
│ │ │ │ │ + domain.
│ │ │ │ │ + Specifies the expected
│ │ │ │ │ +remote-hostname hostname in the TLS security
│ │ │ │ │ + certificate of the remote
│ │ │ │ │ + server.
│ │ │ │ │ + Specifies whether the local
│ │ │ │ │ +request-expire server requests the EDNS query, transfer
│ │ │ │ │ + EXPIRE value, when acting
│ │ │ │ │ + as a secondary.
│ │ │ │ │ + Controls whether a
│ │ │ │ │ + secondary requests an
│ │ │ │ │ +request-ixfr incremental zone transfer transfer
│ │ │ │ │ + (IXFR) or a full zone
│ │ │ │ │ + transfer (AXFR).
│ │ │ │ │ + Controls whether an empty
│ │ │ │ │ + EDNS(0) NSID (Name Server
│ │ │ │ │ + Identifier) option is sent
│ │ │ │ │ +request-nsid with all queries to query
│ │ │ │ │ + authoritative name servers
│ │ │ │ │ + during iterative
│ │ │ │ │ + resolution.
│ │ │ │ │ + Controls whether a valid
│ │ │ │ │ +require-server-cookie server cookie is required query
│ │ │ │ │ + before sending a full
│ │ │ │ │ + response to a UDP request.
│ │ │ │ │ +reserved-sockets Deprecated. deprecated
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +resolver-nonbackoff-tries retries before exponential server
│ │ │ │ │ + backoff.
│ │ │ │ │ + Specifies the length of
│ │ │ │ │ + time, in milliseconds, that
│ │ │ │ │ +resolver-query-timeout a resolver attempts to query
│ │ │ │ │ + resolve a recursive query
│ │ │ │ │ + before failing.
│ │ │ │ │ +resolver-retry-interval Sets the base retry server, query
│ │ │ │ │ + interval (in milliseconds).
│ │ │ │ │ + Adds an EDNS Padding option
│ │ │ │ │ + to encrypted messages, to
│ │ │ │ │ +response-padding reduce the chance of query
│ │ │ │ │ + guessing the contents based
│ │ │ │ │ + on size.
│ │ │ │ │ + Specifies response policy server, zone, security,
│ │ │ │ │ +response-policy zones for the view or among query
│ │ │ │ │ + global options.
│ │ │ │ │ + Limits the number of non-
│ │ │ │ │ +responses-per-second empty responses for a valid query
│ │ │ │ │ + domain name and record
│ │ │ │ │ + type.
│ │ │ │ │ + Increases the amount of
│ │ │ │ │ + time a key remains
│ │ │ │ │ +retire-safety published after it is no dnssec
│ │ │ │ │ + longer active, to allow for
│ │ │ │ │ + unforeseen events.
│ │ │ │ │ +reuseport Enables kernel load- server
│ │ │ │ │ + balancing of sockets.
│ │ │ │ │ + Turns on enforcement of
│ │ │ │ │ + delegation-only in top-
│ │ │ │ │ +root-delegation-only level domains (TLDs) and deprecated
│ │ │ │ │ + root zones with an optional
│ │ │ │ │ + exclude list.
│ │ │ │ │ + Controls whether BIND 9
│ │ │ │ │ +root-key-sentinel responds to root key server
│ │ │ │ │ + sentinel probes.
│ │ │ │ │ + Defines the order in which
│ │ │ │ │ +rrset-order equal RRs (RRsets) are query
│ │ │ │ │ + returned.
│ │ │ │ │ + Specifies whether a
│ │ │ │ │ +search Dynamically Loadable Zone query
│ │ │ │ │ + (DLZ) module is queried for
│ │ │ │ │ + an answer to a query name.
│ │ │ │ │ + Defines a Base64-encoded
│ │ │ │ │ +secret string to be used as the security
│ │ │ │ │ + secret by the algorithm.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +secroots-file the file where the server dnssec
│ │ │ │ │ + dumps security roots, when
│ │ │ │ │ + using rndc_secroots.
│ │ │ │ │ + Controls whether a COOKIE
│ │ │ │ │ +send-cookie EDNS option is sent along query
│ │ │ │ │ + with a query.
│ │ │ │ │ + Defines an upper limit on
│ │ │ │ │ + the number of queries per
│ │ │ │ │ +serial-query-rate second issued by the transfer
│ │ │ │ │ + server, when querying the
│ │ │ │ │ + SOA RRs used for zone
│ │ │ │ │ + transfers.
│ │ │ │ │ + Specifies the update method
│ │ │ │ │ +serial-update-method to be used for the zone zone
│ │ │ │ │ + serial number in the SOA
│ │ │ │ │ + record.
│ │ │ │ │ + Defines characteristics to
│ │ │ │ │ +server be associated with a remote server
│ │ │ │ │ + name server.
│ │ │ │ │ + Specifies a list of IP
│ │ │ │ │ + addresses to which queries
│ │ │ │ │ +server-addresses should be sent in recursive zone, query
│ │ │ │ │ + resolution for a static-
│ │ │ │ │ + stub zone.
│ │ │ │ │ + Specifies the ID of the
│ │ │ │ │ +server-id server to return in server
│ │ │ │ │ + response to a ID.SERVER
│ │ │ │ │ + query.
│ │ │ │ │ + Specifies a list of domain
│ │ │ │ │ + names of name servers that
│ │ │ │ │ +server-names act as authoritative zone
│ │ │ │ │ + servers of a static-stub
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the length of time (in
│ │ │ │ │ +servfail-ttl seconds) that a SERVFAIL server
│ │ │ │ │ + response is cached.
│ │ │ │ │ + Specifies the algorithm to
│ │ │ │ │ +session-keyalg use for the TSIG session security
│ │ │ │ │ + key.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ + the file where a TSIG
│ │ │ │ │ +session-keyfile session key is written, security
│ │ │ │ │ + when generated by named for
│ │ │ │ │ + use by nsupdate -l.
│ │ │ │ │ +session-keyname Specifies the key name for security
│ │ │ │ │ + the TSIG session key.
│ │ │ │ │ + Enables or disables session
│ │ │ │ │ +session-tickets resumption through TLS security
│ │ │ │ │ + session tickets.
│ │ │ │ │ +severity Defines the priority level logging
│ │ │ │ │ + of log messages.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ + number of nodes to be
│ │ │ │ │ +sig-signing-nodes examined in each quantum, dnssec
│ │ │ │ │ + when signing a zone with a
│ │ │ │ │ + new DNSKEY.
│ │ │ │ │ + Specifies the threshold for
│ │ │ │ │ + the number of signatures
│ │ │ │ │ +sig-signing-signatures that terminates processing dnssec
│ │ │ │ │ + a quantum, when signing a
│ │ │ │ │ + zone with a new DNSKEY.
│ │ │ │ │ + Specifies a private RDATA
│ │ │ │ │ +sig-signing-type type to use when generating dnssec
│ │ │ │ │ + signing-state records.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +sig-validity-interval number of days that RRSIGs dnssec
│ │ │ │ │ + generated by named are
│ │ │ │ │ + valid.
│ │ │ │ │ +signatures-refresh Specifies how frequently an dnssec
│ │ │ │ │ + RRSIG record is refreshed.
│ │ │ │ │ +signatures-validity Indicates the validity dnssec
│ │ │ │ │ + period of an RRSIG record.
│ │ │ │ │ +signatures-validity-dnskey Indicates the validity dnssec
│ │ │ │ │ + period of DNSKEY records.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ + "slipped" responses to
│ │ │ │ │ +slip minimize the use of forged query
│ │ │ │ │ + source addresses for an
│ │ │ │ │ + attack.
│ │ │ │ │ + Controls the ordering of
│ │ │ │ │ +sortlist RRs returned to the client, query
│ │ │ │ │ + based on the client's IP
│ │ │ │ │ + address.
│ │ │ │ │ + Sets the maximum amount of
│ │ │ │ │ +stacksize stack memory that can be deprecated
│ │ │ │ │ + used by the server.
│ │ │ │ │ + Defines the amount of time
│ │ │ │ │ + (in milliseconds) that
│ │ │ │ │ +stale-answer-client-timeout named waits before server, query
│ │ │ │ │ + attempting to answer a
│ │ │ │ │ + query with a stale RRset
│ │ │ │ │ + from cache.
│ │ │ │ │ + Enables the returning of
│ │ │ │ │ +stale-answer-enable "stale" cached answers when server, query
│ │ │ │ │ + the name servers for a zone
│ │ │ │ │ + are not answering.
│ │ │ │ │ + Specifies the time to live
│ │ │ │ │ +stale-answer-ttl (TTL) to be returned on query
│ │ │ │ │ + stale answers, in seconds.
│ │ │ │ │ +stale-cache-enable Enables the retention of server, query
│ │ │ │ │ + "stale" cached answers.
│ │ │ │ │ + Sets the time window for
│ │ │ │ │ + the return of "stale"
│ │ │ │ │ + cached answers before the
│ │ │ │ │ +stale-refresh-time next attempt to contact, if server, query
│ │ │ │ │ + the name servers for a
│ │ │ │ │ + given zone are not
│ │ │ │ │ + responding.
│ │ │ │ │ + Specifies the rate at which
│ │ │ │ │ + NOTIFY requests are sent
│ │ │ │ │ +startup-notify-rate when the name server is zone, transfer
│ │ │ │ │ + first starting, or when new
│ │ │ │ │ + zones have been added.
│ │ │ │ │ + Specifies the communication
│ │ │ │ │ + channels to be used by
│ │ │ │ │ +statistics-channels system administrators to logging
│ │ │ │ │ + access statistics
│ │ │ │ │ + information on the name
│ │ │ │ │ + server.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +statistics-file the file where the server logging, server
│ │ │ │ │ + appends statistics, when
│ │ │ │ │ + using rndc_stats.
│ │ │ │ │ + Directs the logging channel
│ │ │ │ │ +stderr output to the server's logging
│ │ │ │ │ + standard error stream.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +streams-per-connection number of concurrent HTTP/ server, query
│ │ │ │ │ + 2 streams over an HTTP/
│ │ │ │ │ + 2 connection.
│ │ │ │ │ + Defines trailing bits for
│ │ │ │ │ +suffix mapped IPv4 address bits in query
│ │ │ │ │ + dns64.
│ │ │ │ │ + Enables support for RFC
│ │ │ │ │ +synth-from-dnssec 8198, Aggressive Use of dnssec
│ │ │ │ │ + DNSSEC-Validated Cache.
│ │ │ │ │ +syslog Directs the logging channel logging
│ │ │ │ │ + to the system log.
│ │ │ │ │ + Sets the timeout value (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +tcp-advertised-timeout server sends in responses query
│ │ │ │ │ + containing the EDNS TCP
│ │ │ │ │ + keepalive option.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +tcp-clients number of simultaneous server
│ │ │ │ │ + client TCP connections
│ │ │ │ │ + accepted by the server.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ + server waits on an idle TCP
│ │ │ │ │ +tcp-idle-timeout connection before closing query
│ │ │ │ │ + it, if the EDNS TCP
│ │ │ │ │ + keepalive option is not in
│ │ │ │ │ + use.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +tcp-initial-timeout server waits on a new TCP server, query
│ │ │ │ │ + connection for the first
│ │ │ │ │ + message from the client.
│ │ │ │ │ +tcp-keepalive Adds EDNS TCP keepalive to server
│ │ │ │ │ + messages sent over TCP.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +tcp-keepalive-timeout server waits on an idle TCP query
│ │ │ │ │ + connection before closing
│ │ │ │ │ + it, if the EDNS TCP
│ │ │ │ │ + keepalive option is in use.
│ │ │ │ │ +tcp-listen-queue Sets the listen-queue server
│ │ │ │ │ + depth.
│ │ │ │ │ +tcp-only Sets the transport protocol server
│ │ │ │ │ + to TCP.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +tcp-receive-buffer receive buffer size for TCP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +tcp-send-buffer send buffer size for TCP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the Diffie-Hellman key
│ │ │ │ │ +tkey-dhkey used by the server to deprecated
│ │ │ │ │ + generate shared keys.
│ │ │ │ │ + Sets the domain appended to
│ │ │ │ │ +tkey-domain the names of all shared security
│ │ │ │ │ + keys generated with TKEY.
│ │ │ │ │ + Sets the security
│ │ │ │ │ + credential for
│ │ │ │ │ +tkey-gssapi-credential authentication keys security
│ │ │ │ │ + requested by the GSS-TSIG
│ │ │ │ │ + protocol.
│ │ │ │ │ + Sets the KRB5 keytab file
│ │ │ │ │ +tkey-gssapi-keytab to use for GSS-TSIG security
│ │ │ │ │ + updates.
│ │ │ │ │ +tls Configures a TLS security
│ │ │ │ │ + connection.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +tls-port number the server uses to server, query
│ │ │ │ │ + receive and send DNS-over-
│ │ │ │ │ + TLS protocol traffic.
│ │ │ │ │ + Controls whether multiple
│ │ │ │ │ +transfer-format records can be packed into transfer
│ │ │ │ │ + a message during zone
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the uncompressed
│ │ │ │ │ +transfer-message-size size of DNS messages used transfer
│ │ │ │ │ + in zone transfers over TCP.
│ │ │ │ │ + Defines which local IPv4
│ │ │ │ │ + address(es) are bound to
│ │ │ │ │ +transfer-source TCP connections used to transfer
│ │ │ │ │ + fetch zones transferred
│ │ │ │ │ + inbound by the server.
│ │ │ │ │ + Defines which local IPv6
│ │ │ │ │ + address(es) are bound to
│ │ │ │ │ +transfer-source-v6 TCP connections used to transfer
│ │ │ │ │ + fetch zones transferred
│ │ │ │ │ + inbound by the server.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +transfers concurrent inbound zone server
│ │ │ │ │ + transfers from a server.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +transfers-in concurrent inbound zone transfer
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +transfers-out concurrent outbound zone transfer
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +transfers-per-ns concurrent inbound zone transfer
│ │ │ │ │ + transfers from a remote
│ │ │ │ │ + server.
│ │ │ │ │ + Instructs named to send
│ │ │ │ │ + specially formed queries
│ │ │ │ │ +trust-anchor-telemetry once per day to domains for dnssec
│ │ │ │ │ + which trust anchors have
│ │ │ │ │ + been configured.
│ │ │ │ │ +trust-anchors Defines DNSSEC trust dnssec
│ │ │ │ │ + anchors.
│ │ │ │ │ +trusted-keys Deprecated, use trust- deprecated
│ │ │ │ │ + anchors.
│ │ │ │ │ + Specifies that BIND 9
│ │ │ │ │ +try-tcp-refresh should attempt to refresh a transfer
│ │ │ │ │ + zone using TCP if UDP
│ │ │ │ │ + queries fail.
│ │ │ │ │ +type Specifies the kind of zone zone
│ │ │ │ │ + in a given configuration.
│ │ │ │ │ + Enforces the delegation-
│ │ │ │ │ +type_delegation-only only status of deprecated
│ │ │ │ │ + infrastructure zones (COM,
│ │ │ │ │ + NET, ORG, etc.).
│ │ │ │ │ + Contains forwarding
│ │ │ │ │ +type_forward statements that apply to zone
│ │ │ │ │ + queries within a given
│ │ │ │ │ + domain.
│ │ │ │ │ + Contains the initial set of
│ │ │ │ │ +type_hint root name servers to be zone
│ │ │ │ │ + used at BIND 9 startup.
│ │ │ │ │ + Contains a DNSSEC-validated
│ │ │ │ │ +type_mirror duplicate of the main data zone
│ │ │ │ │ + for a zone.
│ │ │ │ │ +type_primary Contains the main copy of zone
│ │ │ │ │ + the data for a zone.
│ │ │ │ │ + Contains information to
│ │ │ │ │ +type_redirect answer queries when normal zone
│ │ │ │ │ + resolution would return
│ │ │ │ │ + NXDOMAIN.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ +type_secondary data for a zone that has zone
│ │ │ │ │ + been transferred from a
│ │ │ │ │ + primary server.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ + NS records of a primary
│ │ │ │ │ +type_static-stub zone, but statically zone
│ │ │ │ │ + configured rather than
│ │ │ │ │ + transferred from a primary
│ │ │ │ │ + server.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ +type_stub NS records of a primary zone
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +udp-receive-buffer receive buffer size for UDP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +udp-send-buffer send buffer size for UDP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Specifies a Unix domain
│ │ │ │ │ +unix socket as a control server
│ │ │ │ │ + channel.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ + the KSK bit to determine
│ │ │ │ │ +update-check-ksk how a key should be used, zone, dnssec
│ │ │ │ │ + when generating RRSIGs for
│ │ │ │ │ + a secure zone.
│ │ │ │ │ + Sets fine-grained rules to
│ │ │ │ │ + allow or deny dynamic
│ │ │ │ │ +update-policy updates (DDNS), based on transfer
│ │ │ │ │ + requester identity, updated
│ │ │ │ │ + content, etc.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ +update-quota number of concurrent DNS server
│ │ │ │ │ + UPDATE messages that can be
│ │ │ │ │ + processed by the server.
│ │ │ │ │ + Indicates whether alt-
│ │ │ │ │ +use-alt-transfer-source transfer-source and alt- deprecated
│ │ │ │ │ + transfer-source-v6 can be
│ │ │ │ │ + used.
│ │ │ │ │ + Specifies a list of ports
│ │ │ │ │ +use-v4-udp-ports that are valid sources for deprecated
│ │ │ │ │ + UDP/IPv4 messages.
│ │ │ │ │ + Specifies a list of ports
│ │ │ │ │ +use-v6-udp-ports that are valid sources for deprecated
│ │ │ │ │ + UDP/IPv6 messages.
│ │ │ │ │ + Indicates the number of
│ │ │ │ │ +v6-bias milliseconds of preference server, query
│ │ │ │ │ + to give to IPv6 name
│ │ │ │ │ + servers.
│ │ │ │ │ + Specifies a list of domain
│ │ │ │ │ +validate-except names at and beneath which dnssec
│ │ │ │ │ + DNSSEC validation should
│ │ │ │ │ + not be performed.
│ │ │ │ │ + Specifies the version
│ │ │ │ │ +version number of the server to server
│ │ │ │ │ + return in response to a
│ │ │ │ │ + version.bind query.
│ │ │ │ │ + Allows a name server to
│ │ │ │ │ +view answer a DNS query view
│ │ │ │ │ + differently depending on
│ │ │ │ │ + who is asking.
│ │ │ │ │ + Specifies the length of
│ │ │ │ │ +window time during which responses query
│ │ │ │ │ + are tracked.
│ │ │ │ │ + Specifies whether to set
│ │ │ │ │ + the time to live (TTL) of
│ │ │ │ │ +zero-no-soa-ttl the SOA record to zero, server, zone, query
│ │ │ │ │ + when returning
│ │ │ │ │ + authoritative negative
│ │ │ │ │ + responses to SOA queries.
│ │ │ │ │ + Sets the time to live (TTL)
│ │ │ │ │ +zero-no-soa-ttl-cache to zero when caching a server, zone, query
│ │ │ │ │ + negative response to an SOA
│ │ │ │ │ + query.
│ │ │ │ │ +zone Specifies the zone in a zone
│ │ │ │ │ + BIND 9 configuration.
│ │ │ │ │ + Sets the propagation delay
│ │ │ │ │ + from the time a zone is
│ │ │ │ │ +zone-propagation-delay first updated to when the zone, dnssec
│ │ │ │ │ + new version of the zone is
│ │ │ │ │ + served by all secondary
│ │ │ │ │ + servers.
│ │ │ │ │ + Controls the level of
│ │ │ │ │ +zone-statistics statistics gathered for all logging, zone
│ │ │ │ │ + zones.
│ │ │ │ │
│ │ │ │ │ ***** 8.4. Statements by Tagï *****
│ │ │ │ │ These tables group the various statements permissible in named.conf by their
│ │ │ │ │ corresponding tag.
│ │ │ │ │ **** 8.4.1. DNSSEC Tag Statementsï ****
│ │ │ │ │ Statement Description
│ │ │ │ │ auto-dnssec Permits varying levels of automatic DNSSEC key