--- /srv/reproducible-results/rbuild-debian/r-b-build.w0HucdU8/b1/bind9_9.19.24-185-g392e7199df2-1_arm64.changes +++ /srv/reproducible-results/rbuild-debian/r-b-build.w0HucdU8/b2/bind9_9.19.24-185-g392e7199df2-1_arm64.changes ├── Files │ @@ -1,13 +1,13 @@ │ │ 702b65a8f7d4bafb8737c1d3cfa072c3 666700 debug optional bind9-dbgsym_9.19.24-185-g392e7199df2-1_arm64.deb │ 3ee68e993bb3f72e99eacbf582511fc8 552248 devel optional bind9-dev_9.19.24-185-g392e7199df2-1_arm64.deb │ ff5e81bdbbe7eb1e5710d21c60f12641 428924 debug optional bind9-dnsutils-dbgsym_9.19.24-185-g392e7199df2-1_arm64.deb │ f34d67cef1cdad084b45bf0de95e630c 417768 net standard bind9-dnsutils_9.19.24-185-g392e7199df2-1_arm64.deb │ - 036248bcaee687c270f4f99186e72850 3496972 doc optional bind9-doc_9.19.24-185-g392e7199df2-1_all.deb │ + fc6fa8871565ed364cd227ca84b5e5b1 3496960 doc optional bind9-doc_9.19.24-185-g392e7199df2-1_all.deb │ 262b052f3c9f13b85dc5c01ce52b0c63 103628 debug optional bind9-host-dbgsym_9.19.24-185-g392e7199df2-1_arm64.deb │ d1e7e59b17e518f83217fd8d1e058f89 315072 net standard bind9-host_9.19.24-185-g392e7199df2-1_arm64.deb │ dfced15e6d807f45cf33de383447c5ae 3987680 debug optional bind9-libs-dbgsym_9.19.24-185-g392e7199df2-1_arm64.deb │ d7887eace166bc5ef6c23acf3afa08e0 1331704 libs standard bind9-libs_9.19.24-185-g392e7199df2-1_arm64.deb │ 44862b6d21e5b271e963e3caf49a6fbc 487808 debug optional bind9-utils-dbgsym_9.19.24-185-g392e7199df2-1_arm64.deb │ 99f5ee3e36c5c94328ab4383b7c448c6 432784 net optional bind9-utils_9.19.24-185-g392e7199df2-1_arm64.deb │ 614d8d95aa36df3ac0dde5277b8d7b8b 492568 net optional bind9_9.19.24-185-g392e7199df2-1_arm64.deb ├── bind9-doc_9.19.24-185-g392e7199df2-1_all.deb │ ├── file list │ │ @@ -1,3 +1,3 @@ │ │ -rw-r--r-- 0 0 0 4 2024-06-20 13:11:56.000000 debian-binary │ │ -rw-r--r-- 0 0 0 2012 2024-06-20 13:11:56.000000 control.tar.xz │ │ --rw-r--r-- 0 0 0 3494768 2024-06-20 13:11:56.000000 data.tar.xz │ │ +-rw-r--r-- 0 0 0 3494756 2024-06-20 13:11:56.000000 data.tar.xz │ ├── control.tar.xz │ │ ├── control.tar │ │ │ ├── ./md5sums │ │ │ │ ├── ./md5sums │ │ │ │ │┄ Files differ │ ├── data.tar.xz │ │ ├── data.tar │ │ │ ├── ./usr/share/doc/bind9-doc/arm/reference.html │ │ │ │ @@ -2167,15 +2167,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
Grammar: statistics-file <quoted_string>;
Blocks: options
│ │ │ │ -Tags: server, logging
│ │ │ │ +Tags: logging, server
│ │ │ │Specifies the pathname of the file where the server appends statistics, when using rndc stats
.
This is the pathname of the file the server appends statistics to, when
│ │ │ │ instructed to do so using rndc stats
. If not specified, the
│ │ │ │ default is named.stats
in the server’s current directory. The
│ │ │ │ format of the file is described in The Statistics File.
Grammar: port <integer>;
Blocks: options
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ │ │ │ │ │This is the UDP/TCP port number the server uses to receive and send DNS │ │ │ │ protocol traffic. The default is 53. This option is mainly intended │ │ │ │ for server testing; a server using a port other than 53 is not │ │ │ │ able to communicate with the global DNS.
│ │ │ │Grammar: tls-port <integer>;
Blocks: options
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-TLS protocol traffic. The default is 853.
│ │ │ │Grammar: https-port <integer>;
Blocks: options
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-HTTPS protocol traffic. The default is 443.
│ │ │ │Grammar: http-port <integer>;
Blocks: options
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ unencrypted DNS traffic via HTTP (a configuration that may be useful │ │ │ │ when encryption is handled by third-party software or by a reverse │ │ │ │ proxy).
│ │ │ │Grammar: ipv4only-server <string>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64
.
Grammar: memstatistics <boolean>;
Blocks: options
│ │ │ │ -Tags: server, logging
│ │ │ │ +Tags: logging, server
│ │ │ │Controls whether memory statistics are written to the file specified by memstatistics-file
at exit.
This writes memory statistics to the file specified by
│ │ │ │ memstatistics-file
at exit. The default is no
unless -m
│ │ │ │ record
is specified on the command line, in which case it is yes
.
Grammar: stale-answer-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Enables the returning of “stale” cached answers when the name servers for a zone are not answering.
│ │ │ │ │ │ │ │If yes
, enable the returning of “stale” cached answers when the name
│ │ │ │ servers for a zone are not answering and the stale-cache-enable
option is
│ │ │ │ also enabled. The default is not to return stale answers.
Stale answers can also be enabled or disabled at runtime via
│ │ │ │ rndc serve-stale on
or rndc serve-stale off
; these override
│ │ │ │ @@ -3260,15 +3260,15 @@
│ │ │ │
Grammar: stale-answer-client-timeout ( disabled | off | <integer> );
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Defines the amount of time (in milliseconds) that named
waits before attempting to answer a query with a stale RRset from cache.
This option defines the amount of time (in milliseconds) that named
│ │ │ │ waits before attempting to answer the query with a stale RRset from cache.
│ │ │ │ If a stale answer is found, named
continues the ongoing fetches,
│ │ │ │ attempting to refresh the RRset in cache until the
│ │ │ │ resolver-query-timeout
interval is reached.
Grammar: stale-cache-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Enables the retention of “stale” cached answers.
│ │ │ │ │ │ │ │If yes
, enable the retaining of “stale” cached answers. Default no
.
Grammar: stale-refresh-time <duration>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Sets the time window for the return of “stale” cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │ │ │ │ │If the name servers for a given zone are not answering, this sets the time
│ │ │ │ window for which named
will promptly return “stale” cached answers for
│ │ │ │ that RRSet being requested before a new attempt in contacting the servers
│ │ │ │ is made. For convenience, TTL-style time-unit suffixes may be used to
│ │ │ │ specify the value. It also accepts ISO 8601 duration formats.
Grammar: querylog <boolean>;
Blocks: options
│ │ │ │ -Tags: server, logging
│ │ │ │ +Tags: logging, server
│ │ │ │Specifies whether query logging should be active when named
first starts.
Query logging provides a complete log of all incoming queries and all query │ │ │ │ errors. This provides more insight into the server’s activity, but with a │ │ │ │ cost to performance which may be significant on heavily loaded servers.
│ │ │ │The querylog
option specifies whether query logging should be active when
│ │ │ │ named
first starts. If querylog
is not specified, then query logging
│ │ │ │ @@ -3766,28 +3766,28 @@
│ │ │ │
Grammar: zero-no-soa-ttl <boolean>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: query, server, zone
│ │ │ │ +Tags: server, query, zone
│ │ │ │Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │ │ │ │ │If yes
, when returning authoritative negative responses to SOA queries, set
│ │ │ │ the TTL of the SOA record returned in the authority section to zero.
│ │ │ │ The default is yes
.
Grammar: zero-no-soa-ttl-cache <boolean>;
Blocks: options, view
│ │ │ │ -Tags: query, server, zone
│ │ │ │ +Tags: server, query, zone
│ │ │ │Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │ │ │ │ │If yes
, when caching a negative response to an SOA query set the TTL to zero.
│ │ │ │ The default is no
.
Grammar: fetches-per-zone <integer> [ ( drop | fail ) ];
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ │ │ │ │ │This sets the maximum number of simultaneous iterative queries to any one │ │ │ │ domain that the server permits before blocking new queries for │ │ │ │ data in or beneath that zone. This value should reflect how many │ │ │ │ fetches would normally be sent to any one zone in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5089,15 +5089,15 @@ │ │ │ │
Grammar: fetches-per-server <integer> [ ( drop | fail ) ];
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ │ │ │ │ │This sets the maximum number of simultaneous iterative queries that the server │ │ │ │ allows to be sent to a single upstream name server before │ │ │ │ blocking additional queries. This value should reflect how many │ │ │ │ fetches would normally be sent to any one server in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5122,15 +5122,15 @@ │ │ │ │
Grammar: fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Sets the parameters for dynamic resizing of the fetches-per-server
quota in response to detected congestion.
This sets the parameters to use for dynamic resizing of the
│ │ │ │ fetches-per-server
quota in response to detected congestion.
The first argument is an integer value indicating how frequently to │ │ │ │ recalculate the moving average of the ratio of timeouts to responses │ │ │ │ for each server. The default is 100, meaning that BIND recalculates the │ │ │ │ @@ -5218,15 +5218,15 @@ │ │ │ │
Grammar: tcp-initial-timeout <integer>;
Blocks: options
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ │ │ │ │ │This sets the amount of time (in units of 100 milliseconds) that the server waits on │ │ │ │ a new TCP connection for the first message from the client. The │ │ │ │ default is 300 (30 seconds), the minimum is 25 (2.5 seconds), and the │ │ │ │ maximum is 1200 (two minutes). Values above the maximum or below the │ │ │ │ minimum are adjusted with a logged warning. (Note: this value │ │ │ │ @@ -5363,15 +5363,15 @@ │ │ │ │ sortlist │ │ │ │
Warning
│ │ │ │This option is deprecated and will be removed in a future version of BIND.
│ │ │ │Grammar: sortlist { <address_match_element>; ... }; // deprecated
Blocks: options, view
│ │ │ │ -Tags: query, deprecated
│ │ │ │ +Tags: deprecated, query
│ │ │ │Controls the ordering of RRs returned to the client, based on the client’s IP address.
│ │ │ │ │ │ │ │This option is deprecated and will be removed in a future release.
│ │ │ │The sortlist
statement (see below) takes an address_match_list and
│ │ │ │ interprets it in a special way. Each top-level statement in the sortlist
│ │ │ │ must itself be an explicit address_match_list with one or two elements. The
│ │ │ │ first element (which may be an IP address, an IP prefix, an ACL name, or a nested
│ │ │ │ @@ -5958,15 +5958,15 @@
│ │ │ │
Grammar: max-recursion-queries <integer>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ │ │ │ │ │This sets the maximum number of iterative queries that may be sent while │ │ │ │ servicing a recursive query. If more queries are sent, the recursive │ │ │ │ query is terminated and returns SERVFAIL. The default is 100.
│ │ │ │Grammar: v6-bias <integer>;
Blocks: options, view
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ │ │ │ │ │When determining the next name server to try, this indicates by how many
│ │ │ │ milliseconds to prefer IPv6 name servers. The default is 50
│ │ │ │ milliseconds.
Grammar: response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
Blocks: options, view
│ │ │ │ -Tags: server, query, security, zone
│ │ │ │ +Tags: query, security, server, zone
│ │ │ │Specifies response policy zones for the view or among global options.
│ │ │ │ │ │ │ │Response policy zones are named in the response-policy
option for
│ │ │ │ the view, or among the global options if there is no response-policy
│ │ │ │ option for the view. Response policy zones are ordinary DNS zones
│ │ │ │ containing RRsets that can be queried normally if allowed. It is usually
│ │ │ │ best to restrict those queries with something like
│ │ │ │ @@ -6666,42 +6666,42 @@
│ │ │ │ such as SERVFAIL to appear to be rewritten, since no recursion is being
│ │ │ │ done to discover problems at the authoritative server.
Grammar: dnsrps-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ │ │ │ │The dnsrps-enable yes
option turns on the DNS Response Policy Service
│ │ │ │ (DNSRPS) interface, if it has been compiled in named
using
│ │ │ │ configure --enable-dnsrps
.
Grammar: dnsrps-library <quoted_string>;
Blocks: options
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ │ │ │ │This option specifies the path to the DNSRPS provider library. Typically
│ │ │ │ this library is detected when building with configure --enable-dnsrps
│ │ │ │ and does not need to be specified in named.conf
; the option exists
│ │ │ │ to override the default library for testing purposes.
Grammar: dnsrps-options { <unspecified-text> };
Blocks: options, view
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ │ │ │ │ │The block provides additional RPZ configuration
│ │ │ │ settings, which are passed through to the DNSRPS provider library.
│ │ │ │ Multiple DNSRPS settings in an dnsrps-options
string should be
│ │ │ │ separated with semi-colons (;). The DNSRPS provider library is passed a
│ │ │ │ configuration string consisting of the dnsrps-options
text,
│ │ │ │ @@ -7331,15 +7331,15 @@
│ │ │ │ option.
Blocks: dnssec-policy, server, view.server
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Specifies one or more server_key
s to be used with a remote server.
Warning
│ │ │ │Not to be confused with keys
in dnssec-policy
specification.
│ │ │ │ Although statements with the same name exist in both contexts, they refer
│ │ │ │ to fundamentally incompatible concepts.
tls
can only be set at the top level of named.conf
.
The following options can be specified in a tls
statement:
Grammar: key-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Specifies the path to a file containing the private TLS key for a connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing the private TLS key to be used for │ │ │ │ the connection.
│ │ │ │
Grammar: cert-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing the TLS certificate to be used for │ │ │ │ the connection.
│ │ │ │
Grammar: ca-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │ │ │ │ │Path to a file containing trusted CA authorities’ TLS │ │ │ │ certificates used to verify remote peer certificates. Specifying │ │ │ │ this option enables remote peer certificates’ verification. For │ │ │ │ incoming connections, specifying this option makes BIND require │ │ │ │ @@ -7541,15 +7541,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
- │ │ │ │ dhparam-file
│ │ │ │Grammar:
│ │ │ │dhparam-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing Diffie-Hellman parameters, │ │ │ │ which is needed to enable the cipher suites depending on the │ │ │ │ Diffie-Hellman ephemeral key exchange (DHE). Having these parameters │ │ │ │ specified is essential for enabling perfect forward secrecy capable │ │ │ │ @@ -7628,15 +7628,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │ @@ -7767,15 +7767,15 @@ │ │ │ │ listener-clients <integer>; │ │ │ │ streams-per-connection <integer>; │ │ │ │ }; // may occur multiple times │ │ │ │- │ │ │ │ prefer-server-ciphers
│ │ │ │Grammar:
│ │ │ │prefer-server-ciphers <boolean>;
Blocks: tls
│ │ │ │ -Tags: server, security
│ │ │ │ +Tags: security, server
│ │ │ │Specifies that server ciphers should be preferred over client ones.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Specifies that server ciphers should be preferred over client ones.
│ │ │ │Blocks: topmost
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ │ │ │ │ │
http
Block Definition and Usagehttp
can only be set at the top level of named.conf
.
The following options can be specified in an http
statement:
Grammar: endpoints { <quoted_string>; ... };
Blocks: http
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies a list of HTTP query paths on which to listen.
│ │ │ │ │ │ │ ││ │ │ │A list of HTTP query paths on which to listen. This is the portion │ │ │ │ of an RFC 3986-compliant URI following the hostname; it must be │ │ │ │ an absolute path, beginning with “/”. The default value │ │ │ │ is
│ │ │ │ @@ -7802,28 +7802,28 @@ │ │ │ │ │ │ │ │ │ │ │ │"/dns-query"
, if omitted.│ │ │ │
│ │ │ │ │ │ │ │- │ │ │ │ listener-clients
│ │ │ │Grammar:
│ │ │ │listener-clients <integer>;
Blocks: http
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies a per-listener quota for active connections.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │The option specifies a per-listener quota for active connections.
│ │ │ ││ │ │ │
│ │ │ │ @@ -10283,15 +10283,15 @@ │ │ │ │- │ │ │ │ streams-per-connection
│ │ │ │Grammar:
│ │ │ │streams-per-connection <integer>;
Blocks: http
│ │ │ │ -Tags: server, query
│ │ │ │ +Tags: query, server
│ │ │ │Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │The option specifies the hard limit on the number of concurrent │ │ │ │ HTTP/2 streams over an HTTP/2 connection.
│ │ │ ││ │ │ │ Controls flushing of log messages.
│ │ │ ││ │ │ │ │ │ │ │ logging
│ │ │ │ ca-file │ │ │ ││ │ │ │ - Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ catalog-zones │ │ │ ││ │ │ │ Configures catalog zones in
│ │ │ │named.conf
.│ │ │ │ zone
│ │ │ │ category │ │ │ │ @@ -10308,15 +10308,15 @@ │ │ │ ││ │ │ │ Specifies the digest types to use for CDS resource records.
│ │ │ ││ │ │ │ dnssec
│ │ │ │ cert-file │ │ │ ││ │ │ │ - Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ channel │ │ │ ││ │ │ │ Defines a stream of data that can be independently logged.
│ │ │ ││ │ │ │ logging
│ │ │ │ check-dup-records │ │ │ │ @@ -10423,15 +10423,15 @@ │ │ │ ││ │ │ │ Rejects CNAME or DNAME records if the "alias" name matches a given list of
│ │ │ │domain_name
elements.│ │ │ │ query
│ │ │ │ dhparam-file │ │ │ ││ │ │ │ - Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ dialup │ │ │ ││ │ │ │ Concentrates zone maintenance so that all transfers take place once every
│ │ │ │heartbeat-interval
, ideally during a single call.│ │ │ │ deprecated
│ │ │ │ directory │ │ │ │ @@ -10482,25 +10482,25 @@ │ │ │ ││ │ │ │ Specifies the time to live (TTL) for DNSKEY resource records.
│ │ │ ││ │ │ │ dnssec
│ │ │ │ dnsrps-enable │ │ │ ││ │ │ │ - Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ dnsrps-library │ │ │ ││ │ │ │ - Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ dnsrps-options │ │ │ ││ │ │ │ - Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ dnssec-accept-expired │ │ │ ││ │ │ │ Instructs BIND 9 to accept expired DNSSEC signatures when validating.
│ │ │ ││ │ │ │ dnssec
│ │ │ │ dnssec-dnskey-kskonly │ │ │ │ @@ -10599,15 +10599,15 @@ │ │ │ ││ │ │ │ Enables or disables all empty zones.
│ │ │ ││ │ │ │ server, zone
│ │ │ │ endpoints │ │ │ ││ │ │ │ - Specifies a list of HTTP query paths on which to listen.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ errors-per-second │ │ │ ││ │ │ │ Limits the number of errors for a valid domain name and record type.
│ │ │ ││ │ │ │ server
│ │ │ │ exclude │ │ │ │ @@ -10619,25 +10619,25 @@ │ │ │ ││ │ │ │ Exempts specific clients or client groups from rate limiting.
│ │ │ ││ │ │ │ query
│ │ │ │ fetch-quota-params │ │ │ ││ │ │ │ - Sets the parameters for dynamic resizing of the
│ │ │ │fetches-per-server
quota in response to detected congestion.│ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ fetches-per-server │ │ │ ││ │ │ │ - Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ fetches-per-zone │ │ │ ││ │ │ │ - Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ file │ │ │ ││ │ │ │ Specifies the zone's filename.
│ │ │ ││ │ │ │ zone
│ │ │ │ flush-zones-on-shutdown │ │ │ │ @@ -10704,35 +10704,35 @@ │ │ │ ││ │ │ │ Specifies the hostname of the server to return in response to a
│ │ │ │hostname.bind
query.│ │ │ │ server
│ │ │ │ http │ │ │ ││ │ │ │ - Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ http-listener-clients │ │ │ ││ │ │ │ Limits the number of active concurrent connections on a per-listener basis.
│ │ │ ││ │ │ │ server
│ │ │ │ http-port │ │ │ ││ │ │ │ - Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ http-streams-per-connection │ │ │ ││ │ │ │ Limits the number of active concurrent HTTP/2 streams on a per-connection basis.
│ │ │ ││ │ │ │ server
│ │ │ │ https-port │ │ │ ││ │ │ │ - Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ in-view │ │ │ ││ │ │ │ Specifies the view in which a given zone is defined.
│ │ │ ││ │ │ │ view, zone
│ │ │ │ inet │ │ │ │ @@ -10764,15 +10764,15 @@ │ │ │ ││ │ │ │ Enables automatic IPv4 zones if a
│ │ │ │dns64
block is configured.│ │ │ │ query
│ │ │ │ ipv4only-server │ │ │ ││ │ │ │ - Specifies the name of the server for the IPV4ONLY.ARPA zone created by
│ │ │ │dns64
.│ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ ipv6-prefix-length │ │ │ ││ │ │ │ Specifies the prefix lengths of IPv6 address blocks.
│ │ │ ││ │ │ │ server
│ │ │ │ ixfr-from-differences │ │ │ │ @@ -10794,25 +10794,25 @@ │ │ │ ││ │ │ │ Indicates the directory where public and private DNSSEC key files are found.
│ │ │ ││ │ │ │ dnssec
│ │ │ │ key-file │ │ │ ││ │ │ │ - Specifies the path to a file containing the private TLS key for a connection.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ key-store │ │ │ ││ │ │ │ Configures a DNSSEC key store.
│ │ │ ││ │ │ │ dnssec
│ │ │ │ keys │ │ │ ││ │ │ │ - Specifies one or more
│ │ │ │server_key
s to be used with a remote server.│ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ lame-ttl │ │ │ ││ │ │ │ Sets the resolver's lame cache.
│ │ │ ││ │ │ │ server
│ │ │ │ listen-on │ │ │ │ @@ -10824,15 +10824,15 @@ │ │ │ ││ │ │ │ Specifies the IPv6 addresses on which a server listens for DNS queries.
│ │ │ ││ │ │ │ server
│ │ │ │ listener-clients │ │ │ ││ │ │ │ - Specifies a per-listener quota for active connections.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ lmdb-mapsize │ │ │ ││ │ │ │ Sets a maximum size for the memory map of the new-zone database in LMDB database format.
│ │ │ ││ │ │ │ server
│ │ │ │ log-only │ │ │ │ @@ -10928,15 +10928,15 @@ │ │ │ ││ │ │ │ Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.
│ │ │ ││ │ │ │ server
│ │ │ │ max-recursion-queries │ │ │ ││ │ │ │ - Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ max-refresh-time │ │ │ ││ │ │ │ Limits the zone refresh interval to no less often than the specified value, in seconds.
│ │ │ ││ │ │ │ transfer
│ │ │ │ max-retry-time │ │ │ │ @@ -10998,15 +10998,15 @@ │ │ │ ││ │ │ │ Specifies a maximum permissible time-to-live (TTL) value, in seconds.
│ │ │ ││ │ │ │ deprecated
│ │ │ │ memstatistics │ │ │ ││ │ │ │ - Controls whether memory statistics are written to the file specified by
│ │ │ │memstatistics-file
at exit.│ │ │ │ + server, logging
│ │ │ │ logging, server
│ │ │ │ memstatistics-file │ │ │ ││ │ │ │ Sets the pathname of the file where the server writes memory usage statistics on exit.
│ │ │ ││ │ │ │ logging
│ │ │ │ message-compression │ │ │ │ @@ -11182,20 +11182,20 @@ │ │ │ ││ │ │ │ Configures plugins in
│ │ │ │named.conf
.│ │ │ │ server
│ │ │ │ port │ │ │ ││ │ │ │ - Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ prefer-server-ciphers │ │ │ ││ │ │ │ - Specifies that server ciphers should be preferred over client ones.
│ │ │ ││ │ │ │ + server, security
│ │ │ │ security, server
│ │ │ │ preferred-glue │ │ │ ││ │ │ │ Controls the order of glue records in an A or AAAA response.
│ │ │ ││ │ │ │ query
│ │ │ │ prefetch │ │ │ │ @@ -11262,15 +11262,15 @@ │ │ │ ││ │ │ │ Controls the IPv6 address from which queries are issued.
│ │ │ ││ │ │ │ query
│ │ │ │ querylog │ │ │ ││ │ │ │ - Specifies whether query logging should be active when
│ │ │ │named
first starts.│ │ │ │ + server, logging
│ │ │ │ logging, server
│ │ │ │ rate-limit │ │ │ ││ │ │ │ Controls excessive UDP responses, to prevent BIND 9 from being used to amplify reflection denial-of-service (DoS) attacks.
│ │ │ ││ │ │ │ query
│ │ │ │ recursing-file │ │ │ │ @@ -11342,15 +11342,15 @@ │ │ │ ││ │ │ │ Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.
│ │ │ ││ │ │ │ query
│ │ │ │ response-policy │ │ │ ││ │ │ │ - Specifies response policy zones for the view or among global options.
│ │ │ ││ │ │ │ + server, query, security, zone
│ │ │ │ query, security, server, zone
│ │ │ │ responses-per-second │ │ │ ││ │ │ │ Limits the number of non-empty responses for a valid domain name and record type.
│ │ │ ││ │ │ │ query
│ │ │ │ retire-safety │ │ │ │ @@ -11496,65 +11496,65 @@ │ │ │ ││ │ │ │ Sets the number of "slipped" responses to minimize the use of forged source addresses for an attack.
│ │ │ ││ │ │ │ query
│ │ │ │ sortlist │ │ │ ││ │ │ │ - Controls the ordering of RRs returned to the client, based on the client's IP address.
│ │ │ ││ │ │ │ + query, deprecated
│ │ │ │ deprecated, query
│ │ │ │ stale-answer-client-timeout │ │ │ ││ │ │ │ - Defines the amount of time (in milliseconds) that
│ │ │ │named
waits before attempting to answer a query with a stale RRset from cache.│ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ stale-answer-enable │ │ │ ││ │ │ │ - Enables the returning of "stale" cached answers when the name servers for a zone are not answering.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ stale-answer-ttl │ │ │ ││ │ │ │ Specifies the time to live (TTL) to be returned on stale answers, in seconds.
│ │ │ ││ │ │ │ query
│ │ │ │ stale-cache-enable │ │ │ ││ │ │ │ - Enables the retention of "stale" cached answers.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ stale-refresh-time │ │ │ ││ │ │ │ - Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ startup-notify-rate │ │ │ ││ │ │ │ Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ ││ │ │ │ transfer, zone
│ │ │ │ statistics-channels │ │ │ ││ │ │ │ Specifies the communication channels to be used by system administrators to access statistics information on the name server.
│ │ │ ││ │ │ │ logging
│ │ │ │ statistics-file │ │ │ ││ │ │ │ - Specifies the pathname of the file where the server appends statistics, when using
│ │ │ │rndc stats
.│ │ │ │ + server, logging
│ │ │ │ logging, server
│ │ │ │ stderr │ │ │ ││ │ │ │ Directs the logging channel output to the server's standard error stream.
│ │ │ ││ │ │ │ logging
│ │ │ │ streams-per-connection │ │ │ ││ │ │ │ - Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ suffix │ │ │ ││ │ │ │ Defines trailing bits for mapped IPv4 address bits in
│ │ │ │dns64
.│ │ │ │ query
│ │ │ │ synth-from-dnssec │ │ │ │ @@ -11581,15 +11581,15 @@ │ │ │ ││ │ │ │ Sets the amount of time (in milliseconds) that the server waits on an idle TCP connection before closing it, if the EDNS TCP keepalive option is not in use.
│ │ │ ││ │ │ │ query
│ │ │ │ tcp-initial-timeout │ │ │ ││ │ │ │ - Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ tcp-keepalive │ │ │ ││ │ │ │ Adds EDNS TCP keepalive to messages sent over TCP.
│ │ │ ││ │ │ │ server
│ │ │ │ tcp-keepalive-timeout │ │ │ │ @@ -11636,15 +11636,15 @@ │ │ │ ││ │ │ │ Configures a TLS connection.
│ │ │ ││ │ │ │ security
│ │ │ │ tls-port │ │ │ ││ │ │ │ - Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ transfer-format │ │ │ ││ │ │ │ Controls whether multiple records can be packed into a message during zone transfers.
│ │ │ ││ │ │ │ transfer
│ │ │ │ transfer-message-size │ │ │ │ @@ -11784,15 +11784,15 @@ │ │ │ ││ │ │ │ Specifies a list of ports that are valid sources for UDP/IPv6 messages.
│ │ │ ││ │ │ │ deprecated
│ │ │ │ v6-bias │ │ │ ││ │ │ │ - Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ ││ │ │ │ + server, query
│ │ │ │ query, server
│ │ │ │ validate-except │ │ │ ││ │ │ │ Specifies a list of domain names at and beneath which DNSSEC validation should not be performed.
│ │ │ ││ │ │ │ dnssec
│ │ │ │ version │ │ │ │ @@ -11809,20 +11809,20 @@ │ │ │ ││ │ │ │ Specifies the length of time during which responses are tracked.
│ │ │ ││ │ │ │ query
│ │ │ │ zero-no-soa-ttl │ │ │ ││ │ │ │ - Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ ││ │ │ │ + query, server, zone
│ │ │ │ server, query, zone
│ │ │ │ zero-no-soa-ttl-cache │ │ │ ││ │ │ │ - Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ ││ │ │ │ + query, server, zone
│ │ │ │ server, query, zone
│ │ │ │ zone │ │ │ ││ │ │ │ Specifies the zone in a BIND 9 configuration.
│ │ │ ││ │ │ │ zone
zone-propagation-delay │ │ │ │ ├── html2text {} │ │ │ │ │ @@ -2478,30 +2478,30 @@ │ │ │ │ │ _b_r_e_a_k_-_d_n_s_s_e_c even if the validated query │ │ │ │ │ result would cause a DNSSEC │ │ │ │ │ validation failure. │ │ │ │ │ _b_u_f_f_e_r_e_d Controls flushing of log logging │ │ │ │ │ messages. │ │ │ │ │ Specifies the path to a │ │ │ │ │ file containing TLS │ │ │ │ │ -_c_a_-_f_i_l_e certificates for trusted CA server, security │ │ │ │ │ +_c_a_-_f_i_l_e certificates for trusted CA security, server │ │ │ │ │ authorities, used to verify │ │ │ │ │ remote peer certificates. │ │ │ │ │ _c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone │ │ │ │ │ _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ Specifies the type of data │ │ │ │ │ _c_a_t_e_g_o_r_y logged to a particular logging │ │ │ │ │ channel. │ │ │ │ │ Specifies whether a CDNSKEY │ │ │ │ │ _c_d_n_s_k_e_y record should be published dnssec │ │ │ │ │ during KSK rollover. │ │ │ │ │ Specifies the digest types │ │ │ │ │ _c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec │ │ │ │ │ records. │ │ │ │ │ Specifies the path to a │ │ │ │ │ -_c_e_r_t_-_f_i_l_e file containing the TLS server, security │ │ │ │ │ +_c_e_r_t_-_f_i_l_e file containing the TLS security, server │ │ │ │ │ certificate for a │ │ │ │ │ connection. │ │ │ │ │ Defines a stream of data │ │ │ │ │ _c_h_a_n_n_e_l that can be independently logging │ │ │ │ │ logged. │ │ │ │ │ Checks primary zones for │ │ │ │ │ records that are treated as │ │ │ │ │ @@ -2578,15 +2578,15 @@ │ │ │ │ │ or IPv6 addresses match a │ │ │ │ │ given _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t. │ │ │ │ │ Rejects CNAME or DNAME │ │ │ │ │ _d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query │ │ │ │ │ matches a given list of │ │ │ │ │ _d_o_m_a_i_n___n_a_m_e elements. │ │ │ │ │ Specifies the path to a │ │ │ │ │ -_d_h_p_a_r_a_m_-_f_i_l_e file containing Diffie- server, security │ │ │ │ │ +_d_h_p_a_r_a_m_-_f_i_l_e file containing Diffie- security, server │ │ │ │ │ Hellman parameters, for │ │ │ │ │ enabling cipher suites. │ │ │ │ │ Concentrates zone │ │ │ │ │ maintenance so that all │ │ │ │ │ _d_i_a_l_u_p transfers take place once deprecated │ │ │ │ │ every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l, │ │ │ │ │ ideally during a single │ │ │ │ │ @@ -2611,22 +2611,22 @@ │ │ │ │ │ _d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server │ │ │ │ │ server for _d_n_s_6_4 zones. │ │ │ │ │ _d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete │ │ │ │ │ Specifies the time to live │ │ │ │ │ _d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec │ │ │ │ │ records. │ │ │ │ │ Turns on the DNS Response │ │ │ │ │ -_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) server, security │ │ │ │ │ +_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) security, server │ │ │ │ │ interface. │ │ │ │ │ Turns on the DNS Response │ │ │ │ │ -_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) server, security │ │ │ │ │ +_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) security, server │ │ │ │ │ interface. │ │ │ │ │ Provides additional RPZ │ │ │ │ │ configuration settings, │ │ │ │ │ -_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS server, security │ │ │ │ │ +_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS security, server │ │ │ │ │ Response Policy Service │ │ │ │ │ (DNSRPS) provider library. │ │ │ │ │ Instructs BIND 9 to accept │ │ │ │ │ _d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec │ │ │ │ │ when validating. │ │ │ │ │ _d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete │ │ │ │ │ Sets the frequency of │ │ │ │ │ @@ -2677,42 +2677,42 @@ │ │ │ │ │ for empty zones. │ │ │ │ │ Specifies the server name │ │ │ │ │ _e_m_p_t_y_-_s_e_r_v_e_r in the returned SOA record server, zone │ │ │ │ │ for empty zones. │ │ │ │ │ _e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all server, zone │ │ │ │ │ empty zones. │ │ │ │ │ Specifies a list of HTTP │ │ │ │ │ -_e_n_d_p_o_i_n_t_s query paths on which to server, query │ │ │ │ │ +_e_n_d_p_o_i_n_t_s query paths on which to query, server │ │ │ │ │ listen. │ │ │ │ │ Limits the number of errors │ │ │ │ │ _e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server │ │ │ │ │ record type. │ │ │ │ │ Allows a list of IPv6 │ │ │ │ │ addresses to be ignored if │ │ │ │ │ _e_x_c_l_u_d_e they appear in a domain query │ │ │ │ │ name's AAAA records in │ │ │ │ │ _d_n_s_6_4. │ │ │ │ │ Exempts specific clients or │ │ │ │ │ _e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query │ │ │ │ │ limiting. │ │ │ │ │ Sets the parameters for │ │ │ │ │ dynamic resizing of the │ │ │ │ │ -_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in server, query │ │ │ │ │ +_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in query, server │ │ │ │ │ response to detected │ │ │ │ │ congestion. │ │ │ │ │ Sets the maximum number of │ │ │ │ │ simultaneous iterative │ │ │ │ │ queries allowed to be sent │ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream server, query │ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream query, server │ │ │ │ │ name server before the │ │ │ │ │ server blocks additional │ │ │ │ │ queries. │ │ │ │ │ Sets the maximum number of │ │ │ │ │ simultaneous iterative │ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one server, query │ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one query, server │ │ │ │ │ domain before the server │ │ │ │ │ blocks new queries for data │ │ │ │ │ in or beneath that zone. │ │ │ │ │ _f_i_l_e Specifies the zone's zone │ │ │ │ │ filename. │ │ │ │ │ Controls whether pending │ │ │ │ │ _f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed zone │ │ │ │ │ @@ -2758,29 +2758,29 @@ │ │ │ │ │ maintenance tasks for all │ │ │ │ │ zones marked as _d_i_a_l_u_p. │ │ │ │ │ Specifies the hostname of │ │ │ │ │ _h_o_s_t_n_a_m_e the server to return in server │ │ │ │ │ response to a hostname.bind │ │ │ │ │ query. │ │ │ │ │ Configures HTTP endpoints │ │ │ │ │ -_h_t_t_p on which to listen for DNS- server, query │ │ │ │ │ +_h_t_t_p on which to listen for DNS- query, server │ │ │ │ │ over-HTTPS (DoH) queries. │ │ │ │ │ Limits the number of active │ │ │ │ │ _h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server │ │ │ │ │ per-listener basis. │ │ │ │ │ Specifies the TCP port │ │ │ │ │ number the server uses to │ │ │ │ │ -_h_t_t_p_-_p_o_r_t receive and send server, query │ │ │ │ │ +_h_t_t_p_-_p_o_r_t receive and send query, server │ │ │ │ │ unencrypted DNS traffic via │ │ │ │ │ HTTP. │ │ │ │ │ _h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_- Limits the number of active │ │ │ │ │ _c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams server │ │ │ │ │ on a per-connection basis. │ │ │ │ │ Specifies the TCP port │ │ │ │ │ -_h_t_t_p_s_-_p_o_r_t number the server uses to server, query │ │ │ │ │ +_h_t_t_p_s_-_p_o_r_t number the server uses to query, server │ │ │ │ │ receive and send DNS-over- │ │ │ │ │ HTTPS protocol traffic. │ │ │ │ │ _i_n_-_v_i_e_w Specifies the view in which view, zone │ │ │ │ │ a given zone is defined. │ │ │ │ │ _i_n_e_t Specifies a TCP socket as a server │ │ │ │ │ control channel. │ │ │ │ │ Specifies whether BIND 9 │ │ │ │ │ @@ -2795,15 +2795,15 @@ │ │ │ │ │ Specifies the contact for │ │ │ │ │ _i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server │ │ │ │ │ created by _d_n_s_6_4. │ │ │ │ │ Enables automatic IPv4 │ │ │ │ │ _i_p_v_4_o_n_l_y_-_e_n_a_b_l_e zones if a _d_n_s_6_4 block is query │ │ │ │ │ configured. │ │ │ │ │ Specifies the name of the │ │ │ │ │ -_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the server, query │ │ │ │ │ +_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the query, server │ │ │ │ │ IPV4ONLY.ARPA zone created │ │ │ │ │ by _d_n_s_6_4. │ │ │ │ │ Specifies the prefix │ │ │ │ │ _i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h lengths of IPv6 address server │ │ │ │ │ blocks. │ │ │ │ │ _i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer │ │ │ │ │ are calculated. │ │ │ │ │ @@ -2813,31 +2813,31 @@ │ │ │ │ │ Defines a shared secret key │ │ │ │ │ _k_e_y for use with _T_S_I_G or the security │ │ │ │ │ command channel. │ │ │ │ │ Indicates the directory │ │ │ │ │ _k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec │ │ │ │ │ DNSSEC key files are found. │ │ │ │ │ Specifies the path to a │ │ │ │ │ -_k_e_y_-_f_i_l_e file containing the private server, security │ │ │ │ │ +_k_e_y_-_f_i_l_e file containing the private security, server │ │ │ │ │ TLS key for a connection. │ │ │ │ │ _k_e_y_-_s_t_o_r_e Configures a DNSSEC key dnssec │ │ │ │ │ store. │ │ │ │ │ Specifies one or more │ │ │ │ │ -_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used server, security │ │ │ │ │ +_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used security, server │ │ │ │ │ with a remote server. │ │ │ │ │ _l_a_m_e_-_t_t_l Sets the resolver's lame server │ │ │ │ │ cache. │ │ │ │ │ Specifies the IPv4 │ │ │ │ │ _l_i_s_t_e_n_-_o_n addresses on which a server server │ │ │ │ │ listens for DNS queries. │ │ │ │ │ Specifies the IPv6 │ │ │ │ │ _l_i_s_t_e_n_-_o_n_-_v_6 addresses on which a server server │ │ │ │ │ listens for DNS queries. │ │ │ │ │ Specifies a per-listener │ │ │ │ │ -_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active server, query │ │ │ │ │ +_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active query, server │ │ │ │ │ connections. │ │ │ │ │ Sets a maximum size for the │ │ │ │ │ _l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server │ │ │ │ │ database in LMDB database │ │ │ │ │ format. │ │ │ │ │ Tests rate-limiting │ │ │ │ │ _l_o_g_-_o_n_l_y parameters without actually query, logging │ │ │ │ │ @@ -2907,15 +2907,15 @@ │ │ │ │ │ zone. │ │ │ │ │ Sets the maximum number of │ │ │ │ │ levels of recursion │ │ │ │ │ _m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server │ │ │ │ │ while servicing a recursive │ │ │ │ │ query. │ │ │ │ │ Sets the maximum number of │ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while server, query │ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while query, server │ │ │ │ │ servicing a recursive │ │ │ │ │ query. │ │ │ │ │ Limits the zone refresh │ │ │ │ │ _m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer │ │ │ │ │ than the specified value, │ │ │ │ │ in seconds. │ │ │ │ │ Limits the zone refresh │ │ │ │ │ @@ -2960,15 +2960,15 @@ │ │ │ │ │ Set the maximum number of │ │ │ │ │ _m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server │ │ │ │ │ happen in single fetch │ │ │ │ │ Specifies a maximum │ │ │ │ │ _m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated │ │ │ │ │ (TTL) value, in seconds. │ │ │ │ │ Controls whether memory │ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to server, logging │ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to logging, server │ │ │ │ │ the file specified by │ │ │ │ │ _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit. │ │ │ │ │ Sets the pathname of the │ │ │ │ │ _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server logging │ │ │ │ │ writes memory usage │ │ │ │ │ statistics on exit. │ │ │ │ │ Controls whether DNS name │ │ │ │ │ @@ -3100,19 +3100,19 @@ │ │ │ │ │ Specifies the pathname of │ │ │ │ │ _p_i_d_-_f_i_l_e the file where the server server │ │ │ │ │ writes its process ID. │ │ │ │ │ _p_k_c_s_1_1_-_u_r_i dnssec, pkcs11 │ │ │ │ │ _p_l_u_g_i_n Configures plugins in server │ │ │ │ │ _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ Specifies the UDP/TCP port │ │ │ │ │ -_p_o_r_t number the server uses to server, query │ │ │ │ │ +_p_o_r_t number the server uses to query, server │ │ │ │ │ receive and send DNS │ │ │ │ │ protocol traffic. │ │ │ │ │ Specifies that server │ │ │ │ │ -_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred server, security │ │ │ │ │ +_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred security, server │ │ │ │ │ over client ones. │ │ │ │ │ Controls the order of glue │ │ │ │ │ _p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query │ │ │ │ │ response. │ │ │ │ │ Specifies the "trigger" │ │ │ │ │ _p_r_e_f_e_t_c_h time-to-live (TTL) value at query │ │ │ │ │ which prefetch of the │ │ │ │ │ @@ -3153,15 +3153,15 @@ │ │ │ │ │ Controls the IPv4 address │ │ │ │ │ _q_u_e_r_y_-_s_o_u_r_c_e from which queries are query │ │ │ │ │ issued. │ │ │ │ │ Controls the IPv6 address │ │ │ │ │ _q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query │ │ │ │ │ issued. │ │ │ │ │ Specifies whether query │ │ │ │ │ -_q_u_e_r_y_l_o_g logging should be active server, logging │ │ │ │ │ +_q_u_e_r_y_l_o_g logging should be active logging, server │ │ │ │ │ when _n_a_m_e_d first starts. │ │ │ │ │ Controls excessive UDP │ │ │ │ │ responses, to prevent BIND │ │ │ │ │ _r_a_t_e_-_l_i_m_i_t 9 from being used to query │ │ │ │ │ amplify reflection denial- │ │ │ │ │ of-service (DoS) attacks. │ │ │ │ │ Specifies the pathname of │ │ │ │ │ @@ -3218,15 +3218,15 @@ │ │ │ │ │ _r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server │ │ │ │ │ queries. │ │ │ │ │ Adds an EDNS Padding option │ │ │ │ │ to encrypted messages, to │ │ │ │ │ _r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query │ │ │ │ │ guessing the contents based │ │ │ │ │ on size. │ │ │ │ │ - Specifies response policy server, query, security, │ │ │ │ │ + Specifies response policy query, security, server, │ │ │ │ │ _r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among zone │ │ │ │ │ global options. │ │ │ │ │ Limits the number of non- │ │ │ │ │ _r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query │ │ │ │ │ domain name and record │ │ │ │ │ type. │ │ │ │ │ Increases the amount of │ │ │ │ │ @@ -3325,36 +3325,36 @@ │ │ │ │ │ period of DNSKEY records. │ │ │ │ │ Sets the number of │ │ │ │ │ "slipped" responses to │ │ │ │ │ _s_l_i_p minimize the use of forged query │ │ │ │ │ source addresses for an │ │ │ │ │ attack. │ │ │ │ │ Controls the ordering of │ │ │ │ │ -_s_o_r_t_l_i_s_t RRs returned to the client, query, deprecated │ │ │ │ │ +_s_o_r_t_l_i_s_t RRs returned to the client, deprecated, query │ │ │ │ │ based on the client's IP │ │ │ │ │ address. │ │ │ │ │ Defines the amount of time │ │ │ │ │ (in milliseconds) that │ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_- _n_a_m_e_d waits before server, query │ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_- _n_a_m_e_d waits before query, server │ │ │ │ │ _t_i_m_e_o_u_t attempting to answer a │ │ │ │ │ query with a stale RRset │ │ │ │ │ from cache. │ │ │ │ │ Enables the returning of │ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when server, query │ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when query, server │ │ │ │ │ the name servers for a zone │ │ │ │ │ are not answering. │ │ │ │ │ Specifies the time to live │ │ │ │ │ _s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query │ │ │ │ │ stale answers, in seconds. │ │ │ │ │ -_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of server, query │ │ │ │ │ +_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of query, server │ │ │ │ │ "stale" cached answers. │ │ │ │ │ Sets the time window for │ │ │ │ │ the return of "stale" │ │ │ │ │ cached answers before the │ │ │ │ │ -_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e next attempt to contact, if server, query │ │ │ │ │ +_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e next attempt to contact, if query, server │ │ │ │ │ the name servers for a │ │ │ │ │ given zone are not │ │ │ │ │ responding. │ │ │ │ │ Specifies the rate at which │ │ │ │ │ NOTIFY requests are sent │ │ │ │ │ _s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is transfer, zone │ │ │ │ │ first starting, or when new │ │ │ │ │ @@ -3362,22 +3362,22 @@ │ │ │ │ │ Specifies the communication │ │ │ │ │ channels to be used by │ │ │ │ │ _s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging │ │ │ │ │ access statistics │ │ │ │ │ information on the name │ │ │ │ │ server. │ │ │ │ │ Specifies the pathname of │ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server server, logging │ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server logging, server │ │ │ │ │ appends statistics, when │ │ │ │ │ using _r_n_d_c_ _s_t_a_t_s. │ │ │ │ │ Directs the logging channel │ │ │ │ │ _s_t_d_e_r_r output to the server's logging │ │ │ │ │ standard error stream. │ │ │ │ │ Specifies the maximum │ │ │ │ │ -_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n number of concurrent HTTP/ server, query │ │ │ │ │ +_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n number of concurrent HTTP/ query, server │ │ │ │ │ 2 streams over an HTTP/ │ │ │ │ │ 2 connection. │ │ │ │ │ Defines trailing bits for │ │ │ │ │ _s_u_f_f_i_x mapped IPv4 address bits in query │ │ │ │ │ _d_n_s_6_4. │ │ │ │ │ Enables support for _RR_FF_CC │ │ │ │ │ _s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec │ │ │ │ │ @@ -3398,15 +3398,15 @@ │ │ │ │ │ server waits on an idle TCP │ │ │ │ │ _t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query │ │ │ │ │ it, if the EDNS TCP │ │ │ │ │ keepalive option is not in │ │ │ │ │ use. │ │ │ │ │ Sets the amount of time (in │ │ │ │ │ milliseconds) that the │ │ │ │ │ -_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP server, query │ │ │ │ │ +_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP query, server │ │ │ │ │ connection for the first │ │ │ │ │ message from the client. │ │ │ │ │ _t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server │ │ │ │ │ messages sent over TCP. │ │ │ │ │ Sets the amount of time (in │ │ │ │ │ milliseconds) that the │ │ │ │ │ _t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query │ │ │ │ │ @@ -3433,15 +3433,15 @@ │ │ │ │ │ protocol. │ │ │ │ │ Sets the KRB5 keytab file │ │ │ │ │ _t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b to use for GSS-TSIG security │ │ │ │ │ updates. │ │ │ │ │ _t_l_s Configures a TLS security │ │ │ │ │ connection. │ │ │ │ │ Specifies the TCP port │ │ │ │ │ -_t_l_s_-_p_o_r_t number the server uses to server, query │ │ │ │ │ +_t_l_s_-_p_o_r_t number the server uses to query, server │ │ │ │ │ receive and send DNS-over- │ │ │ │ │ TLS protocol traffic. │ │ │ │ │ Controls whether multiple │ │ │ │ │ _t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into transfer │ │ │ │ │ a message during zone │ │ │ │ │ transfers. │ │ │ │ │ Limits the uncompressed │ │ │ │ │ @@ -3535,15 +3535,15 @@ │ │ │ │ │ Specifies a list of ports │ │ │ │ │ _u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated │ │ │ │ │ UDP/IPv4 messages. │ │ │ │ │ Specifies a list of ports │ │ │ │ │ _u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated │ │ │ │ │ UDP/IPv6 messages. │ │ │ │ │ Indicates the number of │ │ │ │ │ -_v_6_-_b_i_a_s milliseconds of preference server, query │ │ │ │ │ +_v_6_-_b_i_a_s milliseconds of preference query, server │ │ │ │ │ to give to IPv6 name │ │ │ │ │ servers. │ │ │ │ │ Specifies a list of domain │ │ │ │ │ _v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec │ │ │ │ │ DNSSEC validation should │ │ │ │ │ not be performed. │ │ │ │ │ Specifies the version │ │ │ │ │ @@ -3555,20 +3555,20 @@ │ │ │ │ │ differently depending on │ │ │ │ │ who is asking. │ │ │ │ │ Specifies the length of │ │ │ │ │ _w_i_n_d_o_w time during which responses query │ │ │ │ │ are tracked. │ │ │ │ │ Specifies whether to set │ │ │ │ │ the time to live (TTL) of │ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l the SOA record to zero, query, server, zone │ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l the SOA record to zero, server, query, zone │ │ │ │ │ when returning │ │ │ │ │ authoritative negative │ │ │ │ │ responses to SOA queries. │ │ │ │ │ Sets the time to live (TTL) │ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a query, server, zone │ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a server, query, zone │ │ │ │ │ negative response to an SOA │ │ │ │ │ query. │ │ │ │ │ _z_o_n_e Specifies the zone in a zone │ │ │ │ │ BIND 9 configuration. │ │ │ │ │ Sets the propagation delay │ │ │ │ │ from the time a zone is │ │ │ │ │ _z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the dnssec, zone