From 214da1de671f454e7ef42f78257bb680b9c0ef1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Wed, 11 May 2022 09:20:51 +0200 Subject: [PATCH] Un-format grammar files in doc/misc The next commit is going to add parser for ISC configuration format. To simplify the parser the grammar files in doc/misc are no longer line-wrapped as handling it would make the grammar parser unnecessairly complicated. This affects visible output in the ARM, but in the end we are going to replace the auto-generated .rst files with grammar pretty printed, so formatting of these files does not matter in practical terms. (cherry picked from commit 699570cdecee31ed6af01bed5e95afc9867011dc) --- bin/named/named.conf.rst | 337 ++---- doc/man/named.conf.5in | 341 ++---- doc/misc/Makefile.am | 4 +- doc/misc/acl.grammar.rst | 1 - doc/misc/controls.grammar.rst | 11 +- doc/misc/dnssec-policy.grammar.rst | 6 +- doc/misc/logging.grammar.rst | 3 +- doc/misc/managed-keys.grammar.rst | 5 +- doc/misc/options | 1276 ++++++++++------------ doc/misc/options.active | 1266 ++++++++++----------- doc/misc/options.grammar.rst | 111 +- doc/misc/parental-agents.grammar.rst | 6 +- doc/misc/primaries.grammar.rst | 6 +- doc/misc/server.grammar.rst | 20 +- doc/misc/statistics-channels.grammar.rst | 5 +- doc/misc/trust-anchors.grammar.rst | 5 +- doc/misc/trusted-keys.grammar.rst | 4 +- 17 files changed, 1316 insertions(+), 2091 deletions(-) diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 8a4cc8cc5d..6c99eeed40 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -35,28 +35,14 @@ C style: /\* \*/ Unix style: # to end of line -ACL -^^^ - -:: - - acl string { address_match_element; ... }; - CONTROLS ^^^^^^^^ :: controls { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] allow - { address_match_element; ... } [ - keys { string; ... } ] [ read-only - boolean ]; - unix quoted_string perm integer - owner integer group integer [ - keys { string; ... } ] [ read-only - boolean ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ]; + unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ]; }; DLZ @@ -76,11 +62,9 @@ DNSSEC-POLICY dnssec-policy string { dnskey-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - duration_or_unlimited algorithm string [ integer ]; ... }; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; max-zone-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ - salt-length integer ]; + nsec3param [ iterations integer ] [ optout boolean ] [ salt-length integer ]; parent-ds-ttl duration; parent-propagation-delay duration; publish-safety duration; @@ -97,8 +81,7 @@ DYNDB :: - dyndb string quoted_string { - unspecified-text }; + dyndb string quoted_string { unspecified-text }; HTTP ^^^^ @@ -130,8 +113,7 @@ LOGGING category string { string; ... }; channel string { buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] - [ size size ] [ suffix ( increment | timestamp ) ]; + file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print-category boolean; print-severity boolean; @@ -149,10 +131,7 @@ See DNSSEC-KEYS. :: - managed-keys { string ( static-key - | initial-key | static-ds | - initial-ds ) integer integer - integer quoted_string; ... };, deprecated + managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated OPTIONS ^^^^^^^ @@ -168,18 +147,12 @@ OPTIONS allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer-cookie boolean; attach-cache string; auth-nxdomain boolean; @@ -189,19 +162,12 @@ OPTIONS avoid-v6-udp-ports { portrange; ... }; bindkeys-file quoted_string; blackhole { address_match_element; ... }; - catalog-zones { zone string [ default-primaries [ port integer - ] [ dscp integer ] { ( remote-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; + catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); @@ -211,16 +177,12 @@ OPTIONS cookie-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); - deny-answer-addresses { address_match_element; ... } [ - except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... - } ]; + deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; + deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); directory quoted_string; - disable-algorithms string { string; - ... }; - disable-ds-digests string { string; - ... }; + disable-algorithms string { string; ... }; + disable-ds-digests string { string; ... }; disable-empty-zone string; dns64 netprefix { break-dnssec boolean; @@ -243,18 +205,12 @@ OPTIONS dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; + dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap-version ( quoted_string | none ); dscp integer; - dual-stack-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; + dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump-file quoted_string; edns-udp-size integer; empty-contact string; @@ -266,8 +222,7 @@ OPTIONS files ( default | unlimited | sizeval ); flush-zones-on-shutdown boolean; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm-set-buffer-hint integer; fstrm-set-flush-timeout integer; fstrm-set-input-queue-size integer; @@ -287,19 +242,12 @@ OPTIONS ipv4only-contact string; ipv4only-enable boolean; ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | - boolean ); + ixfr-from-differences ( primary | master | secondary | slave | boolean ); keep-response-order { address_match_element; ... }; key-directory quoted_string; lame-ttl duration; - listen-on [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - listen-on-v6 [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; + listen-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; + listen-on-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; lmdb-mapsize sizeval; lock-file ( quoted_string | none ); managed-keys-directory quoted_string; @@ -341,30 +289,22 @@ OPTIONS notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; notify-rate integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime duration; nta-recheck duration; nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; pid-file ( quoted_string | none ); port integer; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random-device ( quoted_string | none ); rate-limit { @@ -395,26 +335,12 @@ OPTIONS resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size - integer; - response-policy { zone string [ add-soa boolean ] [ log - boolean ] [ max-policy-ttl duration ] [ min-update-interval - duration ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ add-soa boolean ] [ - break-dnssec boolean ] [ max-policy-ttl duration ] [ - min-update-interval duration ] [ min-ns-dots integer ] [ - nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean - ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] - [ nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-padding { address_match_element; ... } block-size integer; + response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; reuseport boolean; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots-file quoted_string; send-cookie boolean; serial-query-rate integer; @@ -453,10 +379,8 @@ OPTIONS tls-port integer; transfer-format ( many-answers | one-answer ); transfer-message-size integer; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers-in integer; transfers-out integer; transfers-per-ns integer; @@ -481,30 +405,21 @@ PARENTAL-AGENTS :: - parental-agents string [ port integer ] [ - dscp integer ] { ( remote-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; + parental-agents string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; PLUGIN ^^^^^^ :: - plugin ( query ) string [ { unspecified-text - } ]; + plugin ( query ) string [ { unspecified-text } ]; PRIMARIES ^^^^^^^^^ :: - primaries string [ port integer ] [ dscp - integer ] { ( remote-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; + primaries string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; SERVER ^^^^^^ @@ -518,18 +433,12 @@ SERVER edns-version integer; keys server_key; max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; @@ -537,10 +446,8 @@ SERVER tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; @@ -550,10 +457,7 @@ STATISTICS-CHANNELS :: statistics-channels { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] [ - allow { address_match_element; ... - } ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; }; TLS @@ -578,10 +482,7 @@ TRUST-ANCHORS :: - trust-anchors { string ( static-key | - initial-key | static-ds | initial-ds ) - integer integer integer - quoted_string; ... }; + trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; TRUSTED-KEYS ^^^^^^^^^^^^ @@ -590,9 +491,7 @@ Deprecated - see DNSSEC-KEYS. :: - trusted-keys { string integer - integer integer - quoted_string; ... };, deprecated + trusted-keys { string integer integer integer quoted_string; ... };, deprecated VIEW ^^^^ @@ -608,48 +507,31 @@ VIEW allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach-cache string; auth-nxdomain boolean; auto-dnssec ( allow | maintain | off ); - catalog-zones { zone string [ default-primaries [ port integer - ] [ dscp integer ] { ( remote-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; + catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; clients-per-query integer; - deny-answer-addresses { address_match_element; ... } [ - except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... - } ]; + deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; + deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); - disable-algorithms string { string; - ... }; - disable-ds-digests string { string; - ... }; + disable-algorithms string { string; ... }; + disable-ds-digests string { string; ... }; disable-empty-zone string; dlz string { database string; @@ -676,14 +558,9 @@ VIEW dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { - unspecified-text }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; + dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; + dyndb string quoted_string { unspecified-text }; edns-udp-size integer; empty-contact string; empty-server string; @@ -692,14 +569,12 @@ VIEW fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; glue-cache boolean;// deprecated ipv4only-contact string; ipv4only-enable boolean; ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | - boolean ); + ixfr-from-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; @@ -707,12 +582,7 @@ VIEW key-directory quoted_string; lame-ttl duration; lmdb-mapsize sizeval; - managed-keys { string ( - static-key | initial-key - | static-ds | initial-ds - ) integer integer - integer - quoted_string; ... };, deprecated + managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated masterfile-format ( raw | text ); masterfile-style ( full | relative ); match-clients { address_match_element; ... }; @@ -749,30 +619,21 @@ VIEW nocookie-udp-size integer; notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime duration; nta-recheck duration; nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - plugin ( query ) string [ { - unspecified-text } ]; + parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + plugin ( query ) string [ { unspecified-text } ]; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate-limit { all-per-second integer; errors-per-second integer; @@ -798,25 +659,11 @@ VIEW resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size - integer; - response-policy { zone string [ add-soa boolean ] [ log - boolean ] [ max-policy-ttl duration ] [ min-update-interval - duration ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ add-soa boolean ] [ - break-dnssec boolean ] [ max-policy-ttl duration ] [ - min-update-interval duration ] [ min-ns-dots integer ] [ - nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean - ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] - [ nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-padding { address_match_element; ... } block-size integer; + response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send-cookie boolean; serial-update-method ( date | increment | unixtime ); server netprefix { @@ -826,20 +673,12 @@ VIEW edns-version integer; keys server_key; max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port - ( integer | * ) ] ) | ( [ [ address ] ( - ipv4_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ - port ( integer | * ) ] ) | ( [ [ address ] ( - ipv6_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; @@ -847,10 +686,8 @@ VIEW tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail-ttl duration; @@ -866,19 +703,11 @@ VIEW stale-refresh-time duration; synth-from-dnssec boolean; transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust-anchor-telemetry boolean; // experimental - trust-anchors { string ( static-key | - initial-key | static-ds | initial-ds - ) integer integer integer - quoted_string; ... }; - trusted-keys { string - integer integer - integer - quoted_string; ... };, deprecated + trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; + trusted-keys { string integer integer integer quoted_string; ... };, deprecated try-tcp-refresh boolean; update-check-ksk boolean; use-alt-transfer-source boolean; diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 10da5ca64a..4b023f0b9c 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -48,17 +48,6 @@ C++ style: // to end of line .UNINDENT .sp Unix style: # to end of line -.SS ACL -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -acl string { address_match_element; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT .SS CONTROLS .INDENT 0.0 .INDENT 3.5 @@ -66,15 +55,8 @@ acl string { address_match_element; ... }; .nf .ft C controls { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] allow - { address_match_element; ... } [ - keys { string; ... } ] [ read\-only - boolean ]; - unix quoted_string perm integer - owner integer group integer [ - keys { string; ... } ] [ read\-only - boolean ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read\-only boolean ]; + unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read\-only boolean ]; }; .ft P .fi @@ -102,11 +84,9 @@ dlz string { .ft C dnssec\-policy string { dnskey\-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime - duration_or_unlimited algorithm string [ integer ]; ... }; + keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; max\-zone\-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ - salt\-length integer ]; + nsec3param [ iterations integer ] [ optout boolean ] [ salt\-length integer ]; parent\-ds\-ttl duration; parent\-propagation\-delay duration; publish\-safety duration; @@ -127,8 +107,7 @@ dnssec\-policy string { .sp .nf .ft C -dyndb string quoted_string { - unspecified\-text }; +dyndb string quoted_string { unspecified\-text }; .ft P .fi .UNINDENT @@ -172,8 +151,7 @@ logging { category string { string; ... }; channel string { buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] - [ size size ] [ suffix ( increment | timestamp ) ]; + file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print\-category boolean; print\-severity boolean; @@ -195,10 +173,7 @@ See DNSSEC\-KEYS. .sp .nf .ft C -managed\-keys { string ( static\-key - | initial\-key | static\-ds | - initial\-ds ) integer integer - integer quoted_string; ... };, deprecated +managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated .ft P .fi .UNINDENT @@ -218,18 +193,12 @@ options { allow\-query\-on { address_match_element; ... }; allow\-recursion { address_match_element; ... }; allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer\-cookie boolean; attach\-cache string; auth\-nxdomain boolean; @@ -239,19 +208,12 @@ options { avoid\-v6\-udp\-ports { portrange; ... }; bindkeys\-file quoted_string; blackhole { address_match_element; ... }; - catalog\-zones { zone string [ default\-primaries [ port integer - ] [ dscp integer ] { ( remote\-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; + catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); @@ -261,16 +223,12 @@ options { cookie\-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); - deny\-answer\-addresses { address_match_element; ... } [ - except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... - } ]; + deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; + deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; dialup ( notify | notify\-passive | passive | refresh | boolean ); directory quoted_string; - disable\-algorithms string { string; - ... }; - disable\-ds\-digests string { string; - ... }; + disable\-algorithms string { string; ... }; + disable\-ds\-digests string { string; ... }; disable\-empty\-zone string; dns64 netprefix { break\-dnssec boolean; @@ -293,18 +251,12 @@ options { dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap\-identity ( quoted_string | none | hostname ); - dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; + dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap\-version ( quoted_string | none ); dscp integer; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; + dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump\-file quoted_string; edns\-udp\-size integer; empty\-contact string; @@ -316,8 +268,7 @@ options { files ( default | unlimited | sizeval ); flush\-zones\-on\-shutdown boolean; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm\-set\-buffer\-hint integer; fstrm\-set\-flush\-timeout integer; fstrm\-set\-input\-queue\-size integer; @@ -337,19 +288,12 @@ options { ipv4only\-contact string; ipv4only\-enable boolean; ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | - boolean ); + ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); keep\-response\-order { address_match_element; ... }; key\-directory quoted_string; lame\-ttl duration; - listen\-on [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - listen\-on\-v6 [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; + listen\-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; + listen\-on\-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; lmdb\-mapsize sizeval; lock\-file ( quoted_string | none ); managed\-keys\-directory quoted_string; @@ -391,30 +335,22 @@ options { notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; notify\-rate integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; nta\-lifetime duration; nta\-recheck duration; nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; pid\-file ( quoted_string | none ); port integer; preferred\-glue string; prefetch integer [ integer ]; provide\-ixfr boolean; qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random\-device ( quoted_string | none ); rate\-limit { @@ -445,26 +381,12 @@ options { resolver\-nonbackoff\-tries integer; resolver\-query\-timeout integer; resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size - integer; - response\-policy { zone string [ add\-soa boolean ] [ log - boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval - duration ] [ policy ( cname | disabled | drop | given | no\-op - | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ - recursive\-only boolean ] [ nsip\-enable boolean ] [ - nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ - break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ - min\-update\-interval duration ] [ min\-ns\-dots integer ] [ - nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean - ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] - [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ - dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text - } ]; + response\-padding { address_match_element; ... } block\-size integer; + response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; reuseport boolean; root\-delegation\-only [ exclude { string; ... } ]; root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots\-file quoted_string; send\-cookie boolean; serial\-query\-rate integer; @@ -503,10 +425,8 @@ options { tls\-port integer; transfer\-format ( many\-answers | one\-answer ); transfer\-message\-size integer; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers\-in integer; transfers\-out integer; transfers\-per\-ns integer; @@ -535,11 +455,7 @@ options { .sp .nf .ft C -parental\-agents string [ port integer ] [ - dscp integer ] { ( remote\-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; +parental\-agents string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; .ft P .fi .UNINDENT @@ -550,8 +466,7 @@ parental\-agents string [ port integer ] [ .sp .nf .ft C -plugin ( query ) string [ { unspecified\-text - } ]; +plugin ( query ) string [ { unspecified\-text } ]; .ft P .fi .UNINDENT @@ -562,11 +477,7 @@ plugin ( query ) string [ { unspecified\-text .sp .nf .ft C -primaries string [ port integer ] [ dscp - integer ] { ( remote\-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; +primaries string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; .ft P .fi .UNINDENT @@ -584,18 +495,12 @@ server netprefix { edns\-version integer; keys server_key; max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; @@ -603,10 +508,8 @@ server netprefix { tcp\-keepalive boolean; tcp\-only boolean; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; .ft P @@ -620,10 +523,7 @@ server netprefix { .nf .ft C statistics\-channels { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] [ - allow { address_match_element; ... - } ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; }; .ft P .fi @@ -656,10 +556,7 @@ tls string { .sp .nf .ft C -trust\-anchors { string ( static\-key | - initial\-key | static\-ds | initial\-ds ) - integer integer integer - quoted_string; ... }; +trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; .ft P .fi .UNINDENT @@ -672,9 +569,7 @@ Deprecated \- see DNSSEC\-KEYS. .sp .nf .ft C -trusted\-keys { string integer - integer integer - quoted_string; ... };, deprecated +trusted\-keys { string integer integer integer quoted_string; ... };, deprecated .ft P .fi .UNINDENT @@ -694,48 +589,31 @@ view string [ class ] { allow\-query\-on { address_match_element; ... }; allow\-recursion { address_match_element; ... }; allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach\-cache string; auth\-nxdomain boolean; auto\-dnssec ( allow | maintain | off ); - catalog\-zones { zone string [ default\-primaries [ port integer - ] [ dscp integer ] { ( remote\-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; + catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard boolean; clients\-per\-query integer; - deny\-answer\-addresses { address_match_element; ... } [ - except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... - } ]; + deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; + deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; dialup ( notify | notify\-passive | passive | refresh | boolean ); - disable\-algorithms string { string; - ... }; - disable\-ds\-digests string { string; - ... }; + disable\-algorithms string { string; ... }; + disable\-ds\-digests string { string; ... }; disable\-empty\-zone string; dlz string { database string; @@ -762,14 +640,9 @@ view string [ class ] { dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { - unspecified\-text }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; + dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; + dyndb string quoted_string { unspecified\-text }; edns\-udp\-size integer; empty\-contact string; empty\-server string; @@ -778,14 +651,12 @@ view string [ class ] { fetches\-per\-server integer [ ( drop | fail ) ]; fetches\-per\-zone integer [ ( drop | fail ) ]; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; glue\-cache boolean;// deprecated ipv4only\-contact string; ipv4only\-enable boolean; ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | - boolean ); + ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; @@ -793,12 +664,7 @@ view string [ class ] { key\-directory quoted_string; lame\-ttl duration; lmdb\-mapsize sizeval; - managed\-keys { string ( - static\-key | initial\-key - | static\-ds | initial\-ds - ) integer integer - integer - quoted_string; ... };, deprecated + managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); match\-clients { address_match_element; ... }; @@ -835,30 +701,21 @@ view string [ class ] { nocookie\-udp\-size integer; notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; nta\-lifetime duration; nta\-recheck duration; nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - plugin ( query ) string [ { - unspecified\-text } ]; + parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + plugin ( query ) string [ { unspecified\-text } ]; preferred\-glue string; prefetch integer [ integer ]; provide\-ixfr boolean; qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate\-limit { all\-per\-second integer; errors\-per\-second integer; @@ -884,25 +741,11 @@ view string [ class ] { resolver\-nonbackoff\-tries integer; resolver\-query\-timeout integer; resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size - integer; - response\-policy { zone string [ add\-soa boolean ] [ log - boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval - duration ] [ policy ( cname | disabled | drop | given | no\-op - | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ - recursive\-only boolean ] [ nsip\-enable boolean ] [ - nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ - break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ - min\-update\-interval duration ] [ min\-ns\-dots integer ] [ - nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean - ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] - [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ - dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text - } ]; + response\-padding { address_match_element; ... } block\-size integer; + response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; root\-delegation\-only [ exclude { string; ... } ]; root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send\-cookie boolean; serial\-update\-method ( date | increment | unixtime ); server netprefix { @@ -912,20 +755,12 @@ view string [ class ] { edns\-version integer; keys server_key; max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port - ( integer | * ) ] ) | ( [ [ address ] ( - ipv4_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ - port ( integer | * ) ] ) | ( [ [ address ] ( - ipv6_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; @@ -933,10 +768,8 @@ view string [ class ] { tcp\-keepalive boolean; tcp\-only boolean; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail\-ttl duration; @@ -952,19 +785,11 @@ view string [ class ] { stale\-refresh\-time duration; synth\-from\-dnssec boolean; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust\-anchor\-telemetry boolean; // experimental - trust\-anchors { string ( static\-key | - initial\-key | static\-ds | initial\-ds - ) integer integer integer - quoted_string; ... }; - trusted\-keys { string - integer integer - integer - quoted_string; ... };, deprecated + trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; + trusted\-keys { string integer integer integer quoted_string; ... };, deprecated try\-tcp\-refresh boolean; update\-check\-ksk boolean; use\-alt\-transfer\-source boolean; diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index 7481632e96..30a3c30e80 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -70,10 +70,10 @@ BUILT_SOURCES = \ $(OPTIONS_FILES) options: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ options.active: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl > $@ primary.zoneopt: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@ diff --git a/doc/misc/acl.grammar.rst b/doc/misc/acl.grammar.rst index d27dab3a15..fb57865687 100644 --- a/doc/misc/acl.grammar.rst +++ b/doc/misc/acl.grammar.rst @@ -11,4 +11,3 @@ :: - acl { ; ... }; diff --git a/doc/misc/controls.grammar.rst b/doc/misc/controls.grammar.rst index 440bce4929..0f2ec38d8e 100644 --- a/doc/misc/controls.grammar.rst +++ b/doc/misc/controls.grammar.rst @@ -12,13 +12,6 @@ :: controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; + unix perm owner group [ keys { ; ... } ] [ read-only ]; }; diff --git a/doc/misc/dnssec-policy.grammar.rst b/doc/misc/dnssec-policy.grammar.rst index 0aec73b683..da56f07770 100644 --- a/doc/misc/dnssec-policy.grammar.rst +++ b/doc/misc/dnssec-policy.grammar.rst @@ -13,11 +13,9 @@ dnssec-policy { dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; + nsec3param [ iterations ] [ optout ] [ salt-length ]; parent-ds-ttl ; parent-propagation-delay ; publish-safety ; diff --git a/doc/misc/logging.grammar.rst b/doc/misc/logging.grammar.rst index 377d6e968d..19986ece88 100644 --- a/doc/misc/logging.grammar.rst +++ b/doc/misc/logging.grammar.rst @@ -15,8 +15,7 @@ category { ; ... }; channel { buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; null; print-category ; print-severity ; diff --git a/doc/misc/managed-keys.grammar.rst b/doc/misc/managed-keys.grammar.rst index a57f8ef8a6..4393184d7d 100644 --- a/doc/misc/managed-keys.grammar.rst +++ b/doc/misc/managed-keys.grammar.rst @@ -11,7 +11,4 @@ :: - managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... };, deprecated + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... };, deprecated diff --git a/doc/misc/options b/doc/misc/options index d67df24cd6..204c0a4a48 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -1,764 +1,596 @@ - -// This is a summary of the named.conf options supported by -// this version of BIND 9. - acl { ; ... }; // may occur multiple times controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times }; // may occur multiple times dlz { - database ; - search ; + database ; + search ; }; // may occur multiple times dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - parent-registration-delay ; // obsolete - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; + dnskey-ttl ; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; + max-zone-ttl ; + nsec3param [ iterations ] [ optout ] [ salt-length ]; + parent-ds-ttl ; + parent-propagation-delay ; + parent-registration-delay ; // obsolete + publish-safety ; + purge-keys ; + retire-safety ; + signatures-refresh ; + signatures-validity ; + signatures-validity-dnskey ; + zone-propagation-delay ; }; // may occur multiple times -dyndb { - }; // may occur multiple times +dyndb { }; // may occur multiple times http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; + endpoints { ; ... }; + listener-clients ; + streams-per-connection ; }; // may occur multiple times key { - algorithm ; - secret ; + algorithm ; + secret ; }; // may occur multiple times logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print-category ; + print-severity ; + print-time ( iso8601 | iso8601-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... }; // may occur multiple times, deprecated +managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - glue-cache ; // deprecated - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - keep-response-order { ; ... }; - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - suppress-initial-notify ; // obsolete - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer-cookie ; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + automatic-interface-scan ; + avoid-v4-udp-ports { ; ... }; + avoid-v6-udp-ports { ; ... }; + bindkeys-file ; + blackhole { ; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + cookie-algorithm ( aes | siphash24 ); + cookie-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + directory ; + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap-identity ( | none | hostname ); // not configured + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap-version ( | none ); // not configured + dscp ; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump-file ; + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush-zones-on-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm-set-buffer-hint ; // not configured + fstrm-set-flush-timeout ; // not configured + fstrm-set-input-queue-size ; // not configured + fstrm-set-output-notify-threshold ; // not configured + fstrm-set-output-queue-model ( mpsc | spsc ); // not configured + fstrm-set-output-queue-size ; // not configured + fstrm-set-reopen-interval ; // not configured + geoip-directory ( | none ); + glue-cache ; // deprecated + heartbeat-interval ; + hostname ( | none ); + http-listener-clients ; + http-port ; + http-streams-per-connection ; + https-port ; + interface-interval ; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + keep-response-order { ; ... }; + key-directory ; + lame-ttl ; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb-mapsize ; + lock-file ( | none ); + managed-keys-directory ; + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-rsa-exponent-size ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + memstatistics ; + memstatistics-file ; + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-rate ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nsec3-test-zone ; // test only + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid-file ( | none ); + port ; + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random-device ( | none ); + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursing-file ; + recursion ; + recursive-clients ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + reserved-sockets ; // deprecated + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + reuseport ; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + secroots-file ; + send-cookie ; + serial-query-rate ; + serial-update-method ( date | increment | unixtime ); + server-id ( | none | hostname ); + servfail-ttl ; + session-keyalg ; + session-keyfile ( | none ); + session-keyname ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + startup-notify-rate ; + statistics-file ; + suppress-initial-notify ; // obsolete + synth-from-dnssec ; + tcp-advertised-timeout ; + tcp-clients ; + tcp-idle-timeout ; + tcp-initial-timeout ; + tcp-keepalive-timeout ; + tcp-listen-queue ; + tcp-receive-buffer ; + tcp-send-buffer ; + tkey-dhkey ; + tkey-domain ; + tkey-gssapi-credential ; + tkey-gssapi-keytab ; + tls-port ; + transfer-format ( many-answers | one-answer ); + transfer-message-size ; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers-in ; + transfers-out ; + transfers-per-ns ; + trust-anchor-telemetry ; // experimental + try-tcp-refresh ; + udp-receive-buffer ; + udp-send-buffer ; + update-check-ksk ; + use-alt-transfer-source ; + use-v4-udp-ports { ; ... }; + use-v6-udp-ports { ; ... }; + v6-bias ; + validate-except { ; ... }; + version ( | none ); + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; -parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times -plugin ( query ) [ { - } ]; // may occur multiple times +plugin ( query ) [ { } ]; // may occur multiple times -primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; }; // may occur multiple times statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times }; // may occur multiple times tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; + ca-file ; + cert-file ; + ciphers ; + dhparam-file ; + key-file ; + prefer-server-ciphers ; + protocols { ; ... }; + remote-hostname ; + session-tickets ; }; // may occur multiple times -trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; // may occur multiple times +trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times -trusted-keys { - - ; ... }; // may occur multiple times, deprecated +trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dyndb { - }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - glue-cache ; // deprecated - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( - static-key | initial-key - | static-ds | initial-ds - ) - - ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - plugin ( query ) [ { - } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port - ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ - port ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - suppress-initial-notify ; // obsolete - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds - ) - ; ... }; // may occur multiple times - trusted-keys { - - - ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + glue-cache ; // deprecated + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key-directory ; + lame-ttl ; + lmdb-mapsize ; + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-clients { ; ... }; + match-destinations { ; ... }; + match-recursive-only ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nsec3-test-zone ; // test only + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursion ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + send-cookie ; + serial-update-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail-ttl ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + suppress-initial-notify ; // obsolete + synth-from-dnssec ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust-anchor-telemetry ; // experimental + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times + trusted-keys { ; ... }; // may occur multiple times, deprecated + try-tcp-refresh ; + update-check-ksk ; + use-alt-transfer-source ; + v6-bias ; + validate-except { ; ... }; + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.active b/doc/misc/options.active index d462fd06e2..b7215e01a2 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -1,759 +1,591 @@ - -// This is a summary of the named.conf options supported by -// this version of BIND 9. - acl { ; ... }; // may occur multiple times controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times }; // may occur multiple times dlz { - database ; - search ; + database ; + search ; }; // may occur multiple times dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; + dnskey-ttl ; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; + max-zone-ttl ; + nsec3param [ iterations ] [ optout ] [ salt-length ]; + parent-ds-ttl ; + parent-propagation-delay ; + publish-safety ; + purge-keys ; + retire-safety ; + signatures-refresh ; + signatures-validity ; + signatures-validity-dnskey ; + zone-propagation-delay ; }; // may occur multiple times -dyndb { - }; // may occur multiple times +dyndb { }; // may occur multiple times http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; + endpoints { ; ... }; + listener-clients ; + streams-per-connection ; }; // may occur multiple times key { - algorithm ; - secret ; + algorithm ; + secret ; }; // may occur multiple times logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print-category ; + print-severity ; + print-time ( iso8601 | iso8601-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... }; // may occur multiple times, deprecated +managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - glue-cache ; // deprecated - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - keep-response-order { ; ... }; - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer-cookie ; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + automatic-interface-scan ; + avoid-v4-udp-ports { ; ... }; + avoid-v6-udp-ports { ; ... }; + bindkeys-file ; + blackhole { ; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + cookie-algorithm ( aes | siphash24 ); + cookie-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + directory ; + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap-identity ( | none | hostname ); // not configured + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap-version ( | none ); // not configured + dscp ; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump-file ; + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush-zones-on-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm-set-buffer-hint ; // not configured + fstrm-set-flush-timeout ; // not configured + fstrm-set-input-queue-size ; // not configured + fstrm-set-output-notify-threshold ; // not configured + fstrm-set-output-queue-model ( mpsc | spsc ); // not configured + fstrm-set-output-queue-size ; // not configured + fstrm-set-reopen-interval ; // not configured + geoip-directory ( | none ); + glue-cache ; // deprecated + heartbeat-interval ; + hostname ( | none ); + http-listener-clients ; + http-port ; + http-streams-per-connection ; + https-port ; + interface-interval ; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + keep-response-order { ; ... }; + key-directory ; + lame-ttl ; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb-mapsize ; + lock-file ( | none ); + managed-keys-directory ; + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-rsa-exponent-size ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + memstatistics ; + memstatistics-file ; + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-rate ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid-file ( | none ); + port ; + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random-device ( | none ); + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursing-file ; + recursion ; + recursive-clients ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + reserved-sockets ; // deprecated + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + reuseport ; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + secroots-file ; + send-cookie ; + serial-query-rate ; + serial-update-method ( date | increment | unixtime ); + server-id ( | none | hostname ); + servfail-ttl ; + session-keyalg ; + session-keyfile ( | none ); + session-keyname ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + startup-notify-rate ; + statistics-file ; + synth-from-dnssec ; + tcp-advertised-timeout ; + tcp-clients ; + tcp-idle-timeout ; + tcp-initial-timeout ; + tcp-keepalive-timeout ; + tcp-listen-queue ; + tcp-receive-buffer ; + tcp-send-buffer ; + tkey-dhkey ; + tkey-domain ; + tkey-gssapi-credential ; + tkey-gssapi-keytab ; + tls-port ; + transfer-format ( many-answers | one-answer ); + transfer-message-size ; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers-in ; + transfers-out ; + transfers-per-ns ; + trust-anchor-telemetry ; // experimental + try-tcp-refresh ; + udp-receive-buffer ; + udp-send-buffer ; + update-check-ksk ; + use-alt-transfer-source ; + use-v4-udp-ports { ; ... }; + use-v6-udp-ports { ; ... }; + v6-bias ; + validate-except { ; ... }; + version ( | none ); + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; -parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times -plugin ( query ) [ { - } ]; // may occur multiple times +plugin ( query ) [ { } ]; // may occur multiple times -primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; }; // may occur multiple times statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times }; // may occur multiple times tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; + ca-file ; + cert-file ; + ciphers ; + dhparam-file ; + key-file ; + prefer-server-ciphers ; + protocols { ; ... }; + remote-hostname ; + session-tickets ; }; // may occur multiple times -trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; // may occur multiple times +trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times -trusted-keys { - - ; ... }; // may occur multiple times, deprecated +trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dyndb { - }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - glue-cache ; // deprecated - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( - static-key | initial-key - | static-ds | initial-ds - ) - - ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - plugin ( query ) [ { - } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port - ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ - port ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds - ) - ; ... }; // may occur multiple times - trusted-keys { - - - ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + glue-cache ; // deprecated + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key-directory ; + lame-ttl ; + lmdb-mapsize ; + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-clients { ; ... }; + match-destinations { ; ... }; + match-recursive-only ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursion ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + send-cookie ; + serial-update-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail-ttl ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + synth-from-dnssec ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust-anchor-telemetry ; // experimental + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times + trusted-keys { ; ... }; // may occur multiple times, deprecated + try-tcp-refresh ; + update-check-ksk ; + use-alt-transfer-source ; + v6-bias ; + validate-except { ; ... }; + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst index 9a7b669325..e731cf1307 100644 --- a/doc/misc/options.grammar.rst +++ b/doc/misc/options.grammar.rst @@ -20,18 +20,12 @@ allow-query-on { ; ... }; allow-recursion { ; ... }; allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; allow-update { ; ... }; allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; answer-cookie ; attach-cache ; auth-nxdomain ; @@ -41,19 +35,12 @@ avoid-v6-udp-ports { ; ... }; bindkeys-file ; blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling ; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); @@ -63,16 +50,12 @@ cookie-secret ; coresize ( default | unlimited | ); datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; dialup ( notify | notify-passive | passive | refresh | ); directory ; - disable-algorithms { ; - ... }; - disable-ds-digests { ; - ... }; + disable-algorithms { ; ... }; + disable-ds-digests { ; ... }; disable-empty-zone ; dns64 { break-dnssec ; @@ -95,18 +78,12 @@ dnssec-secure-to-insecure ; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; dnstap-version ( | none ); dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; dump-file ; edns-udp-size ; empty-contact ; @@ -118,8 +95,7 @@ files ( default | unlimited | ); flush-zones-on-shutdown ; forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; fstrm-set-buffer-hint ; fstrm-set-flush-timeout ; fstrm-set-input-queue-size ; @@ -139,19 +115,12 @@ ipv4only-contact ; ipv4only-enable ; ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); + ixfr-from-differences ( primary | master | secondary | slave | ); keep-response-order { ; ... }; key-directory ; lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; lmdb-mapsize ; lock-file ( | none ); managed-keys-directory ; @@ -193,30 +162,22 @@ notify ( explicit | master-only | primary-only | ); notify-delay ; notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; nta-lifetime ; nta-recheck ; nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; pid-file ( | none ); port ; preferred-glue ; prefetch [ ]; provide-ixfr ; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; querylog ; random-device ( | none ); rate-limit { @@ -247,26 +208,12 @@ resolver-nonbackoff-tries ; resolver-query-timeout ; resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; reuseport ; root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; + rrset-order { [ class ] [ type ] [ name ] ; ... }; secroots-file ; send-cookie ; serial-query-rate ; @@ -305,10 +252,8 @@ tls-port ; transfer-format ( many-answers | one-answer ); transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; transfers-in ; transfers-out ; transfers-per-ns ; diff --git a/doc/misc/parental-agents.grammar.rst b/doc/misc/parental-agents.grammar.rst index f30e6a8105..b09cc33787 100644 --- a/doc/misc/parental-agents.grammar.rst +++ b/doc/misc/parental-agents.grammar.rst @@ -11,8 +11,4 @@ :: - parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; + parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/primaries.grammar.rst b/doc/misc/primaries.grammar.rst index aceea97306..b6c680fb03 100644 --- a/doc/misc/primaries.grammar.rst +++ b/doc/misc/primaries.grammar.rst @@ -11,8 +11,4 @@ :: - primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/server.grammar.rst b/doc/misc/server.grammar.rst index 526636ec90..b62959ae7d 100644 --- a/doc/misc/server.grammar.rst +++ b/doc/misc/server.grammar.rst @@ -18,18 +18,12 @@ edns-version ; keys ; max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; padding ; provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; request-expire ; request-ixfr ; request-nsid ; @@ -37,9 +31,7 @@ tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; transfers ; }; diff --git a/doc/misc/statistics-channels.grammar.rst b/doc/misc/statistics-channels.grammar.rst index 7a4ef27d25..8e4d964598 100644 --- a/doc/misc/statistics-channels.grammar.rst +++ b/doc/misc/statistics-channels.grammar.rst @@ -12,8 +12,5 @@ :: statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; }; diff --git a/doc/misc/trust-anchors.grammar.rst b/doc/misc/trust-anchors.grammar.rst index eabe7c082c..e389e73be9 100644 --- a/doc/misc/trust-anchors.grammar.rst +++ b/doc/misc/trust-anchors.grammar.rst @@ -11,7 +11,4 @@ :: - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; diff --git a/doc/misc/trusted-keys.grammar.rst b/doc/misc/trusted-keys.grammar.rst index 55cfa3805d..47aa831815 100644 --- a/doc/misc/trusted-keys.grammar.rst +++ b/doc/misc/trusted-keys.grammar.rst @@ -11,6 +11,4 @@ :: - trusted-keys { - - ; ... };, deprecated + trusted-keys { ; ... };, deprecated