From 91cdb031b82ef8fe347078e97cba528ae41fc218 Mon Sep 17 00:00:00 2001
From: Tinderbox User <tbox@isc.org>
Date: Thu, 3 Nov 2016 01:16:35 +0000
Subject: [PATCH] regen v9_10

---
 bin/named/named.conf.5      |   3 +
 bin/named/named.conf.html   |   3 +
 doc/arm/Bv9ARM.ch06.html    |  11 +++
 doc/arm/Bv9ARM.ch09.html    |   7 ++
 doc/arm/man.named.conf.html |   3 +
 doc/arm/notes.html          |   7 ++
 doc/misc/options            | 149 +++++++++++++++++++++---------------
 7 files changed, 121 insertions(+), 62 deletions(-)

diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 78b0700261..b5c4d0db27 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -351,6 +351,7 @@ options {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
 	};
 	max\-journal\-size \fIsize_no_default\fR;
+	max\-records \fIinteger\fR;
 	max\-transfer\-time\-in \fIinteger\fR;
 	max\-transfer\-time\-out \fIinteger\fR;
 	max\-transfer\-idle\-in \fIinteger\fR;
@@ -532,6 +533,7 @@ view \fIstring\fR \fIoptional_class\fR {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
 	};
 	max\-journal\-size \fIsize_no_default\fR;
+	max\-records \fIinteger\fR;
 	max\-transfer\-time\-in \fIinteger\fR;
 	max\-transfer\-time\-out \fIinteger\fR;
 	max\-transfer\-idle\-in \fIinteger\fR;
@@ -623,6 +625,7 @@ zone \fIstring\fR \fIoptional_class\fR {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
 	};
 	max\-journal\-size \fIsize_no_default\fR;
+	max\-records \fIinteger\fR;
 	max\-transfer\-time\-in \fIinteger\fR;
 	max\-transfer\-time\-out \fIinteger\fR;
 	max\-transfer\-idle\-in \fIinteger\fR;
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 9981084d09..fc0dbf7dcc 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -302,6 +302,7 @@ options
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -498,6 +499,7 @@ view
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -594,6 +596,7 @@ zone
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 884b7e2844..27e4fcdcc8 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -2338,6 +2338,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
     [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
     [<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
+    [<span class="optional"> max-records <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
@@ -5112,6 +5113,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   means 2 gigabytes.
                   This may also be set on a per-zone basis.
                 </p></dd>
+<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
+<dd><p>
+                  The maximum number of records permitted in a zone.
+                  The default is zero which means unlimited.
+                </p></dd>
 <dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
 <dd><p>
                   In BIND 8, specifies the maximum number of host statistics
@@ -8529,6 +8535,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
                     See the description of
                     <span class="command"><strong>max-journal-size</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server  Resource Limits&#8221;</a>.
                   </p></dd>
+<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
+<dd><p>
+                    See the description of
+                    <span class="command"><strong>max-records</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server  Resource Limits&#8221;</a>.
+                  </p></dd>
 <dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt>
 <dd><p>
                     See the description of
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index d8f714594b..8c841bc517 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -88,6 +88,13 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Added the ability to specify the maximum number of records
+	  permitted in a zone (max-records #;).  This provides a mechanism
+	  to block overly large zone transfers, which is a potential risk
+	  with slave zones from other parties, as described in CVE-2016-6170.
+	  [RT #42143]
+	</p></li>
 <li class="listitem"><p>
 	  It was possible to trigger a assertion when rendering a
 	  message using a specially crafted request. This flaw is
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index f796c19e4c..832f42721c 100644
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -321,6 +321,7 @@ options
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -517,6 +518,7 @@ view
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -613,6 +615,7 @@ zone
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index c4a5b5e993..cdac8bc46d 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -48,6 +48,13 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Added the ability to specify the maximum number of records
+	  permitted in a zone (max-records #;).  This provides a mechanism
+	  to block overly large zone transfers, which is a potential risk
+	  with slave zones from other parties, as described in CVE-2016-6170.
+	  [RT #42143]
+	</p></li>
 <li class="listitem"><p>
 	  It was possible to trigger a assertion when rendering a
 	  message using a specially crafted request. This flaw is
diff --git a/doc/misc/options b/doc/misc/options
index 22ebacd0c1..f001eebdf0 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -2,28 +2,30 @@
 This is a summary of the named.conf options supported by 
 this version of BIND 9.
 
-acl <string> { <address_match_element>; ... };
+acl <string> { <address_match_element>; ... }; // may occur multiple times
 
 controls {
-        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
-            ) ] allow { <address_match_element>; ... } [ keys { <string>;
-            ... } ];
-        unix <quoted_string> perm <integer> owner <integer> group <integer>
-            [ keys { <string>; ... } ];
-};
+        inet ( <ipv4_address> | <ipv6_address> |
+            * ) [ port ( <integer> | * ) ] allow
+            { <address_match_element>; ... } [
+            keys { <string>; ... } ]; // may occur multiple times
+        unix <quoted_string> perm <integer>
+            owner <integer> group <integer> [
+            keys { <string>; ... } ]; // may occur multiple times
+}; // may occur multiple times
 
 dlz <string> {
         database <string>;
         search <boolean>;
-};
+}; // may occur multiple times
 
 key <string> {
         algorithm <string>;
         secret <string>;
-};
+}; // may occur multiple times
 
 logging {
-        category <string> { <string>; ... };
+        category <string> { <string>; ... }; // may occur multiple times
         channel <string> {
                 file <quoted_string> [ versions ( "unlimited" | <integer> )
                     ] [ size <size> ];
@@ -34,7 +36,7 @@ logging {
                 severity <log_severity>;
                 stderr;
                 syslog [ <syslog_facility> ];
-        };
+        }; // may occur multiple times
 };
 
 lwres {
@@ -43,14 +45,15 @@ lwres {
         ndots <integer>;
         search { <string>; ... };
         view <string> [ <class> ];
-};
+}; // may occur multiple times
 
-managed-keys { <string> <string> <integer> <integer> <integer>
-    <quoted_string>; ... };
+managed-keys { <string> <string> <integer>
+    <integer> <integer> <quoted_string>; ... }; // may occur multiple times
 
-masters <string> [ port <integer> ] [ dscp <integer> ] { ( <masters> |
-    <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] )
-    [ key <string> ]; ... };
+masters <string> [ port <integer> ] [ dscp
+    <integer> ] { ( <masters> | <ipv4_address> [
+    port <integer> ] | <ipv6_address> [ port
+    <integer> ] ) [ key <string> ]; ... }; // may occur multiple times
 
 options {
         acache-cleaning-interval <integer>;
@@ -89,7 +92,8 @@ options {
         check-integrity <boolean>;
         check-mx ( fail | warn | ignore );
         check-mx-cname ( fail | warn | ignore );
-        check-names ( master | slave | response ) ( fail | warn | ignore );
+        check-names ( master | slave | response
+            ) ( fail | warn | ignore ); // may occur multiple times
         check-sibling <boolean>;
         check-spf ( warn | ignore );
         check-srv-cname ( fail | warn | ignore );
@@ -105,9 +109,11 @@ options {
             <quoted_string>; ... } ];
         dialup ( notify | notify-passive | refresh | passive | <boolean> );
         directory <quoted_string>;
-        disable-algorithms <string> { <string>; ... };
-        disable-ds-digests <string> { <string>; ... };
-        disable-empty-zone <string>;
+        disable-algorithms <string> { <string>;
+            ... }; // may occur multiple times
+        disable-ds-digests <string> { <string>;
+            ... }; // may occur multiple times
+        disable-empty-zone <string>; // may occur multiple times
         dns64 <netprefix> {
                 break-dnssec <boolean>;
                 clients { <address_match_element>; ... };
@@ -115,15 +121,16 @@ options {
                 mapped { <address_match_element>; ... };
                 recursive-only <boolean>;
                 suffix <ipv6_address>;
-        };
+        }; // may occur multiple times
         dns64-contact <string>;
         dns64-server <string>;
         dnssec-accept-expired <boolean>;
         dnssec-dnskey-kskonly <boolean>;
         dnssec-enable <boolean>;
         dnssec-loadkeys-interval <integer>;
-        dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
-        dnssec-must-be-secure <string> <boolean>;
+        dnssec-lookaside ( <string> trust-anchor
+            <string> | auto | no ); // may occur multiple times
+        dnssec-must-be-secure <string> <boolean>; // may occur multiple times
         dnssec-secure-to-insecure <boolean>;
         dnssec-update-mode ( maintain | no-resign );
         dnssec-validation ( yes | no | auto );
@@ -162,10 +169,12 @@ options {
         ixfr-from-differences ( master | slave | <boolean> );
         key-directory <quoted_string>;
         lame-ttl <integer>;
-        listen-on [ port <integer> ] [ dscp <integer> ] {
-            <address_match_element>; ... };
-        listen-on-v6 [ port <integer> ] [ dscp <integer> ] {
-            <address_match_element>; ... };
+        listen-on [ port <integer> ] [ dscp
+            <integer> ] {
+            <address_match_element>; ... }; // may occur multiple times
+        listen-on-v6 [ port <integer> ] [ dscp
+            <integer> ] {
+            <address_match_element>; ... }; // may occur multiple times
         maintain-ixfr-base <boolean>; // obsolete
         managed-keys-directory <quoted_string>;
         masterfile-format ( text | raw | map );
@@ -177,6 +186,7 @@ options {
         max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-ncache-ttl <integer>;
+        max-records <integer>;
         max-recursion-depth <integer>;
         max-recursion-queries <integer>;
         max-refresh-time <integer>;
@@ -198,7 +208,7 @@ options {
         multiple-cnames <boolean>; // obsolete
         named-xfer <quoted_string>; // obsolete
         no-case-compress { <address_match_element>; ... };
-        nosit-udp-size <integer>; // not configured
+        nosit-udp-size <integer>; // not configured, experimental
         notify ( explicit | master-only | <boolean> );
         notify-delay <integer>;
         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@@ -240,7 +250,7 @@ options {
         recursive-clients <integer>;
         request-ixfr <boolean>;
         request-nsid <boolean>;
-        request-sit <boolean>; // not configured
+        request-sit <boolean>; // not configured, experimental
         reserved-sockets <integer>;
         resolver-query-timeout <integer>;
         response-policy { zone <quoted_string> [ policy ( given | disabled
@@ -265,7 +275,7 @@ options {
         sig-signing-signatures <integer>;
         sig-signing-type <integer>;
         sig-validity-interval <integer> [ <integer> ];
-        sit-secret <string>; // not configured
+        sit-secret <string>; // not configured, experimental
         sortlist { <address_match_element>; ... };
         stacksize ( unlimited | default | <sizeval> );
         statistics-file <quoted_string>;
@@ -287,7 +297,7 @@ options {
         transfers-out <integer>;
         transfers-per-ns <integer>;
         treat-cr-as-space <boolean>; // obsolete
-        trust-anchor-telemetry <boolean>;
+        trust-anchor-telemetry <boolean>; // experimental
         try-tcp-refresh <boolean>;
         update-check-ksk <boolean>;
         use-alt-transfer-source <boolean>;
@@ -317,7 +327,7 @@ server <netprefix> {
         query-source-v6 <querysource6>;
         request-ixfr <boolean>;
         request-nsid <boolean>;
-        request-sit <boolean>; // not configured
+        request-sit <boolean>; // not configured, experimental
         support-ixfr <boolean>; // obsolete
         tcp-only <boolean>;
         transfer-format ( many-answers | one-answer );
@@ -326,14 +336,17 @@ server <netprefix> {
         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
             ] [ dscp <integer> ];
         transfers <integer>;
-};
+}; // may occur multiple times
 
 statistics-channels {
-        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
-            ) ] [ allow { <address_match_element>; ... } ];
-};
+        inet ( <ipv4_address> | <ipv6_address> |
+            * ) [ port ( <integer> | * ) ] [
+            allow { <address_match_element>; ...
+            } ]; // may occur multiple times
+}; // may occur multiple times
 
-trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
+trusted-keys { <string> <integer> <integer>
+    <integer> <quoted_string>; ... }; // may occur multiple times
 
 view <string> [ <class> ] {
         acache-cleaning-interval <integer>;
@@ -367,7 +380,8 @@ view <string> [ <class> ] {
         check-integrity <boolean>;
         check-mx ( fail | warn | ignore );
         check-mx-cname ( fail | warn | ignore );
-        check-names ( master | slave | response ) ( fail | warn | ignore );
+        check-names ( master | slave | response
+            ) ( fail | warn | ignore ); // may occur multiple times
         check-sibling <boolean>;
         check-spf ( warn | ignore );
         check-srv-cname ( fail | warn | ignore );
@@ -379,13 +393,15 @@ view <string> [ <class> ] {
         deny-answer-aliases { <quoted_string>; ... } [ except-from {
             <quoted_string>; ... } ];
         dialup ( notify | notify-passive | refresh | passive | <boolean> );
-        disable-algorithms <string> { <string>; ... };
-        disable-ds-digests <string> { <string>; ... };
-        disable-empty-zone <string>;
+        disable-algorithms <string> { <string>;
+            ... }; // may occur multiple times
+        disable-ds-digests <string> { <string>;
+            ... }; // may occur multiple times
+        disable-empty-zone <string>; // may occur multiple times
         dlz <string> {
                 database <string>;
                 search <boolean>;
-        };
+        }; // may occur multiple times
         dns64 <netprefix> {
                 break-dnssec <boolean>;
                 clients { <address_match_element>; ... };
@@ -393,15 +409,16 @@ view <string> [ <class> ] {
                 mapped { <address_match_element>; ... };
                 recursive-only <boolean>;
                 suffix <ipv6_address>;
-        };
+        }; // may occur multiple times
         dns64-contact <string>;
         dns64-server <string>;
         dnssec-accept-expired <boolean>;
         dnssec-dnskey-kskonly <boolean>;
         dnssec-enable <boolean>;
         dnssec-loadkeys-interval <integer>;
-        dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
-        dnssec-must-be-secure <string> <boolean>;
+        dnssec-lookaside ( <string> trust-anchor
+            <string> | auto | no ); // may occur multiple times
+        dnssec-must-be-secure <string> <boolean>; // may occur multiple times
         dnssec-secure-to-insecure <boolean>;
         dnssec-update-mode ( maintain | no-resign );
         dnssec-validation ( yes | no | auto );
@@ -429,12 +446,13 @@ view <string> [ <class> ] {
         key <string> {
                 algorithm <string>;
                 secret <string>;
-        };
+        }; // may occur multiple times
         key-directory <quoted_string>;
         lame-ttl <integer>;
         maintain-ixfr-base <boolean>; // obsolete
-        managed-keys { <string> <string> <integer> <integer> <integer>
-            <quoted_string>; ... };
+        managed-keys { <string> <string>
+            <integer> <integer> <integer>
+            <quoted_string>; ... }; // may occur multiple times
         masterfile-format ( text | raw | map );
         match-clients { <address_match_element>; ... };
         match-destinations { <address_match_element>; ... };
@@ -446,6 +464,7 @@ view <string> [ <class> ] {
         max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-ncache-ttl <integer>;
+        max-records <integer>;
         max-recursion-depth <integer>;
         max-recursion-queries <integer>;
         max-refresh-time <integer>;
@@ -462,7 +481,7 @@ view <string> [ <class> ] {
         minimal-responses <boolean>;
         multi-master <boolean>;
         no-case-compress { <address_match_element>; ... };
-        nosit-udp-size <integer>; // not configured
+        nosit-udp-size <integer>; // not configured, experimental
         notify ( explicit | master-only | <boolean> );
         notify-delay <integer>;
         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@@ -498,7 +517,7 @@ view <string> [ <class> ] {
         recursion <boolean>;
         request-ixfr <boolean>;
         request-nsid <boolean>;
-        request-sit <boolean>; // not configured
+        request-sit <boolean>; // not configured, experimental
         resolver-query-timeout <integer>;
         response-policy { zone <quoted_string> [ policy ( given | disabled
             | passthru | no-op | drop | tcp-only | nxdomain | nodata |
@@ -526,7 +545,7 @@ view <string> [ <class> ] {
                 query-source-v6 <querysource6>;
                 request-ixfr <boolean>;
                 request-nsid <boolean>;
-                request-sit <boolean>; // not configured
+                request-sit <boolean>; // not configured, experimental
                 support-ixfr <boolean>; // obsolete
                 tcp-only <boolean>;
                 transfer-format ( many-answers | one-answer );
@@ -535,7 +554,7 @@ view <string> [ <class> ] {
                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
                     <integer> | * ) ] [ dscp <integer> ];
                 transfers <integer>;
-        };
+        }; // may occur multiple times
         sig-signing-nodes <integer>;
         sig-signing-signatures <integer>;
         sig-signing-type <integer>;
@@ -548,9 +567,10 @@ view <string> [ <class> ] {
             dscp <integer> ];
         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
             ] [ dscp <integer> ];
-        trust-anchor-telemetry <boolean>;
-        trusted-keys { <string> <integer> <integer> <integer>
-            <quoted_string>; ... };
+        trust-anchor-telemetry <boolean>; // experimental
+        trusted-keys { <string> <integer>
+            <integer> <integer> <quoted_string>;
+            ... }; // may occur multiple times
         try-tcp-refresh <boolean>;
         update-check-ksk <boolean>;
         use-alt-transfer-source <boolean>;
@@ -611,6 +631,7 @@ view <string> [ <class> ] {
                 max-ixfr-log-size ( unlimited | default |
                     <sizeval> ); // obsolete
                 max-journal-size <size_no_default>;
+                max-records <integer>;
                 max-refresh-time <integer>;
                 max-retry-time <integer>;
                 max-transfer-idle-in <integer>;
@@ -629,8 +650,10 @@ view <string> [ <class> ] {
                     | * ) ] [ dscp <integer> ];
                 notify-to-soa <boolean>;
                 nsec3-test-zone <boolean>; // test only
-                pubkey <integer> <integer> <integer>
-                    <quoted_string>; // obsolete
+                pubkey <integer>
+                    <integer>
+                    <integer>
+                    <quoted_string>; // obsolete, may occur multiple times
                 request-ixfr <boolean>;
                 serial-update-method ( increment | unixtime );
                 server-addresses { ( <ipv4_address> | <ipv6_address> ) [
@@ -656,9 +679,9 @@ view <string> [ <class> ] {
                 use-alt-transfer-source <boolean>;
                 zero-no-soa-ttl <boolean>;
                 zone-statistics ( full | terse | none | <boolean> );
-        };
+        }; // may occur multiple times
         zone-statistics ( full | terse | none | <boolean> );
-};
+}; // may occur multiple times
 
 zone <string> [ <class> ] {
         allow-notify { <address_match_element>; ... };
@@ -710,6 +733,7 @@ zone <string> [ <class> ] {
             <integer> ] ) [ key <string> ]; ... };
         max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
+        max-records <integer>;
         max-refresh-time <integer>;
         max-retry-time <integer>;
         max-transfer-idle-in <integer>;
@@ -728,7 +752,8 @@ zone <string> [ <class> ] {
             [ dscp <integer> ];
         notify-to-soa <boolean>;
         nsec3-test-zone <boolean>; // test only
-        pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
+        pubkey <integer> <integer>
+            <integer> <quoted_string>; // obsolete, may occur multiple times
         request-ixfr <boolean>;
         serial-update-method ( increment | unixtime );
         server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
@@ -753,5 +778,5 @@ zone <string> [ <class> ] {
         use-alt-transfer-source <boolean>;
         zero-no-soa-ttl <boolean>;
         zone-statistics ( full | terse | none | <boolean> );
-};
+}; // may occur multiple times