--- /srv/reproducible-results/rbuild-debian/r-b-build.B9woKRV2/b1/bind9_9.19.21-1_amd64.changes +++ /srv/reproducible-results/rbuild-debian/r-b-build.B9woKRV2/b2/bind9_9.19.21-1_amd64.changes ├── Files │ @@ -1,13 +1,13 @@ │ │ 1e40186e5233f349e0ef2cbbf67080ab 659368 debug optional bind9-dbgsym_9.19.21-1_amd64.deb │ 8c800fa4edba8cfda764a6d2ba6c8433 546284 devel optional bind9-dev_9.19.21-1_amd64.deb │ 173e0286bddaf8c582826f1e6ee8bbeb 424504 debug optional bind9-dnsutils-dbgsym_9.19.21-1_amd64.deb │ 79286ed25596a622d1986e893630134d 422348 net standard bind9-dnsutils_9.19.21-1_amd64.deb │ - d9e4a558f1c8c847cb2ea342282168c8 3488992 doc optional bind9-doc_9.19.21-1_all.deb │ + 372aa995e25b014527f03fa84f9fbf0b 3488992 doc optional bind9-doc_9.19.21-1_all.deb │ 6a0446af60507274dd3d0ccdc55722dd 104212 debug optional bind9-host-dbgsym_9.19.21-1_amd64.deb │ d77b4de86ff62741f6e9c77923a54630 313976 net standard bind9-host_9.19.21-1_amd64.deb │ 1e3cf96682094158ece3752c6b2d575a 3864152 debug optional bind9-libs-dbgsym_9.19.21-1_amd64.deb │ ec97340a6e3db36697eb0f6694fd4a0e 1421404 libs standard bind9-libs_9.19.21-1_amd64.deb │ 64a7f9028b49c2df57940e4c10351297 410864 debug optional bind9-utils-dbgsym_9.19.21-1_amd64.deb │ 6b9635405a9c2f658128909746c153a4 420824 net optional bind9-utils_9.19.21-1_amd64.deb │ a4d230d3942257cacb7cfb93f49ddf3a 505044 net optional bind9_9.19.21-1_amd64.deb ├── bind9-doc_9.19.21-1_all.deb │ ├── control.tar.xz │ │ ├── control.tar │ │ │ ├── ./md5sums │ │ │ │ ├── ./md5sums │ │ │ │ │┄ Files differ │ ├── data.tar.xz │ │ ├── data.tar │ │ │ ├── ./usr/share/doc/bind9-doc/arm/reference.html │ │ │ │ @@ -2123,15 +2123,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ statistics-file
│ │ │ │

Grammar: statistics-file <quoted_string>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: logging, server

│ │ │ │ +

Tags: server, logging

│ │ │ │

Specifies the pathname of the file where the server appends statistics, when using rndc stats.

│ │ │ │

│ │ │ │

This is the pathname of the file the server appends statistics to, when │ │ │ │ instructed to do so using rndc stats. If not specified, the │ │ │ │ default is named.stats in the server’s current directory. The │ │ │ │ format of the file is described in The Statistics File.

│ │ │ │
│ │ │ │ @@ -2203,53 +2203,53 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ port
│ │ │ │

Grammar: port <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.

│ │ │ │

│ │ │ │

This is the UDP/TCP port number the server uses to receive and send DNS │ │ │ │ protocol traffic. The default is 53. This option is mainly intended │ │ │ │ for server testing; a server using a port other than 53 is not │ │ │ │ able to communicate with the global DNS.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ tls-port
│ │ │ │

Grammar: tls-port <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.

│ │ │ │

│ │ │ │

This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-TLS protocol traffic. The default is 853.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ https-port
│ │ │ │

Grammar: https-port <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.

│ │ │ │

│ │ │ │

This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-HTTPS protocol traffic. The default is 443.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ http-port
│ │ │ │

Grammar: http-port <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.

│ │ │ │

│ │ │ │

This is the TCP port number the server uses to receive and send │ │ │ │ unencrypted DNS traffic via HTTP (a configuration that may be useful │ │ │ │ when encryption is handled by third-party software or by a reverse │ │ │ │ proxy).

│ │ │ │
│ │ │ │ @@ -2530,15 +2530,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ ipv4only-server
│ │ │ │

Grammar: ipv4only-server <string>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64.

│ │ │ │

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ ipv4only-contact
│ │ │ │ @@ -2708,15 +2708,15 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ zone-statistics
│ │ │ │

Grammar: zone-statistics ( full | terse | none | <boolean> );

│ │ │ │

Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)

│ │ │ │ -

Tags: zone, logging

│ │ │ │ +

Tags: logging, zone

│ │ │ │

Controls the level of statistics gathered for all zones.

│ │ │ │

│ │ │ │

If full, the server collects statistical data on all zones, │ │ │ │ unless specifically turned off on a per-zone basis by specifying │ │ │ │ zone-statistics terse or zone-statistics none in the zone │ │ │ │ statement. The statistical data includes, for example, DNSSEC signing │ │ │ │ operations and the number of authoritative answers per query type. The │ │ │ │ @@ -2755,15 +2755,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ allow-new-zones
│ │ │ │

Grammar: allow-new-zones <boolean>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Controls the ability to add zones at runtime via rndc addzone.

│ │ │ │

│ │ │ │

If yes, then zones can be added at runtime via rndc addzone. │ │ │ │ The default is no.

│ │ │ │

Newly added zones’ configuration parameters are stored so that they │ │ │ │ can persist after the server is restarted. The configuration │ │ │ │ information is saved in a file called viewname.nzf (or, if │ │ │ │ @@ -2792,15 +2792,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ memstatistics
│ │ │ │

Grammar: memstatistics <boolean>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: logging, server

│ │ │ │ +

Tags: server, logging

│ │ │ │

Controls whether memory statistics are written to the file specified by memstatistics-file at exit.

│ │ │ │

│ │ │ │

This writes memory statistics to the file specified by │ │ │ │ memstatistics-file at exit. The default is no unless -m │ │ │ │ record is specified on the command line, in which case it is yes.

│ │ │ │
│ │ │ │ │ │ │ │ @@ -3193,15 +3193,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ stale-answer-enable
│ │ │ │

Grammar: stale-answer-enable <boolean>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Enables the returning of “stale” cached answers when the name servers for a zone are not answering.

│ │ │ │

│ │ │ │

If yes, enable the returning of “stale” cached answers when the name │ │ │ │ servers for a zone are not answering and the stale-cache-enable option is │ │ │ │ also enabled. The default is not to return stale answers.

│ │ │ │

Stale answers can also be enabled or disabled at runtime via │ │ │ │ rndc serve-stale on or rndc serve-stale off; these override │ │ │ │ @@ -3216,15 +3216,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ stale-answer-client-timeout
│ │ │ │

Grammar: stale-answer-client-timeout ( disabled | off | <integer> );

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Defines the amount of time (in milliseconds) that named waits before attempting to answer a query with a stale RRset from cache.

│ │ │ │

│ │ │ │

This option defines the amount of time (in milliseconds) that named │ │ │ │ waits before attempting to answer the query with a stale RRset from cache. │ │ │ │ If a stale answer is found, named continues the ongoing fetches, │ │ │ │ attempting to refresh the RRset in cache until the │ │ │ │ resolver-query-timeout interval is reached.

│ │ │ │ @@ -3239,26 +3239,26 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ stale-cache-enable
│ │ │ │

Grammar: stale-cache-enable <boolean>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Enables the retention of “stale” cached answers.

│ │ │ │

│ │ │ │

If yes, enable the retaining of “stale” cached answers. Default no.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ stale-refresh-time
│ │ │ │

Grammar: stale-refresh-time <duration>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Sets the time window for the return of “stale” cached answers before the next attempt to contact, if the name servers for a given zone are not responding.

│ │ │ │

│ │ │ │

If the name servers for a given zone are not answering, this sets the time │ │ │ │ window for which named will promptly return “stale” cached answers for │ │ │ │ that RRSet being requested before a new attempt in contacting the servers │ │ │ │ is made. For convenience, TTL-style time-unit suffixes may be used to │ │ │ │ specify the value. It also accepts ISO 8601 duration formats.

│ │ │ │ @@ -3544,15 +3544,15 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ querylog
│ │ │ │

Grammar: querylog <boolean>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: logging, server

│ │ │ │ +

Tags: server, logging

│ │ │ │

Specifies whether query logging should be active when named first starts.

│ │ │ │

│ │ │ │

Query logging provides a complete log of all incoming queries and all query │ │ │ │ errors. This provides more insight into the server’s activity, but with a │ │ │ │ cost to performance which may be significant on heavily loaded servers.

│ │ │ │

The querylog option specifies whether query logging should be active when │ │ │ │ named first starts. If querylog is not specified, then query logging │ │ │ │ @@ -3563,15 +3563,15 @@ │ │ │ │ │ │ │ │

│ │ │ │
│ │ │ │ check-names
│ │ │ │

Grammar zone (hint, mirror, primary, secondary, stub): check-names ( fail | warn | ignore );

│ │ │ │

Grammar options, view: check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times

│ │ │ │

Blocks: options, view, zone (hint, mirror, primary, secondary, stub)

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.

│ │ │ │

│ │ │ │

This option is used to restrict the character set and syntax of │ │ │ │ certain domain names in primary files and/or DNS responses received │ │ │ │ from the network. The default varies according to usage area. For │ │ │ │ type primary zones the default is fail. For type secondary zones the │ │ │ │ default is warn. For answers received from the network │ │ │ │ @@ -3715,28 +3715,28 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ zero-no-soa-ttl
│ │ │ │

Grammar: zero-no-soa-ttl <boolean>;

│ │ │ │

Blocks: options, view, zone (mirror, primary, secondary)

│ │ │ │ -

Tags: zone, query, server

│ │ │ │ +

Tags: server, zone, query

│ │ │ │

Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.

│ │ │ │

│ │ │ │

If yes, when returning authoritative negative responses to SOA queries, set │ │ │ │ the TTL of the SOA record returned in the authority section to zero. │ │ │ │ The default is yes.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ zero-no-soa-ttl-cache
│ │ │ │

Grammar: zero-no-soa-ttl-cache <boolean>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: zone, query, server

│ │ │ │ +

Tags: server, zone, query

│ │ │ │

Sets the time to live (TTL) to zero when caching a negative response to an SOA query.

│ │ │ │

│ │ │ │

If yes, when caching a negative response to an SOA query set the TTL to zero. │ │ │ │ The default is no.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ @@ -4045,15 +4045,15 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ allow-recursion-on
│ │ │ │

Grammar: allow-recursion-on { <address_match_element>; ... };

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies which local addresses can accept recursive queries.

│ │ │ │

│ │ │ │

This specifies which local addresses can accept recursive queries. If │ │ │ │ allow-recursion-on is not set, then allow-query-cache-on is │ │ │ │ used if set; otherwise, the default is to allow recursive queries on │ │ │ │ all addresses. Any client permitted to send recursive queries can │ │ │ │ send them to any address on which named is listening. Note: both │ │ │ │ @@ -4628,30 +4628,30 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ notify-rate
│ │ │ │

Grammar: notify-rate <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: transfer, zone

│ │ │ │ +

Tags: zone, transfer

│ │ │ │

Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.

│ │ │ │

│ │ │ │

This specifies the rate at which NOTIFY requests are sent during normal zone │ │ │ │ maintenance operations. (NOTIFY requests due to initial zone loading │ │ │ │ are subject to a separate rate limit; see below.) The default is 20 │ │ │ │ per second. The lowest possible rate is one per second; when set to │ │ │ │ zero, it is silently raised to one.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ startup-notify-rate
│ │ │ │

Grammar: startup-notify-rate <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: transfer, zone

│ │ │ │ +

Tags: zone, transfer

│ │ │ │

Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.

│ │ │ │

│ │ │ │

This is the rate at which NOTIFY requests are sent when the name server │ │ │ │ is first starting up, or when zones have been newly added to the │ │ │ │ name server. The default is 20 per second. The lowest possible rate is │ │ │ │ one per second; when set to zero, it is silently raised to one.

│ │ │ │
│ │ │ │ @@ -4880,15 +4880,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ max-records
│ │ │ │

Grammar: max-records <integer>;

│ │ │ │

Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Sets the maximum number of records permitted in a zone.

│ │ │ │

│ │ │ │

This sets the maximum number of records permitted in a zone. The default is │ │ │ │ zero, which means the maximum is unlimited.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ @@ -4999,15 +4999,15 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ fetches-per-zone
│ │ │ │

Grammar: fetches-per-zone <integer> [ ( drop | fail ) ];

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.

│ │ │ │

│ │ │ │

This sets the maximum number of simultaneous iterative queries to any one │ │ │ │ domain that the server permits before blocking new queries for │ │ │ │ data in or beneath that zone. This value should reflect how many │ │ │ │ fetches would normally be sent to any one zone in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5037,15 +5037,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ fetches-per-server
│ │ │ │

Grammar: fetches-per-server <integer> [ ( drop | fail ) ];

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.

│ │ │ │

│ │ │ │

This sets the maximum number of simultaneous iterative queries that the server │ │ │ │ allows to be sent to a single upstream name server before │ │ │ │ blocking additional queries. This value should reflect how many │ │ │ │ fetches would normally be sent to any one server in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5070,15 +5070,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ fetch-quota-params
│ │ │ │

Grammar: fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Sets the parameters for dynamic resizing of the fetches-per-server quota in response to detected congestion.

│ │ │ │

│ │ │ │

This sets the parameters to use for dynamic resizing of the │ │ │ │ fetches-per-server quota in response to detected congestion.

│ │ │ │

The first argument is an integer value indicating how frequently to │ │ │ │ recalculate the moving average of the ratio of timeouts to responses │ │ │ │ for each server. The default is 100, meaning that BIND recalculates the │ │ │ │ @@ -5166,15 +5166,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ tcp-initial-timeout
│ │ │ │

Grammar: tcp-initial-timeout <integer>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.

│ │ │ │

│ │ │ │

This sets the amount of time (in units of 100 milliseconds) that the server waits on │ │ │ │ a new TCP connection for the first message from the client. The │ │ │ │ default is 300 (30 seconds), the minimum is 25 (2.5 seconds), and the │ │ │ │ maximum is 1200 (two minutes). Values above the maximum or below the │ │ │ │ minimum are adjusted with a logged warning. (Note: this value │ │ │ │ @@ -5837,15 +5837,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ masterfile-format
│ │ │ │

Grammar: masterfile-format ( raw | text );

│ │ │ │

Blocks: options, view, zone (mirror, primary, redirect, secondary, stub)

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Specifies the file format of zone files.

│ │ │ │

│ │ │ │

This specifies the file format of zone files (see Additional File Formats │ │ │ │ for details). The default value is text, which is the standard │ │ │ │ textual representation, except for secondary zones, in which the default │ │ │ │ value is raw. Files in formats other than text are typically │ │ │ │ expected to be generated by the named-compilezone tool, or dumped by │ │ │ │ @@ -5900,28 +5900,28 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ max-recursion-queries
│ │ │ │

Grammar: max-recursion-queries <integer>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Sets the maximum number of iterative queries while servicing a recursive query.

│ │ │ │

│ │ │ │

This sets the maximum number of iterative queries that may be sent while │ │ │ │ servicing a recursive query. If more queries are sent, the recursive │ │ │ │ query is terminated and returns SERVFAIL. The default is 100.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ notify-delay
│ │ │ │

Grammar: notify-delay <integer>;

│ │ │ │

Blocks: options, view, zone (mirror, primary, secondary)

│ │ │ │ -

Tags: transfer, zone

│ │ │ │ +

Tags: zone, transfer

│ │ │ │

Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.

│ │ │ │

│ │ │ │

This sets the delay, in seconds, between sending sets of NOTIFY messages │ │ │ │ for a zone. Whenever a NOTIFY message is sent for a zone, a timer will │ │ │ │ be set for this duration. If the zone is updated again before the timer │ │ │ │ expires, the NOTIFY for that update will be postponed. The default is 5 │ │ │ │ seconds.

│ │ │ │ @@ -5968,15 +5968,15 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ v6-bias
│ │ │ │

Grammar: v6-bias <integer>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Indicates the number of milliseconds of preference to give to IPv6 name servers.

│ │ │ │

│ │ │ │

When determining the next name server to try, this indicates by how many │ │ │ │ milliseconds to prefer IPv6 name servers. The default is 50 │ │ │ │ milliseconds.

│ │ │ │
│ │ │ │ │ │ │ │ @@ -6245,50 +6245,50 @@ │ │ │ │ to deeper in the tree.

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ empty-server
│ │ │ │

Grammar: empty-server <string>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Specifies the server name in the returned SOA record for empty zones.

│ │ │ │

│ │ │ │

This specifies the server name that appears in the returned SOA record for │ │ │ │ empty zones. If none is specified, the zone’s name is used.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ empty-contact
│ │ │ │

Grammar: empty-contact <string>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Specifies the contact name in the returned SOA record for empty zones.

│ │ │ │

│ │ │ │

This specifies the contact name that appears in the returned SOA record for │ │ │ │ empty zones. If none is specified, “.” is used.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ empty-zones-enable
│ │ │ │

Grammar: empty-zones-enable <boolean>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Enables or disables all empty zones.

│ │ │ │

│ │ │ │

This enables or disables all empty zones. By default, they are enabled.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ disable-empty-zone
│ │ │ │

Grammar: disable-empty-zone <string>; // may occur multiple times

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: zone, server

│ │ │ │ +

Tags: server, zone

│ │ │ │

Disables individual empty zones.

│ │ │ │

│ │ │ │

This disables individual empty zones. By default, none are disabled. This │ │ │ │ option can be specified multiple times.

│ │ │ │
│ │ │ │ │ │ │ │ │ │ │ │ @@ -6399,15 +6399,15 @@ │ │ │ │ deny the existence of domains (NXDOMAIN), deny the existence of IP │ │ │ │ addresses for domains (NODATA), or contain other IP addresses or data.

│ │ │ │
│ │ │ │
│ │ │ │ response-policy
│ │ │ │

Grammar: response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: security, zone, query, server

│ │ │ │ +

Tags: server, zone, query, security

│ │ │ │

Specifies response policy zones for the view or among global options.

│ │ │ │

│ │ │ │

Response policy zones are named in the response-policy option for │ │ │ │ the view, or among the global options if there is no response-policy │ │ │ │ option for the view. Response policy zones are ordinary DNS zones │ │ │ │ containing RRsets that can be queried normally if allowed. It is usually │ │ │ │ best to restrict those queries with something like │ │ │ │ @@ -6607,42 +6607,42 @@ │ │ │ │ such as SERVFAIL to appear to be rewritten, since no recursion is being │ │ │ │ done to discover problems at the authoritative server.

│ │ │ │
│ │ │ │
│ │ │ │ dnsrps-enable
│ │ │ │

Grammar: dnsrps-enable <boolean>;

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Turns on the DNS Response Policy Service (DNSRPS) interface.

│ │ │ │

│ │ │ │

The dnsrps-enable yes option turns on the DNS Response Policy Service │ │ │ │ (DNSRPS) interface, if it has been compiled in named using │ │ │ │ configure --enable-dnsrps.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ dnsrps-library
│ │ │ │

Grammar: dnsrps-library <quoted_string>;

│ │ │ │

Blocks: options

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Turns on the DNS Response Policy Service (DNSRPS) interface.

│ │ │ │

│ │ │ │

This option specifies the path to the DNSRPS provider library. Typically │ │ │ │ this library is detected when building with configure --enable-dnsrps │ │ │ │ and does not need to be specified in named.conf; the option exists │ │ │ │ to override the default library for testing purposes.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ dnsrps-options
│ │ │ │

Grammar: dnsrps-options { <unspecified-text> };

│ │ │ │

Blocks: options, view

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.

│ │ │ │

│ │ │ │

The block provides additional RPZ configuration │ │ │ │ settings, which are passed through to the DNSRPS provider library. │ │ │ │ Multiple DNSRPS settings in an dnsrps-options string should be │ │ │ │ separated with semi-colons (;). The DNSRPS provider library is passed a │ │ │ │ configuration string consisting of the dnsrps-options text, │ │ │ │ @@ -7272,15 +7272,15 @@ │ │ │ │ option.

│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ keys
│ │ │ │

Blocks: dnssec-policy, server, view.server

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Specifies one or more server_key s to be used with a remote server.

│ │ │ │

│ │ │ │
│ │ │ │

Warning

│ │ │ │

Not to be confused with keys in dnssec-policy specification. │ │ │ │ Although statements with the same name exist in both contexts, they refer │ │ │ │ to fundamentally incompatible concepts.

│ │ │ │ @@ -7434,43 +7434,43 @@ │ │ │ │

tls can only be set at the top level of named.conf.

│ │ │ │

The following options can be specified in a tls statement:

│ │ │ │
│ │ │ │
│ │ │ │ key-file
│ │ │ │

Grammar: key-file <quoted_string>;

│ │ │ │

Blocks: tls

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Specifies the path to a file containing the private TLS key for a connection.

│ │ │ │

│ │ │ │
│ │ │ │

Path to a file containing the private TLS key to be used for │ │ │ │ the connection.

│ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ cert-file
│ │ │ │

Grammar: cert-file <quoted_string>;

│ │ │ │

Blocks: tls

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Specifies the path to a file containing the TLS certificate for a connection.

│ │ │ │

│ │ │ │
│ │ │ │

Path to a file containing the TLS certificate to be used for │ │ │ │ the connection.

│ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ ca-file
│ │ │ │

Grammar: ca-file <quoted_string>;

│ │ │ │

Blocks: tls

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.

│ │ │ │

│ │ │ │
│ │ │ │

Path to a file containing trusted CA authorities’ TLS │ │ │ │ certificates used to verify remote peer certificates. Specifying │ │ │ │ this option enables remote peer certificates’ verification. For │ │ │ │ incoming connections, specifying this option makes BIND require │ │ │ │ @@ -7481,15 +7481,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ dhparam-file
│ │ │ │

Grammar: dhparam-file <quoted_string>;

│ │ │ │

Blocks: tls

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.

│ │ │ │

│ │ │ │
│ │ │ │

Path to a file containing Diffie-Hellman parameters, │ │ │ │ which is needed to enable the cipher suites depending on the │ │ │ │ Diffie-Hellman ephemeral key exchange (DHE). Having these parameters │ │ │ │ specified is essential for enabling perfect forward secrecy capable │ │ │ │ @@ -7550,15 +7550,15 @@ │ │ │ │

│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ prefer-server-ciphers
│ │ │ │

Grammar: prefer-server-ciphers <boolean>;

│ │ │ │

Blocks: tls

│ │ │ │ -

Tags: security, server

│ │ │ │ +

Tags: server, security

│ │ │ │

Specifies that server ciphers should be preferred over client ones.

│ │ │ │

│ │ │ │
│ │ │ │

Specifies that server ciphers should be preferred over client ones.

│ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │ @@ -7673,15 +7673,15 @@ │ │ │ │ listener-clients <integer>; │ │ │ │ streams-per-connection <integer>; │ │ │ │ }; // may occur multiple times │ │ │ │
│ │ │ │ │ │ │ │

│ │ │ │

Blocks: topmost

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.

│ │ │ │

│ │ │ │
│ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │

8.2.22. http Block Definition and Usage

│ │ │ │ @@ -7692,15 +7692,15 @@ │ │ │ │

http can only be set at the top level of named.conf.

│ │ │ │

The following options can be specified in an http statement:

│ │ │ │
│ │ │ │
│ │ │ │ endpoints
│ │ │ │

Grammar: endpoints { <quoted_string>; ... };

│ │ │ │

Blocks: http

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies a list of HTTP query paths on which to listen.

│ │ │ │

│ │ │ │
│ │ │ │

A list of HTTP query paths on which to listen. This is the portion │ │ │ │ of an RFC 3986-compliant URI following the hostname; it must be │ │ │ │ an absolute path, beginning with “/”. The default value │ │ │ │ is "/dns-query", if omitted.

│ │ │ │ @@ -7708,28 +7708,28 @@ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ listener-clients
│ │ │ │

Grammar: listener-clients <integer>;

│ │ │ │

Blocks: http

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies a per-listener quota for active connections.

│ │ │ │

│ │ │ │
│ │ │ │

The option specifies a per-listener quota for active connections.

│ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ streams-per-connection
│ │ │ │

Grammar: streams-per-connection <integer>;

│ │ │ │

Blocks: http

│ │ │ │ -

Tags: query, server

│ │ │ │ +

Tags: server, query

│ │ │ │

Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.

│ │ │ │

│ │ │ │
│ │ │ │

The option specifies the hard limit on the number of concurrent │ │ │ │ HTTP/2 streams over an HTTP/2 connection.

│ │ │ │
│ │ │ │
│ │ │ │ @@ -9506,15 +9506,15 @@ │ │ │ │ in-view <string>; │ │ │ │ }; │ │ │ │ │ │ │ │ │ │ │ │

│ │ │ │

Grammar zone (in-view): in-view <string>;

│ │ │ │

Blocks: zone, zone (in-view), view.zone

│ │ │ │ -

Tags: zone, view

│ │ │ │ +

Tags: view, zone

│ │ │ │

Specifies the view in which a given zone is defined.

│ │ │ │

│ │ │ │

When using multiple views, a type primary or type secondary zone configured │ │ │ │ in one view can be referenced in a subsequent view. This allows both views │ │ │ │ to use the same zone without the overhead of loading it more than once. This │ │ │ │ is configured using a zone statement, with an in-view option │ │ │ │ specifying the view in which the zone is defined. A zone statement │ │ │ │ @@ -10089,15 +10089,15 @@ │ │ │ │

Limits UDP responses of all kinds.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ allow-new-zones │ │ │ │

Controls the ability to add zones at runtime via rndc addzone.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ allow-notify │ │ │ │

Defines an address_match_list that is allowed to send NOTIFY messages for the zone, in addition to addresses defined in the primaries option for the zone.

│ │ │ │

│ │ │ │

transfer

│ │ │ │ │ │ │ │ allow-proxy │ │ │ │ @@ -10134,15 +10134,15 @@ │ │ │ │

Defines an address_match_list of clients that are allowed to perform recursive queries.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ allow-recursion-on │ │ │ │

Specifies which local addresses can accept recursive queries.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ allow-transfer │ │ │ │

Defines an address_match_list of hosts that are allowed to transfer the zone information from this server.

│ │ │ │

│ │ │ │

transfer

│ │ │ │ │ │ │ │ allow-update │ │ │ │ @@ -10214,15 +10214,15 @@ │ │ │ │

Controls flushing of log messages.

│ │ │ │

│ │ │ │

logging

│ │ │ │ │ │ │ │ ca-file │ │ │ │

Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ catalog-zones │ │ │ │

Configures catalog zones in named.conf.

│ │ │ │

│ │ │ │

zone

│ │ │ │ │ │ │ │ category │ │ │ │ @@ -10239,15 +10239,15 @@ │ │ │ │

Specifies the digest types to use for CDS resource records.

│ │ │ │

│ │ │ │

dnssec

│ │ │ │ │ │ │ │ cert-file │ │ │ │

Specifies the path to a file containing the TLS certificate for a connection.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ channel │ │ │ │

Defines a stream of data that can be independently logged.

│ │ │ │

│ │ │ │

logging

│ │ │ │ │ │ │ │ check-dup-records │ │ │ │ @@ -10269,15 +10269,15 @@ │ │ │ │

Sets the response to MX records that refer to CNAMEs.

│ │ │ │

│ │ │ │

zone

│ │ │ │ │ │ │ │ check-names │ │ │ │

Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ check-sibling │ │ │ │

Specifies whether to check for sibling glue when performing integrity checks.

│ │ │ │

│ │ │ │

zone

│ │ │ │ │ │ │ │ check-spf │ │ │ │ @@ -10349,15 +10349,15 @@ │ │ │ │

Rejects CNAME or DNAME records if the "alias" name matches a given list of domain_name elements.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ dhparam-file │ │ │ │

Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ dialup │ │ │ │

Concentrates zone maintenance so that all transfers take place once every heartbeat-interval, ideally during a single call.

│ │ │ │

│ │ │ │

deprecated

│ │ │ │ │ │ │ │ directory │ │ │ │ @@ -10374,15 +10374,15 @@ │ │ │ │

Disables DS digest types from a specified zone.

│ │ │ │

│ │ │ │

dnssec, zone

│ │ │ │ │ │ │ │ disable-empty-zone │ │ │ │

Disables individual empty zones.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ dlz │ │ │ │

Configures a Dynamically Loadable Zone (DLZ) database in named.conf.

│ │ │ │

│ │ │ │

zone

│ │ │ │ │ │ │ │ dns64 │ │ │ │ @@ -10408,25 +10408,25 @@ │ │ │ │

Specifies the time to live (TTL) for DNSKEY resource records.

│ │ │ │

│ │ │ │

dnssec

│ │ │ │ │ │ │ │ dnsrps-enable │ │ │ │

Turns on the DNS Response Policy Service (DNSRPS) interface.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ dnsrps-library │ │ │ │

Turns on the DNS Response Policy Service (DNSRPS) interface.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ dnsrps-options │ │ │ │

Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ dnssec-accept-expired │ │ │ │

Instructs BIND 9 to accept expired DNSSEC signatures when validating.

│ │ │ │

│ │ │ │

dnssec

│ │ │ │ │ │ │ │ dnssec-dnskey-kskonly │ │ │ │ @@ -10510,30 +10510,30 @@ │ │ │ │

Sets the maximum EDNS VERSION that is sent to the server(s) by the resolver.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ empty-contact │ │ │ │

Specifies the contact name in the returned SOA record for empty zones.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ empty-server │ │ │ │

Specifies the server name in the returned SOA record for empty zones.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ empty-zones-enable │ │ │ │

Enables or disables all empty zones.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ endpoints │ │ │ │

Specifies a list of HTTP query paths on which to listen.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ errors-per-second │ │ │ │

Limits the number of errors for a valid domain name and record type.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ exclude │ │ │ │ @@ -10545,25 +10545,25 @@ │ │ │ │

Exempts specific clients or client groups from rate limiting.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ fetch-quota-params │ │ │ │

Sets the parameters for dynamic resizing of the fetches-per-server quota in response to detected congestion.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ fetches-per-server │ │ │ │

Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ fetches-per-zone │ │ │ │

Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ file │ │ │ │

Specifies the zone's filename.

│ │ │ │

│ │ │ │

zone

│ │ │ │ │ │ │ │ flush-zones-on-shutdown │ │ │ │ @@ -10630,40 +10630,40 @@ │ │ │ │

Specifies the hostname of the server to return in response to a hostname.bind query.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ http │ │ │ │

Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ http-listener-clients │ │ │ │

Limits the number of active concurrent connections on a per-listener basis.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ http-port │ │ │ │

Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ http-streams-per-connection │ │ │ │

Limits the number of active concurrent HTTP/2 streams on a per-connection basis.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ https-port │ │ │ │

Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ in-view │ │ │ │

Specifies the view in which a given zone is defined.

│ │ │ │

│ │ │ │ -

zone, view

│ │ │ │ +

view, zone

│ │ │ │ │ │ │ │ inet │ │ │ │

Specifies a TCP socket as a control channel.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ inline-signing │ │ │ │ @@ -10690,15 +10690,15 @@ │ │ │ │

Enables automatic IPv4 zones if a dns64 block is configured.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ ipv4only-server │ │ │ │

Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ ipv6-prefix-length │ │ │ │

Specifies the prefix lengths of IPv6 address blocks.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ ixfr-from-differences │ │ │ │ @@ -10720,20 +10720,20 @@ │ │ │ │

Indicates the directory where public and private DNSSEC key files are found.

│ │ │ │

│ │ │ │

dnssec

│ │ │ │ │ │ │ │ key-file │ │ │ │

Specifies the path to a file containing the private TLS key for a connection.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ keys │ │ │ │

Specifies one or more server_key s to be used with a remote server.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ lame-ttl │ │ │ │

Sets the resolver's lame cache.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ listen-on │ │ │ │ @@ -10745,15 +10745,15 @@ │ │ │ │

Specifies the IPv6 addresses on which a server listens for DNS queries.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ listener-clients │ │ │ │

Specifies a per-listener quota for active connections.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ lmdb-mapsize │ │ │ │

Sets a maximum size for the memory map of the new-zone database in LMDB database format.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ log-only │ │ │ │ @@ -10779,15 +10779,15 @@ │ │ │ │

Specifies an access control list (ACL) of IPv4 addresses that are to be mapped to the corresponding A RRset in dns64.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ masterfile-format │ │ │ │

Specifies the file format of zone files.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ masterfile-style │ │ │ │

Specifies the format of zone files during a dump, when the masterfile-format is text.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ match-clients │ │ │ │ @@ -10839,25 +10839,25 @@ │ │ │ │

Specifies the maximum retention time (in seconds) for storage of negative answers in the server's cache.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ max-records │ │ │ │

Sets the maximum number of records permitted in a zone.

│ │ │ │

│ │ │ │ -

zone, server

│ │ │ │ +

server, zone

│ │ │ │ │ │ │ │ max-recursion-depth │ │ │ │

Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ max-recursion-queries │ │ │ │

Sets the maximum number of iterative queries while servicing a recursive query.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ max-refresh-time │ │ │ │

Limits the zone refresh interval to no less often than the specified value, in seconds.

│ │ │ │

│ │ │ │

transfer

│ │ │ │ │ │ │ │ max-retry-time │ │ │ │ @@ -10919,15 +10919,15 @@ │ │ │ │

Specifies a maximum permissible time-to-live (TTL) value, in seconds.

│ │ │ │

│ │ │ │

deprecated

│ │ │ │ │ │ │ │ memstatistics │ │ │ │

Controls whether memory statistics are written to the file specified by memstatistics-file at exit.

│ │ │ │

│ │ │ │ -

logging, server

│ │ │ │ +

server, logging

│ │ │ │ │ │ │ │ memstatistics-file │ │ │ │

Sets the pathname of the file where the server writes memory usage statistics on exit.

│ │ │ │

│ │ │ │

logging

│ │ │ │ │ │ │ │ message-compression │ │ │ │ @@ -10999,20 +10999,20 @@ │ │ │ │

Controls whether NOTIFY messages are sent on zone changes.

│ │ │ │

│ │ │ │

transfer

│ │ │ │ │ │ │ │ notify-delay │ │ │ │

Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.

│ │ │ │

│ │ │ │ -

transfer, zone

│ │ │ │ +

zone, transfer

│ │ │ │ │ │ │ │ notify-rate │ │ │ │

Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.

│ │ │ │

│ │ │ │ -

transfer, zone

│ │ │ │ +

zone, transfer

│ │ │ │ │ │ │ │ notify-source │ │ │ │

Defines the IPv4 address (and optional port) to be used for outgoing NOTIFY messages.

│ │ │ │

│ │ │ │

transfer

│ │ │ │ │ │ │ │ notify-source-v6 │ │ │ │ @@ -11099,20 +11099,20 @@ │ │ │ │

Configures plugins in named.conf.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ port │ │ │ │

Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ prefer-server-ciphers │ │ │ │

Specifies that server ciphers should be preferred over client ones.

│ │ │ │

│ │ │ │ -

security, server

│ │ │ │ +

server, security

│ │ │ │ │ │ │ │ preferred-glue │ │ │ │

Controls the order of glue records in an A or AAAA response.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ prefetch │ │ │ │ @@ -11179,15 +11179,15 @@ │ │ │ │

Controls the IPv6 address from which queries are issued.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ querylog │ │ │ │

Specifies whether query logging should be active when named first starts.

│ │ │ │

│ │ │ │ -

logging, server

│ │ │ │ +

server, logging

│ │ │ │ │ │ │ │ rate-limit │ │ │ │

Controls excessive UDP responses, to prevent BIND 9 from being used to amplify reflection denial-of-service (DoS) attacks.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ recursing-file │ │ │ │ @@ -11259,15 +11259,15 @@ │ │ │ │

Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ response-policy │ │ │ │

Specifies response policy zones for the view or among global options.

│ │ │ │

│ │ │ │ -

security, zone, query, server

│ │ │ │ +

server, zone, query, security

│ │ │ │ │ │ │ │ responses-per-second │ │ │ │

Limits the number of non-empty responses for a valid domain name and record type.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ retire-safety │ │ │ │ @@ -11413,60 +11413,60 @@ │ │ │ │

Controls the ordering of RRs returned to the client, based on the client's IP address.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ stale-answer-client-timeout │ │ │ │

Defines the amount of time (in milliseconds) that named waits before attempting to answer a query with a stale RRset from cache.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ stale-answer-enable │ │ │ │

Enables the returning of "stale" cached answers when the name servers for a zone are not answering.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ stale-answer-ttl │ │ │ │

Specifies the time to live (TTL) to be returned on stale answers, in seconds.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ stale-cache-enable │ │ │ │

Enables the retention of "stale" cached answers.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ stale-refresh-time │ │ │ │

Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ startup-notify-rate │ │ │ │

Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.

│ │ │ │

│ │ │ │ -

transfer, zone

│ │ │ │ +

zone, transfer

│ │ │ │ │ │ │ │ statistics-channels │ │ │ │

Specifies the communication channels to be used by system administrators to access statistics information on the name server.

│ │ │ │

│ │ │ │

logging

│ │ │ │ │ │ │ │ statistics-file │ │ │ │

Specifies the pathname of the file where the server appends statistics, when using rndc stats.

│ │ │ │

│ │ │ │ -

logging, server

│ │ │ │ +

server, logging

│ │ │ │ │ │ │ │ stderr │ │ │ │

Directs the logging channel output to the server's standard error stream.

│ │ │ │

│ │ │ │

logging

│ │ │ │ │ │ │ │ streams-per-connection │ │ │ │

Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ suffix │ │ │ │

Defines trailing bits for mapped IPv4 address bits in dns64.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ synth-from-dnssec │ │ │ │ @@ -11493,15 +11493,15 @@ │ │ │ │

Sets the amount of time (in milliseconds) that the server waits on an idle TCP connection before closing it, if the EDNS TCP keepalive option is not in use.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ tcp-initial-timeout │ │ │ │

Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ tcp-keepalive │ │ │ │

Adds EDNS TCP keepalive to messages sent over TCP.

│ │ │ │

│ │ │ │

server

│ │ │ │ │ │ │ │ tcp-keepalive-timeout │ │ │ │ @@ -11548,15 +11548,15 @@ │ │ │ │

Configures a TLS connection.

│ │ │ │

│ │ │ │

security

│ │ │ │ │ │ │ │ tls-port │ │ │ │

Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ transfer-format │ │ │ │

Controls whether multiple records can be packed into a message during zone transfers.

│ │ │ │

│ │ │ │

transfer

│ │ │ │ │ │ │ │ transfer-message-size │ │ │ │ @@ -11696,15 +11696,15 @@ │ │ │ │

Specifies a list of ports that are valid sources for UDP/IPv6 messages.

│ │ │ │

│ │ │ │

deprecated

│ │ │ │ │ │ │ │ v6-bias │ │ │ │

Indicates the number of milliseconds of preference to give to IPv6 name servers.

│ │ │ │

│ │ │ │ -

query, server

│ │ │ │ +

server, query

│ │ │ │ │ │ │ │ validate-except │ │ │ │

Specifies a list of domain names at and beneath which DNSSEC validation should not be performed.

│ │ │ │

│ │ │ │

dnssec

│ │ │ │ │ │ │ │ version │ │ │ │ @@ -11721,35 +11721,35 @@ │ │ │ │

Specifies the length of time during which responses are tracked.

│ │ │ │

│ │ │ │

query

│ │ │ │ │ │ │ │ zero-no-soa-ttl │ │ │ │

Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.

│ │ │ │

│ │ │ │ -

zone, query, server

│ │ │ │ +

server, zone, query

│ │ │ │ │ │ │ │ zero-no-soa-ttl-cache │ │ │ │

Sets the time to live (TTL) to zero when caching a negative response to an SOA query.

│ │ │ │

│ │ │ │ -

zone, query, server

│ │ │ │ +

server, zone, query

│ │ │ │ │ │ │ │ zone │ │ │ │

Specifies the zone in a BIND 9 configuration.

│ │ │ │

│ │ │ │

zone

│ │ │ │ │ │ │ │ zone-propagation-delay │ │ │ │

Sets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.

│ │ │ │

│ │ │ │

dnssec, zone

│ │ │ │ │ │ │ │ zone-statistics │ │ │ │

Controls the level of statistics gathered for all zones.

│ │ │ │

│ │ │ │ -

zone, logging

│ │ │ │ +

logging, zone

│ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │

8.4. Statements by Tag

│ │ │ │

These tables group the various statements permissible in named.conf by │ │ │ │ ├── html2text {} │ │ │ │ │ @@ -2364,1178 +2364,1178 @@ │ │ │ │ │ _Z_o_n_e_ _T_a_g_ _S_t_a_t_e_m_e_n_t_s relate to or control zone behavior, and typically only │ │ │ │ │ appear in a zone block. │ │ │ │ │ _D_e_p_r_e_c_a_t_e_d_ _T_a_g_ _S_t_a_t_e_m_e_n_t_s are those that are now deprecated, but are included │ │ │ │ │ here for historical reference. │ │ │ │ │ The following table lists all statements permissible in named.conf, with their │ │ │ │ │ associated tags; the next section groups the statements by tag. Please note │ │ │ │ │ that these sections are a work in progress. │ │ │ │ │ -SSttaatteemmeenntt DDeessccrriippttiioonn TTaaggss │ │ │ │ │ -_a_c_l Assigns a symbolic name to server │ │ │ │ │ - an address match list. │ │ │ │ │ -_a_l_g_o_r_i_t_h_m Defines the algorithm to be security │ │ │ │ │ - used in a key clause. │ │ │ │ │ -_a_l_l_-_p_e_r_-_s_e_c_o_n_d Limits UDP responses of all query │ │ │ │ │ - kinds. │ │ │ │ │ - Controls the ability to add │ │ │ │ │ -_a_l_l_o_w_-_n_e_w_-_z_o_n_e_s zones at runtime via _r_n_d_c zone, server │ │ │ │ │ - _a_d_d_z_o_n_e. │ │ │ │ │ - Defines an │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t that is │ │ │ │ │ - allowed to send NOTIFY │ │ │ │ │ -_a_l_l_o_w_-_n_o_t_i_f_y messages for the zone, in transfer │ │ │ │ │ - addition to addresses │ │ │ │ │ - defined in the _p_r_i_m_a_r_i_e_s │ │ │ │ │ - option for the zone. │ │ │ │ │ - Defines an │ │ │ │ │ -_a_l_l_o_w_-_p_r_o_x_y _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the server │ │ │ │ │ - client addresses allowed to │ │ │ │ │ - send PROXYv2 headers. │ │ │ │ │ - Defines an │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the │ │ │ │ │ - interface addresses allowed │ │ │ │ │ -_a_l_l_o_w_-_p_r_o_x_y_-_o_n to accept PROXYv2 headers. server │ │ │ │ │ - The option is mostly │ │ │ │ │ - intended for multi-homed │ │ │ │ │ - configurations. │ │ │ │ │ - Specifies which hosts (an IP │ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y address list) are allowed to query │ │ │ │ │ - send queries to this │ │ │ │ │ - resolver. │ │ │ │ │ - Specifies which hosts (an IP │ │ │ │ │ - address list) can access │ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e this server's cache and thus query │ │ │ │ │ - effectively controls │ │ │ │ │ - recursion. │ │ │ │ │ - Specifies which hosts (an IP │ │ │ │ │ - address list) can access │ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e_-_o_n this server's cache. Used on query │ │ │ │ │ - servers with multiple │ │ │ │ │ - interfaces. │ │ │ │ │ - Specifies which local │ │ │ │ │ - addresses (an IP address │ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_o_n list) are allowed to send query │ │ │ │ │ - queries to this resolver. │ │ │ │ │ - Used in multi-homed │ │ │ │ │ - configurations. │ │ │ │ │ - Defines an │ │ │ │ │ -_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of query │ │ │ │ │ - clients that are allowed to │ │ │ │ │ - perform recursive queries. │ │ │ │ │ - Specifies which local │ │ │ │ │ -_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n_-_o_n addresses can accept query, server │ │ │ │ │ - recursive queries. │ │ │ │ │ - Defines an │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ -_a_l_l_o_w_-_t_r_a_n_s_f_e_r that are allowed to transfer transfer │ │ │ │ │ - the zone information from │ │ │ │ │ - this server. │ │ │ │ │ - Defines an │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ -_a_l_l_o_w_-_u_p_d_a_t_e that are allowed to submit transfer │ │ │ │ │ - dynamic updates for primary │ │ │ │ │ - zones. │ │ │ │ │ - Defines an │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ -_a_l_l_o_w_-_u_p_d_a_t_e_-_f_o_r_w_a_r_d_i_n_g that are allowed to submit transfer │ │ │ │ │ - dynamic updates to a │ │ │ │ │ - secondary server for │ │ │ │ │ - transmission to a primary. │ │ │ │ │ - Defines one or more hosts │ │ │ │ │ -_a_l_s_o_-_n_o_t_i_f_y that are sent NOTIFY transfer │ │ │ │ │ - messages when zone changes │ │ │ │ │ - occur. │ │ │ │ │ - Controls whether COOKIE EDNS │ │ │ │ │ -_a_n_s_w_e_r_-_c_o_o_k_i_e replies are sent in response query │ │ │ │ │ - to client queries. │ │ │ │ │ - Allows multiple views to │ │ │ │ │ -_a_t_t_a_c_h_-_c_a_c_h_e share a single cache view │ │ │ │ │ - database. │ │ │ │ │ - Controls whether BIND, │ │ │ │ │ - acting as a resolver, │ │ │ │ │ -_a_u_t_h_-_n_x_d_o_m_a_i_n provides authoritative query │ │ │ │ │ - NXDOMAIN (domain does not │ │ │ │ │ - exist) answers. │ │ │ │ │ - Controls the automatic │ │ │ │ │ -_a_u_t_o_m_a_t_i_c_-_i_n_t_e_r_f_a_c_e_-_s_c_a_n rescanning of network server │ │ │ │ │ - interfaces when addresses │ │ │ │ │ - are added or removed. │ │ │ │ │ - Specifies the range(s) of │ │ │ │ │ -_a_v_o_i_d_-_v_4_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated │ │ │ │ │ - use as sources for UDP/IPv4 │ │ │ │ │ - messages. │ │ │ │ │ - Specifies the range(s) of │ │ │ │ │ -_a_v_o_i_d_-_v_6_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated │ │ │ │ │ - use as sources for UDP/IPv6 │ │ │ │ │ - messages. │ │ │ │ │ - Specifies the pathname of a │ │ │ │ │ -_b_i_n_d_k_e_y_s_-_f_i_l_e file to override the built- dnssec │ │ │ │ │ - in trusted keys provided by │ │ │ │ │ - _n_a_m_e_d. │ │ │ │ │ - Defines an │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ -_b_l_a_c_k_h_o_l_e to ignore. The server will query │ │ │ │ │ - neither respond to queries │ │ │ │ │ - from nor send queries to │ │ │ │ │ - these addresses. │ │ │ │ │ -_b_o_g_u_s Allows a remote server to be server │ │ │ │ │ - ignored. │ │ │ │ │ - Enables _d_n_s_6_4 synthesis even │ │ │ │ │ -_b_r_e_a_k_-_d_n_s_s_e_c if the validated result query │ │ │ │ │ - would cause a DNSSEC │ │ │ │ │ - validation failure. │ │ │ │ │ -_b_u_f_f_e_r_e_d Controls flushing of log logging │ │ │ │ │ - messages. │ │ │ │ │ - Specifies the path to a file │ │ │ │ │ - containing TLS certificates │ │ │ │ │ -_c_a_-_f_i_l_e for trusted CA authorities, security, server │ │ │ │ │ - used to verify remote peer │ │ │ │ │ - certificates. │ │ │ │ │ -_c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone │ │ │ │ │ - _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ - Specifies the type of data │ │ │ │ │ -_c_a_t_e_g_o_r_y logged to a particular logging │ │ │ │ │ - channel. │ │ │ │ │ - Specifies whether a CDNSKEY │ │ │ │ │ -_c_d_n_s_k_e_y record should be published dnssec │ │ │ │ │ - during KSK rollover. │ │ │ │ │ - Specifies the digest types │ │ │ │ │ -_c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec │ │ │ │ │ - records. │ │ │ │ │ - Specifies the path to a file │ │ │ │ │ -_c_e_r_t_-_f_i_l_e containing the TLS security, server │ │ │ │ │ - certificate for a │ │ │ │ │ - connection. │ │ │ │ │ - Defines a stream of data │ │ │ │ │ -_c_h_a_n_n_e_l that can be independently logging │ │ │ │ │ - logged. │ │ │ │ │ - Checks primary zones for │ │ │ │ │ - records that are treated as │ │ │ │ │ -_c_h_e_c_k_-_d_u_p_-_r_e_c_o_r_d_s different by DNSSEC but are dnssec, query │ │ │ │ │ - semantically equal in plain │ │ │ │ │ - DNS. │ │ │ │ │ - Performs post-load zone │ │ │ │ │ -_c_h_e_c_k_-_i_n_t_e_g_r_i_t_y integrity checks on primary zone │ │ │ │ │ - zones. │ │ │ │ │ - Checks whether an MX record │ │ │ │ │ -_c_h_e_c_k_-_m_x appears to refer to an IP zone │ │ │ │ │ - address. │ │ │ │ │ - Sets the response to MX │ │ │ │ │ -_c_h_e_c_k_-_m_x_-_c_n_a_m_e records that refer to zone │ │ │ │ │ - CNAMEs. │ │ │ │ │ - Restricts the character set │ │ │ │ │ - and syntax of certain domain │ │ │ │ │ -_c_h_e_c_k_-_n_a_m_e_s names in primary files and/ query, server │ │ │ │ │ - or DNS responses received │ │ │ │ │ - from the network. │ │ │ │ │ - Specifies whether to check │ │ │ │ │ -_c_h_e_c_k_-_s_i_b_l_i_n_g for sibling glue when zone │ │ │ │ │ - performing integrity checks. │ │ │ │ │ - Specifies whether to check │ │ │ │ │ -_c_h_e_c_k_-_s_p_f for a TXT Sender Policy zone │ │ │ │ │ - Framework record, if an SPF │ │ │ │ │ - record is present. │ │ │ │ │ - Sets the response to SRV │ │ │ │ │ -_c_h_e_c_k_-_s_r_v_-_c_n_a_m_e records that refer to zone │ │ │ │ │ - CNAMEs. │ │ │ │ │ - Specifies whether to perform │ │ │ │ │ -_c_h_e_c_k_-_s_v_c_b additional checks on SVCB zone │ │ │ │ │ - records. │ │ │ │ │ -_c_h_e_c_k_-_w_i_l_d_c_a_r_d Checks for non-terminal zone │ │ │ │ │ - wildcards. │ │ │ │ │ -_c_h_e_c_k_d_s Controls whether DS queries dnssec │ │ │ │ │ - are sent to parental agents. │ │ │ │ │ -_c_i_p_h_e_r_s Specifies a list of allowed security │ │ │ │ │ - ciphers. │ │ │ │ │ - Specifies an access control │ │ │ │ │ -_c_l_i_e_n_t_s list (ACL) of clients that query │ │ │ │ │ - are affected by a given │ │ │ │ │ - _d_n_s_6_4 directive. │ │ │ │ │ - Sets the initial minimum │ │ │ │ │ - number of simultaneous │ │ │ │ │ -_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y recursive clients accepted server │ │ │ │ │ - by the server for any given │ │ │ │ │ - query before the server │ │ │ │ │ - drops additional clients. │ │ │ │ │ - Specifies control channels │ │ │ │ │ -_c_o_n_t_r_o_l_s to be used to manage the server │ │ │ │ │ - name server. │ │ │ │ │ - Sets the algorithm to be │ │ │ │ │ -_c_o_o_k_i_e_-_a_l_g_o_r_i_t_h_m used when generating a server │ │ │ │ │ - server cookie. │ │ │ │ │ - Specifies a shared secret │ │ │ │ │ - used for generating and │ │ │ │ │ -_c_o_o_k_i_e_-_s_e_c_r_e_t verifying EDNS COOKIE server │ │ │ │ │ - options within an anycast │ │ │ │ │ - cluster. │ │ │ │ │ - Specifies the type of │ │ │ │ │ -_d_a_t_a_b_a_s_e database to be used to store zone │ │ │ │ │ - zone data. │ │ │ │ │ - Rejects A or AAAA records if │ │ │ │ │ -_d_e_n_y_-_a_n_s_w_e_r_-_a_d_d_r_e_s_s_e_s the corresponding IPv4 or query │ │ │ │ │ - IPv6 addresses match a given │ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t. │ │ │ │ │ - Rejects CNAME or DNAME │ │ │ │ │ -_d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query │ │ │ │ │ - matches a given list of │ │ │ │ │ - _d_o_m_a_i_n___n_a_m_e elements. │ │ │ │ │ - Specifies the path to a file │ │ │ │ │ -_d_h_p_a_r_a_m_-_f_i_l_e containing Diffie-Hellman security, server │ │ │ │ │ - parameters, for enabling │ │ │ │ │ - cipher suites. │ │ │ │ │ - Concentrates zone │ │ │ │ │ - maintenance so that all │ │ │ │ │ -_d_i_a_l_u_p transfers take place once deprecated │ │ │ │ │ - every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l, │ │ │ │ │ - ideally during a single │ │ │ │ │ - call. │ │ │ │ │ -_d_i_r_e_c_t_o_r_y Sets the server's working server │ │ │ │ │ - directory. │ │ │ │ │ -_d_i_s_a_b_l_e_-_a_l_g_o_r_i_t_h_m_s Disables DNSSEC algorithms dnssec │ │ │ │ │ - from a specified zone. │ │ │ │ │ -_d_i_s_a_b_l_e_-_d_s_-_d_i_g_e_s_t_s Disables DS digest types dnssec, zone │ │ │ │ │ - from a specified zone. │ │ │ │ │ -_d_i_s_a_b_l_e_-_e_m_p_t_y_-_z_o_n_e Disables individual empty zone, server │ │ │ │ │ - zones. │ │ │ │ │ - Configures a Dynamically │ │ │ │ │ -_d_l_z Loadable Zone (DLZ) database zone │ │ │ │ │ - in _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ - Instructs _n_a_m_e_d to return │ │ │ │ │ -_d_n_s_6_4 mapped IPv4 addresses to query │ │ │ │ │ - AAAA queries when there are │ │ │ │ │ - no AAAA records. │ │ │ │ │ -_d_n_s_6_4_-_c_o_n_t_a_c_t Specifies the name of the server │ │ │ │ │ - contact for _d_n_s_6_4 zones. │ │ │ │ │ -_d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server │ │ │ │ │ - server for _d_n_s_6_4 zones. │ │ │ │ │ -_d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete │ │ │ │ │ - Specifies the time to live │ │ │ │ │ -_d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec │ │ │ │ │ - records. │ │ │ │ │ - Turns on the DNS Response │ │ │ │ │ -_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) security, server │ │ │ │ │ - interface. │ │ │ │ │ - Turns on the DNS Response │ │ │ │ │ -_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) security, server │ │ │ │ │ - interface. │ │ │ │ │ - Provides additional RPZ │ │ │ │ │ - configuration settings, │ │ │ │ │ -_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS security, server │ │ │ │ │ - Response Policy Service │ │ │ │ │ - (DNSRPS) provider library. │ │ │ │ │ - Instructs BIND 9 to accept │ │ │ │ │ -_d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec │ │ │ │ │ - when validating. │ │ │ │ │ -_d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete │ │ │ │ │ - Sets the frequency of │ │ │ │ │ -_d_n_s_s_e_c_-_l_o_a_d_k_e_y_s_-_i_n_t_e_r_v_a_l automatic checks of the dnssec │ │ │ │ │ - DNSSEC key repository. │ │ │ │ │ - Defines hierarchies that │ │ │ │ │ -_d_n_s_s_e_c_-_m_u_s_t_-_b_e_-_s_e_c_u_r_e must or may not be secure deprecated │ │ │ │ │ - (signed and validated). │ │ │ │ │ -_d_n_s_s_e_c_-_p_o_l_i_c_y Defines a key and signing dnssec │ │ │ │ │ - policy (KASP) for zones. │ │ │ │ │ -_d_n_s_s_e_c_-_s_e_c_u_r_e_-_t_o_-_i_n_s_e_c_u_r_e obsolete │ │ │ │ │ -_d_n_s_s_e_c_-_u_p_d_a_t_e_-_m_o_d_e obsolete │ │ │ │ │ -_d_n_s_s_e_c_-_v_a_l_i_d_a_t_i_o_n Enables DNSSEC validation in dnssec │ │ │ │ │ - _n_a_m_e_d. │ │ │ │ │ -_d_n_s_t_a_p Enables logging of _d_n_s_t_a_p logging │ │ │ │ │ - messages. │ │ │ │ │ -_d_n_s_t_a_p_-_i_d_e_n_t_i_t_y Specifies an identity string logging │ │ │ │ │ - to send in _d_n_s_t_a_p messages. │ │ │ │ │ - Configures the path to which │ │ │ │ │ -_d_n_s_t_a_p_-_o_u_t_p_u_t the _d_n_s_t_a_p frame stream is logging │ │ │ │ │ - sent. │ │ │ │ │ -_d_n_s_t_a_p_-_v_e_r_s_i_o_n Specifies a _v_e_r_s_i_o_n string logging │ │ │ │ │ - to send in _d_n_s_t_a_p messages. │ │ │ │ │ - Specifies host names or │ │ │ │ │ -_d_u_a_l_-_s_t_a_c_k_-_s_e_r_v_e_r_s addresses of machines with server │ │ │ │ │ - access to both IPv4 and IPv6 │ │ │ │ │ - transports. │ │ │ │ │ - Indicates the pathname of │ │ │ │ │ -_d_u_m_p_-_f_i_l_e the file where the server logging │ │ │ │ │ - dumps the database after │ │ │ │ │ - _r_n_d_c_ _d_u_m_p_d_b. │ │ │ │ │ -_d_y_n_d_b Configures a DynDB database zone │ │ │ │ │ - in _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ -_e_d_n_s Controls the use of the server │ │ │ │ │ - EDNS0 (_RR_FF_CC_ _22_66_77_11) feature. │ │ │ │ │ - Sets the maximum advertised │ │ │ │ │ - EDNS UDP buffer size to │ │ │ │ │ -_e_d_n_s_-_u_d_p_-_s_i_z_e control the size of packets query │ │ │ │ │ - received from authoritative │ │ │ │ │ - servers in response to │ │ │ │ │ - recursive queries. │ │ │ │ │ - Sets the maximum EDNS │ │ │ │ │ -_e_d_n_s_-_v_e_r_s_i_o_n VERSION that is sent to the server │ │ │ │ │ - server(s) by the resolver. │ │ │ │ │ - Specifies the contact name │ │ │ │ │ -_e_m_p_t_y_-_c_o_n_t_a_c_t in the returned SOA record zone, server │ │ │ │ │ - for empty zones. │ │ │ │ │ - Specifies the server name in │ │ │ │ │ -_e_m_p_t_y_-_s_e_r_v_e_r the returned SOA record for zone, server │ │ │ │ │ - empty zones. │ │ │ │ │ -_e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all zone, server │ │ │ │ │ - empty zones. │ │ │ │ │ - Specifies a list of HTTP │ │ │ │ │ -_e_n_d_p_o_i_n_t_s query paths on which to query, server │ │ │ │ │ - listen. │ │ │ │ │ - Limits the number of errors │ │ │ │ │ -_e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server │ │ │ │ │ - record type. │ │ │ │ │ - Allows a list of IPv6 │ │ │ │ │ - addresses to be ignored if │ │ │ │ │ -_e_x_c_l_u_d_e they appear in a domain query │ │ │ │ │ - name's AAAA records in │ │ │ │ │ - _d_n_s_6_4. │ │ │ │ │ - Exempts specific clients or │ │ │ │ │ -_e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query │ │ │ │ │ - limiting. │ │ │ │ │ - Sets the parameters for │ │ │ │ │ - dynamic resizing of the │ │ │ │ │ -_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in query, server │ │ │ │ │ - response to detected │ │ │ │ │ - congestion. │ │ │ │ │ - Sets the maximum number of │ │ │ │ │ - simultaneous iterative │ │ │ │ │ - queries allowed to be sent │ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream query, server │ │ │ │ │ - name server before the │ │ │ │ │ - server blocks additional │ │ │ │ │ - queries. │ │ │ │ │ - Sets the maximum number of │ │ │ │ │ - simultaneous iterative │ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one query, server │ │ │ │ │ - domain before the server │ │ │ │ │ - blocks new queries for data │ │ │ │ │ - in or beneath that zone. │ │ │ │ │ -_f_i_l_e Specifies the zone's zone │ │ │ │ │ - filename. │ │ │ │ │ - Controls whether pending │ │ │ │ │ -_f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed when zone │ │ │ │ │ - the name server exits. │ │ │ │ │ - Allows or disallows fallback │ │ │ │ │ - to recursion if forwarding │ │ │ │ │ -_f_o_r_w_a_r_d has failed; it is always query │ │ │ │ │ - used in conjunction with the │ │ │ │ │ - _f_o_r_w_a_r_d_e_r_s statement. │ │ │ │ │ -_f_o_r_w_a_r_d_e_r_s Defines one or more hosts to query │ │ │ │ │ - which queries are forwarded. │ │ │ │ │ - Sets the number of │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_b_u_f_f_e_r_-_h_i_n_t accumulated bytes in the logging │ │ │ │ │ - output buffer before forcing │ │ │ │ │ - a buffer flush. │ │ │ │ │ - Sets the number of seconds │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_f_l_u_s_h_-_t_i_m_e_o_u_t that unflushed data remains logging │ │ │ │ │ - in the output buffer. │ │ │ │ │ - Sets the number of queue │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_i_n_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries to allocate for each logging │ │ │ │ │ - input queue. │ │ │ │ │ - Sets the number of │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_n_o_t_i_f_y_- outstanding queue entries │ │ │ │ │ -_t_h_r_e_s_h_o_l_d allowed on an input queue logging │ │ │ │ │ - before waking the I/ │ │ │ │ │ - O thread. │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_- Sets the queuing semantics logging │ │ │ │ │ -_m_o_d_e_l to use for queue objects. │ │ │ │ │ - Sets the number of queue │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries allocated for each logging │ │ │ │ │ - output queue. │ │ │ │ │ - Sets the number of seconds │ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_r_e_o_p_e_n_-_i_n_t_e_r_v_a_l to wait between attempts to logging │ │ │ │ │ - reopen a closed output │ │ │ │ │ - stream. │ │ │ │ │ - Specifies the directory │ │ │ │ │ -_g_e_o_i_p_-_d_i_r_e_c_t_o_r_y containing GeoIP database server │ │ │ │ │ - files. │ │ │ │ │ - Sets the interval at which │ │ │ │ │ -_h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l the server performs zone deprecated │ │ │ │ │ - maintenance tasks for all │ │ │ │ │ - zones marked as _d_i_a_l_u_p. │ │ │ │ │ - Specifies the hostname of │ │ │ │ │ -_h_o_s_t_n_a_m_e the server to return in server │ │ │ │ │ - response to a hostname.bind │ │ │ │ │ - query. │ │ │ │ │ - Configures HTTP endpoints on │ │ │ │ │ -_h_t_t_p which to listen for DNS- query, server │ │ │ │ │ - over-HTTPS (DoH) queries. │ │ │ │ │ - Limits the number of active │ │ │ │ │ -_h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server │ │ │ │ │ - per-listener basis. │ │ │ │ │ - Specifies the TCP port │ │ │ │ │ -_h_t_t_p_-_p_o_r_t number the server uses to query, server │ │ │ │ │ - receive and send unencrypted │ │ │ │ │ - DNS traffic via HTTP. │ │ │ │ │ - Limits the number of active │ │ │ │ │ -_h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams on server │ │ │ │ │ - a per-connection basis. │ │ │ │ │ - Specifies the TCP port │ │ │ │ │ -_h_t_t_p_s_-_p_o_r_t number the server uses to query, server │ │ │ │ │ - receive and send DNS-over- │ │ │ │ │ - HTTPS protocol traffic. │ │ │ │ │ -_i_n_-_v_i_e_w Specifies the view in which zone, view │ │ │ │ │ - a given zone is defined. │ │ │ │ │ -_i_n_e_t Specifies a TCP socket as a server │ │ │ │ │ - control channel. │ │ │ │ │ - Specifies whether BIND 9 │ │ │ │ │ -_i_n_l_i_n_e_-_s_i_g_n_i_n_g maintains a separate signed dnssec, zone │ │ │ │ │ - version of a zone. │ │ │ │ │ - Sets the interval at which │ │ │ │ │ -_i_n_t_e_r_f_a_c_e_-_i_n_t_e_r_v_a_l the server scans the network server │ │ │ │ │ - interface list. │ │ │ │ │ -_i_p_v_4_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server │ │ │ │ │ - of IPv4 address blocks. │ │ │ │ │ - Specifies the contact for │ │ │ │ │ -_i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server │ │ │ │ │ - created by _d_n_s_6_4. │ │ │ │ │ - Enables automatic IPv4 zones │ │ │ │ │ -_i_p_v_4_o_n_l_y_-_e_n_a_b_l_e if a _d_n_s_6_4 block is query │ │ │ │ │ - configured. │ │ │ │ │ - Specifies the name of the │ │ │ │ │ -_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the IPV4ONLY.ARPA query, server │ │ │ │ │ - zone created by _d_n_s_6_4. │ │ │ │ │ -_i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server │ │ │ │ │ - of IPv6 address blocks. │ │ │ │ │ -_i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer │ │ │ │ │ - are calculated. │ │ │ │ │ -_j_o_u_r_n_a_l Allows the default journal's zone │ │ │ │ │ - filename to be overridden. │ │ │ │ │ - Defines a shared secret key │ │ │ │ │ -_k_e_y for use with _T_S_I_G or the security │ │ │ │ │ - command channel. │ │ │ │ │ - Indicates the directory │ │ │ │ │ -_k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec │ │ │ │ │ - DNSSEC key files are found. │ │ │ │ │ - Specifies the path to a file │ │ │ │ │ -_k_e_y_-_f_i_l_e containing the private TLS security, server │ │ │ │ │ - key for a connection. │ │ │ │ │ - Specifies one or more │ │ │ │ │ -_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used with security, server │ │ │ │ │ - a remote server. │ │ │ │ │ -_l_a_m_e_-_t_t_l Sets the resolver's lame server │ │ │ │ │ - cache. │ │ │ │ │ - Specifies the IPv4 addresses │ │ │ │ │ -_l_i_s_t_e_n_-_o_n on which a server listens server │ │ │ │ │ - for DNS queries. │ │ │ │ │ - Specifies the IPv6 addresses │ │ │ │ │ -_l_i_s_t_e_n_-_o_n_-_v_6 on which a server listens server │ │ │ │ │ - for DNS queries. │ │ │ │ │ - Specifies a per-listener │ │ │ │ │ -_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active query, server │ │ │ │ │ - connections. │ │ │ │ │ - Sets a maximum size for the │ │ │ │ │ -_l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server │ │ │ │ │ - database in LMDB database │ │ │ │ │ - format. │ │ │ │ │ - Tests rate-limiting │ │ │ │ │ -_l_o_g_-_o_n_l_y parameters without actually logging, query │ │ │ │ │ - dropping any requests. │ │ │ │ │ -_l_o_g_g_i_n_g Configures logging options logging │ │ │ │ │ - for the name server. │ │ │ │ │ -_m_a_n_a_g_e_d_-_k_e_y_s deprecated │ │ │ │ │ - Specifies the directory in │ │ │ │ │ -_m_a_n_a_g_e_d_-_k_e_y_s_-_d_i_r_e_c_t_o_r_y which to store the files dnssec │ │ │ │ │ - that track managed DNSSEC │ │ │ │ │ - keys. │ │ │ │ │ - Specifies an access control │ │ │ │ │ - list (ACL) of IPv4 addresses │ │ │ │ │ -_m_a_p_p_e_d that are to be mapped to the query │ │ │ │ │ - corresponding A RRset in │ │ │ │ │ - _d_n_s_6_4. │ │ │ │ │ -_m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t Specifies the file format of zone, server │ │ │ │ │ - zone files. │ │ │ │ │ - Specifies the format of zone │ │ │ │ │ -_m_a_s_t_e_r_f_i_l_e_-_s_t_y_l_e files during a dump, when server │ │ │ │ │ - the _m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t is │ │ │ │ │ - text. │ │ │ │ │ - Specifies a view of DNS │ │ │ │ │ -_m_a_t_c_h_-_c_l_i_e_n_t_s namespace for a given subset view │ │ │ │ │ - of client IP addresses. │ │ │ │ │ - Specifies a view of DNS │ │ │ │ │ -_m_a_t_c_h_-_d_e_s_t_i_n_a_t_i_o_n_s namespace for a given subset view │ │ │ │ │ - of destination IP addresses. │ │ │ │ │ - Allows IPv4-mapped IPv6 │ │ │ │ │ - addresses to match address- │ │ │ │ │ -_m_a_t_c_h_-_m_a_p_p_e_d_-_a_d_d_r_e_s_s_e_s match list entries for server │ │ │ │ │ - corresponding IPv4 │ │ │ │ │ - addresses. │ │ │ │ │ - Specifies that only │ │ │ │ │ -_m_a_t_c_h_-_r_e_c_u_r_s_i_v_e_-_o_n_l_y recursive requests can match view │ │ │ │ │ - this view of the DNS │ │ │ │ │ - namespace. │ │ │ │ │ - Sets the maximum amount of │ │ │ │ │ -_m_a_x_-_c_a_c_h_e_-_s_i_z_e memory to use for an server │ │ │ │ │ - individual cache database │ │ │ │ │ - and its associated metadata. │ │ │ │ │ - Specifies the maximum time │ │ │ │ │ -_m_a_x_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server │ │ │ │ │ - caches ordinary (positive) │ │ │ │ │ - answers. │ │ │ │ │ - Sets the maximum number of │ │ │ │ │ - simultaneous recursive │ │ │ │ │ -_m_a_x_-_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y clients accepted by the server │ │ │ │ │ - server for any given query │ │ │ │ │ - before the server drops │ │ │ │ │ - additional clients. │ │ │ │ │ - Sets the maximum size for │ │ │ │ │ -_m_a_x_-_i_x_f_r_-_r_a_t_i_o IXFR responses to zone transfer │ │ │ │ │ - transfer requests. │ │ │ │ │ -_m_a_x_-_j_o_u_r_n_a_l_-_s_i_z_e Controls the size of journal transfer │ │ │ │ │ - files. │ │ │ │ │ - Specifies the maximum │ │ │ │ │ - retention time (in seconds) │ │ │ │ │ -_m_a_x_-_n_c_a_c_h_e_-_t_t_l for storage of negative server │ │ │ │ │ - answers in the server's │ │ │ │ │ - cache. │ │ │ │ │ -_m_a_x_-_r_e_c_o_r_d_s Sets the maximum number of zone, server │ │ │ │ │ - records permitted in a zone. │ │ │ │ │ - Sets the maximum number of │ │ │ │ │ - levels of recursion │ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server │ │ │ │ │ - while servicing a recursive │ │ │ │ │ - query. │ │ │ │ │ - Sets the maximum number of │ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while query, server │ │ │ │ │ - servicing a recursive query. │ │ │ │ │ - Limits the zone refresh │ │ │ │ │ -_m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer │ │ │ │ │ - than the specified value, in │ │ │ │ │ - seconds. │ │ │ │ │ - Limits the zone refresh │ │ │ │ │ -_m_a_x_-_r_e_t_r_y_-_t_i_m_e retry interval to no less transfer │ │ │ │ │ - often than the specified │ │ │ │ │ - value, in seconds. │ │ │ │ │ - Sets the maximum RSA │ │ │ │ │ -_m_a_x_-_r_s_a_-_e_x_p_o_n_e_n_t_-_s_i_z_e exponent size (in bits) when dnssec, query │ │ │ │ │ - validating. │ │ │ │ │ - Specifies the maximum time │ │ │ │ │ - that the server retains │ │ │ │ │ -_m_a_x_-_s_t_a_l_e_-_t_t_l records past their normal server │ │ │ │ │ - expiry, to return them as │ │ │ │ │ - stale records. │ │ │ │ │ - Sets the maximum size of the │ │ │ │ │ -_m_a_x_-_t_a_b_l_e_-_s_i_z_e table used to track requests server │ │ │ │ │ - and rate-limit responses. │ │ │ │ │ - Specifies the number of │ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_i_n minutes after which inbound transfer │ │ │ │ │ - zone transfers making no │ │ │ │ │ - progress are terminated. │ │ │ │ │ - Specifies the number of │ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_o_u_t minutes after which outbound transfer │ │ │ │ │ - zone transfers making no │ │ │ │ │ - progress are terminated. │ │ │ │ │ - Specifies the number of │ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_i_n minutes after which inbound transfer │ │ │ │ │ - zone transfers are │ │ │ │ │ - terminated. │ │ │ │ │ - Specifies the number of │ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_o_u_t minutes after which outbound transfer │ │ │ │ │ - zone transfers are │ │ │ │ │ - terminated. │ │ │ │ │ -_m_a_x_-_u_d_p_-_s_i_z_e Sets the maximum EDNS UDP query │ │ │ │ │ - message size sent by _n_a_m_e_d. │ │ │ │ │ - Set the maximum number of │ │ │ │ │ -_m_a_x_-_v_a_l_i_d_a_t_i_o_n_-_f_a_i_l_u_r_e_s_- DNSSEC validation failures server │ │ │ │ │ -_p_e_r_-_f_e_t_c_h that can happen in single │ │ │ │ │ - fetch │ │ │ │ │ - Set the maximum number of │ │ │ │ │ -_m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server │ │ │ │ │ - happen in single fetch │ │ │ │ │ - Specifies a maximum │ │ │ │ │ -_m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated │ │ │ │ │ - (TTL) value, in seconds. │ │ │ │ │ - Controls whether memory │ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to logging, server │ │ │ │ │ - the file specified by │ │ │ │ │ - _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit. │ │ │ │ │ - Sets the pathname of the │ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server writes logging │ │ │ │ │ - memory usage statistics on │ │ │ │ │ - exit. │ │ │ │ │ - Controls whether DNS name │ │ │ │ │ -_m_e_s_s_a_g_e_-_c_o_m_p_r_e_s_s_i_o_n compression is used in query │ │ │ │ │ - responses to regular │ │ │ │ │ - queries. │ │ │ │ │ - Specifies the minimum time │ │ │ │ │ -_m_i_n_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server │ │ │ │ │ - caches ordinary (positive) │ │ │ │ │ - answers. │ │ │ │ │ - Specifies the minimum │ │ │ │ │ - retention time (in seconds) │ │ │ │ │ -_m_i_n_-_n_c_a_c_h_e_-_t_t_l for storage of negative server │ │ │ │ │ - answers in the server's │ │ │ │ │ - cache. │ │ │ │ │ - Limits the zone refresh │ │ │ │ │ -_m_i_n_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no more often transfer │ │ │ │ │ - than the specified value, in │ │ │ │ │ - seconds. │ │ │ │ │ - Limits the zone refresh │ │ │ │ │ -_m_i_n_-_r_e_t_r_y_-_t_i_m_e retry interval to no more transfer │ │ │ │ │ - often than the specified │ │ │ │ │ - value, in seconds. │ │ │ │ │ - Sets the minimum size of the │ │ │ │ │ -_m_i_n_-_t_a_b_l_e_-_s_i_z_e table used to track requests query │ │ │ │ │ - and rate-limit responses. │ │ │ │ │ - Controls whether the server │ │ │ │ │ - replies with only one of the │ │ │ │ │ -_m_i_n_i_m_a_l_-_a_n_y RRsets for a query name, query │ │ │ │ │ - when generating a positive │ │ │ │ │ - response to a query of type │ │ │ │ │ - ANY over UDP. │ │ │ │ │ - Controls whether the server │ │ │ │ │ - only adds records to the │ │ │ │ │ - authority and additional │ │ │ │ │ -_m_i_n_i_m_a_l_-_r_e_s_p_o_n_s_e_s data sections when they are query │ │ │ │ │ - required (e.g. delegations, │ │ │ │ │ - negative responses). This │ │ │ │ │ - improves server performance. │ │ │ │ │ - Controls whether serial │ │ │ │ │ -_m_u_l_t_i_-_m_a_s_t_e_r number mismatch errors are transfer │ │ │ │ │ - logged. │ │ │ │ │ - Specifies the directory │ │ │ │ │ -_n_e_w_-_z_o_n_e_s_-_d_i_r_e_c_t_o_r_y where configuration zone │ │ │ │ │ - parameters are stored for │ │ │ │ │ - zones added by _r_n_d_c_ _a_d_d_z_o_n_e. │ │ │ │ │ - Specifies a list of │ │ │ │ │ -_n_o_-_c_a_s_e_-_c_o_m_p_r_e_s_s addresses that require case- server │ │ │ │ │ - insensitive compression in │ │ │ │ │ - responses. │ │ │ │ │ - Sets the maximum size of UDP │ │ │ │ │ -_n_o_c_o_o_k_i_e_-_u_d_p_-_s_i_z_e responses that are sent to query │ │ │ │ │ - queries without a valid │ │ │ │ │ - server COOKIE. │ │ │ │ │ - Limits the number of empty │ │ │ │ │ -_n_o_d_a_t_a_-_p_e_r_-_s_e_c_o_n_d (NODATA) responses for a query │ │ │ │ │ - valid domain name. │ │ │ │ │ - Controls whether NOTIFY │ │ │ │ │ -_n_o_t_i_f_y messages are sent on zone transfer │ │ │ │ │ - changes. │ │ │ │ │ - Sets the delay (in seconds) │ │ │ │ │ -_n_o_t_i_f_y_-_d_e_l_a_y between sending sets of transfer, zone │ │ │ │ │ - NOTIFY messages for a zone. │ │ │ │ │ - Specifies the rate at which │ │ │ │ │ -_n_o_t_i_f_y_-_r_a_t_e NOTIFY requests are sent transfer, zone │ │ │ │ │ - during normal zone │ │ │ │ │ - maintenance operations. │ │ │ │ │ - Defines the IPv4 address │ │ │ │ │ -_n_o_t_i_f_y_-_s_o_u_r_c_e (and optional port) to be transfer │ │ │ │ │ - used for outgoing NOTIFY │ │ │ │ │ - messages. │ │ │ │ │ - Defines the IPv6 address │ │ │ │ │ -_n_o_t_i_f_y_-_s_o_u_r_c_e_-_v_6 (and optional port) to be transfer │ │ │ │ │ - used for outgoing NOTIFY │ │ │ │ │ - messages. │ │ │ │ │ - Controls whether the name │ │ │ │ │ -_n_o_t_i_f_y_-_t_o_-_s_o_a servers in the NS RRset are transfer │ │ │ │ │ - checked against the SOA │ │ │ │ │ - MNAME. │ │ │ │ │ - Specifies the use of NSEC3 │ │ │ │ │ -_n_s_e_c_3_p_a_r_a_m instead of NSEC, and sets dnssec │ │ │ │ │ - NSEC3 parameters. │ │ │ │ │ - Specifies the lifetime, in │ │ │ │ │ -_n_t_a_-_l_i_f_e_t_i_m_e seconds, for negative trust dnssec │ │ │ │ │ - anchors added via _r_n_d_c_ _n_t_a. │ │ │ │ │ - Specifies the time interval │ │ │ │ │ - for checking whether │ │ │ │ │ -_n_t_a_-_r_e_c_h_e_c_k negative trust anchors added dnssec │ │ │ │ │ - via _r_n_d_c_ _n_t_a are still │ │ │ │ │ - necessary. │ │ │ │ │ - Causes all messages sent to │ │ │ │ │ -_n_u_l_l the logging channel to be logging │ │ │ │ │ - discarded. │ │ │ │ │ - Appends the specified suffix │ │ │ │ │ -_n_x_d_o_m_a_i_n_-_r_e_d_i_r_e_c_t to the original query name, query │ │ │ │ │ - when replacing an NXDOMAIN │ │ │ │ │ - with a redirect namespace. │ │ │ │ │ - Limits the number of │ │ │ │ │ -_n_x_d_o_m_a_i_n_s_-_p_e_r_-_s_e_c_o_n_d undefined subdomains for a query │ │ │ │ │ - valid domain name. │ │ │ │ │ -_o_p_t_i_o_n_s Defines global options to be server │ │ │ │ │ - used by BIND 9. │ │ │ │ │ - Adds EDNS Padding options to │ │ │ │ │ -_p_a_d_d_i_n_g outgoing messages to server │ │ │ │ │ - increase the packet size. │ │ │ │ │ - Sets the time to live (TTL) │ │ │ │ │ -_p_a_r_e_n_t_-_d_s_-_t_t_l of the DS RRset used by the dnssec │ │ │ │ │ - parent zone. │ │ │ │ │ - Sets the propagation delay │ │ │ │ │ - from the time the parent │ │ │ │ │ -_p_a_r_e_n_t_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y zone is updated to when the dnssec, zone │ │ │ │ │ - new version is served by all │ │ │ │ │ - of the parent zone's name │ │ │ │ │ - servers. │ │ │ │ │ - Defines a list of delegation │ │ │ │ │ -_p_a_r_e_n_t_a_l_-_a_g_e_n_t_s agents to be used by primary zone │ │ │ │ │ - and secondary zones. │ │ │ │ │ - Specifies which local IPv4 │ │ │ │ │ -_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e source address is used to dnssec │ │ │ │ │ - send parental DS queries. │ │ │ │ │ - Specifies which local IPv6 │ │ │ │ │ -_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e_-_v_6 source address is used to dnssec │ │ │ │ │ - send parental DS queries. │ │ │ │ │ - Specifies the pathname of │ │ │ │ │ -_p_i_d_-_f_i_l_e the file where the server server │ │ │ │ │ - writes its process ID. │ │ │ │ │ -_p_l_u_g_i_n Configures plugins in server │ │ │ │ │ - _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ - Specifies the UDP/TCP port │ │ │ │ │ -_p_o_r_t number the server uses to query, server │ │ │ │ │ - receive and send DNS │ │ │ │ │ - protocol traffic. │ │ │ │ │ - Specifies that server │ │ │ │ │ -_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred security, server │ │ │ │ │ - over client ones. │ │ │ │ │ - Controls the order of glue │ │ │ │ │ -_p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query │ │ │ │ │ - response. │ │ │ │ │ - Specifies the "trigger" │ │ │ │ │ -_p_r_e_f_e_t_c_h time-to-live (TTL) value at query │ │ │ │ │ - which prefetch of the │ │ │ │ │ - current query takes place. │ │ │ │ │ -_p_r_i_m_a_r_i_e_s Defines one or more primary zone │ │ │ │ │ - servers for a zone. │ │ │ │ │ -_p_r_i_n_t_-_c_a_t_e_g_o_r_y Includes the category in log logging │ │ │ │ │ - messages. │ │ │ │ │ -_p_r_i_n_t_-_s_e_v_e_r_i_t_y Includes the severity in log logging │ │ │ │ │ - messages. │ │ │ │ │ -_p_r_i_n_t_-_t_i_m_e Specifies the time format logging │ │ │ │ │ - for log messages. │ │ │ │ │ - Specifies the allowed │ │ │ │ │ -_p_r_o_t_o_c_o_l_s versions of the TLS security │ │ │ │ │ - protocol. │ │ │ │ │ - Controls whether a primary │ │ │ │ │ - responds to an incremental │ │ │ │ │ -_p_r_o_v_i_d_e_-_i_x_f_r zone request (IXFR) or only transfer │ │ │ │ │ - responds with a full zone │ │ │ │ │ - transfer (AXFR). │ │ │ │ │ - Increases the amount of time │ │ │ │ │ - between when keys are │ │ │ │ │ -_p_u_b_l_i_s_h_-_s_a_f_e_t_y published and when they dnssec │ │ │ │ │ - become active, to allow for │ │ │ │ │ - unforeseen events. │ │ │ │ │ - Specifies the amount of time │ │ │ │ │ - after which DNSSEC keys that │ │ │ │ │ -_p_u_r_g_e_-_k_e_y_s have been deleted from the dnssec │ │ │ │ │ - zone can be removed from │ │ │ │ │ - disk. │ │ │ │ │ - Controls QNAME minimization │ │ │ │ │ -_q_n_a_m_e_-_m_i_n_i_m_i_z_a_t_i_o_n behavior in the BIND 9 query │ │ │ │ │ - resolver. │ │ │ │ │ - Tightens defenses during DNS │ │ │ │ │ -_q_p_s_-_s_c_a_l_e attacks by scaling back the query │ │ │ │ │ - ratio of the current query- │ │ │ │ │ - per-second rate. │ │ │ │ │ - Controls the IPv4 address │ │ │ │ │ -_q_u_e_r_y_-_s_o_u_r_c_e from which queries are query │ │ │ │ │ - issued. │ │ │ │ │ - Controls the IPv6 address │ │ │ │ │ -_q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query │ │ │ │ │ - issued. │ │ │ │ │ - Specifies whether query │ │ │ │ │ -_q_u_e_r_y_l_o_g logging should be active logging, server │ │ │ │ │ - when _n_a_m_e_d first starts. │ │ │ │ │ - Controls excessive UDP │ │ │ │ │ - responses, to prevent BIND 9 │ │ │ │ │ -_r_a_t_e_-_l_i_m_i_t from being used to amplify query │ │ │ │ │ - reflection denial-of-service │ │ │ │ │ - (DoS) attacks. │ │ │ │ │ - Specifies the pathname of │ │ │ │ │ - the file where the server │ │ │ │ │ -_r_e_c_u_r_s_i_n_g_-_f_i_l_e dumps queries that are server │ │ │ │ │ - currently recursing via _r_n_d_c │ │ │ │ │ - _r_e_c_u_r_s_i_n_g. │ │ │ │ │ -_r_e_c_u_r_s_i_o_n Defines whether recursion query │ │ │ │ │ - and caching are allowed. │ │ │ │ │ - Specifies the maximum number │ │ │ │ │ -_r_e_c_u_r_s_i_v_e_-_c_l_i_e_n_t_s of concurrent recursive query │ │ │ │ │ - queries the server can │ │ │ │ │ - perform. │ │ │ │ │ - Toggles whether _d_n_s_6_4 │ │ │ │ │ -_r_e_c_u_r_s_i_v_e_-_o_n_l_y synthesis occurs only for query │ │ │ │ │ - recursive queries. │ │ │ │ │ - Limits the number of │ │ │ │ │ -_r_e_f_e_r_r_a_l_s_-_p_e_r_-_s_e_c_o_n_d referrals or delegations to query │ │ │ │ │ - a server for a given domain. │ │ │ │ │ - Specifies the expected │ │ │ │ │ -_r_e_m_o_t_e_-_h_o_s_t_n_a_m_e hostname in the TLS security │ │ │ │ │ - certificate of the remote │ │ │ │ │ - server. │ │ │ │ │ - Specifies whether the local │ │ │ │ │ -_r_e_q_u_e_s_t_-_e_x_p_i_r_e server requests the EDNS transfer, query │ │ │ │ │ - EXPIRE value, when acting as │ │ │ │ │ - a secondary. │ │ │ │ │ - Controls whether a secondary │ │ │ │ │ -_r_e_q_u_e_s_t_-_i_x_f_r requests an incremental zone transfer │ │ │ │ │ - transfer (IXFR) or a full │ │ │ │ │ - zone transfer (AXFR). │ │ │ │ │ - Controls whether an empty │ │ │ │ │ - EDNS(0) NSID (Name Server │ │ │ │ │ -_r_e_q_u_e_s_t_-_n_s_i_d Identifier) option is sent query │ │ │ │ │ - with all queries to │ │ │ │ │ - authoritative name servers │ │ │ │ │ - during iterative resolution. │ │ │ │ │ - Controls whether responses │ │ │ │ │ -_r_e_q_u_i_r_e_-_c_o_o_k_i_e without a server cookie are query │ │ │ │ │ - accepted │ │ │ │ │ - Controls whether a valid │ │ │ │ │ -_r_e_q_u_i_r_e_-_s_e_r_v_e_r_-_c_o_o_k_i_e server cookie is required query │ │ │ │ │ - before sending a full │ │ │ │ │ - response to a UDP request. │ │ │ │ │ - Specifies the length of │ │ │ │ │ - time, in milliseconds, that │ │ │ │ │ -_r_e_s_o_l_v_e_r_-_q_u_e_r_y_-_t_i_m_e_o_u_t a resolver attempts to query │ │ │ │ │ - resolve a recursive query │ │ │ │ │ - before failing. │ │ │ │ │ - Specifies whether to apply │ │ │ │ │ -_r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server │ │ │ │ │ - queries. │ │ │ │ │ - Adds an EDNS Padding option │ │ │ │ │ - to encrypted messages, to │ │ │ │ │ -_r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query │ │ │ │ │ - guessing the contents based │ │ │ │ │ - on size. │ │ │ │ │ - Specifies response policy security, zone, query, │ │ │ │ │ -_r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among server │ │ │ │ │ - global options. │ │ │ │ │ - Limits the number of non- │ │ │ │ │ -_r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query │ │ │ │ │ - domain name and record type. │ │ │ │ │ - Increases the amount of time │ │ │ │ │ - a key remains published │ │ │ │ │ -_r_e_t_i_r_e_-_s_a_f_e_t_y after it is no longer dnssec │ │ │ │ │ - active, to allow for │ │ │ │ │ - unforeseen events. │ │ │ │ │ -_r_e_u_s_e_p_o_r_t Enables kernel load- server │ │ │ │ │ - balancing of sockets. │ │ │ │ │ - Controls whether BIND 9 │ │ │ │ │ -_r_o_o_t_-_k_e_y_-_s_e_n_t_i_n_e_l responds to root key server │ │ │ │ │ - sentinel probes. │ │ │ │ │ - Defines the order in which │ │ │ │ │ -_r_r_s_e_t_-_o_r_d_e_r equal RRs (RRsets) are query │ │ │ │ │ - returned. │ │ │ │ │ - Specifies whether a │ │ │ │ │ -_s_e_a_r_c_h Dynamically Loadable Zone query │ │ │ │ │ - (DLZ) module is queried for │ │ │ │ │ - an answer to a query name. │ │ │ │ │ - Defines a Base64-encoded │ │ │ │ │ -_s_e_c_r_e_t string to be used as the security │ │ │ │ │ - secret by the algorithm. │ │ │ │ │ - Specifies the pathname of │ │ │ │ │ -_s_e_c_r_o_o_t_s_-_f_i_l_e the file where the server dnssec │ │ │ │ │ - dumps security roots, when │ │ │ │ │ - using _r_n_d_c_ _s_e_c_r_o_o_t_s. │ │ │ │ │ - Controls whether a COOKIE │ │ │ │ │ -_s_e_n_d_-_c_o_o_k_i_e EDNS option is sent along query │ │ │ │ │ - with a query. │ │ │ │ │ - Defines an upper limit on │ │ │ │ │ - the number of queries per │ │ │ │ │ -_s_e_r_i_a_l_-_q_u_e_r_y_-_r_a_t_e second issued by the server, transfer │ │ │ │ │ - when querying the SOA RRs │ │ │ │ │ - used for zone transfers. │ │ │ │ │ - Specifies the update method │ │ │ │ │ -_s_e_r_i_a_l_-_u_p_d_a_t_e_-_m_e_t_h_o_d to be used for the zone zone │ │ │ │ │ - serial number in the SOA │ │ │ │ │ - record. │ │ │ │ │ - Defines characteristics to │ │ │ │ │ -_s_e_r_v_e_r be associated with a remote server │ │ │ │ │ - name server. │ │ │ │ │ - Specifies a list of IP │ │ │ │ │ - addresses to which queries │ │ │ │ │ -_s_e_r_v_e_r_-_a_d_d_r_e_s_s_e_s should be sent in recursive zone, query │ │ │ │ │ - resolution for a static-stub │ │ │ │ │ - zone. │ │ │ │ │ - Specifies the ID of the │ │ │ │ │ -_s_e_r_v_e_r_-_i_d server to return in response server │ │ │ │ │ - to a ID.SERVER query. │ │ │ │ │ - Specifies a list of domain │ │ │ │ │ -_s_e_r_v_e_r_-_n_a_m_e_s names of name servers that zone │ │ │ │ │ - act as authoritative servers │ │ │ │ │ - of a static-stub zone. │ │ │ │ │ - Sets the length of time (in │ │ │ │ │ -_s_e_r_v_f_a_i_l_-_t_t_l seconds) that a SERVFAIL server │ │ │ │ │ - response is cached. │ │ │ │ │ - Specifies the algorithm to │ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_a_l_g use for the TSIG session security │ │ │ │ │ - key. │ │ │ │ │ - Specifies the pathname of │ │ │ │ │ - the file where a TSIG │ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_f_i_l_e session key is written, when security │ │ │ │ │ - generated by _n_a_m_e_d for use │ │ │ │ │ - by nsupdate -l. │ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_n_a_m_e Specifies the key name for security │ │ │ │ │ - the TSIG session key. │ │ │ │ │ - Enables or disables session │ │ │ │ │ -_s_e_s_s_i_o_n_-_t_i_c_k_e_t_s resumption through TLS security │ │ │ │ │ - session tickets. │ │ │ │ │ -_s_e_v_e_r_i_t_y Defines the priority level logging │ │ │ │ │ - of log messages. │ │ │ │ │ - Specifies the maximum number │ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_n_o_d_e_s of nodes to be examined in dnssec │ │ │ │ │ - each quantum, when signing a │ │ │ │ │ - zone with a new DNSKEY. │ │ │ │ │ - Specifies the threshold for │ │ │ │ │ - the number of signatures │ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_s_i_g_n_a_t_u_r_e_s that terminates processing a dnssec │ │ │ │ │ - quantum, when signing a zone │ │ │ │ │ - with a new DNSKEY. │ │ │ │ │ - Specifies a private RDATA │ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_t_y_p_e type to use when generating dnssec │ │ │ │ │ - signing-state records. │ │ │ │ │ -_s_i_g_-_v_a_l_i_d_i_t_y_-_i_n_t_e_r_v_a_l obsolete │ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_r_e_f_r_e_s_h Specifies how frequently an dnssec │ │ │ │ │ - RRSIG record is refreshed. │ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y Indicates the validity dnssec │ │ │ │ │ - period of an RRSIG record. │ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y_-_d_n_s_k_e_y Indicates the validity dnssec │ │ │ │ │ - period of DNSKEY records. │ │ │ │ │ - Sets the number of "slipped" │ │ │ │ │ -_s_l_i_p responses to minimize the query │ │ │ │ │ - use of forged source │ │ │ │ │ - addresses for an attack. │ │ │ │ │ - Controls the ordering of RRs │ │ │ │ │ -_s_o_r_t_l_i_s_t returned to the client, query │ │ │ │ │ - based on the client's IP │ │ │ │ │ - address. │ │ │ │ │ - Defines the amount of time │ │ │ │ │ - (in milliseconds) that _n_a_m_e_d │ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_-_t_i_m_e_o_u_t waits before attempting to query, server │ │ │ │ │ - answer a query with a stale │ │ │ │ │ - RRset from cache. │ │ │ │ │ - Enables the returning of │ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when query, server │ │ │ │ │ - the name servers for a zone │ │ │ │ │ - are not answering. │ │ │ │ │ - Specifies the time to live │ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query │ │ │ │ │ - stale answers, in seconds. │ │ │ │ │ -_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of query, server │ │ │ │ │ - "stale" cached answers. │ │ │ │ │ - Sets the time window for the │ │ │ │ │ - return of "stale" cached │ │ │ │ │ -_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e answers before the next query, server │ │ │ │ │ - attempt to contact, if the │ │ │ │ │ - name servers for a given │ │ │ │ │ - zone are not responding. │ │ │ │ │ - Specifies the rate at which │ │ │ │ │ - NOTIFY requests are sent │ │ │ │ │ -_s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is transfer, zone │ │ │ │ │ - first starting, or when new │ │ │ │ │ - zones have been added. │ │ │ │ │ - Specifies the communication │ │ │ │ │ - channels to be used by │ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging │ │ │ │ │ - access statistics │ │ │ │ │ - information on the name │ │ │ │ │ - server. │ │ │ │ │ - Specifies the pathname of │ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server logging, server │ │ │ │ │ - appends statistics, when │ │ │ │ │ - using _r_n_d_c_ _s_t_a_t_s. │ │ │ │ │ - Directs the logging channel │ │ │ │ │ -_s_t_d_e_r_r output to the server's logging │ │ │ │ │ - standard error stream. │ │ │ │ │ - Specifies the maximum number │ │ │ │ │ -_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n of concurrent HTTP/2 streams query, server │ │ │ │ │ - over an HTTP/2 connection. │ │ │ │ │ - Defines trailing bits for │ │ │ │ │ -_s_u_f_f_i_x mapped IPv4 address bits in query │ │ │ │ │ - _d_n_s_6_4. │ │ │ │ │ - Enables support for _RR_FF_CC │ │ │ │ │ -_s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec │ │ │ │ │ - DNSSEC-Validated Cache. │ │ │ │ │ -_s_y_s_l_o_g Directs the logging channel logging │ │ │ │ │ - to the system log. │ │ │ │ │ - Sets the timeout value (in │ │ │ │ │ - milliseconds) that the │ │ │ │ │ -_t_c_p_-_a_d_v_e_r_t_i_s_e_d_-_t_i_m_e_o_u_t server sends in responses query │ │ │ │ │ - containing the EDNS TCP │ │ │ │ │ - keepalive option. │ │ │ │ │ - Specifies the maximum number │ │ │ │ │ -_t_c_p_-_c_l_i_e_n_t_s of simultaneous client TCP server │ │ │ │ │ - connections accepted by the │ │ │ │ │ - server. │ │ │ │ │ - Sets the amount of time (in │ │ │ │ │ - milliseconds) that the │ │ │ │ │ - server waits on an idle TCP │ │ │ │ │ -_t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query │ │ │ │ │ - it, if the EDNS TCP │ │ │ │ │ - keepalive option is not in │ │ │ │ │ - use. │ │ │ │ │ - Sets the amount of time (in │ │ │ │ │ - milliseconds) that the │ │ │ │ │ -_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP query, server │ │ │ │ │ - connection for the first │ │ │ │ │ - message from the client. │ │ │ │ │ -_t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server │ │ │ │ │ - messages sent over TCP. │ │ │ │ │ - Sets the amount of time (in │ │ │ │ │ - milliseconds) that the │ │ │ │ │ -_t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query │ │ │ │ │ - connection before closing │ │ │ │ │ - it, if the EDNS TCP │ │ │ │ │ - keepalive option is in use. │ │ │ │ │ -_t_c_p_-_l_i_s_t_e_n_-_q_u_e_u_e Sets the listen-queue depth. server │ │ │ │ │ -_t_c_p_-_o_n_l_y Sets the transport protocol server │ │ │ │ │ - to TCP. │ │ │ │ │ - Sets the operating system's │ │ │ │ │ -_t_c_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for TCP server │ │ │ │ │ - sockets. │ │ │ │ │ - Sets the operating system's │ │ │ │ │ -_t_c_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for TCP server │ │ │ │ │ - sockets. │ │ │ │ │ - Sets the domain appended to │ │ │ │ │ -_t_k_e_y_-_d_o_m_a_i_n the names of all shared keys security │ │ │ │ │ - generated with TKEY. │ │ │ │ │ - Sets the security credential │ │ │ │ │ -_t_k_e_y_-_g_s_s_a_p_i_-_c_r_e_d_e_n_t_i_a_l for authentication keys security │ │ │ │ │ - requested by the GSS-TSIG │ │ │ │ │ - protocol. │ │ │ │ │ -_t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b Sets the KRB5 keytab file to security │ │ │ │ │ - use for GSS-TSIG updates. │ │ │ │ │ -_t_l_s Configures a TLS connection. security │ │ │ │ │ - Specifies the TCP port │ │ │ │ │ -_t_l_s_-_p_o_r_t number the server uses to query, server │ │ │ │ │ - receive and send DNS-over- │ │ │ │ │ - TLS protocol traffic. │ │ │ │ │ - Controls whether multiple │ │ │ │ │ -_t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into a transfer │ │ │ │ │ - message during zone │ │ │ │ │ - transfers. │ │ │ │ │ - Limits the uncompressed size │ │ │ │ │ -_t_r_a_n_s_f_e_r_-_m_e_s_s_a_g_e_-_s_i_z_e of DNS messages used in zone transfer │ │ │ │ │ - transfers over TCP. │ │ │ │ │ - Defines which local IPv4 │ │ │ │ │ - address(es) are bound to TCP │ │ │ │ │ -_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e connections used to fetch transfer │ │ │ │ │ - zones transferred inbound by │ │ │ │ │ - the server. │ │ │ │ │ - Defines which local IPv6 │ │ │ │ │ - address(es) are bound to TCP │ │ │ │ │ -_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e_-_v_6 connections used to fetch transfer │ │ │ │ │ - zones transferred inbound by │ │ │ │ │ - the server. │ │ │ │ │ - Limits the number of │ │ │ │ │ -_t_r_a_n_s_f_e_r_s concurrent inbound zone server │ │ │ │ │ - transfers from a server. │ │ │ │ │ - Limits the number of │ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_i_n concurrent inbound zone transfer │ │ │ │ │ - transfers. │ │ │ │ │ - Limits the number of │ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_o_u_t concurrent outbound zone transfer │ │ │ │ │ - transfers. │ │ │ │ │ - Limits the number of │ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_p_e_r_-_n_s concurrent inbound zone transfer │ │ │ │ │ - transfers from a remote │ │ │ │ │ - server. │ │ │ │ │ - Instructs _n_a_m_e_d to send │ │ │ │ │ - specially formed queries │ │ │ │ │ -_t_r_u_s_t_-_a_n_c_h_o_r_-_t_e_l_e_m_e_t_r_y once per day to domains for dnssec │ │ │ │ │ - which trust anchors have │ │ │ │ │ - been configured. │ │ │ │ │ -_t_r_u_s_t_-_a_n_c_h_o_r_s Defines _D_N_S_S_E_C trust dnssec │ │ │ │ │ - anchors. │ │ │ │ │ -_t_r_u_s_t_e_d_-_k_e_y_s deprecated │ │ │ │ │ - Specifies that BIND 9 should │ │ │ │ │ -_t_r_y_-_t_c_p_-_r_e_f_r_e_s_h attempt to refresh a zone transfer │ │ │ │ │ - using TCP if UDP queries │ │ │ │ │ - fail. │ │ │ │ │ -_t_y_p_e Specifies the kind of zone zone │ │ │ │ │ - in a given configuration. │ │ │ │ │ - Contains forwarding │ │ │ │ │ -_t_y_p_e_ _f_o_r_w_a_r_d statements that apply to zone │ │ │ │ │ - queries within a given │ │ │ │ │ - domain. │ │ │ │ │ - Contains the initial set of │ │ │ │ │ -_t_y_p_e_ _h_i_n_t root name servers to be used zone │ │ │ │ │ - at BIND 9 startup. │ │ │ │ │ - Contains a DNSSEC-validated │ │ │ │ │ -_t_y_p_e_ _m_i_r_r_o_r duplicate of the main data zone │ │ │ │ │ - for a zone. │ │ │ │ │ -_t_y_p_e_ _p_r_i_m_a_r_y Contains the main copy of zone │ │ │ │ │ - the data for a zone. │ │ │ │ │ - Contains information to │ │ │ │ │ -_t_y_p_e_ _r_e_d_i_r_e_c_t answer queries when normal zone │ │ │ │ │ - resolution would return │ │ │ │ │ - NXDOMAIN. │ │ │ │ │ - Contains a duplicate of the │ │ │ │ │ -_t_y_p_e_ _s_e_c_o_n_d_a_r_y data for a zone that has zone │ │ │ │ │ - been transferred from a │ │ │ │ │ - primary server. │ │ │ │ │ - Contains a duplicate of the │ │ │ │ │ - NS records of a primary │ │ │ │ │ -_t_y_p_e_ _s_t_a_t_i_c_-_s_t_u_b zone, but statically zone │ │ │ │ │ - configured rather than │ │ │ │ │ - transferred from a primary │ │ │ │ │ - server. │ │ │ │ │ - Contains a duplicate of the │ │ │ │ │ -_t_y_p_e_ _s_t_u_b NS records of a primary zone │ │ │ │ │ - zone. │ │ │ │ │ - Sets the operating system's │ │ │ │ │ -_u_d_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for UDP server │ │ │ │ │ - sockets. │ │ │ │ │ - Sets the operating system's │ │ │ │ │ -_u_d_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for UDP server │ │ │ │ │ - sockets. │ │ │ │ │ -_u_n_i_x Specifies a Unix domain obsolete │ │ │ │ │ - socket as a control channel. │ │ │ │ │ -_u_p_d_a_t_e_-_c_h_e_c_k_-_k_s_k obsolete │ │ │ │ │ - Sets fine-grained rules to │ │ │ │ │ - allow or deny dynamic │ │ │ │ │ -_u_p_d_a_t_e_-_p_o_l_i_c_y updates (DDNS), based on transfer │ │ │ │ │ - requester identity, updated │ │ │ │ │ - content, etc. │ │ │ │ │ - Specifies the maximum number │ │ │ │ │ -_u_p_d_a_t_e_-_q_u_o_t_a of concurrent DNS UPDATE server │ │ │ │ │ - messages that can be │ │ │ │ │ - processed by the server. │ │ │ │ │ - Specifies a list of ports │ │ │ │ │ -_u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated │ │ │ │ │ - UDP/IPv4 messages. │ │ │ │ │ - Specifies a list of ports │ │ │ │ │ -_u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated │ │ │ │ │ - UDP/IPv6 messages. │ │ │ │ │ - Indicates the number of │ │ │ │ │ -_v_6_-_b_i_a_s milliseconds of preference query, server │ │ │ │ │ - to give to IPv6 name │ │ │ │ │ - servers. │ │ │ │ │ - Specifies a list of domain │ │ │ │ │ -_v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec │ │ │ │ │ - DNSSEC validation should not │ │ │ │ │ - be performed. │ │ │ │ │ - Specifies the version number │ │ │ │ │ -_v_e_r_s_i_o_n of the server to return in server │ │ │ │ │ - response to a version.bind │ │ │ │ │ - query. │ │ │ │ │ - Allows a name server to │ │ │ │ │ -_v_i_e_w answer a DNS query view │ │ │ │ │ - differently depending on who │ │ │ │ │ - is asking. │ │ │ │ │ - Specifies the length of time │ │ │ │ │ -_w_i_n_d_o_w during which responses are query │ │ │ │ │ - tracked. │ │ │ │ │ - Specifies whether to set the │ │ │ │ │ - time to live (TTL) of the │ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l SOA record to zero, when zone, query, server │ │ │ │ │ - returning authoritative │ │ │ │ │ - negative responses to SOA │ │ │ │ │ - queries. │ │ │ │ │ - Sets the time to live (TTL) │ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a zone, query, server │ │ │ │ │ - negative response to an SOA │ │ │ │ │ - query. │ │ │ │ │ -_z_o_n_e Specifies the zone in a BIND zone │ │ │ │ │ - 9 configuration. │ │ │ │ │ - Sets the propagation delay │ │ │ │ │ - from the time a zone is │ │ │ │ │ -_z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the dnssec, zone │ │ │ │ │ - new version of the zone is │ │ │ │ │ - served by all secondary │ │ │ │ │ - servers. │ │ │ │ │ - Controls the level of │ │ │ │ │ -_z_o_n_e_-_s_t_a_t_i_s_t_i_c_s statistics gathered for all zone, logging │ │ │ │ │ - zones. │ │ │ │ │ +SSttaatteemmeenntt DDeessccrriippttiioonn TTaaggss │ │ │ │ │ +_a_c_l Assigns a symbolic name to server │ │ │ │ │ + an address match list. │ │ │ │ │ +_a_l_g_o_r_i_t_h_m Defines the algorithm to be security │ │ │ │ │ + used in a key clause. │ │ │ │ │ +_a_l_l_-_p_e_r_-_s_e_c_o_n_d Limits UDP responses of all query │ │ │ │ │ + kinds. │ │ │ │ │ + Controls the ability to add │ │ │ │ │ +_a_l_l_o_w_-_n_e_w_-_z_o_n_e_s zones at runtime via _r_n_d_c server, zone │ │ │ │ │ + _a_d_d_z_o_n_e. │ │ │ │ │ + Defines an │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t that is │ │ │ │ │ + allowed to send NOTIFY │ │ │ │ │ +_a_l_l_o_w_-_n_o_t_i_f_y messages for the zone, in transfer │ │ │ │ │ + addition to addresses │ │ │ │ │ + defined in the _p_r_i_m_a_r_i_e_s │ │ │ │ │ + option for the zone. │ │ │ │ │ + Defines an │ │ │ │ │ +_a_l_l_o_w_-_p_r_o_x_y _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the server │ │ │ │ │ + client addresses allowed to │ │ │ │ │ + send PROXYv2 headers. │ │ │ │ │ + Defines an │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the │ │ │ │ │ + interface addresses allowed │ │ │ │ │ +_a_l_l_o_w_-_p_r_o_x_y_-_o_n to accept PROXYv2 headers. server │ │ │ │ │ + The option is mostly │ │ │ │ │ + intended for multi-homed │ │ │ │ │ + configurations. │ │ │ │ │ + Specifies which hosts (an IP │ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y address list) are allowed to query │ │ │ │ │ + send queries to this │ │ │ │ │ + resolver. │ │ │ │ │ + Specifies which hosts (an IP │ │ │ │ │ + address list) can access │ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e this server's cache and thus query │ │ │ │ │ + effectively controls │ │ │ │ │ + recursion. │ │ │ │ │ + Specifies which hosts (an IP │ │ │ │ │ + address list) can access │ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e_-_o_n this server's cache. Used on query │ │ │ │ │ + servers with multiple │ │ │ │ │ + interfaces. │ │ │ │ │ + Specifies which local │ │ │ │ │ + addresses (an IP address │ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_o_n list) are allowed to send query │ │ │ │ │ + queries to this resolver. │ │ │ │ │ + Used in multi-homed │ │ │ │ │ + configurations. │ │ │ │ │ + Defines an │ │ │ │ │ +_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of query │ │ │ │ │ + clients that are allowed to │ │ │ │ │ + perform recursive queries. │ │ │ │ │ + Specifies which local │ │ │ │ │ +_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n_-_o_n addresses can accept server, query │ │ │ │ │ + recursive queries. │ │ │ │ │ + Defines an │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ +_a_l_l_o_w_-_t_r_a_n_s_f_e_r that are allowed to transfer transfer │ │ │ │ │ + the zone information from │ │ │ │ │ + this server. │ │ │ │ │ + Defines an │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ +_a_l_l_o_w_-_u_p_d_a_t_e that are allowed to submit transfer │ │ │ │ │ + dynamic updates for primary │ │ │ │ │ + zones. │ │ │ │ │ + Defines an │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ +_a_l_l_o_w_-_u_p_d_a_t_e_-_f_o_r_w_a_r_d_i_n_g that are allowed to submit transfer │ │ │ │ │ + dynamic updates to a │ │ │ │ │ + secondary server for │ │ │ │ │ + transmission to a primary. │ │ │ │ │ + Defines one or more hosts │ │ │ │ │ +_a_l_s_o_-_n_o_t_i_f_y that are sent NOTIFY transfer │ │ │ │ │ + messages when zone changes │ │ │ │ │ + occur. │ │ │ │ │ + Controls whether COOKIE EDNS │ │ │ │ │ +_a_n_s_w_e_r_-_c_o_o_k_i_e replies are sent in response query │ │ │ │ │ + to client queries. │ │ │ │ │ + Allows multiple views to │ │ │ │ │ +_a_t_t_a_c_h_-_c_a_c_h_e share a single cache view │ │ │ │ │ + database. │ │ │ │ │ + Controls whether BIND, │ │ │ │ │ + acting as a resolver, │ │ │ │ │ +_a_u_t_h_-_n_x_d_o_m_a_i_n provides authoritative query │ │ │ │ │ + NXDOMAIN (domain does not │ │ │ │ │ + exist) answers. │ │ │ │ │ + Controls the automatic │ │ │ │ │ +_a_u_t_o_m_a_t_i_c_-_i_n_t_e_r_f_a_c_e_-_s_c_a_n rescanning of network server │ │ │ │ │ + interfaces when addresses │ │ │ │ │ + are added or removed. │ │ │ │ │ + Specifies the range(s) of │ │ │ │ │ +_a_v_o_i_d_-_v_4_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated │ │ │ │ │ + use as sources for UDP/IPv4 │ │ │ │ │ + messages. │ │ │ │ │ + Specifies the range(s) of │ │ │ │ │ +_a_v_o_i_d_-_v_6_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated │ │ │ │ │ + use as sources for UDP/IPv6 │ │ │ │ │ + messages. │ │ │ │ │ + Specifies the pathname of a │ │ │ │ │ +_b_i_n_d_k_e_y_s_-_f_i_l_e file to override the built- dnssec │ │ │ │ │ + in trusted keys provided by │ │ │ │ │ + _n_a_m_e_d. │ │ │ │ │ + Defines an │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts │ │ │ │ │ +_b_l_a_c_k_h_o_l_e to ignore. The server will query │ │ │ │ │ + neither respond to queries │ │ │ │ │ + from nor send queries to │ │ │ │ │ + these addresses. │ │ │ │ │ +_b_o_g_u_s Allows a remote server to be server │ │ │ │ │ + ignored. │ │ │ │ │ + Enables _d_n_s_6_4 synthesis even │ │ │ │ │ +_b_r_e_a_k_-_d_n_s_s_e_c if the validated result query │ │ │ │ │ + would cause a DNSSEC │ │ │ │ │ + validation failure. │ │ │ │ │ +_b_u_f_f_e_r_e_d Controls flushing of log logging │ │ │ │ │ + messages. │ │ │ │ │ + Specifies the path to a file │ │ │ │ │ + containing TLS certificates │ │ │ │ │ +_c_a_-_f_i_l_e for trusted CA authorities, server, security │ │ │ │ │ + used to verify remote peer │ │ │ │ │ + certificates. │ │ │ │ │ +_c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone │ │ │ │ │ + _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ + Specifies the type of data │ │ │ │ │ +_c_a_t_e_g_o_r_y logged to a particular logging │ │ │ │ │ + channel. │ │ │ │ │ + Specifies whether a CDNSKEY │ │ │ │ │ +_c_d_n_s_k_e_y record should be published dnssec │ │ │ │ │ + during KSK rollover. │ │ │ │ │ + Specifies the digest types │ │ │ │ │ +_c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec │ │ │ │ │ + records. │ │ │ │ │ + Specifies the path to a file │ │ │ │ │ +_c_e_r_t_-_f_i_l_e containing the TLS server, security │ │ │ │ │ + certificate for a │ │ │ │ │ + connection. │ │ │ │ │ + Defines a stream of data │ │ │ │ │ +_c_h_a_n_n_e_l that can be independently logging │ │ │ │ │ + logged. │ │ │ │ │ + Checks primary zones for │ │ │ │ │ + records that are treated as │ │ │ │ │ +_c_h_e_c_k_-_d_u_p_-_r_e_c_o_r_d_s different by DNSSEC but are dnssec, query │ │ │ │ │ + semantically equal in plain │ │ │ │ │ + DNS. │ │ │ │ │ + Performs post-load zone │ │ │ │ │ +_c_h_e_c_k_-_i_n_t_e_g_r_i_t_y integrity checks on primary zone │ │ │ │ │ + zones. │ │ │ │ │ + Checks whether an MX record │ │ │ │ │ +_c_h_e_c_k_-_m_x appears to refer to an IP zone │ │ │ │ │ + address. │ │ │ │ │ + Sets the response to MX │ │ │ │ │ +_c_h_e_c_k_-_m_x_-_c_n_a_m_e records that refer to zone │ │ │ │ │ + CNAMEs. │ │ │ │ │ + Restricts the character set │ │ │ │ │ + and syntax of certain domain │ │ │ │ │ +_c_h_e_c_k_-_n_a_m_e_s names in primary files and/ server, query │ │ │ │ │ + or DNS responses received │ │ │ │ │ + from the network. │ │ │ │ │ + Specifies whether to check │ │ │ │ │ +_c_h_e_c_k_-_s_i_b_l_i_n_g for sibling glue when zone │ │ │ │ │ + performing integrity checks. │ │ │ │ │ + Specifies whether to check │ │ │ │ │ +_c_h_e_c_k_-_s_p_f for a TXT Sender Policy zone │ │ │ │ │ + Framework record, if an SPF │ │ │ │ │ + record is present. │ │ │ │ │ + Sets the response to SRV │ │ │ │ │ +_c_h_e_c_k_-_s_r_v_-_c_n_a_m_e records that refer to zone │ │ │ │ │ + CNAMEs. │ │ │ │ │ + Specifies whether to perform │ │ │ │ │ +_c_h_e_c_k_-_s_v_c_b additional checks on SVCB zone │ │ │ │ │ + records. │ │ │ │ │ +_c_h_e_c_k_-_w_i_l_d_c_a_r_d Checks for non-terminal zone │ │ │ │ │ + wildcards. │ │ │ │ │ +_c_h_e_c_k_d_s Controls whether DS queries dnssec │ │ │ │ │ + are sent to parental agents. │ │ │ │ │ +_c_i_p_h_e_r_s Specifies a list of allowed security │ │ │ │ │ + ciphers. │ │ │ │ │ + Specifies an access control │ │ │ │ │ +_c_l_i_e_n_t_s list (ACL) of clients that query │ │ │ │ │ + are affected by a given │ │ │ │ │ + _d_n_s_6_4 directive. │ │ │ │ │ + Sets the initial minimum │ │ │ │ │ + number of simultaneous │ │ │ │ │ +_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y recursive clients accepted server │ │ │ │ │ + by the server for any given │ │ │ │ │ + query before the server │ │ │ │ │ + drops additional clients. │ │ │ │ │ + Specifies control channels │ │ │ │ │ +_c_o_n_t_r_o_l_s to be used to manage the server │ │ │ │ │ + name server. │ │ │ │ │ + Sets the algorithm to be │ │ │ │ │ +_c_o_o_k_i_e_-_a_l_g_o_r_i_t_h_m used when generating a server │ │ │ │ │ + server cookie. │ │ │ │ │ + Specifies a shared secret │ │ │ │ │ + used for generating and │ │ │ │ │ +_c_o_o_k_i_e_-_s_e_c_r_e_t verifying EDNS COOKIE server │ │ │ │ │ + options within an anycast │ │ │ │ │ + cluster. │ │ │ │ │ + Specifies the type of │ │ │ │ │ +_d_a_t_a_b_a_s_e database to be used to store zone │ │ │ │ │ + zone data. │ │ │ │ │ + Rejects A or AAAA records if │ │ │ │ │ +_d_e_n_y_-_a_n_s_w_e_r_-_a_d_d_r_e_s_s_e_s the corresponding IPv4 or query │ │ │ │ │ + IPv6 addresses match a given │ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t. │ │ │ │ │ + Rejects CNAME or DNAME │ │ │ │ │ +_d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query │ │ │ │ │ + matches a given list of │ │ │ │ │ + _d_o_m_a_i_n___n_a_m_e elements. │ │ │ │ │ + Specifies the path to a file │ │ │ │ │ +_d_h_p_a_r_a_m_-_f_i_l_e containing Diffie-Hellman server, security │ │ │ │ │ + parameters, for enabling │ │ │ │ │ + cipher suites. │ │ │ │ │ + Concentrates zone │ │ │ │ │ + maintenance so that all │ │ │ │ │ +_d_i_a_l_u_p transfers take place once deprecated │ │ │ │ │ + every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l, │ │ │ │ │ + ideally during a single │ │ │ │ │ + call. │ │ │ │ │ +_d_i_r_e_c_t_o_r_y Sets the server's working server │ │ │ │ │ + directory. │ │ │ │ │ +_d_i_s_a_b_l_e_-_a_l_g_o_r_i_t_h_m_s Disables DNSSEC algorithms dnssec │ │ │ │ │ + from a specified zone. │ │ │ │ │ +_d_i_s_a_b_l_e_-_d_s_-_d_i_g_e_s_t_s Disables DS digest types dnssec, zone │ │ │ │ │ + from a specified zone. │ │ │ │ │ +_d_i_s_a_b_l_e_-_e_m_p_t_y_-_z_o_n_e Disables individual empty server, zone │ │ │ │ │ + zones. │ │ │ │ │ + Configures a Dynamically │ │ │ │ │ +_d_l_z Loadable Zone (DLZ) database zone │ │ │ │ │ + in _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ + Instructs _n_a_m_e_d to return │ │ │ │ │ +_d_n_s_6_4 mapped IPv4 addresses to query │ │ │ │ │ + AAAA queries when there are │ │ │ │ │ + no AAAA records. │ │ │ │ │ +_d_n_s_6_4_-_c_o_n_t_a_c_t Specifies the name of the server │ │ │ │ │ + contact for _d_n_s_6_4 zones. │ │ │ │ │ +_d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server │ │ │ │ │ + server for _d_n_s_6_4 zones. │ │ │ │ │ +_d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete │ │ │ │ │ + Specifies the time to live │ │ │ │ │ +_d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec │ │ │ │ │ + records. │ │ │ │ │ + Turns on the DNS Response │ │ │ │ │ +_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) server, security │ │ │ │ │ + interface. │ │ │ │ │ + Turns on the DNS Response │ │ │ │ │ +_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) server, security │ │ │ │ │ + interface. │ │ │ │ │ + Provides additional RPZ │ │ │ │ │ + configuration settings, │ │ │ │ │ +_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS server, security │ │ │ │ │ + Response Policy Service │ │ │ │ │ + (DNSRPS) provider library. │ │ │ │ │ + Instructs BIND 9 to accept │ │ │ │ │ +_d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec │ │ │ │ │ + when validating. │ │ │ │ │ +_d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete │ │ │ │ │ + Sets the frequency of │ │ │ │ │ +_d_n_s_s_e_c_-_l_o_a_d_k_e_y_s_-_i_n_t_e_r_v_a_l automatic checks of the dnssec │ │ │ │ │ + DNSSEC key repository. │ │ │ │ │ + Defines hierarchies that │ │ │ │ │ +_d_n_s_s_e_c_-_m_u_s_t_-_b_e_-_s_e_c_u_r_e must or may not be secure deprecated │ │ │ │ │ + (signed and validated). │ │ │ │ │ +_d_n_s_s_e_c_-_p_o_l_i_c_y Defines a key and signing dnssec │ │ │ │ │ + policy (KASP) for zones. │ │ │ │ │ +_d_n_s_s_e_c_-_s_e_c_u_r_e_-_t_o_-_i_n_s_e_c_u_r_e obsolete │ │ │ │ │ +_d_n_s_s_e_c_-_u_p_d_a_t_e_-_m_o_d_e obsolete │ │ │ │ │ +_d_n_s_s_e_c_-_v_a_l_i_d_a_t_i_o_n Enables DNSSEC validation in dnssec │ │ │ │ │ + _n_a_m_e_d. │ │ │ │ │ +_d_n_s_t_a_p Enables logging of _d_n_s_t_a_p logging │ │ │ │ │ + messages. │ │ │ │ │ +_d_n_s_t_a_p_-_i_d_e_n_t_i_t_y Specifies an identity string logging │ │ │ │ │ + to send in _d_n_s_t_a_p messages. │ │ │ │ │ + Configures the path to which │ │ │ │ │ +_d_n_s_t_a_p_-_o_u_t_p_u_t the _d_n_s_t_a_p frame stream is logging │ │ │ │ │ + sent. │ │ │ │ │ +_d_n_s_t_a_p_-_v_e_r_s_i_o_n Specifies a _v_e_r_s_i_o_n string logging │ │ │ │ │ + to send in _d_n_s_t_a_p messages. │ │ │ │ │ + Specifies host names or │ │ │ │ │ +_d_u_a_l_-_s_t_a_c_k_-_s_e_r_v_e_r_s addresses of machines with server │ │ │ │ │ + access to both IPv4 and IPv6 │ │ │ │ │ + transports. │ │ │ │ │ + Indicates the pathname of │ │ │ │ │ +_d_u_m_p_-_f_i_l_e the file where the server logging │ │ │ │ │ + dumps the database after │ │ │ │ │ + _r_n_d_c_ _d_u_m_p_d_b. │ │ │ │ │ +_d_y_n_d_b Configures a DynDB database zone │ │ │ │ │ + in _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ +_e_d_n_s Controls the use of the server │ │ │ │ │ + EDNS0 (_RR_FF_CC_ _22_66_77_11) feature. │ │ │ │ │ + Sets the maximum advertised │ │ │ │ │ + EDNS UDP buffer size to │ │ │ │ │ +_e_d_n_s_-_u_d_p_-_s_i_z_e control the size of packets query │ │ │ │ │ + received from authoritative │ │ │ │ │ + servers in response to │ │ │ │ │ + recursive queries. │ │ │ │ │ + Sets the maximum EDNS │ │ │ │ │ +_e_d_n_s_-_v_e_r_s_i_o_n VERSION that is sent to the server │ │ │ │ │ + server(s) by the resolver. │ │ │ │ │ + Specifies the contact name │ │ │ │ │ +_e_m_p_t_y_-_c_o_n_t_a_c_t in the returned SOA record server, zone │ │ │ │ │ + for empty zones. │ │ │ │ │ + Specifies the server name in │ │ │ │ │ +_e_m_p_t_y_-_s_e_r_v_e_r the returned SOA record for server, zone │ │ │ │ │ + empty zones. │ │ │ │ │ +_e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all server, zone │ │ │ │ │ + empty zones. │ │ │ │ │ + Specifies a list of HTTP │ │ │ │ │ +_e_n_d_p_o_i_n_t_s query paths on which to server, query │ │ │ │ │ + listen. │ │ │ │ │ + Limits the number of errors │ │ │ │ │ +_e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server │ │ │ │ │ + record type. │ │ │ │ │ + Allows a list of IPv6 │ │ │ │ │ + addresses to be ignored if │ │ │ │ │ +_e_x_c_l_u_d_e they appear in a domain query │ │ │ │ │ + name's AAAA records in │ │ │ │ │ + _d_n_s_6_4. │ │ │ │ │ + Exempts specific clients or │ │ │ │ │ +_e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query │ │ │ │ │ + limiting. │ │ │ │ │ + Sets the parameters for │ │ │ │ │ + dynamic resizing of the │ │ │ │ │ +_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in server, query │ │ │ │ │ + response to detected │ │ │ │ │ + congestion. │ │ │ │ │ + Sets the maximum number of │ │ │ │ │ + simultaneous iterative │ │ │ │ │ + queries allowed to be sent │ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream server, query │ │ │ │ │ + name server before the │ │ │ │ │ + server blocks additional │ │ │ │ │ + queries. │ │ │ │ │ + Sets the maximum number of │ │ │ │ │ + simultaneous iterative │ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one server, query │ │ │ │ │ + domain before the server │ │ │ │ │ + blocks new queries for data │ │ │ │ │ + in or beneath that zone. │ │ │ │ │ +_f_i_l_e Specifies the zone's zone │ │ │ │ │ + filename. │ │ │ │ │ + Controls whether pending │ │ │ │ │ +_f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed when zone │ │ │ │ │ + the name server exits. │ │ │ │ │ + Allows or disallows fallback │ │ │ │ │ + to recursion if forwarding │ │ │ │ │ +_f_o_r_w_a_r_d has failed; it is always query │ │ │ │ │ + used in conjunction with the │ │ │ │ │ + _f_o_r_w_a_r_d_e_r_s statement. │ │ │ │ │ +_f_o_r_w_a_r_d_e_r_s Defines one or more hosts to query │ │ │ │ │ + which queries are forwarded. │ │ │ │ │ + Sets the number of │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_b_u_f_f_e_r_-_h_i_n_t accumulated bytes in the logging │ │ │ │ │ + output buffer before forcing │ │ │ │ │ + a buffer flush. │ │ │ │ │ + Sets the number of seconds │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_f_l_u_s_h_-_t_i_m_e_o_u_t that unflushed data remains logging │ │ │ │ │ + in the output buffer. │ │ │ │ │ + Sets the number of queue │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_i_n_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries to allocate for each logging │ │ │ │ │ + input queue. │ │ │ │ │ + Sets the number of │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_n_o_t_i_f_y_- outstanding queue entries │ │ │ │ │ +_t_h_r_e_s_h_o_l_d allowed on an input queue logging │ │ │ │ │ + before waking the I/ │ │ │ │ │ + O thread. │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_m_o_d_e_l Sets the queuing semantics logging │ │ │ │ │ + to use for queue objects. │ │ │ │ │ + Sets the number of queue │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries allocated for each logging │ │ │ │ │ + output queue. │ │ │ │ │ + Sets the number of seconds │ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_r_e_o_p_e_n_-_i_n_t_e_r_v_a_l to wait between attempts to logging │ │ │ │ │ + reopen a closed output │ │ │ │ │ + stream. │ │ │ │ │ + Specifies the directory │ │ │ │ │ +_g_e_o_i_p_-_d_i_r_e_c_t_o_r_y containing GeoIP database server │ │ │ │ │ + files. │ │ │ │ │ + Sets the interval at which │ │ │ │ │ +_h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l the server performs zone deprecated │ │ │ │ │ + maintenance tasks for all │ │ │ │ │ + zones marked as _d_i_a_l_u_p. │ │ │ │ │ + Specifies the hostname of │ │ │ │ │ +_h_o_s_t_n_a_m_e the server to return in server │ │ │ │ │ + response to a hostname.bind │ │ │ │ │ + query. │ │ │ │ │ + Configures HTTP endpoints on │ │ │ │ │ +_h_t_t_p which to listen for DNS- server, query │ │ │ │ │ + over-HTTPS (DoH) queries. │ │ │ │ │ + Limits the number of active │ │ │ │ │ +_h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server │ │ │ │ │ + per-listener basis. │ │ │ │ │ + Specifies the TCP port │ │ │ │ │ +_h_t_t_p_-_p_o_r_t number the server uses to server, query │ │ │ │ │ + receive and send unencrypted │ │ │ │ │ + DNS traffic via HTTP. │ │ │ │ │ + Limits the number of active │ │ │ │ │ +_h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams on server │ │ │ │ │ + a per-connection basis. │ │ │ │ │ + Specifies the TCP port │ │ │ │ │ +_h_t_t_p_s_-_p_o_r_t number the server uses to server, query │ │ │ │ │ + receive and send DNS-over- │ │ │ │ │ + HTTPS protocol traffic. │ │ │ │ │ +_i_n_-_v_i_e_w Specifies the view in which view, zone │ │ │ │ │ + a given zone is defined. │ │ │ │ │ +_i_n_e_t Specifies a TCP socket as a server │ │ │ │ │ + control channel. │ │ │ │ │ + Specifies whether BIND 9 │ │ │ │ │ +_i_n_l_i_n_e_-_s_i_g_n_i_n_g maintains a separate signed dnssec, zone │ │ │ │ │ + version of a zone. │ │ │ │ │ + Sets the interval at which │ │ │ │ │ +_i_n_t_e_r_f_a_c_e_-_i_n_t_e_r_v_a_l the server scans the network server │ │ │ │ │ + interface list. │ │ │ │ │ +_i_p_v_4_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server │ │ │ │ │ + of IPv4 address blocks. │ │ │ │ │ + Specifies the contact for │ │ │ │ │ +_i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server │ │ │ │ │ + created by _d_n_s_6_4. │ │ │ │ │ + Enables automatic IPv4 zones │ │ │ │ │ +_i_p_v_4_o_n_l_y_-_e_n_a_b_l_e if a _d_n_s_6_4 block is query │ │ │ │ │ + configured. │ │ │ │ │ + Specifies the name of the │ │ │ │ │ +_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the IPV4ONLY.ARPA server, query │ │ │ │ │ + zone created by _d_n_s_6_4. │ │ │ │ │ +_i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server │ │ │ │ │ + of IPv6 address blocks. │ │ │ │ │ +_i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer │ │ │ │ │ + are calculated. │ │ │ │ │ +_j_o_u_r_n_a_l Allows the default journal's zone │ │ │ │ │ + filename to be overridden. │ │ │ │ │ + Defines a shared secret key │ │ │ │ │ +_k_e_y for use with _T_S_I_G or the security │ │ │ │ │ + command channel. │ │ │ │ │ + Indicates the directory │ │ │ │ │ +_k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec │ │ │ │ │ + DNSSEC key files are found. │ │ │ │ │ + Specifies the path to a file │ │ │ │ │ +_k_e_y_-_f_i_l_e containing the private TLS server, security │ │ │ │ │ + key for a connection. │ │ │ │ │ + Specifies one or more │ │ │ │ │ +_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used with server, security │ │ │ │ │ + a remote server. │ │ │ │ │ +_l_a_m_e_-_t_t_l Sets the resolver's lame server │ │ │ │ │ + cache. │ │ │ │ │ + Specifies the IPv4 addresses │ │ │ │ │ +_l_i_s_t_e_n_-_o_n on which a server listens server │ │ │ │ │ + for DNS queries. │ │ │ │ │ + Specifies the IPv6 addresses │ │ │ │ │ +_l_i_s_t_e_n_-_o_n_-_v_6 on which a server listens server │ │ │ │ │ + for DNS queries. │ │ │ │ │ + Specifies a per-listener │ │ │ │ │ +_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active server, query │ │ │ │ │ + connections. │ │ │ │ │ + Sets a maximum size for the │ │ │ │ │ +_l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server │ │ │ │ │ + database in LMDB database │ │ │ │ │ + format. │ │ │ │ │ + Tests rate-limiting │ │ │ │ │ +_l_o_g_-_o_n_l_y parameters without actually logging, query │ │ │ │ │ + dropping any requests. │ │ │ │ │ +_l_o_g_g_i_n_g Configures logging options logging │ │ │ │ │ + for the name server. │ │ │ │ │ +_m_a_n_a_g_e_d_-_k_e_y_s deprecated │ │ │ │ │ + Specifies the directory in │ │ │ │ │ +_m_a_n_a_g_e_d_-_k_e_y_s_-_d_i_r_e_c_t_o_r_y which to store the files dnssec │ │ │ │ │ + that track managed DNSSEC │ │ │ │ │ + keys. │ │ │ │ │ + Specifies an access control │ │ │ │ │ + list (ACL) of IPv4 addresses │ │ │ │ │ +_m_a_p_p_e_d that are to be mapped to the query │ │ │ │ │ + corresponding A RRset in │ │ │ │ │ + _d_n_s_6_4. │ │ │ │ │ +_m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t Specifies the file format of server, zone │ │ │ │ │ + zone files. │ │ │ │ │ + Specifies the format of zone │ │ │ │ │ +_m_a_s_t_e_r_f_i_l_e_-_s_t_y_l_e files during a dump, when server │ │ │ │ │ + the _m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t is │ │ │ │ │ + text. │ │ │ │ │ + Specifies a view of DNS │ │ │ │ │ +_m_a_t_c_h_-_c_l_i_e_n_t_s namespace for a given subset view │ │ │ │ │ + of client IP addresses. │ │ │ │ │ + Specifies a view of DNS │ │ │ │ │ +_m_a_t_c_h_-_d_e_s_t_i_n_a_t_i_o_n_s namespace for a given subset view │ │ │ │ │ + of destination IP addresses. │ │ │ │ │ + Allows IPv4-mapped IPv6 │ │ │ │ │ + addresses to match address- │ │ │ │ │ +_m_a_t_c_h_-_m_a_p_p_e_d_-_a_d_d_r_e_s_s_e_s match list entries for server │ │ │ │ │ + corresponding IPv4 │ │ │ │ │ + addresses. │ │ │ │ │ + Specifies that only │ │ │ │ │ +_m_a_t_c_h_-_r_e_c_u_r_s_i_v_e_-_o_n_l_y recursive requests can match view │ │ │ │ │ + this view of the DNS │ │ │ │ │ + namespace. │ │ │ │ │ + Sets the maximum amount of │ │ │ │ │ +_m_a_x_-_c_a_c_h_e_-_s_i_z_e memory to use for an server │ │ │ │ │ + individual cache database │ │ │ │ │ + and its associated metadata. │ │ │ │ │ + Specifies the maximum time │ │ │ │ │ +_m_a_x_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server │ │ │ │ │ + caches ordinary (positive) │ │ │ │ │ + answers. │ │ │ │ │ + Sets the maximum number of │ │ │ │ │ + simultaneous recursive │ │ │ │ │ +_m_a_x_-_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y clients accepted by the server │ │ │ │ │ + server for any given query │ │ │ │ │ + before the server drops │ │ │ │ │ + additional clients. │ │ │ │ │ + Sets the maximum size for │ │ │ │ │ +_m_a_x_-_i_x_f_r_-_r_a_t_i_o IXFR responses to zone transfer │ │ │ │ │ + transfer requests. │ │ │ │ │ +_m_a_x_-_j_o_u_r_n_a_l_-_s_i_z_e Controls the size of journal transfer │ │ │ │ │ + files. │ │ │ │ │ + Specifies the maximum │ │ │ │ │ + retention time (in seconds) │ │ │ │ │ +_m_a_x_-_n_c_a_c_h_e_-_t_t_l for storage of negative server │ │ │ │ │ + answers in the server's │ │ │ │ │ + cache. │ │ │ │ │ +_m_a_x_-_r_e_c_o_r_d_s Sets the maximum number of server, zone │ │ │ │ │ + records permitted in a zone. │ │ │ │ │ + Sets the maximum number of │ │ │ │ │ + levels of recursion │ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server │ │ │ │ │ + while servicing a recursive │ │ │ │ │ + query. │ │ │ │ │ + Sets the maximum number of │ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while server, query │ │ │ │ │ + servicing a recursive query. │ │ │ │ │ + Limits the zone refresh │ │ │ │ │ +_m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer │ │ │ │ │ + than the specified value, in │ │ │ │ │ + seconds. │ │ │ │ │ + Limits the zone refresh │ │ │ │ │ +_m_a_x_-_r_e_t_r_y_-_t_i_m_e retry interval to no less transfer │ │ │ │ │ + often than the specified │ │ │ │ │ + value, in seconds. │ │ │ │ │ + Sets the maximum RSA │ │ │ │ │ +_m_a_x_-_r_s_a_-_e_x_p_o_n_e_n_t_-_s_i_z_e exponent size (in bits) when dnssec, query │ │ │ │ │ + validating. │ │ │ │ │ + Specifies the maximum time │ │ │ │ │ + that the server retains │ │ │ │ │ +_m_a_x_-_s_t_a_l_e_-_t_t_l records past their normal server │ │ │ │ │ + expiry, to return them as │ │ │ │ │ + stale records. │ │ │ │ │ + Sets the maximum size of the │ │ │ │ │ +_m_a_x_-_t_a_b_l_e_-_s_i_z_e table used to track requests server │ │ │ │ │ + and rate-limit responses. │ │ │ │ │ + Specifies the number of │ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_i_n minutes after which inbound transfer │ │ │ │ │ + zone transfers making no │ │ │ │ │ + progress are terminated. │ │ │ │ │ + Specifies the number of │ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_o_u_t minutes after which outbound transfer │ │ │ │ │ + zone transfers making no │ │ │ │ │ + progress are terminated. │ │ │ │ │ + Specifies the number of │ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_i_n minutes after which inbound transfer │ │ │ │ │ + zone transfers are │ │ │ │ │ + terminated. │ │ │ │ │ + Specifies the number of │ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_o_u_t minutes after which outbound transfer │ │ │ │ │ + zone transfers are │ │ │ │ │ + terminated. │ │ │ │ │ +_m_a_x_-_u_d_p_-_s_i_z_e Sets the maximum EDNS UDP query │ │ │ │ │ + message size sent by _n_a_m_e_d. │ │ │ │ │ + Set the maximum number of │ │ │ │ │ +_m_a_x_-_v_a_l_i_d_a_t_i_o_n_-_f_a_i_l_u_r_e_s_-_p_e_r_- DNSSEC validation failures server │ │ │ │ │ +_f_e_t_c_h that can happen in single │ │ │ │ │ + fetch │ │ │ │ │ + Set the maximum number of │ │ │ │ │ +_m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server │ │ │ │ │ + happen in single fetch │ │ │ │ │ + Specifies a maximum │ │ │ │ │ +_m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated │ │ │ │ │ + (TTL) value, in seconds. │ │ │ │ │ + Controls whether memory │ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to server, logging │ │ │ │ │ + the file specified by │ │ │ │ │ + _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit. │ │ │ │ │ + Sets the pathname of the │ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server writes logging │ │ │ │ │ + memory usage statistics on │ │ │ │ │ + exit. │ │ │ │ │ + Controls whether DNS name │ │ │ │ │ +_m_e_s_s_a_g_e_-_c_o_m_p_r_e_s_s_i_o_n compression is used in query │ │ │ │ │ + responses to regular │ │ │ │ │ + queries. │ │ │ │ │ + Specifies the minimum time │ │ │ │ │ +_m_i_n_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server │ │ │ │ │ + caches ordinary (positive) │ │ │ │ │ + answers. │ │ │ │ │ + Specifies the minimum │ │ │ │ │ + retention time (in seconds) │ │ │ │ │ +_m_i_n_-_n_c_a_c_h_e_-_t_t_l for storage of negative server │ │ │ │ │ + answers in the server's │ │ │ │ │ + cache. │ │ │ │ │ + Limits the zone refresh │ │ │ │ │ +_m_i_n_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no more often transfer │ │ │ │ │ + than the specified value, in │ │ │ │ │ + seconds. │ │ │ │ │ + Limits the zone refresh │ │ │ │ │ +_m_i_n_-_r_e_t_r_y_-_t_i_m_e retry interval to no more transfer │ │ │ │ │ + often than the specified │ │ │ │ │ + value, in seconds. │ │ │ │ │ + Sets the minimum size of the │ │ │ │ │ +_m_i_n_-_t_a_b_l_e_-_s_i_z_e table used to track requests query │ │ │ │ │ + and rate-limit responses. │ │ │ │ │ + Controls whether the server │ │ │ │ │ + replies with only one of the │ │ │ │ │ +_m_i_n_i_m_a_l_-_a_n_y RRsets for a query name, query │ │ │ │ │ + when generating a positive │ │ │ │ │ + response to a query of type │ │ │ │ │ + ANY over UDP. │ │ │ │ │ + Controls whether the server │ │ │ │ │ + only adds records to the │ │ │ │ │ + authority and additional │ │ │ │ │ +_m_i_n_i_m_a_l_-_r_e_s_p_o_n_s_e_s data sections when they are query │ │ │ │ │ + required (e.g. delegations, │ │ │ │ │ + negative responses). This │ │ │ │ │ + improves server performance. │ │ │ │ │ + Controls whether serial │ │ │ │ │ +_m_u_l_t_i_-_m_a_s_t_e_r number mismatch errors are transfer │ │ │ │ │ + logged. │ │ │ │ │ + Specifies the directory │ │ │ │ │ +_n_e_w_-_z_o_n_e_s_-_d_i_r_e_c_t_o_r_y where configuration zone │ │ │ │ │ + parameters are stored for │ │ │ │ │ + zones added by _r_n_d_c_ _a_d_d_z_o_n_e. │ │ │ │ │ + Specifies a list of │ │ │ │ │ +_n_o_-_c_a_s_e_-_c_o_m_p_r_e_s_s addresses that require case- server │ │ │ │ │ + insensitive compression in │ │ │ │ │ + responses. │ │ │ │ │ + Sets the maximum size of UDP │ │ │ │ │ +_n_o_c_o_o_k_i_e_-_u_d_p_-_s_i_z_e responses that are sent to query │ │ │ │ │ + queries without a valid │ │ │ │ │ + server COOKIE. │ │ │ │ │ + Limits the number of empty │ │ │ │ │ +_n_o_d_a_t_a_-_p_e_r_-_s_e_c_o_n_d (NODATA) responses for a query │ │ │ │ │ + valid domain name. │ │ │ │ │ + Controls whether NOTIFY │ │ │ │ │ +_n_o_t_i_f_y messages are sent on zone transfer │ │ │ │ │ + changes. │ │ │ │ │ + Sets the delay (in seconds) │ │ │ │ │ +_n_o_t_i_f_y_-_d_e_l_a_y between sending sets of zone, transfer │ │ │ │ │ + NOTIFY messages for a zone. │ │ │ │ │ + Specifies the rate at which │ │ │ │ │ +_n_o_t_i_f_y_-_r_a_t_e NOTIFY requests are sent zone, transfer │ │ │ │ │ + during normal zone │ │ │ │ │ + maintenance operations. │ │ │ │ │ + Defines the IPv4 address │ │ │ │ │ +_n_o_t_i_f_y_-_s_o_u_r_c_e (and optional port) to be transfer │ │ │ │ │ + used for outgoing NOTIFY │ │ │ │ │ + messages. │ │ │ │ │ + Defines the IPv6 address │ │ │ │ │ +_n_o_t_i_f_y_-_s_o_u_r_c_e_-_v_6 (and optional port) to be transfer │ │ │ │ │ + used for outgoing NOTIFY │ │ │ │ │ + messages. │ │ │ │ │ + Controls whether the name │ │ │ │ │ +_n_o_t_i_f_y_-_t_o_-_s_o_a servers in the NS RRset are transfer │ │ │ │ │ + checked against the SOA │ │ │ │ │ + MNAME. │ │ │ │ │ + Specifies the use of NSEC3 │ │ │ │ │ +_n_s_e_c_3_p_a_r_a_m instead of NSEC, and sets dnssec │ │ │ │ │ + NSEC3 parameters. │ │ │ │ │ + Specifies the lifetime, in │ │ │ │ │ +_n_t_a_-_l_i_f_e_t_i_m_e seconds, for negative trust dnssec │ │ │ │ │ + anchors added via _r_n_d_c_ _n_t_a. │ │ │ │ │ + Specifies the time interval │ │ │ │ │ + for checking whether │ │ │ │ │ +_n_t_a_-_r_e_c_h_e_c_k negative trust anchors added dnssec │ │ │ │ │ + via _r_n_d_c_ _n_t_a are still │ │ │ │ │ + necessary. │ │ │ │ │ + Causes all messages sent to │ │ │ │ │ +_n_u_l_l the logging channel to be logging │ │ │ │ │ + discarded. │ │ │ │ │ + Appends the specified suffix │ │ │ │ │ +_n_x_d_o_m_a_i_n_-_r_e_d_i_r_e_c_t to the original query name, query │ │ │ │ │ + when replacing an NXDOMAIN │ │ │ │ │ + with a redirect namespace. │ │ │ │ │ + Limits the number of │ │ │ │ │ +_n_x_d_o_m_a_i_n_s_-_p_e_r_-_s_e_c_o_n_d undefined subdomains for a query │ │ │ │ │ + valid domain name. │ │ │ │ │ +_o_p_t_i_o_n_s Defines global options to be server │ │ │ │ │ + used by BIND 9. │ │ │ │ │ + Adds EDNS Padding options to │ │ │ │ │ +_p_a_d_d_i_n_g outgoing messages to server │ │ │ │ │ + increase the packet size. │ │ │ │ │ + Sets the time to live (TTL) │ │ │ │ │ +_p_a_r_e_n_t_-_d_s_-_t_t_l of the DS RRset used by the dnssec │ │ │ │ │ + parent zone. │ │ │ │ │ + Sets the propagation delay │ │ │ │ │ + from the time the parent │ │ │ │ │ +_p_a_r_e_n_t_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y zone is updated to when the dnssec, zone │ │ │ │ │ + new version is served by all │ │ │ │ │ + of the parent zone's name │ │ │ │ │ + servers. │ │ │ │ │ + Defines a list of delegation │ │ │ │ │ +_p_a_r_e_n_t_a_l_-_a_g_e_n_t_s agents to be used by primary zone │ │ │ │ │ + and secondary zones. │ │ │ │ │ + Specifies which local IPv4 │ │ │ │ │ +_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e source address is used to dnssec │ │ │ │ │ + send parental DS queries. │ │ │ │ │ + Specifies which local IPv6 │ │ │ │ │ +_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e_-_v_6 source address is used to dnssec │ │ │ │ │ + send parental DS queries. │ │ │ │ │ + Specifies the pathname of │ │ │ │ │ +_p_i_d_-_f_i_l_e the file where the server server │ │ │ │ │ + writes its process ID. │ │ │ │ │ +_p_l_u_g_i_n Configures plugins in server │ │ │ │ │ + _n_a_m_e_d_._c_o_n_f. │ │ │ │ │ + Specifies the UDP/TCP port │ │ │ │ │ +_p_o_r_t number the server uses to server, query │ │ │ │ │ + receive and send DNS │ │ │ │ │ + protocol traffic. │ │ │ │ │ + Specifies that server │ │ │ │ │ +_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred server, security │ │ │ │ │ + over client ones. │ │ │ │ │ + Controls the order of glue │ │ │ │ │ +_p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query │ │ │ │ │ + response. │ │ │ │ │ + Specifies the "trigger" │ │ │ │ │ +_p_r_e_f_e_t_c_h time-to-live (TTL) value at query │ │ │ │ │ + which prefetch of the │ │ │ │ │ + current query takes place. │ │ │ │ │ +_p_r_i_m_a_r_i_e_s Defines one or more primary zone │ │ │ │ │ + servers for a zone. │ │ │ │ │ +_p_r_i_n_t_-_c_a_t_e_g_o_r_y Includes the category in log logging │ │ │ │ │ + messages. │ │ │ │ │ +_p_r_i_n_t_-_s_e_v_e_r_i_t_y Includes the severity in log logging │ │ │ │ │ + messages. │ │ │ │ │ +_p_r_i_n_t_-_t_i_m_e Specifies the time format logging │ │ │ │ │ + for log messages. │ │ │ │ │ + Specifies the allowed │ │ │ │ │ +_p_r_o_t_o_c_o_l_s versions of the TLS security │ │ │ │ │ + protocol. │ │ │ │ │ + Controls whether a primary │ │ │ │ │ + responds to an incremental │ │ │ │ │ +_p_r_o_v_i_d_e_-_i_x_f_r zone request (IXFR) or only transfer │ │ │ │ │ + responds with a full zone │ │ │ │ │ + transfer (AXFR). │ │ │ │ │ + Increases the amount of time │ │ │ │ │ + between when keys are │ │ │ │ │ +_p_u_b_l_i_s_h_-_s_a_f_e_t_y published and when they dnssec │ │ │ │ │ + become active, to allow for │ │ │ │ │ + unforeseen events. │ │ │ │ │ + Specifies the amount of time │ │ │ │ │ + after which DNSSEC keys that │ │ │ │ │ +_p_u_r_g_e_-_k_e_y_s have been deleted from the dnssec │ │ │ │ │ + zone can be removed from │ │ │ │ │ + disk. │ │ │ │ │ + Controls QNAME minimization │ │ │ │ │ +_q_n_a_m_e_-_m_i_n_i_m_i_z_a_t_i_o_n behavior in the BIND 9 query │ │ │ │ │ + resolver. │ │ │ │ │ + Tightens defenses during DNS │ │ │ │ │ +_q_p_s_-_s_c_a_l_e attacks by scaling back the query │ │ │ │ │ + ratio of the current query- │ │ │ │ │ + per-second rate. │ │ │ │ │ + Controls the IPv4 address │ │ │ │ │ +_q_u_e_r_y_-_s_o_u_r_c_e from which queries are query │ │ │ │ │ + issued. │ │ │ │ │ + Controls the IPv6 address │ │ │ │ │ +_q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query │ │ │ │ │ + issued. │ │ │ │ │ + Specifies whether query │ │ │ │ │ +_q_u_e_r_y_l_o_g logging should be active server, logging │ │ │ │ │ + when _n_a_m_e_d first starts. │ │ │ │ │ + Controls excessive UDP │ │ │ │ │ + responses, to prevent BIND 9 │ │ │ │ │ +_r_a_t_e_-_l_i_m_i_t from being used to amplify query │ │ │ │ │ + reflection denial-of-service │ │ │ │ │ + (DoS) attacks. │ │ │ │ │ + Specifies the pathname of │ │ │ │ │ + the file where the server │ │ │ │ │ +_r_e_c_u_r_s_i_n_g_-_f_i_l_e dumps queries that are server │ │ │ │ │ + currently recursing via _r_n_d_c │ │ │ │ │ + _r_e_c_u_r_s_i_n_g. │ │ │ │ │ +_r_e_c_u_r_s_i_o_n Defines whether recursion query │ │ │ │ │ + and caching are allowed. │ │ │ │ │ + Specifies the maximum number │ │ │ │ │ +_r_e_c_u_r_s_i_v_e_-_c_l_i_e_n_t_s of concurrent recursive query │ │ │ │ │ + queries the server can │ │ │ │ │ + perform. │ │ │ │ │ + Toggles whether _d_n_s_6_4 │ │ │ │ │ +_r_e_c_u_r_s_i_v_e_-_o_n_l_y synthesis occurs only for query │ │ │ │ │ + recursive queries. │ │ │ │ │ + Limits the number of │ │ │ │ │ +_r_e_f_e_r_r_a_l_s_-_p_e_r_-_s_e_c_o_n_d referrals or delegations to query │ │ │ │ │ + a server for a given domain. │ │ │ │ │ + Specifies the expected │ │ │ │ │ +_r_e_m_o_t_e_-_h_o_s_t_n_a_m_e hostname in the TLS security │ │ │ │ │ + certificate of the remote │ │ │ │ │ + server. │ │ │ │ │ + Specifies whether the local │ │ │ │ │ +_r_e_q_u_e_s_t_-_e_x_p_i_r_e server requests the EDNS transfer, query │ │ │ │ │ + EXPIRE value, when acting as │ │ │ │ │ + a secondary. │ │ │ │ │ + Controls whether a secondary │ │ │ │ │ +_r_e_q_u_e_s_t_-_i_x_f_r requests an incremental zone transfer │ │ │ │ │ + transfer (IXFR) or a full │ │ │ │ │ + zone transfer (AXFR). │ │ │ │ │ + Controls whether an empty │ │ │ │ │ + EDNS(0) NSID (Name Server │ │ │ │ │ +_r_e_q_u_e_s_t_-_n_s_i_d Identifier) option is sent query │ │ │ │ │ + with all queries to │ │ │ │ │ + authoritative name servers │ │ │ │ │ + during iterative resolution. │ │ │ │ │ + Controls whether responses │ │ │ │ │ +_r_e_q_u_i_r_e_-_c_o_o_k_i_e without a server cookie are query │ │ │ │ │ + accepted │ │ │ │ │ + Controls whether a valid │ │ │ │ │ +_r_e_q_u_i_r_e_-_s_e_r_v_e_r_-_c_o_o_k_i_e server cookie is required query │ │ │ │ │ + before sending a full │ │ │ │ │ + response to a UDP request. │ │ │ │ │ + Specifies the length of │ │ │ │ │ + time, in milliseconds, that │ │ │ │ │ +_r_e_s_o_l_v_e_r_-_q_u_e_r_y_-_t_i_m_e_o_u_t a resolver attempts to query │ │ │ │ │ + resolve a recursive query │ │ │ │ │ + before failing. │ │ │ │ │ + Specifies whether to apply │ │ │ │ │ +_r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server │ │ │ │ │ + queries. │ │ │ │ │ + Adds an EDNS Padding option │ │ │ │ │ + to encrypted messages, to │ │ │ │ │ +_r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query │ │ │ │ │ + guessing the contents based │ │ │ │ │ + on size. │ │ │ │ │ + Specifies response policy server, zone, query, │ │ │ │ │ +_r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among security │ │ │ │ │ + global options. │ │ │ │ │ + Limits the number of non- │ │ │ │ │ +_r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query │ │ │ │ │ + domain name and record type. │ │ │ │ │ + Increases the amount of time │ │ │ │ │ + a key remains published │ │ │ │ │ +_r_e_t_i_r_e_-_s_a_f_e_t_y after it is no longer dnssec │ │ │ │ │ + active, to allow for │ │ │ │ │ + unforeseen events. │ │ │ │ │ +_r_e_u_s_e_p_o_r_t Enables kernel load- server │ │ │ │ │ + balancing of sockets. │ │ │ │ │ + Controls whether BIND 9 │ │ │ │ │ +_r_o_o_t_-_k_e_y_-_s_e_n_t_i_n_e_l responds to root key server │ │ │ │ │ + sentinel probes. │ │ │ │ │ + Defines the order in which │ │ │ │ │ +_r_r_s_e_t_-_o_r_d_e_r equal RRs (RRsets) are query │ │ │ │ │ + returned. │ │ │ │ │ + Specifies whether a │ │ │ │ │ +_s_e_a_r_c_h Dynamically Loadable Zone query │ │ │ │ │ + (DLZ) module is queried for │ │ │ │ │ + an answer to a query name. │ │ │ │ │ + Defines a Base64-encoded │ │ │ │ │ +_s_e_c_r_e_t string to be used as the security │ │ │ │ │ + secret by the algorithm. │ │ │ │ │ + Specifies the pathname of │ │ │ │ │ +_s_e_c_r_o_o_t_s_-_f_i_l_e the file where the server dnssec │ │ │ │ │ + dumps security roots, when │ │ │ │ │ + using _r_n_d_c_ _s_e_c_r_o_o_t_s. │ │ │ │ │ + Controls whether a COOKIE │ │ │ │ │ +_s_e_n_d_-_c_o_o_k_i_e EDNS option is sent along query │ │ │ │ │ + with a query. │ │ │ │ │ + Defines an upper limit on │ │ │ │ │ + the number of queries per │ │ │ │ │ +_s_e_r_i_a_l_-_q_u_e_r_y_-_r_a_t_e second issued by the server, transfer │ │ │ │ │ + when querying the SOA RRs │ │ │ │ │ + used for zone transfers. │ │ │ │ │ + Specifies the update method │ │ │ │ │ +_s_e_r_i_a_l_-_u_p_d_a_t_e_-_m_e_t_h_o_d to be used for the zone zone │ │ │ │ │ + serial number in the SOA │ │ │ │ │ + record. │ │ │ │ │ + Defines characteristics to │ │ │ │ │ +_s_e_r_v_e_r be associated with a remote server │ │ │ │ │ + name server. │ │ │ │ │ + Specifies a list of IP │ │ │ │ │ + addresses to which queries │ │ │ │ │ +_s_e_r_v_e_r_-_a_d_d_r_e_s_s_e_s should be sent in recursive zone, query │ │ │ │ │ + resolution for a static-stub │ │ │ │ │ + zone. │ │ │ │ │ + Specifies the ID of the │ │ │ │ │ +_s_e_r_v_e_r_-_i_d server to return in response server │ │ │ │ │ + to a ID.SERVER query. │ │ │ │ │ + Specifies a list of domain │ │ │ │ │ +_s_e_r_v_e_r_-_n_a_m_e_s names of name servers that zone │ │ │ │ │ + act as authoritative servers │ │ │ │ │ + of a static-stub zone. │ │ │ │ │ + Sets the length of time (in │ │ │ │ │ +_s_e_r_v_f_a_i_l_-_t_t_l seconds) that a SERVFAIL server │ │ │ │ │ + response is cached. │ │ │ │ │ + Specifies the algorithm to │ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_a_l_g use for the TSIG session security │ │ │ │ │ + key. │ │ │ │ │ + Specifies the pathname of │ │ │ │ │ + the file where a TSIG │ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_f_i_l_e session key is written, when security │ │ │ │ │ + generated by _n_a_m_e_d for use │ │ │ │ │ + by nsupdate -l. │ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_n_a_m_e Specifies the key name for security │ │ │ │ │ + the TSIG session key. │ │ │ │ │ + Enables or disables session │ │ │ │ │ +_s_e_s_s_i_o_n_-_t_i_c_k_e_t_s resumption through TLS security │ │ │ │ │ + session tickets. │ │ │ │ │ +_s_e_v_e_r_i_t_y Defines the priority level logging │ │ │ │ │ + of log messages. │ │ │ │ │ + Specifies the maximum number │ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_n_o_d_e_s of nodes to be examined in dnssec │ │ │ │ │ + each quantum, when signing a │ │ │ │ │ + zone with a new DNSKEY. │ │ │ │ │ + Specifies the threshold for │ │ │ │ │ + the number of signatures │ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_s_i_g_n_a_t_u_r_e_s that terminates processing a dnssec │ │ │ │ │ + quantum, when signing a zone │ │ │ │ │ + with a new DNSKEY. │ │ │ │ │ + Specifies a private RDATA │ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_t_y_p_e type to use when generating dnssec │ │ │ │ │ + signing-state records. │ │ │ │ │ +_s_i_g_-_v_a_l_i_d_i_t_y_-_i_n_t_e_r_v_a_l obsolete │ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_r_e_f_r_e_s_h Specifies how frequently an dnssec │ │ │ │ │ + RRSIG record is refreshed. │ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y Indicates the validity dnssec │ │ │ │ │ + period of an RRSIG record. │ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y_-_d_n_s_k_e_y Indicates the validity dnssec │ │ │ │ │ + period of DNSKEY records. │ │ │ │ │ + Sets the number of "slipped" │ │ │ │ │ +_s_l_i_p responses to minimize the query │ │ │ │ │ + use of forged source │ │ │ │ │ + addresses for an attack. │ │ │ │ │ + Controls the ordering of RRs │ │ │ │ │ +_s_o_r_t_l_i_s_t returned to the client, query │ │ │ │ │ + based on the client's IP │ │ │ │ │ + address. │ │ │ │ │ + Defines the amount of time │ │ │ │ │ + (in milliseconds) that _n_a_m_e_d │ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_-_t_i_m_e_o_u_t waits before attempting to server, query │ │ │ │ │ + answer a query with a stale │ │ │ │ │ + RRset from cache. │ │ │ │ │ + Enables the returning of │ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when server, query │ │ │ │ │ + the name servers for a zone │ │ │ │ │ + are not answering. │ │ │ │ │ + Specifies the time to live │ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query │ │ │ │ │ + stale answers, in seconds. │ │ │ │ │ +_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of server, query │ │ │ │ │ + "stale" cached answers. │ │ │ │ │ + Sets the time window for the │ │ │ │ │ + return of "stale" cached │ │ │ │ │ +_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e answers before the next server, query │ │ │ │ │ + attempt to contact, if the │ │ │ │ │ + name servers for a given │ │ │ │ │ + zone are not responding. │ │ │ │ │ + Specifies the rate at which │ │ │ │ │ + NOTIFY requests are sent │ │ │ │ │ +_s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is zone, transfer │ │ │ │ │ + first starting, or when new │ │ │ │ │ + zones have been added. │ │ │ │ │ + Specifies the communication │ │ │ │ │ + channels to be used by │ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging │ │ │ │ │ + access statistics │ │ │ │ │ + information on the name │ │ │ │ │ + server. │ │ │ │ │ + Specifies the pathname of │ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server server, logging │ │ │ │ │ + appends statistics, when │ │ │ │ │ + using _r_n_d_c_ _s_t_a_t_s. │ │ │ │ │ + Directs the logging channel │ │ │ │ │ +_s_t_d_e_r_r output to the server's logging │ │ │ │ │ + standard error stream. │ │ │ │ │ + Specifies the maximum number │ │ │ │ │ +_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n of concurrent HTTP/2 streams server, query │ │ │ │ │ + over an HTTP/2 connection. │ │ │ │ │ + Defines trailing bits for │ │ │ │ │ +_s_u_f_f_i_x mapped IPv4 address bits in query │ │ │ │ │ + _d_n_s_6_4. │ │ │ │ │ + Enables support for _RR_FF_CC │ │ │ │ │ +_s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec │ │ │ │ │ + DNSSEC-Validated Cache. │ │ │ │ │ +_s_y_s_l_o_g Directs the logging channel logging │ │ │ │ │ + to the system log. │ │ │ │ │ + Sets the timeout value (in │ │ │ │ │ + milliseconds) that the │ │ │ │ │ +_t_c_p_-_a_d_v_e_r_t_i_s_e_d_-_t_i_m_e_o_u_t server sends in responses query │ │ │ │ │ + containing the EDNS TCP │ │ │ │ │ + keepalive option. │ │ │ │ │ + Specifies the maximum number │ │ │ │ │ +_t_c_p_-_c_l_i_e_n_t_s of simultaneous client TCP server │ │ │ │ │ + connections accepted by the │ │ │ │ │ + server. │ │ │ │ │ + Sets the amount of time (in │ │ │ │ │ + milliseconds) that the │ │ │ │ │ + server waits on an idle TCP │ │ │ │ │ +_t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query │ │ │ │ │ + it, if the EDNS TCP │ │ │ │ │ + keepalive option is not in │ │ │ │ │ + use. │ │ │ │ │ + Sets the amount of time (in │ │ │ │ │ + milliseconds) that the │ │ │ │ │ +_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP server, query │ │ │ │ │ + connection for the first │ │ │ │ │ + message from the client. │ │ │ │ │ +_t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server │ │ │ │ │ + messages sent over TCP. │ │ │ │ │ + Sets the amount of time (in │ │ │ │ │ + milliseconds) that the │ │ │ │ │ +_t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query │ │ │ │ │ + connection before closing │ │ │ │ │ + it, if the EDNS TCP │ │ │ │ │ + keepalive option is in use. │ │ │ │ │ +_t_c_p_-_l_i_s_t_e_n_-_q_u_e_u_e Sets the listen-queue depth. server │ │ │ │ │ +_t_c_p_-_o_n_l_y Sets the transport protocol server │ │ │ │ │ + to TCP. │ │ │ │ │ + Sets the operating system's │ │ │ │ │ +_t_c_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for TCP server │ │ │ │ │ + sockets. │ │ │ │ │ + Sets the operating system's │ │ │ │ │ +_t_c_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for TCP server │ │ │ │ │ + sockets. │ │ │ │ │ + Sets the domain appended to │ │ │ │ │ +_t_k_e_y_-_d_o_m_a_i_n the names of all shared keys security │ │ │ │ │ + generated with TKEY. │ │ │ │ │ + Sets the security credential │ │ │ │ │ +_t_k_e_y_-_g_s_s_a_p_i_-_c_r_e_d_e_n_t_i_a_l for authentication keys security │ │ │ │ │ + requested by the GSS-TSIG │ │ │ │ │ + protocol. │ │ │ │ │ +_t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b Sets the KRB5 keytab file to security │ │ │ │ │ + use for GSS-TSIG updates. │ │ │ │ │ +_t_l_s Configures a TLS connection. security │ │ │ │ │ + Specifies the TCP port │ │ │ │ │ +_t_l_s_-_p_o_r_t number the server uses to server, query │ │ │ │ │ + receive and send DNS-over- │ │ │ │ │ + TLS protocol traffic. │ │ │ │ │ + Controls whether multiple │ │ │ │ │ +_t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into a transfer │ │ │ │ │ + message during zone │ │ │ │ │ + transfers. │ │ │ │ │ + Limits the uncompressed size │ │ │ │ │ +_t_r_a_n_s_f_e_r_-_m_e_s_s_a_g_e_-_s_i_z_e of DNS messages used in zone transfer │ │ │ │ │ + transfers over TCP. │ │ │ │ │ + Defines which local IPv4 │ │ │ │ │ + address(es) are bound to TCP │ │ │ │ │ +_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e connections used to fetch transfer │ │ │ │ │ + zones transferred inbound by │ │ │ │ │ + the server. │ │ │ │ │ + Defines which local IPv6 │ │ │ │ │ + address(es) are bound to TCP │ │ │ │ │ +_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e_-_v_6 connections used to fetch transfer │ │ │ │ │ + zones transferred inbound by │ │ │ │ │ + the server. │ │ │ │ │ + Limits the number of │ │ │ │ │ +_t_r_a_n_s_f_e_r_s concurrent inbound zone server │ │ │ │ │ + transfers from a server. │ │ │ │ │ + Limits the number of │ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_i_n concurrent inbound zone transfer │ │ │ │ │ + transfers. │ │ │ │ │ + Limits the number of │ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_o_u_t concurrent outbound zone transfer │ │ │ │ │ + transfers. │ │ │ │ │ + Limits the number of │ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_p_e_r_-_n_s concurrent inbound zone transfer │ │ │ │ │ + transfers from a remote │ │ │ │ │ + server. │ │ │ │ │ + Instructs _n_a_m_e_d to send │ │ │ │ │ + specially formed queries │ │ │ │ │ +_t_r_u_s_t_-_a_n_c_h_o_r_-_t_e_l_e_m_e_t_r_y once per day to domains for dnssec │ │ │ │ │ + which trust anchors have │ │ │ │ │ + been configured. │ │ │ │ │ +_t_r_u_s_t_-_a_n_c_h_o_r_s Defines _D_N_S_S_E_C trust dnssec │ │ │ │ │ + anchors. │ │ │ │ │ +_t_r_u_s_t_e_d_-_k_e_y_s deprecated │ │ │ │ │ + Specifies that BIND 9 should │ │ │ │ │ +_t_r_y_-_t_c_p_-_r_e_f_r_e_s_h attempt to refresh a zone transfer │ │ │ │ │ + using TCP if UDP queries │ │ │ │ │ + fail. │ │ │ │ │ +_t_y_p_e Specifies the kind of zone zone │ │ │ │ │ + in a given configuration. │ │ │ │ │ + Contains forwarding │ │ │ │ │ +_t_y_p_e_ _f_o_r_w_a_r_d statements that apply to zone │ │ │ │ │ + queries within a given │ │ │ │ │ + domain. │ │ │ │ │ + Contains the initial set of │ │ │ │ │ +_t_y_p_e_ _h_i_n_t root name servers to be used zone │ │ │ │ │ + at BIND 9 startup. │ │ │ │ │ + Contains a DNSSEC-validated │ │ │ │ │ +_t_y_p_e_ _m_i_r_r_o_r duplicate of the main data zone │ │ │ │ │ + for a zone. │ │ │ │ │ +_t_y_p_e_ _p_r_i_m_a_r_y Contains the main copy of zone │ │ │ │ │ + the data for a zone. │ │ │ │ │ + Contains information to │ │ │ │ │ +_t_y_p_e_ _r_e_d_i_r_e_c_t answer queries when normal zone │ │ │ │ │ + resolution would return │ │ │ │ │ + NXDOMAIN. │ │ │ │ │ + Contains a duplicate of the │ │ │ │ │ +_t_y_p_e_ _s_e_c_o_n_d_a_r_y data for a zone that has zone │ │ │ │ │ + been transferred from a │ │ │ │ │ + primary server. │ │ │ │ │ + Contains a duplicate of the │ │ │ │ │ + NS records of a primary │ │ │ │ │ +_t_y_p_e_ _s_t_a_t_i_c_-_s_t_u_b zone, but statically zone │ │ │ │ │ + configured rather than │ │ │ │ │ + transferred from a primary │ │ │ │ │ + server. │ │ │ │ │ + Contains a duplicate of the │ │ │ │ │ +_t_y_p_e_ _s_t_u_b NS records of a primary zone │ │ │ │ │ + zone. │ │ │ │ │ + Sets the operating system's │ │ │ │ │ +_u_d_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for UDP server │ │ │ │ │ + sockets. │ │ │ │ │ + Sets the operating system's │ │ │ │ │ +_u_d_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for UDP server │ │ │ │ │ + sockets. │ │ │ │ │ +_u_n_i_x Specifies a Unix domain obsolete │ │ │ │ │ + socket as a control channel. │ │ │ │ │ +_u_p_d_a_t_e_-_c_h_e_c_k_-_k_s_k obsolete │ │ │ │ │ + Sets fine-grained rules to │ │ │ │ │ + allow or deny dynamic │ │ │ │ │ +_u_p_d_a_t_e_-_p_o_l_i_c_y updates (DDNS), based on transfer │ │ │ │ │ + requester identity, updated │ │ │ │ │ + content, etc. │ │ │ │ │ + Specifies the maximum number │ │ │ │ │ +_u_p_d_a_t_e_-_q_u_o_t_a of concurrent DNS UPDATE server │ │ │ │ │ + messages that can be │ │ │ │ │ + processed by the server. │ │ │ │ │ + Specifies a list of ports │ │ │ │ │ +_u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated │ │ │ │ │ + UDP/IPv4 messages. │ │ │ │ │ + Specifies a list of ports │ │ │ │ │ +_u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated │ │ │ │ │ + UDP/IPv6 messages. │ │ │ │ │ + Indicates the number of │ │ │ │ │ +_v_6_-_b_i_a_s milliseconds of preference server, query │ │ │ │ │ + to give to IPv6 name │ │ │ │ │ + servers. │ │ │ │ │ + Specifies a list of domain │ │ │ │ │ +_v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec │ │ │ │ │ + DNSSEC validation should not │ │ │ │ │ + be performed. │ │ │ │ │ + Specifies the version number │ │ │ │ │ +_v_e_r_s_i_o_n of the server to return in server │ │ │ │ │ + response to a version.bind │ │ │ │ │ + query. │ │ │ │ │ + Allows a name server to │ │ │ │ │ +_v_i_e_w answer a DNS query view │ │ │ │ │ + differently depending on who │ │ │ │ │ + is asking. │ │ │ │ │ + Specifies the length of time │ │ │ │ │ +_w_i_n_d_o_w during which responses are query │ │ │ │ │ + tracked. │ │ │ │ │ + Specifies whether to set the │ │ │ │ │ + time to live (TTL) of the │ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l SOA record to zero, when server, zone, query │ │ │ │ │ + returning authoritative │ │ │ │ │ + negative responses to SOA │ │ │ │ │ + queries. │ │ │ │ │ + Sets the time to live (TTL) │ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a server, zone, query │ │ │ │ │ + negative response to an SOA │ │ │ │ │ + query. │ │ │ │ │ +_z_o_n_e Specifies the zone in a BIND zone │ │ │ │ │ + 9 configuration. │ │ │ │ │ + Sets the propagation delay │ │ │ │ │ + from the time a zone is │ │ │ │ │ +_z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the dnssec, zone │ │ │ │ │ + new version of the zone is │ │ │ │ │ + served by all secondary │ │ │ │ │ + servers. │ │ │ │ │ + Controls the level of │ │ │ │ │ +_z_o_n_e_-_s_t_a_t_i_s_t_i_c_s statistics gathered for all logging, zone │ │ │ │ │ + zones. │ │ │ │ │ ********** 88..44.. SSttaatteemmeennttss bbyy TTaagg_? ********** │ │ │ │ │ These tables group the various statements permissible in named.conf by their │ │ │ │ │ corresponding tag. │ │ │ │ │ ******** 88..44..11.. DDNNSSSSEECC TTaagg SSttaatteemmeennttss_? ******** │ │ │ │ │ SSttaatteemmeenntt DDeessccrriippttiioonn │ │ │ │ │ _b_i_n_d_k_e_y_s_-_f_i_l_e Specifies the pathname of a file to override the │ │ │ │ │ built-in trusted keys provided by _n_a_m_e_d.