--- /srv/reproducible-results/rbuild-debian/r-b-build.B9woKRV2/b1/bind9_9.19.21-1_amd64.changes +++ /srv/reproducible-results/rbuild-debian/r-b-build.B9woKRV2/b2/bind9_9.19.21-1_amd64.changes ├── Files │ @@ -1,13 +1,13 @@ │ │ 1e40186e5233f349e0ef2cbbf67080ab 659368 debug optional bind9-dbgsym_9.19.21-1_amd64.deb │ 8c800fa4edba8cfda764a6d2ba6c8433 546284 devel optional bind9-dev_9.19.21-1_amd64.deb │ 173e0286bddaf8c582826f1e6ee8bbeb 424504 debug optional bind9-dnsutils-dbgsym_9.19.21-1_amd64.deb │ 79286ed25596a622d1986e893630134d 422348 net standard bind9-dnsutils_9.19.21-1_amd64.deb │ - d9e4a558f1c8c847cb2ea342282168c8 3488992 doc optional bind9-doc_9.19.21-1_all.deb │ + 372aa995e25b014527f03fa84f9fbf0b 3488992 doc optional bind9-doc_9.19.21-1_all.deb │ 6a0446af60507274dd3d0ccdc55722dd 104212 debug optional bind9-host-dbgsym_9.19.21-1_amd64.deb │ d77b4de86ff62741f6e9c77923a54630 313976 net standard bind9-host_9.19.21-1_amd64.deb │ 1e3cf96682094158ece3752c6b2d575a 3864152 debug optional bind9-libs-dbgsym_9.19.21-1_amd64.deb │ ec97340a6e3db36697eb0f6694fd4a0e 1421404 libs standard bind9-libs_9.19.21-1_amd64.deb │ 64a7f9028b49c2df57940e4c10351297 410864 debug optional bind9-utils-dbgsym_9.19.21-1_amd64.deb │ 6b9635405a9c2f658128909746c153a4 420824 net optional bind9-utils_9.19.21-1_amd64.deb │ a4d230d3942257cacb7cfb93f49ddf3a 505044 net optional bind9_9.19.21-1_amd64.deb ├── bind9-doc_9.19.21-1_all.deb │ ├── control.tar.xz │ │ ├── control.tar │ │ │ ├── ./md5sums │ │ │ │ ├── ./md5sums │ │ │ │ │┄ Files differ │ ├── data.tar.xz │ │ ├── data.tar │ │ │ ├── ./usr/share/doc/bind9-doc/arm/reference.html │ │ │ │ @@ -2123,15 +2123,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
Grammar: statistics-file <quoted_string>;
Blocks: options
│ │ │ │ -Tags: logging, server
│ │ │ │ +Tags: server, logging
│ │ │ │Specifies the pathname of the file where the server appends statistics, when using rndc stats
.
This is the pathname of the file the server appends statistics to, when
│ │ │ │ instructed to do so using rndc stats
. If not specified, the
│ │ │ │ default is named.stats
in the server’s current directory. The
│ │ │ │ format of the file is described in The Statistics File.
Grammar: port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ │ │ │ │ │This is the UDP/TCP port number the server uses to receive and send DNS │ │ │ │ protocol traffic. The default is 53. This option is mainly intended │ │ │ │ for server testing; a server using a port other than 53 is not │ │ │ │ able to communicate with the global DNS.
│ │ │ │Grammar: tls-port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-TLS protocol traffic. The default is 853.
│ │ │ │Grammar: https-port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ DNS-over-HTTPS protocol traffic. The default is 443.
│ │ │ │Grammar: http-port <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ │ │ │ │ │This is the TCP port number the server uses to receive and send │ │ │ │ unencrypted DNS traffic via HTTP (a configuration that may be useful │ │ │ │ when encryption is handled by third-party software or by a reverse │ │ │ │ proxy).
│ │ │ │Grammar: ipv4only-server <string>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64
.
Grammar: zone-statistics ( full | terse | none | <boolean> );
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
│ │ │ │ -Tags: zone, logging
│ │ │ │ +Tags: logging, zone
│ │ │ │Controls the level of statistics gathered for all zones.
│ │ │ │ │ │ │ │If full
, the server collects statistical data on all zones,
│ │ │ │ unless specifically turned off on a per-zone basis by specifying
│ │ │ │ zone-statistics terse
or zone-statistics none
in the zone
│ │ │ │ statement. The statistical data includes, for example, DNSSEC signing
│ │ │ │ operations and the number of authoritative answers per query type. The
│ │ │ │ @@ -2755,15 +2755,15 @@
│ │ │ │
Grammar: allow-new-zones <boolean>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Controls the ability to add zones at runtime via rndc addzone
.
If yes
, then zones can be added at runtime via rndc addzone
.
│ │ │ │ The default is no
.
Newly added zones’ configuration parameters are stored so that they
│ │ │ │ can persist after the server is restarted. The configuration
│ │ │ │ information is saved in a file called viewname.nzf
(or, if
│ │ │ │ @@ -2792,15 +2792,15 @@
│ │ │ │
Grammar: memstatistics <boolean>;
Blocks: options
│ │ │ │ -Tags: logging, server
│ │ │ │ +Tags: server, logging
│ │ │ │Controls whether memory statistics are written to the file specified by memstatistics-file
at exit.
This writes memory statistics to the file specified by
│ │ │ │ memstatistics-file
at exit. The default is no
unless -m
│ │ │ │ record
is specified on the command line, in which case it is yes
.
Grammar: stale-answer-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Enables the returning of “stale” cached answers when the name servers for a zone are not answering.
│ │ │ │ │ │ │ │If yes
, enable the returning of “stale” cached answers when the name
│ │ │ │ servers for a zone are not answering and the stale-cache-enable
option is
│ │ │ │ also enabled. The default is not to return stale answers.
Stale answers can also be enabled or disabled at runtime via
│ │ │ │ rndc serve-stale on
or rndc serve-stale off
; these override
│ │ │ │ @@ -3216,15 +3216,15 @@
│ │ │ │
Grammar: stale-answer-client-timeout ( disabled | off | <integer> );
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Defines the amount of time (in milliseconds) that named
waits before attempting to answer a query with a stale RRset from cache.
This option defines the amount of time (in milliseconds) that named
│ │ │ │ waits before attempting to answer the query with a stale RRset from cache.
│ │ │ │ If a stale answer is found, named
continues the ongoing fetches,
│ │ │ │ attempting to refresh the RRset in cache until the
│ │ │ │ resolver-query-timeout
interval is reached.
Grammar: stale-cache-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Enables the retention of “stale” cached answers.
│ │ │ │ │ │ │ │If yes
, enable the retaining of “stale” cached answers. Default no
.
Grammar: stale-refresh-time <duration>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the time window for the return of “stale” cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │ │ │ │ │If the name servers for a given zone are not answering, this sets the time
│ │ │ │ window for which named
will promptly return “stale” cached answers for
│ │ │ │ that RRSet being requested before a new attempt in contacting the servers
│ │ │ │ is made. For convenience, TTL-style time-unit suffixes may be used to
│ │ │ │ specify the value. It also accepts ISO 8601 duration formats.
Grammar: querylog <boolean>;
Blocks: options
│ │ │ │ -Tags: logging, server
│ │ │ │ +Tags: server, logging
│ │ │ │Specifies whether query logging should be active when named
first starts.
Query logging provides a complete log of all incoming queries and all query │ │ │ │ errors. This provides more insight into the server’s activity, but with a │ │ │ │ cost to performance which may be significant on heavily loaded servers.
│ │ │ │The querylog
option specifies whether query logging should be active when
│ │ │ │ named
first starts. If querylog
is not specified, then query logging
│ │ │ │ @@ -3563,15 +3563,15 @@
│ │ │ │
│ │ │ │
Grammar zone (hint, mirror, primary, secondary, stub): check-names ( fail | warn | ignore );
Grammar options, view: check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
Blocks: options, view, zone (hint, mirror, primary, secondary, stub)
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
│ │ │ │ │ │ │ │This option is used to restrict the character set and syntax of
│ │ │ │ certain domain names in primary files and/or DNS responses received
│ │ │ │ from the network. The default varies according to usage area. For
│ │ │ │ type primary
zones the default is fail
. For type secondary
zones the
│ │ │ │ default is warn
. For answers received from the network
│ │ │ │ @@ -3715,28 +3715,28 @@
│ │ │ │
Grammar: zero-no-soa-ttl <boolean>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: zone, query, server
│ │ │ │ +Tags: server, zone, query
│ │ │ │Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │ │ │ │ │If yes
, when returning authoritative negative responses to SOA queries, set
│ │ │ │ the TTL of the SOA record returned in the authority section to zero.
│ │ │ │ The default is yes
.
Grammar: zero-no-soa-ttl-cache <boolean>;
Blocks: options, view
│ │ │ │ -Tags: zone, query, server
│ │ │ │ +Tags: server, zone, query
│ │ │ │Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │ │ │ │ │If yes
, when caching a negative response to an SOA query set the TTL to zero.
│ │ │ │ The default is no
.
Grammar: allow-recursion-on { <address_match_element>; ... };
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies which local addresses can accept recursive queries.
│ │ │ │ │ │ │ │This specifies which local addresses can accept recursive queries. If
│ │ │ │ allow-recursion-on
is not set, then allow-query-cache-on
is
│ │ │ │ used if set; otherwise, the default is to allow recursive queries on
│ │ │ │ all addresses. Any client permitted to send recursive queries can
│ │ │ │ send them to any address on which named
is listening. Note: both
│ │ │ │ @@ -4628,30 +4628,30 @@
│ │ │ │
Grammar: notify-rate <integer>;
Blocks: options
│ │ │ │ -Tags: transfer, zone
│ │ │ │ +Tags: zone, transfer
│ │ │ │Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │ │ │ │ │This specifies the rate at which NOTIFY requests are sent during normal zone │ │ │ │ maintenance operations. (NOTIFY requests due to initial zone loading │ │ │ │ are subject to a separate rate limit; see below.) The default is 20 │ │ │ │ per second. The lowest possible rate is one per second; when set to │ │ │ │ zero, it is silently raised to one.
│ │ │ │Grammar: startup-notify-rate <integer>;
Blocks: options
│ │ │ │ -Tags: transfer, zone
│ │ │ │ +Tags: zone, transfer
│ │ │ │Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │ │ │ │ │This is the rate at which NOTIFY requests are sent when the name server │ │ │ │ is first starting up, or when zones have been newly added to the │ │ │ │ name server. The default is 20 per second. The lowest possible rate is │ │ │ │ one per second; when set to zero, it is silently raised to one.
│ │ │ │Grammar: max-records <integer>;
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Sets the maximum number of records permitted in a zone.
│ │ │ │ │ │ │ │This sets the maximum number of records permitted in a zone. The default is │ │ │ │ zero, which means the maximum is unlimited.
│ │ │ │Grammar: fetches-per-zone <integer> [ ( drop | fail ) ];
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ │ │ │ │ │This sets the maximum number of simultaneous iterative queries to any one │ │ │ │ domain that the server permits before blocking new queries for │ │ │ │ data in or beneath that zone. This value should reflect how many │ │ │ │ fetches would normally be sent to any one zone in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5037,15 +5037,15 @@ │ │ │ │
Grammar: fetches-per-server <integer> [ ( drop | fail ) ];
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ │ │ │ │ │This sets the maximum number of simultaneous iterative queries that the server │ │ │ │ allows to be sent to a single upstream name server before │ │ │ │ blocking additional queries. This value should reflect how many │ │ │ │ fetches would normally be sent to any one server in the time it would │ │ │ │ take to resolve them. It should be smaller than │ │ │ │ @@ -5070,15 +5070,15 @@ │ │ │ │
Grammar: fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the parameters for dynamic resizing of the fetches-per-server
quota in response to detected congestion.
This sets the parameters to use for dynamic resizing of the
│ │ │ │ fetches-per-server
quota in response to detected congestion.
The first argument is an integer value indicating how frequently to │ │ │ │ recalculate the moving average of the ratio of timeouts to responses │ │ │ │ for each server. The default is 100, meaning that BIND recalculates the │ │ │ │ @@ -5166,15 +5166,15 @@ │ │ │ │
Grammar: tcp-initial-timeout <integer>;
Blocks: options
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ │ │ │ │ │This sets the amount of time (in units of 100 milliseconds) that the server waits on │ │ │ │ a new TCP connection for the first message from the client. The │ │ │ │ default is 300 (30 seconds), the minimum is 25 (2.5 seconds), and the │ │ │ │ maximum is 1200 (two minutes). Values above the maximum or below the │ │ │ │ minimum are adjusted with a logged warning. (Note: this value │ │ │ │ @@ -5837,15 +5837,15 @@ │ │ │ │
Grammar: masterfile-format ( raw | text );
Blocks: options, view, zone (mirror, primary, redirect, secondary, stub)
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Specifies the file format of zone files.
│ │ │ │ │ │ │ │This specifies the file format of zone files (see Additional File Formats
│ │ │ │ for details). The default value is text
, which is the standard
│ │ │ │ textual representation, except for secondary zones, in which the default
│ │ │ │ value is raw
. Files in formats other than text
are typically
│ │ │ │ expected to be generated by the named-compilezone
tool, or dumped by
│ │ │ │ @@ -5900,28 +5900,28 @@
│ │ │ │
Grammar: max-recursion-queries <integer>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ │ │ │ │ │This sets the maximum number of iterative queries that may be sent while │ │ │ │ servicing a recursive query. If more queries are sent, the recursive │ │ │ │ query is terminated and returns SERVFAIL. The default is 100.
│ │ │ │Grammar: notify-delay <integer>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: transfer, zone
│ │ │ │ +Tags: zone, transfer
│ │ │ │Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │ │ │ │ │This sets the delay, in seconds, between sending sets of NOTIFY messages │ │ │ │ for a zone. Whenever a NOTIFY message is sent for a zone, a timer will │ │ │ │ be set for this duration. If the zone is updated again before the timer │ │ │ │ expires, the NOTIFY for that update will be postponed. The default is 5 │ │ │ │ seconds.
│ │ │ │ @@ -5968,15 +5968,15 @@ │ │ │ │Grammar: v6-bias <integer>;
Blocks: options, view
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ │ │ │ │ │When determining the next name server to try, this indicates by how many
│ │ │ │ milliseconds to prefer IPv6 name servers. The default is 50
│ │ │ │ milliseconds.
Grammar: empty-server <string>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Specifies the server name in the returned SOA record for empty zones.
│ │ │ │ │ │ │ │This specifies the server name that appears in the returned SOA record for │ │ │ │ empty zones. If none is specified, the zone’s name is used.
│ │ │ │Grammar: empty-contact <string>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Specifies the contact name in the returned SOA record for empty zones.
│ │ │ │ │ │ │ │This specifies the contact name that appears in the returned SOA record for │ │ │ │ empty zones. If none is specified, “.” is used.
│ │ │ │Grammar: empty-zones-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Enables or disables all empty zones.
│ │ │ │ │ │ │ │This enables or disables all empty zones. By default, they are enabled.
│ │ │ │Grammar: disable-empty-zone <string>; // may occur multiple times
Blocks: options, view
│ │ │ │ -Tags: zone, server
│ │ │ │ +Tags: server, zone
│ │ │ │Disables individual empty zones.
│ │ │ │ │ │ │ │This disables individual empty zones. By default, none are disabled. This │ │ │ │ option can be specified multiple times.
│ │ │ │Grammar: response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
Blocks: options, view
│ │ │ │ -Tags: security, zone, query, server
│ │ │ │ +Tags: server, zone, query, security
│ │ │ │Specifies response policy zones for the view or among global options.
│ │ │ │ │ │ │ │Response policy zones are named in the response-policy
option for
│ │ │ │ the view, or among the global options if there is no response-policy
│ │ │ │ option for the view. Response policy zones are ordinary DNS zones
│ │ │ │ containing RRsets that can be queried normally if allowed. It is usually
│ │ │ │ best to restrict those queries with something like
│ │ │ │ @@ -6607,42 +6607,42 @@
│ │ │ │ such as SERVFAIL to appear to be rewritten, since no recursion is being
│ │ │ │ done to discover problems at the authoritative server.
Grammar: dnsrps-enable <boolean>;
Blocks: options, view
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ │ │ │ │The dnsrps-enable yes
option turns on the DNS Response Policy Service
│ │ │ │ (DNSRPS) interface, if it has been compiled in named
using
│ │ │ │ configure --enable-dnsrps
.
Grammar: dnsrps-library <quoted_string>;
Blocks: options
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │ │ │ │ │This option specifies the path to the DNSRPS provider library. Typically
│ │ │ │ this library is detected when building with configure --enable-dnsrps
│ │ │ │ and does not need to be specified in named.conf
; the option exists
│ │ │ │ to override the default library for testing purposes.
Grammar: dnsrps-options { <unspecified-text> };
Blocks: options, view
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ │ │ │ │ │The block provides additional RPZ configuration
│ │ │ │ settings, which are passed through to the DNSRPS provider library.
│ │ │ │ Multiple DNSRPS settings in an dnsrps-options
string should be
│ │ │ │ separated with semi-colons (;). The DNSRPS provider library is passed a
│ │ │ │ configuration string consisting of the dnsrps-options
text,
│ │ │ │ @@ -7272,15 +7272,15 @@
│ │ │ │ option.
Blocks: dnssec-policy, server, view.server
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies one or more server_key
s to be used with a remote server.
Warning
│ │ │ │Not to be confused with keys
in dnssec-policy
specification.
│ │ │ │ Although statements with the same name exist in both contexts, they refer
│ │ │ │ to fundamentally incompatible concepts.
tls
can only be set at the top level of named.conf
.
The following options can be specified in a tls
statement:
Grammar: key-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing the private TLS key for a connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing the private TLS key to be used for │ │ │ │ the connection.
│ │ │ │
Grammar: cert-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing the TLS certificate to be used for │ │ │ │ the connection.
│ │ │ │
Grammar: ca-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │ │ │ │ │Path to a file containing trusted CA authorities’ TLS │ │ │ │ certificates used to verify remote peer certificates. Specifying │ │ │ │ this option enables remote peer certificates’ verification. For │ │ │ │ incoming connections, specifying this option makes BIND require │ │ │ │ @@ -7481,15 +7481,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
- │ │ │ │ dhparam-file
│ │ │ │Grammar:
│ │ │ │dhparam-file <quoted_string>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Path to a file containing Diffie-Hellman parameters, │ │ │ │ which is needed to enable the cipher suites depending on the │ │ │ │ Diffie-Hellman ephemeral key exchange (DHE). Having these parameters │ │ │ │ specified is essential for enabling perfect forward secrecy capable │ │ │ │ @@ -7550,15 +7550,15 @@ │ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │
│ │ │ │ │ │ │ │ @@ -7673,15 +7673,15 @@ │ │ │ │ listener-clients <integer>; │ │ │ │ streams-per-connection <integer>; │ │ │ │ }; // may occur multiple times │ │ │ │- │ │ │ │ prefer-server-ciphers
│ │ │ │Grammar:
│ │ │ │prefer-server-ciphers <boolean>;
Blocks: tls
│ │ │ │ -Tags: security, server
│ │ │ │ +Tags: server, security
│ │ │ │Specifies that server ciphers should be preferred over client ones.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │Specifies that server ciphers should be preferred over client ones.
│ │ │ │Blocks: topmost
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ │ │ │ │ │
http
Block Definition and Usagehttp
can only be set at the top level of named.conf
.
The following options can be specified in an http
statement:
Grammar: endpoints { <quoted_string>; ... };
Blocks: http
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies a list of HTTP query paths on which to listen.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │A list of HTTP query paths on which to listen. This is the portion │ │ │ │ of an RFC 3986-compliant URI following the hostname; it must be │ │ │ │ an absolute path, beginning with “/”. The default value │ │ │ │ is
│ │ │ │ @@ -7708,28 +7708,28 @@ │ │ │ │ │ │ │ │ │ │ │ │"/dns-query"
, if omitted.│ │ │ │
│ │ │ │ │ │ │ │- │ │ │ │ listener-clients
│ │ │ │Grammar:
│ │ │ │listener-clients <integer>;
Blocks: http
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies a per-listener quota for active connections.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │The option specifies a per-listener quota for active connections.
│ │ │ ││ │ │ │
│ │ │ │ @@ -9506,15 +9506,15 @@ │ │ │ │ in-view <string>; │ │ │ │ }; │ │ │ │- │ │ │ │ streams-per-connection
│ │ │ │Grammar:
│ │ │ │streams-per-connection <integer>;
Blocks: http
│ │ │ │ -Tags: query, server
│ │ │ │ +Tags: server, query
│ │ │ │Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ │ │ │ │ ││ │ │ ││ │ │ │The option specifies the hard limit on the number of concurrent │ │ │ │ HTTP/2 streams over an HTTP/2 connection.
│ │ │ │
Grammar zone (in-view): in-view <string>;
Blocks: zone, zone (in-view), view.zone
│ │ │ │ -Tags: zone, view
│ │ │ │ +Tags: view, zone
│ │ │ │Specifies the view in which a given zone is defined.
│ │ │ │ │ │ │ │When using multiple views, a type primary
or type secondary
zone configured
│ │ │ │ in one view can be referenced in a subsequent view. This allows both views
│ │ │ │ to use the same zone without the overhead of loading it more than once. This
│ │ │ │ is configured using a zone
statement, with an in-view
option
│ │ │ │ specifying the view in which the zone is defined. A zone
statement
│ │ │ │ @@ -10089,15 +10089,15 @@
│ │ │ │
Limits UDP responses of all kinds.
│ │ │ │query
Controls the ability to add zones at runtime via rndc addzone
.
zone, server
server, zone
Defines an address_match_list
that is allowed to send NOTIFY
messages for the zone, in addition to addresses defined in the primaries
option for the zone.
transfer
Defines an address_match_list
of clients that are allowed to perform recursive queries.
query
Specifies which local addresses can accept recursive queries.
│ │ │ │query, server
server, query
Defines an address_match_list
of hosts that are allowed to transfer the zone information from this server.
transfer
Controls flushing of log messages.
│ │ │ │logging
Specifies the path to a file containing TLS certificates for trusted CA authorities, used to verify remote peer certificates.
│ │ │ │security, server
server, security
Configures catalog zones in named.conf
.
zone
Specifies the digest types to use for CDS resource records.
│ │ │ │dnssec
Specifies the path to a file containing the TLS certificate for a connection.
│ │ │ │security, server
server, security
Defines a stream of data that can be independently logged.
│ │ │ │logging
Sets the response to MX records that refer to CNAMEs.
│ │ │ │zone
Restricts the character set and syntax of certain domain names in primary files and/or DNS responses received from the network.
│ │ │ │query, server
server, query
Specifies whether to check for sibling glue when performing integrity checks.
│ │ │ │zone
Rejects CNAME or DNAME records if the "alias" name matches a given list of domain_name
elements.
query
Specifies the path to a file containing Diffie-Hellman parameters, for enabling cipher suites.
│ │ │ │security, server
server, security
Concentrates zone maintenance so that all transfers take place once every heartbeat-interval
, ideally during a single call.
deprecated
Disables DS digest types from a specified zone.
│ │ │ │dnssec, zone
Disables individual empty zones.
│ │ │ │zone, server
server, zone
Configures a Dynamically Loadable Zone (DLZ) database in named.conf
.
zone
Specifies the time to live (TTL) for DNSKEY resource records.
│ │ │ │dnssec
Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │security, server
server, security
Turns on the DNS Response Policy Service (DNSRPS) interface.
│ │ │ │security, server
server, security
Provides additional RPZ configuration settings, which are passed to the DNS Response Policy Service (DNSRPS) provider library.
│ │ │ │security, server
server, security
Instructs BIND 9 to accept expired DNSSEC signatures when validating.
│ │ │ │dnssec
Sets the maximum EDNS VERSION that is sent to the server(s) by the resolver.
│ │ │ │server
Specifies the contact name in the returned SOA record for empty zones.
│ │ │ │zone, server
server, zone
Specifies the server name in the returned SOA record for empty zones.
│ │ │ │zone, server
server, zone
Enables or disables all empty zones.
│ │ │ │zone, server
server, zone
Specifies a list of HTTP query paths on which to listen.
│ │ │ │query, server
server, query
Limits the number of errors for a valid domain name and record type.
│ │ │ │server
Exempts specific clients or client groups from rate limiting.
│ │ │ │query
Sets the parameters for dynamic resizing of the fetches-per-server
quota in response to detected congestion.
query, server
server, query
Sets the maximum number of simultaneous iterative queries allowed to be sent by a server to an upstream name server before the server blocks additional queries.
│ │ │ │query, server
server, query
Sets the maximum number of simultaneous iterative queries allowed to any one domain before the server blocks new queries for data in or beneath that zone.
│ │ │ │query, server
server, query
Specifies the zone's filename.
│ │ │ │zone
Specifies the hostname of the server to return in response to a hostname.bind
query.
server
Configures HTTP endpoints on which to listen for DNS-over-HTTPS (DoH) queries.
│ │ │ │query, server
server, query
Limits the number of active concurrent connections on a per-listener basis.
│ │ │ │server
Specifies the TCP port number the server uses to receive and send unencrypted DNS traffic via HTTP.
│ │ │ │query, server
server, query
Limits the number of active concurrent HTTP/2 streams on a per-connection basis.
│ │ │ │server
Specifies the TCP port number the server uses to receive and send DNS-over-HTTPS protocol traffic.
│ │ │ │query, server
server, query
Specifies the view in which a given zone is defined.
│ │ │ │zone, view
view, zone
Specifies a TCP socket as a control channel.
│ │ │ │server
Enables automatic IPv4 zones if a dns64
block is configured.
query
Specifies the name of the server for the IPV4ONLY.ARPA zone created by dns64
.
query, server
server, query
Specifies the prefix lengths of IPv6 address blocks.
│ │ │ │server
Indicates the directory where public and private DNSSEC key files are found.
│ │ │ │dnssec
Specifies the path to a file containing the private TLS key for a connection.
│ │ │ │security, server
server, security
Specifies one or more server_key
s to be used with a remote server.
security, server
server, security
Sets the resolver's lame cache.
│ │ │ │server
Specifies the IPv6 addresses on which a server listens for DNS queries.
│ │ │ │server
Specifies a per-listener quota for active connections.
│ │ │ │query, server
server, query
Sets a maximum size for the memory map of the new-zone database in LMDB database format.
│ │ │ │server
Specifies an access control list (ACL) of IPv4 addresses that are to be mapped to the corresponding A RRset in dns64
.
query
Specifies the file format of zone files.
│ │ │ │zone, server
server, zone
Specifies the format of zone files during a dump, when the masterfile-format
is text
.
server
Specifies the maximum retention time (in seconds) for storage of negative answers in the server's cache.
│ │ │ │server
Sets the maximum number of records permitted in a zone.
│ │ │ │zone, server
server, zone
Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.
│ │ │ │server
Sets the maximum number of iterative queries while servicing a recursive query.
│ │ │ │query, server
server, query
Limits the zone refresh interval to no less often than the specified value, in seconds.
│ │ │ │transfer
Specifies a maximum permissible time-to-live (TTL) value, in seconds.
│ │ │ │deprecated
Controls whether memory statistics are written to the file specified by memstatistics-file
at exit.
logging, server
server, logging
Sets the pathname of the file where the server writes memory usage statistics on exit.
│ │ │ │logging
Controls whether NOTIFY
messages are sent on zone changes.
transfer
Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │transfer, zone
zone, transfer
Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │transfer, zone
zone, transfer
Defines the IPv4 address (and optional port) to be used for outgoing NOTIFY
messages.
transfer
Configures plugins in named.conf
.
server
Specifies the UDP/TCP port number the server uses to receive and send DNS protocol traffic.
│ │ │ │query, server
server, query
Specifies that server ciphers should be preferred over client ones.
│ │ │ │security, server
server, security
Controls the order of glue records in an A or AAAA response.
│ │ │ │query
Controls the IPv6 address from which queries are issued.
│ │ │ │query
Specifies whether query logging should be active when named
first starts.
logging, server
server, logging
Controls excessive UDP responses, to prevent BIND 9 from being used to amplify reflection denial-of-service (DoS) attacks.
│ │ │ │query
Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.
│ │ │ │query
Specifies response policy zones for the view or among global options.
│ │ │ │security, zone, query, server
server, zone, query, security
Limits the number of non-empty responses for a valid domain name and record type.
│ │ │ │query
Controls the ordering of RRs returned to the client, based on the client's IP address.
│ │ │ │query
Defines the amount of time (in milliseconds) that named
waits before attempting to answer a query with a stale RRset from cache.
query, server
server, query
Enables the returning of "stale" cached answers when the name servers for a zone are not answering.
│ │ │ │query, server
server, query
Specifies the time to live (TTL) to be returned on stale answers, in seconds.
│ │ │ │query
Enables the retention of "stale" cached answers.
│ │ │ │query, server
server, query
Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │query, server
server, query
Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │transfer, zone
zone, transfer
Specifies the communication channels to be used by system administrators to access statistics information on the name server.
│ │ │ │logging
Specifies the pathname of the file where the server appends statistics, when using rndc stats
.
logging, server
server, logging
Directs the logging channel output to the server's standard error stream.
│ │ │ │logging
Specifies the maximum number of concurrent HTTP/2 streams over an HTTP/2 connection.
│ │ │ │query, server
server, query
Defines trailing bits for mapped IPv4 address bits in dns64
.
query
Sets the amount of time (in milliseconds) that the server waits on an idle TCP connection before closing it, if the EDNS TCP keepalive option is not in use.
│ │ │ │query
Sets the amount of time (in milliseconds) that the server waits on a new TCP connection for the first message from the client.
│ │ │ │query, server
server, query
Adds EDNS TCP keepalive to messages sent over TCP.
│ │ │ │server
Configures a TLS connection.
│ │ │ │security
Specifies the TCP port number the server uses to receive and send DNS-over-TLS protocol traffic.
│ │ │ │query, server
server, query
Controls whether multiple records can be packed into a message during zone transfers.
│ │ │ │transfer
Specifies a list of ports that are valid sources for UDP/IPv6 messages.
│ │ │ │deprecated
Indicates the number of milliseconds of preference to give to IPv6 name servers.
│ │ │ │query, server
server, query
Specifies a list of domain names at and beneath which DNSSEC validation should not be performed.
│ │ │ │dnssec
Specifies the length of time during which responses are tracked.
│ │ │ │query
Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │zone, query, server
server, zone, query
Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │zone, query, server
server, zone, query
Specifies the zone in a BIND 9 configuration.
│ │ │ │zone
Sets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.
│ │ │ │dnssec, zone
Controls the level of statistics gathered for all zones.
│ │ │ │zone, logging
logging, zone
These tables group the various statements permissible in named.conf
by
│ │ │ │ ├── html2text {}
│ │ │ │ │ @@ -2364,1178 +2364,1178 @@
│ │ │ │ │ _Z_o_n_e_ _T_a_g_ _S_t_a_t_e_m_e_n_t_s relate to or control zone behavior, and typically only
│ │ │ │ │ appear in a zone block.
│ │ │ │ │ _D_e_p_r_e_c_a_t_e_d_ _T_a_g_ _S_t_a_t_e_m_e_n_t_s are those that are now deprecated, but are included
│ │ │ │ │ here for historical reference.
│ │ │ │ │ The following table lists all statements permissible in named.conf, with their
│ │ │ │ │ associated tags; the next section groups the statements by tag. Please note
│ │ │ │ │ that these sections are a work in progress.
│ │ │ │ │ -SSttaatteemmeenntt DDeessccrriippttiioonn TTaaggss
│ │ │ │ │ -_a_c_l Assigns a symbolic name to server
│ │ │ │ │ - an address match list.
│ │ │ │ │ -_a_l_g_o_r_i_t_h_m Defines the algorithm to be security
│ │ │ │ │ - used in a key clause.
│ │ │ │ │ -_a_l_l_-_p_e_r_-_s_e_c_o_n_d Limits UDP responses of all query
│ │ │ │ │ - kinds.
│ │ │ │ │ - Controls the ability to add
│ │ │ │ │ -_a_l_l_o_w_-_n_e_w_-_z_o_n_e_s zones at runtime via _r_n_d_c zone, server
│ │ │ │ │ - _a_d_d_z_o_n_e.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t that is
│ │ │ │ │ - allowed to send NOTIFY
│ │ │ │ │ -_a_l_l_o_w_-_n_o_t_i_f_y messages for the zone, in transfer
│ │ │ │ │ - addition to addresses
│ │ │ │ │ - defined in the _p_r_i_m_a_r_i_e_s
│ │ │ │ │ - option for the zone.
│ │ │ │ │ - Defines an
│ │ │ │ │ -_a_l_l_o_w_-_p_r_o_x_y _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the server
│ │ │ │ │ - client addresses allowed to
│ │ │ │ │ - send PROXYv2 headers.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the
│ │ │ │ │ - interface addresses allowed
│ │ │ │ │ -_a_l_l_o_w_-_p_r_o_x_y_-_o_n to accept PROXYv2 headers. server
│ │ │ │ │ - The option is mostly
│ │ │ │ │ - intended for multi-homed
│ │ │ │ │ - configurations.
│ │ │ │ │ - Specifies which hosts (an IP
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y address list) are allowed to query
│ │ │ │ │ - send queries to this
│ │ │ │ │ - resolver.
│ │ │ │ │ - Specifies which hosts (an IP
│ │ │ │ │ - address list) can access
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e this server's cache and thus query
│ │ │ │ │ - effectively controls
│ │ │ │ │ - recursion.
│ │ │ │ │ - Specifies which hosts (an IP
│ │ │ │ │ - address list) can access
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e_-_o_n this server's cache. Used on query
│ │ │ │ │ - servers with multiple
│ │ │ │ │ - interfaces.
│ │ │ │ │ - Specifies which local
│ │ │ │ │ - addresses (an IP address
│ │ │ │ │ -_a_l_l_o_w_-_q_u_e_r_y_-_o_n list) are allowed to send query
│ │ │ │ │ - queries to this resolver.
│ │ │ │ │ - Used in multi-homed
│ │ │ │ │ - configurations.
│ │ │ │ │ - Defines an
│ │ │ │ │ -_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of query
│ │ │ │ │ - clients that are allowed to
│ │ │ │ │ - perform recursive queries.
│ │ │ │ │ - Specifies which local
│ │ │ │ │ -_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n_-_o_n addresses can accept query, server
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_a_l_l_o_w_-_t_r_a_n_s_f_e_r that are allowed to transfer transfer
│ │ │ │ │ - the zone information from
│ │ │ │ │ - this server.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_a_l_l_o_w_-_u_p_d_a_t_e that are allowed to submit transfer
│ │ │ │ │ - dynamic updates for primary
│ │ │ │ │ - zones.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_a_l_l_o_w_-_u_p_d_a_t_e_-_f_o_r_w_a_r_d_i_n_g that are allowed to submit transfer
│ │ │ │ │ - dynamic updates to a
│ │ │ │ │ - secondary server for
│ │ │ │ │ - transmission to a primary.
│ │ │ │ │ - Defines one or more hosts
│ │ │ │ │ -_a_l_s_o_-_n_o_t_i_f_y that are sent NOTIFY transfer
│ │ │ │ │ - messages when zone changes
│ │ │ │ │ - occur.
│ │ │ │ │ - Controls whether COOKIE EDNS
│ │ │ │ │ -_a_n_s_w_e_r_-_c_o_o_k_i_e replies are sent in response query
│ │ │ │ │ - to client queries.
│ │ │ │ │ - Allows multiple views to
│ │ │ │ │ -_a_t_t_a_c_h_-_c_a_c_h_e share a single cache view
│ │ │ │ │ - database.
│ │ │ │ │ - Controls whether BIND,
│ │ │ │ │ - acting as a resolver,
│ │ │ │ │ -_a_u_t_h_-_n_x_d_o_m_a_i_n provides authoritative query
│ │ │ │ │ - NXDOMAIN (domain does not
│ │ │ │ │ - exist) answers.
│ │ │ │ │ - Controls the automatic
│ │ │ │ │ -_a_u_t_o_m_a_t_i_c_-_i_n_t_e_r_f_a_c_e_-_s_c_a_n rescanning of network server
│ │ │ │ │ - interfaces when addresses
│ │ │ │ │ - are added or removed.
│ │ │ │ │ - Specifies the range(s) of
│ │ │ │ │ -_a_v_o_i_d_-_v_4_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ - use as sources for UDP/IPv4
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the range(s) of
│ │ │ │ │ -_a_v_o_i_d_-_v_6_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ - use as sources for UDP/IPv6
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the pathname of a
│ │ │ │ │ -_b_i_n_d_k_e_y_s_-_f_i_l_e file to override the built- dnssec
│ │ │ │ │ - in trusted keys provided by
│ │ │ │ │ - _n_a_m_e_d.
│ │ │ │ │ - Defines an
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ -_b_l_a_c_k_h_o_l_e to ignore. The server will query
│ │ │ │ │ - neither respond to queries
│ │ │ │ │ - from nor send queries to
│ │ │ │ │ - these addresses.
│ │ │ │ │ -_b_o_g_u_s Allows a remote server to be server
│ │ │ │ │ - ignored.
│ │ │ │ │ - Enables _d_n_s_6_4 synthesis even
│ │ │ │ │ -_b_r_e_a_k_-_d_n_s_s_e_c if the validated result query
│ │ │ │ │ - would cause a DNSSEC
│ │ │ │ │ - validation failure.
│ │ │ │ │ -_b_u_f_f_e_r_e_d Controls flushing of log logging
│ │ │ │ │ - messages.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ - containing TLS certificates
│ │ │ │ │ -_c_a_-_f_i_l_e for trusted CA authorities, security, server
│ │ │ │ │ - used to verify remote peer
│ │ │ │ │ - certificates.
│ │ │ │ │ -_c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone
│ │ │ │ │ - _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ - Specifies the type of data
│ │ │ │ │ -_c_a_t_e_g_o_r_y logged to a particular logging
│ │ │ │ │ - channel.
│ │ │ │ │ - Specifies whether a CDNSKEY
│ │ │ │ │ -_c_d_n_s_k_e_y record should be published dnssec
│ │ │ │ │ - during KSK rollover.
│ │ │ │ │ - Specifies the digest types
│ │ │ │ │ -_c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec
│ │ │ │ │ - records.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ -_c_e_r_t_-_f_i_l_e containing the TLS security, server
│ │ │ │ │ - certificate for a
│ │ │ │ │ - connection.
│ │ │ │ │ - Defines a stream of data
│ │ │ │ │ -_c_h_a_n_n_e_l that can be independently logging
│ │ │ │ │ - logged.
│ │ │ │ │ - Checks primary zones for
│ │ │ │ │ - records that are treated as
│ │ │ │ │ -_c_h_e_c_k_-_d_u_p_-_r_e_c_o_r_d_s different by DNSSEC but are dnssec, query
│ │ │ │ │ - semantically equal in plain
│ │ │ │ │ - DNS.
│ │ │ │ │ - Performs post-load zone
│ │ │ │ │ -_c_h_e_c_k_-_i_n_t_e_g_r_i_t_y integrity checks on primary zone
│ │ │ │ │ - zones.
│ │ │ │ │ - Checks whether an MX record
│ │ │ │ │ -_c_h_e_c_k_-_m_x appears to refer to an IP zone
│ │ │ │ │ - address.
│ │ │ │ │ - Sets the response to MX
│ │ │ │ │ -_c_h_e_c_k_-_m_x_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ - CNAMEs.
│ │ │ │ │ - Restricts the character set
│ │ │ │ │ - and syntax of certain domain
│ │ │ │ │ -_c_h_e_c_k_-_n_a_m_e_s names in primary files and/ query, server
│ │ │ │ │ - or DNS responses received
│ │ │ │ │ - from the network.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ -_c_h_e_c_k_-_s_i_b_l_i_n_g for sibling glue when zone
│ │ │ │ │ - performing integrity checks.
│ │ │ │ │ - Specifies whether to check
│ │ │ │ │ -_c_h_e_c_k_-_s_p_f for a TXT Sender Policy zone
│ │ │ │ │ - Framework record, if an SPF
│ │ │ │ │ - record is present.
│ │ │ │ │ - Sets the response to SRV
│ │ │ │ │ -_c_h_e_c_k_-_s_r_v_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ - CNAMEs.
│ │ │ │ │ - Specifies whether to perform
│ │ │ │ │ -_c_h_e_c_k_-_s_v_c_b additional checks on SVCB zone
│ │ │ │ │ - records.
│ │ │ │ │ -_c_h_e_c_k_-_w_i_l_d_c_a_r_d Checks for non-terminal zone
│ │ │ │ │ - wildcards.
│ │ │ │ │ -_c_h_e_c_k_d_s Controls whether DS queries dnssec
│ │ │ │ │ - are sent to parental agents.
│ │ │ │ │ -_c_i_p_h_e_r_s Specifies a list of allowed security
│ │ │ │ │ - ciphers.
│ │ │ │ │ - Specifies an access control
│ │ │ │ │ -_c_l_i_e_n_t_s list (ACL) of clients that query
│ │ │ │ │ - are affected by a given
│ │ │ │ │ - _d_n_s_6_4 directive.
│ │ │ │ │ - Sets the initial minimum
│ │ │ │ │ - number of simultaneous
│ │ │ │ │ -_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y recursive clients accepted server
│ │ │ │ │ - by the server for any given
│ │ │ │ │ - query before the server
│ │ │ │ │ - drops additional clients.
│ │ │ │ │ - Specifies control channels
│ │ │ │ │ -_c_o_n_t_r_o_l_s to be used to manage the server
│ │ │ │ │ - name server.
│ │ │ │ │ - Sets the algorithm to be
│ │ │ │ │ -_c_o_o_k_i_e_-_a_l_g_o_r_i_t_h_m used when generating a server
│ │ │ │ │ - server cookie.
│ │ │ │ │ - Specifies a shared secret
│ │ │ │ │ - used for generating and
│ │ │ │ │ -_c_o_o_k_i_e_-_s_e_c_r_e_t verifying EDNS COOKIE server
│ │ │ │ │ - options within an anycast
│ │ │ │ │ - cluster.
│ │ │ │ │ - Specifies the type of
│ │ │ │ │ -_d_a_t_a_b_a_s_e database to be used to store zone
│ │ │ │ │ - zone data.
│ │ │ │ │ - Rejects A or AAAA records if
│ │ │ │ │ -_d_e_n_y_-_a_n_s_w_e_r_-_a_d_d_r_e_s_s_e_s the corresponding IPv4 or query
│ │ │ │ │ - IPv6 addresses match a given
│ │ │ │ │ - _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t.
│ │ │ │ │ - Rejects CNAME or DNAME
│ │ │ │ │ -_d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query
│ │ │ │ │ - matches a given list of
│ │ │ │ │ - _d_o_m_a_i_n___n_a_m_e elements.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ -_d_h_p_a_r_a_m_-_f_i_l_e containing Diffie-Hellman security, server
│ │ │ │ │ - parameters, for enabling
│ │ │ │ │ - cipher suites.
│ │ │ │ │ - Concentrates zone
│ │ │ │ │ - maintenance so that all
│ │ │ │ │ -_d_i_a_l_u_p transfers take place once deprecated
│ │ │ │ │ - every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l,
│ │ │ │ │ - ideally during a single
│ │ │ │ │ - call.
│ │ │ │ │ -_d_i_r_e_c_t_o_r_y Sets the server's working server
│ │ │ │ │ - directory.
│ │ │ │ │ -_d_i_s_a_b_l_e_-_a_l_g_o_r_i_t_h_m_s Disables DNSSEC algorithms dnssec
│ │ │ │ │ - from a specified zone.
│ │ │ │ │ -_d_i_s_a_b_l_e_-_d_s_-_d_i_g_e_s_t_s Disables DS digest types dnssec, zone
│ │ │ │ │ - from a specified zone.
│ │ │ │ │ -_d_i_s_a_b_l_e_-_e_m_p_t_y_-_z_o_n_e Disables individual empty zone, server
│ │ │ │ │ - zones.
│ │ │ │ │ - Configures a Dynamically
│ │ │ │ │ -_d_l_z Loadable Zone (DLZ) database zone
│ │ │ │ │ - in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ - Instructs _n_a_m_e_d to return
│ │ │ │ │ -_d_n_s_6_4 mapped IPv4 addresses to query
│ │ │ │ │ - AAAA queries when there are
│ │ │ │ │ - no AAAA records.
│ │ │ │ │ -_d_n_s_6_4_-_c_o_n_t_a_c_t Specifies the name of the server
│ │ │ │ │ - contact for _d_n_s_6_4 zones.
│ │ │ │ │ -_d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server
│ │ │ │ │ - server for _d_n_s_6_4 zones.
│ │ │ │ │ -_d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete
│ │ │ │ │ - Specifies the time to live
│ │ │ │ │ -_d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec
│ │ │ │ │ - records.
│ │ │ │ │ - Turns on the DNS Response
│ │ │ │ │ -_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) security, server
│ │ │ │ │ - interface.
│ │ │ │ │ - Turns on the DNS Response
│ │ │ │ │ -_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) security, server
│ │ │ │ │ - interface.
│ │ │ │ │ - Provides additional RPZ
│ │ │ │ │ - configuration settings,
│ │ │ │ │ -_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS security, server
│ │ │ │ │ - Response Policy Service
│ │ │ │ │ - (DNSRPS) provider library.
│ │ │ │ │ - Instructs BIND 9 to accept
│ │ │ │ │ -_d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec
│ │ │ │ │ - when validating.
│ │ │ │ │ -_d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete
│ │ │ │ │ - Sets the frequency of
│ │ │ │ │ -_d_n_s_s_e_c_-_l_o_a_d_k_e_y_s_-_i_n_t_e_r_v_a_l automatic checks of the dnssec
│ │ │ │ │ - DNSSEC key repository.
│ │ │ │ │ - Defines hierarchies that
│ │ │ │ │ -_d_n_s_s_e_c_-_m_u_s_t_-_b_e_-_s_e_c_u_r_e must or may not be secure deprecated
│ │ │ │ │ - (signed and validated).
│ │ │ │ │ -_d_n_s_s_e_c_-_p_o_l_i_c_y Defines a key and signing dnssec
│ │ │ │ │ - policy (KASP) for zones.
│ │ │ │ │ -_d_n_s_s_e_c_-_s_e_c_u_r_e_-_t_o_-_i_n_s_e_c_u_r_e obsolete
│ │ │ │ │ -_d_n_s_s_e_c_-_u_p_d_a_t_e_-_m_o_d_e obsolete
│ │ │ │ │ -_d_n_s_s_e_c_-_v_a_l_i_d_a_t_i_o_n Enables DNSSEC validation in dnssec
│ │ │ │ │ - _n_a_m_e_d.
│ │ │ │ │ -_d_n_s_t_a_p Enables logging of _d_n_s_t_a_p logging
│ │ │ │ │ - messages.
│ │ │ │ │ -_d_n_s_t_a_p_-_i_d_e_n_t_i_t_y Specifies an identity string logging
│ │ │ │ │ - to send in _d_n_s_t_a_p messages.
│ │ │ │ │ - Configures the path to which
│ │ │ │ │ -_d_n_s_t_a_p_-_o_u_t_p_u_t the _d_n_s_t_a_p frame stream is logging
│ │ │ │ │ - sent.
│ │ │ │ │ -_d_n_s_t_a_p_-_v_e_r_s_i_o_n Specifies a _v_e_r_s_i_o_n string logging
│ │ │ │ │ - to send in _d_n_s_t_a_p messages.
│ │ │ │ │ - Specifies host names or
│ │ │ │ │ -_d_u_a_l_-_s_t_a_c_k_-_s_e_r_v_e_r_s addresses of machines with server
│ │ │ │ │ - access to both IPv4 and IPv6
│ │ │ │ │ - transports.
│ │ │ │ │ - Indicates the pathname of
│ │ │ │ │ -_d_u_m_p_-_f_i_l_e the file where the server logging
│ │ │ │ │ - dumps the database after
│ │ │ │ │ - _r_n_d_c_ _d_u_m_p_d_b.
│ │ │ │ │ -_d_y_n_d_b Configures a DynDB database zone
│ │ │ │ │ - in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ -_e_d_n_s Controls the use of the server
│ │ │ │ │ - EDNS0 (_RR_FF_CC_ _22_66_77_11) feature.
│ │ │ │ │ - Sets the maximum advertised
│ │ │ │ │ - EDNS UDP buffer size to
│ │ │ │ │ -_e_d_n_s_-_u_d_p_-_s_i_z_e control the size of packets query
│ │ │ │ │ - received from authoritative
│ │ │ │ │ - servers in response to
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Sets the maximum EDNS
│ │ │ │ │ -_e_d_n_s_-_v_e_r_s_i_o_n VERSION that is sent to the server
│ │ │ │ │ - server(s) by the resolver.
│ │ │ │ │ - Specifies the contact name
│ │ │ │ │ -_e_m_p_t_y_-_c_o_n_t_a_c_t in the returned SOA record zone, server
│ │ │ │ │ - for empty zones.
│ │ │ │ │ - Specifies the server name in
│ │ │ │ │ -_e_m_p_t_y_-_s_e_r_v_e_r the returned SOA record for zone, server
│ │ │ │ │ - empty zones.
│ │ │ │ │ -_e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all zone, server
│ │ │ │ │ - empty zones.
│ │ │ │ │ - Specifies a list of HTTP
│ │ │ │ │ -_e_n_d_p_o_i_n_t_s query paths on which to query, server
│ │ │ │ │ - listen.
│ │ │ │ │ - Limits the number of errors
│ │ │ │ │ -_e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server
│ │ │ │ │ - record type.
│ │ │ │ │ - Allows a list of IPv6
│ │ │ │ │ - addresses to be ignored if
│ │ │ │ │ -_e_x_c_l_u_d_e they appear in a domain query
│ │ │ │ │ - name's AAAA records in
│ │ │ │ │ - _d_n_s_6_4.
│ │ │ │ │ - Exempts specific clients or
│ │ │ │ │ -_e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query
│ │ │ │ │ - limiting.
│ │ │ │ │ - Sets the parameters for
│ │ │ │ │ - dynamic resizing of the
│ │ │ │ │ -_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in query, server
│ │ │ │ │ - response to detected
│ │ │ │ │ - congestion.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous iterative
│ │ │ │ │ - queries allowed to be sent
│ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream query, server
│ │ │ │ │ - name server before the
│ │ │ │ │ - server blocks additional
│ │ │ │ │ - queries.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous iterative
│ │ │ │ │ -_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one query, server
│ │ │ │ │ - domain before the server
│ │ │ │ │ - blocks new queries for data
│ │ │ │ │ - in or beneath that zone.
│ │ │ │ │ -_f_i_l_e Specifies the zone's zone
│ │ │ │ │ - filename.
│ │ │ │ │ - Controls whether pending
│ │ │ │ │ -_f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed when zone
│ │ │ │ │ - the name server exits.
│ │ │ │ │ - Allows or disallows fallback
│ │ │ │ │ - to recursion if forwarding
│ │ │ │ │ -_f_o_r_w_a_r_d has failed; it is always query
│ │ │ │ │ - used in conjunction with the
│ │ │ │ │ - _f_o_r_w_a_r_d_e_r_s statement.
│ │ │ │ │ -_f_o_r_w_a_r_d_e_r_s Defines one or more hosts to query
│ │ │ │ │ - which queries are forwarded.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_b_u_f_f_e_r_-_h_i_n_t accumulated bytes in the logging
│ │ │ │ │ - output buffer before forcing
│ │ │ │ │ - a buffer flush.
│ │ │ │ │ - Sets the number of seconds
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_f_l_u_s_h_-_t_i_m_e_o_u_t that unflushed data remains logging
│ │ │ │ │ - in the output buffer.
│ │ │ │ │ - Sets the number of queue
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_i_n_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries to allocate for each logging
│ │ │ │ │ - input queue.
│ │ │ │ │ - Sets the number of
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_n_o_t_i_f_y_- outstanding queue entries
│ │ │ │ │ -_t_h_r_e_s_h_o_l_d allowed on an input queue logging
│ │ │ │ │ - before waking the I/
│ │ │ │ │ - O thread.
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_- Sets the queuing semantics logging
│ │ │ │ │ -_m_o_d_e_l to use for queue objects.
│ │ │ │ │ - Sets the number of queue
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries allocated for each logging
│ │ │ │ │ - output queue.
│ │ │ │ │ - Sets the number of seconds
│ │ │ │ │ -_f_s_t_r_m_-_s_e_t_-_r_e_o_p_e_n_-_i_n_t_e_r_v_a_l to wait between attempts to logging
│ │ │ │ │ - reopen a closed output
│ │ │ │ │ - stream.
│ │ │ │ │ - Specifies the directory
│ │ │ │ │ -_g_e_o_i_p_-_d_i_r_e_c_t_o_r_y containing GeoIP database server
│ │ │ │ │ - files.
│ │ │ │ │ - Sets the interval at which
│ │ │ │ │ -_h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l the server performs zone deprecated
│ │ │ │ │ - maintenance tasks for all
│ │ │ │ │ - zones marked as _d_i_a_l_u_p.
│ │ │ │ │ - Specifies the hostname of
│ │ │ │ │ -_h_o_s_t_n_a_m_e the server to return in server
│ │ │ │ │ - response to a hostname.bind
│ │ │ │ │ - query.
│ │ │ │ │ - Configures HTTP endpoints on
│ │ │ │ │ -_h_t_t_p which to listen for DNS- query, server
│ │ │ │ │ - over-HTTPS (DoH) queries.
│ │ │ │ │ - Limits the number of active
│ │ │ │ │ -_h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server
│ │ │ │ │ - per-listener basis.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -_h_t_t_p_-_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send unencrypted
│ │ │ │ │ - DNS traffic via HTTP.
│ │ │ │ │ - Limits the number of active
│ │ │ │ │ -_h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams on server
│ │ │ │ │ - a per-connection basis.
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -_h_t_t_p_s_-_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send DNS-over-
│ │ │ │ │ - HTTPS protocol traffic.
│ │ │ │ │ -_i_n_-_v_i_e_w Specifies the view in which zone, view
│ │ │ │ │ - a given zone is defined.
│ │ │ │ │ -_i_n_e_t Specifies a TCP socket as a server
│ │ │ │ │ - control channel.
│ │ │ │ │ - Specifies whether BIND 9
│ │ │ │ │ -_i_n_l_i_n_e_-_s_i_g_n_i_n_g maintains a separate signed dnssec, zone
│ │ │ │ │ - version of a zone.
│ │ │ │ │ - Sets the interval at which
│ │ │ │ │ -_i_n_t_e_r_f_a_c_e_-_i_n_t_e_r_v_a_l the server scans the network server
│ │ │ │ │ - interface list.
│ │ │ │ │ -_i_p_v_4_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server
│ │ │ │ │ - of IPv4 address blocks.
│ │ │ │ │ - Specifies the contact for
│ │ │ │ │ -_i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server
│ │ │ │ │ - created by _d_n_s_6_4.
│ │ │ │ │ - Enables automatic IPv4 zones
│ │ │ │ │ -_i_p_v_4_o_n_l_y_-_e_n_a_b_l_e if a _d_n_s_6_4 block is query
│ │ │ │ │ - configured.
│ │ │ │ │ - Specifies the name of the
│ │ │ │ │ -_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the IPV4ONLY.ARPA query, server
│ │ │ │ │ - zone created by _d_n_s_6_4.
│ │ │ │ │ -_i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server
│ │ │ │ │ - of IPv6 address blocks.
│ │ │ │ │ -_i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer
│ │ │ │ │ - are calculated.
│ │ │ │ │ -_j_o_u_r_n_a_l Allows the default journal's zone
│ │ │ │ │ - filename to be overridden.
│ │ │ │ │ - Defines a shared secret key
│ │ │ │ │ -_k_e_y for use with _T_S_I_G or the security
│ │ │ │ │ - command channel.
│ │ │ │ │ - Indicates the directory
│ │ │ │ │ -_k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec
│ │ │ │ │ - DNSSEC key files are found.
│ │ │ │ │ - Specifies the path to a file
│ │ │ │ │ -_k_e_y_-_f_i_l_e containing the private TLS security, server
│ │ │ │ │ - key for a connection.
│ │ │ │ │ - Specifies one or more
│ │ │ │ │ -_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used with security, server
│ │ │ │ │ - a remote server.
│ │ │ │ │ -_l_a_m_e_-_t_t_l Sets the resolver's lame server
│ │ │ │ │ - cache.
│ │ │ │ │ - Specifies the IPv4 addresses
│ │ │ │ │ -_l_i_s_t_e_n_-_o_n on which a server listens server
│ │ │ │ │ - for DNS queries.
│ │ │ │ │ - Specifies the IPv6 addresses
│ │ │ │ │ -_l_i_s_t_e_n_-_o_n_-_v_6 on which a server listens server
│ │ │ │ │ - for DNS queries.
│ │ │ │ │ - Specifies a per-listener
│ │ │ │ │ -_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active query, server
│ │ │ │ │ - connections.
│ │ │ │ │ - Sets a maximum size for the
│ │ │ │ │ -_l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server
│ │ │ │ │ - database in LMDB database
│ │ │ │ │ - format.
│ │ │ │ │ - Tests rate-limiting
│ │ │ │ │ -_l_o_g_-_o_n_l_y parameters without actually logging, query
│ │ │ │ │ - dropping any requests.
│ │ │ │ │ -_l_o_g_g_i_n_g Configures logging options logging
│ │ │ │ │ - for the name server.
│ │ │ │ │ -_m_a_n_a_g_e_d_-_k_e_y_s deprecated
│ │ │ │ │ - Specifies the directory in
│ │ │ │ │ -_m_a_n_a_g_e_d_-_k_e_y_s_-_d_i_r_e_c_t_o_r_y which to store the files dnssec
│ │ │ │ │ - that track managed DNSSEC
│ │ │ │ │ - keys.
│ │ │ │ │ - Specifies an access control
│ │ │ │ │ - list (ACL) of IPv4 addresses
│ │ │ │ │ -_m_a_p_p_e_d that are to be mapped to the query
│ │ │ │ │ - corresponding A RRset in
│ │ │ │ │ - _d_n_s_6_4.
│ │ │ │ │ -_m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t Specifies the file format of zone, server
│ │ │ │ │ - zone files.
│ │ │ │ │ - Specifies the format of zone
│ │ │ │ │ -_m_a_s_t_e_r_f_i_l_e_-_s_t_y_l_e files during a dump, when server
│ │ │ │ │ - the _m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t is
│ │ │ │ │ - text.
│ │ │ │ │ - Specifies a view of DNS
│ │ │ │ │ -_m_a_t_c_h_-_c_l_i_e_n_t_s namespace for a given subset view
│ │ │ │ │ - of client IP addresses.
│ │ │ │ │ - Specifies a view of DNS
│ │ │ │ │ -_m_a_t_c_h_-_d_e_s_t_i_n_a_t_i_o_n_s namespace for a given subset view
│ │ │ │ │ - of destination IP addresses.
│ │ │ │ │ - Allows IPv4-mapped IPv6
│ │ │ │ │ - addresses to match address-
│ │ │ │ │ -_m_a_t_c_h_-_m_a_p_p_e_d_-_a_d_d_r_e_s_s_e_s match list entries for server
│ │ │ │ │ - corresponding IPv4
│ │ │ │ │ - addresses.
│ │ │ │ │ - Specifies that only
│ │ │ │ │ -_m_a_t_c_h_-_r_e_c_u_r_s_i_v_e_-_o_n_l_y recursive requests can match view
│ │ │ │ │ - this view of the DNS
│ │ │ │ │ - namespace.
│ │ │ │ │ - Sets the maximum amount of
│ │ │ │ │ -_m_a_x_-_c_a_c_h_e_-_s_i_z_e memory to use for an server
│ │ │ │ │ - individual cache database
│ │ │ │ │ - and its associated metadata.
│ │ │ │ │ - Specifies the maximum time
│ │ │ │ │ -_m_a_x_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server
│ │ │ │ │ - caches ordinary (positive)
│ │ │ │ │ - answers.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - simultaneous recursive
│ │ │ │ │ -_m_a_x_-_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y clients accepted by the server
│ │ │ │ │ - server for any given query
│ │ │ │ │ - before the server drops
│ │ │ │ │ - additional clients.
│ │ │ │ │ - Sets the maximum size for
│ │ │ │ │ -_m_a_x_-_i_x_f_r_-_r_a_t_i_o IXFR responses to zone transfer
│ │ │ │ │ - transfer requests.
│ │ │ │ │ -_m_a_x_-_j_o_u_r_n_a_l_-_s_i_z_e Controls the size of journal transfer
│ │ │ │ │ - files.
│ │ │ │ │ - Specifies the maximum
│ │ │ │ │ - retention time (in seconds)
│ │ │ │ │ -_m_a_x_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ - answers in the server's
│ │ │ │ │ - cache.
│ │ │ │ │ -_m_a_x_-_r_e_c_o_r_d_s Sets the maximum number of zone, server
│ │ │ │ │ - records permitted in a zone.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ - levels of recursion
│ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server
│ │ │ │ │ - while servicing a recursive
│ │ │ │ │ - query.
│ │ │ │ │ - Sets the maximum number of
│ │ │ │ │ -_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while query, server
│ │ │ │ │ - servicing a recursive query.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer
│ │ │ │ │ - than the specified value, in
│ │ │ │ │ - seconds.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_a_x_-_r_e_t_r_y_-_t_i_m_e retry interval to no less transfer
│ │ │ │ │ - often than the specified
│ │ │ │ │ - value, in seconds.
│ │ │ │ │ - Sets the maximum RSA
│ │ │ │ │ -_m_a_x_-_r_s_a_-_e_x_p_o_n_e_n_t_-_s_i_z_e exponent size (in bits) when dnssec, query
│ │ │ │ │ - validating.
│ │ │ │ │ - Specifies the maximum time
│ │ │ │ │ - that the server retains
│ │ │ │ │ -_m_a_x_-_s_t_a_l_e_-_t_t_l records past their normal server
│ │ │ │ │ - expiry, to return them as
│ │ │ │ │ - stale records.
│ │ │ │ │ - Sets the maximum size of the
│ │ │ │ │ -_m_a_x_-_t_a_b_l_e_-_s_i_z_e table used to track requests server
│ │ │ │ │ - and rate-limit responses.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ - zone transfers making no
│ │ │ │ │ - progress are terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_o_u_t minutes after which outbound transfer
│ │ │ │ │ - zone transfers making no
│ │ │ │ │ - progress are terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ - zone transfers are
│ │ │ │ │ - terminated.
│ │ │ │ │ - Specifies the number of
│ │ │ │ │ -_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_o_u_t minutes after which outbound transfer
│ │ │ │ │ - zone transfers are
│ │ │ │ │ - terminated.
│ │ │ │ │ -_m_a_x_-_u_d_p_-_s_i_z_e Sets the maximum EDNS UDP query
│ │ │ │ │ - message size sent by _n_a_m_e_d.
│ │ │ │ │ - Set the maximum number of
│ │ │ │ │ -_m_a_x_-_v_a_l_i_d_a_t_i_o_n_-_f_a_i_l_u_r_e_s_- DNSSEC validation failures server
│ │ │ │ │ -_p_e_r_-_f_e_t_c_h that can happen in single
│ │ │ │ │ - fetch
│ │ │ │ │ - Set the maximum number of
│ │ │ │ │ -_m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server
│ │ │ │ │ - happen in single fetch
│ │ │ │ │ - Specifies a maximum
│ │ │ │ │ -_m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated
│ │ │ │ │ - (TTL) value, in seconds.
│ │ │ │ │ - Controls whether memory
│ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to logging, server
│ │ │ │ │ - the file specified by
│ │ │ │ │ - _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit.
│ │ │ │ │ - Sets the pathname of the
│ │ │ │ │ -_m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server writes logging
│ │ │ │ │ - memory usage statistics on
│ │ │ │ │ - exit.
│ │ │ │ │ - Controls whether DNS name
│ │ │ │ │ -_m_e_s_s_a_g_e_-_c_o_m_p_r_e_s_s_i_o_n compression is used in query
│ │ │ │ │ - responses to regular
│ │ │ │ │ - queries.
│ │ │ │ │ - Specifies the minimum time
│ │ │ │ │ -_m_i_n_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server
│ │ │ │ │ - caches ordinary (positive)
│ │ │ │ │ - answers.
│ │ │ │ │ - Specifies the minimum
│ │ │ │ │ - retention time (in seconds)
│ │ │ │ │ -_m_i_n_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ - answers in the server's
│ │ │ │ │ - cache.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_i_n_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no more often transfer
│ │ │ │ │ - than the specified value, in
│ │ │ │ │ - seconds.
│ │ │ │ │ - Limits the zone refresh
│ │ │ │ │ -_m_i_n_-_r_e_t_r_y_-_t_i_m_e retry interval to no more transfer
│ │ │ │ │ - often than the specified
│ │ │ │ │ - value, in seconds.
│ │ │ │ │ - Sets the minimum size of the
│ │ │ │ │ -_m_i_n_-_t_a_b_l_e_-_s_i_z_e table used to track requests query
│ │ │ │ │ - and rate-limit responses.
│ │ │ │ │ - Controls whether the server
│ │ │ │ │ - replies with only one of the
│ │ │ │ │ -_m_i_n_i_m_a_l_-_a_n_y RRsets for a query name, query
│ │ │ │ │ - when generating a positive
│ │ │ │ │ - response to a query of type
│ │ │ │ │ - ANY over UDP.
│ │ │ │ │ - Controls whether the server
│ │ │ │ │ - only adds records to the
│ │ │ │ │ - authority and additional
│ │ │ │ │ -_m_i_n_i_m_a_l_-_r_e_s_p_o_n_s_e_s data sections when they are query
│ │ │ │ │ - required (e.g. delegations,
│ │ │ │ │ - negative responses). This
│ │ │ │ │ - improves server performance.
│ │ │ │ │ - Controls whether serial
│ │ │ │ │ -_m_u_l_t_i_-_m_a_s_t_e_r number mismatch errors are transfer
│ │ │ │ │ - logged.
│ │ │ │ │ - Specifies the directory
│ │ │ │ │ -_n_e_w_-_z_o_n_e_s_-_d_i_r_e_c_t_o_r_y where configuration zone
│ │ │ │ │ - parameters are stored for
│ │ │ │ │ - zones added by _r_n_d_c_ _a_d_d_z_o_n_e.
│ │ │ │ │ - Specifies a list of
│ │ │ │ │ -_n_o_-_c_a_s_e_-_c_o_m_p_r_e_s_s addresses that require case- server
│ │ │ │ │ - insensitive compression in
│ │ │ │ │ - responses.
│ │ │ │ │ - Sets the maximum size of UDP
│ │ │ │ │ -_n_o_c_o_o_k_i_e_-_u_d_p_-_s_i_z_e responses that are sent to query
│ │ │ │ │ - queries without a valid
│ │ │ │ │ - server COOKIE.
│ │ │ │ │ - Limits the number of empty
│ │ │ │ │ -_n_o_d_a_t_a_-_p_e_r_-_s_e_c_o_n_d (NODATA) responses for a query
│ │ │ │ │ - valid domain name.
│ │ │ │ │ - Controls whether NOTIFY
│ │ │ │ │ -_n_o_t_i_f_y messages are sent on zone transfer
│ │ │ │ │ - changes.
│ │ │ │ │ - Sets the delay (in seconds)
│ │ │ │ │ -_n_o_t_i_f_y_-_d_e_l_a_y between sending sets of transfer, zone
│ │ │ │ │ - NOTIFY messages for a zone.
│ │ │ │ │ - Specifies the rate at which
│ │ │ │ │ -_n_o_t_i_f_y_-_r_a_t_e NOTIFY requests are sent transfer, zone
│ │ │ │ │ - during normal zone
│ │ │ │ │ - maintenance operations.
│ │ │ │ │ - Defines the IPv4 address
│ │ │ │ │ -_n_o_t_i_f_y_-_s_o_u_r_c_e (and optional port) to be transfer
│ │ │ │ │ - used for outgoing NOTIFY
│ │ │ │ │ - messages.
│ │ │ │ │ - Defines the IPv6 address
│ │ │ │ │ -_n_o_t_i_f_y_-_s_o_u_r_c_e_-_v_6 (and optional port) to be transfer
│ │ │ │ │ - used for outgoing NOTIFY
│ │ │ │ │ - messages.
│ │ │ │ │ - Controls whether the name
│ │ │ │ │ -_n_o_t_i_f_y_-_t_o_-_s_o_a servers in the NS RRset are transfer
│ │ │ │ │ - checked against the SOA
│ │ │ │ │ - MNAME.
│ │ │ │ │ - Specifies the use of NSEC3
│ │ │ │ │ -_n_s_e_c_3_p_a_r_a_m instead of NSEC, and sets dnssec
│ │ │ │ │ - NSEC3 parameters.
│ │ │ │ │ - Specifies the lifetime, in
│ │ │ │ │ -_n_t_a_-_l_i_f_e_t_i_m_e seconds, for negative trust dnssec
│ │ │ │ │ - anchors added via _r_n_d_c_ _n_t_a.
│ │ │ │ │ - Specifies the time interval
│ │ │ │ │ - for checking whether
│ │ │ │ │ -_n_t_a_-_r_e_c_h_e_c_k negative trust anchors added dnssec
│ │ │ │ │ - via _r_n_d_c_ _n_t_a are still
│ │ │ │ │ - necessary.
│ │ │ │ │ - Causes all messages sent to
│ │ │ │ │ -_n_u_l_l the logging channel to be logging
│ │ │ │ │ - discarded.
│ │ │ │ │ - Appends the specified suffix
│ │ │ │ │ -_n_x_d_o_m_a_i_n_-_r_e_d_i_r_e_c_t to the original query name, query
│ │ │ │ │ - when replacing an NXDOMAIN
│ │ │ │ │ - with a redirect namespace.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_n_x_d_o_m_a_i_n_s_-_p_e_r_-_s_e_c_o_n_d undefined subdomains for a query
│ │ │ │ │ - valid domain name.
│ │ │ │ │ -_o_p_t_i_o_n_s Defines global options to be server
│ │ │ │ │ - used by BIND 9.
│ │ │ │ │ - Adds EDNS Padding options to
│ │ │ │ │ -_p_a_d_d_i_n_g outgoing messages to server
│ │ │ │ │ - increase the packet size.
│ │ │ │ │ - Sets the time to live (TTL)
│ │ │ │ │ -_p_a_r_e_n_t_-_d_s_-_t_t_l of the DS RRset used by the dnssec
│ │ │ │ │ - parent zone.
│ │ │ │ │ - Sets the propagation delay
│ │ │ │ │ - from the time the parent
│ │ │ │ │ -_p_a_r_e_n_t_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y zone is updated to when the dnssec, zone
│ │ │ │ │ - new version is served by all
│ │ │ │ │ - of the parent zone's name
│ │ │ │ │ - servers.
│ │ │ │ │ - Defines a list of delegation
│ │ │ │ │ -_p_a_r_e_n_t_a_l_-_a_g_e_n_t_s agents to be used by primary zone
│ │ │ │ │ - and secondary zones.
│ │ │ │ │ - Specifies which local IPv4
│ │ │ │ │ -_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e source address is used to dnssec
│ │ │ │ │ - send parental DS queries.
│ │ │ │ │ - Specifies which local IPv6
│ │ │ │ │ -_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e_-_v_6 source address is used to dnssec
│ │ │ │ │ - send parental DS queries.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -_p_i_d_-_f_i_l_e the file where the server server
│ │ │ │ │ - writes its process ID.
│ │ │ │ │ -_p_l_u_g_i_n Configures plugins in server
│ │ │ │ │ - _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ - Specifies the UDP/TCP port
│ │ │ │ │ -_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send DNS
│ │ │ │ │ - protocol traffic.
│ │ │ │ │ - Specifies that server
│ │ │ │ │ -_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred security, server
│ │ │ │ │ - over client ones.
│ │ │ │ │ - Controls the order of glue
│ │ │ │ │ -_p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query
│ │ │ │ │ - response.
│ │ │ │ │ - Specifies the "trigger"
│ │ │ │ │ -_p_r_e_f_e_t_c_h time-to-live (TTL) value at query
│ │ │ │ │ - which prefetch of the
│ │ │ │ │ - current query takes place.
│ │ │ │ │ -_p_r_i_m_a_r_i_e_s Defines one or more primary zone
│ │ │ │ │ - servers for a zone.
│ │ │ │ │ -_p_r_i_n_t_-_c_a_t_e_g_o_r_y Includes the category in log logging
│ │ │ │ │ - messages.
│ │ │ │ │ -_p_r_i_n_t_-_s_e_v_e_r_i_t_y Includes the severity in log logging
│ │ │ │ │ - messages.
│ │ │ │ │ -_p_r_i_n_t_-_t_i_m_e Specifies the time format logging
│ │ │ │ │ - for log messages.
│ │ │ │ │ - Specifies the allowed
│ │ │ │ │ -_p_r_o_t_o_c_o_l_s versions of the TLS security
│ │ │ │ │ - protocol.
│ │ │ │ │ - Controls whether a primary
│ │ │ │ │ - responds to an incremental
│ │ │ │ │ -_p_r_o_v_i_d_e_-_i_x_f_r zone request (IXFR) or only transfer
│ │ │ │ │ - responds with a full zone
│ │ │ │ │ - transfer (AXFR).
│ │ │ │ │ - Increases the amount of time
│ │ │ │ │ - between when keys are
│ │ │ │ │ -_p_u_b_l_i_s_h_-_s_a_f_e_t_y published and when they dnssec
│ │ │ │ │ - become active, to allow for
│ │ │ │ │ - unforeseen events.
│ │ │ │ │ - Specifies the amount of time
│ │ │ │ │ - after which DNSSEC keys that
│ │ │ │ │ -_p_u_r_g_e_-_k_e_y_s have been deleted from the dnssec
│ │ │ │ │ - zone can be removed from
│ │ │ │ │ - disk.
│ │ │ │ │ - Controls QNAME minimization
│ │ │ │ │ -_q_n_a_m_e_-_m_i_n_i_m_i_z_a_t_i_o_n behavior in the BIND 9 query
│ │ │ │ │ - resolver.
│ │ │ │ │ - Tightens defenses during DNS
│ │ │ │ │ -_q_p_s_-_s_c_a_l_e attacks by scaling back the query
│ │ │ │ │ - ratio of the current query-
│ │ │ │ │ - per-second rate.
│ │ │ │ │ - Controls the IPv4 address
│ │ │ │ │ -_q_u_e_r_y_-_s_o_u_r_c_e from which queries are query
│ │ │ │ │ - issued.
│ │ │ │ │ - Controls the IPv6 address
│ │ │ │ │ -_q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query
│ │ │ │ │ - issued.
│ │ │ │ │ - Specifies whether query
│ │ │ │ │ -_q_u_e_r_y_l_o_g logging should be active logging, server
│ │ │ │ │ - when _n_a_m_e_d first starts.
│ │ │ │ │ - Controls excessive UDP
│ │ │ │ │ - responses, to prevent BIND 9
│ │ │ │ │ -_r_a_t_e_-_l_i_m_i_t from being used to amplify query
│ │ │ │ │ - reflection denial-of-service
│ │ │ │ │ - (DoS) attacks.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ - the file where the server
│ │ │ │ │ -_r_e_c_u_r_s_i_n_g_-_f_i_l_e dumps queries that are server
│ │ │ │ │ - currently recursing via _r_n_d_c
│ │ │ │ │ - _r_e_c_u_r_s_i_n_g.
│ │ │ │ │ -_r_e_c_u_r_s_i_o_n Defines whether recursion query
│ │ │ │ │ - and caching are allowed.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_r_e_c_u_r_s_i_v_e_-_c_l_i_e_n_t_s of concurrent recursive query
│ │ │ │ │ - queries the server can
│ │ │ │ │ - perform.
│ │ │ │ │ - Toggles whether _d_n_s_6_4
│ │ │ │ │ -_r_e_c_u_r_s_i_v_e_-_o_n_l_y synthesis occurs only for query
│ │ │ │ │ - recursive queries.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_r_e_f_e_r_r_a_l_s_-_p_e_r_-_s_e_c_o_n_d referrals or delegations to query
│ │ │ │ │ - a server for a given domain.
│ │ │ │ │ - Specifies the expected
│ │ │ │ │ -_r_e_m_o_t_e_-_h_o_s_t_n_a_m_e hostname in the TLS security
│ │ │ │ │ - certificate of the remote
│ │ │ │ │ - server.
│ │ │ │ │ - Specifies whether the local
│ │ │ │ │ -_r_e_q_u_e_s_t_-_e_x_p_i_r_e server requests the EDNS transfer, query
│ │ │ │ │ - EXPIRE value, when acting as
│ │ │ │ │ - a secondary.
│ │ │ │ │ - Controls whether a secondary
│ │ │ │ │ -_r_e_q_u_e_s_t_-_i_x_f_r requests an incremental zone transfer
│ │ │ │ │ - transfer (IXFR) or a full
│ │ │ │ │ - zone transfer (AXFR).
│ │ │ │ │ - Controls whether an empty
│ │ │ │ │ - EDNS(0) NSID (Name Server
│ │ │ │ │ -_r_e_q_u_e_s_t_-_n_s_i_d Identifier) option is sent query
│ │ │ │ │ - with all queries to
│ │ │ │ │ - authoritative name servers
│ │ │ │ │ - during iterative resolution.
│ │ │ │ │ - Controls whether responses
│ │ │ │ │ -_r_e_q_u_i_r_e_-_c_o_o_k_i_e without a server cookie are query
│ │ │ │ │ - accepted
│ │ │ │ │ - Controls whether a valid
│ │ │ │ │ -_r_e_q_u_i_r_e_-_s_e_r_v_e_r_-_c_o_o_k_i_e server cookie is required query
│ │ │ │ │ - before sending a full
│ │ │ │ │ - response to a UDP request.
│ │ │ │ │ - Specifies the length of
│ │ │ │ │ - time, in milliseconds, that
│ │ │ │ │ -_r_e_s_o_l_v_e_r_-_q_u_e_r_y_-_t_i_m_e_o_u_t a resolver attempts to query
│ │ │ │ │ - resolve a recursive query
│ │ │ │ │ - before failing.
│ │ │ │ │ - Specifies whether to apply
│ │ │ │ │ -_r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server
│ │ │ │ │ - queries.
│ │ │ │ │ - Adds an EDNS Padding option
│ │ │ │ │ - to encrypted messages, to
│ │ │ │ │ -_r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query
│ │ │ │ │ - guessing the contents based
│ │ │ │ │ - on size.
│ │ │ │ │ - Specifies response policy security, zone, query,
│ │ │ │ │ -_r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among server
│ │ │ │ │ - global options.
│ │ │ │ │ - Limits the number of non-
│ │ │ │ │ -_r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query
│ │ │ │ │ - domain name and record type.
│ │ │ │ │ - Increases the amount of time
│ │ │ │ │ - a key remains published
│ │ │ │ │ -_r_e_t_i_r_e_-_s_a_f_e_t_y after it is no longer dnssec
│ │ │ │ │ - active, to allow for
│ │ │ │ │ - unforeseen events.
│ │ │ │ │ -_r_e_u_s_e_p_o_r_t Enables kernel load- server
│ │ │ │ │ - balancing of sockets.
│ │ │ │ │ - Controls whether BIND 9
│ │ │ │ │ -_r_o_o_t_-_k_e_y_-_s_e_n_t_i_n_e_l responds to root key server
│ │ │ │ │ - sentinel probes.
│ │ │ │ │ - Defines the order in which
│ │ │ │ │ -_r_r_s_e_t_-_o_r_d_e_r equal RRs (RRsets) are query
│ │ │ │ │ - returned.
│ │ │ │ │ - Specifies whether a
│ │ │ │ │ -_s_e_a_r_c_h Dynamically Loadable Zone query
│ │ │ │ │ - (DLZ) module is queried for
│ │ │ │ │ - an answer to a query name.
│ │ │ │ │ - Defines a Base64-encoded
│ │ │ │ │ -_s_e_c_r_e_t string to be used as the security
│ │ │ │ │ - secret by the algorithm.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -_s_e_c_r_o_o_t_s_-_f_i_l_e the file where the server dnssec
│ │ │ │ │ - dumps security roots, when
│ │ │ │ │ - using _r_n_d_c_ _s_e_c_r_o_o_t_s.
│ │ │ │ │ - Controls whether a COOKIE
│ │ │ │ │ -_s_e_n_d_-_c_o_o_k_i_e EDNS option is sent along query
│ │ │ │ │ - with a query.
│ │ │ │ │ - Defines an upper limit on
│ │ │ │ │ - the number of queries per
│ │ │ │ │ -_s_e_r_i_a_l_-_q_u_e_r_y_-_r_a_t_e second issued by the server, transfer
│ │ │ │ │ - when querying the SOA RRs
│ │ │ │ │ - used for zone transfers.
│ │ │ │ │ - Specifies the update method
│ │ │ │ │ -_s_e_r_i_a_l_-_u_p_d_a_t_e_-_m_e_t_h_o_d to be used for the zone zone
│ │ │ │ │ - serial number in the SOA
│ │ │ │ │ - record.
│ │ │ │ │ - Defines characteristics to
│ │ │ │ │ -_s_e_r_v_e_r be associated with a remote server
│ │ │ │ │ - name server.
│ │ │ │ │ - Specifies a list of IP
│ │ │ │ │ - addresses to which queries
│ │ │ │ │ -_s_e_r_v_e_r_-_a_d_d_r_e_s_s_e_s should be sent in recursive zone, query
│ │ │ │ │ - resolution for a static-stub
│ │ │ │ │ - zone.
│ │ │ │ │ - Specifies the ID of the
│ │ │ │ │ -_s_e_r_v_e_r_-_i_d server to return in response server
│ │ │ │ │ - to a ID.SERVER query.
│ │ │ │ │ - Specifies a list of domain
│ │ │ │ │ -_s_e_r_v_e_r_-_n_a_m_e_s names of name servers that zone
│ │ │ │ │ - act as authoritative servers
│ │ │ │ │ - of a static-stub zone.
│ │ │ │ │ - Sets the length of time (in
│ │ │ │ │ -_s_e_r_v_f_a_i_l_-_t_t_l seconds) that a SERVFAIL server
│ │ │ │ │ - response is cached.
│ │ │ │ │ - Specifies the algorithm to
│ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_a_l_g use for the TSIG session security
│ │ │ │ │ - key.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ - the file where a TSIG
│ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_f_i_l_e session key is written, when security
│ │ │ │ │ - generated by _n_a_m_e_d for use
│ │ │ │ │ - by nsupdate -l.
│ │ │ │ │ -_s_e_s_s_i_o_n_-_k_e_y_n_a_m_e Specifies the key name for security
│ │ │ │ │ - the TSIG session key.
│ │ │ │ │ - Enables or disables session
│ │ │ │ │ -_s_e_s_s_i_o_n_-_t_i_c_k_e_t_s resumption through TLS security
│ │ │ │ │ - session tickets.
│ │ │ │ │ -_s_e_v_e_r_i_t_y Defines the priority level logging
│ │ │ │ │ - of log messages.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_n_o_d_e_s of nodes to be examined in dnssec
│ │ │ │ │ - each quantum, when signing a
│ │ │ │ │ - zone with a new DNSKEY.
│ │ │ │ │ - Specifies the threshold for
│ │ │ │ │ - the number of signatures
│ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_s_i_g_n_a_t_u_r_e_s that terminates processing a dnssec
│ │ │ │ │ - quantum, when signing a zone
│ │ │ │ │ - with a new DNSKEY.
│ │ │ │ │ - Specifies a private RDATA
│ │ │ │ │ -_s_i_g_-_s_i_g_n_i_n_g_-_t_y_p_e type to use when generating dnssec
│ │ │ │ │ - signing-state records.
│ │ │ │ │ -_s_i_g_-_v_a_l_i_d_i_t_y_-_i_n_t_e_r_v_a_l obsolete
│ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_r_e_f_r_e_s_h Specifies how frequently an dnssec
│ │ │ │ │ - RRSIG record is refreshed.
│ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y Indicates the validity dnssec
│ │ │ │ │ - period of an RRSIG record.
│ │ │ │ │ -_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y_-_d_n_s_k_e_y Indicates the validity dnssec
│ │ │ │ │ - period of DNSKEY records.
│ │ │ │ │ - Sets the number of "slipped"
│ │ │ │ │ -_s_l_i_p responses to minimize the query
│ │ │ │ │ - use of forged source
│ │ │ │ │ - addresses for an attack.
│ │ │ │ │ - Controls the ordering of RRs
│ │ │ │ │ -_s_o_r_t_l_i_s_t returned to the client, query
│ │ │ │ │ - based on the client's IP
│ │ │ │ │ - address.
│ │ │ │ │ - Defines the amount of time
│ │ │ │ │ - (in milliseconds) that _n_a_m_e_d
│ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_-_t_i_m_e_o_u_t waits before attempting to query, server
│ │ │ │ │ - answer a query with a stale
│ │ │ │ │ - RRset from cache.
│ │ │ │ │ - Enables the returning of
│ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when query, server
│ │ │ │ │ - the name servers for a zone
│ │ │ │ │ - are not answering.
│ │ │ │ │ - Specifies the time to live
│ │ │ │ │ -_s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query
│ │ │ │ │ - stale answers, in seconds.
│ │ │ │ │ -_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of query, server
│ │ │ │ │ - "stale" cached answers.
│ │ │ │ │ - Sets the time window for the
│ │ │ │ │ - return of "stale" cached
│ │ │ │ │ -_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e answers before the next query, server
│ │ │ │ │ - attempt to contact, if the
│ │ │ │ │ - name servers for a given
│ │ │ │ │ - zone are not responding.
│ │ │ │ │ - Specifies the rate at which
│ │ │ │ │ - NOTIFY requests are sent
│ │ │ │ │ -_s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is transfer, zone
│ │ │ │ │ - first starting, or when new
│ │ │ │ │ - zones have been added.
│ │ │ │ │ - Specifies the communication
│ │ │ │ │ - channels to be used by
│ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging
│ │ │ │ │ - access statistics
│ │ │ │ │ - information on the name
│ │ │ │ │ - server.
│ │ │ │ │ - Specifies the pathname of
│ │ │ │ │ -_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server logging, server
│ │ │ │ │ - appends statistics, when
│ │ │ │ │ - using _r_n_d_c_ _s_t_a_t_s.
│ │ │ │ │ - Directs the logging channel
│ │ │ │ │ -_s_t_d_e_r_r output to the server's logging
│ │ │ │ │ - standard error stream.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n of concurrent HTTP/2 streams query, server
│ │ │ │ │ - over an HTTP/2 connection.
│ │ │ │ │ - Defines trailing bits for
│ │ │ │ │ -_s_u_f_f_i_x mapped IPv4 address bits in query
│ │ │ │ │ - _d_n_s_6_4.
│ │ │ │ │ - Enables support for _RR_FF_CC
│ │ │ │ │ -_s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec
│ │ │ │ │ - DNSSEC-Validated Cache.
│ │ │ │ │ -_s_y_s_l_o_g Directs the logging channel logging
│ │ │ │ │ - to the system log.
│ │ │ │ │ - Sets the timeout value (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -_t_c_p_-_a_d_v_e_r_t_i_s_e_d_-_t_i_m_e_o_u_t server sends in responses query
│ │ │ │ │ - containing the EDNS TCP
│ │ │ │ │ - keepalive option.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_t_c_p_-_c_l_i_e_n_t_s of simultaneous client TCP server
│ │ │ │ │ - connections accepted by the
│ │ │ │ │ - server.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ - server waits on an idle TCP
│ │ │ │ │ -_t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query
│ │ │ │ │ - it, if the EDNS TCP
│ │ │ │ │ - keepalive option is not in
│ │ │ │ │ - use.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP query, server
│ │ │ │ │ - connection for the first
│ │ │ │ │ - message from the client.
│ │ │ │ │ -_t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server
│ │ │ │ │ - messages sent over TCP.
│ │ │ │ │ - Sets the amount of time (in
│ │ │ │ │ - milliseconds) that the
│ │ │ │ │ -_t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query
│ │ │ │ │ - connection before closing
│ │ │ │ │ - it, if the EDNS TCP
│ │ │ │ │ - keepalive option is in use.
│ │ │ │ │ -_t_c_p_-_l_i_s_t_e_n_-_q_u_e_u_e Sets the listen-queue depth. server
│ │ │ │ │ -_t_c_p_-_o_n_l_y Sets the transport protocol server
│ │ │ │ │ - to TCP.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_t_c_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for TCP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_t_c_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for TCP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the domain appended to
│ │ │ │ │ -_t_k_e_y_-_d_o_m_a_i_n the names of all shared keys security
│ │ │ │ │ - generated with TKEY.
│ │ │ │ │ - Sets the security credential
│ │ │ │ │ -_t_k_e_y_-_g_s_s_a_p_i_-_c_r_e_d_e_n_t_i_a_l for authentication keys security
│ │ │ │ │ - requested by the GSS-TSIG
│ │ │ │ │ - protocol.
│ │ │ │ │ -_t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b Sets the KRB5 keytab file to security
│ │ │ │ │ - use for GSS-TSIG updates.
│ │ │ │ │ -_t_l_s Configures a TLS connection. security
│ │ │ │ │ - Specifies the TCP port
│ │ │ │ │ -_t_l_s_-_p_o_r_t number the server uses to query, server
│ │ │ │ │ - receive and send DNS-over-
│ │ │ │ │ - TLS protocol traffic.
│ │ │ │ │ - Controls whether multiple
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into a transfer
│ │ │ │ │ - message during zone
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the uncompressed size
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_m_e_s_s_a_g_e_-_s_i_z_e of DNS messages used in zone transfer
│ │ │ │ │ - transfers over TCP.
│ │ │ │ │ - Defines which local IPv4
│ │ │ │ │ - address(es) are bound to TCP
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e connections used to fetch transfer
│ │ │ │ │ - zones transferred inbound by
│ │ │ │ │ - the server.
│ │ │ │ │ - Defines which local IPv6
│ │ │ │ │ - address(es) are bound to TCP
│ │ │ │ │ -_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e_-_v_6 connections used to fetch transfer
│ │ │ │ │ - zones transferred inbound by
│ │ │ │ │ - the server.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s concurrent inbound zone server
│ │ │ │ │ - transfers from a server.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_i_n concurrent inbound zone transfer
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_o_u_t concurrent outbound zone transfer
│ │ │ │ │ - transfers.
│ │ │ │ │ - Limits the number of
│ │ │ │ │ -_t_r_a_n_s_f_e_r_s_-_p_e_r_-_n_s concurrent inbound zone transfer
│ │ │ │ │ - transfers from a remote
│ │ │ │ │ - server.
│ │ │ │ │ - Instructs _n_a_m_e_d to send
│ │ │ │ │ - specially formed queries
│ │ │ │ │ -_t_r_u_s_t_-_a_n_c_h_o_r_-_t_e_l_e_m_e_t_r_y once per day to domains for dnssec
│ │ │ │ │ - which trust anchors have
│ │ │ │ │ - been configured.
│ │ │ │ │ -_t_r_u_s_t_-_a_n_c_h_o_r_s Defines _D_N_S_S_E_C trust dnssec
│ │ │ │ │ - anchors.
│ │ │ │ │ -_t_r_u_s_t_e_d_-_k_e_y_s deprecated
│ │ │ │ │ - Specifies that BIND 9 should
│ │ │ │ │ -_t_r_y_-_t_c_p_-_r_e_f_r_e_s_h attempt to refresh a zone transfer
│ │ │ │ │ - using TCP if UDP queries
│ │ │ │ │ - fail.
│ │ │ │ │ -_t_y_p_e Specifies the kind of zone zone
│ │ │ │ │ - in a given configuration.
│ │ │ │ │ - Contains forwarding
│ │ │ │ │ -_t_y_p_e_ _f_o_r_w_a_r_d statements that apply to zone
│ │ │ │ │ - queries within a given
│ │ │ │ │ - domain.
│ │ │ │ │ - Contains the initial set of
│ │ │ │ │ -_t_y_p_e_ _h_i_n_t root name servers to be used zone
│ │ │ │ │ - at BIND 9 startup.
│ │ │ │ │ - Contains a DNSSEC-validated
│ │ │ │ │ -_t_y_p_e_ _m_i_r_r_o_r duplicate of the main data zone
│ │ │ │ │ - for a zone.
│ │ │ │ │ -_t_y_p_e_ _p_r_i_m_a_r_y Contains the main copy of zone
│ │ │ │ │ - the data for a zone.
│ │ │ │ │ - Contains information to
│ │ │ │ │ -_t_y_p_e_ _r_e_d_i_r_e_c_t answer queries when normal zone
│ │ │ │ │ - resolution would return
│ │ │ │ │ - NXDOMAIN.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ -_t_y_p_e_ _s_e_c_o_n_d_a_r_y data for a zone that has zone
│ │ │ │ │ - been transferred from a
│ │ │ │ │ - primary server.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ - NS records of a primary
│ │ │ │ │ -_t_y_p_e_ _s_t_a_t_i_c_-_s_t_u_b zone, but statically zone
│ │ │ │ │ - configured rather than
│ │ │ │ │ - transferred from a primary
│ │ │ │ │ - server.
│ │ │ │ │ - Contains a duplicate of the
│ │ │ │ │ -_t_y_p_e_ _s_t_u_b NS records of a primary zone
│ │ │ │ │ - zone.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_u_d_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for UDP server
│ │ │ │ │ - sockets.
│ │ │ │ │ - Sets the operating system's
│ │ │ │ │ -_u_d_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for UDP server
│ │ │ │ │ - sockets.
│ │ │ │ │ -_u_n_i_x Specifies a Unix domain obsolete
│ │ │ │ │ - socket as a control channel.
│ │ │ │ │ -_u_p_d_a_t_e_-_c_h_e_c_k_-_k_s_k obsolete
│ │ │ │ │ - Sets fine-grained rules to
│ │ │ │ │ - allow or deny dynamic
│ │ │ │ │ -_u_p_d_a_t_e_-_p_o_l_i_c_y updates (DDNS), based on transfer
│ │ │ │ │ - requester identity, updated
│ │ │ │ │ - content, etc.
│ │ │ │ │ - Specifies the maximum number
│ │ │ │ │ -_u_p_d_a_t_e_-_q_u_o_t_a of concurrent DNS UPDATE server
│ │ │ │ │ - messages that can be
│ │ │ │ │ - processed by the server.
│ │ │ │ │ - Specifies a list of ports
│ │ │ │ │ -_u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ - UDP/IPv4 messages.
│ │ │ │ │ - Specifies a list of ports
│ │ │ │ │ -_u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ - UDP/IPv6 messages.
│ │ │ │ │ - Indicates the number of
│ │ │ │ │ -_v_6_-_b_i_a_s milliseconds of preference query, server
│ │ │ │ │ - to give to IPv6 name
│ │ │ │ │ - servers.
│ │ │ │ │ - Specifies a list of domain
│ │ │ │ │ -_v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec
│ │ │ │ │ - DNSSEC validation should not
│ │ │ │ │ - be performed.
│ │ │ │ │ - Specifies the version number
│ │ │ │ │ -_v_e_r_s_i_o_n of the server to return in server
│ │ │ │ │ - response to a version.bind
│ │ │ │ │ - query.
│ │ │ │ │ - Allows a name server to
│ │ │ │ │ -_v_i_e_w answer a DNS query view
│ │ │ │ │ - differently depending on who
│ │ │ │ │ - is asking.
│ │ │ │ │ - Specifies the length of time
│ │ │ │ │ -_w_i_n_d_o_w during which responses are query
│ │ │ │ │ - tracked.
│ │ │ │ │ - Specifies whether to set the
│ │ │ │ │ - time to live (TTL) of the
│ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l SOA record to zero, when zone, query, server
│ │ │ │ │ - returning authoritative
│ │ │ │ │ - negative responses to SOA
│ │ │ │ │ - queries.
│ │ │ │ │ - Sets the time to live (TTL)
│ │ │ │ │ -_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a zone, query, server
│ │ │ │ │ - negative response to an SOA
│ │ │ │ │ - query.
│ │ │ │ │ -_z_o_n_e Specifies the zone in a BIND zone
│ │ │ │ │ - 9 configuration.
│ │ │ │ │ - Sets the propagation delay
│ │ │ │ │ - from the time a zone is
│ │ │ │ │ -_z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the dnssec, zone
│ │ │ │ │ - new version of the zone is
│ │ │ │ │ - served by all secondary
│ │ │ │ │ - servers.
│ │ │ │ │ - Controls the level of
│ │ │ │ │ -_z_o_n_e_-_s_t_a_t_i_s_t_i_c_s statistics gathered for all zone, logging
│ │ │ │ │ - zones.
│ │ │ │ │ +SSttaatteemmeenntt DDeessccrriippttiioonn TTaaggss
│ │ │ │ │ +_a_c_l Assigns a symbolic name to server
│ │ │ │ │ + an address match list.
│ │ │ │ │ +_a_l_g_o_r_i_t_h_m Defines the algorithm to be security
│ │ │ │ │ + used in a key clause.
│ │ │ │ │ +_a_l_l_-_p_e_r_-_s_e_c_o_n_d Limits UDP responses of all query
│ │ │ │ │ + kinds.
│ │ │ │ │ + Controls the ability to add
│ │ │ │ │ +_a_l_l_o_w_-_n_e_w_-_z_o_n_e_s zones at runtime via _r_n_d_c server, zone
│ │ │ │ │ + _a_d_d_z_o_n_e.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t that is
│ │ │ │ │ + allowed to send NOTIFY
│ │ │ │ │ +_a_l_l_o_w_-_n_o_t_i_f_y messages for the zone, in transfer
│ │ │ │ │ + addition to addresses
│ │ │ │ │ + defined in the _p_r_i_m_a_r_i_e_s
│ │ │ │ │ + option for the zone.
│ │ │ │ │ + Defines an
│ │ │ │ │ +_a_l_l_o_w_-_p_r_o_x_y _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the server
│ │ │ │ │ + client addresses allowed to
│ │ │ │ │ + send PROXYv2 headers.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t for the
│ │ │ │ │ + interface addresses allowed
│ │ │ │ │ +_a_l_l_o_w_-_p_r_o_x_y_-_o_n to accept PROXYv2 headers. server
│ │ │ │ │ + The option is mostly
│ │ │ │ │ + intended for multi-homed
│ │ │ │ │ + configurations.
│ │ │ │ │ + Specifies which hosts (an IP
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y address list) are allowed to query
│ │ │ │ │ + send queries to this
│ │ │ │ │ + resolver.
│ │ │ │ │ + Specifies which hosts (an IP
│ │ │ │ │ + address list) can access
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e this server's cache and thus query
│ │ │ │ │ + effectively controls
│ │ │ │ │ + recursion.
│ │ │ │ │ + Specifies which hosts (an IP
│ │ │ │ │ + address list) can access
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_c_a_c_h_e_-_o_n this server's cache. Used on query
│ │ │ │ │ + servers with multiple
│ │ │ │ │ + interfaces.
│ │ │ │ │ + Specifies which local
│ │ │ │ │ + addresses (an IP address
│ │ │ │ │ +_a_l_l_o_w_-_q_u_e_r_y_-_o_n list) are allowed to send query
│ │ │ │ │ + queries to this resolver.
│ │ │ │ │ + Used in multi-homed
│ │ │ │ │ + configurations.
│ │ │ │ │ + Defines an
│ │ │ │ │ +_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of query
│ │ │ │ │ + clients that are allowed to
│ │ │ │ │ + perform recursive queries.
│ │ │ │ │ + Specifies which local
│ │ │ │ │ +_a_l_l_o_w_-_r_e_c_u_r_s_i_o_n_-_o_n addresses can accept server, query
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_a_l_l_o_w_-_t_r_a_n_s_f_e_r that are allowed to transfer transfer
│ │ │ │ │ + the zone information from
│ │ │ │ │ + this server.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_a_l_l_o_w_-_u_p_d_a_t_e that are allowed to submit transfer
│ │ │ │ │ + dynamic updates for primary
│ │ │ │ │ + zones.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_a_l_l_o_w_-_u_p_d_a_t_e_-_f_o_r_w_a_r_d_i_n_g that are allowed to submit transfer
│ │ │ │ │ + dynamic updates to a
│ │ │ │ │ + secondary server for
│ │ │ │ │ + transmission to a primary.
│ │ │ │ │ + Defines one or more hosts
│ │ │ │ │ +_a_l_s_o_-_n_o_t_i_f_y that are sent NOTIFY transfer
│ │ │ │ │ + messages when zone changes
│ │ │ │ │ + occur.
│ │ │ │ │ + Controls whether COOKIE EDNS
│ │ │ │ │ +_a_n_s_w_e_r_-_c_o_o_k_i_e replies are sent in response query
│ │ │ │ │ + to client queries.
│ │ │ │ │ + Allows multiple views to
│ │ │ │ │ +_a_t_t_a_c_h_-_c_a_c_h_e share a single cache view
│ │ │ │ │ + database.
│ │ │ │ │ + Controls whether BIND,
│ │ │ │ │ + acting as a resolver,
│ │ │ │ │ +_a_u_t_h_-_n_x_d_o_m_a_i_n provides authoritative query
│ │ │ │ │ + NXDOMAIN (domain does not
│ │ │ │ │ + exist) answers.
│ │ │ │ │ + Controls the automatic
│ │ │ │ │ +_a_u_t_o_m_a_t_i_c_-_i_n_t_e_r_f_a_c_e_-_s_c_a_n rescanning of network server
│ │ │ │ │ + interfaces when addresses
│ │ │ │ │ + are added or removed.
│ │ │ │ │ + Specifies the range(s) of
│ │ │ │ │ +_a_v_o_i_d_-_v_4_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ + use as sources for UDP/IPv4
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the range(s) of
│ │ │ │ │ +_a_v_o_i_d_-_v_6_-_u_d_p_-_p_o_r_t_s ports to be excluded from deprecated
│ │ │ │ │ + use as sources for UDP/IPv6
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the pathname of a
│ │ │ │ │ +_b_i_n_d_k_e_y_s_-_f_i_l_e file to override the built- dnssec
│ │ │ │ │ + in trusted keys provided by
│ │ │ │ │ + _n_a_m_e_d.
│ │ │ │ │ + Defines an
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t of hosts
│ │ │ │ │ +_b_l_a_c_k_h_o_l_e to ignore. The server will query
│ │ │ │ │ + neither respond to queries
│ │ │ │ │ + from nor send queries to
│ │ │ │ │ + these addresses.
│ │ │ │ │ +_b_o_g_u_s Allows a remote server to be server
│ │ │ │ │ + ignored.
│ │ │ │ │ + Enables _d_n_s_6_4 synthesis even
│ │ │ │ │ +_b_r_e_a_k_-_d_n_s_s_e_c if the validated result query
│ │ │ │ │ + would cause a DNSSEC
│ │ │ │ │ + validation failure.
│ │ │ │ │ +_b_u_f_f_e_r_e_d Controls flushing of log logging
│ │ │ │ │ + messages.
│ │ │ │ │ + Specifies the path to a file
│ │ │ │ │ + containing TLS certificates
│ │ │ │ │ +_c_a_-_f_i_l_e for trusted CA authorities, server, security
│ │ │ │ │ + used to verify remote peer
│ │ │ │ │ + certificates.
│ │ │ │ │ +_c_a_t_a_l_o_g_-_z_o_n_e_s Configures catalog zones in zone
│ │ │ │ │ + _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ + Specifies the type of data
│ │ │ │ │ +_c_a_t_e_g_o_r_y logged to a particular logging
│ │ │ │ │ + channel.
│ │ │ │ │ + Specifies whether a CDNSKEY
│ │ │ │ │ +_c_d_n_s_k_e_y record should be published dnssec
│ │ │ │ │ + during KSK rollover.
│ │ │ │ │ + Specifies the digest types
│ │ │ │ │ +_c_d_s_-_d_i_g_e_s_t_-_t_y_p_e_s to use for CDS resource dnssec
│ │ │ │ │ + records.
│ │ │ │ │ + Specifies the path to a file
│ │ │ │ │ +_c_e_r_t_-_f_i_l_e containing the TLS server, security
│ │ │ │ │ + certificate for a
│ │ │ │ │ + connection.
│ │ │ │ │ + Defines a stream of data
│ │ │ │ │ +_c_h_a_n_n_e_l that can be independently logging
│ │ │ │ │ + logged.
│ │ │ │ │ + Checks primary zones for
│ │ │ │ │ + records that are treated as
│ │ │ │ │ +_c_h_e_c_k_-_d_u_p_-_r_e_c_o_r_d_s different by DNSSEC but are dnssec, query
│ │ │ │ │ + semantically equal in plain
│ │ │ │ │ + DNS.
│ │ │ │ │ + Performs post-load zone
│ │ │ │ │ +_c_h_e_c_k_-_i_n_t_e_g_r_i_t_y integrity checks on primary zone
│ │ │ │ │ + zones.
│ │ │ │ │ + Checks whether an MX record
│ │ │ │ │ +_c_h_e_c_k_-_m_x appears to refer to an IP zone
│ │ │ │ │ + address.
│ │ │ │ │ + Sets the response to MX
│ │ │ │ │ +_c_h_e_c_k_-_m_x_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ + CNAMEs.
│ │ │ │ │ + Restricts the character set
│ │ │ │ │ + and syntax of certain domain
│ │ │ │ │ +_c_h_e_c_k_-_n_a_m_e_s names in primary files and/ server, query
│ │ │ │ │ + or DNS responses received
│ │ │ │ │ + from the network.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ +_c_h_e_c_k_-_s_i_b_l_i_n_g for sibling glue when zone
│ │ │ │ │ + performing integrity checks.
│ │ │ │ │ + Specifies whether to check
│ │ │ │ │ +_c_h_e_c_k_-_s_p_f for a TXT Sender Policy zone
│ │ │ │ │ + Framework record, if an SPF
│ │ │ │ │ + record is present.
│ │ │ │ │ + Sets the response to SRV
│ │ │ │ │ +_c_h_e_c_k_-_s_r_v_-_c_n_a_m_e records that refer to zone
│ │ │ │ │ + CNAMEs.
│ │ │ │ │ + Specifies whether to perform
│ │ │ │ │ +_c_h_e_c_k_-_s_v_c_b additional checks on SVCB zone
│ │ │ │ │ + records.
│ │ │ │ │ +_c_h_e_c_k_-_w_i_l_d_c_a_r_d Checks for non-terminal zone
│ │ │ │ │ + wildcards.
│ │ │ │ │ +_c_h_e_c_k_d_s Controls whether DS queries dnssec
│ │ │ │ │ + are sent to parental agents.
│ │ │ │ │ +_c_i_p_h_e_r_s Specifies a list of allowed security
│ │ │ │ │ + ciphers.
│ │ │ │ │ + Specifies an access control
│ │ │ │ │ +_c_l_i_e_n_t_s list (ACL) of clients that query
│ │ │ │ │ + are affected by a given
│ │ │ │ │ + _d_n_s_6_4 directive.
│ │ │ │ │ + Sets the initial minimum
│ │ │ │ │ + number of simultaneous
│ │ │ │ │ +_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y recursive clients accepted server
│ │ │ │ │ + by the server for any given
│ │ │ │ │ + query before the server
│ │ │ │ │ + drops additional clients.
│ │ │ │ │ + Specifies control channels
│ │ │ │ │ +_c_o_n_t_r_o_l_s to be used to manage the server
│ │ │ │ │ + name server.
│ │ │ │ │ + Sets the algorithm to be
│ │ │ │ │ +_c_o_o_k_i_e_-_a_l_g_o_r_i_t_h_m used when generating a server
│ │ │ │ │ + server cookie.
│ │ │ │ │ + Specifies a shared secret
│ │ │ │ │ + used for generating and
│ │ │ │ │ +_c_o_o_k_i_e_-_s_e_c_r_e_t verifying EDNS COOKIE server
│ │ │ │ │ + options within an anycast
│ │ │ │ │ + cluster.
│ │ │ │ │ + Specifies the type of
│ │ │ │ │ +_d_a_t_a_b_a_s_e database to be used to store zone
│ │ │ │ │ + zone data.
│ │ │ │ │ + Rejects A or AAAA records if
│ │ │ │ │ +_d_e_n_y_-_a_n_s_w_e_r_-_a_d_d_r_e_s_s_e_s the corresponding IPv4 or query
│ │ │ │ │ + IPv6 addresses match a given
│ │ │ │ │ + _a_d_d_r_e_s_s___m_a_t_c_h___l_i_s_t.
│ │ │ │ │ + Rejects CNAME or DNAME
│ │ │ │ │ +_d_e_n_y_-_a_n_s_w_e_r_-_a_l_i_a_s_e_s records if the "alias" name query
│ │ │ │ │ + matches a given list of
│ │ │ │ │ + _d_o_m_a_i_n___n_a_m_e elements.
│ │ │ │ │ + Specifies the path to a file
│ │ │ │ │ +_d_h_p_a_r_a_m_-_f_i_l_e containing Diffie-Hellman server, security
│ │ │ │ │ + parameters, for enabling
│ │ │ │ │ + cipher suites.
│ │ │ │ │ + Concentrates zone
│ │ │ │ │ + maintenance so that all
│ │ │ │ │ +_d_i_a_l_u_p transfers take place once deprecated
│ │ │ │ │ + every _h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l,
│ │ │ │ │ + ideally during a single
│ │ │ │ │ + call.
│ │ │ │ │ +_d_i_r_e_c_t_o_r_y Sets the server's working server
│ │ │ │ │ + directory.
│ │ │ │ │ +_d_i_s_a_b_l_e_-_a_l_g_o_r_i_t_h_m_s Disables DNSSEC algorithms dnssec
│ │ │ │ │ + from a specified zone.
│ │ │ │ │ +_d_i_s_a_b_l_e_-_d_s_-_d_i_g_e_s_t_s Disables DS digest types dnssec, zone
│ │ │ │ │ + from a specified zone.
│ │ │ │ │ +_d_i_s_a_b_l_e_-_e_m_p_t_y_-_z_o_n_e Disables individual empty server, zone
│ │ │ │ │ + zones.
│ │ │ │ │ + Configures a Dynamically
│ │ │ │ │ +_d_l_z Loadable Zone (DLZ) database zone
│ │ │ │ │ + in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ + Instructs _n_a_m_e_d to return
│ │ │ │ │ +_d_n_s_6_4 mapped IPv4 addresses to query
│ │ │ │ │ + AAAA queries when there are
│ │ │ │ │ + no AAAA records.
│ │ │ │ │ +_d_n_s_6_4_-_c_o_n_t_a_c_t Specifies the name of the server
│ │ │ │ │ + contact for _d_n_s_6_4 zones.
│ │ │ │ │ +_d_n_s_6_4_-_s_e_r_v_e_r Specifies the name of the server
│ │ │ │ │ + server for _d_n_s_6_4 zones.
│ │ │ │ │ +_d_n_s_k_e_y_-_s_i_g_-_v_a_l_i_d_i_t_y obsolete
│ │ │ │ │ + Specifies the time to live
│ │ │ │ │ +_d_n_s_k_e_y_-_t_t_l (TTL) for DNSKEY resource dnssec
│ │ │ │ │ + records.
│ │ │ │ │ + Turns on the DNS Response
│ │ │ │ │ +_d_n_s_r_p_s_-_e_n_a_b_l_e Policy Service (DNSRPS) server, security
│ │ │ │ │ + interface.
│ │ │ │ │ + Turns on the DNS Response
│ │ │ │ │ +_d_n_s_r_p_s_-_l_i_b_r_a_r_y Policy Service (DNSRPS) server, security
│ │ │ │ │ + interface.
│ │ │ │ │ + Provides additional RPZ
│ │ │ │ │ + configuration settings,
│ │ │ │ │ +_d_n_s_r_p_s_-_o_p_t_i_o_n_s which are passed to the DNS server, security
│ │ │ │ │ + Response Policy Service
│ │ │ │ │ + (DNSRPS) provider library.
│ │ │ │ │ + Instructs BIND 9 to accept
│ │ │ │ │ +_d_n_s_s_e_c_-_a_c_c_e_p_t_-_e_x_p_i_r_e_d expired DNSSEC signatures dnssec
│ │ │ │ │ + when validating.
│ │ │ │ │ +_d_n_s_s_e_c_-_d_n_s_k_e_y_-_k_s_k_o_n_l_y obsolete
│ │ │ │ │ + Sets the frequency of
│ │ │ │ │ +_d_n_s_s_e_c_-_l_o_a_d_k_e_y_s_-_i_n_t_e_r_v_a_l automatic checks of the dnssec
│ │ │ │ │ + DNSSEC key repository.
│ │ │ │ │ + Defines hierarchies that
│ │ │ │ │ +_d_n_s_s_e_c_-_m_u_s_t_-_b_e_-_s_e_c_u_r_e must or may not be secure deprecated
│ │ │ │ │ + (signed and validated).
│ │ │ │ │ +_d_n_s_s_e_c_-_p_o_l_i_c_y Defines a key and signing dnssec
│ │ │ │ │ + policy (KASP) for zones.
│ │ │ │ │ +_d_n_s_s_e_c_-_s_e_c_u_r_e_-_t_o_-_i_n_s_e_c_u_r_e obsolete
│ │ │ │ │ +_d_n_s_s_e_c_-_u_p_d_a_t_e_-_m_o_d_e obsolete
│ │ │ │ │ +_d_n_s_s_e_c_-_v_a_l_i_d_a_t_i_o_n Enables DNSSEC validation in dnssec
│ │ │ │ │ + _n_a_m_e_d.
│ │ │ │ │ +_d_n_s_t_a_p Enables logging of _d_n_s_t_a_p logging
│ │ │ │ │ + messages.
│ │ │ │ │ +_d_n_s_t_a_p_-_i_d_e_n_t_i_t_y Specifies an identity string logging
│ │ │ │ │ + to send in _d_n_s_t_a_p messages.
│ │ │ │ │ + Configures the path to which
│ │ │ │ │ +_d_n_s_t_a_p_-_o_u_t_p_u_t the _d_n_s_t_a_p frame stream is logging
│ │ │ │ │ + sent.
│ │ │ │ │ +_d_n_s_t_a_p_-_v_e_r_s_i_o_n Specifies a _v_e_r_s_i_o_n string logging
│ │ │ │ │ + to send in _d_n_s_t_a_p messages.
│ │ │ │ │ + Specifies host names or
│ │ │ │ │ +_d_u_a_l_-_s_t_a_c_k_-_s_e_r_v_e_r_s addresses of machines with server
│ │ │ │ │ + access to both IPv4 and IPv6
│ │ │ │ │ + transports.
│ │ │ │ │ + Indicates the pathname of
│ │ │ │ │ +_d_u_m_p_-_f_i_l_e the file where the server logging
│ │ │ │ │ + dumps the database after
│ │ │ │ │ + _r_n_d_c_ _d_u_m_p_d_b.
│ │ │ │ │ +_d_y_n_d_b Configures a DynDB database zone
│ │ │ │ │ + in _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ +_e_d_n_s Controls the use of the server
│ │ │ │ │ + EDNS0 (_RR_FF_CC_ _22_66_77_11) feature.
│ │ │ │ │ + Sets the maximum advertised
│ │ │ │ │ + EDNS UDP buffer size to
│ │ │ │ │ +_e_d_n_s_-_u_d_p_-_s_i_z_e control the size of packets query
│ │ │ │ │ + received from authoritative
│ │ │ │ │ + servers in response to
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Sets the maximum EDNS
│ │ │ │ │ +_e_d_n_s_-_v_e_r_s_i_o_n VERSION that is sent to the server
│ │ │ │ │ + server(s) by the resolver.
│ │ │ │ │ + Specifies the contact name
│ │ │ │ │ +_e_m_p_t_y_-_c_o_n_t_a_c_t in the returned SOA record server, zone
│ │ │ │ │ + for empty zones.
│ │ │ │ │ + Specifies the server name in
│ │ │ │ │ +_e_m_p_t_y_-_s_e_r_v_e_r the returned SOA record for server, zone
│ │ │ │ │ + empty zones.
│ │ │ │ │ +_e_m_p_t_y_-_z_o_n_e_s_-_e_n_a_b_l_e Enables or disables all server, zone
│ │ │ │ │ + empty zones.
│ │ │ │ │ + Specifies a list of HTTP
│ │ │ │ │ +_e_n_d_p_o_i_n_t_s query paths on which to server, query
│ │ │ │ │ + listen.
│ │ │ │ │ + Limits the number of errors
│ │ │ │ │ +_e_r_r_o_r_s_-_p_e_r_-_s_e_c_o_n_d for a valid domain name and server
│ │ │ │ │ + record type.
│ │ │ │ │ + Allows a list of IPv6
│ │ │ │ │ + addresses to be ignored if
│ │ │ │ │ +_e_x_c_l_u_d_e they appear in a domain query
│ │ │ │ │ + name's AAAA records in
│ │ │ │ │ + _d_n_s_6_4.
│ │ │ │ │ + Exempts specific clients or
│ │ │ │ │ +_e_x_e_m_p_t_-_c_l_i_e_n_t_s client groups from rate query
│ │ │ │ │ + limiting.
│ │ │ │ │ + Sets the parameters for
│ │ │ │ │ + dynamic resizing of the
│ │ │ │ │ +_f_e_t_c_h_-_q_u_o_t_a_-_p_a_r_a_m_s _f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r quota in server, query
│ │ │ │ │ + response to detected
│ │ │ │ │ + congestion.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous iterative
│ │ │ │ │ + queries allowed to be sent
│ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_s_e_r_v_e_r by a server to an upstream server, query
│ │ │ │ │ + name server before the
│ │ │ │ │ + server blocks additional
│ │ │ │ │ + queries.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous iterative
│ │ │ │ │ +_f_e_t_c_h_e_s_-_p_e_r_-_z_o_n_e queries allowed to any one server, query
│ │ │ │ │ + domain before the server
│ │ │ │ │ + blocks new queries for data
│ │ │ │ │ + in or beneath that zone.
│ │ │ │ │ +_f_i_l_e Specifies the zone's zone
│ │ │ │ │ + filename.
│ │ │ │ │ + Controls whether pending
│ │ │ │ │ +_f_l_u_s_h_-_z_o_n_e_s_-_o_n_-_s_h_u_t_d_o_w_n zone writes are flushed when zone
│ │ │ │ │ + the name server exits.
│ │ │ │ │ + Allows or disallows fallback
│ │ │ │ │ + to recursion if forwarding
│ │ │ │ │ +_f_o_r_w_a_r_d has failed; it is always query
│ │ │ │ │ + used in conjunction with the
│ │ │ │ │ + _f_o_r_w_a_r_d_e_r_s statement.
│ │ │ │ │ +_f_o_r_w_a_r_d_e_r_s Defines one or more hosts to query
│ │ │ │ │ + which queries are forwarded.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_b_u_f_f_e_r_-_h_i_n_t accumulated bytes in the logging
│ │ │ │ │ + output buffer before forcing
│ │ │ │ │ + a buffer flush.
│ │ │ │ │ + Sets the number of seconds
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_f_l_u_s_h_-_t_i_m_e_o_u_t that unflushed data remains logging
│ │ │ │ │ + in the output buffer.
│ │ │ │ │ + Sets the number of queue
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_i_n_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries to allocate for each logging
│ │ │ │ │ + input queue.
│ │ │ │ │ + Sets the number of
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_n_o_t_i_f_y_- outstanding queue entries
│ │ │ │ │ +_t_h_r_e_s_h_o_l_d allowed on an input queue logging
│ │ │ │ │ + before waking the I/
│ │ │ │ │ + O thread.
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_m_o_d_e_l Sets the queuing semantics logging
│ │ │ │ │ + to use for queue objects.
│ │ │ │ │ + Sets the number of queue
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_o_u_t_p_u_t_-_q_u_e_u_e_-_s_i_z_e entries allocated for each logging
│ │ │ │ │ + output queue.
│ │ │ │ │ + Sets the number of seconds
│ │ │ │ │ +_f_s_t_r_m_-_s_e_t_-_r_e_o_p_e_n_-_i_n_t_e_r_v_a_l to wait between attempts to logging
│ │ │ │ │ + reopen a closed output
│ │ │ │ │ + stream.
│ │ │ │ │ + Specifies the directory
│ │ │ │ │ +_g_e_o_i_p_-_d_i_r_e_c_t_o_r_y containing GeoIP database server
│ │ │ │ │ + files.
│ │ │ │ │ + Sets the interval at which
│ │ │ │ │ +_h_e_a_r_t_b_e_a_t_-_i_n_t_e_r_v_a_l the server performs zone deprecated
│ │ │ │ │ + maintenance tasks for all
│ │ │ │ │ + zones marked as _d_i_a_l_u_p.
│ │ │ │ │ + Specifies the hostname of
│ │ │ │ │ +_h_o_s_t_n_a_m_e the server to return in server
│ │ │ │ │ + response to a hostname.bind
│ │ │ │ │ + query.
│ │ │ │ │ + Configures HTTP endpoints on
│ │ │ │ │ +_h_t_t_p which to listen for DNS- server, query
│ │ │ │ │ + over-HTTPS (DoH) queries.
│ │ │ │ │ + Limits the number of active
│ │ │ │ │ +_h_t_t_p_-_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s concurrent connections on a server
│ │ │ │ │ + per-listener basis.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +_h_t_t_p_-_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send unencrypted
│ │ │ │ │ + DNS traffic via HTTP.
│ │ │ │ │ + Limits the number of active
│ │ │ │ │ +_h_t_t_p_-_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n concurrent HTTP/2 streams on server
│ │ │ │ │ + a per-connection basis.
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +_h_t_t_p_s_-_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send DNS-over-
│ │ │ │ │ + HTTPS protocol traffic.
│ │ │ │ │ +_i_n_-_v_i_e_w Specifies the view in which view, zone
│ │ │ │ │ + a given zone is defined.
│ │ │ │ │ +_i_n_e_t Specifies a TCP socket as a server
│ │ │ │ │ + control channel.
│ │ │ │ │ + Specifies whether BIND 9
│ │ │ │ │ +_i_n_l_i_n_e_-_s_i_g_n_i_n_g maintains a separate signed dnssec, zone
│ │ │ │ │ + version of a zone.
│ │ │ │ │ + Sets the interval at which
│ │ │ │ │ +_i_n_t_e_r_f_a_c_e_-_i_n_t_e_r_v_a_l the server scans the network server
│ │ │ │ │ + interface list.
│ │ │ │ │ +_i_p_v_4_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server
│ │ │ │ │ + of IPv4 address blocks.
│ │ │ │ │ + Specifies the contact for
│ │ │ │ │ +_i_p_v_4_o_n_l_y_-_c_o_n_t_a_c_t the IPV4ONLY.ARPA zone server
│ │ │ │ │ + created by _d_n_s_6_4.
│ │ │ │ │ + Enables automatic IPv4 zones
│ │ │ │ │ +_i_p_v_4_o_n_l_y_-_e_n_a_b_l_e if a _d_n_s_6_4 block is query
│ │ │ │ │ + configured.
│ │ │ │ │ + Specifies the name of the
│ │ │ │ │ +_i_p_v_4_o_n_l_y_-_s_e_r_v_e_r server for the IPV4ONLY.ARPA server, query
│ │ │ │ │ + zone created by _d_n_s_6_4.
│ │ │ │ │ +_i_p_v_6_-_p_r_e_f_i_x_-_l_e_n_g_t_h Specifies the prefix lengths server
│ │ │ │ │ + of IPv6 address blocks.
│ │ │ │ │ +_i_x_f_r_-_f_r_o_m_-_d_i_f_f_e_r_e_n_c_e_s Controls how IXFR transfers transfer
│ │ │ │ │ + are calculated.
│ │ │ │ │ +_j_o_u_r_n_a_l Allows the default journal's zone
│ │ │ │ │ + filename to be overridden.
│ │ │ │ │ + Defines a shared secret key
│ │ │ │ │ +_k_e_y for use with _T_S_I_G or the security
│ │ │ │ │ + command channel.
│ │ │ │ │ + Indicates the directory
│ │ │ │ │ +_k_e_y_-_d_i_r_e_c_t_o_r_y where public and private dnssec
│ │ │ │ │ + DNSSEC key files are found.
│ │ │ │ │ + Specifies the path to a file
│ │ │ │ │ +_k_e_y_-_f_i_l_e containing the private TLS server, security
│ │ │ │ │ + key for a connection.
│ │ │ │ │ + Specifies one or more
│ │ │ │ │ +_k_e_y_s _s_e_r_v_e_r___k_e_y s to be used with server, security
│ │ │ │ │ + a remote server.
│ │ │ │ │ +_l_a_m_e_-_t_t_l Sets the resolver's lame server
│ │ │ │ │ + cache.
│ │ │ │ │ + Specifies the IPv4 addresses
│ │ │ │ │ +_l_i_s_t_e_n_-_o_n on which a server listens server
│ │ │ │ │ + for DNS queries.
│ │ │ │ │ + Specifies the IPv6 addresses
│ │ │ │ │ +_l_i_s_t_e_n_-_o_n_-_v_6 on which a server listens server
│ │ │ │ │ + for DNS queries.
│ │ │ │ │ + Specifies a per-listener
│ │ │ │ │ +_l_i_s_t_e_n_e_r_-_c_l_i_e_n_t_s quota for active server, query
│ │ │ │ │ + connections.
│ │ │ │ │ + Sets a maximum size for the
│ │ │ │ │ +_l_m_d_b_-_m_a_p_s_i_z_e memory map of the new-zone server
│ │ │ │ │ + database in LMDB database
│ │ │ │ │ + format.
│ │ │ │ │ + Tests rate-limiting
│ │ │ │ │ +_l_o_g_-_o_n_l_y parameters without actually logging, query
│ │ │ │ │ + dropping any requests.
│ │ │ │ │ +_l_o_g_g_i_n_g Configures logging options logging
│ │ │ │ │ + for the name server.
│ │ │ │ │ +_m_a_n_a_g_e_d_-_k_e_y_s deprecated
│ │ │ │ │ + Specifies the directory in
│ │ │ │ │ +_m_a_n_a_g_e_d_-_k_e_y_s_-_d_i_r_e_c_t_o_r_y which to store the files dnssec
│ │ │ │ │ + that track managed DNSSEC
│ │ │ │ │ + keys.
│ │ │ │ │ + Specifies an access control
│ │ │ │ │ + list (ACL) of IPv4 addresses
│ │ │ │ │ +_m_a_p_p_e_d that are to be mapped to the query
│ │ │ │ │ + corresponding A RRset in
│ │ │ │ │ + _d_n_s_6_4.
│ │ │ │ │ +_m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t Specifies the file format of server, zone
│ │ │ │ │ + zone files.
│ │ │ │ │ + Specifies the format of zone
│ │ │ │ │ +_m_a_s_t_e_r_f_i_l_e_-_s_t_y_l_e files during a dump, when server
│ │ │ │ │ + the _m_a_s_t_e_r_f_i_l_e_-_f_o_r_m_a_t is
│ │ │ │ │ + text.
│ │ │ │ │ + Specifies a view of DNS
│ │ │ │ │ +_m_a_t_c_h_-_c_l_i_e_n_t_s namespace for a given subset view
│ │ │ │ │ + of client IP addresses.
│ │ │ │ │ + Specifies a view of DNS
│ │ │ │ │ +_m_a_t_c_h_-_d_e_s_t_i_n_a_t_i_o_n_s namespace for a given subset view
│ │ │ │ │ + of destination IP addresses.
│ │ │ │ │ + Allows IPv4-mapped IPv6
│ │ │ │ │ + addresses to match address-
│ │ │ │ │ +_m_a_t_c_h_-_m_a_p_p_e_d_-_a_d_d_r_e_s_s_e_s match list entries for server
│ │ │ │ │ + corresponding IPv4
│ │ │ │ │ + addresses.
│ │ │ │ │ + Specifies that only
│ │ │ │ │ +_m_a_t_c_h_-_r_e_c_u_r_s_i_v_e_-_o_n_l_y recursive requests can match view
│ │ │ │ │ + this view of the DNS
│ │ │ │ │ + namespace.
│ │ │ │ │ + Sets the maximum amount of
│ │ │ │ │ +_m_a_x_-_c_a_c_h_e_-_s_i_z_e memory to use for an server
│ │ │ │ │ + individual cache database
│ │ │ │ │ + and its associated metadata.
│ │ │ │ │ + Specifies the maximum time
│ │ │ │ │ +_m_a_x_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server
│ │ │ │ │ + caches ordinary (positive)
│ │ │ │ │ + answers.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + simultaneous recursive
│ │ │ │ │ +_m_a_x_-_c_l_i_e_n_t_s_-_p_e_r_-_q_u_e_r_y clients accepted by the server
│ │ │ │ │ + server for any given query
│ │ │ │ │ + before the server drops
│ │ │ │ │ + additional clients.
│ │ │ │ │ + Sets the maximum size for
│ │ │ │ │ +_m_a_x_-_i_x_f_r_-_r_a_t_i_o IXFR responses to zone transfer
│ │ │ │ │ + transfer requests.
│ │ │ │ │ +_m_a_x_-_j_o_u_r_n_a_l_-_s_i_z_e Controls the size of journal transfer
│ │ │ │ │ + files.
│ │ │ │ │ + Specifies the maximum
│ │ │ │ │ + retention time (in seconds)
│ │ │ │ │ +_m_a_x_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ + answers in the server's
│ │ │ │ │ + cache.
│ │ │ │ │ +_m_a_x_-_r_e_c_o_r_d_s Sets the maximum number of server, zone
│ │ │ │ │ + records permitted in a zone.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ + levels of recursion
│ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_d_e_p_t_h permitted at any one time server
│ │ │ │ │ + while servicing a recursive
│ │ │ │ │ + query.
│ │ │ │ │ + Sets the maximum number of
│ │ │ │ │ +_m_a_x_-_r_e_c_u_r_s_i_o_n_-_q_u_e_r_i_e_s iterative queries while server, query
│ │ │ │ │ + servicing a recursive query.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_a_x_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no less often transfer
│ │ │ │ │ + than the specified value, in
│ │ │ │ │ + seconds.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_a_x_-_r_e_t_r_y_-_t_i_m_e retry interval to no less transfer
│ │ │ │ │ + often than the specified
│ │ │ │ │ + value, in seconds.
│ │ │ │ │ + Sets the maximum RSA
│ │ │ │ │ +_m_a_x_-_r_s_a_-_e_x_p_o_n_e_n_t_-_s_i_z_e exponent size (in bits) when dnssec, query
│ │ │ │ │ + validating.
│ │ │ │ │ + Specifies the maximum time
│ │ │ │ │ + that the server retains
│ │ │ │ │ +_m_a_x_-_s_t_a_l_e_-_t_t_l records past their normal server
│ │ │ │ │ + expiry, to return them as
│ │ │ │ │ + stale records.
│ │ │ │ │ + Sets the maximum size of the
│ │ │ │ │ +_m_a_x_-_t_a_b_l_e_-_s_i_z_e table used to track requests server
│ │ │ │ │ + and rate-limit responses.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ + zone transfers making no
│ │ │ │ │ + progress are terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_i_d_l_e_-_o_u_t minutes after which outbound transfer
│ │ │ │ │ + zone transfers making no
│ │ │ │ │ + progress are terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_i_n minutes after which inbound transfer
│ │ │ │ │ + zone transfers are
│ │ │ │ │ + terminated.
│ │ │ │ │ + Specifies the number of
│ │ │ │ │ +_m_a_x_-_t_r_a_n_s_f_e_r_-_t_i_m_e_-_o_u_t minutes after which outbound transfer
│ │ │ │ │ + zone transfers are
│ │ │ │ │ + terminated.
│ │ │ │ │ +_m_a_x_-_u_d_p_-_s_i_z_e Sets the maximum EDNS UDP query
│ │ │ │ │ + message size sent by _n_a_m_e_d.
│ │ │ │ │ + Set the maximum number of
│ │ │ │ │ +_m_a_x_-_v_a_l_i_d_a_t_i_o_n_-_f_a_i_l_u_r_e_s_-_p_e_r_- DNSSEC validation failures server
│ │ │ │ │ +_f_e_t_c_h that can happen in single
│ │ │ │ │ + fetch
│ │ │ │ │ + Set the maximum number of
│ │ │ │ │ +_m_a_x_-_v_a_l_i_d_a_t_i_o_n_s_-_p_e_r_-_f_e_t_c_h DNSSEC validations that can server
│ │ │ │ │ + happen in single fetch
│ │ │ │ │ + Specifies a maximum
│ │ │ │ │ +_m_a_x_-_z_o_n_e_-_t_t_l permissible time-to-live deprecated
│ │ │ │ │ + (TTL) value, in seconds.
│ │ │ │ │ + Controls whether memory
│ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s statistics are written to server, logging
│ │ │ │ │ + the file specified by
│ │ │ │ │ + _m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e at exit.
│ │ │ │ │ + Sets the pathname of the
│ │ │ │ │ +_m_e_m_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e file where the server writes logging
│ │ │ │ │ + memory usage statistics on
│ │ │ │ │ + exit.
│ │ │ │ │ + Controls whether DNS name
│ │ │ │ │ +_m_e_s_s_a_g_e_-_c_o_m_p_r_e_s_s_i_o_n compression is used in query
│ │ │ │ │ + responses to regular
│ │ │ │ │ + queries.
│ │ │ │ │ + Specifies the minimum time
│ │ │ │ │ +_m_i_n_-_c_a_c_h_e_-_t_t_l (in seconds) that the server server
│ │ │ │ │ + caches ordinary (positive)
│ │ │ │ │ + answers.
│ │ │ │ │ + Specifies the minimum
│ │ │ │ │ + retention time (in seconds)
│ │ │ │ │ +_m_i_n_-_n_c_a_c_h_e_-_t_t_l for storage of negative server
│ │ │ │ │ + answers in the server's
│ │ │ │ │ + cache.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_i_n_-_r_e_f_r_e_s_h_-_t_i_m_e interval to no more often transfer
│ │ │ │ │ + than the specified value, in
│ │ │ │ │ + seconds.
│ │ │ │ │ + Limits the zone refresh
│ │ │ │ │ +_m_i_n_-_r_e_t_r_y_-_t_i_m_e retry interval to no more transfer
│ │ │ │ │ + often than the specified
│ │ │ │ │ + value, in seconds.
│ │ │ │ │ + Sets the minimum size of the
│ │ │ │ │ +_m_i_n_-_t_a_b_l_e_-_s_i_z_e table used to track requests query
│ │ │ │ │ + and rate-limit responses.
│ │ │ │ │ + Controls whether the server
│ │ │ │ │ + replies with only one of the
│ │ │ │ │ +_m_i_n_i_m_a_l_-_a_n_y RRsets for a query name, query
│ │ │ │ │ + when generating a positive
│ │ │ │ │ + response to a query of type
│ │ │ │ │ + ANY over UDP.
│ │ │ │ │ + Controls whether the server
│ │ │ │ │ + only adds records to the
│ │ │ │ │ + authority and additional
│ │ │ │ │ +_m_i_n_i_m_a_l_-_r_e_s_p_o_n_s_e_s data sections when they are query
│ │ │ │ │ + required (e.g. delegations,
│ │ │ │ │ + negative responses). This
│ │ │ │ │ + improves server performance.
│ │ │ │ │ + Controls whether serial
│ │ │ │ │ +_m_u_l_t_i_-_m_a_s_t_e_r number mismatch errors are transfer
│ │ │ │ │ + logged.
│ │ │ │ │ + Specifies the directory
│ │ │ │ │ +_n_e_w_-_z_o_n_e_s_-_d_i_r_e_c_t_o_r_y where configuration zone
│ │ │ │ │ + parameters are stored for
│ │ │ │ │ + zones added by _r_n_d_c_ _a_d_d_z_o_n_e.
│ │ │ │ │ + Specifies a list of
│ │ │ │ │ +_n_o_-_c_a_s_e_-_c_o_m_p_r_e_s_s addresses that require case- server
│ │ │ │ │ + insensitive compression in
│ │ │ │ │ + responses.
│ │ │ │ │ + Sets the maximum size of UDP
│ │ │ │ │ +_n_o_c_o_o_k_i_e_-_u_d_p_-_s_i_z_e responses that are sent to query
│ │ │ │ │ + queries without a valid
│ │ │ │ │ + server COOKIE.
│ │ │ │ │ + Limits the number of empty
│ │ │ │ │ +_n_o_d_a_t_a_-_p_e_r_-_s_e_c_o_n_d (NODATA) responses for a query
│ │ │ │ │ + valid domain name.
│ │ │ │ │ + Controls whether NOTIFY
│ │ │ │ │ +_n_o_t_i_f_y messages are sent on zone transfer
│ │ │ │ │ + changes.
│ │ │ │ │ + Sets the delay (in seconds)
│ │ │ │ │ +_n_o_t_i_f_y_-_d_e_l_a_y between sending sets of zone, transfer
│ │ │ │ │ + NOTIFY messages for a zone.
│ │ │ │ │ + Specifies the rate at which
│ │ │ │ │ +_n_o_t_i_f_y_-_r_a_t_e NOTIFY requests are sent zone, transfer
│ │ │ │ │ + during normal zone
│ │ │ │ │ + maintenance operations.
│ │ │ │ │ + Defines the IPv4 address
│ │ │ │ │ +_n_o_t_i_f_y_-_s_o_u_r_c_e (and optional port) to be transfer
│ │ │ │ │ + used for outgoing NOTIFY
│ │ │ │ │ + messages.
│ │ │ │ │ + Defines the IPv6 address
│ │ │ │ │ +_n_o_t_i_f_y_-_s_o_u_r_c_e_-_v_6 (and optional port) to be transfer
│ │ │ │ │ + used for outgoing NOTIFY
│ │ │ │ │ + messages.
│ │ │ │ │ + Controls whether the name
│ │ │ │ │ +_n_o_t_i_f_y_-_t_o_-_s_o_a servers in the NS RRset are transfer
│ │ │ │ │ + checked against the SOA
│ │ │ │ │ + MNAME.
│ │ │ │ │ + Specifies the use of NSEC3
│ │ │ │ │ +_n_s_e_c_3_p_a_r_a_m instead of NSEC, and sets dnssec
│ │ │ │ │ + NSEC3 parameters.
│ │ │ │ │ + Specifies the lifetime, in
│ │ │ │ │ +_n_t_a_-_l_i_f_e_t_i_m_e seconds, for negative trust dnssec
│ │ │ │ │ + anchors added via _r_n_d_c_ _n_t_a.
│ │ │ │ │ + Specifies the time interval
│ │ │ │ │ + for checking whether
│ │ │ │ │ +_n_t_a_-_r_e_c_h_e_c_k negative trust anchors added dnssec
│ │ │ │ │ + via _r_n_d_c_ _n_t_a are still
│ │ │ │ │ + necessary.
│ │ │ │ │ + Causes all messages sent to
│ │ │ │ │ +_n_u_l_l the logging channel to be logging
│ │ │ │ │ + discarded.
│ │ │ │ │ + Appends the specified suffix
│ │ │ │ │ +_n_x_d_o_m_a_i_n_-_r_e_d_i_r_e_c_t to the original query name, query
│ │ │ │ │ + when replacing an NXDOMAIN
│ │ │ │ │ + with a redirect namespace.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_n_x_d_o_m_a_i_n_s_-_p_e_r_-_s_e_c_o_n_d undefined subdomains for a query
│ │ │ │ │ + valid domain name.
│ │ │ │ │ +_o_p_t_i_o_n_s Defines global options to be server
│ │ │ │ │ + used by BIND 9.
│ │ │ │ │ + Adds EDNS Padding options to
│ │ │ │ │ +_p_a_d_d_i_n_g outgoing messages to server
│ │ │ │ │ + increase the packet size.
│ │ │ │ │ + Sets the time to live (TTL)
│ │ │ │ │ +_p_a_r_e_n_t_-_d_s_-_t_t_l of the DS RRset used by the dnssec
│ │ │ │ │ + parent zone.
│ │ │ │ │ + Sets the propagation delay
│ │ │ │ │ + from the time the parent
│ │ │ │ │ +_p_a_r_e_n_t_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y zone is updated to when the dnssec, zone
│ │ │ │ │ + new version is served by all
│ │ │ │ │ + of the parent zone's name
│ │ │ │ │ + servers.
│ │ │ │ │ + Defines a list of delegation
│ │ │ │ │ +_p_a_r_e_n_t_a_l_-_a_g_e_n_t_s agents to be used by primary zone
│ │ │ │ │ + and secondary zones.
│ │ │ │ │ + Specifies which local IPv4
│ │ │ │ │ +_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e source address is used to dnssec
│ │ │ │ │ + send parental DS queries.
│ │ │ │ │ + Specifies which local IPv6
│ │ │ │ │ +_p_a_r_e_n_t_a_l_-_s_o_u_r_c_e_-_v_6 source address is used to dnssec
│ │ │ │ │ + send parental DS queries.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +_p_i_d_-_f_i_l_e the file where the server server
│ │ │ │ │ + writes its process ID.
│ │ │ │ │ +_p_l_u_g_i_n Configures plugins in server
│ │ │ │ │ + _n_a_m_e_d_._c_o_n_f.
│ │ │ │ │ + Specifies the UDP/TCP port
│ │ │ │ │ +_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send DNS
│ │ │ │ │ + protocol traffic.
│ │ │ │ │ + Specifies that server
│ │ │ │ │ +_p_r_e_f_e_r_-_s_e_r_v_e_r_-_c_i_p_h_e_r_s ciphers should be preferred server, security
│ │ │ │ │ + over client ones.
│ │ │ │ │ + Controls the order of glue
│ │ │ │ │ +_p_r_e_f_e_r_r_e_d_-_g_l_u_e records in an A or AAAA query
│ │ │ │ │ + response.
│ │ │ │ │ + Specifies the "trigger"
│ │ │ │ │ +_p_r_e_f_e_t_c_h time-to-live (TTL) value at query
│ │ │ │ │ + which prefetch of the
│ │ │ │ │ + current query takes place.
│ │ │ │ │ +_p_r_i_m_a_r_i_e_s Defines one or more primary zone
│ │ │ │ │ + servers for a zone.
│ │ │ │ │ +_p_r_i_n_t_-_c_a_t_e_g_o_r_y Includes the category in log logging
│ │ │ │ │ + messages.
│ │ │ │ │ +_p_r_i_n_t_-_s_e_v_e_r_i_t_y Includes the severity in log logging
│ │ │ │ │ + messages.
│ │ │ │ │ +_p_r_i_n_t_-_t_i_m_e Specifies the time format logging
│ │ │ │ │ + for log messages.
│ │ │ │ │ + Specifies the allowed
│ │ │ │ │ +_p_r_o_t_o_c_o_l_s versions of the TLS security
│ │ │ │ │ + protocol.
│ │ │ │ │ + Controls whether a primary
│ │ │ │ │ + responds to an incremental
│ │ │ │ │ +_p_r_o_v_i_d_e_-_i_x_f_r zone request (IXFR) or only transfer
│ │ │ │ │ + responds with a full zone
│ │ │ │ │ + transfer (AXFR).
│ │ │ │ │ + Increases the amount of time
│ │ │ │ │ + between when keys are
│ │ │ │ │ +_p_u_b_l_i_s_h_-_s_a_f_e_t_y published and when they dnssec
│ │ │ │ │ + become active, to allow for
│ │ │ │ │ + unforeseen events.
│ │ │ │ │ + Specifies the amount of time
│ │ │ │ │ + after which DNSSEC keys that
│ │ │ │ │ +_p_u_r_g_e_-_k_e_y_s have been deleted from the dnssec
│ │ │ │ │ + zone can be removed from
│ │ │ │ │ + disk.
│ │ │ │ │ + Controls QNAME minimization
│ │ │ │ │ +_q_n_a_m_e_-_m_i_n_i_m_i_z_a_t_i_o_n behavior in the BIND 9 query
│ │ │ │ │ + resolver.
│ │ │ │ │ + Tightens defenses during DNS
│ │ │ │ │ +_q_p_s_-_s_c_a_l_e attacks by scaling back the query
│ │ │ │ │ + ratio of the current query-
│ │ │ │ │ + per-second rate.
│ │ │ │ │ + Controls the IPv4 address
│ │ │ │ │ +_q_u_e_r_y_-_s_o_u_r_c_e from which queries are query
│ │ │ │ │ + issued.
│ │ │ │ │ + Controls the IPv6 address
│ │ │ │ │ +_q_u_e_r_y_-_s_o_u_r_c_e_-_v_6 from which queries are query
│ │ │ │ │ + issued.
│ │ │ │ │ + Specifies whether query
│ │ │ │ │ +_q_u_e_r_y_l_o_g logging should be active server, logging
│ │ │ │ │ + when _n_a_m_e_d first starts.
│ │ │ │ │ + Controls excessive UDP
│ │ │ │ │ + responses, to prevent BIND 9
│ │ │ │ │ +_r_a_t_e_-_l_i_m_i_t from being used to amplify query
│ │ │ │ │ + reflection denial-of-service
│ │ │ │ │ + (DoS) attacks.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ + the file where the server
│ │ │ │ │ +_r_e_c_u_r_s_i_n_g_-_f_i_l_e dumps queries that are server
│ │ │ │ │ + currently recursing via _r_n_d_c
│ │ │ │ │ + _r_e_c_u_r_s_i_n_g.
│ │ │ │ │ +_r_e_c_u_r_s_i_o_n Defines whether recursion query
│ │ │ │ │ + and caching are allowed.
│ │ │ │ │ + Specifies the maximum number
│ │ │ │ │ +_r_e_c_u_r_s_i_v_e_-_c_l_i_e_n_t_s of concurrent recursive query
│ │ │ │ │ + queries the server can
│ │ │ │ │ + perform.
│ │ │ │ │ + Toggles whether _d_n_s_6_4
│ │ │ │ │ +_r_e_c_u_r_s_i_v_e_-_o_n_l_y synthesis occurs only for query
│ │ │ │ │ + recursive queries.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_r_e_f_e_r_r_a_l_s_-_p_e_r_-_s_e_c_o_n_d referrals or delegations to query
│ │ │ │ │ + a server for a given domain.
│ │ │ │ │ + Specifies the expected
│ │ │ │ │ +_r_e_m_o_t_e_-_h_o_s_t_n_a_m_e hostname in the TLS security
│ │ │ │ │ + certificate of the remote
│ │ │ │ │ + server.
│ │ │ │ │ + Specifies whether the local
│ │ │ │ │ +_r_e_q_u_e_s_t_-_e_x_p_i_r_e server requests the EDNS transfer, query
│ │ │ │ │ + EXPIRE value, when acting as
│ │ │ │ │ + a secondary.
│ │ │ │ │ + Controls whether a secondary
│ │ │ │ │ +_r_e_q_u_e_s_t_-_i_x_f_r requests an incremental zone transfer
│ │ │ │ │ + transfer (IXFR) or a full
│ │ │ │ │ + zone transfer (AXFR).
│ │ │ │ │ + Controls whether an empty
│ │ │ │ │ + EDNS(0) NSID (Name Server
│ │ │ │ │ +_r_e_q_u_e_s_t_-_n_s_i_d Identifier) option is sent query
│ │ │ │ │ + with all queries to
│ │ │ │ │ + authoritative name servers
│ │ │ │ │ + during iterative resolution.
│ │ │ │ │ + Controls whether responses
│ │ │ │ │ +_r_e_q_u_i_r_e_-_c_o_o_k_i_e without a server cookie are query
│ │ │ │ │ + accepted
│ │ │ │ │ + Controls whether a valid
│ │ │ │ │ +_r_e_q_u_i_r_e_-_s_e_r_v_e_r_-_c_o_o_k_i_e server cookie is required query
│ │ │ │ │ + before sending a full
│ │ │ │ │ + response to a UDP request.
│ │ │ │ │ + Specifies the length of
│ │ │ │ │ + time, in milliseconds, that
│ │ │ │ │ +_r_e_s_o_l_v_e_r_-_q_u_e_r_y_-_t_i_m_e_o_u_t a resolver attempts to query
│ │ │ │ │ + resolve a recursive query
│ │ │ │ │ + before failing.
│ │ │ │ │ + Specifies whether to apply
│ │ │ │ │ +_r_e_s_o_l_v_e_r_-_u_s_e_-_d_n_s_6_4 DNS64 mappings when sending server
│ │ │ │ │ + queries.
│ │ │ │ │ + Adds an EDNS Padding option
│ │ │ │ │ + to encrypted messages, to
│ │ │ │ │ +_r_e_s_p_o_n_s_e_-_p_a_d_d_i_n_g reduce the chance of query
│ │ │ │ │ + guessing the contents based
│ │ │ │ │ + on size.
│ │ │ │ │ + Specifies response policy server, zone, query,
│ │ │ │ │ +_r_e_s_p_o_n_s_e_-_p_o_l_i_c_y zones for the view or among security
│ │ │ │ │ + global options.
│ │ │ │ │ + Limits the number of non-
│ │ │ │ │ +_r_e_s_p_o_n_s_e_s_-_p_e_r_-_s_e_c_o_n_d empty responses for a valid query
│ │ │ │ │ + domain name and record type.
│ │ │ │ │ + Increases the amount of time
│ │ │ │ │ + a key remains published
│ │ │ │ │ +_r_e_t_i_r_e_-_s_a_f_e_t_y after it is no longer dnssec
│ │ │ │ │ + active, to allow for
│ │ │ │ │ + unforeseen events.
│ │ │ │ │ +_r_e_u_s_e_p_o_r_t Enables kernel load- server
│ │ │ │ │ + balancing of sockets.
│ │ │ │ │ + Controls whether BIND 9
│ │ │ │ │ +_r_o_o_t_-_k_e_y_-_s_e_n_t_i_n_e_l responds to root key server
│ │ │ │ │ + sentinel probes.
│ │ │ │ │ + Defines the order in which
│ │ │ │ │ +_r_r_s_e_t_-_o_r_d_e_r equal RRs (RRsets) are query
│ │ │ │ │ + returned.
│ │ │ │ │ + Specifies whether a
│ │ │ │ │ +_s_e_a_r_c_h Dynamically Loadable Zone query
│ │ │ │ │ + (DLZ) module is queried for
│ │ │ │ │ + an answer to a query name.
│ │ │ │ │ + Defines a Base64-encoded
│ │ │ │ │ +_s_e_c_r_e_t string to be used as the security
│ │ │ │ │ + secret by the algorithm.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +_s_e_c_r_o_o_t_s_-_f_i_l_e the file where the server dnssec
│ │ │ │ │ + dumps security roots, when
│ │ │ │ │ + using _r_n_d_c_ _s_e_c_r_o_o_t_s.
│ │ │ │ │ + Controls whether a COOKIE
│ │ │ │ │ +_s_e_n_d_-_c_o_o_k_i_e EDNS option is sent along query
│ │ │ │ │ + with a query.
│ │ │ │ │ + Defines an upper limit on
│ │ │ │ │ + the number of queries per
│ │ │ │ │ +_s_e_r_i_a_l_-_q_u_e_r_y_-_r_a_t_e second issued by the server, transfer
│ │ │ │ │ + when querying the SOA RRs
│ │ │ │ │ + used for zone transfers.
│ │ │ │ │ + Specifies the update method
│ │ │ │ │ +_s_e_r_i_a_l_-_u_p_d_a_t_e_-_m_e_t_h_o_d to be used for the zone zone
│ │ │ │ │ + serial number in the SOA
│ │ │ │ │ + record.
│ │ │ │ │ + Defines characteristics to
│ │ │ │ │ +_s_e_r_v_e_r be associated with a remote server
│ │ │ │ │ + name server.
│ │ │ │ │ + Specifies a list of IP
│ │ │ │ │ + addresses to which queries
│ │ │ │ │ +_s_e_r_v_e_r_-_a_d_d_r_e_s_s_e_s should be sent in recursive zone, query
│ │ │ │ │ + resolution for a static-stub
│ │ │ │ │ + zone.
│ │ │ │ │ + Specifies the ID of the
│ │ │ │ │ +_s_e_r_v_e_r_-_i_d server to return in response server
│ │ │ │ │ + to a ID.SERVER query.
│ │ │ │ │ + Specifies a list of domain
│ │ │ │ │ +_s_e_r_v_e_r_-_n_a_m_e_s names of name servers that zone
│ │ │ │ │ + act as authoritative servers
│ │ │ │ │ + of a static-stub zone.
│ │ │ │ │ + Sets the length of time (in
│ │ │ │ │ +_s_e_r_v_f_a_i_l_-_t_t_l seconds) that a SERVFAIL server
│ │ │ │ │ + response is cached.
│ │ │ │ │ + Specifies the algorithm to
│ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_a_l_g use for the TSIG session security
│ │ │ │ │ + key.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ + the file where a TSIG
│ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_f_i_l_e session key is written, when security
│ │ │ │ │ + generated by _n_a_m_e_d for use
│ │ │ │ │ + by nsupdate -l.
│ │ │ │ │ +_s_e_s_s_i_o_n_-_k_e_y_n_a_m_e Specifies the key name for security
│ │ │ │ │ + the TSIG session key.
│ │ │ │ │ + Enables or disables session
│ │ │ │ │ +_s_e_s_s_i_o_n_-_t_i_c_k_e_t_s resumption through TLS security
│ │ │ │ │ + session tickets.
│ │ │ │ │ +_s_e_v_e_r_i_t_y Defines the priority level logging
│ │ │ │ │ + of log messages.
│ │ │ │ │ + Specifies the maximum number
│ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_n_o_d_e_s of nodes to be examined in dnssec
│ │ │ │ │ + each quantum, when signing a
│ │ │ │ │ + zone with a new DNSKEY.
│ │ │ │ │ + Specifies the threshold for
│ │ │ │ │ + the number of signatures
│ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_s_i_g_n_a_t_u_r_e_s that terminates processing a dnssec
│ │ │ │ │ + quantum, when signing a zone
│ │ │ │ │ + with a new DNSKEY.
│ │ │ │ │ + Specifies a private RDATA
│ │ │ │ │ +_s_i_g_-_s_i_g_n_i_n_g_-_t_y_p_e type to use when generating dnssec
│ │ │ │ │ + signing-state records.
│ │ │ │ │ +_s_i_g_-_v_a_l_i_d_i_t_y_-_i_n_t_e_r_v_a_l obsolete
│ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_r_e_f_r_e_s_h Specifies how frequently an dnssec
│ │ │ │ │ + RRSIG record is refreshed.
│ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y Indicates the validity dnssec
│ │ │ │ │ + period of an RRSIG record.
│ │ │ │ │ +_s_i_g_n_a_t_u_r_e_s_-_v_a_l_i_d_i_t_y_-_d_n_s_k_e_y Indicates the validity dnssec
│ │ │ │ │ + period of DNSKEY records.
│ │ │ │ │ + Sets the number of "slipped"
│ │ │ │ │ +_s_l_i_p responses to minimize the query
│ │ │ │ │ + use of forged source
│ │ │ │ │ + addresses for an attack.
│ │ │ │ │ + Controls the ordering of RRs
│ │ │ │ │ +_s_o_r_t_l_i_s_t returned to the client, query
│ │ │ │ │ + based on the client's IP
│ │ │ │ │ + address.
│ │ │ │ │ + Defines the amount of time
│ │ │ │ │ + (in milliseconds) that _n_a_m_e_d
│ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_c_l_i_e_n_t_-_t_i_m_e_o_u_t waits before attempting to server, query
│ │ │ │ │ + answer a query with a stale
│ │ │ │ │ + RRset from cache.
│ │ │ │ │ + Enables the returning of
│ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_e_n_a_b_l_e "stale" cached answers when server, query
│ │ │ │ │ + the name servers for a zone
│ │ │ │ │ + are not answering.
│ │ │ │ │ + Specifies the time to live
│ │ │ │ │ +_s_t_a_l_e_-_a_n_s_w_e_r_-_t_t_l (TTL) to be returned on query
│ │ │ │ │ + stale answers, in seconds.
│ │ │ │ │ +_s_t_a_l_e_-_c_a_c_h_e_-_e_n_a_b_l_e Enables the retention of server, query
│ │ │ │ │ + "stale" cached answers.
│ │ │ │ │ + Sets the time window for the
│ │ │ │ │ + return of "stale" cached
│ │ │ │ │ +_s_t_a_l_e_-_r_e_f_r_e_s_h_-_t_i_m_e answers before the next server, query
│ │ │ │ │ + attempt to contact, if the
│ │ │ │ │ + name servers for a given
│ │ │ │ │ + zone are not responding.
│ │ │ │ │ + Specifies the rate at which
│ │ │ │ │ + NOTIFY requests are sent
│ │ │ │ │ +_s_t_a_r_t_u_p_-_n_o_t_i_f_y_-_r_a_t_e when the name server is zone, transfer
│ │ │ │ │ + first starting, or when new
│ │ │ │ │ + zones have been added.
│ │ │ │ │ + Specifies the communication
│ │ │ │ │ + channels to be used by
│ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_c_h_a_n_n_e_l_s system administrators to logging
│ │ │ │ │ + access statistics
│ │ │ │ │ + information on the name
│ │ │ │ │ + server.
│ │ │ │ │ + Specifies the pathname of
│ │ │ │ │ +_s_t_a_t_i_s_t_i_c_s_-_f_i_l_e the file where the server server, logging
│ │ │ │ │ + appends statistics, when
│ │ │ │ │ + using _r_n_d_c_ _s_t_a_t_s.
│ │ │ │ │ + Directs the logging channel
│ │ │ │ │ +_s_t_d_e_r_r output to the server's logging
│ │ │ │ │ + standard error stream.
│ │ │ │ │ + Specifies the maximum number
│ │ │ │ │ +_s_t_r_e_a_m_s_-_p_e_r_-_c_o_n_n_e_c_t_i_o_n of concurrent HTTP/2 streams server, query
│ │ │ │ │ + over an HTTP/2 connection.
│ │ │ │ │ + Defines trailing bits for
│ │ │ │ │ +_s_u_f_f_i_x mapped IPv4 address bits in query
│ │ │ │ │ + _d_n_s_6_4.
│ │ │ │ │ + Enables support for _RR_FF_CC
│ │ │ │ │ +_s_y_n_t_h_-_f_r_o_m_-_d_n_s_s_e_c _88_11_99_88, Aggressive Use of dnssec
│ │ │ │ │ + DNSSEC-Validated Cache.
│ │ │ │ │ +_s_y_s_l_o_g Directs the logging channel logging
│ │ │ │ │ + to the system log.
│ │ │ │ │ + Sets the timeout value (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +_t_c_p_-_a_d_v_e_r_t_i_s_e_d_-_t_i_m_e_o_u_t server sends in responses query
│ │ │ │ │ + containing the EDNS TCP
│ │ │ │ │ + keepalive option.
│ │ │ │ │ + Specifies the maximum number
│ │ │ │ │ +_t_c_p_-_c_l_i_e_n_t_s of simultaneous client TCP server
│ │ │ │ │ + connections accepted by the
│ │ │ │ │ + server.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ + server waits on an idle TCP
│ │ │ │ │ +_t_c_p_-_i_d_l_e_-_t_i_m_e_o_u_t connection before closing query
│ │ │ │ │ + it, if the EDNS TCP
│ │ │ │ │ + keepalive option is not in
│ │ │ │ │ + use.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +_t_c_p_-_i_n_i_t_i_a_l_-_t_i_m_e_o_u_t server waits on a new TCP server, query
│ │ │ │ │ + connection for the first
│ │ │ │ │ + message from the client.
│ │ │ │ │ +_t_c_p_-_k_e_e_p_a_l_i_v_e Adds EDNS TCP keepalive to server
│ │ │ │ │ + messages sent over TCP.
│ │ │ │ │ + Sets the amount of time (in
│ │ │ │ │ + milliseconds) that the
│ │ │ │ │ +_t_c_p_-_k_e_e_p_a_l_i_v_e_-_t_i_m_e_o_u_t server waits on an idle TCP query
│ │ │ │ │ + connection before closing
│ │ │ │ │ + it, if the EDNS TCP
│ │ │ │ │ + keepalive option is in use.
│ │ │ │ │ +_t_c_p_-_l_i_s_t_e_n_-_q_u_e_u_e Sets the listen-queue depth. server
│ │ │ │ │ +_t_c_p_-_o_n_l_y Sets the transport protocol server
│ │ │ │ │ + to TCP.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_t_c_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for TCP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_t_c_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for TCP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the domain appended to
│ │ │ │ │ +_t_k_e_y_-_d_o_m_a_i_n the names of all shared keys security
│ │ │ │ │ + generated with TKEY.
│ │ │ │ │ + Sets the security credential
│ │ │ │ │ +_t_k_e_y_-_g_s_s_a_p_i_-_c_r_e_d_e_n_t_i_a_l for authentication keys security
│ │ │ │ │ + requested by the GSS-TSIG
│ │ │ │ │ + protocol.
│ │ │ │ │ +_t_k_e_y_-_g_s_s_a_p_i_-_k_e_y_t_a_b Sets the KRB5 keytab file to security
│ │ │ │ │ + use for GSS-TSIG updates.
│ │ │ │ │ +_t_l_s Configures a TLS connection. security
│ │ │ │ │ + Specifies the TCP port
│ │ │ │ │ +_t_l_s_-_p_o_r_t number the server uses to server, query
│ │ │ │ │ + receive and send DNS-over-
│ │ │ │ │ + TLS protocol traffic.
│ │ │ │ │ + Controls whether multiple
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_f_o_r_m_a_t records can be packed into a transfer
│ │ │ │ │ + message during zone
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the uncompressed size
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_m_e_s_s_a_g_e_-_s_i_z_e of DNS messages used in zone transfer
│ │ │ │ │ + transfers over TCP.
│ │ │ │ │ + Defines which local IPv4
│ │ │ │ │ + address(es) are bound to TCP
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e connections used to fetch transfer
│ │ │ │ │ + zones transferred inbound by
│ │ │ │ │ + the server.
│ │ │ │ │ + Defines which local IPv6
│ │ │ │ │ + address(es) are bound to TCP
│ │ │ │ │ +_t_r_a_n_s_f_e_r_-_s_o_u_r_c_e_-_v_6 connections used to fetch transfer
│ │ │ │ │ + zones transferred inbound by
│ │ │ │ │ + the server.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s concurrent inbound zone server
│ │ │ │ │ + transfers from a server.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_i_n concurrent inbound zone transfer
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_o_u_t concurrent outbound zone transfer
│ │ │ │ │ + transfers.
│ │ │ │ │ + Limits the number of
│ │ │ │ │ +_t_r_a_n_s_f_e_r_s_-_p_e_r_-_n_s concurrent inbound zone transfer
│ │ │ │ │ + transfers from a remote
│ │ │ │ │ + server.
│ │ │ │ │ + Instructs _n_a_m_e_d to send
│ │ │ │ │ + specially formed queries
│ │ │ │ │ +_t_r_u_s_t_-_a_n_c_h_o_r_-_t_e_l_e_m_e_t_r_y once per day to domains for dnssec
│ │ │ │ │ + which trust anchors have
│ │ │ │ │ + been configured.
│ │ │ │ │ +_t_r_u_s_t_-_a_n_c_h_o_r_s Defines _D_N_S_S_E_C trust dnssec
│ │ │ │ │ + anchors.
│ │ │ │ │ +_t_r_u_s_t_e_d_-_k_e_y_s deprecated
│ │ │ │ │ + Specifies that BIND 9 should
│ │ │ │ │ +_t_r_y_-_t_c_p_-_r_e_f_r_e_s_h attempt to refresh a zone transfer
│ │ │ │ │ + using TCP if UDP queries
│ │ │ │ │ + fail.
│ │ │ │ │ +_t_y_p_e Specifies the kind of zone zone
│ │ │ │ │ + in a given configuration.
│ │ │ │ │ + Contains forwarding
│ │ │ │ │ +_t_y_p_e_ _f_o_r_w_a_r_d statements that apply to zone
│ │ │ │ │ + queries within a given
│ │ │ │ │ + domain.
│ │ │ │ │ + Contains the initial set of
│ │ │ │ │ +_t_y_p_e_ _h_i_n_t root name servers to be used zone
│ │ │ │ │ + at BIND 9 startup.
│ │ │ │ │ + Contains a DNSSEC-validated
│ │ │ │ │ +_t_y_p_e_ _m_i_r_r_o_r duplicate of the main data zone
│ │ │ │ │ + for a zone.
│ │ │ │ │ +_t_y_p_e_ _p_r_i_m_a_r_y Contains the main copy of zone
│ │ │ │ │ + the data for a zone.
│ │ │ │ │ + Contains information to
│ │ │ │ │ +_t_y_p_e_ _r_e_d_i_r_e_c_t answer queries when normal zone
│ │ │ │ │ + resolution would return
│ │ │ │ │ + NXDOMAIN.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ +_t_y_p_e_ _s_e_c_o_n_d_a_r_y data for a zone that has zone
│ │ │ │ │ + been transferred from a
│ │ │ │ │ + primary server.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ + NS records of a primary
│ │ │ │ │ +_t_y_p_e_ _s_t_a_t_i_c_-_s_t_u_b zone, but statically zone
│ │ │ │ │ + configured rather than
│ │ │ │ │ + transferred from a primary
│ │ │ │ │ + server.
│ │ │ │ │ + Contains a duplicate of the
│ │ │ │ │ +_t_y_p_e_ _s_t_u_b NS records of a primary zone
│ │ │ │ │ + zone.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_u_d_p_-_r_e_c_e_i_v_e_-_b_u_f_f_e_r receive buffer size for UDP server
│ │ │ │ │ + sockets.
│ │ │ │ │ + Sets the operating system's
│ │ │ │ │ +_u_d_p_-_s_e_n_d_-_b_u_f_f_e_r send buffer size for UDP server
│ │ │ │ │ + sockets.
│ │ │ │ │ +_u_n_i_x Specifies a Unix domain obsolete
│ │ │ │ │ + socket as a control channel.
│ │ │ │ │ +_u_p_d_a_t_e_-_c_h_e_c_k_-_k_s_k obsolete
│ │ │ │ │ + Sets fine-grained rules to
│ │ │ │ │ + allow or deny dynamic
│ │ │ │ │ +_u_p_d_a_t_e_-_p_o_l_i_c_y updates (DDNS), based on transfer
│ │ │ │ │ + requester identity, updated
│ │ │ │ │ + content, etc.
│ │ │ │ │ + Specifies the maximum number
│ │ │ │ │ +_u_p_d_a_t_e_-_q_u_o_t_a of concurrent DNS UPDATE server
│ │ │ │ │ + messages that can be
│ │ │ │ │ + processed by the server.
│ │ │ │ │ + Specifies a list of ports
│ │ │ │ │ +_u_s_e_-_v_4_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ + UDP/IPv4 messages.
│ │ │ │ │ + Specifies a list of ports
│ │ │ │ │ +_u_s_e_-_v_6_-_u_d_p_-_p_o_r_t_s that are valid sources for deprecated
│ │ │ │ │ + UDP/IPv6 messages.
│ │ │ │ │ + Indicates the number of
│ │ │ │ │ +_v_6_-_b_i_a_s milliseconds of preference server, query
│ │ │ │ │ + to give to IPv6 name
│ │ │ │ │ + servers.
│ │ │ │ │ + Specifies a list of domain
│ │ │ │ │ +_v_a_l_i_d_a_t_e_-_e_x_c_e_p_t names at and beneath which dnssec
│ │ │ │ │ + DNSSEC validation should not
│ │ │ │ │ + be performed.
│ │ │ │ │ + Specifies the version number
│ │ │ │ │ +_v_e_r_s_i_o_n of the server to return in server
│ │ │ │ │ + response to a version.bind
│ │ │ │ │ + query.
│ │ │ │ │ + Allows a name server to
│ │ │ │ │ +_v_i_e_w answer a DNS query view
│ │ │ │ │ + differently depending on who
│ │ │ │ │ + is asking.
│ │ │ │ │ + Specifies the length of time
│ │ │ │ │ +_w_i_n_d_o_w during which responses are query
│ │ │ │ │ + tracked.
│ │ │ │ │ + Specifies whether to set the
│ │ │ │ │ + time to live (TTL) of the
│ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l SOA record to zero, when server, zone, query
│ │ │ │ │ + returning authoritative
│ │ │ │ │ + negative responses to SOA
│ │ │ │ │ + queries.
│ │ │ │ │ + Sets the time to live (TTL)
│ │ │ │ │ +_z_e_r_o_-_n_o_-_s_o_a_-_t_t_l_-_c_a_c_h_e to zero when caching a server, zone, query
│ │ │ │ │ + negative response to an SOA
│ │ │ │ │ + query.
│ │ │ │ │ +_z_o_n_e Specifies the zone in a BIND zone
│ │ │ │ │ + 9 configuration.
│ │ │ │ │ + Sets the propagation delay
│ │ │ │ │ + from the time a zone is
│ │ │ │ │ +_z_o_n_e_-_p_r_o_p_a_g_a_t_i_o_n_-_d_e_l_a_y first updated to when the dnssec, zone
│ │ │ │ │ + new version of the zone is
│ │ │ │ │ + served by all secondary
│ │ │ │ │ + servers.
│ │ │ │ │ + Controls the level of
│ │ │ │ │ +_z_o_n_e_-_s_t_a_t_i_s_t_i_c_s statistics gathered for all logging, zone
│ │ │ │ │ + zones.
│ │ │ │ │ ********** 88..44.. SSttaatteemmeennttss bbyy TTaagg_? **********
│ │ │ │ │ These tables group the various statements permissible in named.conf by their
│ │ │ │ │ corresponding tag.
│ │ │ │ │ ******** 88..44..11.. DDNNSSSSEECC TTaagg SSttaatteemmeennttss_? ********
│ │ │ │ │ SSttaatteemmeenntt DDeessccrriippttiioonn
│ │ │ │ │ _b_i_n_d_k_e_y_s_-_f_i_l_e Specifies the pathname of a file to override the
│ │ │ │ │ built-in trusted keys provided by _n_a_m_e_d.