Technical References

Sets the amount of time in seconds that the DNS server caches
negative answers if there is no SOA record in the authority
section of the reply.
The presence of an SOA record in the authority section of a
negative overrides this attribute value.
For more details, see IETF RFC2308.
delegation-only-domains dname
Instructs the DNS server to expect a specified zone to
return only delegations to authoritative nameservers
when queried.
Other than records at the domain name itself, the
specified zone must contain only NS records for each each
nameserver to which the subzone is delegated and the zone's
apex SOA record. For example, 'com.' is a domain that should
contain only delegations.
Use this attribute to filter out wildcard or synthesized data
from authoritative nameservers whose undelegated (in-zone) data
is of no interest.
The server enforces the delegation-only nature of the domains on
this list when it examines responses that are not from a
forwarder or resolution exception server. The server converts
non-conforming answers to no-such-name responses. This cannot
be enforced when the answer comes from a forwarder.
exception-forwarding enumint(forward-last=0, forward-first=1, forward-always=2) default = forward-
last
Controls the order (forward-first, forward-last or forward-always)
with which the DNS server will forward a query to a configured
resolution exception.
forward-always - DNS will always forward queries to a configured
exception
forward-first - DNS will first forward queries to a configured
exception and if it doesn't get an answer
before the request expires, it will forward to
cached name servers (if any)
forward-last - DNS will first forward queries to cached name
servers (if any) and if it doesn't get an answer
before the request expires, it will forward the
query to a configured exception
fake-ip-name-response bool default = enabled
Controls whether the DNS server rejects queries of fully
qualified domain names that are in IP address form (for
example, an A record like 192.168.40.40), without even trying
to query (or forward to) other servers. Default is true
(enable).
Enabling this feature causes the server to respond to these
queries indicating the name does not exist. Queries of this
type are generally from rogue applications.
forward-retry-time rangetime(1s-30s) default = 8s