updated apidocs

APIDOCS.md

@@ -1783,6 +1783,32 @@ RESPONSE:
 }
 ```
 
+### List Catalog Zones
+
+Returns a list of Catalog zone names.
+
+URL:\
+`http://localhost:5380/api/zones/catalogs/list?token=x`
+
+PERMISSIONS:\
+Zones: View\
+Zone: View
+
+WHERE:
+- `token`: The session token generated by the `login` or the `createToken` call.
+
+RESPONSE:
+```
+{
+	"response": {
+		"catalogZoneNames": [
+			"catalog1"
+		]
+	},
+	"status": "ok"
+}
+```
+
 ### Create Zone
 
 Creates a new authoritative zone.
@@ -1800,11 +1826,13 @@ Zones: Modify
 WHERE:
 - `token`: The session token generated by the `login` or the `createToken` call.
 - `zone`: The domain name for creating the new zone. The value can be valid domain name, an IP address, or an network address in CIDR format. When value is IP address or network address, a reverse zone is created.
-- `type`: The type of zone to be created. Valid values are [`Primary`, `Secondary`, `Stub`, `Forwarder`].
+- `type`: The type of zone to be created. Valid values are [`Primary`, `Secondary`, `Stub`, `Forwarder`, `SecondaryForwarder`, `Catalog`, `SecondaryCatalog`].
-- `useSoaSerialDateScheme` (optional): Set value to `true` to enable using date scheme for SOA serial. This optional parameter is used only with Primary zone. Default value is `false`.
+- `catalog` (optional): The name of the catalog zone to become its member zone. This option is valid only for `Primary`, `Stub`, and `Forwarder` zones.
-- `primaryNameServerAddresses` (optional): List of comma separated IP addresses of the primary name server. This optional parameter is used only with Secondary and Stub zones. If this parameter is not used, the DNS server will try to recursively resolve the primary name server addresses automatically.
+- `useSoaSerialDateScheme` (optional): Set value to `true` to enable using date scheme for SOA serial. This optional parameter is used only with `Primary` zone. Default value is `false`.
-- `zoneTransferProtocol` (optional): The zone transfer protocol to be used by secondary zones. Valid values are [`Tcp`, `Tls`, `Quic`].
+- `primaryNameServerAddresses` (optional): List of comma separated IP addresses or domain names of the primary name server. This optional parameter is used only with `Secondary`, `SecondaryForwarder`, `SecondaryCatalog`, and `Stub` zones. If this parameter is not used, the DNS server will try to recursively resolve the primary name server addresses automatically for `Secondary` and `Stub` zones. This option is required for `SecondaryForwarder` and `SecondaryCatalog` zones.
-- `tsigKeyName` (optional): The TSIG key name to be used by secondary zones.
+- `zoneTransferProtocol` (optional): The zone transfer protocol to be used by `Secondary`, `SecondaryForwarder`, and `SecondaryCatalog` zones. Valid values are [`Tcp`, `Tls`, `Quic`].
+- `tsigKeyName` (optional): The TSIG key name to be used by `Secondary`, `SecondaryForwarder`, and `SecondaryCatalog` zones.
+- `validateZone` (optional): Set value as `true` to enable ZONEMD validation. When enabled, the `Secondary` zone will be validated using the ZONEMD record after every zone transfer. The zone will get disabled if the validation fails. The zone must be DNSSEC signed for the validation to work. This option is only valid for `Secondary` zones.
 - `protocol` (optional): The DNS transport protocol to be used by the conditional forwarder zone. This optional parameter is used with Conditional Forwarder zones. Valid values are [`Udp`, `Tcp`, `Tls`, `Https`, `Quic`]. Default `Udp` protocol is used when this parameter is missing.
 - `forwarder` (optional): The address of the DNS server to be used as a forwarder. This optional parameter is required to be used with Conditional Forwarder zones. A special value `this-server` can be used as a forwarder which when used will forward all the requests internally to this DNS server such that you can override the zone with records and rest of the zone gets resolved via This Server.
 - `dnssecValidation` (optional): Set this boolean value to indicate if DNSSEC validation must be done. This optional parameter is required to be used with Conditional Forwarder zones.
@@ -2036,6 +2064,7 @@ Zone: View
 WHERE:
 - `token`: The session token generated by the `login` or the `createToken` call.
 - `zone`: The domain name of the zone to get options.
+- `includeAvailableCatalogZoneNames`: Set to `true` to include list of available Catalog zone names on the DNS server.
 - `includeAvailableTsigKeyNames`: Set to `true` to include list of available TSIG key names on the DNS server.
 
 RESPONSE:
@@ -2046,19 +2075,27 @@ RESPONSE:
 		"type": "Primary",
 		"internal": false,
 		"dnssecStatus": "Unsigned",
-		"notifyFailed": false,
+		"notifyFailed": true,
-		"notifyFailedFor": [],
+		"notifyFailedFor": [
+			"192.168.10.5"
+		],
 		"disabled": false,
+		"catalog": "catalog1",
+		"overrideCatalogQueryAccess": false,
+		"overrideCatalogZoneTransfer": false,
+		"overrideCatalogNotify": false,
+		"queryAccess": "Allow",
+		"queryAccessNetworkACL": [],
 		"zoneTransfer": "AllowOnlyZoneNameServers",
-		"zoneTransferNameServers": [],
+		"zoneTransferNetworkACL": [],
 		"zoneTransferTsigKeyNames": [
 			"key.example.com"
 		],
 		"notify": "ZoneNameServers",
 		"notifyNameServers": [],
-		"update": "Allow",
+		"update": "UseSpecifiedNetworkACL",
-		"updateIpAddresses": [
+		"updateNetworkACL": [
-			"192.168.180.129"
+			"192.168.180.0/24"
 		],
 		"updateSecurityPolicies": [
 			{
@@ -2077,8 +2114,12 @@ RESPONSE:
 				]
 			}
 		],
+		"availableCatalogZoneNames": [
+			"catalog1"
+		],
 		"availableTsigKeyNames": [
-			"key.example.com"
+			"key.example.com",
+			"catalog"
 		]
 	},
 	"status": "ok"
@@ -2103,14 +2144,24 @@ WHERE:
 - `token`: The session token generated by the `login` or the `createToken` call.
 - `zone`: The domain name of the zone to set options.
 - `disabled` (optional): Sets if the zone is enabled or disabled.
-- `zoneTransfer` (optional): Sets if the zone allows zone transfer. Valid options are [`Deny`, `Allow`, `AllowOnlyZoneNameServers`, `AllowOnlySpecifiedNameServers`, `AllowBothZoneAndSpecifiedNameServers`]. This option is valid only for Primary and Secondary zones.
+- `catalog` (optional): Set a Catalog zone name to register as its member zone. This option is valid only for `Primary`, `Stub`, and `Forwarder` zones.
-- `zoneTransferNameServers` (optional): A list of comma separated IP or network addresses which should be allowed to perform zone transfer. This list is enabled only when `zoneTransfer` option is set to `AllowOnlySpecifiedNameServers` or `AllowBothZoneAndSpecifiedNameServers`. This option is valid only for Primary and Secondary zones.
+- `overrideCatalogQueryAccess` (optional): Set to `true` to override Query Access option in the Catalog zone. This option is valid only for `Primary`, `Stub`, and `Forwarder` zones.
-- `zoneTransferTsigKeyNames` (optional): A list of comma separated TSIG keys names that are authorized to perform a zone transfer. Set this option to `false` to clear all key names. This option is valid only for Primary and Secondary zones.
+- `overrideCatalogZoneTransfer` (optional): Set to `true` to override Zone Transfer option in the Catalog zone. This option is valid only for `Primary`, and `Forwarder` zones.
-- `notify` (optional): Sets if the DNS server should notify other DNS servers for zone updates. Valid options are [`None`, `ZoneNameServers`, `SpecifiedNameServers`, `BothZoneAndSpecifiedNameServers`]. This option is valid only for Primary and Secondary zones.
+- `overrideCatalogNotify` (optional): Set to `true` to override Notify option in the Catalog zone.  This option is valid only for `Primary`, and `Forwarder` zones.
-- `notifyNameServers` (optional): A list of comma separated IP addresses which should be notified by the DNS server for zone updates. This list is used only when `notify` option is set to `SpecifiedNameServers` or `BothZoneAndSpecifiedNameServers`. This option is valid only for Primary and Secondary zones.
+- `primaryNameServerAddresses` (optional): List of comma separated IP addresses or domain names of the primary name server. This optional parameter is used only with `Secondary`, `SecondaryForwarder`, `SecondaryCatalog`, and `Stub` zones. If this parameter is not used, the DNS server will try to recursively resolve the primary name server addresses automatically for `Secondary` and `Stub` zones. This option is required for `SecondaryForwarder` and `SecondaryCatalog` zones.
-- `update` (optional): Sets if the DNS server should allow dynamic updates (RFC 2136). This option is valid only for Primary, Secondary and Forwarder zones. Valid options for Primary zones are [`Deny`, `Allow`, `AllowOnlyZoneNameServers`, `AllowOnlySpecifiedIpAddresses`, `AllowBothZoneNameServersAndSpecifiedIpAddresses`]. Valid options for Secondary and Forwarder zones are [`Deny`, `Allow`, `AllowOnlySpecifiedIpAddresses`].
+- `primaryZoneTransferProtocol `(optional): The zone transfer protocol to be used by `Secondary`, `SecondaryForwarder`, and `SecondaryCatalog` zones. Valid values are [`Tcp`, `Tls`, `Quic`].
-- `updateIpAddresses` (optional): A list of comma separated IP or network addresses which should be allowed to perform dynamic updates. This list is enabled only when `update` option is set to `AllowOnlySpecifiedIpAddresses` or `AllowBothZoneNameServersAndSpecifiedIpAddresses`. This option is valid only for Primary, Secondary and Forwarder zones.
+- `primaryZoneTransferTsigKeyName` (optional): The TSIG key name to be used by `Secondary`, `SecondaryForwarder`, and `SecondaryCatalog` zones for zone transfer.
-- `updateSecurityPolicies` (optional): A pipe `|` separated table data of security policies with each row containing the TSIG keys name, domain name, and comma separated record types that are allowed. Use wildcard domain name to specify all sub domain names. Set this option to `false` to clear all security policies and stop TSIG authentication. This option is valid only for Primary and Forwarder zones.
+- `validateZone`: (optional): Set value as `true` to enable ZONEMD validation. When enabled, the `Secondary` zone will be validated using the ZONEMD record after every zone transfer. The zone will get disabled if the validation fails. The zone must be DNSSEC signed for the validation to work. This option is only valid for `Secondary` zones.
+- `queryAccess` (optional): Valid options are [`Deny`, `Allow`, `AllowOnlyPrivateNetworks`, `AllowOnlyZoneNameServers`, `UseSpecifiedNetworkACL`, `AllowZoneNameServersAndUseSpecifiedNetworkACL`].
+- `queryAccessNetworkACL` (optional): A comma separated Access Control List (ACL) of Network Access Control (NAC) entry. NAC is an IP address or network address to allow. Add `!` at the start of the NAC to deny access. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Set this parameter to `false` to remove existing values. This option is valid for all zones except `SecondaryCatalog` zone and only when `queryAccess` is set to `UseSpecifiedNetworkACL` or `AllowZoneNameServersAndUseSpecifiedNetworkACL`.
+- `zoneTransfer` (optional): Sets if the zone allows zone transfer. Valid options are [`Deny`, `Allow`, `AllowOnlyZoneNameServers`, `UseSpecifiedNetworkACL`, `AllowZoneNameServersAndUseSpecifiedNetworkACL`]. This option is valid only for Primary and Secondary zones.
+- `zoneTransferNetworkACL` (optional): A comma separated Access Control List (ACL) of Network Access Control (NAC) entry. NAC is an IP address or network address to allow. Add `!` at the start of the NAC to deny access. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all. Set this parameter to `false` to remove existing values. This option is valid only for `Primary`, `Secondary`, `Forwarder`, and `Catalog` zones and only when `zoneTransfer` is set to `UseSpecifiedNetworkACL` or `AllowZoneNameServersAndUseSpecifiedNetworkACL`.
+- `zoneTransferTsigKeyNames` (optional): A list of comma separated TSIG keys names that are authorized to perform a zone transfer. Set this option to `false` to clear all key names. This option is valid only for `Primary`, `Secondary`, `Forwarder`, and `Catalog` zones.
+- `notify` (optional): Sets if the DNS server should notify other DNS servers for zone updates. Valid options for `Primary` and `Secondary` zones are [`None`, `ZoneNameServers`, `SpecifiedNameServers`, `BothZoneAndSpecifiedNameServers`]. Valid options for `Forwarder` and `Catalog` zones are [`None`, `SpecifiedNameServers`]. This option is valid only for `Primary`, `Secondary`, `Forwarder`, and `Catalog` zones.
+- `notifyNameServers` (optional): A list of comma separated IP addresses which should be notified by the DNS server for zone updates. This list is used only when `notify` option is set to `SpecifiedNameServers` or `BothZoneAndSpecifiedNameServers`. This option is valid only for `Primary`, `Secondary`, `Forwarder`, and `Catalog` zones.
+- `update` (optional): Sets if the DNS server should allow dynamic updates (RFC 2136). This option is valid only for `Primary`, `Secondary`, and `Forwarder` zones. Valid options for `Primary` zones are [`Deny`, `Allow`, `AllowOnlyZoneNameServers`, `UseSpecifiedNetworkACL`, `AllowZoneNameServersAndUseSpecifiedNetworkACL`]. Valid options for `Secondary` and `Forwarder` zones are [`Deny`, `Allow`, `UseSpecifiedNetworkACL`].
+- `updateNetworkACL` (optional): A comma separated Access Control List (ACL) of Network Access Control (NAC) entry. NAC is an IP address or network address to allow. Add `!` at the start of the NAC to deny access. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all. Set this parameter to `false` to remove existing values. This option is valid only for `Primary`, `Secondary`, and `Forwarder` zones and only when `update` is set to `UseSpecifiedNetworkACL` or `AllowZoneNameServersAndUseSpecifiedNetworkACL`.
+- `updateSecurityPolicies` (optional): A pipe `|` separated table data of security policies with each row containing the TSIG keys name, domain name, and comma separated record types that are allowed. Use wildcard domain name to specify all sub domain names. Set this option to `false` to clear all security policies and stop TSIG authentication. This option is valid only for `Primary` and `Forwarder` zones.
 
 RESPONSE:
 ```
@@ -2677,6 +2728,7 @@ WHERE:
 - `ttl` (optional): The DNS resource record TTL value. This is the value in seconds that the DNS resolvers can cache the record for. When not specified the default TTL value from settings will be used.
 - `overwrite` (optional): This option when set to `true` will overwrite existing resource record set for the selected `type` with the new record. Default value of `false` will add the new record into existing resource record set.
 - `comments` (optional): Sets comments for the added resource record.
+- `expiryTtl` (optional): Set to automatically delete the record when the value in seconds elapses since the record’s last modified time.
 - `ipAddress` (optional): The IP address for adding `A` or `AAAA` record. A special value of `request-ip-address` can be used to set the record with the IP address of the API HTTP request to help with dynamic DNS update applications. This option is required and used only for `A` and `AAAA` records.
 - `ptr` (optional): Set this option to `true` to add a reverse PTR record for the IP address in the `A` or `AAAA` record. This option is used only for `A` and `AAAA` records.
 - `createPtrZone` (optional): Set this option to `true` to create a reverse zone for PTR record. This option is used for `A` and `AAAA` records.
@@ -2689,6 +2741,8 @@ WHERE:
 - `preference` (optional): This is the preference value for `MX` record type. This option is required for adding `MX` record.
 - `text` (optional): The text data for `TXT` record. This option is required for adding `TXT` record.
 - `splitText` (optional): Set to `true` for using new line char to split text into multiple character-strings for adding `TXT` record.
+- `mailbox` (optional): Set an email address for adding `RP` record.
+- `txtDomain` (optional): Set a `TXT` record's domain name for adding `RP` record.
 - `priority` (optional): This parameter is required for adding the `SRV` record.
 - `weight` (optional): This parameter is required for adding the `SRV` record.
 - `port` (optional): This parameter is required for adding the `SRV` record.
@@ -2704,7 +2758,7 @@ WHERE:
 - `algorithm` (optional): Valid values are [`RSAMD5`, `DSA`, `RSASHA1`, `DSA-NSEC3-SHA1`, `RSASHA1-NSEC3-SHA1`, `RSASHA256`, `RSASHA512`, `ECC-GOST`, `ECDSAP256SHA256`, `ECDSAP384SHA384`, `ED25519`, `ED448`]. This parameter is required for adding `DS` record.
 - `digestType` (optional): Valid values are [`SHA1`, `SHA256`, `GOST-R-34-11-94`, `SHA384`]. This parameter is required for adding `DS` record.
 - `digest` (optional): A hex string value. This parameter is required for adding `DS` record.
-- `sshfpAlgorithm` (optional): Valid values are [`RSA`, DSA`, `ECDSA`, `Ed25519`, `Ed448`]. This parameter is required for adding `SSHFP` record.
+- `sshfpAlgorithm` (optional): Valid values are [`RSA`, `DSA`, `ECDSA`, `Ed25519`, `Ed448`]. This parameter is required for adding `SSHFP` record.
 - `sshfpFingerprintType` (optional): Valid values are [`SHA1`, `SHA256`]. This parameter is required for adding `SSHFP` record.
 - `sshfpFingerprint` (optional): A hex string value. This parameter is required for adding `SSHFP` record.
 - `tlsaCertificateUsage` (optional): Valid values are [`PKIX-TA`, `PKIX-EE`, `DANE-TA`, `DANE-EE`]. This parameter is required for adding `TLSA` record.
@@ -2725,6 +2779,7 @@ WHERE:
 - `aname` (optional): The ANAME domain name. This option is required for adding `ANAME` record.
 - `protocol` (optional): This parameter is required for adding the `FWD` record. Valid values are [`Udp`, `Tcp`, `Tls`, `Https`, `Quic`].
 - `forwarder` (optional): The forwarder address. A special value of `this-server` can be used to directly forward requests internally to the DNS server. This parameter is required for adding the `FWD` record.
+- `forwarderPriority` (optional): Set an integer priority value for adding the `FWD` record. Forwarders with high priority (lower value) will be queried before trying for low priority forwarders. Forwarders with the same priority will be concurrently queried.
 - `dnssecValidation` (optional): Set this boolean value to indicate if DNSSEC validation must be done. This optional parameter is to be used with FWD records. Default value is `false`.
 - `proxyType` (optional): The type of proxy that must be used for conditional forwarding. This optional parameter is to be used with FWD records. Valid values are [`NoProxy`, `DefaultProxy`, `Http`, `Socks5`]. Default value `DefaultProxy` is used when this parameter is missing.
 - `proxyAddress` (optional): The proxy server address to use when `proxyType` is configured. This optional parameter is to be used with FWD records.
@@ -3325,6 +3380,7 @@ WHERE:
 - `ttl` (optional): The TTL value of the resource record. Default value of `3600` is used when parameter is missing.
 - `disable` (optional): Specifies if the record should be disabled. The default value is `false` when this parameter is missing.
 - `comments` (optional): Sets comments for the updated resource record.
+- `expiryTtl` (optional): Set to automatically delete the record when the value in seconds elapses since the record’s last modified time.
 - `ipAddress` (optional): The current IP address in the `A` or `AAAA` record. This parameter is required when updating `A` or `AAAA` record.
 - `newIpAddress` (optional): The new IP address in the `A` or `AAAA` record. This parameter when missing will use the current value in the record.
 - `ptr` (optional): Set this option to `true` to specify if the PTR record associated with the `A` or `AAAA` record must also be updated. This option is used only for `A` and `AAAA` records.
@@ -3341,9 +3397,6 @@ WHERE:
 - `retry` (optional): This is the retry parameter in the SOA record. This parameter is required when updating the SOA record.
 - `expire` (optional): This is the expire parameter in the SOA record. This parameter is required when updating the SOA record.
 - `minimum` (optional): This is the minimum parameter in the SOA record. This parameter is required when updating the SOA record.
-- `primaryAddresses` (optional): This is a comma separated list of IP addresses of the primary name server. This parameter is to be used with secondary and stub zones where the primary name server address is not directly resolvable.
-- `zoneTransferProtocol` (optional): The zone transfer protocol to be used by the secondary zone. Valid values are [`Tcp`, `Tls`, `Quic`]. This parameter is used with `SOA` record.
-- `tsigKeyName` (optional): The TSIG key name to be used by the secondary zone. This parameter is used with `SOA` record.
 - `ptrName`(optional): The current PTR domain name. This option is required for updating `PTR` record.
 - `newPtrName`(optional): The new PTR domain name. This option is required for updating `PTR` record.
 - `preference` (optional): The current preference value in an MX record. This parameter when missing will default to `1` value. This parameter is used only when updating `MX` record.
@@ -3354,6 +3407,10 @@ WHERE:
 - `newText` (optional): The new text value. This option is required for updating `TXT` record.
 - `splitText` (optional): The current split text value. This option is used for updating `TXT` record and is set to `false` when unspecified.
 - `newSplitText` (optional): The new split text value. This option is used for updating `TXT` record and is set to current split text value when unspecified.
+- `mailbox` (optional): The current email address value. This option is required for updating `RP` record.
+- `newMailbox` (optional): The new email address value. This option is used for updating `RP` record and is set to the current value when unspecified.
+- `txtDomain` (optional): The current TXT record's domain name value. This option is required for updating `RP` record.
+- `newTxtDomain` (optional). The new TXT record's domain name value. This option is used for updating `RP` record and is set to the current value when unspecified.
 - `priority` (optional): This is the current priority in the SRV record. This parameter is required when updating the `SRV` record.
 - `newPriority` (optional): This is the new priority in the SRV record. This parameter when missing will use the old value. This parameter is used when updating the `SRV` record.
 - `weight` (optional): This is the current weight in the SRV record. This parameter is required when updating the `SRV` record.
@@ -3423,6 +3480,7 @@ WHERE:
 - `newProtocol` (optional): This is the new protocol value in the `FWD` record. Valid values are [`Udp`, `Tcp`, `Tls`, `Https`, `Quic`]. This parameter is optional and default value `Udp` will be used when updating the `FWD` record.
 - `forwarder` (optional): The current forwarder address. This parameter is required when updating the `FWD` record.
 - `newForwarder` (optional): The new forwarder address. This parameter is required when updating the `FWD` record.
+- `forwarderPriority` (optional): The current forwarder priority value. This optional parameter is to be used with `FWD` record. When unspecified, the default value of `0` will be used.
 - `dnssecValidation` (optional): Set this boolean value to indicate if DNSSEC validation must be done. This optional parameter is to be used with FWD records. Default value is `false`.
 - `proxyType` (optional): The type of proxy that must be used for conditional forwarding. This optional parameter is to be used with FWD records. Valid values are [`NoProxy`, `DefaultProxy`, `Http`, `Socks5`]. Default value `DefaultProxy` is used when this parameter is missing.
 - `proxyAddress` (optional): The proxy server address to use when `proxyType` is configured. This optional parameter is to be used with FWD records.
@@ -3496,6 +3554,8 @@ WHERE:
 - `exchange` (optional): This parameter is required when deleting `MX` record.
 - `text` (optional): This parameter is required when deleting `TXT` record.
 - `splitText` (optional): This parameter is used when deleting `TXT` record. Default value is set to `false` when unspecified.
+- `mailbox` (optional): Set an email address for deleting `RP` record.
+- `txtDomain` (optional): Set a `TXT` record's domain name for deleting `RP` record.
 - `priority` (optional): This parameter is required when deleting the `SRV` record.
 - `weight` (optional): This parameter is required when deleting the `SRV` record.
 - `port` (optional): This parameter is required when deleting the `SRV` record.
@@ -4466,8 +4526,8 @@ RESPONSE:
 ```
 {
 	"response": {
-		"version": "12.2",
+		"version": "13.0",
-		"uptimestamp": "2024-05-19T10:44:24.950017Z",
+		"uptimestamp": "2024-09-14T14:04:54.224926Z",
 		"dnsServerDomain": "server1",
 		"dnsServerLocalEndPoints": [
 			"0.0.0.0:53",
@@ -4521,6 +4581,7 @@ RESPONSE:
 		"enableDnsOverHttp": false,
 		"enableDnsOverTls": false,
 		"enableDnsOverHttps": false,
+		"enableDnsOverHttp3": false,
 		"enableDnsOverQuic": false,
 		"dnsOverUdpProxyPort": 538,
 		"dnsOverTcpProxyPort": 538,
@@ -4538,13 +4599,13 @@ RESPONSE:
 			}
 		],
 		"recursion": "AllowOnlyForPrivateNetworks",
-		"recursionDeniedNetworks": [],
+		"recursionNetworkACL": [],
-		"recursionAllowedNetworks": [],
+		"randomizeName": false,
-		"randomizeName": true,
 		"qnameMinimization": true,
 		"nsRevalidation": false,
 		"resolverRetries": 2,
 		"resolverTimeout": 1500,
+		"resolverConcurrency": 2,
 		"resolverMaxStackCount": 16,
 		"saveCache": true,
 		"serveStale": true,
@@ -4577,6 +4638,7 @@ RESPONSE:
 		"proxy": null,
 		"forwarders": null,
 		"forwarderProtocol": "Udp",
+		"concurrentForwarding": true,
 		"forwarderRetries": 3,
 		"forwarderTimeout": 2000,
 		"forwarderConcurrency": 2,
@@ -4664,14 +4726,14 @@ WHERE:
 - `dnsTlsCertificatePath` (optional): Specify a PKCS #12 certificate (.pfx) file path on the server. The certificate must contain private key. This certificate is used by the DNS-over-TLS and DNS-over-HTTPS optional protocols.
 - `dnsTlsCertificatePassword` (optional): Enter the certificate (.pfx) password, if any.
 - `tsigKeys` (optional): A pipe `|` separated multi row list of TSIG key name, shared secret, and algorithm. Set this parameter to `false` to remove all existing keys. Supported algorithms are [`hmac-md5.sig-alg.reg.int`, `hmac-sha1`, `hmac-sha256`, `hmac-sha256-128`, `hmac-sha384`, `hmac-sha384-192`, `hmac-sha512`, `hmac-sha512-256`].
-- `recursion` (optional): Sets the recursion policy for the DNS server. Valid values are [`Deny`, `Allow`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworks`].
+- `recursion` (optional): Sets the recursion policy for the DNS server. Valid values are [`Deny`, `Allow`, `AllowOnlyForPrivateNetworks`, `UseSpecifiedNetworkACL`].
-- `recursionDeniedNetworks` (optional): A comma separated list of network addresses in CIDR format that must be denied recursion. Set this parameter to `false` to remove existing values. These values are only used when `recursion` is set to `UseSpecifiedNetworks`.
+- `recursionNetworkACL` (optional): A comma separated Access Control List (ACL) of Network Access Control (NAC) entry. NAC is an IP address or network address to allow. Add `!` at the start of the NAC to deny access. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Set this parameter to `false` to remove existing values. These values are only used when `recursion` is set to `UseSpecifiedNetworkACL`.
-- `recursionAllowedNetworks` (optional): A comma separated list of network addresses in CIDR format that must be allowed recursion. Set this parameter to `false` to remove existing values. These values are only used when `recursion` is set to `UseSpecifiedNetworks`.
 - `randomizeName` (optional): Enables QNAME randomization [draft-vixie-dnsext-dns0x20-00](https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00) when using UDP as the transport protocol. Initial value is `true`.
 - `qnameMinimization` (optional): Enables QNAME minimization [draft-ietf-dnsop-rfc7816bis-04](https://tools.ietf.org/html/draft-ietf-dnsop-rfc7816bis-04) when doing recursive resolution. Initial value is `true`.
 - `nsRevalidation` (optional): Enables [draft-ietf-dnsop-ns-revalidation](https://datatracker.ietf.org/doc/draft-ietf-dnsop-ns-revalidation/) for recursive resolution. Initial value is `true`.
 - `resolverRetries` (optional): The number of retries that the recursive resolver must do.
 - `resolverTimeout` (optional): The timeout value in milliseconds for the recursive resolver.
+- `resolverConcurrency` (optional): The number of concurrent requests that should be sent by the recursive resolver to the name servers.
 - `resolverMaxStackCount` (optional): The max stack count that the recursive resolver must use.
 - `saveCache` (optional): Enable this option to save DNS cache on disk when the DNS server stops. The saved cache will be loaded next time the DNS server starts.
 - `serveStale` (optional): Enable the serve stale feature to improve resiliency by using expired or stale records in cache when the DNS server is unable to reach the upstream or authoritative name servers. Initial value is `true`.
@@ -4702,6 +4764,7 @@ WHERE:
 - `proxyBypass` (optional): A comma separated bypass list consisting of IP addresses, network addresses in CIDR format, or host/domain names to never use proxy for.
 - `forwarders` (optional): A comma separated list of forwarders to be used by this DNS server. Set this parameter to `false` string to remove existing forwarders so that the DNS server does recursive resolution by itself.
 - `forwarderProtocol` (optional): The forwarder DNS transport protocol to be used. Valid values are [`Udp`, `Tcp`, `Tls`, `Https`, `Quic`].
+- `concurrentForwarding` (optional): Set this option to `true` to allow querying two or more forwarders concurrently instead of sequentially querying them in their given order. The DNS server will automatically select forwarders (based on their average latency) to query and use the fastest response it receives from any of them. If none of the selected forwarders respond in time, the DNS server will similarly select forwarders from the remaining ones and queries them till all are tried before giving up.
 - `forwarderRetries` (optional): The number of retries that the forwarder DNS client must do.
 - `forwarderTimeout` (optional): The timeout value in milliseconds for the forwarder DNS client.
 - `forwarderConcurrency` (optional): The number of concurrent requests that the forwarder DNS client should do.