diff --git a/.gitea/workflows/test.yaml b/.gitea/workflows/test.yaml
new file mode 100644
index 0000000..ef09de8
--- /dev/null
+++ b/.gitea/workflows/test.yaml
@@ -0,0 +1,63 @@
+---
+name: Test
+
+on:  # noqa: yaml[truthy]
+  push:
+    branches:
+      - main
+      - feature/**
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install tools
+        run: |
+          pip install --no-cache-dir yamllint ansible-lint
+
+      - name: Run yamllint
+        run: yamllint -d relaxed .
+
+      - name: Run ansible-lint
+        run: ansible-lint --strict --profile=production
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    needs: lint
+    if: github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install podman
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y podman
+
+      - name: Install dependencies
+        run: |
+          pip install --no-cache-dir \
+            ansible \
+            molecule[podman] \
+            podman-compose \
+            pyyaml \
+            jinja2
+
+      - name: Run Molecule tests
+        run: molecule test
diff --git a/CONFIGURATION_GRAMMAR.md b/CONFIGURATION_GRAMMAR.md
index 2c8442a..211a80f 100644
--- a/CONFIGURATION_GRAMMAR.md
+++ b/CONFIGURATION_GRAMMAR.md
@@ -458,6 +458,7 @@ options:
     - <address>
     - address: <address>
       port: <port>
+      tls: <tls_name>
   
   # DNSSEC
   dnssec_enable: <bool>                 # DEPRECATED in 9.15+
@@ -540,6 +541,19 @@ options:
   # Logging
   querylog: <bool>
   
+  # DNSTAP - DNS traffic capture
+  dnstap:                               # List of message types to capture
+    - type: <auth|client|forwarder|resolver>  # Message type (required)
+      log: <query|response>             # Optional: specific direction
+  dnstap_output:                        # Output destination (required if dnstap is set)
+    output_type: <file|unix>            # Output type: file or unix socket (required)
+    output_file: <path>                 # File path or socket path (required)
+    size: <size>                        # Optional: Max file size before rotation
+    versions: <integer>                 # Optional: Number of versions to keep
+    suffix: <increment|timestamp>       # Optional: Rotation suffix type
+  dnstap_identity: <string>             # Optional: Identity string (defaults to hostname)
+  dnstap_version: <string>              # Optional: Version string (defaults to BIND version)
+  
   # Zone management
   check_names: <master|slave|response> <warn|fail|ignore>
   check_dup_records: <warn|fail|ignore>
@@ -593,7 +607,8 @@ options:
     
     forwarders:
       - 1.1.1.1
-      - 8.8.8.8
+      - address: 8.8.8.8
+        tls: dot-tls
     
     dnssec_validation: auto
     
@@ -917,6 +932,7 @@ zones:
       - <address>
       - address: <address>
         port: <port>
+        tls: <tls_name>
     
     # DNSSEC
     dnssec_policy: <policy_name>  # DNSSEC policy to use
@@ -1017,7 +1033,8 @@ zones:
       forward: only
       forwarders:
         - 10.0.0.1
-        - 10.0.0.2
+        - address: 10.0.0.2
+          tls: internal-tls
 ```
 
 ---
@@ -1079,9 +1096,9 @@ addresses:
   - 10.0.0.0/8
 ```
 
-### Address with Port/DSCP
+### Address with Port/TLS
 
-For options accepting `address [port X] [dscp Y]`:
+For options accepting `address [port X] [tls Y]` (e.g., `forwarders`):
 
 ```yaml
 # Simple list
@@ -1089,27 +1106,28 @@ forwarders:
   - 1.1.1.1
   - 8.8.8.8
 
-# With source port/dscp
+# With global port/tls
 forwarders:
-  port: 5353
-  dscp: 46
+  port: 853
+  tls: dot-tls
   addresses:
     - 1.1.1.1
     - 8.8.8.8
 
-# Per-address port/dscp
+# Per-address port/tls
 forwarders:
   - address: 1.1.1.1
     port: 53
   - address: 8.8.8.8
-    port: 5353
-    dscp: 46
+    port: 853
+    tls: cloudflare-tls
 
 # Mixed format
 forwarders:
   - 1.1.1.1
   - address: 8.8.8.8
-    port: 5353
+    port: 853
+    tls: dot-tls
 ```
 
 ### Address with Key/TLS
diff --git a/README.md b/README.md
index 8330195..9491dee 100644
--- a/README.md
+++ b/README.md
@@ -126,38 +126,43 @@ Simple options are defined just as that.
 ```
 
 Some options have several optional parameters. For those, a somewhat flexible 
-configuration format has been created
+configuration format has been created. Common patterns include:
+
+- **Address with Port/DSCP**: Used by options like `primaries`, `parental_agents` (e.g., `address [ port <port> ] [ dscp <dscp> ]`)
+- **Address with Port/TLS**: Used by options like `forwarders` (e.g., `address [ port <port> ] [ tls <tls> ]`)
+
 ```
-      IP_PORT_DSCP_OPTION: # Any option that is defined as one of:
-      #  <option> [ port <port> ] [ dscp <dscp> ] { <address> [ port <port> ] [ dscp <dscp> ]; ... }
-      #  <option> [ port <port> ] [ dscp <dscp> ] { <address> [ port <port> ] [ key <key> ] [ tls <tls> ]; ... }
+      ADDRESS_PORT_TLS_OPTION: # Example: forwarders option
+      # <option> [ port <port> ] [ tls <tls> ] { <address> [ port <port> ] [ tls <tls> ]; ... }
       # has a few optional syntaxes 
       # Example 1: Simple address list
         - ADDRESS1
         - ADDRESS2
-      # Example 2: To define source port/dscp, use 'addresses' sub-element
+      # Example 2: To define global port/tls, use 'addresses' sub-element
         [ port: PORT ]
-        [ dscp: DSCP ]
+        [ tls: TLS_NAME ]
         addresses:
           - ADDRESS1
           - ADDRESS2
           - 127.0.0.1
-      # Example 3: To define target port/dscp, use 'addresses' as a list of dicts
+      # Example 3: To define per-address port/tls, use 'addresses' as a list of dicts
         addresses:
           - address: ADDRESS
             [ port: PORT ]
-            [ dscp: DSCP ]
+            [ tls: TLS_NAME ]
           - address: 127.0.0.1
             port: 53
           - address: 127.0.0.1
-            dscp: 42
-          - address: 127.0.0.1
-            port: 5353
-            dscp: 42
+            port: 853
+            tls: dot-tls
+          - address: 8.8.8.8
+            port: 853
+            tls: google-tls
       # Example 4: The various formats can be mixed and matched within the main element
         - ADDRESS1
         - address: ADDRESS2
           port: PORT
+          tls: TLS_NAME
 ```
 
 
diff --git a/bind9-grammar/forward.zoneopt.json b/bind9-grammar/forward.zoneopt.json
new file mode 100644
index 0000000..2fcf4c2
--- /dev/null
+++ b/bind9-grammar/forward.zoneopt.json
@@ -0,0 +1,19 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "forward"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "template": {
+                "_grammar": "<string>"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/hint.zoneopt.json b/bind9-grammar/hint.zoneopt.json
new file mode 100644
index 0000000..a88c3ad
--- /dev/null
+++ b/bind9-grammar/hint.zoneopt.json
@@ -0,0 +1,19 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "hint"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "template": {
+                "_grammar": "<string>"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/in-view.zoneopt.json b/bind9-grammar/in-view.zoneopt.json
new file mode 100644
index 0000000..70bfa3a
--- /dev/null
+++ b/bind9-grammar/in-view.zoneopt.json
@@ -0,0 +1,10 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "in-view": {
+                "_grammar": "<string>"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/mirror.zoneopt.json b/bind9-grammar/mirror.zoneopt.json
new file mode 100644
index 0000000..519cdc2
--- /dev/null
+++ b/bind9-grammar/mirror.zoneopt.json
@@ -0,0 +1,171 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "mirror"
+            },
+            "allow-notify": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-transfer": {
+                "_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
+            },
+            "allow-update-forwarding": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "also-notify": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "database": {
+                "_grammar": "<string>"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "ixfr-from-differences": {
+                "_grammar": "<boolean>"
+            },
+            "journal": {
+                "_grammar": "<quoted_string>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-ixfr-ratio": {
+                "_grammar": "( unlimited | <percentage> )"
+            },
+            "max-journal-size": {
+                "_grammar": "( default | unlimited | <sizeval> )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-out": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-out": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "notify": {
+                "_grammar": "( explicit | master-only | primary-only | <boolean> )"
+            },
+            "notify-cfg": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "notify": {
+                        "_grammar": "<boolean>"
+                    },
+                    "notify-defer": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-delay": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    }
+                }
+            },
+            "notify-defer": {
+                "_grammar": "<integer>"
+            },
+            "notify-delay": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "plugin": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+            },
+            "primaries": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "provide-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "request-expire": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr-max-diffs": {
+                "_grammar": "<integer>"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "try-tcp-refresh": {
+                "_grammar": "<boolean>"
+            },
+            "zero-no-soa-ttl": {
+                "_grammar": "<boolean>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/options.json b/bind9-grammar/options.json
new file mode 100644
index 0000000..3d75ceb
--- /dev/null
+++ b/bind9-grammar/options.json
@@ -0,0 +1,2315 @@
+{
+    "acl": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_grammar": "<string> { <address_match_element>; ... }"
+    },
+    "controls": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_mapbody": {
+            "inet": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]"
+            },
+            "unix": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]"
+            }
+        }
+    },
+    "dlz": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "database": {
+                "_grammar": "<string>"
+            },
+            "search": {
+                "_grammar": "<boolean>"
+            }
+        }
+    },
+    "dnssec-policy": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "cdnskey": {
+                "_grammar": "<boolean>"
+            },
+            "cds-digest-types": {
+                "_grammar": "{ <string>; ... }"
+            },
+            "dnskey-ttl": {
+                "_grammar": "<duration>"
+            },
+            "inline-signing": {
+                "_grammar": "<boolean>"
+            },
+            "keys": {
+                "_grammar": "{ ( csk | ksk | zsk ) [ key-directory | key-store <string> ] lifetime <duration_or_unlimited> algorithm <string> [ tag-range <integer> <integer> ] [ <integer> ]; ... }"
+            },
+            "manual-mode": {
+                "_grammar": "<boolean>"
+            },
+            "max-zone-ttl": {
+                "_grammar": "<duration>"
+            },
+            "nsec3param": {
+                "_grammar": "[ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ]"
+            },
+            "offline-ksk": {
+                "_grammar": "<boolean>"
+            },
+            "parent-ds-ttl": {
+                "_grammar": "<duration>"
+            },
+            "parent-propagation-delay": {
+                "_grammar": "<duration>"
+            },
+            "publish-safety": {
+                "_grammar": "<duration>"
+            },
+            "purge-keys": {
+                "_grammar": "<duration>"
+            },
+            "retire-safety": {
+                "_grammar": "<duration>"
+            },
+            "signatures-jitter": {
+                "_grammar": "<duration>"
+            },
+            "signatures-refresh": {
+                "_grammar": "<duration>"
+            },
+            "signatures-validity": {
+                "_grammar": "<duration>"
+            },
+            "signatures-validity-dnskey": {
+                "_grammar": "<duration>"
+            },
+            "zone-propagation-delay": {
+                "_grammar": "<duration>"
+            }
+        }
+    },
+    "dyndb": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_grammar": "<string> <quoted_string> { <unspecified-text> }"
+    },
+    "http": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "endpoints": {
+                "_grammar": "{ <quoted_string>; ... }"
+            },
+            "listener-clients": {
+                "_grammar": "<integer>"
+            },
+            "streams-per-connection": {
+                "_grammar": "<integer>"
+            }
+        }
+    },
+    "key": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "algorithm": {
+                "_grammar": "<string>"
+            },
+            "secret": {
+                "_grammar": "<string>"
+            }
+        }
+    },
+    "key-store": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "directory": {
+                "_grammar": "<string>"
+            },
+            "pkcs11-uri": {
+                "_grammar": "<quoted_string>"
+            }
+        }
+    },
+    "logging": {
+        "_mapbody": {
+            "category": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string> { <string>; ... }"
+            },
+            "channel": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "buffered": {
+                        "_grammar": "<boolean>"
+                    },
+                    "file": {
+                        "_grammar": "<quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ]"
+                    },
+                    "null": {
+                        "_grammar": ""
+                    },
+                    "print-category": {
+                        "_grammar": "<boolean>"
+                    },
+                    "print-severity": {
+                        "_grammar": "<boolean>"
+                    },
+                    "print-time": {
+                        "_grammar": "( iso8601 | iso8601-utc | iso8601-tzinfo | local | <boolean> )"
+                    },
+                    "severity": {
+                        "_grammar": "<log_severity>"
+                    },
+                    "stderr": {
+                        "_grammar": ""
+                    },
+                    "syslog": {
+                        "_grammar": "[ <syslog_facility> ]"
+                    }
+                }
+            }
+        }
+    },
+    "options": {
+        "_mapbody": {
+            "allow-new-zones": {
+                "_grammar": "<boolean>"
+            },
+            "allow-notify": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-proxy": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-proxy-on": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-cache": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-cache-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-recursion": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-recursion-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-transfer": {
+                "_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
+            },
+            "allow-update": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-update-forwarding": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "also-notify": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "answer-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "attach-cache": {
+                "_grammar": "<string>"
+            },
+            "auth-nxdomain": {
+                "_grammar": "<boolean>"
+            },
+            "automatic-interface-scan": {
+                "_grammar": "<boolean>"
+            },
+            "blackhole": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "catalog-zones": {
+                "_grammar": "{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... }"
+            },
+            "check-dup-records": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-integrity": {
+                "_grammar": "<boolean>"
+            },
+            "check-mx": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-mx-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-names": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( primary | master | secondary | slave | response ) ( fail | warn | ignore )"
+            },
+            "check-sibling": {
+                "_grammar": "<boolean>"
+            },
+            "check-spf": {
+                "_grammar": "( warn | ignore )"
+            },
+            "check-srv-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-svcb": {
+                "_grammar": "<boolean>"
+            },
+            "check-wildcard": {
+                "_grammar": "<boolean>"
+            },
+            "clients-per-query": {
+                "_grammar": "<integer>"
+            },
+            "cookie-algorithm": {
+                "_grammar": "( siphash24 )"
+            },
+            "cookie-secret": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string>"
+            },
+            "deny-answer-addresses": {
+                "_grammar": "{ <address_match_element>; ... } [ except-from { <string>; ... } ]"
+            },
+            "deny-answer-aliases": {
+                "_grammar": "{ <string>; ... } [ except-from { <string>; ... } ]"
+            },
+            "directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "disable-algorithms": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string> { <string>; ... }"
+            },
+            "disable-ds-digests": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string> { <string>; ... }"
+            },
+            "disable-empty-zone": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string>"
+            },
+            "dns64": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<netprefix>",
+                "_mapbody": {
+                    "break-dnssec": {
+                        "_grammar": "<boolean>"
+                    },
+                    "clients": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "exclude": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "mapped": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "recursive-only": {
+                        "_grammar": "<boolean>"
+                    },
+                    "suffix": {
+                        "_grammar": "<ipv6_address>"
+                    }
+                }
+            },
+            "dns64-contact": {
+                "_grammar": "<string>"
+            },
+            "dns64-server": {
+                "_grammar": "<string>"
+            },
+            "dnskey-sig-validity": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer>"
+            },
+            "dnsrps-enable": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnsrps-library": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<quoted_string>"
+            },
+            "dnsrps-options": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "{ <unspecified-text> }"
+            },
+            "dnssec-accept-expired": {
+                "_grammar": "<boolean>"
+            },
+            "dnssec-dnskey-kskonly": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-loadkeys-interval": {
+                "_grammar": "<integer>"
+            },
+            "dnssec-policy": {
+                "_grammar": "<string>"
+            },
+            "dnssec-secure-to-insecure": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-update-mode": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "( maintain | no-resign )"
+            },
+            "dnssec-validation": {
+                "_grammar": "( yes | no | auto )"
+            },
+            "dnstap": {
+                "_grammar": "{ ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }"
+            },
+            "dnstap-identity": {
+                "_grammar": "( <quoted_string> | none | hostname )"
+            },
+            "dnstap-output": {
+                "_grammar": "( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]"
+            },
+            "dnstap-version": {
+                "_grammar": "( <quoted_string> | none )"
+            },
+            "dual-stack-servers": {
+                "_grammar": "[ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }"
+            },
+            "dump-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "edns-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "empty-contact": {
+                "_grammar": "<string>"
+            },
+            "empty-server": {
+                "_grammar": "<string>"
+            },
+            "empty-zones-enable": {
+                "_grammar": "<boolean>"
+            },
+            "fetch-quota-params": {
+                "_grammar": "<integer> <fixedpoint> <fixedpoint> <fixedpoint>"
+            },
+            "fetches-per-server": {
+                "_grammar": "<integer> [ ( drop | fail ) ]"
+            },
+            "fetches-per-zone": {
+                "_grammar": "<integer> [ ( drop | fail ) ]"
+            },
+            "flush-zones-on-shutdown": {
+                "_grammar": "<boolean>"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "fstrm-set-buffer-hint": {
+                "_grammar": "<integer>"
+            },
+            "fstrm-set-flush-timeout": {
+                "_grammar": "<integer>"
+            },
+            "fstrm-set-input-queue-size": {
+                "_grammar": "<integer>"
+            },
+            "fstrm-set-output-notify-threshold": {
+                "_grammar": "<integer>"
+            },
+            "fstrm-set-output-queue-model": {
+                "_grammar": "( mpsc | spsc )"
+            },
+            "fstrm-set-output-queue-size": {
+                "_grammar": "<integer>"
+            },
+            "fstrm-set-reopen-interval": {
+                "_grammar": "<duration>"
+            },
+            "geoip-directory": {
+                "_grammar": "( <quoted_string> | none )"
+            },
+            "hostname": {
+                "_grammar": "( <quoted_string> | none )"
+            },
+            "http-listener-clients": {
+                "_grammar": "<integer>"
+            },
+            "http-port": {
+                "_grammar": "<integer>"
+            },
+            "http-streams-per-connection": {
+                "_grammar": "<integer>"
+            },
+            "https-port": {
+                "_grammar": "<integer>"
+            },
+            "interface-interval": {
+                "_grammar": "<duration>"
+            },
+            "ipv4only-contact": {
+                "_grammar": "<string>"
+            },
+            "ipv4only-enable": {
+                "_grammar": "<boolean>"
+            },
+            "ipv4only-server": {
+                "_grammar": "<string>"
+            },
+            "ixfr-from-differences": {
+                "_grammar": "( primary | master | secondary | slave | <boolean> )"
+            },
+            "keep-response-order": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "key-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "lame-ttl": {
+                "_grammar": "<duration>"
+            },
+            "listen-on": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }"
+            },
+            "listen-on-v6": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }"
+            },
+            "lmdb-mapsize": {
+                "_grammar": "<sizeval>"
+            },
+            "managed-keys-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "match-mapped-addresses": {
+                "_grammar": "<boolean>"
+            },
+            "max-cache-size": {
+                "_grammar": "( default | unlimited | <sizeval> | <percentage> )"
+            },
+            "max-cache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "max-clients-per-query": {
+                "_grammar": "<integer>"
+            },
+            "max-ixfr-ratio": {
+                "_grammar": "( unlimited | <percentage> )"
+            },
+            "max-journal-size": {
+                "_grammar": "( default | unlimited | <sizeval> )"
+            },
+            "max-ncache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "max-query-count": {
+                "_grammar": "<integer>"
+            },
+            "max-query-restarts": {
+                "_grammar": "<integer>"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-recursion-depth": {
+                "_grammar": "<integer>"
+            },
+            "max-recursion-queries": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-rsa-exponent-size": {
+                "_grammar": "<integer>"
+            },
+            "max-stale-ttl": {
+                "_grammar": "<duration>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-out": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-out": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "max-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "max-validation-failures-per-fetch": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "<integer>"
+            },
+            "max-validations-per-fetch": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "<integer>"
+            },
+            "max-zone-ttl": {
+                "_flags": [
+                    "deprecated"
+                ],
+                "_grammar": "( unlimited | <duration> )"
+            },
+            "memstatistics": {
+                "_grammar": "<boolean>"
+            },
+            "memstatistics-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "message-compression": {
+                "_grammar": "<boolean>"
+            },
+            "min-cache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "min-ncache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "minimal-any": {
+                "_grammar": "<boolean>"
+            },
+            "minimal-responses": {
+                "_grammar": "( no-auth | no-auth-recursive | <boolean> )"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "new-zones-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "no-case-compress": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "nocookie-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "notify": {
+                "_grammar": "( explicit | master-only | primary-only | <boolean> )"
+            },
+            "notify-cfg": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "notify": {
+                        "_grammar": "<boolean>"
+                    },
+                    "notify-defer": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-delay": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    }
+                }
+            },
+            "notify-defer": {
+                "_grammar": "<integer>"
+            },
+            "notify-delay": {
+                "_grammar": "<integer>"
+            },
+            "notify-rate": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "notify-to-soa": {
+                "_grammar": "<boolean>"
+            },
+            "nsec3-test-zone": {
+                "_flags": [
+                    "test only"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "nta-lifetime": {
+                "_grammar": "<duration>"
+            },
+            "nta-recheck": {
+                "_grammar": "<duration>"
+            },
+            "nxdomain-redirect": {
+                "_grammar": "<string>"
+            },
+            "parental-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "parental-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "pid-file": {
+                "_grammar": "( <quoted_string> | none )"
+            },
+            "port": {
+                "_grammar": "<integer>"
+            },
+            "preferred-glue": {
+                "_grammar": "<string>"
+            },
+            "prefetch": {
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "provide-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "provide-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "qname-minimization": {
+                "_grammar": "( strict | relaxed | disabled | off )"
+            },
+            "query-source": {
+                "_grammar": "[ address ] ( <ipv4_address> | * | none )"
+            },
+            "query-source-v6": {
+                "_grammar": "[ address ] ( <ipv6_address> | * | none )"
+            },
+            "querylog": {
+                "_grammar": "<boolean>"
+            },
+            "rate-limit": {
+                "_mapbody": {
+                    "all-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "errors-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "exempt-clients": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "ipv4-prefix-length": {
+                        "_grammar": "<integer>"
+                    },
+                    "ipv6-prefix-length": {
+                        "_grammar": "<integer>"
+                    },
+                    "log-only": {
+                        "_grammar": "<boolean>"
+                    },
+                    "max-table-size": {
+                        "_grammar": "<integer>"
+                    },
+                    "min-table-size": {
+                        "_grammar": "<integer>"
+                    },
+                    "nodata-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "nxdomains-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "qps-scale": {
+                        "_grammar": "<integer>"
+                    },
+                    "referrals-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "responses-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "slip": {
+                        "_grammar": "<integer>"
+                    },
+                    "window": {
+                        "_grammar": "<integer>"
+                    }
+                }
+            },
+            "recursing-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "recursion": {
+                "_grammar": "<boolean>"
+            },
+            "recursive-clients": {
+                "_grammar": "<integer>"
+            },
+            "request-expire": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr-max-diffs": {
+                "_grammar": "<integer>"
+            },
+            "request-nsid": {
+                "_grammar": "<boolean>"
+            },
+            "request-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "require-server-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "resolver-query-timeout": {
+                "_grammar": "<integer>"
+            },
+            "resolver-use-dns64": {
+                "_grammar": "<boolean>"
+            },
+            "response-padding": {
+                "_grammar": "{ <address_match_element>; ... } block-size <integer>"
+            },
+            "response-policy": {
+                "_grammar": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ servfail-until-ready <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ]"
+            },
+            "responselog": {
+                "_grammar": "<boolean>"
+            },
+            "reuseport": {
+                "_grammar": "<boolean>"
+            },
+            "root-key-sentinel": {
+                "_grammar": "<boolean>"
+            },
+            "rrset-order": {
+                "_grammar": "{ [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }"
+            },
+            "secroots-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "send-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "send-report-channel": {
+                "_grammar": "<string>"
+            },
+            "serial-query-rate": {
+                "_grammar": "<integer>"
+            },
+            "serial-update-method": {
+                "_grammar": "( date | increment | unixtime )"
+            },
+            "server-id": {
+                "_grammar": "( <quoted_string> | none | hostname )"
+            },
+            "servfail-ttl": {
+                "_grammar": "<duration>"
+            },
+            "session-keyalg": {
+                "_grammar": "<string>"
+            },
+            "session-keyfile": {
+                "_grammar": "( <quoted_string> | none )"
+            },
+            "session-keyname": {
+                "_grammar": "<string>"
+            },
+            "sig-signing-nodes": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-signatures": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-type": {
+                "_grammar": "<integer>"
+            },
+            "sig-validity-interval": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "sig0checks-quota": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "<integer>"
+            },
+            "sig0checks-quota-exempt": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "sig0key-checks-limit": {
+                "_grammar": "<integer>"
+            },
+            "sig0message-checks-limit": {
+                "_grammar": "<integer>"
+            },
+            "stale-answer-client-timeout": {
+                "_grammar": "( disabled | off | <integer> )"
+            },
+            "stale-answer-enable": {
+                "_grammar": "<boolean>"
+            },
+            "stale-answer-ttl": {
+                "_grammar": "<duration>"
+            },
+            "stale-cache-enable": {
+                "_grammar": "<boolean>"
+            },
+            "stale-refresh-time": {
+                "_grammar": "<duration>"
+            },
+            "startup-notify-rate": {
+                "_grammar": "<integer>"
+            },
+            "statistics-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "synth-from-dnssec": {
+                "_grammar": "<boolean>"
+            },
+            "tcp-advertised-timeout": {
+                "_grammar": "<integer>"
+            },
+            "tcp-clients": {
+                "_grammar": "<integer>"
+            },
+            "tcp-idle-timeout": {
+                "_grammar": "<integer>"
+            },
+            "tcp-initial-timeout": {
+                "_grammar": "<integer>"
+            },
+            "tcp-keepalive-timeout": {
+                "_grammar": "<integer>"
+            },
+            "tcp-listen-queue": {
+                "_grammar": "<integer>"
+            },
+            "tcp-primaries-timeout": {
+                "_grammar": "<integer>"
+            },
+            "tcp-receive-buffer": {
+                "_grammar": "<integer>"
+            },
+            "tcp-send-buffer": {
+                "_grammar": "<integer>"
+            },
+            "tkey-gssapi-keytab": {
+                "_grammar": "<quoted_string>"
+            },
+            "tls-port": {
+                "_grammar": "<integer>"
+            },
+            "transfer-format": {
+                "_grammar": "( many-answers | one-answer )"
+            },
+            "transfer-message-size": {
+                "_grammar": "<integer>"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "transfers-in": {
+                "_grammar": "<integer>"
+            },
+            "transfers-out": {
+                "_grammar": "<integer>"
+            },
+            "transfers-per-ns": {
+                "_grammar": "<integer>"
+            },
+            "trust-anchor-telemetry": {
+                "_grammar": "<boolean>"
+            },
+            "try-tcp-refresh": {
+                "_grammar": "<boolean>"
+            },
+            "udp-receive-buffer": {
+                "_grammar": "<integer>"
+            },
+            "udp-send-buffer": {
+                "_grammar": "<integer>"
+            },
+            "update-check-ksk": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "update-quota": {
+                "_grammar": "<integer>"
+            },
+            "v6-bias": {
+                "_grammar": "<integer>"
+            },
+            "validate-except": {
+                "_grammar": "{ <string>; ... }"
+            },
+            "version": {
+                "_grammar": "( <quoted_string> | none )"
+            },
+            "zero-no-soa-ttl": {
+                "_grammar": "<boolean>"
+            },
+            "zero-no-soa-ttl-cache": {
+                "_grammar": "<boolean>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    },
+    "plugin": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+    },
+    "remote-servers": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_grammar": "<string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+    },
+    "server": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<netprefix>",
+        "_mapbody": {
+            "bogus": {
+                "_grammar": "<boolean>"
+            },
+            "edns": {
+                "_grammar": "<boolean>"
+            },
+            "edns-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "edns-version": {
+                "_grammar": "<integer>"
+            },
+            "keys": {
+                "_grammar": "<server_key>"
+            },
+            "max-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "padding": {
+                "_grammar": "<integer>"
+            },
+            "provide-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "query-source": {
+                "_grammar": "[ address ] ( <ipv4_address> | * )"
+            },
+            "query-source-v6": {
+                "_grammar": "[ address ] ( <ipv6_address> | * )"
+            },
+            "request-expire": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr-max-diffs": {
+                "_grammar": "<integer>"
+            },
+            "request-nsid": {
+                "_grammar": "<boolean>"
+            },
+            "request-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "require-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "send-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "tcp-keepalive": {
+                "_grammar": "<boolean>"
+            },
+            "tcp-only": {
+                "_grammar": "<boolean>"
+            },
+            "transfer-format": {
+                "_grammar": "( many-answers | one-answer )"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "transfers": {
+                "_grammar": "<integer>"
+            }
+        }
+    },
+    "statistics-channels": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_mapbody": {
+            "inet": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]"
+            }
+        }
+    },
+    "template": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "allow-notify": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-transfer": {
+                "_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
+            },
+            "allow-update": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-update-forwarding": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "also-notify": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "check-dup-records": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-integrity": {
+                "_grammar": "<boolean>"
+            },
+            "check-mx": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-mx-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-sibling": {
+                "_grammar": "<boolean>"
+            },
+            "check-spf": {
+                "_grammar": "( warn | ignore )"
+            },
+            "check-srv-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-svcb": {
+                "_grammar": "<boolean>"
+            },
+            "check-wildcard": {
+                "_grammar": "<boolean>"
+            },
+            "checkds": {
+                "_grammar": "( explicit | <boolean> )"
+            },
+            "database": {
+                "_grammar": "<string>"
+            },
+            "dlz": {
+                "_grammar": "<string>"
+            },
+            "dnskey-sig-validity": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer>"
+            },
+            "dnssec-dnskey-kskonly": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-loadkeys-interval": {
+                "_grammar": "<integer>"
+            },
+            "dnssec-policy": {
+                "_grammar": "<string>"
+            },
+            "dnssec-secure-to-insecure": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-update-mode": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "( maintain | no-resign )"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "initial-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "inline-signing": {
+                "_grammar": "<boolean>"
+            },
+            "ixfr-from-differences": {
+                "_grammar": "<boolean>"
+            },
+            "journal": {
+                "_grammar": "<quoted_string>"
+            },
+            "key-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "log-report-channel": {
+                "_grammar": "<boolean>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-ixfr-ratio": {
+                "_grammar": "( unlimited | <percentage> )"
+            },
+            "max-journal-size": {
+                "_grammar": "( default | unlimited | <sizeval> )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-out": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-out": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "max-zone-ttl": {
+                "_flags": [
+                    "deprecated"
+                ],
+                "_grammar": "( unlimited | <duration> )"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "notify": {
+                "_grammar": "( explicit | master-only | primary-only | <boolean> )"
+            },
+            "notify-cfg": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "notify": {
+                        "_grammar": "<boolean>"
+                    },
+                    "notify-defer": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-delay": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    }
+                }
+            },
+            "notify-defer": {
+                "_grammar": "<integer>"
+            },
+            "notify-delay": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "notify-to-soa": {
+                "_grammar": "<boolean>"
+            },
+            "nsec3-test-zone": {
+                "_flags": [
+                    "test only"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "parental-agents": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "parental-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "parental-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "plugin": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+            },
+            "primaries": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "provide-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "request-expire": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr-max-diffs": {
+                "_grammar": "<integer>"
+            },
+            "send-report-channel": {
+                "_grammar": "<string>"
+            },
+            "serial-update-method": {
+                "_grammar": "( date | increment | unixtime )"
+            },
+            "server-addresses": {
+                "_grammar": "{ ( <ipv4_address> | <ipv6_address> ); ... }"
+            },
+            "server-names": {
+                "_grammar": "{ <string>; ... }"
+            },
+            "sig-signing-nodes": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-signatures": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-type": {
+                "_grammar": "<integer>"
+            },
+            "sig-validity-interval": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "try-tcp-refresh": {
+                "_grammar": "<boolean>"
+            },
+            "type": {
+                "_grammar": "( primary | master | secondary | slave | mirror | forward | hint | redirect | static-stub | stub )"
+            },
+            "update-check-ksk": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "update-policy": {
+                "_grammar": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } )"
+            },
+            "zero-no-soa-ttl": {
+                "_grammar": "<boolean>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    },
+    "tls": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string>",
+        "_mapbody": {
+            "ca-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "cert-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "cipher-suites": {
+                "_grammar": "<string>"
+            },
+            "ciphers": {
+                "_grammar": "<string>"
+            },
+            "dhparam-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "key-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "prefer-server-ciphers": {
+                "_grammar": "<boolean>"
+            },
+            "protocols": {
+                "_grammar": "{ <string>; ... }"
+            },
+            "remote-hostname": {
+                "_grammar": "<quoted_string>"
+            },
+            "session-tickets": {
+                "_grammar": "<boolean>"
+            }
+        }
+    },
+    "trust-anchors": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_grammar": "{ <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }"
+    },
+    "view": {
+        "_flags": [
+            "may occur multiple times"
+        ],
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "allow-new-zones": {
+                "_grammar": "<boolean>"
+            },
+            "allow-notify": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-proxy": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-proxy-on": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-cache": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-cache-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-recursion": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-recursion-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-transfer": {
+                "_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
+            },
+            "allow-update": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-update-forwarding": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "also-notify": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "attach-cache": {
+                "_grammar": "<string>"
+            },
+            "auth-nxdomain": {
+                "_grammar": "<boolean>"
+            },
+            "catalog-zones": {
+                "_grammar": "{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... }"
+            },
+            "check-dup-records": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-integrity": {
+                "_grammar": "<boolean>"
+            },
+            "check-mx": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-mx-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-names": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( primary | master | secondary | slave | response ) ( fail | warn | ignore )"
+            },
+            "check-sibling": {
+                "_grammar": "<boolean>"
+            },
+            "check-spf": {
+                "_grammar": "( warn | ignore )"
+            },
+            "check-srv-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-svcb": {
+                "_grammar": "<boolean>"
+            },
+            "check-wildcard": {
+                "_grammar": "<boolean>"
+            },
+            "clients-per-query": {
+                "_grammar": "<integer>"
+            },
+            "deny-answer-addresses": {
+                "_grammar": "{ <address_match_element>; ... } [ except-from { <string>; ... } ]"
+            },
+            "deny-answer-aliases": {
+                "_grammar": "{ <string>; ... } [ except-from { <string>; ... } ]"
+            },
+            "disable-algorithms": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string> { <string>; ... }"
+            },
+            "disable-ds-digests": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string> { <string>; ... }"
+            },
+            "disable-empty-zone": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string>"
+            },
+            "dlz": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "database": {
+                        "_grammar": "<string>"
+                    },
+                    "search": {
+                        "_grammar": "<boolean>"
+                    }
+                }
+            },
+            "dns64": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<netprefix>",
+                "_mapbody": {
+                    "break-dnssec": {
+                        "_grammar": "<boolean>"
+                    },
+                    "clients": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "exclude": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "mapped": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "recursive-only": {
+                        "_grammar": "<boolean>"
+                    },
+                    "suffix": {
+                        "_grammar": "<ipv6_address>"
+                    }
+                }
+            },
+            "dns64-contact": {
+                "_grammar": "<string>"
+            },
+            "dns64-server": {
+                "_grammar": "<string>"
+            },
+            "dnskey-sig-validity": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer>"
+            },
+            "dnsrps-enable": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnsrps-options": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "{ <unspecified-text> }"
+            },
+            "dnssec-accept-expired": {
+                "_grammar": "<boolean>"
+            },
+            "dnssec-dnskey-kskonly": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-loadkeys-interval": {
+                "_grammar": "<integer>"
+            },
+            "dnssec-policy": {
+                "_grammar": "<string>"
+            },
+            "dnssec-secure-to-insecure": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-update-mode": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "( maintain | no-resign )"
+            },
+            "dnssec-validation": {
+                "_grammar": "( yes | no | auto )"
+            },
+            "dnstap": {
+                "_grammar": "{ ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }"
+            },
+            "dual-stack-servers": {
+                "_grammar": "[ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... }"
+            },
+            "dyndb": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "<string> <quoted_string> { <unspecified-text> }"
+            },
+            "edns-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "empty-contact": {
+                "_grammar": "<string>"
+            },
+            "empty-server": {
+                "_grammar": "<string>"
+            },
+            "empty-zones-enable": {
+                "_grammar": "<boolean>"
+            },
+            "fetch-quota-params": {
+                "_grammar": "<integer> <fixedpoint> <fixedpoint> <fixedpoint>"
+            },
+            "fetches-per-server": {
+                "_grammar": "<integer> [ ( drop | fail ) ]"
+            },
+            "fetches-per-zone": {
+                "_grammar": "<integer> [ ( drop | fail ) ]"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "ipv4only-contact": {
+                "_grammar": "<string>"
+            },
+            "ipv4only-enable": {
+                "_grammar": "<boolean>"
+            },
+            "ipv4only-server": {
+                "_grammar": "<string>"
+            },
+            "ixfr-from-differences": {
+                "_grammar": "( primary | master | secondary | slave | <boolean> )"
+            },
+            "key": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "algorithm": {
+                        "_grammar": "<string>"
+                    },
+                    "secret": {
+                        "_grammar": "<string>"
+                    }
+                }
+            },
+            "key-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "lame-ttl": {
+                "_grammar": "<duration>"
+            },
+            "lmdb-mapsize": {
+                "_grammar": "<sizeval>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "match-clients": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "match-destinations": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "match-recursive-only": {
+                "_grammar": "<boolean>"
+            },
+            "max-cache-size": {
+                "_grammar": "( default | unlimited | <sizeval> | <percentage> )"
+            },
+            "max-cache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "max-clients-per-query": {
+                "_grammar": "<integer>"
+            },
+            "max-ixfr-ratio": {
+                "_grammar": "( unlimited | <percentage> )"
+            },
+            "max-journal-size": {
+                "_grammar": "( default | unlimited | <sizeval> )"
+            },
+            "max-ncache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "max-query-count": {
+                "_grammar": "<integer>"
+            },
+            "max-query-restarts": {
+                "_grammar": "<integer>"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-recursion-depth": {
+                "_grammar": "<integer>"
+            },
+            "max-recursion-queries": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-stale-ttl": {
+                "_grammar": "<duration>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-out": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-out": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "max-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "max-validation-failures-per-fetch": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "<integer>"
+            },
+            "max-validations-per-fetch": {
+                "_flags": [
+                    "experimental"
+                ],
+                "_grammar": "<integer>"
+            },
+            "max-zone-ttl": {
+                "_flags": [
+                    "deprecated"
+                ],
+                "_grammar": "( unlimited | <duration> )"
+            },
+            "message-compression": {
+                "_grammar": "<boolean>"
+            },
+            "min-cache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "min-ncache-ttl": {
+                "_grammar": "<duration>"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "minimal-any": {
+                "_grammar": "<boolean>"
+            },
+            "minimal-responses": {
+                "_grammar": "( no-auth | no-auth-recursive | <boolean> )"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "new-zones-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "no-case-compress": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "nocookie-udp-size": {
+                "_grammar": "<integer>"
+            },
+            "notify": {
+                "_grammar": "( explicit | master-only | primary-only | <boolean> )"
+            },
+            "notify-cfg": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "notify": {
+                        "_grammar": "<boolean>"
+                    },
+                    "notify-defer": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-delay": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    }
+                }
+            },
+            "notify-defer": {
+                "_grammar": "<integer>"
+            },
+            "notify-delay": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "notify-to-soa": {
+                "_grammar": "<boolean>"
+            },
+            "nsec3-test-zone": {
+                "_flags": [
+                    "test only"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "nta-lifetime": {
+                "_grammar": "<duration>"
+            },
+            "nta-recheck": {
+                "_grammar": "<duration>"
+            },
+            "nxdomain-redirect": {
+                "_grammar": "<string>"
+            },
+            "parental-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "parental-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "plugin": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+            },
+            "preferred-glue": {
+                "_grammar": "<string>"
+            },
+            "prefetch": {
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "provide-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "provide-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "qname-minimization": {
+                "_grammar": "( strict | relaxed | disabled | off )"
+            },
+            "query-source": {
+                "_grammar": "[ address ] ( <ipv4_address> | * | none )"
+            },
+            "query-source-v6": {
+                "_grammar": "[ address ] ( <ipv6_address> | * | none )"
+            },
+            "rate-limit": {
+                "_mapbody": {
+                    "all-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "errors-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "exempt-clients": {
+                        "_grammar": "{ <address_match_element>; ... }"
+                    },
+                    "ipv4-prefix-length": {
+                        "_grammar": "<integer>"
+                    },
+                    "ipv6-prefix-length": {
+                        "_grammar": "<integer>"
+                    },
+                    "log-only": {
+                        "_grammar": "<boolean>"
+                    },
+                    "max-table-size": {
+                        "_grammar": "<integer>"
+                    },
+                    "min-table-size": {
+                        "_grammar": "<integer>"
+                    },
+                    "nodata-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "nxdomains-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "qps-scale": {
+                        "_grammar": "<integer>"
+                    },
+                    "referrals-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "responses-per-second": {
+                        "_grammar": "<integer>"
+                    },
+                    "slip": {
+                        "_grammar": "<integer>"
+                    },
+                    "window": {
+                        "_grammar": "<integer>"
+                    }
+                }
+            },
+            "recursion": {
+                "_grammar": "<boolean>"
+            },
+            "request-expire": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr-max-diffs": {
+                "_grammar": "<integer>"
+            },
+            "request-nsid": {
+                "_grammar": "<boolean>"
+            },
+            "request-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "require-server-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "resolver-query-timeout": {
+                "_grammar": "<integer>"
+            },
+            "resolver-use-dns64": {
+                "_grammar": "<boolean>"
+            },
+            "response-padding": {
+                "_grammar": "{ <address_match_element>; ... } block-size <integer>"
+            },
+            "response-policy": {
+                "_grammar": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ servfail-until-ready <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ]"
+            },
+            "root-key-sentinel": {
+                "_grammar": "<boolean>"
+            },
+            "rrset-order": {
+                "_grammar": "{ [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... }"
+            },
+            "send-cookie": {
+                "_grammar": "<boolean>"
+            },
+            "send-report-channel": {
+                "_grammar": "<string>"
+            },
+            "serial-update-method": {
+                "_grammar": "( date | increment | unixtime )"
+            },
+            "server": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<netprefix>",
+                "_mapbody": {
+                    "bogus": {
+                        "_grammar": "<boolean>"
+                    },
+                    "edns": {
+                        "_grammar": "<boolean>"
+                    },
+                    "edns-udp-size": {
+                        "_grammar": "<integer>"
+                    },
+                    "edns-version": {
+                        "_grammar": "<integer>"
+                    },
+                    "keys": {
+                        "_grammar": "<server_key>"
+                    },
+                    "max-udp-size": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    },
+                    "padding": {
+                        "_grammar": "<integer>"
+                    },
+                    "provide-ixfr": {
+                        "_grammar": "<boolean>"
+                    },
+                    "query-source": {
+                        "_grammar": "[ address ] ( <ipv4_address> | * )"
+                    },
+                    "query-source-v6": {
+                        "_grammar": "[ address ] ( <ipv6_address> | * )"
+                    },
+                    "request-expire": {
+                        "_grammar": "<boolean>"
+                    },
+                    "request-ixfr": {
+                        "_grammar": "<boolean>"
+                    },
+                    "request-ixfr-max-diffs": {
+                        "_grammar": "<integer>"
+                    },
+                    "request-nsid": {
+                        "_grammar": "<boolean>"
+                    },
+                    "request-zoneversion": {
+                        "_grammar": "<boolean>"
+                    },
+                    "require-cookie": {
+                        "_grammar": "<boolean>"
+                    },
+                    "send-cookie": {
+                        "_grammar": "<boolean>"
+                    },
+                    "tcp-keepalive": {
+                        "_grammar": "<boolean>"
+                    },
+                    "tcp-only": {
+                        "_grammar": "<boolean>"
+                    },
+                    "transfer-format": {
+                        "_grammar": "( many-answers | one-answer )"
+                    },
+                    "transfer-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "transfer-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    },
+                    "transfers": {
+                        "_grammar": "<integer>"
+                    }
+                }
+            },
+            "servfail-ttl": {
+                "_grammar": "<duration>"
+            },
+            "sig-signing-nodes": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-signatures": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-type": {
+                "_grammar": "<integer>"
+            },
+            "sig-validity-interval": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "sig0key-checks-limit": {
+                "_grammar": "<integer>"
+            },
+            "sig0message-checks-limit": {
+                "_grammar": "<integer>"
+            },
+            "stale-answer-client-timeout": {
+                "_grammar": "( disabled | off | <integer> )"
+            },
+            "stale-answer-enable": {
+                "_grammar": "<boolean>"
+            },
+            "stale-answer-ttl": {
+                "_grammar": "<duration>"
+            },
+            "stale-cache-enable": {
+                "_grammar": "<boolean>"
+            },
+            "stale-refresh-time": {
+                "_grammar": "<duration>"
+            },
+            "synth-from-dnssec": {
+                "_grammar": "<boolean>"
+            },
+            "transfer-format": {
+                "_grammar": "( many-answers | one-answer )"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "trust-anchor-telemetry": {
+                "_grammar": "<boolean>"
+            },
+            "trust-anchors": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "{ <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }"
+            },
+            "try-tcp-refresh": {
+                "_grammar": "<boolean>"
+            },
+            "update-check-ksk": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "v6-bias": {
+                "_grammar": "<integer>"
+            },
+            "validate-except": {
+                "_grammar": "{ <string>; ... }"
+            },
+            "zero-no-soa-ttl": {
+                "_grammar": "<boolean>"
+            },
+            "zero-no-soa-ttl-cache": {
+                "_grammar": "<boolean>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/primary.zoneopt.json b/bind9-grammar/primary.zoneopt.json
new file mode 100644
index 0000000..76353ee
--- /dev/null
+++ b/bind9-grammar/primary.zoneopt.json
@@ -0,0 +1,258 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "primary"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-transfer": {
+                "_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
+            },
+            "allow-update": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "also-notify": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "check-dup-records": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-integrity": {
+                "_grammar": "<boolean>"
+            },
+            "check-mx": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-mx-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-sibling": {
+                "_grammar": "<boolean>"
+            },
+            "check-spf": {
+                "_grammar": "( warn | ignore )"
+            },
+            "check-srv-cname": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "check-svcb": {
+                "_grammar": "<boolean>"
+            },
+            "check-wildcard": {
+                "_grammar": "<boolean>"
+            },
+            "checkds": {
+                "_grammar": "( explicit | <boolean> )"
+            },
+            "database": {
+                "_grammar": "<string>"
+            },
+            "dlz": {
+                "_grammar": "<string>"
+            },
+            "dnskey-sig-validity": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer>"
+            },
+            "dnssec-dnskey-kskonly": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-loadkeys-interval": {
+                "_grammar": "<integer>"
+            },
+            "dnssec-policy": {
+                "_grammar": "<string>"
+            },
+            "dnssec-secure-to-insecure": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-update-mode": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "( maintain | no-resign )"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "initial-file": {
+                "_grammar": "<quoted_string>"
+            },
+            "inline-signing": {
+                "_grammar": "<boolean>"
+            },
+            "ixfr-from-differences": {
+                "_grammar": "<boolean>"
+            },
+            "journal": {
+                "_grammar": "<quoted_string>"
+            },
+            "key-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "log-report-channel": {
+                "_grammar": "<boolean>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-ixfr-ratio": {
+                "_grammar": "( unlimited | <percentage> )"
+            },
+            "max-journal-size": {
+                "_grammar": "( default | unlimited | <sizeval> )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-out": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-out": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "max-zone-ttl": {
+                "_flags": [
+                    "deprecated"
+                ],
+                "_grammar": "( unlimited | <duration> )"
+            },
+            "notify": {
+                "_grammar": "( explicit | master-only | primary-only | <boolean> )"
+            },
+            "notify-cfg": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "notify": {
+                        "_grammar": "<boolean>"
+                    },
+                    "notify-defer": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-delay": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    }
+                }
+            },
+            "notify-defer": {
+                "_grammar": "<integer>"
+            },
+            "notify-delay": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "notify-to-soa": {
+                "_grammar": "<boolean>"
+            },
+            "nsec3-test-zone": {
+                "_flags": [
+                    "test only"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "parental-agents": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "parental-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "parental-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "plugin": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+            },
+            "provide-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "send-report-channel": {
+                "_grammar": "<string>"
+            },
+            "serial-update-method": {
+                "_grammar": "( date | increment | unixtime )"
+            },
+            "sig-signing-nodes": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-signatures": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-type": {
+                "_grammar": "<integer>"
+            },
+            "sig-validity-interval": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "update-check-ksk": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "update-policy": {
+                "_grammar": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } )"
+            },
+            "zero-no-soa-ttl": {
+                "_grammar": "<boolean>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/redirect.zoneopt.json b/bind9-grammar/redirect.zoneopt.json
new file mode 100644
index 0000000..28cf0d0
--- /dev/null
+++ b/bind9-grammar/redirect.zoneopt.json
@@ -0,0 +1,58 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "redirect"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "dlz": {
+                "_grammar": "<string>"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "max-zone-ttl": {
+                "_flags": [
+                    "deprecated"
+                ],
+                "_grammar": "( unlimited | <duration> )"
+            },
+            "plugin": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+            },
+            "primaries": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/secondary.zoneopt.json b/bind9-grammar/secondary.zoneopt.json
new file mode 100644
index 0000000..6f7bd27
--- /dev/null
+++ b/bind9-grammar/secondary.zoneopt.json
@@ -0,0 +1,258 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "secondary"
+            },
+            "allow-notify": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-transfer": {
+                "_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
+            },
+            "allow-update-forwarding": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "also-notify": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "checkds": {
+                "_grammar": "( explicit | <boolean> )"
+            },
+            "database": {
+                "_grammar": "<string>"
+            },
+            "dlz": {
+                "_grammar": "<string>"
+            },
+            "dnskey-sig-validity": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer>"
+            },
+            "dnssec-dnskey-kskonly": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "dnssec-loadkeys-interval": {
+                "_grammar": "<integer>"
+            },
+            "dnssec-policy": {
+                "_grammar": "<string>"
+            },
+            "dnssec-update-mode": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "( maintain | no-resign )"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "inline-signing": {
+                "_grammar": "<boolean>"
+            },
+            "ixfr-from-differences": {
+                "_grammar": "<boolean>"
+            },
+            "journal": {
+                "_grammar": "<quoted_string>"
+            },
+            "key-directory": {
+                "_grammar": "<quoted_string>"
+            },
+            "log-report-channel": {
+                "_grammar": "<boolean>"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-ixfr-ratio": {
+                "_grammar": "( unlimited | <percentage> )"
+            },
+            "max-journal-size": {
+                "_grammar": "( default | unlimited | <sizeval> )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-out": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-out": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "notify": {
+                "_grammar": "( explicit | master-only | primary-only | <boolean> )"
+            },
+            "notify-cfg": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_id": "<string>",
+                "_mapbody": {
+                    "notify": {
+                        "_grammar": "<boolean>"
+                    },
+                    "notify-defer": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-delay": {
+                        "_grammar": "<integer>"
+                    },
+                    "notify-source": {
+                        "_grammar": "( <ipv4_address> | * )"
+                    },
+                    "notify-source-v6": {
+                        "_grammar": "( <ipv6_address> | * )"
+                    }
+                }
+            },
+            "notify-defer": {
+                "_grammar": "<integer>"
+            },
+            "notify-delay": {
+                "_grammar": "<integer>"
+            },
+            "notify-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "notify-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "notify-to-soa": {
+                "_grammar": "<boolean>"
+            },
+            "nsec3-test-zone": {
+                "_flags": [
+                    "test only"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "parental-agents": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "parental-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "parental-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "plugin": {
+                "_flags": [
+                    "may occur multiple times"
+                ],
+                "_grammar": "( query ) <string> [ { <unspecified-text> } ]"
+            },
+            "primaries": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "provide-zoneversion": {
+                "_grammar": "<boolean>"
+            },
+            "request-expire": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr": {
+                "_grammar": "<boolean>"
+            },
+            "request-ixfr-max-diffs": {
+                "_grammar": "<integer>"
+            },
+            "send-report-channel": {
+                "_grammar": "<string>"
+            },
+            "sig-signing-nodes": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-signatures": {
+                "_grammar": "<integer>"
+            },
+            "sig-signing-type": {
+                "_grammar": "<integer>"
+            },
+            "sig-validity-interval": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<integer> [ <integer> ]"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "try-tcp-refresh": {
+                "_grammar": "<boolean>"
+            },
+            "update-check-ksk": {
+                "_flags": [
+                    "obsolete"
+                ],
+                "_grammar": "<boolean>"
+            },
+            "zero-no-soa-ttl": {
+                "_grammar": "<boolean>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/static-stub.zoneopt.json b/bind9-grammar/static-stub.zoneopt.json
new file mode 100644
index 0000000..bfbeef1
--- /dev/null
+++ b/bind9-grammar/static-stub.zoneopt.json
@@ -0,0 +1,43 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "static-stub"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "server-addresses": {
+                "_grammar": "{ ( <ipv4_address> | <ipv6_address> ); ... }"
+            },
+            "server-names": {
+                "_grammar": "{ <string>; ... }"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/stub.zoneopt.json b/bind9-grammar/stub.zoneopt.json
new file mode 100644
index 0000000..ade960b
--- /dev/null
+++ b/bind9-grammar/stub.zoneopt.json
@@ -0,0 +1,85 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "stub"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "database": {
+                "_grammar": "<string>"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "primaries": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/bind9-grammar/zoneopt.json b/bind9-grammar/zoneopt.json
new file mode 100644
index 0000000..ade960b
--- /dev/null
+++ b/bind9-grammar/zoneopt.json
@@ -0,0 +1,85 @@
+{
+    "zone": {
+        "_id": "<string> [ <class> ]",
+        "_mapbody": {
+            "type": {
+                "_grammar": "stub"
+            },
+            "allow-query": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "allow-query-on": {
+                "_grammar": "{ <address_match_element>; ... }"
+            },
+            "check-names": {
+                "_grammar": "( fail | warn | ignore )"
+            },
+            "database": {
+                "_grammar": "<string>"
+            },
+            "file": {
+                "_grammar": "<quoted_string>"
+            },
+            "forward": {
+                "_grammar": "( first | only )"
+            },
+            "forwarders": {
+                "_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
+            },
+            "masterfile-format": {
+                "_grammar": "( raw | text )"
+            },
+            "masterfile-style": {
+                "_grammar": "( full | relative )"
+            },
+            "max-records": {
+                "_grammar": "<integer>"
+            },
+            "max-records-per-type": {
+                "_grammar": "<integer>"
+            },
+            "max-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "max-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-idle-in": {
+                "_grammar": "<integer>"
+            },
+            "max-transfer-time-in": {
+                "_grammar": "<integer>"
+            },
+            "max-types-per-name": {
+                "_grammar": "<integer>"
+            },
+            "min-refresh-time": {
+                "_grammar": "<integer>"
+            },
+            "min-retry-time": {
+                "_grammar": "<integer>"
+            },
+            "min-transfer-rate-in": {
+                "_grammar": "<integer> <integer>"
+            },
+            "multi-master": {
+                "_grammar": "<boolean>"
+            },
+            "primaries": {
+                "_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
+            },
+            "template": {
+                "_grammar": "<string>"
+            },
+            "transfer-source": {
+                "_grammar": "( <ipv4_address> | * )"
+            },
+            "transfer-source-v6": {
+                "_grammar": "( <ipv6_address> | * )"
+            },
+            "zone-statistics": {
+                "_grammar": "( full | terse | none | <boolean> )"
+            }
+        }
+    }
+}
diff --git a/defaults/main.yml b/defaults/main.yml
index 34ba28d..a48cffc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,7 +16,6 @@ bind9_config_indent: 4
 bind9_group_config: []
 bind9_site_config: []
 bind9_host_config: []
-
 bind9_default_config:
   - name: named.conf
     backup: false
@@ -28,10 +27,11 @@ bind9_default_config:
     options:
       directory: "{{ bind9_working_directory }}"
 
-bind9_config: "{{ [bind9_default_config,
-  bind9_group_config,
-  bind9_site_config,
-  bind9_host_config] |
-  community.general.lists_mergeby('name',
-    recursive=true,
-    list_merge='append_rp') }}"
+bind9_config: >-
+  {{
+    [bind9_default_config,
+     bind9_group_config,
+     bind9_site_config,
+     bind9_host_config] |
+    community.general.lists_mergeby('name', recursive=true, list_merge='append_rp')
+  }}
diff --git a/handlers/main.yml b/handlers/main.yml
index f37a250..589c245 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -16,10 +16,8 @@
       - "{{ bind9_cfgdir }}"
       - "{{ bind9_working_directory }}"
       - "{{ bind9_libdir }}"
-    dest: "{{
-      bind9_backup_dir + '/bind9-config-' +
-      ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
+    dest: "{{ bind9_backup_dir + '/bind9-config-' + ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
     owner: root
     group: root
-    mode: 0640
+    mode: "0640"
   when: bind9_backup_config is defined and bind9_backup_config
diff --git a/molecule/default/collections.yml b/molecule/default/collections.yml
index 6f4772f..70199b7 100644
--- a/molecule/default/collections.yml
+++ b/molecule/default/collections.yml
@@ -4,4 +4,3 @@ collections:
   - name: ansible.posix
   - name: community.crypto
   - name: community.general
-
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index d63642f..2344860 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -2,6 +2,114 @@
 - name: Converge
   hosts: all
   tasks:
+    - name: Create log directory for BIND
+      ansible.builtin.file:
+        path: /var/log/named
+        state: directory
+        mode: '0755'
+        owner: bind
+        group: bind
+
     - name: Include bind9 role
       ansible.builtin.include_role:
-        name: ../../../ansible-bind9-role
+        name: ../../../ansible-bind9-role  # noqa: role-name[path]
+  vars:
+    bind9_backup_config: false
+    bind9_host_config:
+      - name: named.conf.options
+        options:
+          directory: "{{ bind9_working_directory }}"
+          recursion: true
+          allow_query:
+            - any
+          allow_recursion:
+            - 10.0.0.0/8
+            - 192.168.0.0/16
+            - 172.16.0.0/12
+            - localhost
+            - localnets
+          forwarders:
+            - address: 91.239.100.100
+              tls: censurfridns-anycast
+            - address: 89.233.43.71
+              tls: censurfridns-unicast
+          forward: first
+          dnssec_validation: auto
+          dnstap:
+            - type: auth
+            - type: resolver
+              log: query
+            - type: client
+              log: response
+          dnstap_output:
+            output_type: file
+            output_file: /var/log/named/dnstap.log
+            size: 20m
+            versions: 3
+            suffix: increment
+          dnstap_identity: dns-server-01
+          dnstap_version: 9.18
+        logging:
+          channels:
+            - name: default_log
+              file:
+                name: /var/log/named/default.log
+              severity: info
+              print_time: true
+              print_severity: true
+              print_category: true
+            - name: security_log
+              file:
+                name: /var/log/named/security.log
+              severity: dynamic
+              print_time: true
+              print_severity: true
+              print_category: true
+            - name: query_log
+              file:
+                name: /var/log/named/queries.log
+                versions: 5
+                size: 10m
+              severity: info
+              print_time: true
+            - name: dnssec_log
+              file:
+                name: /var/log/named/dnssec.log
+              severity: debug
+              print_time: true
+              print_severity: true
+            - name: rate_limit_log
+              syslog: daemon
+              severity: warning
+          categories:
+            - name: default
+              channels:
+                - default_log
+            - name: general
+              channels:
+                - default_log
+            - name: security
+              channels:
+                - security_log
+            - name: queries
+              channels:
+                - query_log
+            - name: dnssec
+              channels:
+                - dnssec_log
+            - name: rate-limit
+              channels:
+                - rate_limit_log
+      - name: named.conf.local
+        tls:
+          - name: censurfridns-anycast
+            remote_hostname: anycast.uncensoreddns.org
+          - name: censurfridns-unicast
+            remote_hostname: unicast.uncensoreddns.org
+        zones:
+          - name: example.internal
+            type: forward
+            forward: only
+            forwarders:
+              - 10.0.0.53
+              - 10.0.0.54
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index c5ae4d5..d9e7bf5 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -2,13 +2,6 @@
 driver:
   name: podman
 platforms:
-  - name: debian-bookworm
-    image: docker.io/jrei/systemd-debian:12
-    command: /lib/systemd/systemd
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-    cgroupns_mode: host
   - name: debian-trixie
     image: docker.io/jrei/systemd-debian:13
     command: /lib/systemd/systemd
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index b3823cd..a85e9f5 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -1,6 +1,11 @@
 ---
-- hosts: all
+- name: Prepare
+  hosts: all
   tasks:
     - name: Update apt
       ansible.builtin.apt:
         update_cache: true
+    - name: Install bind9-dnsutils package
+      ansible.builtin.apt:
+        name: bind9-dnsutils
+        state: present
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
new file mode 100644
index 0000000..da4dae3
--- /dev/null
+++ b/molecule/default/verify.yml
@@ -0,0 +1,76 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Check that BIND9 is installed
+      ansible.builtin.package:
+        name: bind9
+        state: present
+      check_mode: true
+      register: __bind9_package_check
+      failed_when: __bind9_package_check is changed
+
+    - name: Check that BIND9 service is running
+      ansible.builtin.service:
+        name: named
+        state: started
+        enabled: true
+      check_mode: true
+      register: __bind9_service_check
+      failed_when: __bind9_service_check is changed
+
+    - name: Check that named.conf.options exists
+      ansible.builtin.stat:
+        path: /etc/bind/named.conf.options
+      register: __options_file
+      failed_when: not __options_file.stat.exists
+
+    - name: Check that named.conf.local exists
+      ansible.builtin.stat:
+        path: /etc/bind/named.conf.local
+      register: __local_file
+      failed_when: not __local_file.stat.exists
+
+    - name: Read named.conf.options content
+      ansible.builtin.slurp:
+        path: /etc/bind/named.conf.options
+      register: __options_content
+
+    - name: Verify forwarders are configured in options
+      ansible.builtin.assert:
+        that:
+          - "'forwarders' in __options_decoded"
+          - "'8.8.8.8' in __options_decoded"
+          - "'forward first' in __options_decoded"
+        fail_msg: Forwarders not properly configured in named.conf.options
+      vars:
+        __options_decoded: "{{ __options_content.content | b64decode }}"
+
+    - name: Read named.conf.local content
+      ansible.builtin.slurp:
+        path: /etc/bind/named.conf.local
+      register: __local_content
+
+    - name: Verify forward zone is configured
+      ansible.builtin.assert:
+        that:
+          - "'zone \"example.internal\"' in __local_decoded"
+          - "'type forward' in __local_decoded"
+          - "'forward only' in __local_decoded"
+        fail_msg: Forward zone not properly configured in named.conf.local
+      vars:
+        __local_decoded: "{{ __local_content.content | b64decode }}"
+
+    - name: Test DNS resolution using localhost
+      ansible.builtin.command:
+        cmd: dig @localhost google.com +short
+      register: __dns_query
+      changed_when: false
+      failed_when: __dns_query.rc != 0
+
+    - name: Verify DNS query returned results
+      ansible.builtin.assert:
+        that:
+          - __dns_query.stdout_lines | length > 0
+        fail_msg: DNS forwarding is not working
diff --git a/tasks/main.yml b/tasks/main.yml
index 12df4a5..d6f2ed4 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,10 +15,16 @@
     state: directory
     owner: root
     group: root
-    mode: 0750
+    mode: "0750"
   when: bind9_backup_config is defined and bind9_backup_config | bool
 
 - name: Deploy and Validate Configuration
+  tags:
+    - bind9
+    - template
+  notify:
+    - Backup bind config
+    - Restart bind
   block:
     - name: Create backup of current config
       ansible.builtin.copy:
@@ -27,9 +33,9 @@
         remote_src: true
         owner: root
         group: bind
-        mode: 0640
+        mode: "0640"
+      changed_when: false
       failed_when: false # It's okay if the file doesn't exist yet
-      # We do this for every file in the loop
       loop: "{{ bind9_config }}"
       loop_control:
         label: "{{ item.name }}"
@@ -40,11 +46,11 @@
         dest: "{{ bind9_cfgdir }}/{{ item.name }}"
         owner: root
         group: bind
-        mode: 0640
+        mode: "0640"
       loop: "{{ bind9_config }}"
       loop_control:
         label: "{{ item.name }}"
-      register: _template_result
+      register: bind9_template_result
 
     - name: Validate configuration using named-checkconf
       ansible.builtin.command:
@@ -59,7 +65,7 @@
         remote_src: true
         owner: root
         group: bind
-        mode: 0640
+        mode: "0640"
       loop: "{{ bind9_config }}"
       loop_control:
         label: "{{ item.name }}"
@@ -67,7 +73,9 @@
 
     - name: Fail due to invalid configuration
       ansible.builtin.fail:
-        msg: "Configuration validation failed. Changes have been reverted. Check the logs for named-checkconf errors."
+        msg: |
+          Configuration validation failed. Changes have been reverted.
+          Check the logs for named-checkconf errors.
 
   always:
     - name: Remove backup files
@@ -77,14 +85,7 @@
       loop: "{{ bind9_config }}"
       loop_control:
         label: "{{ item.name }}"
-      when: bind9_backup_config | bool is false # Keep if backup is forced, otherwise cleanup temporary atomic backup
-  
-  tags:
-    - bind9
-    - template
-  notify:
-    - Backup bind config
-    - Restart bind
+      when: bind9_backup_config | bool is false
 
 - name: Ensure the named service is started
   ansible.builtin.service:
diff --git a/templates/named.conf.functions.j2 b/templates/named.conf.functions.j2
index 0ba8399..06cc86a 100644
--- a/templates/named.conf.functions.j2
+++ b/templates/named.conf.functions.j2
@@ -110,4 +110,36 @@
 {% else %}
 {{ name }} "{{ value }}";
 {% endif %}
+{% endmacro %}
+
+{% macro list_address_port_tls(dict, indent=bind9_config_indent) %}
+{# This macro is for use for statements with grammar like #}
+{#  address port 00 tls str; address port 00 tls str; #}
+{# it is usually called by a parent macro #}
+{% filter indent(indent, true) %}
+{% for item in dict %}
+{% if item is not mapping %}
+{{ item }};
+{% else %}
+{{ item.address }}
+{{- (' port ' + item.port | string) if item.port is defined and item.port -}}
+{{- (' tls ' + item.tls | string) if item.tls is defined and item.tls -}};
+{% endif %}
+{% endfor %}
+{% endfilter %}
+{% endmacro %}
+
+{% macro parent_address_port_tls(name, dict) %}
+{# This macro is for use for statements with grammar like #}
+{# statement port 00 tls str { address port 00 tls str; address port 00 tls str; } #}
+{# the list inside the statement is handled by list_address_port_tls #}
+{% if dict is not mapping and dict is iterable %}
+{{ name }} {
+{{ list_address_port_tls(dict) }}};
+{% else %}
+{{ name }}
+{{- (' port ' + dict.port | string) if dict.port is defined and dict.port -}}
+{{- (' tls ' + dict.tls | string) if dict.tls is defined and dict.tls }} {
+{{ list_address_port_tls(dict.addresses) }}};
+{% endif %}
 {% endmacro %}
\ No newline at end of file
diff --git a/templates/named.conf.options.j2 b/templates/named.conf.options.j2
index afdbaf7..27c2237 100644
--- a/templates/named.conf.options.j2
+++ b/templates/named.conf.options.j2
@@ -101,7 +101,7 @@ listen-on
 {{ functions.simple_item_list(item.options.listen_on.addresses) }}};
 {% endfor %}
 {% endif %}
-{{ functions.parent_address_port_dscp("forwarders", item.options.forwarders) if item.options.forwarders is defined and item.options.forwarders -}}
+{{ functions.parent_address_port_tls("forwarders", item.options.forwarders) if item.options.forwarders is defined and item.options.forwarders -}}
 {% if item.options.dual_stack_servers is defined and item.options.dual_stack_servers %}
 dual-stack-servers
 {{ (' port ' + item.options.dual_stack_servers.port | string) if item.options.dual_stack_servers.port is defined and item.options.dual_stack_servers }} {
diff --git a/templates/named.conf.zone.j2 b/templates/named.conf.zone.j2
index 0423220..bdf12ce 100644
--- a/templates/named.conf.zone.j2
+++ b/templates/named.conf.zone.j2
@@ -47,7 +47,7 @@ server-names {
 server-addresses {
 {{ functions.simple_item_list(zone.server_addresses) }}};
 {% endif %}
-{{ functions.parent_address_port_dscp('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}}
+{{ functions.parent_address_port_tls('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}}
 {% if zone.allow_transfer is defined and zone.allow_transfer is not string %}
 allow-transfer
 {{- (' port ' + zone.allow_transfer.port | string) if zone.allow_transfer.port is defined and zone.allow_transfer.port -}}
diff --git a/tests/test.yml b/tests/test.yml
index 5e082e0..2df4427 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - bind9
+    - bind9  # noqa: syntax-check[specific]