Commit 19ed6f8f authored by Tinderbox User's avatar Tinderbox User

prep 9.13.3

parent 71575967
--- 9.13.3 released ---
5029. [func] Workarounds for servers that misbehave when queried 5029. [func] Workarounds for servers that misbehave when queried
with EDNS have been removed, because these broken with EDNS have been removed, because these broken
servers and the workarounds for their noncompliance servers and the workarounds for their noncompliance
......
Supported platforms Supported platforms
In general, this version of BIND will build and run on any POSIX-compliant In general, this version of BIND will build and run on any POSIX-compliant
system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant system with a C99-compliant C compiler, BSD-style sockets with
IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library. RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
Atomic operations support from the compiler is needed, either in the form of cryptography library. Atomic operations support from the compiler is
builtin operations, C11 atomics or the Interlocked family of functions on needed, either in the form of builtin operations, C11 atomics or the
Windows. Interlocked family of functions on Windows.
ISC regularly tests BIND on many operating systems and architectures, but ISC regularly tests BIND on many operating systems and architectures, but
lacks the resources to test all of them. Consequently, ISC is only able to lacks the resources to test all of them. Consequently, ISC is only able to
...@@ -57,4 +57,5 @@ These are platforms on which BIND is known not to build or run: ...@@ -57,4 +57,5 @@ These are platforms on which BIND is known not to build or run:
* Windows 10 / x86 * Windows 10 / x86
* Windows Server 2012 and older * Windows Server 2012 and older
* Platforms that don't support IPv6 Advanced Socket API (RFC 3542) * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
* Platforms that don't support atomic operations (via compiler or library) * Platforms that don't support atomic operations (via compiler or
library)
...@@ -104,8 +104,7 @@ BIND 9.13 features ...@@ -104,8 +104,7 @@ BIND 9.13 features
BIND 9.13 is the newest development branch of BIND 9. It includes a number BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include: of changes from BIND 9.12 and earlier releases. New features include:
* The default value of "dnssec-validation" is now "auto". * QNAME minimization, as described in RFC 7816, is now supported.
* Support for IDNA2008 when linking with libidn2.
* "Root key sentinel" support, enabling validating resolvers to indicate * "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root via a special query which trust anchors are configured for the root
zone. zone.
...@@ -114,15 +113,24 @@ of changes from BIND 9.12 and earlier releases. New features include: ...@@ -114,15 +113,24 @@ of changes from BIND 9.12 and earlier releases. New features include:
subject to DNSSEC validation and are not treated as authoritative data subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706. root zone as described in RFC 7706.
* QNAME minimization is now supported
* The "validate-except" option allows configuration of domains below * The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed. which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See https://dnsflagday.net for more details.
Cryptographic support has been modernized. BIND now uses the best
available pseudo-random number generator for the platform on which it's
built. Very old versions of OpenSSL are no longer supported. Cryptography
is now mandatory: building BIND without DNSSEC is now longer supported.
In addition, cryptographic support has been modernized. BIND now uses the Special code to support certain legacy operating systems has also been
best available pseudo-random number generator for the platform on which removed; see the file PLATFORMS.md for details of supported platforms. In
it's built. Very old versions of OpenSSL are no longer supported. addition to OpenSSL, BIND now requires support for IPv6, threads, and
Cryptography is now mandatory; building BIND without DNSSEC is now longer standard atomic operations provided by the C compiler.
supported.
Building BIND Building BIND
......
...@@ -122,8 +122,7 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a ...@@ -122,8 +122,7 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features number of changes from BIND 9.12 and earlier releases. New features
include: include:
* The default value of "dnssec-validation" is now "auto". * QNAME minimization, as described in RFC 7816, is now supported.
* Support for IDNA2008 when linking with `libidn2`.
* "Root key sentinel" support, enabling validating resolvers to indicate * "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root zone. via a special query which trust anchors are configured for the root zone.
* Secondary zones can now be configured as "mirror" zones; their contents * Secondary zones can now be configured as "mirror" zones; their contents
...@@ -131,16 +130,28 @@ include: ...@@ -131,16 +130,28 @@ include:
DNSSEC validation and are not treated as authoritative data when DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706. zone as described in RFC 7706.
* QNAME minimization is now supported
* The "validate-except" option allows configuration of domains below which * The "validate-except" option allows configuration of domains below which
DNSSEC validation should not be performed. DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
In addition, cryptographic support has been modernized. BIND now uses the In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
for more details.
Cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which best available pseudo-random number generator for the platform on which
it's built. Very old versions of OpenSSL are no longer supported. it's built. Very old versions of OpenSSL are no longer supported.
Cryptography is now mandatory; building BIND without DNSSEC is now Cryptography is now mandatory: building BIND without DNSSEC is now
longer supported. longer supported.
Special code to support certain legacy operating systems has also
been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
of supported platforms. In addition to OpenSSL, BIND now requires
support for IPv6, threads, and standard atomic operations provided
by the C compiler.
### <a name="build"/> Building BIND ### <a name="build"/> Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler, Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: named-checkconf .\" Title: named-checkconf
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-01-10 .\" Date: 2014-01-10
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
.SH "NAME" .SH "NAME"
named-checkconf \- named configuration file syntax checking tool named-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 16 .HP \w'\fBnamed\-checkconf\fR\ 'u
\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} \fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: named-checkzone .\" Title: named-checkzone
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-19 .\" Date: 2014-02-19
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,9 +38,9 @@ ...@@ -38,9 +38,9 @@
.SH "NAME" .SH "NAME"
named-checkzone, named-compilezone \- zone file validity checking or converting tool named-checkzone, named-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 16 .HP \w'\fBnamed\-checkzone\fR\ 'u
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} \fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18 .HP \w'\fBnamed\-compilezone\fR\ 'u
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} \fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: delv .\" Title: delv
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-04-23 .\" Date: 2014-04-23
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,13 +38,13 @@ ...@@ -38,13 +38,13 @@
.SH "NAME" .SH "NAME"
delv \- DNS lookup and validation utility delv \- DNS lookup and validation utility
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 5 .HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [@server] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...] \fBdelv\fR [@server] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...]
.HP 5 .HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [\fB\-h\fR] \fBdelv\fR [\fB\-h\fR]
.HP 5 .HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [\fB\-v\fR] \fBdelv\fR [\fB\-v\fR]
.HP 5 .HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [queryopt...] [query...] \fBdelv\fR [queryopt...] [query...]
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: host .\" Title: host
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2009-01-20 .\" Date: 2009-01-20
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
.SH "NAME" .SH "NAME"
host \- DNS lookup utility host \- DNS lookup utility
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 5 .HP \w'\fBhost\fR\ 'u
\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server] \fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: nslookup .\" Title: nslookup
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-01-24 .\" Date: 2014-01-24
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
.SH "NAME" .SH "NAME"
nslookup \- query Internet name servers interactively nslookup \- query Internet name servers interactively
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 9 .HP \w'\fBnslookup\fR\ 'u
\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server] \fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
...@@ -85,7 +85,6 @@ nslookup \-query=hinfo \-timeout=10 ...@@ -85,7 +85,6 @@ nslookup \-query=hinfo \-timeout=10
.if n \{\ .if n \{\
.RE .RE
.\} .\}
.sp
.PP .PP
The The
\fB\-version\fR \fB\-version\fR
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: dnssec-settime .\" Title: dnssec-settime
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2015-08-21 .\" Date: 2015-08-21
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
.SH "NAME" .SH "NAME"
dnssec-settime \- set the key timing metadata for a DNSSEC key dnssec-settime \- set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 15 .HP \w'\fBdnssec\-settime\fR\ 'u
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} \fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: named .\" Title: named
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-19 .\" Date: 2014-02-19
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
.SH "NAME" .SH "NAME"
named \- Internet domain name server named \- Internet domain name server
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 6 .HP \w'\fBnamed\fR\ 'u
\fBnamed\fR [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-D\ \fR\fB\fIstring\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-L\ \fR\fB\fIlogfile\fR\fR] [\fB\-M\ \fR\fB\fIoption\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIlock\-file\fR\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] \fBnamed\fR [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-D\ \fR\fB\fIstring\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-L\ \fR\fB\fIlogfile\fR\fR] [\fB\-M\ \fR\fB\fIoption\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIlock\-file\fR\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
...@@ -164,9 +164,20 @@ Listen for queries on port ...@@ -164,9 +164,20 @@ Listen for queries on port
Write memory usage statistics to Write memory usage statistics to
stdout stdout
on exit\&. on exit\&.
.RS .if n \{\
.B "Note:" .sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&. This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&.
.sp .5v
.RE .RE
.RE .RE
.PP .PP
...@@ -177,11 +188,22 @@ Allow ...@@ -177,11 +188,22 @@ Allow
to use up to to use up to
\fI#max\-socks\fR \fI#max\-socks\fR
sockets\&. The default value is 4096 on systems built with default configuration options, and 21000 on systems built with "configure \-\-with\-tuning=large"\&. sockets\&. The default value is 4096 on systems built with default configuration options, and 21000 on systems built with "configure \-\-with\-tuning=large"\&.
.RS .if n \{\
.B "Warning:" .sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
This option should be unnecessary for the vast majority of users\&. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API\&. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets\&. Note also that the actual maximum number is normally a little fewer than the specified value because This option should be unnecessary for the vast majority of users\&. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API\&. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets\&. Note also that the actual maximum number is normally a little fewer than the specified value because
\fBnamed\fR \fBnamed\fR
reserves some file descriptors for its internal use\&. reserves some file descriptors for its internal use\&.
.sp .5v
.RE .RE
.RE .RE
.PP .PP
...@@ -190,13 +212,24 @@ reserves some file descriptors for its internal use\&. ...@@ -190,13 +212,24 @@ reserves some file descriptors for its internal use\&.
Chroot to Chroot to
\fIdirectory\fR \fIdirectory\fR
after processing the command line arguments, but before reading the configuration file\&. after processing the command line arguments, but before reading the configuration file\&.
.RS .if n \{\
.B "Warning:" .sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
This option should be used in conjunction with the This option should be used in conjunction with the
\fB\-u\fR \fB\-u\fR
option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way
\fBchroot(2)\fR \fBchroot(2)\fR
is defined allows a process with root privileges to escape a chroot jail\&. is defined allows a process with root privileges to escape a chroot jail\&.
.sp .5v
.RE .RE
.RE .RE
.PP .PP
...@@ -218,8 +251,18 @@ may be increased as high as that value, but no higher\&. On Windows, the number ...@@ -218,8 +251,18 @@ may be increased as high as that value, but no higher\&. On Windows, the number
Setuid to Setuid to
\fIuser\fR \fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports\&. after completing privileged operations, such as creating sockets that listen on privileged ports\&.
.RS .if n \{\
.B "Note:" .sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
On Linux, On Linux,
\fBnamed\fR \fBnamed\fR
uses the kernel\*(Aqs capability mechanism to drop all root privileges except the ability to uses the kernel\*(Aqs capability mechanism to drop all root privileges except the ability to
...@@ -230,6 +273,7 @@ option only works when ...@@ -230,6 +273,7 @@ option only works when
\fBnamed\fR \fBnamed\fR
is run on kernel 2\&.2\&.18 or later, or kernel 2\&.3\&.99\-pre3 or later, since previous kernels did not allow privileges to be retained after is run on kernel 2\&.2\&.18 or later, or kernel 2\&.3\&.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
\fBsetuid(2)\fR\&. \fBsetuid(2)\fR\&.
.sp .5v
.RE .RE
.RE .RE
.PP .PP
...@@ -259,9 +303,20 @@ none, the lock file check is disabled\&. ...@@ -259,9 +303,20 @@ none, the lock file check is disabled\&.
Load data from Load data from
\fIcache\-file\fR \fIcache\-file\fR
into the cache of the default view\&. into the cache of the default view\&.
.RS .if n \{\
.B "Warning:" .sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
This option must not be used\&. It is only of interest to BIND 9 developers and may be removed or changed in a future release\&. This option must not be used\&. It is only of interest to BIND 9 developers and may be removed or changed in a future release\&.
.sp .5v
.RE .RE
.RE .RE
.SH "SIGNALS" .SH "SIGNALS"
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: named.conf .\" Title: named.conf
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-06-21 .\" Date: 2018-06-21
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
.SH "NAME" .SH "NAME"
named.conf \- configuration file for \fBnamed\fR named.conf \- configuration file for \fBnamed\fR
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 11 .HP \w'\fBnamed\&.conf\fR\ 'u
\fBnamed\&.conf\fR \fBnamed\&.conf\fR
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
...@@ -148,7 +148,7 @@ logging { ...@@ -148,7 +148,7 @@ logging {
.if n \{\ .if n \{\
.RE .RE
.\} .\}
.SH "MANAGED\-KEYS" .SH "MANAGED-KEYS"
.sp .sp
.if n \{\ .if n \{\
.RS 4 .RS 4
...@@ -520,7 +520,7 @@ server \fInetprefix\fR { ...@@ -520,7 +520,7 @@ server \fInetprefix\fR {
.if n \{\ .if n \{\
.RE .RE
.\} .\}
.SH "STATISTICS\-CHANNELS" .SH "STATISTICS-CHANNELS"
.sp .sp
.if n \{\ .if n \{\
.RS 4 .RS 4
...@@ -536,7 +536,7 @@ statistics\-channels { ...@@ -536,7 +536,7 @@ statistics\-channels {
.if n \{\ .if n \{\
.RE .RE
.\} .\}
.SH "TRUSTED\-KEYS" .SH "TRUSTED-KEYS"
.sp .sp
.if n \{\ .if n \{\
.RS 4 .RS 4
......
...@@ -10,46 +10,65 @@ ...@@ -10,46 +10,65 @@
<head> <head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title> <title>named.conf</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1"> <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head> </head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named.conf"></a><div class="titlepage"></div> <a name="man.named.conf"></a><div class="titlepage"></div>
<div class="refnamediv">
<div class="refnamediv">
<h2>Name</h2> <h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for <span class="command"><strong>named</strong></span></p> <p>
<code class="filename">named.conf</code>
&#8212; configuration file for <span class="command"><strong>named</strong></span>
</p>
</div> </div>
<div class="refsynopsisdiv">
<div class="refsynopsisdiv">
<h2>Synopsis</h2> <h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> <div class="cmdsynopsis"><p>
</div> <code class="command">named.conf</code>
<div class="refsection"> </p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2> <a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
<p><code class="filename">named.conf</code> is the configuration file
for for
<span class="command"><strong>named</strong></span>. Statements are enclosed <span class="command"><strong>named</strong></span>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual the statements are also semi-colon terminated. The usual
comment styles are supported: comment styles are supported:
</p> </p>
<p> <p>
C style: /* */ C style: /* */