Commit 215e3fde authored by Tinderbox User's avatar Tinderbox User

Merge branch 'prep-release'

parents 71575967 19ed6f8f
Pipeline #4636 passed with stages
in 8 minutes and 10 seconds
--- 9.13.3 released ---
5029. [func] Workarounds for servers that misbehave when queried
with EDNS have been removed, because these broken
servers and the workarounds for their noncompliance
......
Supported platforms
In general, this version of BIND will build and run on any POSIX-compliant
system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant
IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library.
Atomic operations support from the compiler is needed, either in the form of
builtin operations, C11 atomics or the Interlocked family of functions on
Windows.
system with a C99-compliant C compiler, BSD-style sockets with
RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
cryptography library. Atomic operations support from the compiler is
needed, either in the form of builtin operations, C11 atomics or the
Interlocked family of functions on Windows.
ISC regularly tests BIND on many operating systems and architectures, but
lacks the resources to test all of them. Consequently, ISC is only able to
......@@ -57,4 +57,5 @@ These are platforms on which BIND is known not to build or run:
* Windows 10 / x86
* Windows Server 2012 and older
* Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
* Platforms that don't support atomic operations (via compiler or library)
* Platforms that don't support atomic operations (via compiler or
library)
......@@ -104,8 +104,7 @@ BIND 9.13 features
BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include:
* The default value of "dnssec-validation" is now "auto".
* Support for IDNA2008 when linking with libidn2.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
......@@ -114,15 +113,24 @@ of changes from BIND 9.12 and earlier releases. New features include:
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* QNAME minimization is now supported
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See https://dnsflagday.net for more details.
Cryptographic support has been modernized. BIND now uses the best
available pseudo-random number generator for the platform on which it's
built. Very old versions of OpenSSL are no longer supported. Cryptography
is now mandatory: building BIND without DNSSEC is now longer supported.
In addition, cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
it's built. Very old versions of OpenSSL are no longer supported.
Cryptography is now mandatory; building BIND without DNSSEC is now longer
supported.
Special code to support certain legacy operating systems has also been
removed; see the file PLATFORMS.md for details of supported platforms. In
addition to OpenSSL, BIND now requires support for IPv6, threads, and
standard atomic operations provided by the C compiler.
Building BIND
......
......@@ -122,8 +122,7 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features
include:
* The default value of "dnssec-validation" is now "auto".
* Support for IDNA2008 when linking with `libidn2`.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root zone.
* Secondary zones can now be configured as "mirror" zones; their contents
......@@ -131,16 +130,28 @@ include:
DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706.
* QNAME minimization is now supported
* The "validate-except" option allows configuration of domains below which
DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
In addition, cryptographic support has been modernized. BIND now uses the
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
for more details.
Cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
it's built. Very old versions of OpenSSL are no longer supported.
Cryptography is now mandatory; building BIND without DNSSEC is now
Cryptography is now mandatory: building BIND without DNSSEC is now
longer supported.
Special code to support certain legacy operating systems has also
been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
of supported platforms. In addition to OpenSSL, BIND now requires
support for IPv6, threads, and standard atomic operations provided
by the C compiler.
### <a name="build"/> Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: named-checkconf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-01-10
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,7 +38,7 @@
.SH "NAME"
named-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS"
.HP 16
.HP \w'\fBnamed\-checkconf\fR\ 'u
\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
.SH "DESCRIPTION"
.PP
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: named-checkzone
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-19
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,9 +38,9 @@
.SH "NAME"
named-checkzone, named-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
.HP \w'\fBnamed\-checkzone\fR\ 'u
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
.HP \w'\fBnamed\-compilezone\fR\ 'u
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: delv
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-04-23
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,13 +38,13 @@
.SH "NAME"
delv \- DNS lookup and validation utility
.SH "SYNOPSIS"
.HP 5
.HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [@server] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...]
.HP 5
.HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [\fB\-h\fR]
.HP 5
.HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [\fB\-v\fR]
.HP 5
.HP \w'\fBdelv\fR\ 'u
\fBdelv\fR [queryopt...] [query...]
.SH "DESCRIPTION"
.PP
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: host
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2009-01-20
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,7 +38,7 @@
.SH "NAME"
host \- DNS lookup utility
.SH "SYNOPSIS"
.HP 5
.HP \w'\fBhost\fR\ 'u
\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
.SH "DESCRIPTION"
.PP
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: nslookup
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-01-24
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,7 +38,7 @@
.SH "NAME"
nslookup \- query Internet name servers interactively
.SH "SYNOPSIS"
.HP 9
.HP \w'\fBnslookup\fR\ 'u
\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
.SH "DESCRIPTION"
.PP
......@@ -85,7 +85,6 @@ nslookup \-query=hinfo \-timeout=10
.if n \{\
.RE
.\}
.sp
.PP
The
\fB\-version\fR
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: dnssec-settime
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2015-08-21
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,7 +38,7 @@
.SH "NAME"
dnssec-settime \- set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS"
.HP 15
.HP \w'\fBdnssec\-settime\fR\ 'u
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
.SH "DESCRIPTION"
.PP
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: named
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-19
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,7 +38,7 @@
.SH "NAME"
named \- Internet domain name server
.SH "SYNOPSIS"
.HP 6
.HP \w'\fBnamed\fR\ 'u
\fBnamed\fR [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-D\ \fR\fB\fIstring\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-L\ \fR\fB\fIlogfile\fR\fR] [\fB\-M\ \fR\fB\fIoption\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIlock\-file\fR\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
......@@ -164,9 +164,20 @@ Listen for queries on port
Write memory usage statistics to
stdout
on exit\&.
.RS
.B "Note:"
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&.
.sp .5v
.RE
.RE
.PP
......@@ -177,11 +188,22 @@ Allow
to use up to
\fI#max\-socks\fR
sockets\&. The default value is 4096 on systems built with default configuration options, and 21000 on systems built with "configure \-\-with\-tuning=large"\&.
.RS
.B "Warning:"
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
This option should be unnecessary for the vast majority of users\&. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API\&. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets\&. Note also that the actual maximum number is normally a little fewer than the specified value because
\fBnamed\fR
reserves some file descriptors for its internal use\&.
.sp .5v
.RE
.RE
.PP
......@@ -190,13 +212,24 @@ reserves some file descriptors for its internal use\&.
Chroot to
\fIdirectory\fR
after processing the command line arguments, but before reading the configuration file\&.
.RS
.B "Warning:"
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
This option should be used in conjunction with the
\fB\-u\fR
option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way
\fBchroot(2)\fR
is defined allows a process with root privileges to escape a chroot jail\&.
.sp .5v
.RE
.RE
.PP
......@@ -218,8 +251,18 @@ may be increased as high as that value, but no higher\&. On Windows, the number
Setuid to
\fIuser\fR
after completing privileged operations, such as creating sockets that listen on privileged ports\&.
.RS
.B "Note:"
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
On Linux,
\fBnamed\fR
uses the kernel\*(Aqs capability mechanism to drop all root privileges except the ability to
......@@ -230,6 +273,7 @@ option only works when
\fBnamed\fR
is run on kernel 2\&.2\&.18 or later, or kernel 2\&.3\&.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
\fBsetuid(2)\fR\&.
.sp .5v
.RE
.RE
.PP
......@@ -259,9 +303,20 @@ none, the lock file check is disabled\&.
Load data from
\fIcache\-file\fR
into the cache of the default view\&.
.RS
.B "Warning:"
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBWarning\fR
.ps -1
.br
This option must not be used\&. It is only of interest to BIND 9 developers and may be removed or changed in a future release\&.
.sp .5v
.RE
.RE
.SH "SIGNALS"
......
......@@ -9,7 +9,7 @@
'\" t
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-06-21
.\" Manual: BIND9
.\" Source: ISC
......@@ -38,7 +38,7 @@
.SH "NAME"
named.conf \- configuration file for \fBnamed\fR
.SH "SYNOPSIS"
.HP 11
.HP \w'\fBnamed\&.conf\fR\ 'u
\fBnamed\&.conf\fR
.SH "DESCRIPTION"
.PP
......@@ -148,7 +148,7 @@ logging {
.if n \{\
.RE
.\}
.SH "MANAGED\-KEYS"
.SH "MANAGED-KEYS"
.sp
.if n \{\
.RS 4
......@@ -520,7 +520,7 @@ server \fInetprefix\fR {
.if n \{\
.RE
.\}
.SH "STATISTICS\-CHANNELS"
.SH "STATISTICS-CHANNELS"
.sp
.if n \{\
.RS 4
......@@ -536,7 +536,7 @@ statistics\-channels {
.if n \{\
.RE
.\}
.SH "TRUSTED\-KEYS"
.SH "TRUSTED-KEYS"
.sp
.if n \{\
.RS 4
......
......@@ -10,46 +10,65 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named.conf"></a><div class="titlepage"></div>
<div class="refnamediv">
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for <span class="command"><strong>named</strong></span></p>
<p>
<code class="filename">named.conf</code>
&#8212; configuration file for <span class="command"><strong>named</strong></span>
</p>
</div>
<div class="refsynopsisdiv">
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsection">
<div class="cmdsynopsis"><p>
<code class="command">named.conf</code>
</p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
<p><code class="filename">named.conf</code> is the configuration file
for
<span class="command"><strong>named</strong></span>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
</p>
<p>
<p>
C style: /* */
</p>
<p>
<p>
C++ style: // to end of line
</p>
<p>
<p>
Unix style: # to end of line
</p>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
acl<em class="replaceable"><code>string</code></em>{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.9"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
controls{<br>
inet(<em class="replaceable"><code>ipv4_address</code></em>|<em class="replaceable"><code>ipv6_address</code></em>|<br>
*)[port(<em class="replaceable"><code>integer</code></em>|*)]allow<br>
......@@ -62,35 +81,43 @@ controls
<em class="replaceable"><code>boolean</code></em>];<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.10"></a><h2>DLZ</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
dlz<em class="replaceable"><code>string</code></em>{<br>
database<em class="replaceable"><code>string</code></em>;<br>
search<em class="replaceable"><code>boolean</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.11"></a><h2>DYNDB</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
dyndb<em class="replaceable"><code>string</code></em><em class="replaceable"><code>quoted_string</code></em>{<br>
<em class="replaceable"><code>unspecified-text</code></em>};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
key<em class="replaceable"><code>string</code></em>{<br>
algorithm<em class="replaceable"><code>string</code></em>;<br>
secret<em class="replaceable"><code>string</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.13"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
logging{<br>
category<em class="replaceable"><code>string</code></em>{<em class="replaceable"><code>string</code></em>;...};<br>
channel<em class="replaceable"><code>string</code></em>{<br>
......@@ -107,26 +134,33 @@ logging
};<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.14"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
managed-keys{<em class="replaceable"><code>string</code></em><em class="replaceable"><code>string</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><em class="replaceable"><code>quoted_string</code></em>;...};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.15"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
masters<em class="replaceable"><code>string</code></em>[port<em class="replaceable"><code>integer</code></em>][dscp<br>
<em class="replaceable"><code>integer</code></em>]{(<em class="replaceable"><code>masters</code></em>|<em class="replaceable"><code>ipv4_address</code></em>[<br>
port<em class="replaceable"><code>integer</code></em>]|<em class="replaceable"><code>ipv6_address</code></em>[port<br>
<em class="replaceable"><code>integer</code></em>])[key<em class="replaceable"><code>string</code></em>];...};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.16"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
options{<br>
allow-new-zones<em class="replaceable"><code>boolean</code></em>;<br>
allow-notify{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -422,10 +456,12 @@ options
zone-statistics(full|terse|none|<em class="replaceable"><code>boolean</code></em>);<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.17"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
server<em class="replaceable"><code>netprefix</code></em>{<br>
bogus<em class="replaceable"><code>boolean</code></em>;<br>
edns<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -459,10 +495,12 @@ server
transfers<em class="replaceable"><code>integer</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.18"></a><h2>STATISTICS-CHANNELS</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
statistics-channels{<br>
inet(<em class="replaceable"><code>ipv4_address</code></em>|<em class="replaceable"><code>ipv6_address</code></em>|<br>
*)[port(<em class="replaceable"><code>integer</code></em>|*)][<br>
......@@ -470,17 +508,21 @@ statistics-channels
}];<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.19"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
trusted-keys{<em class="replaceable"><code>string</code></em><em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>quoted_string</code></em>;...};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.20"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
view<em class="replaceable"><code>string</code></em>[<em class="replaceable"><code>class</code></em>]{<br>
allow-new-zones<em class="replaceable"><code>boolean</code></em>;<br>
allow-notify{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -854,10 +896,12 @@ view
zone-statistics(full|terse|none|<em class="replaceable"><code>boolean</code></em>);<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.21"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
zone<em class="replaceable"><code>string</code></em>[<em class="replaceable"><code>class</code></em>]{<br>
allow-notify{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
allow-query{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -953,21 +997,36 @@ zone
zone-statistics(full|terse|none|<em class="replaceable"><code>boolean</code></em>);<br>
};<br>
</p></div>
</div>
<div class="refsection">
</div>
<div class="refsection">
<a name="id-1.22"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>