Commit 37ae1379 authored by Tinderbox User's avatar Tinderbox User

regen master

parent 2002188f
......@@ -523,6 +523,15 @@ Print only one (starting) SOA record when performing an AXFR\&. The default is t
Set [restore] the DNS message opcode to the specified value\&. The default value is QUERY (0)\&.
.RE
.PP
\fB+padding=value\fR
.RS 4
Pad the size of the query packet using the EDNS Padding option to blocks of
\fIvalue\fR
bytes\&. For example,
\fB+padding=32\fR
would cause a 48\-byte query to be padded to 64 bytes\&. The default block size is 0, which disables padding\&. The maximum is 512\&. Values are ordinarily expected to be powers of two, such as 128; however, this is not mandatory\&. Responses to padded queries may also be padded, but only if the query uses TCP or DNS COOKIE\&.
.RE
.PP
\fB+[no]qr\fR
.RS 4
Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
......
<!DOCTYPE book [
<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2000-2011, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -47,6 +47,7 @@
<year>2014</year>
<year>2015</year>
<year>2016</year>
<year>2017</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......
......@@ -697,6 +697,20 @@
value. The default value is QUERY (0).
</p>
</dd>
<dt><span class="term"><code class="option">+padding=value</code></span></dt>
<dd>
<p>
Pad the size of the query packet using the EDNS Padding option
to blocks of <em class="parameter"><code>value</code></em> bytes. For example,
<code class="option">+padding=32</code> would cause a 48-byte query to
be padded to 64 bytes. The default block size is 0, which
disables padding. The maximum is 512. Values are
ordinarily expected to be powers of two, such as 128;
however, this is not mandatory. Responses to
padded queries may also be padded, but only if the query
uses TCP or DNS COOKIE.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd>
<p>
......@@ -813,13 +827,13 @@
specified IP address or network prefix.
</p>
<p>
<span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
<span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
CLIENT-SUBNET option with an empty address and a source
prefix-length of zero, which signals a resolver that
the client's address information must
<span class="emphasis"><em>not</em></span> be used when resolving
this query.
<span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
<span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
CLIENT-SUBNET option with an empty address and a source
prefix-length of zero, which signals a resolver that
the client's address information must
<span class="emphasis"><em>not</em></span> be used when resolving
this query.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
......
......@@ -101,7 +101,9 @@ server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen
edns \fIboolean\fR;
edns\-udp\-size \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
padding \fIinteger\fR;
tcp\-only \fIboolean\fR;
tcp\-keepalive \fIboolean\fR;
provide\-ixfr \fIboolean\fR;
request\-ixfr \fIboolean\fR;
keys \fIserver_key\fR;
......@@ -407,6 +409,9 @@ options {
require\-server\-cookie \fIboolean\fR;
send\-cookie \fIboolean\fR;
nocookie\-udp\-size \fIinteger\fR;
response\-padding {
\fIaddress_match_list\fR
} block\-size \fIinteger\fR;
deny\-answer\-addresses {
\fIaddress_match_list\fR
} [ except\-from { \fInamelist\fR } ];
......
<!--
- Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -42,6 +42,7 @@
<year>2014</year>
<year>2015</year>
<year>2016</year>
<year>2017</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......
......@@ -97,7 +97,9 @@ server
edns<em class="replaceable"><code>boolean</code></em>;<br>
edns-udp-size<em class="replaceable"><code>integer</code></em>;<br>
max-udp-size<em class="replaceable"><code>integer</code></em>;<br>
padding<em class="replaceable"><code>integer</code></em>;<br>
tcp-only<em class="replaceable"><code>boolean</code></em>;<br>
tcp-keepalive<em class="replaceable"><code>boolean</code></em>;<br>
provide-ixfr<em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr<em class="replaceable"><code>boolean</code></em>;<br>
keys<em class="replaceable"><code>server_key</code></em>;<br>
......@@ -398,6 +400,10 @@ options
require-server-cookie<em class="replaceable"><code>boolean</code></em>;<br>
send-cookie<em class="replaceable"><code>boolean</code></em>;<br>
nocookie-udp-size<em class="replaceable"><code>integer</code></em>;<br>
<br>
response-padding{<br>
<em class="replaceable"><code>address_match_list</code></em><br>
}block-size<em class="replaceable"><code>integer</code></em>;<br>
<br>
deny-answer-addresses{<br>
<em class="replaceable"><code>address_match_list</code></em><br>
......
......@@ -547,6 +547,17 @@ See also
Sync changes in the journal file for a dynamic zone to the master file\&. If the "\-clean" option is specified, the journal file is also removed\&. If no zone is specified, then all zones are synced\&.
.RE
.PP
\fBtcp\-timeouts \fR\fB[\fIinitial\fR \fIidle\fR \fIkeepalive\fR \fIadvertised\fR]\fR
.RS 4
When called without arguments, display the current values of the
\fBtcp\-initial\-timeout\fR,
\fBtcp\-idle\-timeout\fR,
\fBtcp\-keepalive\-timeout\fR
and
\fBtcp\-advertised\-timeout\fR
options\&. When called with arguments, update these values\&. This allows an administrator to make rapid adjustments when under a denial of service attack\&. See the descriptions of these options in the BIND 9 Administrator Reference Manual for details of their use\&.
.RE
.PP
\fBthaw \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR
.RS 4
Enable updates to a frozen dynamic zone\&. If no zone is specified, then all frozen zones are enabled\&. This causes the server to reload the zone from disk, and re\-enables dynamic updates after the load has completed\&. After a zone is thawed, dynamic updates will no longer be refused\&. If the zone has changed and the
......
<!--
- Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -38,6 +38,7 @@
<year>2014</year>
<year>2015</year>
<year>2016</year>
<year>2017</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......
......@@ -737,6 +737,21 @@
no zone is specified, then all zones are synced.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>tcp-timeouts [<span class="optional"><em class="replaceable"><code>initial</code></em> <em class="replaceable"><code>idle</code></em> <em class="replaceable"><code>keepalive</code></em> <em class="replaceable"><code>advertised</code></em></span>]</code></strong></span></dt>
<dd>
<p>
When called without arguments, display the current
values of the <span class="command"><strong>tcp-initial-timeout</strong></span>,
<span class="command"><strong>tcp-idle-timeout</strong></span>,
<span class="command"><strong>tcp-keepalive-timeout</strong></span> and
<span class="command"><strong>tcp-advertised-timeout</strong></span> options.
When called with arguments, update these values. This
allows an administrator to make rapid adjustments when
under a denial of service attack. See the descriptions of
these options in the BIND 9 Administrator Reference Manual
for details of their use.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dd>
<p>
......
<!--
- Copyright (C) 2000-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -29,6 +29,7 @@
<year>2014</year>
<year>2015</year>
<year>2016</year>
<year>2017</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<!-- insert copyright end -->
......@@ -8882,7 +8883,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
The timeout value (in units of 100 milliseconds) the
server will send in respones containing the EDNS TCP
keepalive option. This informs a client of the
keepalive option. This informs a client of the
amount of time it may keep the session open.
The default is 300 (30 seconds), the maximum is
1200 (two minutes), and the minimum is 0, which
......
......@@ -2565,6 +2565,10 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[ <span class="command"><strong>serial-query-rate</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>serial-queries</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>tcp-listen-queue</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>tcp-initial-timeout</strong></span> <em class="replaceable"><code>number</code></em>; ]
[ <span class="command"><strong>tcp-idle-timeout</strong></span> <em class="replaceable"><code>number</code></em>; ]
[ <span class="command"><strong>tcp-keepalive-timeout</strong></span> <em class="replaceable"><code>number</code></em>; ]
[ <span class="command"><strong>tcp-advertised-timeout</strong></span> <em class="replaceable"><code>number</code></em>; ]
[ <span class="command"><strong>transfer-format</strong></span> ( <code class="option">one-answer</code> | <code class="option">many-answers</code> ) ; ]
[ <span class="command"><strong>transfer-message-size</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>transfers-in</strong></span> <em class="replaceable"><code>number</code></em> ; ]
......@@ -2647,6 +2651,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[ <span class="command"><strong>preferred-glue</strong></span> ( <code class="option">A</code> | <code class="option">AAAA</code> | <code class="option">none</code> ); ]
[ <span class="command"><strong>edns-udp-size</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>max-udp-size</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>response-padding</strong></span> { <em class="replaceable"><code>address_match_list</code></em> } block-size <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>max-rsa-exponent-size</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>root-delegation-only</strong></span> [ <span class="command"><strong>exclude {</strong></span> <em class="replaceable"><code>namelist</code></em> <span class="command"><strong>}</strong></span> ] ; ]
[ <span class="command"><strong>querylog</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
......@@ -4343,6 +4348,45 @@ options {
256 bits for SHA256.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>response-padding</strong></span></span></dt>
<dd>
<p>
The EDNS Padding option is intended to improve
confidentiality when DNS queries are sent over an
encrypted channel by reducing the variability in
packet sizes. If a query:
</p>
<div class="orderedlist"><ol class="orderedlist" type="1">
<li class="listitem">
contains an EDNS Padding option,
</li>
<li class="listitem">
includes a valid server cookie or uses TCP,
</li>
<li class="listitem">
is <span class="emphasis"><em>not</em></span> signed using TSIG or
SIG(0), and
</li>
<li class="listitem">
is from a client whose address matches the specified ACL,
</li>
</ol></div>
<p>
then the response is padded with an EDNS Padding option
to a multiple of <code class="varname">block-size</code> bytes.
If these conditions are not met, the response is not
padded.
</p>
<p>
If <code class="varname">block-size</code> is 0 or the ACL is
<span class="command"><strong>none;</strong></span>, then this feature is
disabled and no padding will occur; this is the
default. If <code class="varname">block-size</code> is greater
than 512, a warning is logged and the value is truncated
to 512. Block sizes are ordinarily expected to be powers
of two (for instance, 128), but this is not mandatory.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>rfc2308-type1</strong></span></span></dt>
<dd>
<p>
......@@ -6341,6 +6385,72 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
length to a system-defined default value.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>tcp-initial-timeout</strong></span></span></dt>
<dd>
<p>
The amount of time (in units of 100 milliseconds) the
server waits on a new TCP connection for the first message
from the client. The default is 300 (30 seconds),
the minimum is 25 (2.5 seconds), and the maximum is
1200 (two minutes). Values above the maximum or below
the minimum will be adjusted with a logged warning.
(Note: This value must be greater than the expected
round trip delay time; otherwise no client will ever
have enough time to submit a message.)
This value can be updated at runtime by using
<span class="command"><strong>rndc tcp-timeouts</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>tcp-idle-timeout</strong></span></span></dt>
<dd>
<p>
The amount of time (in units of 100 milliseconds) the
server waits on an idle TCP conenction before closing
it when the client is not using the EDNS TCP keepalive
option. The default is 300 (30 seconds), the maximum
is 1200 (two minutes), and the minimum is 1 (one tenth
of a second). Values above the maximum or below the minimum
will be adjusted with a logged warning.
See <span class="command"><strong>tcp-keepalive-timeout</strong></span>
for clients using the EDNS TCP keepalive option.
This value can be updated at runtime by using
<span class="command"><strong>rndc tcp-timeouts</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>tcp-keepalive-timeout</strong></span></span></dt>
<dd>
<p>
The amount of time (in units of 100 milliseconds) the
server waits on an idle TCP conenction before closing
it when the client is using the EDNS TCP keepalive
option. The default is 300 (30 seconds), the maximum
is 1200 (two minutes), and the minimum is 1 (one tenth
of a second). Values above the maximum or below the minimum
will be adjusted with a logged warning.
This value may be greater than
<span class="command"><strong>tcp-idle-timeout</strong></span>, because
clients using the EDNS TCP keepalive option are expected
to use TCP connections for more than one message.
This value can be updated at runtime by using
<span class="command"><strong>rndc tcp-timeouts</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>tcp-advertised-timeout</strong></span></span></dt>
<dd>
<p>
The timeout value (in units of 100 milliseconds) the
server will send in respones containing the EDNS TCP
keepalive option. This informs a client of the
amount of time it may keep the session open.
The default is 300 (30 seconds), the maximum is
1200 (two minutes), and the minimum is 0, which
signals that the clients must close TCP connections
immediately. Ordinarily this should be set to the
same value as <span class="command"><strong>tcp-keepalive-timeout</strong></span>.
This value can be updated at runtime by using
<span class="command"><strong>rndc tcp-timeouts</strong></span>.
</p>
</dd>
</dl></div>
</div>
......@@ -8383,7 +8493,9 @@ example.com CNAME rpz-tcp-only.
[ <span class="command"><strong>edns-udp-size</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>edns-version</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>max-udp-size</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>padding</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>tcp-only</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
[ <span class="command"><strong>tcp-keepalive</strong></span> <em class="replaceable"><code>yes_or_no</code></em> ; ]
[ <span class="command"><strong>transfers</strong></span> <em class="replaceable"><code>number</code></em> ; ]
[ <span class="command"><strong>transfer-format</strong></span> ( one-answer | many-answers ) ; ]
[ <span class="command"><strong>keys</strong></span> <span class="command"><strong>{</strong></span> <em class="replaceable"><code>key_id</code></em> <span class="command"><strong>}</strong></span> ; ]
......@@ -8551,6 +8663,19 @@ example.com CNAME rpz-tcp-only.
that is blocking large replies from <span class="command"><strong>named</strong></span>.
</p>
<p>
The <span class="command"><strong>padding</strong></span> option adds EDNS Padding
options to outgoing messages, increasing the packet size to
a multiple of the specified block size. Valid block sizes
range from 0 (the default, which disables the use of
EDNS Padding) to 512 bytes. Larger values will be reduced
to 512, with a logged warning.
Note: This option is not currently compatible with no TSIG
or SIG(0), as the EDNS OPT record containing the padding
would have to be added to the packet after it had already
been signed.
</p>
<p>
The <span class="command"><strong>tcp-only</strong></span> option sets the transport
protocol to TCP. The default is to use the UDP transport
......@@ -8558,6 +8683,12 @@ example.com CNAME rpz-tcp-only.
is received.
</p>
<p>
The <span class="command"><strong>tcp-keepalive</strong></span> option adds EDNS
TCP keepalive to messages sent over TCP. Note currently
idle timeouts in responses are ignored.
</p>
<p>
The server supports two zone transfer methods. The first, <span class="command"><strong>one-answer</strong></span>,
uses one DNS message per resource record transferred. <span class="command"><strong>many-answers</strong></span> packs
......
......@@ -167,6 +167,21 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
Added support for the EDNS TCP Keepalive option (RFC 7828);
this allows negotiation of longer-lived TCP sessions
to reduce the overhead of setting up TCP for individual
queries. [RT #42126]
</p>
</li>
<li class="listitem">
<p>
Added support for the EDNS Padding option (RFC 7830),
which obfuscates packet size analysis when DNS queries
are sent over an encrypted channel. [RT #42094]
</p>
</li>
<li class="listitem">
<p>
The <code class="option">print-time</code> option in the
......
......@@ -715,6 +715,20 @@
value. The default value is QUERY (0).
</p>
</dd>
<dt><span class="term"><code class="option">+padding=value</code></span></dt>
<dd>
<p>
Pad the size of the query packet using the EDNS Padding option
to blocks of <em class="parameter"><code>value</code></em> bytes. For example,
<code class="option">+padding=32</code> would cause a 48-byte query to
be padded to 64 bytes. The default block size is 0, which
disables padding. The maximum is 512. Values are
ordinarily expected to be powers of two, such as 128;
however, this is not mandatory. Responses to
padded queries may also be padded, but only if the query
uses TCP or DNS COOKIE.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd>
<p>
......@@ -831,13 +845,13 @@
specified IP address or network prefix.
</p>
<p>
<span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
<span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
CLIENT-SUBNET option with an empty address and a source
prefix-length of zero, which signals a resolver that
the client's address information must
<span class="emphasis"><em>not</em></span> be used when resolving
this query.
<span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
<span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
CLIENT-SUBNET option with an empty address and a source
prefix-length of zero, which signals a resolver that
the client's address information must
<span class="emphasis"><em>not</em></span> be used when resolving
this query.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
......
......@@ -115,7 +115,9 @@ server
edns<em class="replaceable"><code>boolean</code></em>;<br>
edns-udp-size<em class="replaceable"><code>integer</code></em>;<br>
max-udp-size<em class="replaceable"><code>integer</code></em>;<br>
padding<em class="replaceable"><code>integer</code></em>;<br>
tcp-only<em class="replaceable"><code>boolean</code></em>;<br>
tcp-keepalive<em class="replaceable"><code>boolean</code></em>;<br>
provide-ixfr<em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr<em class="replaceable"><code>boolean</code></em>;<br>
keys<em class="replaceable"><code>server_key</code></em>;<br>
......@@ -416,6 +418,10 @@ options
require-server-cookie<em class="replaceable"><code>boolean</code></em>;<br>
send-cookie<em class="replaceable"><code>boolean</code></em>;<br>
nocookie-udp-size<em class="replaceable"><code>integer</code></em>;<br>
<br>
response-padding{<br>
<em class="replaceable"><code>address_match_list</code></em><br>
}block-size<em class="replaceable"><code>integer</code></em>;<br>
<br>
deny-answer-addresses{<br>
<em class="replaceable"><code>address_match_list</code></em><br>
......
......@@ -755,6 +755,21 @@
no zone is specified, then all zones are synced.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>tcp-timeouts [<span class="optional"><em class="replaceable"><code>initial</code></em> <em class="replaceable"><code>idle</code></em> <em class="replaceable"><code>keepalive</code></em> <em class="replaceable"><code>advertised</code></em></span>]</code></strong></span></dt>
<dd>
<p>
When called without arguments, display the current
values of the <span class="command"><strong>tcp-initial-timeout</strong></span>,
<span class="command"><strong>tcp-idle-timeout</strong></span>,
<span class="command"><strong>tcp-keepalive-timeout</strong></span> and
<span class="command"><strong>tcp-advertised-timeout</strong></span> options.
When called with arguments, update these values. This
allows an administrator to make rapid adjustments when
under a denial of service attack. See the descriptions of
these options in the BIND 9 Administrator Reference Manual
for details of their use.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dd>
<p>
......
......@@ -130,6 +130,21 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
Added support for the EDNS TCP Keepalive option (RFC 7828);
this allows negotiation of longer-lived TCP sessions
to reduce the overhead of setting up TCP for individual
queries. [RT #42126]
</p>
</li>
<li class="listitem">
<p>
Added support for the EDNS Padding option (RFC 7830),
which obfuscates packet size analysis when DNS queries
are sent over an encrypted channel. [RT #42094]
</p>
</li>
<li class="listitem">
<p>
The <code class="option">print-time</code> option in the
......
......@@ -5,7 +5,7 @@
<!ENTITY mdash "&#8212;">
<!ENTITY ouml "&#xf6;">]>
<!--
- Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
......
......@@ -297,8 +297,8 @@ options {
require-server-cookie <boolean>;
reserved-sockets <integer>;
resolver-query-timeout <integer>;
response-padding { <address_match_element>; ... }
block-size <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <quoted_string> [ log <boolean> ] [
max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
......@@ -332,10 +332,10 @@ options {
statistics-interval <integer>; // not yet implemented
suppress-initial-notify <boolean>; // not yet implemented
tcp-advertised-timeout <integer>;
tcp-clients <integer>;
tcp-idle-timeout <integer>;
tcp-initial-timeout <integer>;
tcp-keepalive-timeout <integer>;
tcp-clients <integer>;
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
......@@ -393,8 +393,8 @@ server <netprefix> {
request-sit <boolean>; // obsolete
send-cookie <boolean>;
support-ixfr <boolean>; // obsolete
tcp-only <boolean>;
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
......@@ -605,6 +605,8 @@ view <string> [ <class> ] {
request-sit <boolean>; // obsolete
require-server-cookie <boolean>;
resolver-query-timeout <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <quoted_string> [ log <boolean> ] [
max-policy-ttl <integer> ] [ policy ( cname | disabled | drop |
given | no-op | nodata | nxdomain | passthru | tcp-only
......@@ -629,6 +631,7 @@ view <string> [ <class> ] {
) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ] [ dscp <integer> ];
padding <integer>;
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
( <integer> | * ) ] ) | ( [ [ address ] (
......@@ -644,6 +647,7 @@ view <string> [ <class> ] {
request-sit <boolean>; // obsolete
send-cookie <boolean>;
support-ixfr <boolean>; // obsolete
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment