Commit 5bd85525 authored by Tinderbox User's avatar Tinderbox User

prep 9.13.5

parent cbde34e7
--- 9.13.5 released ---
5108. [bug] Named could fail to determine bottom of zone when 5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771] and NSEC3 records being added to the zone. [GL #771]
......
...@@ -104,6 +104,10 @@ BIND 9.13 features ...@@ -104,6 +104,10 @@ BIND 9.13 features
BIND 9.13 is the newest development branch of BIND 9. It includes a number BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include: of changes from BIND 9.12 and earlier releases. New features include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* Socket and task code has been refactored to improve performance. * Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported. * QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate * "Root key sentinel" support, enabling validating resolvers to indicate
......
...@@ -122,6 +122,9 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a ...@@ -122,6 +122,9 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features number of changes from BIND 9.12 and earlier releases. New features
include: include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a plugin.
* Socket and task code has been refactored to improve performance. * Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported. * QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate * "Root key sentinel" support, enabling validating resolvers to indicate
......
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
named-checkconf \- named configuration file syntax checking tool named-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP \w'\fBnamed\-checkconf\fR\ 'u .HP \w'\fBnamed\-checkconf\fR\ 'u
\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} \fBnamed\-checkconf\fR [\fB\-chjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
\fBnamed\-checkconf\fR \fBnamed\-checkconf\fR
...@@ -79,6 +79,13 @@ When loading a zonefile read the journal if it exists\&. ...@@ -79,6 +79,13 @@ When loading a zonefile read the journal if it exists\&.
List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&. List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
.RE .RE
.PP .PP
\-c
.RS 4
Check "core" configuration only\&. This suppresses the loading of plugin modules, and causes all parameters to
\fBplugin\fR
statements to be ignored\&.
.RE
.PP
\-p \-p
.RS 4 .RS 4
Print out the Print out the
......
...@@ -33,7 +33,7 @@ ...@@ -33,7 +33,7 @@
<h2>Synopsis</h2> <h2>Synopsis</h2>
<div class="cmdsynopsis"><p> <div class="cmdsynopsis"><p>
<code class="command">named-checkconf</code> <code class="command">named-checkconf</code>
[<code class="option">-hjlvz</code>] [<code class="option">-chjlvz</code>]
[<code class="option">-p</code> [<code class="option">-p</code>
[<code class="option">-x</code> [<code class="option">-x</code>
]] ]]
...@@ -88,6 +88,14 @@ ...@@ -88,6 +88,14 @@
(e.g. master or slave). (e.g. master or slave).
</p> </p>
</dd> </dd>
<dt><span class="term">-c</span></dt>
<dd>
<p>
Check "core" configuration only. This suppresses the loading
of plugin modules, and causes all parameters to
<span class="command"><strong>plugin</strong></span> statements to be ignored.
</p>
</dd>
<dt><span class="term">-p</span></dt> <dt><span class="term">-p</span></dt>
<dd> <dd>
<p> <p>
......
...@@ -327,21 +327,21 @@ and ...@@ -327,21 +327,21 @@ and
files are generated for symmetric cryptography algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&. files are generated for symmetric cryptography algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&.
.SH "EXAMPLE" .SH "EXAMPLE"
.PP .PP
To generate a 768\-bit DSA key for the domain To generate an ECDSAP256SHA256 key for the domain
\fBexample\&.com\fR, the following command would be issued: \fBexample\&.com\fR, the following command would be issued:
.PP .PP
\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example\&.com\fR \fBdnssec\-keygen \-a ECDSAP256SHA256 \-n ZONE example\&.com\fR
.PP .PP
The command would print a string of the form: The command would print a string of the form:
.PP .PP
\fBKexample\&.com\&.+003+26160\fR \fBKexample\&.com\&.+013+26160\fR
.PP .PP
In this example, In this example,
\fBdnssec\-keygen\fR \fBdnssec\-keygen\fR
creates the files creates the files
Kexample\&.com\&.+003+26160\&.key Kexample\&.com\&.+013+26160\&.key
and and
Kexample\&.com\&.+003+26160\&.private\&. Kexample\&.com\&.+013+26160\&.private\&.
.SH "SEE ALSO" .SH "SEE ALSO"
.PP .PP
\fBdnssec-signzone\fR(8), \fBdnssec-signzone\fR(8),
......
...@@ -498,22 +498,22 @@ ...@@ -498,22 +498,22 @@
<a name="id-1.11"></a><h2>EXAMPLE</h2> <a name="id-1.11"></a><h2>EXAMPLE</h2>
<p> <p>
To generate a 768-bit DSA key for the domain To generate an ECDSAP256SHA256 key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be <strong class="userinput"><code>example.com</code></strong>, the following command would be
issued: issued:
</p> </p>
<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong> <p><strong class="userinput"><code>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</code></strong>
</p> </p>
<p> <p>
The command would print a string of the form: The command would print a string of the form:
</p> </p>
<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong> <p><strong class="userinput"><code>Kexample.com.+013+26160</code></strong>
</p> </p>
<p> <p>
In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code> the files <code class="filename">Kexample.com.+013+26160.key</code>
and and
<code class="filename">Kexample.com.+003+26160.private</code>. <code class="filename">Kexample.com.+013+26160.private</code>.
</p> </p>
</div> </div>
......
...@@ -415,9 +415,9 @@ Specify which keys should be used to sign the zone\&. If no keys are specified, ...@@ -415,9 +415,9 @@ Specify which keys should be used to sign the zone\&. If no keys are specified,
.PP .PP
The following command signs the The following command signs the
\fBexample\&.com\fR \fBexample\&.com\fR
zone with the DSA key generated by zone with the ECDSAP256SHA256 key generated by key generated by
\fBdnssec\-keygen\fR \fBdnssec\-keygen\fR
(Kexample\&.com\&.+003+17247)\&. Because the (Kexample\&.com\&.+013+17247)\&. Because the
\fB\-S\fR \fB\-S\fR
option is not being used, the zone\*(Aqs keys must be in the master file (db\&.example\&.com)\&. This invocation looks for option is not being used, the zone\*(Aqs keys must be in the master file (db\&.example\&.com)\&. This invocation looks for
dsset dsset
...@@ -428,7 +428,7 @@ files, in the current directory, so that DS records can be imported from them (\ ...@@ -428,7 +428,7 @@ files, in the current directory, so that DS records can be imported from them (\
.\} .\}
.nf .nf
% dnssec\-signzone \-g \-o example\&.com db\&.example\&.com \e % dnssec\-signzone \-g \-o example\&.com db\&.example\&.com \e
Kexample\&.com\&.+003+17247 Kexample\&.com\&.+013+17247
db\&.example\&.com\&.signed db\&.example\&.com\&.signed
% %
.fi .fi
......
...@@ -624,15 +624,16 @@ ...@@ -624,15 +624,16 @@
<p> <p>
The following command signs the <strong class="userinput"><code>example.com</code></strong> The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span class="command"><strong>dnssec-keygen</strong></span> zone with the ECDSAP256SHA256 key generated by key generated by
(Kexample.com.+003+17247). Because the <span class="command"><strong>-S</strong></span> option <span class="command"><strong>dnssec-keygen</strong></span> (Kexample.com.+013+17247).
is not being used, the zone's keys must be in the master file Because the <span class="command"><strong>-S</strong></span> option is not being used,
the zone's keys must be in the master file
(<code class="filename">db.example.com</code>). This invocation looks (<code class="filename">db.example.com</code>). This invocation looks
for <code class="filename">dsset</code> files, in the current directory, for <code class="filename">dsset</code> files, in the current directory,
so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>). so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>).
</p> </p>
<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \ <pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
Kexample.com.+003+17247 Kexample.com.+013+17247
db.example.com.signed db.example.com.signed
%</pre> %</pre>
<p> <p>
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
'\" t '\" t
.\" Title: filter-aaaa.so .\" Title: filter-aaaa.so
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-08-13 .\" Date: 2018-08-13
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
...@@ -38,12 +38,12 @@ ...@@ -38,12 +38,12 @@
.SH "NAME" .SH "NAME"
filter-aaaa.so \- filter AAAA in DNS responses when A is present filter-aaaa.so \- filter AAAA in DNS responses when A is present
.SH "SYNOPSIS" .SH "SYNOPSIS"
.HP 28 .HP \w'\fBplugin\ query\ "filter\-aaaa\&.so"\fR\ 'u
\fBhook query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR]; \fBplugin query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR];
.SH "DESCRIPTION" .SH "DESCRIPTION"
.PP .PP
\fBfilter\-aaaa\&.so\fR \fBfilter\-aaaa\&.so\fR
is a query hook module for is a query plugin module for
\fBnamed\fR, enabling \fBnamed\fR, enabling
\fBnamed\fR \fBnamed\fR
to omit some IPv6 addresses when responding to clients\&. to omit some IPv6 addresses when responding to clients\&.
...@@ -59,13 +59,13 @@ and ...@@ -59,13 +59,13 @@ and
options\&. These options are now deprecated in options\&. These options are now deprecated in
named\&.conf, but can be passed as parameters to the named\&.conf, but can be passed as parameters to the
\fBfilter\-aaaa\&.so\fR \fBfilter\-aaaa\&.so\fR
hook module, for example: plugin, for example:
.sp .sp
.if n \{\ .if n \{\
.RS 4 .RS 4
.\} .\}
.nf .nf
hook query "/usr/local/lib/filter\-aaaa\&.so" { plugin query "/usr/local/lib/filter\-aaaa\&.so" {
filter\-aaaa\-on\-v4 yes; filter\-aaaa\-on\-v4 yes;
filter\-aaaa\-on\-v6 yes; filter\-aaaa\-on\-v6 yes;
filter\-aaaa { 192\&.0\&.2\&.1; 2001:db8:2::1; }; filter\-aaaa { 192\&.0\&.2\&.1; 2001:db8:2::1; };
......
...@@ -460,7 +460,7 @@ plugin_destroy(void **instp) { ...@@ -460,7 +460,7 @@ plugin_destroy(void **instp) {
} }
/* /*
* Returns hook module API version for compatibility checks. * Returns plugin API version for compatibility checks.
*/ */
int int
plugin_version(void) { plugin_version(void) {
......
...@@ -10,27 +10,40 @@ ...@@ -10,27 +10,40 @@
<head> <head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>filter-aaaa.so</title> <title>filter-aaaa.so</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1"> <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head> </head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.filter-aaaa"></a><div class="titlepage"></div> <a name="man.filter-aaaa"></a><div class="titlepage"></div>
<div class="refnamediv">
<div class="refnamediv">
<h2>Name</h2> <h2>Name</h2>
<p><span class="application">filter-aaaa.so</span> &#8212; filter AAAA in DNS responses when A is present</p> <p>
<span class="application">filter-aaaa.so</span>
&#8212; filter AAAA in DNS responses when A is present
</p>
</div> </div>
<div class="refsynopsisdiv">
<div class="refsynopsisdiv">
<h2>Synopsis</h2> <h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">hook query "filter-aaaa.so"</code> [<em class="replaceable"><code>{ parameters }</code></em>]; <div class="cmdsynopsis"><p>
<code class="command">plugin query "filter-aaaa.so"</code>
[<em class="replaceable"><code>{ parameters }</code></em>];
</p></div> </p></div>
</div> </div>
<div class="refsection">
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2> <a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p> <p>
<span class="command"><strong>filter-aaaa.so</strong></span> is a query hook module for <span class="command"><strong>filter-aaaa.so</strong></span> is a query plugin module for
<span class="command"><strong>named</strong></span>, enabling <span class="command"><strong>named</strong></span> <span class="command"><strong>named</strong></span>, enabling <span class="command"><strong>named</strong></span>
to omit some IPv6 addresses when responding to clients. to omit some IPv6 addresses when responding to clients.
</p> </p>
<p> <p>
Until BIND 9.12, this feature was implemented natively in Until BIND 9.12, this feature was implemented natively in
<span class="command"><strong>named</strong></span> and enabled with the <span class="command"><strong>named</strong></span> and enabled with the
<span class="command"><strong>filter-aaaa</strong></span> ACL and the <span class="command"><strong>filter-aaaa</strong></span> ACL and the
...@@ -38,42 +51,45 @@ ...@@ -38,42 +51,45 @@
<span class="command"><strong>filter-aaaa-on-v6</strong></span> options. These options are <span class="command"><strong>filter-aaaa-on-v6</strong></span> options. These options are
now deprecated in <code class="filename">named.conf</code>, but can be now deprecated in <code class="filename">named.conf</code>, but can be
passed as parameters to the <span class="command"><strong>filter-aaaa.so</strong></span> passed as parameters to the <span class="command"><strong>filter-aaaa.so</strong></span>
hook module, for example: plugin, for example:
</p> </p>
<pre class="programlisting"> <pre class="programlisting">
hook query "/usr/local/lib/filter-aaaa.so" { plugin query "/usr/local/lib/filter-aaaa.so" {
filter-aaaa-on-v4 yes; filter-aaaa-on-v4 yes;
filter-aaaa-on-v6 yes; filter-aaaa-on-v6 yes;
filter-aaaa { 192.0.2.1; 2001:db8:2::1; }; filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
}; };
</pre> </pre>
<p> <p>
This module is intended to aid transition from IPv4 to IPv6 by This module is intended to aid transition from IPv4 to IPv6 by
withholding IPv6 addresses from DNS clients which are not connected withholding IPv6 addresses from DNS clients which are not connected
to the IPv6 Internet, when the name being looked up has an IPv4 to the IPv6 Internet, when the name being looked up has an IPv4
address available. Use of this module is not recommended unless address available. Use of this module is not recommended unless
absolutely necessary. absolutely necessary.
</p> </p>
<p> <p>
Note: This mechanism can erroneously cause other servers not to Note: This mechanism can erroneously cause other servers not to
give AAAA records to their clients. If a recursing server with give AAAA records to their clients. If a recursing server with
both IPv6 and IPv4 network connections queries an authoritative both IPv6 and IPv4 network connections queries an authoritative
server using this mechanism via IPv4, it will be denied AAAA server using this mechanism via IPv4, it will be denied AAAA
records even if its client is using IPv6. records even if its client is using IPv6.
</p> </p>
</div> </div>
<div class="refsection">
<div class="refsection">
<a name="id-1.8"></a><h2>OPTIONS</h2> <a name="id-1.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist"> <div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt> <dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt>
<dd><p> <dd>
<p>
Specifies a list of client addresses for which AAAA Specifies a list of client addresses for which AAAA
filtering is to be applied. The default is filtering is to be applied. The default is
<strong class="userinput"><code>any</code></strong>. <strong class="userinput"><code>any</code></strong>.
</p></dd> </p>
</dd>
<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt> <dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
<dd> <dd>
<p> <p>
If set to <strong class="userinput"><code>yes</code></strong>, the DNS client is If set to <strong class="userinput"><code>yes</code></strong>, the DNS client is
at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>, at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
and if the response does not include DNSSEC signatures, and if the response does not include DNSSEC signatures,
...@@ -81,35 +97,39 @@ hook query "/usr/local/lib/filter-aaaa.so" { ...@@ -81,35 +97,39 @@ hook query "/usr/local/lib/filter-aaaa.so" {
This filtering applies to all responses and not only This filtering applies to all responses and not only
authoritative responses. authoritative responses.
</p> </p>
<p> <p>
If set to <strong class="userinput"><code>break-dnssec</code></strong>, If set to <strong class="userinput"><code>break-dnssec</code></strong>,
then AAAA records are deleted even when DNSSEC is then AAAA records are deleted even when DNSSEC is
enabled. As suggested by the name, this causes the enabled. As suggested by the name, this causes the
response to fail to verify, because the DNSSEC protocol is response to fail to verify, because the DNSSEC protocol is
designed to detect deletions. designed to detect deletions.
</p> </p>
<p> <p>
This mechanism can erroneously cause other servers not to This mechanism can erroneously cause other servers not to
give AAAA records to their clients. A recursing server with give AAAA records to their clients. A recursing server with
both IPv6 and IPv4 network connections that queries an both IPv6 and IPv4 network connections that queries an
authoritative server using this mechanism via IPv4 will be authoritative server using this mechanism via IPv4 will be
denied AAAA records even if its client is using IPv6. denied AAAA records even if its client is using IPv6.
</p> </p>
</dd> </dd>
<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v6</strong></span></span></dt> <dt><span class="term"><span class="command"><strong>filter-aaaa-on-v6</strong></span></span></dt>
<dd><p> <dd>
<p>
Identical to <span class="command"><strong>filter-aaaa-on-v4</strong></span>, Identical to <span class="command"><strong>filter-aaaa-on-v4</strong></span>,
except it filters AAAA responses to queries from IPv6 except it filters AAAA responses to queries from IPv6
clients instead of IPv4 clients. To filter all clients instead of IPv4 clients. To filter all
responses, set both options to <strong class="userinput"><code>yes</code></strong>. responses, set both options to <strong class="userinput"><code>yes</code></strong>.
</p></dd> </p>
</dd>
</dl></div> </dl></div>
</div> </div>
<div class="refsection">
<div class="refsection">
<a name="id-1.9"></a><h2>SEE ALSO</h2> <a name="id-1.9"></a><h2>SEE ALSO</h2>
<p> <p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>. <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p> </p>
</div> </div>
</div></body> </div></body>
</html> </html>
...@@ -842,7 +842,6 @@ infodir ...@@ -842,7 +842,6 @@ infodir
docdir docdir
oldincludedir oldincludedir
includedir includedir
runstatedir
localstatedir localstatedir
sharedstatedir sharedstatedir
sysconfdir sysconfdir
...@@ -1002,7 +1001,6 @@ datadir='${datarootdir}' ...@@ -1002,7 +1001,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc' sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com' sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var' localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include' includedir='${prefix}/include'
oldincludedir='/usr/include' oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
...@@ -1255,15 +1253,6 @@ do ...@@ -1255,15 +1253,6 @@ do
| -silent | --silent | --silen | --sile | --sil) | -silent | --silent | --silen | --sile | --sil)
silent=yes ;; silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;; ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
...@@ -1401,7 +1390,7 @@ fi ...@@ -1401,7 +1390,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \ datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir runstatedir libdir localedir mandir
do do
eval ac_val=\$$ac_var eval ac_val=\$$ac_var
# Remove trailing slashes. # Remove trailing slashes.
...@@ -1554,7 +1543,6 @@ Fine tuning of the installation directories: ...@@ -1554,7 +1543,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var] --localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib] --libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include] --includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include] --oldincludedir=DIR C header files for non-gcc [/usr/include]
......
...@@ -614,6 +614,6 @@ ...@@ -614,6 +614,6 @@
</tr> </tr>
</table> </table>
</div> </div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p> <p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
</body> </body>
</html> </html>
...@@ -146,6 +146,6 @@ ...@@ -146,6 +146,6 @@
</tr> </tr>
</table> </table>
</div> </div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p> <p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
</body> </body>
</html> </html>
...@@ -47,6 +47,11 @@ ...@@ -47,6 +47,11 @@
<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
</dl></dd> </dl></dd>
<dt><span class="section"><a href="Bv9ARM.ch03.html#module-info">Plugins</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch03.html#id-1.4.6.5">Configuring Plugins</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch03.html#id-1.4.6.6">Developing Plugins</a></span></dt>
</dl></dd>
</dl> </dl>
</div> </div>
...@@ -741,6 +746,105 @@ controls { ...@@ -741,6 +746,105 @@ controls {
</div> </div>
</div> </div>
</div> </div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="module-info"></a>Plugins</h2></div></div></div>
<p>
Plugins are a mechanism to extend the functionality of
<span class="command"><strong>named</strong></span> using dynamically loadable libraries.
By using plugins, core server functionality can be kept simple
for the majority of users; more complex code implementing optional
features need only be installed by users that need those features.
</p>
<p>
The plugin interface is a work in progress, and is expected to evolve
as more plugins are added. Currently, only "query plugins" are supported;
these modify the name server query logic. Other plugin types may be added
in the future.
</p>
<p>
The only plugin currently included in BIND is
<code class="filename">filter-aaaa.so</code>, which replaces the
<span class="command"><strong>filter-aaaa</strong></span> feature that previously existed natively
as part of <span class="command"><strong>named</strong></span>.
The code for this feature has been removed from <span class="command"><strong>named</strong></span>,
and can no longer be configured using standard
<code class="filename"&