Commit 6270e602 authored by Tinderbox User's avatar Tinderbox User

Merge branch 'prep-release' into v9_16

parents 932d618a 29696e49
Pipeline #33918 failed with stages
in 43 minutes and 59 seconds
--- 9.16.0 released ---
5356. [func] Update dnssec-policy configuration statements:
- Rename "zone-max-ttl" dnssec-policy option to
"max-zone-ttl" for consistency with the existing
......@@ -40,7 +42,7 @@
5349. [bug] Fix a race in task_pause/unpause. [GL #1571]
5348. [bug] dnssec-settime -Psync was not being honoured.
[GL !2893]
[GL !2925]
--- 9.15.8 released ---
......
......@@ -143,7 +143,7 @@ releases. New features include:
* "rndc modzone" reconfigures a single zone, without requiring the
entire server to be reconfigured.
* "rndc showzone" displays the current configuration of a zone.
* "rndc managed-keys" can be used to check the status of RFC 5001
* "rndc managed-keys" can be used to check the status of RFC 5011
managed trust anchors, or to force trust anchors to be refreshed.
* "max-cache-size" can now be set to a percentage of available memory.
The default is 90%.
......
......@@ -111,9 +111,9 @@ format-patch.
BIND 9.16 features
BIND 9.16 is the current stable branch of BIND 9. It includes all
changes from the 9.15 development branch, updating the previous stable
branch, 9.14. New features include:
BIND 9.16 is the current stable branch of BIND 9. It includes all changes
from the 9.15 development branch, updating the previous stable branch,
9.14. New features include:
* New dnssec-policy statement to configure a key and signing policy for
zones, enabling automatic key regeneration and rollover.
......@@ -237,12 +237,10 @@ github.com/farsightsec/fstrm and libprotobuf-c https://
developers.google.com/protocol-buffers, and BIND must be configured with
--enable-dnstap.
Certain compiled-in constants and default settings can be increased to
values better suited to large servers with abundant memory resources (e.g,
64-bit servers with 12G or more of memory) by specifying --with-tuning=
large on the configure command line. This can improve performance on big
servers, but will consume more memory and may degrade performance on
smaller systems.
Certain compiled-in constants and default settings can be decreased to
values better suited to small machines, e.g. OpenWRT boxes, by specifying
--with-tuning=small on the configure command line. This will decrease
memory usage by using smaller structures, but will degrade performance.
On Linux, process capabilities are managed in user space using the libcap
library, which can be installed on most Linux systems via the libcap-dev
......
......@@ -254,7 +254,7 @@ and `libprotobuf-c`
[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
and BIND must be configured with `--enable-dnstap`.
Certain compiled-in constants and default settings can be increased to
Certain compiled-in constants and default settings can be decreased to
values better suited to small machines, e.g. OpenWRT boxes, by specifying
`--with-tuning=small` on the `configure` command line. This will decrease
memory usage by using smaller structures, but will degrade performance.
......
......@@ -233,7 +233,10 @@ Change the default TCP/UDP name server port to
.RS 4
Change the type of the information query\&.
.sp
(Default = A; abbreviations = q, ty)
(Default = A and then AAAA; abbreviations = q, ty)
.sp
\fBNote:\fR
It is only possible to specify one query type, only the default behavior looks up both when an alternative is not specified\&.
.RE
.PP
\fB\fI[no]\fR\fR\fBrecurse\fR
......
......@@ -229,17 +229,17 @@ nslookup -query=hinfo -timeout=10
The class specifies the protocol group of the information.
</p>
<p>
<p>
(Default = IN; abbreviation = cl)
</p>
</dd>
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
<dd>
<p>
Turn on or off the display of the full response packet and
any intermediate response packets when searching.
Turn on or off the display of the full response packet and
any intermediate response packets when searching.
</p>
<p>
<p>
(Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
</p>
</dd>
......@@ -247,9 +247,9 @@ nslookup -query=hinfo -timeout=10
<dd>
<p>
Turn debugging mode on or off. This displays more about
what nslookup is doing.
what nslookup is doing.
</p>
<p>
<p>
(Default = nod2)
</p>
</dd>
......@@ -267,7 +267,7 @@ nslookup -query=hinfo -timeout=10
names in the domain search list to the request until an
answer is received.
</p>
<p>
<p>
(Default = search)
</p>
</dd>
......@@ -276,7 +276,7 @@ nslookup -query=hinfo -timeout=10
<p>
Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
</p>
<p>
<p>
(Default = 53; abbreviation = po)
</p>
</dd>
......@@ -289,9 +289,15 @@ nslookup -query=hinfo -timeout=10
<p>
Change the type of the information query.
</p>
<p>
(Default = A; abbreviations = q, ty)
<p>
(Default = A and then AAAA; abbreviations = q, ty)
</p>
<p>
<span class="bold"><strong>Note:</strong></span> It is
only possible to specify one query type, only
the default behavior looks up both when an
alternative is not specified.
</p>
</dd>
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
<dd>
......@@ -300,16 +306,16 @@ nslookup -query=hinfo -timeout=10
have the
information.
</p>
<p>
<p>
(Default = recurse; abbreviation = [no]rec)
</p>
</dd>
<dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
<dd>
<p>
Set the number of dots (label separators) in a domain
that will disable searching. Absolute names always
stop searching.
Set the number of dots (label separators) in a domain
that will disable searching. Absolute names always
stop searching.
</p>
</dd>
<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
......@@ -331,21 +337,21 @@ nslookup -query=hinfo -timeout=10
Always use a virtual circuit when sending requests to the
server.
</p>
<p>
<p>
(Default = novc)
</p>
</dd>
<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
<dd>
<p>
Try the next nameserver if a nameserver responds with
SERVFAIL or a referral (nofail) or terminate query
(fail) on such a response.
</p>
<p>
Try the next nameserver if a nameserver responds with
SERVFAIL or a referral (nofail) or terminate query
(fail) on such a response.
</p>
<p>
(Default = nofail)
</p>
</dd>
</dd>
</dl></div>
<p>
</p>
......
......@@ -92,7 +92,7 @@ Specifies the label for a key pair in the crypto hardware\&.
.sp
When
BIND
9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&. It may be preceded by an optional OpenSSL engine name, followed by a colon, as in "pkcs11:\fIkeylabel\fR"\&.
9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&.
.sp
When
BIND
......
......@@ -146,9 +146,7 @@
<p>
When <acronym class="acronym">BIND</acronym> 9 is built with OpenSSL-based
PKCS#11 support, the label is an arbitrary string that
identifies a particular key. It may be preceded by an
optional OpenSSL engine name, followed by a colon, as in
"pkcs11:<em class="replaceable"><code>keylabel</code></em>".
identifies a particular key.
</p>
<p>
When <acronym class="acronym">BIND</acronym> 9 is built with native PKCS#11
......
......@@ -187,7 +187,7 @@ Allow
\fBnamed\fR
to use up to
\fI#max\-socks\fR
sockets\&. The default value is 4096 on systems built with default configuration options, and 21000 on systems built with "configure \-\-with\-tuning=large"\&.
sockets\&. The default value is 21000 on systems built with default configuration options, and 4096 on systems built with "configure \-\-with\-tuning=small"\&.
.if n \{\
.sp
.\}
......
......@@ -10,12 +10,12 @@
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2019-08-12
.\" Date: 2020-02-07
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2019\-08\-12" "ISC" "BIND9"
.TH "NAMED\&.CONF" "5" "2020\-02\-07" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -97,6 +97,31 @@ dlz \fIstring\fR {
.if n \{\
.RE
.\}
.SH "DNSSEC-POLICY"
.sp
.if n \{\
.RS 4
.\}
.nf
dnssec\-policy \fIstring\fR {
dnskey\-ttl \fIduration\fR;
keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime
\fIduration_or_unlimited\fR algorithm \fIstring\fR [ \fIinteger\fR ]; \&.\&.\&. };
max\-zone\-ttl \fIduration\fR;
parent\-ds\-ttl \fIduration\fR;
parent\-propagation\-delay \fIduration\fR;
parent\-registration\-delay \fIduration\fR;
publish\-safety \fIduration\fR;
retire\-safety \fIduration\fR;
signatures\-refresh \fIduration\fR;
signatures\-validity \fIduration\fR;
signatures\-validity\-dnskey \fIduration\fR;
zone\-propagation\-delay \fIduration\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "DYNDB"
.sp
.if n \{\
......@@ -150,7 +175,7 @@ logging {
.\}
.SH "MANAGED-KEYS"
.PP
Deprecated \- see TRUST\-ANCHORS\&.
Deprecated \- see DNSSEC\-KEYS\&.
.sp
.if n \{\
.RS 4
......@@ -262,6 +287,7 @@ options {
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-policy \fIstring\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
......@@ -411,8 +437,8 @@ options {
\fIinteger\fR;
response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log
\fIboolean\fR ] [ max\-policy\-ttl \fIduration\fR ] [ min\-update\-interval
\fIduration\fR ] [ policy ( cname | disabled | drop | given | no\-op |
nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
\fIduration\fR ] [ policy ( cname | disabled | drop | given | no\-op
| nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [
break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIduration\fR ] [
......@@ -567,7 +593,7 @@ trust\-anchors { \fIstring\fR ( static\-key |
.\}
.SH "TRUSTED-KEYS"
.PP
Deprecated \- see TRUST\-ANCHORS\&.
Deprecated \- see DNSSEC\-KEYS\&.
.sp
.if n \{\
.RS 4
......@@ -657,6 +683,7 @@ view \fIstring\fR [ \fIclass\fR ] {
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-policy \fIstring\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
......@@ -780,8 +807,8 @@ view \fIstring\fR [ \fIclass\fR ] {
\fIinteger\fR;
response\-policy { zone \fIstring\fR [ add\-soa \fIboolean\fR ] [ log
\fIboolean\fR ] [ max\-policy\-ttl \fIduration\fR ] [ min\-update\-interval
\fIduration\fR ] [ policy ( cname | disabled | drop | given | no\-op |
nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
\fIduration\fR ] [ policy ( cname | disabled | drop | given | no\-op
| nodata | nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ add\-soa \fIboolean\fR ] [
break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIduration\fR ] [
......@@ -1067,30 +1094,6 @@ zone \fIstring\fR [ \fIclass\fR ] {
.if n \{\
.RE
.\}
.SH "DNSSEC-POLICY"
.sp
.if n \{\
.RS 4
.\}
.nf
dnssec\-policy \fIstring\fR {
dnskey\-ttl \fIduration\fR;
keys { ( csk | ksk | zsk ) key\-directory lifetime \fIduration\fR algorithm \fIinteger\fR [ \fIinteger\fR ] ; \&.\&.\&. };
parent\-ds\-ttl \fIduration\fR;
parent\-propagation\-delay \fIduration\fR;
parent\-registration\-delay \fIduration\fR;
publish\-safety \fIduration\fR;
retire\-safety \fIduration\fR;
signatures\-refresh \fIduration\fR;
signatures\-validity \fIduration\fR;
signatures\-validity\-dnskey \fIduration\fR;
zone\-max\-ttl \fIduration\fR;
zone\-propagation\-delay \fIduration\fR;
};
.fi
.if n \{\
.RE
.\}
.SH "FILES"
.PP
/etc/named\&.conf
......
......@@ -13,7 +13,7 @@
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
<date>2019-12-12</date>
<date>2020-02-07</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
......@@ -115,8 +115,8 @@ dlz <replaceable>string</replaceable> {
<literallayout class="normal">
dnssec-policy <replaceable>string</replaceable> {
dnskey-ttl <replaceable>duration</replaceable>;
keys { ( csk | ksk | zsk ) ( key-directory ) lifetime ( <replaceable>duration</replaceable> | unlimited )
algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ]; ... };
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
<replaceable>duration_or_unlimited</replaceable> algorithm <replaceable>string</replaceable> [ <replaceable>integer</replaceable> ]; ... };
max-zone-ttl <replaceable>duration</replaceable>;
parent-ds-ttl <replaceable>duration</replaceable>;
parent-propagation-delay <replaceable>duration</replaceable>;
......
......@@ -92,7 +92,28 @@ dlz
</div>
<div class="refsection">
<a name="id-1.11"></a><h2>DYNDB</h2>
<a name="id-1.11"></a><h2>DNSSEC-POLICY</h2>
<div class="literallayout"><p><br>
dnssec-policy<em class="replaceable"><code>string</code></em>{<br>
dnskey-ttl<em class="replaceable"><code>duration</code></em>;<br>
keys{(csk|ksk|zsk)[(key-directory)]lifetime<br>
<em class="replaceable"><code>duration_or_unlimited</code></em>algorithm<em class="replaceable"><code>string</code></em>[<em class="replaceable"><code>integer</code></em>];...};<br>
max-zone-ttl<em class="replaceable"><code>duration</code></em>;<br>
parent-ds-ttl<em class="replaceable"><code>duration</code></em>;<br>
parent-propagation-delay<em class="replaceable"><code>duration</code></em>;<br>
parent-registration-delay<em class="replaceable"><code>duration</code></em>;<br>
publish-safety<em class="replaceable"><code>duration</code></em>;<br>
retire-safety<em class="replaceable"><code>duration</code></em>;<br>
signatures-refresh<em class="replaceable"><code>duration</code></em>;<br>
signatures-validity<em class="replaceable"><code>duration</code></em>;<br>
signatures-validity-dnskey<em class="replaceable"><code>duration</code></em>;<br>
zone-propagation-delay<em class="replaceable"><code>duration</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>DYNDB</h2>
<div class="literallayout"><p><br>
dyndb<em class="replaceable"><code>string</code></em><em class="replaceable"><code>quoted_string</code></em>{<br>
<em class="replaceable"><code>unspecified-text</code></em>};<br>
......@@ -100,7 +121,7 @@ dyndb
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>KEY</h2>
<a name="id-1.13"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key<em class="replaceable"><code>string</code></em>{<br>
algorithm<em class="replaceable"><code>string</code></em>;<br>
......@@ -110,7 +131,7 @@ key
</div>
<div class="refsection">
<a name="id-1.13"></a><h2>LOGGING</h2>
<a name="id-1.14"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging{<br>
category<em class="replaceable"><code>string</code></em>{<em class="replaceable"><code>string</code></em>;...};<br>
......@@ -131,8 +152,8 @@ logging
</div>
<div class="refsection">
<a name="id-1.14"></a><h2>MANAGED-KEYS</h2>
<p>Deprecated - see TRUST-ANCHORS.</p>
<a name="id-1.15"></a><h2>MANAGED-KEYS</h2>
<p>Deprecated - see DNSSEC-KEYS.</p>
<div class="literallayout"><p><br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key<br>
|initial-key|static-ds|<br>
......@@ -142,7 +163,7 @@ managed-keys
</div>
<div class="refsection">
<a name="id-1.15"></a><h2>MASTERS</h2>
<a name="id-1.16"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters<em class="replaceable"><code>string</code></em>[port<em class="replaceable"><code>integer</code></em>][dscp<br>
<em class="replaceable"><code>integer</code></em>]{(<em class="replaceable"><code>masters</code></em>|<em class="replaceable"><code>ipv4_address</code></em>[<br>
......@@ -152,7 +173,7 @@ masters
</div>
<div class="refsection">
<a name="id-1.16"></a><h2>OPTIONS</h2>
<a name="id-1.17"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options{<br>
allow-new-zones<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -232,6 +253,7 @@ options
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval<em class="replaceable"><code>integer</code></em>;<br>
dnssec-must-be-secure<em class="replaceable"><code>string</code></em><em class="replaceable"><code>boolean</code></em>;<br>
dnssec-policy<em class="replaceable"><code>string</code></em>;<br>
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br>
dnssec-validation(yes|no|auto);<br>
......@@ -381,8 +403,8 @@ options
<em class="replaceable"><code>integer</code></em>;<br>
response-policy{zone<em class="replaceable"><code>string</code></em>[add-soa<em class="replaceable"><code>boolean</code></em>][log<br>
<em class="replaceable"><code>boolean</code></em>][max-policy-ttl<em class="replaceable"><code>duration</code></em>][min-update-interval<br>
<em class="replaceable"><code>duration</code></em>][policy(cname|disabled|drop|given|no-op|<br>
nodata|nxdomain|passthru|tcp-only<em class="replaceable"><code>quoted_string</code></em>)][<br>
<em class="replaceable"><code>duration</code></em>][policy(cname|disabled|drop|given|no-op<br>
|nodata|nxdomain|passthru|tcp-only<em class="replaceable"><code>quoted_string</code></em>)][<br>
recursive-only<em class="replaceable"><code>boolean</code></em>][nsip-enable<em class="replaceable"><code>boolean</code></em>][<br>
nsdname-enable<em class="replaceable"><code>boolean</code></em>];...}[add-soa<em class="replaceable"><code>boolean</code></em>][<br>
break-dnssec<em class="replaceable"><code>boolean</code></em>][max-policy-ttl<em class="replaceable"><code>duration</code></em>][<br>
......@@ -451,7 +473,7 @@ options
</div>
<div class="refsection">
<a name="id-1.17"></a><h2>PLUGIN</h2>
<a name="id-1.18"></a><h2>PLUGIN</h2>
<div class="literallayout"><p><br>
plugin(query)<em class="replaceable"><code>string</code></em>[{<em class="replaceable"><code>unspecified-text</code></em><br>
}];<br>
......@@ -459,7 +481,7 @@ plugin
</div>
<div class="refsection">
<a name="id-1.18"></a><h2>SERVER</h2>
<a name="id-1.19"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server<em class="replaceable"><code>netprefix</code></em>{<br>
bogus<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -497,7 +519,7 @@ server
</div>
<div class="refsection">
<a name="id-1.19"></a><h2>STATISTICS-CHANNELS</h2>
<a name="id-1.20"></a><h2>STATISTICS-CHANNELS</h2>
<div class="literallayout"><p><br>
statistics-channels{<br>
inet(<em class="replaceable"><code>ipv4_address</code></em>|<em class="replaceable"><code>ipv6_address</code></em>|<br>
......@@ -509,7 +531,7 @@ statistics-channels
</div>
<div class="refsection">
<a name="id-1.20"></a><h2>TRUST-ANCHORS</h2>
<a name="id-1.21"></a><h2>TRUST-ANCHORS</h2>
<div class="literallayout"><p><br>
trust-anchors{<em class="replaceable"><code>string</code></em>(static-key|<br>
initial-key|static-ds|initial-ds)<br>
......@@ -519,8 +541,8 @@ trust-anchors
</div>
<div class="refsection">
<a name="id-1.21"></a><h2>TRUSTED-KEYS</h2>
<p>Deprecated - see TRUST-ANCHORS.</p>
<a name="id-1.22"></a><h2>TRUSTED-KEYS</h2>
<p>Deprecated - see DNSSEC-KEYS.</p>
<div class="literallayout"><p><br>
trusted-keys{<em class="replaceable"><code>string</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
......@@ -529,7 +551,7 @@ trusted-keys
</div>
<div class="refsection">
<a name="id-1.22"></a><h2>VIEW</h2>
<a name="id-1.23"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view<em class="replaceable"><code>string</code></em>[<em class="replaceable"><code>class</code></em>]{<br>
allow-new-zones<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -602,6 +624,7 @@ view
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval<em class="replaceable"><code>integer</code></em>;<br>
dnssec-must-be-secure<em class="replaceable"><code>string</code></em><em class="replaceable"><code>boolean</code></em>;<br>
dnssec-policy<em class="replaceable"><code>string</code></em>;<br>
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br>
dnssec-validation(yes|no|auto);<br>
......@@ -725,8 +748,8 @@ view
<em class="replaceable"><code>integer</code></em>;<br>
response-policy{zone<em class="replaceable"><code>string</code></em>[add-soa<em class="replaceable"><code>boolean</code></em>][log<br>
<em class="replaceable"><code>boolean</code></em>][max-policy-ttl<em class="replaceable"><code>duration</code></em>][min-update-interval<br>
<em class="replaceable"><code>duration</code></em>][policy(cname|disabled|drop|given|no-op|<br>
nodata|nxdomain|passthru|tcp-only<em class="replaceable"><code>quoted_string</code></em>)][<br>
<em class="replaceable"><code>duration</code></em>][policy(cname|disabled|drop|given|no-op<br>
|nodata|nxdomain|passthru|tcp-only<em class="replaceable"><code>quoted_string</code></em>)][<br>
recursive-only<em class="replaceable"><code>boolean</code></em>][nsip-enable<em class="replaceable"><code>boolean</code></em>][<br>
nsdname-enable<em class="replaceable"><code>boolean</code></em>];...}[add-soa<em class="replaceable"><code>boolean</code></em>][<br>
break-dnssec<em class="replaceable"><code>boolean</code></em>][max-policy-ttl<em class="replaceable"><code>duration</code></em>][<br>
......@@ -908,7 +931,7 @@ view
</div>
<div class="refsection">
<a name="id-1.23"></a><h2>ZONE</h2>
<a name="id-1.24"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone<em class="replaceable"><code>string</code></em>[<em class="replaceable"><code>class</code></em>]{<br>
allow-notify{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -1007,27 +1030,6 @@ zone
</p></div>
</div>
<div class="refsection">
<a name="id-1.24"></a><h2>DNSSEC-POLICY</h2>
<div class="literallayout"><p><br>
dnssec-policy<em class="replaceable"><code>string</code></em>{<br>
dnskey-ttl<em class="replaceable"><code>duration</code></em>;<br>
keys{(csk|ksk|zsk)key-directorylifetime<em class="replaceable"><code>duration</code></em>algorithm<em class="replaceable"><code>integer</code></em>[<em class="replaceable"><code>integer</code></em>];...};<br>
parent-ds-ttl<em class="replaceable"><code>duration</code></em>;<br>
parent-propagation-delay<em class="replaceable"><code>duration</code></em>;<br>
parent-registration-delay<em class="replaceable"><code>duration</code></em>;<br>
publish-safety<em class="replaceable"><code>duration</code></em>;<br>
retire-safety<em class="replaceable"><code>duration</code></em>;<br>
signatures-refresh<em class="replaceable"><code>duration</code></em>;<br>
signatures-validity<em class="replaceable"><code>duration</code></em>;<br>
signatures-validity-dnskey<em class="replaceable"><code>duration</code></em>;<br>
zone-max-ttl<em class="replaceable"><code>duration</code></em>;<br>
zone-propagation-delay<em class="replaceable"><code>duration</code></em>;<br>
};<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.25"></a><h2>FILES</h2>
......
......@@ -230,9 +230,9 @@
<p>
Allow <span class="command"><strong>named</strong></span> to use up to
<em class="replaceable"><code>#max-socks</code></em> sockets.
The default value is 4096 on systems built with default
configuration options, and 21000 on systems built with
"configure --with-tuning=large".
The default value is 21000 on systems built with default
configuration options, and 4096 on systems built with
"configure --with-tuning=small".
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for BIND 9.15.
# Generated by GNU Autoconf 2.69 for BIND 9.16.
#
# Report bugs to <info@isc.org>.
#
......@@ -589,10 +589,10 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='BIND'
PACKAGE_TARNAME='bind'
PACKAGE_VERSION='9.15'
PACKAGE_STRING='BIND 9.15'
PACKAGE_VERSION='9.16'
PACKAGE_STRING='BIND 9.16'
PACKAGE_BUGREPORT='info@isc.org'
PACKAGE_URL='https://www.isc.org/downloads/BIND/'
PACKAGE_URL='https://www.isc.org/downloads/'
# Factoring default headers for most tests.
ac_includes_default="\
......@@ -852,7 +852,6 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
......@@ -1026,7 +1025,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
......@@ -1279,15 +1277,6 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
......@@ -1425,7 +1414,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir runstatedir
libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
......@@ -1538,7 +1527,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures BIND 9.15 to adapt to many kinds of systems.
\`configure' configures BIND 9.16 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1578,7 +1567,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
......@@ -1604,7 +1592,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of BIND 9.15:";;
short | recursive ) echo "Configuration of BIND 9.16:";;
esac
cat <<\_ACEOF
......@@ -1775,7 +1763,7 @@ Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to <info@isc.org>.
BIND home page: <https://www.isc.org/downloads/BIND/>.
BIND home page: <https://www.isc.org/downloads/>.
_ACEOF