Commit 7bb3d000 authored by Michał Kępień's avatar Michał Kępień Committed by Ondřej Surý

Update documentation

parent adbe2caf
......@@ -884,7 +884,6 @@ view \fIstring\fR [ \fIclass\fR ] {
max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
mirror \fIboolean\fR;
multi\-master \fIboolean\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
......@@ -910,7 +909,7 @@ view \fIstring\fR [ \fIclass\fR ] {
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
type ( primary | master | secondary | slave |
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect |
static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
......@@ -993,7 +992,6 @@ zone \fIstring\fR [ \fIclass\fR ] {
max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
mirror \fIboolean\fR;
multi\-master \fIboolean\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
......@@ -1017,8 +1015,9 @@ zone \fIstring\fR [ \fIclass\fR ] {
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
type ( primary | master | secondary | slave | delegation\-only |
forward | hint | redirect | static\-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect | static\-stub |
stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain
......
......@@ -341,7 +341,6 @@ options {
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
new-zones-directory <replaceable>quoted_string</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
......@@ -673,7 +672,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
new-zones-directory <replaceable>quoted_string</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
......@@ -864,7 +862,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
......@@ -890,7 +887,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( primary | master | secondary | slave |
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
......@@ -969,7 +966,6 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
......@@ -993,8 +989,9 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( primary | master | secondary | slave | delegation-only |
forward | hint | redirect | static-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
......
......@@ -853,7 +853,6 @@ view
max-zone-ttl(unlimited|<em class="replaceable"><code>ttlval</code></em>);<br>
min-refresh-time<em class="replaceable"><code>integer</code></em>;<br>
min-retry-time<em class="replaceable"><code>integer</code></em>;<br>
mirror<em class="replaceable"><code>boolean</code></em>;<br>
multi-master<em class="replaceable"><code>boolean</code></em>;<br>
notify(explicit|master-only|<em class="replaceable"><code>boolean</code></em>);<br>
notify-delay<em class="replaceable"><code>integer</code></em>;<br>
......@@ -879,7 +878,7 @@ view
transfer-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[port(<br>
<em class="replaceable"><code>integer</code></em>|*)][dscp<em class="replaceable"><code>integer</code></em>];<br>
try-tcp-refresh<em class="replaceable"><code>boolean</code></em>;<br>
type(primary|master|secondary|slave|<br>
type(primary|master|secondary|slave|mirror|<br>
delegation-only|forward|hint|redirect|<br>
static-stub|stub);<br>
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -959,7 +958,6 @@ zone
max-zone-ttl(unlimited|<em class="replaceable"><code>ttlval</code></em>);<br>
min-refresh-time<em class="replaceable"><code>integer</code></em>;<br>
min-retry-time<em class="replaceable"><code>integer</code></em>;<br>
mirror<em class="replaceable"><code>boolean</code></em>;<br>
multi-master<em class="replaceable"><code>boolean</code></em>;<br>
notify(explicit|master-only|<em class="replaceable"><code>boolean</code></em>);<br>
notify-delay<em class="replaceable"><code>integer</code></em>;<br>
......@@ -983,8 +981,9 @@ zone
transfer-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[port(<em class="replaceable"><code>integer</code></em>|*)<br>
][dscp<em class="replaceable"><code>integer</code></em>];<br>
try-tcp-refresh<em class="replaceable"><code>boolean</code></em>;<br>
type(primary|master|secondary|slave|delegation-only|<br>
forward|hint|redirect|static-stub|stub);<br>
type(primary|master|secondary|slave|mirror|<br>
delegation-only|forward|hint|redirect|static-stub|<br>
stub);<br>
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
update-policy(local|{(deny|grant)<em class="replaceable"><code>string</code></em>(6to4-self|<br>
external|krb5-self|krb5-subdomain|ms-self|ms-subdomain<br>
......
......@@ -115,6 +115,8 @@ main(int argc, char **argv) {
strcmp(argv[1], "seconary") == 0)
{
zonetype = CFG_ZONE_SLAVE;
} else if (strcmp(argv[1], "mirror") == 0) {
zonetype = CFG_ZONE_MIRROR;
} else if (strcmp(argv[1], "stub") == 0) {
zonetype = CFG_ZONE_STUB;
} else if (strcmp(argv[1], "static-stub") == 0) {
......
......@@ -7317,8 +7317,8 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>allow-transfer</command></term>
<varlistentry xml:id="allow_transfer">
<term xml:id="allow_transfer_term"><command>allow-transfer</command></term>
<listitem>
<para>
Specifies which hosts are allowed to
......@@ -11410,6 +11410,7 @@ view "external" {
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="master.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="slave.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mirror.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="hint.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stub.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="static-stub.zoneopt.xml"/>
......@@ -11429,6 +11430,7 @@ view "external" {
acceptable values include:
<varname>master</varname> (or <varname>primary</varname>),
<varname>slave</varname> (or <varname>secondary</varname>),
<varname>mirror</varname>,
<varname>delegation-only</varname>,
<varname>forward</varname>,
<varname>hint</varname>,
......@@ -11565,6 +11567,97 @@ view "external" {
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>mirror</varname>
</para>
</entry>
<entry colname="2">
<para>
</para>
<para>
A mirror zone acts like a zone of type
<userinput>secondary</userinput> whose data is
subject to DNSSEC validation before being used
in answers. Validation is performed during the
zone transfer process, and again when the zone
file is loaded from disk when
<command>named</command> is restarted. If
validation fails, a retransfer of the zone is
scheduled; if the mirror zone had not previously
been loaded or if the previous version has
expired, traditional DNS recursion will be used
to look up the answers instead.
</para>
<para>
For validation to succeed, a key-signing key
(KSK) for the zone must be configured as a trust
anchor in <filename>named.conf</filename>: that
is, a key for the zone must either be specified
in <command>managed-keys</command> or
<command>trusted-keys</command>, or in the case
of the root zone,
<command>dnssec-validation</command> must be set
to <userinput>auto</userinput>. Answers coming
from a mirror zone look almost exactly like
answers from a zone of type
<userinput>secondary</userinput>, with the
notable exceptions that the AA bit
("authoritative answer") is not set, and the AD
bit ("authenticated data") is.
</para>
<para>
Since mirror zones are intended to be used by
recursive resolvers, adding one to a view with
recursion disabled is considered to be a
configuration error.
</para>
<para>
When configuring NOTIFY for a mirror zone, only
<userinput>notify no;</userinput> and
<userinput>notify explicit;</userinput> can be
used. Using any other
<userinput>notify</userinput> setting at the
zone level is a configuration error. Using any
other <userinput>notify</userinput> setting at
the <userinput>options</userinput> or
<userinput>view</userinput> level will cause
that setting to be overridden with
<userinput>notify explicit;</userinput> for the
mirror zone in question.
</para>
<para>
Outgoing transfers of mirror zones are disabled
by default but may be enabled using
<xref endterm="allow_transfer_term" linkend="allow_transfer"/>.
</para>
<para>
While any zone may be configured with this type,
it is intended to be used to set up a fast local
copy of the root zone, similar to the one
described in RFC 7706. Note, however, that
mirror zones are not supposed to augment the
example configuration provided by RFC 7706 but
rather to replace it altogether.
</para>
<para>
A default list of primary servers for the root
zone is built into <command>named</command> and
thus IANA root zone mirroring can be enabled
using the following configuration:
</para>
<programlisting>zone "." {
type mirror;
};</programlisting>
<para>
To make mirror zone contents persist between
<command>named</command> restarts, use the
<xref endterm="file_option_term" linkend="file_option"/>
option.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
......@@ -12067,19 +12160,20 @@ view "external" {
</listitem>
</varlistentry>
<varlistentry>
<term><command>file</command></term>
<varlistentry xml:id="file_option">
<term xml:id="file_option_term"><command>file</command></term>
<listitem>
<para>
Set the zone's filename. In <command>master</command>,
<command>hint</command>, and <command>redirect</command>
zones which do not have <command>masters</command>
defined, zone data is loaded from this file. In
<command>slave</command>, <command>stub</command>, and
<command>redirect</command> zones which do have
<command>masters</command> defined, zone data is
retrieved from another server and saved in this file.
This option is not applicable to other zone types.
<command>slave</command>, <command>mirror</command>,
<command>stub</command>, and <command>redirect</command>
zones which do have <command>masters</command>
defined, zone data is retrieved from another server
and saved in this file. This option is not
applicable to other zone types.
</para>
</listitem>
</varlistentry>
......@@ -12524,68 +12618,6 @@ example.com. NS ns2.example.net.
</listitem>
</varlistentry>
<varlistentry>
<term><command>mirror</command></term>
<listitem>
<para>
If set to <userinput>yes</userinput>, this causes the
zone to become a mirror zone. A mirror zone is a
<userinput>secondary</userinput> zone whose data
is subject to DNSSEC validation before being
used in answers. The default is
<userinput>no</userinput>.
</para>
<para>
A mirror zone's contents are validated during the transfer
process, and again when the zone file is loaded from disk
when <command>named</command> is restarted. If validation
fails, a retransfer of the zone is scheduled; if the mirror
zone had not previously been loaded or if the previous
version has expired, traditional DNS recursion will be used
to look up the answers instead.
</para>
<para>
For validation to succeed, a key-signing key (KSK) for
the zone must be configured as a trust anchor in
<filename>named.conf</filename>:
that is, a key for the zone must either be specified in
<command>managed-keys</command> or
<command>trusted-keys</command>, or in the case of
the root zone, <command>dnssec-validation</command>
must be set to <userinput>auto</userinput>.
Answers coming from a mirror zone look almost exactly like
answers from a normal slave zone, with the notable
exceptions that the AA bit ("authoritative answer") is
not set, and the AD bit ("authenticated data") is.
</para>
<para>
Though this option can be used for other zones, it
is intended to be used to set up a fast local copy of
the root zone, as described in RFC 7706.
This can be done by using the following configuration:
</para>
<programlisting>zone "." {
type slave;
mirror yes;
file "root.mirror";
masters {
192.228.79.201; # b.root-servers.net
192.33.4.12; # c.root-servers.net
192.5.5.241; # f.root-servers.net
192.112.36.4; # g.root-servers.net
193.0.14.129; # k.root-servers.net
192.0.47.132; # xfr.cjr.dns.icann.org
192.0.32.132; # xfr.lax.dns.icann.org
2001:500:84::b; # b.root-servers.net
2001:500:2f::f; # f.root-servers.net
2001:7fd::1; # k.root-servers.net
2620:0:2830:202::132; # xfr.cjr.dns.icann.org
2620:0:2d0:202::132; # xfr.lax.dns.icann.org
};
};</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term><command>multi-master</command></term>
<listitem>
......
This diff is collapsed.
......@@ -871,7 +871,6 @@ view
max-zone-ttl(unlimited|<em class="replaceable"><code>ttlval</code></em>);<br>
min-refresh-time<em class="replaceable"><code>integer</code></em>;<br>
min-retry-time<em class="replaceable"><code>integer</code></em>;<br>
mirror<em class="replaceable"><code>boolean</code></em>;<br>
multi-master<em class="replaceable"><code>boolean</code></em>;<br>
notify(explicit|master-only|<em class="replaceable"><code>boolean</code></em>);<br>
notify-delay<em class="replaceable"><code>integer</code></em>;<br>
......@@ -897,7 +896,7 @@ view
transfer-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[port(<br>
<em class="replaceable"><code>integer</code></em>|*)][dscp<em class="replaceable"><code>integer</code></em>];<br>
try-tcp-refresh<em class="replaceable"><code>boolean</code></em>;<br>
type(primary|master|secondary|slave|<br>
type(primary|master|secondary|slave|mirror|<br>
delegation-only|forward|hint|redirect|<br>
static-stub|stub);<br>
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -977,7 +976,6 @@ zone
max-zone-ttl(unlimited|<em class="replaceable"><code>ttlval</code></em>);<br>
min-refresh-time<em class="replaceable"><code>integer</code></em>;<br>
min-retry-time<em class="replaceable"><code>integer</code></em>;<br>
mirror<em class="replaceable"><code>boolean</code></em>;<br>
multi-master<em class="replaceable"><code>boolean</code></em>;<br>
notify(explicit|master-only|<em class="replaceable"><code>boolean</code></em>);<br>
notify-delay<em class="replaceable"><code>integer</code></em>;<br>
......@@ -1001,8 +999,9 @@ zone
transfer-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[port(<em class="replaceable"><code>integer</code></em>|*)<br>
][dscp<em class="replaceable"><code>integer</code></em>];<br>
try-tcp-refresh<em class="replaceable"><code>boolean</code></em>;<br>
type(primary|master|secondary|slave|delegation-only|<br>
forward|hint|redirect|static-stub|stub);<br>
type(primary|master|secondary|slave|mirror|<br>
delegation-only|forward|hint|redirect|static-stub|<br>
stub);<br>
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
update-policy(local|{(deny|grant)<em class="replaceable"><code>string</code></em>(6to4-self|<br>
external|krb5-self|krb5-subdomain|ms-self|ms-subdomain<br>
......
<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<!-- Generated by doc/misc/docbook-zoneopt.pl -->
<programlisting>
<command>zone</command> <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
<command>type</command> mirror;
<command>allow-notify</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-query</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-query-on</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-transfer</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-update-forwarding</command> { <replaceable>address_match_element</replaceable>; ... };
<command>also-notify</command> [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
<command>alt-transfer-source</command> ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>alt-transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>check-names</command> ( fail | warn | ignore );
<command>database</command> <replaceable>string</replaceable>;
<command>file</command> <replaceable>quoted_string</replaceable>;
<command>ixfr-from-differences</command> <replaceable>boolean</replaceable>;
<command>journal</command> <replaceable>quoted_string</replaceable>;
<command>masterfile-format</command> ( map | raw | text );
<command>masterfile-style</command> ( full | relative );
<command>masters</command> [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
<command>max-journal-size</command> ( default | unlimited | <replaceable>sizeval</replaceable> );
<command>max-records</command> <replaceable>integer</replaceable>;
<command>max-refresh-time</command> <replaceable>integer</replaceable>;
<command>max-retry-time</command> <replaceable>integer</replaceable>;
<command>max-transfer-idle-in</command> <replaceable>integer</replaceable>;
<command>max-transfer-idle-out</command> <replaceable>integer</replaceable>;
<command>max-transfer-time-in</command> <replaceable>integer</replaceable>;
<command>max-transfer-time-out</command> <replaceable>integer</replaceable>;
<command>min-refresh-time</command> <replaceable>integer</replaceable>;
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>multi-master</command> <replaceable>boolean</replaceable>;
<command>notify</command> ( explicit | master-only | <replaceable>boolean</replaceable> );
<command>notify-delay</command> <replaceable>integer</replaceable>;
<command>notify-source</command> ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>notify-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>request-expire</command> <replaceable>boolean</replaceable>;
<command>request-ixfr</command> <replaceable>boolean</replaceable>;
<command>transfer-source</command> ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>try-tcp-refresh</command> <replaceable>boolean</replaceable>;
<command>use-alt-transfer-source</command> <replaceable>boolean</replaceable>;
<command>zero-no-soa-ttl</command> <replaceable>boolean</replaceable>;
<command>zone-statistics</command> ( full | terse | none | <replaceable>boolean</replaceable> );
};
</programlisting>
......@@ -180,7 +180,6 @@
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>minimal-any</command> <replaceable>boolean</replaceable>;
<command>minimal-responses</command> ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
<command>mirror</command> <replaceable>boolean</replaceable>;
<command>multi-master</command> <replaceable>boolean</replaceable>;
<command>new-zones-directory</command> <replaceable>quoted_string</replaceable>;
<command>no-case-compress</command> { <replaceable>address_match_element</replaceable>; ... };
......
......@@ -50,7 +50,6 @@
<command>max-transfer-time-out</command> <replaceable>integer</replaceable>;
<command>min-refresh-time</command> <replaceable>integer</replaceable>;
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>mirror</command> <replaceable>boolean</replaceable>;
<command>multi-master</command> <replaceable>boolean</replaceable>;
<command>notify</command> ( explicit | master-only | <replaceable>boolean</replaceable> );
<command>notify-delay</command> <replaceable>integer</replaceable>;
......
......@@ -35,6 +35,7 @@ options: FORCE
${CFG_TEST} --named --grammar > $@.raw ; \
${CFG_TEST} --zonegrammar master > master.zoneopt ; \
${CFG_TEST} --zonegrammar slave > slave.zoneopt ; \
${CFG_TEST} --zonegrammar mirror > mirror.zoneopt ; \
${CFG_TEST} --zonegrammar forward > forward.zoneopt ; \
${CFG_TEST} --zonegrammar hint > hint.zoneopt ; \
${CFG_TEST} --zonegrammar stub > stub.zoneopt ; \
......@@ -54,6 +55,7 @@ docbook: options
${PERL} docbook-options.pl options > ${top_srcdir}/bin/named/named.conf.docbook
${PERL} docbook-zoneopt.pl master.zoneopt > ${top_srcdir}/doc/arm/master.zoneopt.xml
${PERL} docbook-zoneopt.pl slave.zoneopt > ${top_srcdir}/doc/arm/slave.zoneopt.xml
${PERL} docbook-zoneopt.pl mirror.zoneopt > ${top_srcdir}/doc/arm/mirror.zoneopt.xml
${PERL} docbook-zoneopt.pl forward.zoneopt > ${top_srcdir}/doc/arm/forward.zoneopt.xml
${PERL} docbook-zoneopt.pl hint.zoneopt > ${top_srcdir}/doc/arm/hint.zoneopt.xml
${PERL} docbook-zoneopt.pl stub.zoneopt > ${top_srcdir}/doc/arm/stub.zoneopt.xml
......
zone <string> [ <class> ] {
type mirror;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
check-names ( fail | warn | ignore );
database <string>;
file <quoted_string>;
ixfr-from-differences <boolean>;
journal <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
......@@ -239,7 +239,6 @@ options {
min-roots <integer>; // not implemented
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
mirror <boolean>;
multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
......@@ -580,7 +579,6 @@ view <string> [ <class> ] {
min-roots <integer>; // not implemented
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
mirror <boolean>;
multi-master <boolean>;
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
......@@ -786,7 +784,6 @@ view <string> [ <class> ] {
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
mirror <boolean>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
......@@ -814,7 +811,7 @@ view <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( primary | master | secondary | slave |
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk <boolean>;
......@@ -892,7 +889,6 @@ zone <string> [ <class> ] {
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
mirror <boolean>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
......@@ -918,8 +914,9 @@ zone <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( primary | master | secondary | slave | delegation-only |
forward | hint | redirect | static-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
......
......@@ -37,7 +37,6 @@ zone <string> [ <class> ] {
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
mirror <boolean>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
......
......@@ -2682,6 +2682,7 @@
./doc/arm/managed-keys.xml SGML 2010,2014,2015,2016,2017,2018
./doc/arm/master.zoneopt.xml SGML 2018
./doc/arm/masters.grammar.xml SGML 2018
./doc/arm/mirror.zoneopt.xml SGML 2018
./doc/arm/notes-wrapper.xml SGML 2014,2015,2016,2018
./doc/arm/notes.conf X 2015,2018
./doc/arm/notes.html X 2014,2015,2016,2017,2018
......@@ -2748,6 +2749,7 @@
./doc/misc/master.zoneopt X 2018
./doc/misc/migration TXT.BRIEF 2000,2001,2003,2004,2007,2008,2016,2018
./doc/misc/migration-4to9 TXT.BRIEF 2001,2004,2016,2018
./doc/misc/mirror.zoneopt X 2018
./doc/misc/options X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018
./doc/misc/redirect.zoneopt X 2018
./doc/misc/rfc-compliance TXT.BRIEF 2001,2004,2015,2016,2018
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment