From 8a28d9f1d4816ef9f4873498b329a31778884a80 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Fri, 21 Apr 2017 16:27:56 -0700 Subject: [PATCH] [master] auto-generate named.conf.docbook 4603. [doc] Automatically generate named.conf(5) man page from doc/misc/options. Thanks to Tony Finch. [RT #43525] --- CHANGES | 4 + bin/named/named.conf.docbook | 1277 +++++++++++++++++++++------------- doc/misc/Makefile.in | 5 +- doc/misc/docbook-options.pl | 176 +++++ 4 files changed, 961 insertions(+), 501 deletions(-) create mode 100644 doc/misc/docbook-options.pl diff --git a/CHANGES b/CHANGES index 0e298ecbb9..e320f270dc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4603. [doc] Automatically generate named.conf(5) man page + from doc/misc/options. Thanks to Tony Finch. + [RT #43525] + 4602. [func] Threads are now set to human-readable names to assist debugging, when supported by the OS. [RT #43234] diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 16afd95ed5..a79a1160ce 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -1,15 +1,16 @@ - + + - 2014-01-08 + 2017-03-08 ISC @@ -77,119 +78,105 @@ acl string { address_match_element; ... }; - - KEY + CONTROLS -key domain_name { - algorithm string; - secret string; +controls { + inet ( ipv4_address | ipv6_address | + * ) port ( integer | * ) allow + { address_match_element; ... } + keys { string; ... } read-only + boolean ; + unix quoted_string perm integer + owner integer group integer + keys { string; ... } read-only + boolean ; }; - MASTERS + DLZ -masters string port integer { - ( masters | ipv4_address port integer | - ipv6_address port integer ) key string ; ... +dlz string { + database string; + search boolean; }; - SERVER + DYNDB -server ( ipv4_address/prefixlen | ipv6_address/prefixlen ) { - bogus boolean; - edns boolean; - edns-udp-size integer; - max-udp-size integer; - padding integer; - tcp-only boolean; - tcp-keepalive boolean; - provide-ixfr boolean; - request-ixfr boolean; - keys server_key; - transfers integer; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; - - support-ixfr boolean; // obsolete -}; +dyndb string quoted_string { + unspecified-text }; - TRUSTED-KEYS + KEY -trusted-keys { - domain_name flags protocol algorithm key; ... +key string { + algorithm string; + secret string; }; - MANAGED-KEYS + LOGGING -managed-keys { - domain_name initial-key flags protocol algorithm key; ... +logging { + category string { string; ... }; + channel string { + buffered boolean; + file quoted_string versions ( unlimited | integer ) + size size suffix ( increment | timestamp ) ; + null; + print-category boolean; + print-severity boolean; + print-time ( iso8601 | iso8601-utc | local | boolean ); + severity log_severity; + stderr; + syslog syslog_facility ; + }; }; - CONTROLS + LWRES -controls { - inet ( ipv4_address | ipv6_address | * ) - port ( integer | * ) - allow { address_match_element; ... } - keys { string; ... } ; - unix unsupported; // not implemented +lwres { + listen-on port integer dscp integer { ( ipv4_address + | ipv6_address ) port integer dscp integer ; ... }; + lwres-clients integer; + lwres-tasks integer; + ndots integer; + search { string; ... }; + view string class ; }; - LOGGING + MANAGED-KEYS -logging { - channel string { - file log_file; - syslog optional_facility; - null; - stderr; - severity log_severity; - print-time boolean; - print-severity boolean; - print-category boolean; - }; - category string { string; ... }; -}; +managed-keys { string string integer + integer integer quoted_string; ... }; - LWRES + MASTERS -lwres { - listen-on port integer { - ( ipv4_address | ipv6_address ) port integer ; ... - }; - view string optional_class; - search { string; ... }; - ndots integer; - lwres-tasks integer; - lwres-clients integer; -}; +masters string port integer dscp + integer { ( masters | ipv4_address + port integer | ipv6_address port + integer ) key string ; ... }; @@ -197,419 +184,705 @@ lwres { options { - avoid-v4-udp-ports { port; ... }; - avoid-v6-udp-ports { port; ... }; + acache-cleaning-interval integer; + acache-enable boolean; + additional-from-auth boolean; + additional-from-cache boolean; + allow-new-zones boolean; + allow-notify { address_match_element; ... }; + allow-query { address_match_element; ... }; + allow-query-cache { address_match_element; ... }; + allow-query-cache-on { address_match_element; ... }; + allow-query-on { address_match_element; ... }; + allow-recursion { address_match_element; ... }; + allow-recursion-on { address_match_element; ... }; + allow-transfer { address_match_element; ... }; + allow-update { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + also-notify port integer dscp integer { ( masters | + ipv4_address port integer | ipv6_address port + integer ) key string ; ... }; + alt-transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + alt-transfer-source-v6 ( ipv6_address | * ) port ( integer | + * ) dscp integer ; + attach-cache string; + auth-nxdomain boolean; // default changed + auto-dnssec ( allow | maintain | off ); + automatic-interface-scan boolean; + avoid-v4-udp-ports { portrange; ... }; + avoid-v6-udp-ports { portrange; ... }; + bindkeys-file quoted_string; blackhole { address_match_element; ... }; - coresize size; - datasize size; + cache-file quoted_string; + catalog-zones { zone quoted_string default-masters port + integer dscp integer { ( masters | ipv4_address + port integer | ipv6_address port integer ) key + string ; ... } zone-directory quoted_string + in-memory boolean min-update-interval integer ; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity boolean; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( master | slave | response + ) ( fail | warn | ignore ); + check-sibling boolean; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard boolean; + cleaning-interval integer; + clients-per-query integer; + cookie-algorithm ( aes | sha1 | sha256 ); + cookie-secret string; + coresize ( default | unlimited | sizeval ); + datasize ( default | unlimited | sizeval ); + deny-answer-addresses { address_match_element; ... } + except-from { quoted_string; ... } ; + deny-answer-aliases { quoted_string; ... } except-from { + quoted_string; ... } ; + dialup ( notify | notify-passive | passive | refresh | boolean ); directory quoted_string; - dnstap { message_type; ... }; - dnstap-output ( file | unix ) path_name; - dnstap-identity ( string | hostname | none ); - dnstap-version ( string | none ); + disable-algorithms string { string; + ... }; + disable-ds-digests string { string; + ... }; + disable-empty-zone string; + dns64 netprefix { + break-dnssec boolean; + clients { address_match_element; ... }; + exclude { address_match_element; ... }; + mapped { address_match_element; ... }; + recursive-only boolean; + suffix ipv6_address; + }; + dns64-contact string; + dns64-server string; + dnssec-accept-expired boolean; + dnssec-dnskey-kskonly boolean; + dnssec-enable boolean; + dnssec-loadkeys-interval integer; + dnssec-lookaside ( string trust-anchor + string | auto | no ); + dnssec-must-be-secure string boolean; + dnssec-secure-to-insecure boolean; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | + resolver ) ( query | response ) ; ... }; + dnstap-identity ( quoted_string | none | + hostname ); + dnstap-output ( file | unix ) quoted_string + size ( unlimited | size ) versions ( + unlimited | integer ) suffix ( increment + | timestamp ) ; + dnstap-version ( quoted_string | none ); + dscp integer; + dual-stack-servers port integer { ( quoted_string port + integer dscp integer | ipv4_address port + integer dscp integer | ipv6_address port + integer dscp integer ); ... }; dump-file quoted_string; - files size; - fstrm-set-buffer-hint number; - fstrm-set-flush-timeout number; - fstrm-set-input-queue-size number; - fstrm-set-output-notify-threshold number; - fstrm-set-output-queue-model ( mpsc | spsc ) ; - fstrm-set-output-queue-size number; - fstrm-set-reopen-interval number; + edns-udp-size integer; + empty-contact string; + empty-server string; + empty-zones-enable boolean; + fetch-quota-params integer fixedpoint fixedpoint fixedpoint; + fetches-per-server integer ( drop | fail ) ; + fetches-per-zone integer ( drop | fail ) ; + files ( default | unlimited | sizeval ); + filter-aaaa { address_match_element; ... }; + filter-aaaa-on-v4 ( break-dnssec | boolean ); + filter-aaaa-on-v6 ( break-dnssec | boolean ); + flush-zones-on-shutdown boolean; + forward ( first | only ); + forwarders port integer dscp integer { ( ipv4_address + | ipv6_address ) port integer dscp integer ; ... }; + fstrm-set-buffer-hint integer; + fstrm-set-flush-timeout integer; + fstrm-set-input-queue-size integer; + fstrm-set-output-notify-threshold integer; + fstrm-set-output-queue-model ( mpsc | spsc ); + fstrm-set-output-queue-size integer; + fstrm-set-reopen-interval integer; + geoip-directory ( quoted_string | none ); + geoip-use-ecs ( quoted_string | none ); heartbeat-interval integer; - host-statistics boolean; // not implemented - host-statistics-max number; // not implemented hostname ( quoted_string | none ); + inline-signing boolean; interface-interval integer; + ixfr-from-differences ( master | slave | boolean ); keep-response-order { address_match_element; ... }; - listen-on port integer { address_match_element; ... }; - listen-on-v6 port integer { address_match_element; ... }; + key-directory quoted_string; + lame-ttl ttlval; + listen-on port integer dscp + integer { + address_match_element; ... }; + listen-on-v6 port integer dscp + integer { + address_match_element; ... }; + lock-file ( quoted_string | none ); + managed-keys-directory quoted_string; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); match-mapped-addresses boolean; + max-acache-size ( unlimited | sizeval ); + max-cache-size ( default | unlimited | sizeval | percentage ); + max-cache-ttl integer; + max-clients-per-query integer; + max-journal-size ( unlimited | sizeval ); + max-ncache-ttl integer; + max-records integer; + max-recursion-depth integer; + max-recursion-queries integer; + max-refresh-time integer; + max-retry-time integer; + max-rsa-exponent-size integer; + max-transfer-idle-in integer; + max-transfer-idle-out integer; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-udp-size integer; + max-zone-ttl ( unlimited | ttlval ); + memstatistics boolean; memstatistics-file quoted_string; + message-compression boolean; + min-refresh-time integer; + min-retry-time integer; + minimal-any boolean; + minimal-responses ( no-auth | no-auth-recursive | boolean ); + multi-master boolean; + no-case-compress { address_match_element; ... }; + nocookie-udp-size integer; + notify ( explicit | master-only | boolean ); + notify-delay integer; + notify-rate integer; + notify-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; + notify-to-soa boolean; + nsec3-test-zone boolean; // test only + nta-lifetime ttlval; + nta-recheck ttlval; + nxdomain-redirect string; pid-file ( quoted_string | none ); port integer; + preferred-glue string; + prefetch integer integer ; + provide-ixfr boolean; + query-source ( ( address ( ipv4_address | * ) port ( + integer | * ) ) | ( address ( ipv4_address | * ) + port ( integer | * ) ) ) dscp integer ; + query-source-v6 ( ( address ( ipv6_address | * ) port ( + integer | * ) ) | ( address ( ipv6_address | * ) + port ( integer | * ) ) ) dscp integer ; querylog boolean; - recursing-file quoted_string; - reserved-sockets integer; random-device quoted_string; + rate-limit { + all-per-second integer; + errors-per-second integer; + exempt-clients { address_match_element; ... }; + ipv4-prefix-length integer; + ipv6-prefix-length integer; + log-only boolean; + max-table-size integer; + min-table-size integer; + nodata-per-second integer; + nxdomains-per-second integer; + qps-scale integer; + referrals-per-second integer; + responses-per-second integer; + slip integer; + window integer; + }; + recursing-file quoted_string; + recursion boolean; recursive-clients integer; + request-expire boolean; + request-ixfr boolean; + request-nsid boolean; + require-server-cookie boolean; + reserved-sockets integer; + resolver-query-timeout integer; + response-padding { address_match_element; ... } block-size + integer; + response-policy { zone quoted_string log boolean + max-policy-ttl integer min-update-interval integer + policy ( cname | disabled | drop | given | no-op | nodata | + nxdomain | passthru | tcp-only quoted_string ) + recursive-only boolean ; ... } break-dnssec boolean + max-policy-ttl integer min-update-interval integer + min-ns-dots integer nsip-wait-recurse boolean + qname-wait-recurse boolean recursive-only boolean ; + root-delegation-only exclude { quoted_string; ... } ; + rrset-order { class string type string name + quoted_string string string; ... }; + secroots-file quoted_string; + send-cookie boolean; serial-query-rate integer; - server-id ( quoted_string | hostname | none ); - stacksize size; + serial-update-method ( date | increment | unixtime ); + server-id ( quoted_string | none | hostname ); + servfail-ttl ttlval; + session-keyalg string; + session-keyfile ( quoted_string | none ); + session-keyname string; + sig-signing-nodes integer; + sig-signing-signatures integer; + sig-signing-type integer; + sig-validity-interval integer integer ; + sortlist { address_match_element; ... }; + stacksize ( default | unlimited | sizeval ); + startup-notify-rate integer; statistics-file quoted_string; - statistics-interval integer; // not yet implemented + tcp-advertised-timeout integer; tcp-clients integer; + tcp-idle-timeout integer; + tcp-initial-timeout integer; + tcp-keepalive-timeout integer; tcp-listen-queue integer; tkey-dhkey quoted_string integer; + tkey-domain quoted_string; tkey-gssapi-credential quoted_string; tkey-gssapi-keytab quoted_string; - tkey-domain quoted_string; + transfer-format ( many-answers | one-answer ); transfer-message-size integer; - transfers-per-ns integer; + transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + transfer-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; transfers-in integer; transfers-out integer; - version ( quoted_string | none ); - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - sortlist { address_match_element; ... }; - topology { address_match_element; ... }; // not implemented - auth-nxdomain boolean; // default changed - minimal-any boolean; - minimal-responses ( boolean | no-auth | no-auth-recursive ); - recursion boolean; - rrset-order { - class string type string - name quoted_string string string; ... - }; - provide-ixfr boolean; - request-ixfr boolean; - rfc2308-type1 boolean; // not yet implemented - additional-from-auth boolean; - additional-from-cache boolean; - query-source ( ( ipv4_address | * ) | address ( ipv4_address | * ) ) port ( integer | * ) ; - query-source-v6 ( ( ipv6_address | * ) | address ( ipv6_address | * ) ) port ( integer | * ) ; - use-queryport-pool boolean; - queryport-pool-ports integer; - queryport-pool-updateinterval integer; - cleaning-interval integer; - resolver-query-timeout integer; - min-roots integer; // not implemented - lame-ttl integer; - max-ncache-ttl integer; - max-cache-ttl integer; - transfer-format ( many-answers | one-answer ); - max-cache-size size; - max-acache-size size; - clients-per-query number; - max-clients-per-query number; - check-names ( master | slave | response ) - ( fail | warn | ignore ); - check-mx ( fail | warn | ignore ); - check-integrity boolean; - check-mx-cname ( fail | warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - cache-file quoted_string; // test option - catalog-zones { - zone quoted_string - default-masters - port ip_port - dscp ip_dscp - { ( masters_list | ip_addr port ip_port key key ) ; ... } - in-memory yes_or_no - min-update-interval interval - ; ... }; - ; - suppress-initial-notify boolean; // not yet implemented - preferred-glue string; - dual-stack-servers port integer { - ( quoted_string port integer | - ipv4_address port integer | - ipv6_address port integer ); ... - }; - edns-udp-size integer; - max-udp-size integer; - root-delegation-only exclude { quoted_string; ... } ; - disable-algorithms string { string; ... }; - disable-ds-digests string { string; ... }; - dnssec-enable boolean; - dnssec-validation boolean; - dnssec-lookaside ( auto | no | domain trust-anchor domain ); - dnssec-must-be-secure string boolean; - dnssec-accept-expired boolean; - - dns64-server string; - dns64-contact string; - dns64 prefix { - clients { acl; }; - exclude { acl; }; - mapped { acl; }; - break-dnssec boolean; - recursive-only boolean; - suffix ipv6_address; - }; - - empty-server string; - empty-contact string; - empty-zones-enable boolean; - disable-empty-zone string; - - dialup dialuptype; - ixfr-from-differences ixfrdiff; - - allow-query { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-transfer { address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; + transfers-per-ns integer; + trust-anchor-telemetry boolean; // experimental + try-tcp-refresh boolean; update-check-ksk boolean; - dnssec-dnskey-kskonly boolean; - - masterfile-format ( text | raw | map ); - notify notifytype; - notify-source ( ipv4_address | * ) port ( integer | * ) ; - notify-source-v6 ( ipv6_address | * ) port ( integer | * ) ; - notify-delay seconds; - notify-to-soa boolean; - also-notify port integer { ( ipv4_address | ipv6_address ) - port integer ; ... - key keyname ... }; - allow-notify { address_match_element; ... }; - - forward ( first | only ); - forwarders port integer { - ( ipv4_address | ipv6_address ) port integer ; ... - }; - - max-journal-size size_no_default; - max-records integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-retry-time integer; - min-retry-time integer; - max-refresh-time integer; - min-refresh-time integer; - multi-master boolean; - - sig-validity-interval integer; - sig-re-signing-interval integer; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - - transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; - - alt-transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - alt-transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; use-alt-transfer-source boolean; - - zone-statistics boolean; - key-directory quoted_string; - managed-keys-directory quoted_string; - auto-dnssec allow|maintain|off; - try-tcp-refresh boolean; + use-v4-udp-ports { portrange; ... }; + use-v6-udp-ports { portrange; ... }; + v6-bias integer; + version ( quoted_string | none ); zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; - dnssec-secure-to-insecure boolean; - automatic-interface-scan boolean; - - cookie-algorithm ( aes | sha1 | sha256 ); - cookie-secret string; - require-server-cookie boolean; - send-cookie boolean; - nocookie-udp-size integer; - - response-padding { - address_match_list - } block-size integer; - - deny-answer-addresses { - address_match_list - } except-from { namelist } ; - deny-answer-aliases { - namelist - } except-from { namelist } ; - - nsec3-test-zone boolean; // testing only - - allow-v6-synthesis { address_match_element; ... }; // obsolete - deallocate-on-exit boolean; // obsolete - fake-iquery boolean; // obsolete - fetch-glue boolean; // obsolete - has-old-clients boolean; // obsolete - maintain-ixfr-base boolean; // obsolete - max-ixfr-log-size size; // obsolete - multiple-cnames boolean; // obsolete - named-xfer quoted_string; // obsolete - serial-queries integer; // obsolete - treat-cr-as-space boolean; // obsolete - use-id-pool boolean; // obsolete - use-ixfr boolean; // obsolete + zone-statistics ( full | terse | none | boolean ); }; - VIEW + SERVER -view string optional_class { - match-clients { address_match_element; ... }; - match-destinations { address_match_element; ... }; - match-recursive-only boolean; +server netprefix { + bogus boolean; + edns boolean; + edns-udp-size integer; + edns-version integer; + keys server_key; + max-udp-size integer; + notify-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; + padding integer; + provide-ixfr boolean; + query-source ( ( address ( ipv4_address | * ) port ( + integer | * ) ) | ( address ( ipv4_address | * ) + port ( integer | * ) ) ) dscp integer ; + query-source-v6 ( ( address ( ipv6_address | * ) port ( + integer | * ) ) | ( address ( ipv6_address | * ) + port ( integer | * ) ) ) dscp integer ; + request-expire boolean; + request-ixfr boolean; + request-nsid boolean; + send-cookie boolean; + tcp-keepalive boolean; + tcp-only boolean; + transfer-format ( many-answers | one-answer ); + transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + transfer-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; + transfers integer; +}; + + - key string { - algorithm string; - secret string; - }; + STATISTICS-CHANNELS - zone string optional_class { - ... - }; + +statistics-channels { + inet ( ipv4_address | ipv6_address | + * ) port ( integer | * ) + allow { address_match_element; ... + } ; +}; + + - server ( ipv4_address/prefixlen | ipv6_address/prefixlen ) { - ... - }; + TRUSTED-KEYS - trusted-keys { - string integer integer integer quoted_string; - ... - }; + +trusted-keys { string integer integer + integer quoted_string; ... }; + + - managed-keys { - domain_name initial-key flags protocol algorithm key; - ... - }; + VIEW + +view string class { + acache-cleaning-interval integer; + acache-enable boolean; + additional-from-auth boolean; + additional-from-cache boolean; + allow-new-zones boolean; + allow-notify { address_match_element; ... }; + allow-query { address_match_element; ... }; + allow-query-cache { address_match_element; ... }; + allow-query-cache-on { address_match_element; ... }; + allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; - sortlist { address_match_element; ... }; - topology { address_match_element; ... }; // not implemented + allow-transfer { address_match_element; ... }; + allow-update { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + also-notify port integer dscp integer { ( masters | + ipv4_address port integer | ipv6_address port + integer ) key string ; ... }; + alt-transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + alt-transfer-source-v6 ( ipv6_address | * ) port ( integer | + * ) dscp integer ; + attach-cache string; auth-nxdomain boolean; // default changed - minimal-any boolean; - minimal-responses boolean; - recursion boolean; - rrset-order { - class string type string - name quoted_string string string; ... - }; - provide-ixfr boolean; - request-ixfr boolean; - rfc2308-type1 boolean; // not yet implemented - additional-from-auth boolean; - additional-from-cache boolean; - query-source ( ( ipv4_address | * ) | address ( ipv4_address | * ) ) port ( integer | * ) ; - query-source-v6 ( ( ipv6_address | * ) | address ( ipv6_address | * ) ) port ( integer | * ) ; - use-queryport-pool boolean; - queryport-pool-ports integer; - queryport-pool-updateinterval integer; - cleaning-interval integer; - resolver-query-timeout integer; - min-roots integer; // not implemented - lame-ttl integer; - max-ncache-ttl integer; - max-cache-ttl integer; - transfer-format ( many-answers | one-answer ); - max-cache-size size; - max-acache-size size; - clients-per-query number; - max-clients-per-query number; - check-names ( master | slave | response ) - ( fail | warn | ignore ); - check-mx ( fail | warn | ignore ); + auto-dnssec ( allow | maintain | off ); + cache-file quoted_string; + catalog-zones { zone quoted_string default-masters port + integer dscp integer { ( masters | ipv4_address + port integer | ipv6_address port integer ) key + string ; ... } zone-directory quoted_string + in-memory boolean min-update-interval integer ; ... }; + check-dup-records ( fail | warn | ignore ); check-integrity boolean; + check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); + check-names ( master | slave | response + ) ( fail | warn | ignore ); + check-sibling boolean; + check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); - cache-file quoted_string; // test option - suppress-initial-notify boolean; // not yet implemented - preferred-glue string; - dual-stack-servers port integer { - ( quoted_string port integer | - ipv4_address port integer | - ipv6_address port integer ); ... + check-wildcard boolean; + cleaning-interval integer; + clients-per-query integer; + deny-answer-addresses { address_match_element; ... } + except-from { quoted_string; ... } ; + deny-answer-aliases { quoted_string; ... } except-from { + quoted_string; ... } ; + dialup ( notify | notify-passive | passive | refresh | boolean ); + disable-algorithms string { string; + ... }; + disable-ds-digests string { string; + ... }; + disable-empty-zone string; + dlz string { + database string; + search boolean; }; - edns-udp-size integer; - max-udp-size integer; - root-delegation-only exclude { quoted_string; ... } ; - disable-algorithms string { string; ... }; - disable-ds-digests string { string; ... }; - dnssec-enable boolean; - dnssec-validation boolean; - dnssec-lookaside ( auto | no | domain trust-anchor domain ); - dnssec-must-be-secure string boolean; - dnssec-accept-expired boolean; - - dns64-server string; - dns64-contact string; - dns64 prefix { - clients { acl; }; - exclude { acl; }; - mapped { acl; }; + dns64 netprefix { break-dnssec boolean; + clients { address_match_element; ... }; + exclude { address_match_element; ... }; + mapped { address_match_element; ... }; recursive-only boolean; suffix ipv6_address; }; - - empty-server string; + dns64-contact string; + dns64-server string; + dnssec-accept-expired boolean; + dnssec-dnskey-kskonly boolean; + dnssec-enable boolean; + dnssec-loadkeys-interval integer; + dnssec-lookaside ( string trust-anchor + string | auto | no ); + dnssec-must-be-secure string boolean; + dnssec-secure-to-insecure boolean; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | + resolver ) ( query | response ) ; ... }; + dual-stack-servers port integer { ( quoted_string port + integer dscp integer | ipv4_address port + integer dscp integer | ipv6_address port + integer dscp integer ); ... }; + dyndb string quoted_string { + unspecified-text }; + edns-udp-size integer; empty-contact string; + empty-server string; empty-zones-enable boolean; - disable-empty-zone string; - - dialup dialuptype; - ixfr-from-differences ixfrdiff; - - allow-query { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-transfer { address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - update-check-ksk boolean; - dnssec-dnskey-kskonly boolean; - - masterfile-format ( text | raw | map ); - notify notifytype; - notify-source ( ipv4_address | * ) port ( integer | * ) ; - notify-source-v6 ( ipv6_address | * ) port ( integer | * ) ; - notify-delay seconds; - notify-to-soa boolean; - also-notify port integer { ( ipv4_address | ipv6_address ) - port integer ; ... - key keyname ... }; - allow-notify { address_match_element; ... }; - + fetch-quota-params integer fixedpoint fixedpoint fixedpoint; + fetches-per-server integer ( drop | fail ) ; + fetches-per-zone integer ( drop | fail ) ; + filter-aaaa { address_match_element; ... }; + filter-aaaa-on-v4 ( break-dnssec | boolean ); + filter-aaaa-on-v6 ( break-dnssec | boolean ); forward ( first | only ); - forwarders port integer { - ( ipv4_address | ipv6_address ) port integer ; ... + forwarders port integer dscp integer { ( ipv4_address + | ipv6_address ) port integer dscp integer ; ... }; + inline-signing boolean; + ixfr-from-differences ( master | slave | boolean ); + key string { + algorithm string; + secret string; }; - - max-journal-size size_no_default; + key-directory quoted_string; + lame-ttl ttlval; + managed-keys { string string + integer integer integer + quoted_string; ... }; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + match-clients { address_match_element; ... }; + match-destinations { address_match_element; ... }; + match-recursive-only boolean; + max-acache-size ( unlimited | sizeval ); + max-cache-size ( default | unlimited | sizeval | percentage ); + max-cache-ttl integer; + max-clients-per-query integer; + max-journal-size ( unlimited | sizeval ); + max-ncache-ttl integer; max-records integer; - max-transfer-time-in integer; - max-transfer-time-out integer; + max-recursion-depth integer; + max-recursion-queries integer; + max-refresh-time integer; + max-retry-time integer; max-transfer-idle-in integer; max-transfer-idle-out integer; - max-retry-time integer; - min-retry-time integer; - max-refresh-time integer; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-udp-size integer; + max-zone-ttl ( unlimited | ttlval ); + message-compression boolean; min-refresh-time integer; + min-retry-time integer; + minimal-any boolean; + minimal-responses ( no-auth | no-auth-recursive | boolean ); multi-master boolean; - sig-validity-interval integer; - - transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; - - alt-transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - alt-transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; - use-alt-transfer-source boolean; - - zone-statistics boolean; + no-case-compress { address_match_element; ... }; + nocookie-udp-size integer; + notify ( explicit | master-only | boolean ); + notify-delay integer; + notify-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; + notify-to-soa boolean; + nsec3-test-zone boolean; // test only + nta-lifetime ttlval; + nta-recheck ttlval; + nxdomain-redirect string; + preferred-glue string; + prefetch integer integer ; + provide-ixfr boolean; + query-source ( ( address ( ipv4_address | * ) port ( + integer | * ) ) | ( address ( ipv4_address | * ) + port ( integer | * ) ) ) dscp integer ; + query-source-v6 ( ( address ( ipv6_address | * ) port ( + integer | * ) ) | ( address ( ipv6_address | * ) + port ( integer | * ) ) ) dscp integer ; + rate-limit { + all-per-second integer; + errors-per-second integer; + exempt-clients { address_match_element; ... }; + ipv4-prefix-length integer; + ipv6-prefix-length integer; + log-only boolean; + max-table-size integer; + min-table-size integer; + nodata-per-second integer; + nxdomains-per-second integer; + qps-scale integer; + referrals-per-second integer; + responses-per-second integer; + slip integer; + window integer; + }; + recursion boolean; + request-expire boolean; + request-ixfr boolean; + request-nsid boolean; + require-server-cookie boolean; + resolver-query-timeout integer; + response-padding { address_match_element; ... } block-size + integer; + response-policy { zone quoted_string log boolean + max-policy-ttl integer min-update-interval integer + policy ( cname | disabled | drop | given | no-op | nodata | + nxdomain | passthru | tcp-only quoted_string ) + recursive-only boolean ; ... } break-dnssec boolean + max-policy-ttl integer min-update-interval integer + min-ns-dots integer nsip-wait-recurse boolean + qname-wait-recurse boolean recursive-only boolean ; + root-delegation-only exclude { quoted_string; ... } ; + rrset-order { class string type string name + quoted_string string string; ... }; + send-cookie boolean; + serial-update-method ( date | increment | unixtime ); + server netprefix { + bogus boolean; + edns boolean; + edns-udp-size integer; + edns-version integer; + keys server_key; + max-udp-size integer; + notify-source ( ipv4_address | * ) port ( integer | * + ) dscp integer ; + notify-source-v6 ( ipv6_address | * ) port ( integer + | * ) dscp integer ; + padding integer; + provide-ixfr boolean; + query-source ( ( address ( ipv4_address | * ) port + ( integer | * ) ) | ( address ( + ipv4_address | * ) port ( integer | * ) ) ) + dscp integer ; + query-source-v6 ( ( address ( ipv6_address | * ) + port ( integer | * ) ) | ( address ( + ipv6_address | * ) port ( integer | * ) ) ) + dscp integer ; + request-expire boolean; + request-ixfr boolean; + request-nsid boolean; + send-cookie boolean; + tcp-keepalive boolean; + tcp-only boolean; + transfer-format ( many-answers | one-answer ); + transfer-source ( ipv4_address | * ) port ( integer | + * ) dscp integer ; + transfer-source-v6 ( ipv6_address | * ) port ( + integer | * ) dscp integer ; + transfers integer; + }; + servfail-ttl ttlval; + sig-signing-nodes integer; + sig-signing-signatures integer; + sig-signing-type integer; + sig-validity-interval integer integer ; + sortlist { address_match_element; ... }; + transfer-format ( many-answers | one-answer ); + transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + transfer-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; + trust-anchor-telemetry boolean; // experimental + trusted-keys { string integer + integer integer quoted_string; + ... }; try-tcp-refresh boolean; - key-directory quoted_string; + update-check-ksk boolean; + use-alt-transfer-source boolean; + v6-bias integer; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; - dnssec-secure-to-insecure boolean; - - require-server-cookie boolean; - send-cookie boolean; - nocookie-udp-size integer; - - allow-v6-synthesis { address_match_element; ... }; // obsolete - fetch-glue boolean; // obsolete - maintain-ixfr-base boolean; // obsolete - max-ixfr-log-size size; // obsolete + zone string class { + allow-notify { address_match_element; ... }; + allow-query { address_match_element; ... }; + allow-query-on { address_match_element; ... }; + allow-transfer { address_match_element; ... }; + allow-update { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + also-notify port integer dscp integer { ( + masters | ipv4_address port integer | + ipv6_address port integer ) key string ; + ... }; + alt-transfer-source ( ipv4_address | * ) port ( + integer | * ) dscp integer ; + alt-transfer-source-v6 ( ipv6_address | * ) port ( + integer | * ) dscp integer ; + auto-dnssec ( allow | maintain | off ); + check-dup-records ( fail | warn | ignore ); + check-integrity boolean; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling boolean; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard boolean; + database string; + delegation-only boolean; + dialup ( notify | notify-passive | passive | refresh | + boolean ); + dlz string; + dnssec-dnskey-kskonly boolean; + dnssec-loadkeys-interval integer; + dnssec-secure-to-insecure boolean; + dnssec-update-mode ( maintain | no-resign ); + file quoted_string; + forward ( first | only ); + forwarders port integer dscp integer { ( + ipv4_address | ipv6_address ) port integer + dscp integer ; ... }; + in-view string; + inline-signing boolean; + ixfr-from-differences boolean; + journal quoted_string; + key-directory quoted_string; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters port integer dscp integer { ( masters + | ipv4_address port integer | ipv6_address + port integer ) key string ; ... }; + max-ixfr-log-size ( default | unlimited | + max-journal-size ( unlimited | sizeval ); + max-records integer; + max-refresh-time integer; + max-retry-time integer; + max-transfer-idle-in integer; + max-transfer-idle-out integer; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-zone-ttl ( unlimited | ttlval ); + min-refresh-time integer; + min-retry-time integer; + multi-master boolean; + notify ( explicit | master-only | boolean ); + notify-delay integer; + notify-source ( ipv4_address | * ) port ( integer | * + ) dscp integer ; + notify-source-v6 ( ipv6_address | * ) port ( integer + | * ) dscp integer ; + notify-to-soa boolean; + nsec3-test-zone boolean; // test only + pubkey integer + integer + integer + request-expire boolean; + request-ixfr boolean; + serial-update-method ( date | increment | unixtime ); + server-addresses { ( ipv4_address | ipv6_address ) + port integer ; ... }; + server-names { quoted_string; ... }; + sig-signing-nodes integer; + sig-signing-signatures integer; + sig-signing-type integer; + sig-validity-interval integer integer ; + transfer-source ( ipv4_address | * ) port ( integer | + * ) dscp integer ; + transfer-source-v6 ( ipv6_address | * ) port ( + integer | * ) dscp integer ; + try-tcp-refresh boolean; + type ( delegation-only | forward | hint | master | redirect + | slave | static-stub | stub ); + update-check-ksk boolean; + update-policy ( local | { ( deny | grant ) string ( + 6to4-self | external | krb5-self | krb5-subdomain | + ms-self | ms-subdomain | name | self | selfsub | + selfwild | subdomain | tcp-self | wildcard | zonesub ) + string rrtypelist; ... }; + use-alt-transfer-source boolean; + zero-no-soa-ttl boolean; + zone-statistics ( full | terse | none | boolean ); + }; + zone-statistics ( full | terse | none | boolean ); }; @@ -617,98 +890,98 @@ view string optional_class ZONE -zone string optional_class { - type ( master | slave | stub | hint | redirect | - forward | delegation-only ); - file quoted_string; - - masters port integer { - ( masters | - ipv4_address port integer | - ipv6_address port integer ) key string ; ... - }; - - database string; - delegation-only boolean; - check-names ( fail | warn | ignore ); - check-mx ( fail | warn | ignore ); - check-integrity boolean; - check-mx-cname ( fail | warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - dialup dialuptype; - ixfr-from-differences boolean; - journal quoted_string; - zero-no-soa-ttl boolean; - dnssec-secure-to-insecure boolean; - +zone string class { + allow-notify { address_match_element; ... }; allow-query { address_match_element; ... }; allow-query-on { address_match_element; ... }; allow-transfer { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; - update-policy local | { - ( grant | deny ) string - ( name | subdomain | wildcard | self | selfsub | selfwild | - krb5-self | ms-self | krb5-subdomain | ms-subdomain | - tcp-self | zonesub | 6to4-self ) string - rrtypelist; - ... - }; - update-check-ksk boolean; + also-notify port integer dscp integer { ( masters | + ipv4_address port integer | ipv6_address port + integer ) key string ; ... }; + alt-transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + alt-transfer-source-v6 ( ipv6_address | * ) port ( integer | + * ) dscp integer ; + auto-dnssec ( allow | maintain | off ); + check-dup-records ( fail | warn | ignore ); + check-integrity boolean; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( fail | warn | ignore ); + check-sibling boolean; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard boolean; + database string; + delegation-only boolean; + dialup ( notify | notify-passive | passive | refresh | boolean ); + dlz string; dnssec-dnskey-kskonly boolean; - - masterfile-format ( text | raw | map ); - notify notifytype; - notify-source ( ipv4_address | * ) port ( integer | * ) ; - notify-source-v6 ( ipv6_address | * ) port ( integer | * ) ; - notify-delay seconds; - notify-to-soa boolean; - also-notify port integer { ( ipv4_address | ipv6_address ) - port integer ; ... - key keyname ... }; - allow-notify { address_match_element; ... }; - + dnssec-loadkeys-interval integer; + dnssec-secure-to-insecure boolean; + dnssec-update-mode ( maintain | no-resign ); + file quoted_string; forward ( first | only ); - forwarders port integer { - ( ipv4_address | ipv6_address ) port integer ; ... - }; - - max-journal-size size_no_default; + forwarders port integer dscp integer { ( ipv4_address + | ipv6_address ) port integer dscp integer ; ... }; + in-view string; + inline-signing boolean; + ixfr-from-differences boolean; + journal quoted_string; + key-directory quoted_string; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters port integer dscp integer { ( masters | + ipv4_address port integer | ipv6_address port + integer ) key string ; ... }; + max-journal-size ( unlimited | sizeval ); max-records integer; - max-transfer-time-in integer; - max-transfer-time-out integer; + max-refresh-time integer; + max-retry-time integer; max-transfer-idle-in integer; max-transfer-idle-out integer; - max-retry-time integer; - min-retry-time integer; - max-refresh-time integer; + max-transfer-time-in integer; + max-transfer-time-out integer; + max-zone-ttl ( unlimited | ttlval ); min-refresh-time integer; + min-retry-time integer; multi-master boolean; + notify ( explicit | master-only | boolean ); + notify-delay integer; + notify-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + notify-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; + notify-to-soa boolean; + nsec3-test-zone boolean; // test only + pubkey integer integer + request-expire boolean; request-ixfr boolean; - sig-validity-interval integer; - - transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; - - alt-transfer-source ( ipv4_address | * ) - port ( integer | * ) ; - alt-transfer-source-v6 ( ipv6_address | * ) - port ( integer | * ) ; - use-alt-transfer-source boolean; - - zone-statistics boolean; + serial-update-method ( date | increment | unixtime ); + server-addresses { ( ipv4_address | ipv6_address ) port + integer ; ... }; + server-names { quoted_string; ... }; + sig-signing-nodes integer; + sig-signing-signatures integer; + sig-signing-type integer; + sig-validity-interval integer integer ; + transfer-source ( ipv4_address | * ) port ( integer | * ) + dscp integer ; + transfer-source-v6 ( ipv6_address | * ) port ( integer | * ) + dscp integer ; try-tcp-refresh boolean; - key-directory quoted_string; - - nsec3-test-zone boolean; // testing only - - ixfr-base quoted_string; // obsolete - ixfr-tmp-file quoted_string; // obsolete - maintain-ixfr-base boolean; // obsolete - max-ixfr-log-size size; // obsolete - pubkey integer integer integer quoted_string; // obsolete + type ( delegation-only | forward | hint | master | redirect | slave + | static-stub | stub ); + update-check-ksk boolean; + update-policy ( local | { ( deny | grant ) string ( 6to4-self | + external | krb5-self | krb5-subdomain | ms-self | ms-subdomain + | name | self | selfsub | selfwild | subdomain | tcp-self | + wildcard | zonesub ) string rrtypelist; ... }; + use-alt-transfer-source boolean; + zero-no-soa-ttl boolean; + zone-statistics ( full | terse | none | boolean ); }; @@ -722,6 +995,9 @@ zone string optional_class SEE ALSO + ddns-confgen8 + , + named8 , @@ -730,6 +1006,9 @@ zone string optional_class rndc8 , + + rndc-confgen8 + , BIND 9 Administrator Reference Manual. diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in index 0345a7d5f3..604be4a79c 100644 --- a/doc/misc/Makefile.in +++ b/doc/misc/Makefile.in @@ -4,8 +4,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: Makefile.in,v 1.9 2009/07/10 23:47:58 tbox Exp $ - srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ @@ -39,3 +37,6 @@ options: FORCE else \ rm -f $@.new $@.raw $@.sorted ; \ fi + +docbook: options + ${PERL} docbook-options.pl options > ${top_srcdir}/bin/named/named.conf.docbook diff --git a/doc/misc/docbook-options.pl b/doc/misc/docbook-options.pl new file mode 100644 index 0000000000..eba1e0925f --- /dev/null +++ b/doc/misc/docbook-options.pl @@ -0,0 +1,176 @@ +#!/usr/bin/perl +# +# Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# Usage: perl docbook-options.pl doc/misc/options > named.conf.docbook + +use warnings; +use strict; +use Time::Piece; + +if (@ARGV < 1) { + print STDERR <<'END'; +usage: + perl docbook-options.pl options_file [YYYY/MM/DD] >named.conf.docbook +END + exit 1; +} + +my $FILE = shift; + +my $DATE; +if (@ARGV >= 2) { + $DATE = shift +} else { + $DATE = `git log --max-count=1 --date=short --format='%cd' $FILE` or die "unable to determine last modification date of '$FILE'; specify on command line\nexiting"; +} +chomp $DATE; + +open (FH, "<", $FILE) or die "Can't open $FILE"; + +my $t = Time::Piece->new(); +my $year = $t->year; + +print < + + + + + + $DATE + + + ISC + Internet Systems Consortium, Inc. + + + + named.conf + 5 + BIND9 + + + + named.conf + configuration file for named + + + + +END + +for (my $y = 2004; $y <= $year; $y++) { + print " $y\n"; +} + +print <Internet Systems Consortium, Inc. ("ISC") + + + + + + named.conf + + + + DESCRIPTION + + named.conf is the configuration file + for + named. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + + + C style: /* */ + + + C++ style: // to end of line + + + Unix style: # to end of line + + + +END + +# skip preamble +my $preamble = 0; +while () { + if (m{^\s*$}) { + last if $preamble > 0; + } else { + $preamble++; + } +} + +while () { + if (m{// not.*implemented} || m{// obsolete}) { + next; + } + s{ // not configured}{}; + s{ // may occur multiple times}{}; + s{<([a-z0-9_-]+)>}{$1}g; + s{[[]}{}g; + s{[]]}{}g; + s{ }{\t}g; + if (m{^([a-z0-9-]+) }) { + my $HEADING = uc $1; + print <$HEADING + + +END + } + if (m{^\s*$}) { + print < + +END + } + print; +} + +print <FILES + + /etc/named.conf + + + + SEE ALSO + + + ddns-confgen8 + , + + named8 + , + + named-checkconf8 + , + + rndc8 + , + + rndc-confgen8 + , + BIND 9 Administrator Reference Manual. + + + + +END -- GitLab