Commit db1cd0d9 authored by Tinderbox User's avatar Tinderbox User

prep 9.13.4

parent 976881f4
--- 9.13.4 released ---
5098. [func] Failed memory allocations are now fatal. [GL #674] 5098. [func] Failed memory allocations are now fatal. [GL #674]
5097. [cleanup] Remove embedded ATF unit testing framework 5097. [cleanup] Remove embedded ATF unit testing framework
......
...@@ -59,3 +59,31 @@ These are platforms on which BIND is known not to build or run: ...@@ -59,3 +59,31 @@ These are platforms on which BIND is known not to build or run:
* Platforms that don't support IPv6 Advanced Socket API (RFC 3542) * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
* Platforms that don't support atomic operations (via compiler or * Platforms that don't support atomic operations (via compiler or
library) library)
* Linux without NPTL (Native POSIX Thread Library)
Platform quirks
ARM
If the compilation ends with following error:
Error: selected processor does not support `yield' in ARM mode
You will need to set -march compiler option to native, so the compiler
recognizes yield assembler instruction. The proper way to set -march=
native would be to put it into CFLAGS, e.g. run ./configure like this:
CFLAGS="-march=native -Os -g" ./configure plus your usual options.
If that doesn't work, you can enforce the minimum CPU and FPU (taken from
Debian armhf documentation):
* The lowest worthwhile CPU implementation is Armv7-A, therefore the
recommended build option is -march=armv7-a.
* FPU should be set at VFPv3-D16 as they represent the miminum
specification of the processors to support here, therefore the
recommended build option is -mfpu=vfpv3-d16.
The configure command should look like this:
CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure
...@@ -104,6 +104,7 @@ BIND 9.13 features ...@@ -104,6 +104,7 @@ BIND 9.13 features
BIND 9.13 is the newest development branch of BIND 9. It includes a number BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include: of changes from BIND 9.12 and earlier releases. New features include:
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported. * QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate * "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root via a special query which trust anchors are configured for the root
......
...@@ -122,6 +122,7 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a ...@@ -122,6 +122,7 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features number of changes from BIND 9.12 and earlier releases. New features
include: include:
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported. * QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate * "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root zone. via a special query which trust anchors are configured for the root zone.
......
...@@ -74,7 +74,9 @@ will perform an NS query for "\&." (the root)\&. ...@@ -74,7 +74,9 @@ will perform an NS query for "\&." (the root)\&.
It is possible to set per\-user defaults for It is possible to set per\-user defaults for
\fBdig\fR \fBdig\fR
via via
${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&. ${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&. The
\fB\-r\fR
option disables this feature, for scripts that need predictable behaviour\&.
.PP .PP
The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the
\fB\-t\fR \fB\-t\fR
...@@ -174,11 +176,6 @@ reads a list of lookup requests to process from the given ...@@ -174,11 +176,6 @@ reads a list of lookup requests to process from the given
using the command\-line interface\&. using the command\-line interface\&.
.RE .RE
.PP .PP
\-i
.RS 4
Do reverse IPv6 lookups using the obsolete RFC 1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC 2874) are not attempted\&.
.RE
.PP
\-k \fIkeyfile\fR \-k \fIkeyfile\fR
.RS 4 .RS 4
Sign queries using TSIG using a key read from the given file\&. Key files can be generated using Sign queries using TSIG using a key read from the given file\&. Key files can be generated using
...@@ -208,6 +205,12 @@ The domain name to query\&. This is useful to distinguish the ...@@ -208,6 +205,12 @@ The domain name to query\&. This is useful to distinguish the
from other arguments\&. from other arguments\&.
.RE .RE
.PP .PP
\-r
.RS 4
Do not read options from
${HOME}/\&.digrc\&. This is useful for scripts that need predictable behaviour\&.
.RE
.PP
\-t \fItype\fR \-t \fItype\fR
.RS 4 .RS 4
The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
...@@ -246,9 +249,7 @@ arguments\&. ...@@ -246,9 +249,7 @@ arguments\&.
\fBdig\fR \fBdig\fR
automatically performs a lookup for a name like automatically performs a lookup for a name like
94\&.2\&.0\&.192\&.in\-addr\&.arpa 94\&.2\&.0\&.192\&.in\-addr\&.arpa
and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain (but see also the and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&.
\fB\-i\fR
option)\&.
.RE .RE
.PP .PP
\-y \fI[hmac:]\fR\fIkeyname:secret\fR \-y \fI[hmac:]\fR\fIkeyname:secret\fR
...@@ -468,12 +469,16 @@ option is enabled\&. If short form answers are requested, the default is not to ...@@ -468,12 +469,16 @@ option is enabled\&. If short form answers are requested, the default is not to
.PP .PP
\fB+[no]idnin\fR \fB+[no]idnin\fR
.RS 4 .RS 4
Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to process IDN input\&. Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&.
.sp
The default is to process IDN input when standard output is a tty\&. The IDN processing on input is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
.RE .RE
.PP .PP
\fB+[no]idnout\fR \fB+[no]idnout\fR
.RS 4 .RS 4
Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&. Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&.
.sp
The default is to process puny code on output when standard output is a tty\&. The puny code processing on output is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
.RE .RE
.PP .PP
\fB+[no]ignore\fR \fB+[no]ignore\fR
...@@ -795,7 +800,10 @@ has been built with IDN (internationalized domain name) support, it can accept a ...@@ -795,7 +800,10 @@ has been built with IDN (internationalized domain name) support, it can accept a
appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
\fI+noidnin\fR \fI+noidnin\fR
and and
\fI+noidnout\fR\&. \fI+noidnout\fR
or define the
\fBIDN_DISABLE\fR
environment variable\&.
.SH "FILES" .SH "FILES"
.PP .PP
/etc/resolv\&.conf /etc/resolv\&.conf
......
...@@ -106,9 +106,10 @@ ...@@ -106,9 +106,10 @@
<p> <p>
It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
<code class="filename">${HOME}/.digrc</code>. This file is read and <code class="filename">${HOME}/.digrc</code>. This file is read and any
any options in it options in it are applied before the command line arguments.
are applied before the command line arguments. The <code class="option">-r</code> option disables this feature, for
scripts that need predictable behaviour.
</p> </p>
<p> <p>
...@@ -227,14 +228,6 @@ ...@@ -227,14 +228,6 @@
<span class="command"><strong>dig</strong></span> using the command-line interface. <span class="command"><strong>dig</strong></span> using the command-line interface.
</p> </p>
</dd> </dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
label queries (RFC 2874) are not attempted.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt> <dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
<dd> <dd>
<p> <p>
...@@ -274,6 +267,13 @@ ...@@ -274,6 +267,13 @@
the <em class="parameter"><code>name</code></em> from other arguments. the <em class="parameter"><code>name</code></em> from other arguments.
</p> </p>
</dd> </dd>
<dt><span class="term">-r</span></dt>
<dd>
<p>
Do not read options from <code class="filename">${HOME}/.digrc</code>.
This is useful for scripts that need predictable behaviour.
</p>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt> <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd> <dd>
<p> <p>
...@@ -324,8 +324,7 @@ ...@@ -324,8 +324,7 @@
<code class="literal">94.2.0.192.in-addr.arpa</code> and sets the <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
query type and class to PTR and IN respectively. IPv6 query type and class to PTR and IN respectively. IPv6
addresses are looked up using nibble format under the addresses are looked up using nibble format under the
IP6.ARPA domain (but see also the <code class="option">-i</code> IP6.ARPA domain.
option).
</p> </p>
</dd> </dd>
<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt> <dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
...@@ -631,7 +630,13 @@ ...@@ -631,7 +630,13 @@
<p> <p>
Process [do not process] IDN domain names on input. Process [do not process] IDN domain names on input.
This requires IDN SUPPORT to have been enabled at This requires IDN SUPPORT to have been enabled at
compile time. The default is to process IDN input. compile time.
</p>
<p>
The default is to process IDN input when standard output
is a tty. The IDN processing on input is disabled when
dig output is redirected to files, pipes, and other
non-tty file descriptors.
</p> </p>
</dd> </dd>
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt> <dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
...@@ -639,7 +644,13 @@ ...@@ -639,7 +644,13 @@
<p> <p>
Convert [do not convert] puny code on output. Convert [do not convert] puny code on output.
This requires IDN SUPPORT to have been enabled at This requires IDN SUPPORT to have been enabled at
compile time. The default is to convert output. compile time.
</p>
<p>
The default is to process puny code on output when
standard output is a tty. The puny code processing on
output is disabled when dig output is redirected to
files, pipes, and other non-tty file descriptors.
</p> </p>
</dd> </dd>
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt> <dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
...@@ -1061,7 +1072,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr ...@@ -1061,7 +1072,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server. reply from the server.
If you'd like to turn off the IDN support for some reason, use If you'd like to turn off the IDN support for some reason, use
parameters <em class="parameter"><code>+noidnin</code></em> and parameters <em class="parameter"><code>+noidnin</code></em> and
<em class="parameter"><code>+noidnout</code></em>. <em class="parameter"><code>+noidnout</code></em> or define
the <code class="envar">IDN_DISABLE</code> environment variable.
</p> </p>
</div> </div>
......
...@@ -112,11 +112,6 @@ Print debugging traces\&. Equivalent to the ...@@ -112,11 +112,6 @@ Print debugging traces\&. Equivalent to the
verbose option\&. verbose option\&.
.RE .RE
.PP .PP
\-i
.RS 4
Obsolete\&. Use the IP6\&.INT domain for reverse lookups of IPv6 addresses as defined in RFC1886 and deprecated in RFC4159\&. The default is to use IP6\&.ARPA as specified in RFC3596\&.
.RE
.PP
\-l \-l
.RS 4 .RS 4
List zone: The List zone: The
...@@ -257,7 +252,7 @@ If ...@@ -257,7 +252,7 @@ If
\fBhost\fR \fBhost\fR
has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&. has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBhost\fR \fBhost\fR
appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
\fBIDN_DISABLE\fR \fBIDN_DISABLE\fR
environment variable\&. The IDN support is disabled if the variable is set when environment variable\&. The IDN support is disabled if the variable is set when
\fBhost\fR \fBhost\fR
......
...@@ -138,15 +138,6 @@ ...@@ -138,15 +138,6 @@
Equivalent to the <code class="option">-v</code> verbose option. Equivalent to the <code class="option">-v</code> verbose option.
</p> </p>
</dd> </dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Obsolete.
Use the IP6.INT domain for reverse lookups of IPv6
addresses as defined in RFC1886 and deprecated in RFC4159.
The default is to use IP6.ARPA as specified in RFC3596.
</p>
</dd>
<dt><span class="term">-l</span></dt> <dt><span class="term">-l</span></dt>
<dd> <dd>
<p> <p>
...@@ -311,7 +302,7 @@ ...@@ -311,7 +302,7 @@
<span class="command"><strong>host</strong></span> appropriately converts character encoding of <span class="command"><strong>host</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a domain name before sending a request to DNS server or displaying a
reply from the server. reply from the server.
If you'd like to turn off the IDN support for some reason, defines If you'd like to turn off the IDN support for some reason, define
the <code class="envar">IDN_DISABLE</code> environment variable. the <code class="envar">IDN_DISABLE</code> environment variable.
The IDN support is disabled if the variable is set when The IDN support is disabled if the variable is set when
<span class="command"><strong>host</strong></span> runs. <span class="command"><strong>host</strong></span> runs.
......
...@@ -277,6 +277,17 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no ...@@ -277,6 +277,17 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
.PP .PP
\fBnslookup\fR \fBnslookup\fR
returns with an exit status of 1 if any query failed, and 0 otherwise\&. returns with an exit status of 1 if any query failed, and 0 otherwise\&.
.SH "IDN SUPPORT"
.PP
If
\fBnslookup\fR
has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBnslookup\fR
appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
\fBIDN_DISABLE\fR
environment variable\&. The IDN support is disabled if the variable is set when
\fBnslookup\fR
runs or when the standard output is not a tty\&.
.SH "FILES" .SH "FILES"
.PP .PP
/etc/resolv\&.conf /etc/resolv\&.conf
......
...@@ -362,14 +362,31 @@ nslookup -query=hinfo -timeout=10 ...@@ -362,14 +362,31 @@ nslookup -query=hinfo -timeout=10
</div> </div>
<div class="refsection"> <div class="refsection">
<a name="id-1.11"></a><h2>FILES</h2> <a name="id-1.11"></a><h2>IDN SUPPORT</h2>
<p>
If <span class="command"><strong>nslookup</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
<span class="command"><strong>nslookup</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, define
the <code class="envar">IDN_DISABLE</code> environment variable.
The IDN support is disabled if the variable is set when
<span class="command"><strong>nslookup</strong></span> runs or when the standard output is not
a tty.
</p>
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code> <p><code class="filename">/etc/resolv.conf</code>
</p> </p>
</div> </div>
<div class="refsection"> <div class="refsection">
<a name="id-1.12"></a><h2>SEE ALSO</h2> <a name="id-1.13"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"> <p><span class="citerefentry">
<span class="refentrytitle">dig</span>(1) <span class="refentrytitle">dig</span>(1)
......
...@@ -55,7 +55,7 @@ of the key is specified on the command line\&. This must match the name of the z ...@@ -55,7 +55,7 @@ of the key is specified on the command line\&. This must match the name of the z
.RS 4 .RS 4
Selects the cryptographic algorithm\&. The value of Selects the cryptographic algorithm\&. The value of
\fBalgorithm\fR \fBalgorithm\fR
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
.sp .sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR \fB\-3\fR
...@@ -63,9 +63,9 @@ option is specified, in which case NSEC3RSASHA1 will be used instead\&. (If ...@@ -63,9 +63,9 @@ option is specified, in which case NSEC3RSASHA1 will be used instead\&. (If
\fB\-3\fR \fB\-3\fR
is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3\&.) is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3\&.)
.sp .sp
These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 is specified along with the
\fB\-3\fR \fB\-3\fR
option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&. option, then NSEC3RSASHA1 will be used instead\&.
.sp .sp
As of BIND 9\&.12\&.0, this option is mandatory except when using the As of BIND 9\&.12\&.0, this option is mandatory except when using the
\fB\-S\fR \fB\-S\fR
......
...@@ -90,7 +90,7 @@ ...@@ -90,7 +90,7 @@
<p> <p>
Selects the cryptographic algorithm. The value of Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5, RSASHA1, <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</p> </p>
<p> <p>
...@@ -103,9 +103,9 @@ ...@@ -103,9 +103,9 @@
<p> <p>
These values are case insensitive. In some cases, abbreviations These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and are supported, such as ECDSA256 for ECDSAP256SHA256 and
ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the <code class="option">-3</code> option, then NSEC3RSASHA1 along with the <code class="option">-3</code> option, then NSEC3RSASHA1
or NSEC3DSA will be used instead. will be used instead.
</p> </p>
<p> <p>
As of BIND 9.12.0, this option is mandatory except when using As of BIND 9.12.0, this option is mandatory except when using
......
...@@ -62,13 +62,13 @@ may be preferable to direct use of ...@@ -62,13 +62,13 @@ may be preferable to direct use of
.RS 4 .RS 4
Selects the cryptographic algorithm\&. For DNSSEC keys, the value of Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
\fBalgorithm\fR \fBalgorithm\fR
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
\fB\-T KEY\fR \fB\-T KEY\fR
option as well\&. option as well\&.
.sp .sp
These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 is specified along with the
\fB\-3\fR \fB\-3\fR
option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&. option, then NSEC3RSASHA1 will be used instead\&.
.sp .sp
This parameter This parameter
\fImust\fR \fImust\fR
......
...@@ -100,7 +100,7 @@ ...@@ -100,7 +100,7 @@
<p> <p>
Selects the cryptographic algorithm. For DNSSEC keys, the value Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1, of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the <code class="option">-T KEY</code> his value will automatically set the <code class="option">-T KEY</code>
...@@ -109,9 +109,9 @@ ...@@ -109,9 +109,9 @@
<p> <p>
These values are case insensitive. In some cases, abbreviations These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and are supported, such as ECDSA256 for ECDSAP256SHA256 and
ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the <code class="option">-3</code> option, then NSEC3RSASHA1 along with the <code class="option">-3</code> option, then NSEC3RSASHA1
or NSEC3DSA will be used instead. will be used instead.
</p> </p>
<p> <p>
This parameter <span class="emphasis"><em>must</em></span> be specified except This parameter <span class="emphasis"><em>must</em></span> be specified except
......
...@@ -10,12 +10,12 @@ ...@@ -10,12 +10,12 @@
.\" Title: named.conf .\" Title: named.conf
.\" Author: .\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-06-21 .\" Date: 2018-10-23
.\" Manual: BIND9 .\" Manual: BIND9
.\" Source: ISC .\" Source: ISC
.\" Language: English .\" Language: English
.\" .\"
.TH "NAMED\&.CONF" "5" "2018\-06\-21" "ISC" "BIND9" .TH "NAMED\&.CONF" "5" "2018\-10\-23" "ISC" "BIND9"
.\" ----------------------------------------------------------------- .\" -----------------------------------------------------------------
.\" * Define some portability stuff .\" * Define some portability stuff
.\" ----------------------------------------------------------------- .\" -----------------------------------------------------------------
...@@ -199,6 +199,7 @@ options { ...@@ -199,6 +199,7 @@ options {
] [ dscp \fIinteger\fR ]; ] [ dscp \fIinteger\fR ];
alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
* ) ] [ dscp \fIinteger\fR ]; * ) ] [ dscp \fIinteger\fR ];
answer\-cookie \fIboolean\fR;
attach\-cache \fIstring\fR; attach\-cache \fIstring\fR;
auth\-nxdomain \fIboolean\fR; // default changed auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off ); auto\-dnssec ( allow | maintain | off );
...@@ -264,8 +265,8 @@ options { ...@@ -264,8 +265,8 @@ options {
dnssec\-secure\-to\-insecure \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto ); dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver ) [ ( query | dnstap { ( all | auth | client | forwarder | resolver | update ) [
response ) ]; \&.\&.\&. }; ( query | response ) ]; \&.\&.\&. };
dnstap\-identity ( \fIquoted_string\fR | none | hostname ); dnstap\-identity ( \fIquoted_string\fR | none | hostname );
dnstap\-output ( file | unix ) \fIquoted_string\fR [ size ( unlimited | dnstap\-output ( file | unix ) \fIquoted_string\fR [ size ( unlimited |
\fIsize\fR ) ] [ versions ( unlimited | \fIinteger\fR ) ] [ suffix ( \fIsize\fR ) ] [ versions ( unlimited | \fIinteger\fR ) ] [ suffix (
...@@ -343,6 +344,8 @@ options { ...@@ -343,6 +344,8 @@ options {
memstatistics \fIboolean\fR; memstatistics \fIboolean\fR;
memstatistics\-file \fIquoted_string\fR; memstatistics\-file \fIquoted_string\fR;
message\-compression \fIboolean\fR; message\-compression \fIboolean\fR;
min\-cache\-ttl \fIttlval\fR;
min\-ncache\-ttl \fIttlval\fR;
min\-refresh\-time \fIinteger\fR; min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR;
minimal\-any \fIboolean\fR; minimal\-any \fIboolean\fR;
...@@ -632,8 +635,8 @@ view \fIstring\fR [ \fIclass\fR ] { ...@@ -632,8 +635,8 @@ view \fIstring\fR [ \fIclass\fR ] {
dnssec\-secure\-to\-insecure \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto ); dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver ) [ ( query | dnstap { ( all | auth | client | forwarder | resolver | update ) [
response ) ]; \&.\&.\&. }; ( query | response ) ]; \&.\&.\&. };
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
...@@ -914,10 +917,10 @@ view \fIstring\fR [ \fIclass\fR ] { ...@@ -914,10 +917,10 @@ view \fIstring\fR [ \fIclass\fR ] {
static\-stub | stub ); static\-stub | stub );
update\-check\-ksk \fIboolean\fR; update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( update\-policy ( local | { ( deny | grant ) \fIstring\fR (
6to4\-self | external | krb5\-self | krb5\-subdomain | 6to4\-self | external | krb5\-self | krb5\-selfsub |
ms\-self | ms\-subdomain | name | self | selfsub | krb5\-subdomain | ms\-self | ms\-selfsub | ms\-subdomain |
selfwild | subdomain | tcp\-self | wildcard | zonesub ) name | self | selfsub | selfwild | subdomain | tcp\-self
[ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; | wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR; use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR ); zone\-statistics ( full | terse | none | \fIboolean\fR );
...@@ -1020,9 +1023,10 @@ zone \fIstring\fR [ \fIclass\fR ] { ...@@ -1020,9 +1023,10 @@ zone \fIstring\fR [ \fIclass\fR ] {
stub ); stub );
update\-check\-ksk \fIboolean\fR; update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self | update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain external | krb5\-self | krb5\-selfsub | krb5\-subdomain | ms\-self
| name | self | selfsub | selfwild | subdomain | tcp\-self | | ms\-selfsub | ms\-subdomain | name | self | selfsub | selfwild
wildcard | zonesub ) [ \fIstring\fR ] \fIrrtypelist\fR; \&.\&.\&. }; | subdomain | tcp\-self | wildcard | zonesub ) [ \fIstring\fR ]
\fIrrtypelist\fR; \&.\&.\&. };
use\-alt\-transfer\-source \fIboolean\fR; use\-alt\-transfer\-source \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR;
zone\-statistics ( full | terse | none | \fIboolean\fR ); zone\-statistics ( full | terse | none | \fIboolean\fR );
......
...@@ -180,6 +180,7 @@ options ...@@ -180,6 +180,7 @@ options
][dscp<em class="replaceable"><code>integer</code></em>];<br> ][dscp<em class="replaceable"><code>integer</code></em>];<br>
alt-transfer-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[port(<em class="replaceable"><code>integer</code></em>|<br> alt-transfer-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[port(<em class="replaceable"><code>integer</code></em>|<br>
*)][dscp<em class="replaceable"><code>integer</code></em>];<br> *)][dscp<em class="replaceable"><code>integer</code></em>];<br>
answer-cookie<em class="replaceable"><code>boolean</code></em>;<br>
attach-cache<em class="replaceable"><code>string</code></em>;<br> attach-cache<em class="replaceable"><code>string</code></em>;<br>
auth-nxdomain<em class="replaceable"><code>boolean</code></em>;//defaultchanged<br> auth-nxdomain<em class="replaceable"><code>boolean</code></em>;//defaultchanged<br>
auto-dnssec(allow|maintain|off);<br> auto-dnssec(allow|maintain|off);<br>
...@@ -245,8 +246,8 @@ options ...@@ -245,8 +246,8 @@ options
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br> dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br> dnssec-update-mode(maintain|no-resign);<br>
dnssec-validation(yes|no|auto);<br> dnssec-validation(yes|no|auto);<br>
dnstap{(all|auth|client|forwarder|resolver)[(query|<br> dnstap{(all|auth|client|forwarder|resolver|update)[<br>
response)];...};<br>