Commit e31a24d0 authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent 3e6b0b49
......@@ -3985,6 +3985,34 @@ options {
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>trust-anchor-telemetry</strong></span></span></dt>
<dd>
<p>
Causes <span class="command"><strong>named</strong></span> to send specially-formed
queries once per day to domains for which trust anchors
have been configured via <span class="command"><strong>trusted-keys</strong></span>,
<span class="command"><strong>managed-keys</strong></span>,
<span class="command"><strong>dnssec-validation auto</strong></span>, or
<span class="command"><strong>dnssec-lookaside auto</strong></span>.
</p>
<p>
The query name used for these queries has the
form "_ta-xxxx(-xxxx)(...)".&lt;domain&gt;, where
each "xxxx" is a group of four hexadecimal digits
representing the key ID of a trusted DNSSEC key.
The key IDs for each domain are sorted smallest
to largest prior to encoding. The query type is NULL.
</p>
<p>
By monitoring these queries, zone operators will
be able to see which resolvers have been updated to
trust a new key; this may help them decide when it
is safe to remove an old one.
</p>
<p>
The default is <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>use-id-pool</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete</em></span>.
......
......@@ -570,6 +570,17 @@
name rather than returning all of the matching RRsets.
Thanks to Tony Finch for the contribution. [RT #41615]
</p></li>
<li class="listitem"><p>
<span class="command"><strong>named</strong></span> now provides feedback to the
owners of zones which have trust anchors configured
(<span class="command"><strong>trusted-keys</strong></span>,
<span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
by sending a daily query which encodes the keyids of the
configured trust anchors for the zone. This is controlled
by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
to yes.
</p></li>
</ul></div>
</div>
<div class="section">
......
......@@ -531,6 +531,17 @@
name rather than returning all of the matching RRsets.
Thanks to Tony Finch for the contribution. [RT #41615]
</p></li>
<li class="listitem"><p>
<span class="command"><strong>named</strong></span> now provides feedback to the
owners of zones which have trust anchors configured
(<span class="command"><strong>trusted-keys</strong></span>,
<span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
by sending a daily query which encodes the keyids of the
configured trust anchors for the zone. This is controlled
by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
to yes.
</p></li>
</ul></div>
</div>
<div class="section">
......
......@@ -322,6 +322,7 @@ options {
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
trust-anchor-telemetry <boolean>;
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
......@@ -608,6 +609,7 @@ view <string> [ <class> ] {
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
trust-anchor-telemetry <boolean>;
trusted-keys { <string> <integer> <integer> <integer>
<quoted_string>; ... };
try-tcp-refresh <boolean>;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment