...
 
Commits (2)
--- 9.15.2 released ---
5263. [cleanup] Use atomics and isc_refcount_t wherever possible.
[GL #1038]
......
......@@ -139,7 +139,7 @@ make depend. If you're using Emacs, you might find make tags helpful.
Several environment variables that can be set before running configure
will affect compilation:
Variable Description
Variable Description
CC The C compiler to use. configure tries to figure out the
right one for supported systems.
C compiler flags. Defaults to include -g and/or -O2 as
......@@ -291,7 +291,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
changes listed first. Change notes include tags indicating the category of
the change that was made; these categories are:
Category Description
Category Description
[func] New feature
[bug] General bug fix
[security] Fix for a significant security flaw
......@@ -342,21 +342,23 @@ Acknowledgments
* The original development of BIND 9 was underwritten by the following
organizations:
Sun Microsystems, Inc.
Hewlett Packard
Compaq Computer Corporation
IBM
Process Software Corporation
Silicon Graphics, Inc.
Network Associates, Inc.
U.S. Defense Information Systems Agency
USENIX Association
Stichting NLnet - NLnet Foundation
Nominum, Inc.
Sun Microsystems, Inc.
Hewlett Packard
Compaq Computer Corporation
IBM
Process Software Corporation
Silicon Graphics, Inc.
Network Associates, Inc.
U.S. Defense Information Systems Agency
USENIX Association
Stichting NLnet - NLnet Foundation
Nominum, Inc.
* This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit. http://www.OpenSSL.org/
* This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com)
* This product includes software written by Tim Hudson
(tjh@cryptsoft.com)
......@@ -86,6 +86,11 @@ Check "core" configuration only\&. This suppresses the loading of plugin modules
statements to be ignored\&.
.RE
.PP
\-i
.RS 4
Ignore warnings on deprecated options\&.
.RE
.PP
\-p
.RS 4
Print out the
......
......@@ -96,6 +96,12 @@
<span class="command"><strong>plugin</strong></span> statements to be ignored.
</p>
</dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Ignore warnings on deprecated options.
</p>
</dd>
<dt><span class="term">-p</span></dt>
<dd>
<p>
......
......@@ -92,8 +92,7 @@ to generate TSIG keys\&.
.RS 4
Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSA keys must be between 1024 and 4096 bits\&. Diffie Hellman keys must be between 128 and 4096 bits\&. Elliptic curve algorithms don\*(Aqt need this parameter\&.
.sp
If the key size is not specified, some algorithms have pre\-defined defaults\&. For example, RSA keys for use as DNSSEC zone signing keys have a default size of 1024 bits; RSA keys for use as key signing keys (KSKs, generated with
\fB\-f KSK\fR) default to 2048 bits\&.
If the key size is not specified, some algorithms have pre\-defined defaults\&. For instance, RSA keys have a default size of 2048 bits\&.
.RE
.PP
\-C
......
......@@ -145,10 +145,8 @@
</p>
<p>
If the key size is not specified, some algorithms have
pre-defined defaults. For example, RSA keys for use as
DNSSEC zone signing keys have a default size of 1024 bits;
RSA keys for use as key signing keys (KSKs, generated with
<code class="option">-f KSK</code>) default to 2048 bits.
pre-defined defaults. For instance, RSA keys have a default
size of 2048 bits.
</p>
</dd>
<dt><span class="term">-C</span></dt>
......
......@@ -10,12 +10,12 @@
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2019-05-10
.\" Date: 2019-06-28
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2019\-05\-10" "ISC" "BIND9"
.TH "NAMED\&.CONF" "5" "2019\-06\-28" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -163,15 +163,16 @@ logging {
.\}
.SH "MANAGED-KEYS"
.PP
See DNSSEC\-KEYS\&.
Deprecated \- see DNSSEC\-KEYS\&.
.sp
.if n \{\
.RS 4
.\}
.nf
managed\-keys { \fIstring\fR ( static\-key |
initial\-key ) \fIinteger\fR \fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };
managed\-keys { \fIstring\fR ( static\-key
| initial\-key ) \fIinteger\fR
\fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. }; deprecated
.fi
.if n \{\
.RE
......@@ -241,7 +242,6 @@ options {
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
cookie\-algorithm ( aes | sha1 | sha256 );
cookie\-secret \fIstring\fR;
......@@ -274,8 +274,9 @@ options {
dnssec\-accept\-expired \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-lookaside ( \fIstring\fR trust\-anchor
\fIstring\fR | auto | no );
dnssec\-lookaside ( \fIstring\fR
trust\-anchor \fIstring\fR |
auto | no ); deprecated
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
......@@ -576,7 +577,7 @@ Deprecated \- see DNSSEC\-KEYS\&.
.nf
trusted\-keys { \fIstring\fR \fIinteger\fR
\fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };, deprecated
\fIquoted_string\fR; \&.\&.\&. }; deprecated
.fi
.if n \{\
.RE
......@@ -626,7 +627,6 @@ view \fIstring\fR [ \fIclass\fR ] {
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [
except\-from { \fIstring\fR; \&.\&.\&. } ];
......@@ -661,8 +661,9 @@ view \fIstring\fR [ \fIclass\fR ] {
initial\-key ) \fIinteger\fR \fIinteger\fR
\fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-lookaside ( \fIstring\fR trust\-anchor
\fIstring\fR | auto | no );
dnssec\-lookaside ( \fIstring\fR
trust\-anchor \fIstring\fR |
auto | no ); deprecated
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
......@@ -697,9 +698,11 @@ view \fIstring\fR [ \fIclass\fR ] {
key\-directory \fIquoted_string\fR;
lame\-ttl \fIttlval\fR;
lmdb\-mapsize \fIsizeval\fR;
managed\-keys { \fIstring\fR ( static\-key |
initial\-key ) \fIinteger\fR \fIinteger\fR
\fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
managed\-keys { \fIstring\fR (
static\-key | initial\-key
) \fIinteger\fR \fIinteger\fR
\fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. }; deprecated
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
......@@ -852,7 +855,7 @@ view \fIstring\fR [ \fIclass\fR ] {
trusted\-keys { \fIstring\fR
\fIinteger\fR \fIinteger\fR
\fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };, deprecated
\fIquoted_string\fR; \&.\&.\&. }; deprecated
try\-tcp\-refresh \fIboolean\fR;
update\-check\-ksk \fIboolean\fR;
use\-alt\-transfer\-source \fIboolean\fR;
......
......@@ -142,11 +142,12 @@ logging
<div class="refsection">
<a name="id-1.15"></a><h2>MANAGED-KEYS</h2>
<p>See DNSSEC-KEYS.</p>
<p>Deprecated - see DNSSEC-KEYS.</p>
<div class="literallayout"><p><br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key|<br>
initial-key)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};<br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key<br>
|initial-key)<em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
</p></div>
</div>
......@@ -208,7 +209,6 @@ options
check-spf(warn|ignore);<br>
check-srv-cname(fail|warn|ignore);<br>
check-wildcard<em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval<em class="replaceable"><code>integer</code></em>;<br>
clients-per-query<em class="replaceable"><code>integer</code></em>;<br>
cookie-algorithm(aes|sha1|sha256);<br>
cookie-secret<em class="replaceable"><code>string</code></em>;<br>
......@@ -241,8 +241,9 @@ options
dnssec-accept-expired<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval<em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em>trust-anchor<br>
<em class="replaceable"><code>string</code></em>|auto|no);<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em><br>
trust-anchor<em class="replaceable"><code>string</code></em>|<br>
auto|no);deprecated<br>
dnssec-must-be-secure<em class="replaceable"><code>string</code></em><em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br>
......@@ -526,7 +527,7 @@ statistics-channels
<div class="literallayout"><p><br>
trusted-keys{<em class="replaceable"><code>string</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};,deprecated<br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
</p></div>
</div>
......@@ -572,7 +573,6 @@ view
check-spf(warn|ignore);<br>
check-srv-cname(fail|warn|ignore);<br>
check-wildcard<em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval<em class="replaceable"><code>integer</code></em>;<br>
clients-per-query<em class="replaceable"><code>integer</code></em>;<br>
deny-answer-addresses{<em class="replaceable"><code>address_match_element</code></em>;...}[<br>
except-from{<em class="replaceable"><code>string</code></em>;...}];<br>
......@@ -607,8 +607,9 @@ view
initial-key)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>quoted_string</code></em>;...};<br>
dnssec-loadkeys-interval<em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em>trust-anchor<br>
<em class="replaceable"><code>string</code></em>|auto|no);<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em><br>
trust-anchor<em class="replaceable"><code>string</code></em>|<br>
auto|no);deprecated<br>
dnssec-must-be-secure<em class="replaceable"><code>string</code></em><em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br>
......@@ -643,9 +644,11 @@ view
key-directory<em class="replaceable"><code>quoted_string</code></em>;<br>
lame-ttl<em class="replaceable"><code>ttlval</code></em>;<br>
lmdb-mapsize<em class="replaceable"><code>sizeval</code></em>;<br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key|<br>
initial-key)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>quoted_string</code></em>;...};<br>
managed-keys{<em class="replaceable"><code>string</code></em>(<br>
static-key|initial-key<br>
)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
masterfile-format(map|raw|text);<br>
masterfile-style(full|relative);<br>
match-clients{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -798,7 +801,7 @@ view
trusted-keys{<em class="replaceable"><code>string</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};,deprecated<br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
try-tcp-refresh<em class="replaceable"><code>boolean</code></em>;<br>
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
use-alt-transfer-source<em class="replaceable"><code>boolean</code></em>;<br>
......
......@@ -516,11 +516,7 @@ timer\&.
.RS 4
Dump the security roots (i\&.e\&., trust anchors configured via
\fBdnssec\-keys\fR
statements, or the synonymous
\fBmanaged\-keys\fR
or the deprecated
\fBtrusted\-keys\fR
statements, or via
statements, or the managed\-keys or trusted\-keys statements (both deprecated), or via
\fBdnssec\-validation auto\fR) and negative trust anchors for the specified views\&. If no view is specified, all views are dumped\&. Security roots will indicate whether they are configured as trusted keys, managed keys, or initializing managed keys (managed keys that have not yet been updated by a successful key refresh query)\&.
.sp
If the first argument is "\-", then the output is returned via the
......
......@@ -653,9 +653,8 @@
<dd>
<p>
Dump the security roots (i.e., trust anchors
configured via <span class="command"><strong>dnssec-keys</strong></span> statements,
or the synonymous <span class="command"><strong>managed-keys</strong></span> or
the deprecated <span class="command"><strong>trusted-keys</strong></span> statements, or
configured via <span class="command"><strong>dnssec-keys</strong></span> statements, or the
managed-keys or trusted-keys statements (both deprecated), or
via <span class="command"><strong>dnssec-validation auto</strong></span>) and negative trust
anchors for the specified views. If no view is specified, all
views are dumped. Security roots will indicate whether
......
......@@ -850,7 +850,6 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
......@@ -1020,7 +1019,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
......@@ -1273,15 +1271,6 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
......@@ -1419,7 +1408,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir runstatedir
libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
......@@ -1572,7 +1561,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
......@@ -4013,7 +4001,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
......@@ -4059,7 +4047,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
......@@ -4083,7 +4071,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
......@@ -4128,7 +4116,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
......@@ -4152,7 +4140,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
......
......@@ -614,6 +614,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -146,6 +146,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -856,6 +856,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -1043,8 +1043,8 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
if at least one trust anchor has been explicitly configured
in <code class="filename">named.conf</code>
using a <span class="command"><strong>dnssec-keys</strong></span> statement (or the
synonymous <span class="command"><strong>managed-keys</strong></span> or the deprecated
<span class="command"><strong>trusted-keys</strong></span> statements).
<span class="command"><strong>managed-keys</strong></span> and <span class="command"><strong>trusted-keys</strong></span>
statements, both deprecated).
</p>
<p>
When <span class="command"><strong>dnssec-validation</strong></span> is set to
......@@ -2840,6 +2840,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
This diff is collapsed.
......@@ -131,46 +131,45 @@ zone "example.com" {
to search for a match. Available fields are "country",
"region", "city", "continent", "postal" (postal code),
"metro" (metro code), "area" (area code), "tz" (timezone),
"isp", "org", "asnum", "domain" and "netspeed".
"isp", "asnum", and "domain".
</p>
<p>
<em class="replaceable"><code>value</code></em> is the value to search
for within the database. A string may be quoted if it
contains spaces or other special characters. If this is
an "asnum" search, then the leading "ASNNNN" string can be
used, otherwise the full description must be used (e.g.
"ASNNNN Example Company Name"). If this is a "country"
search and the string is two characters long, then it must
be a standard ISO-3166-1 two-letter country code, and if it
is three characters long then it must be an ISO-3166-1
three-letter country code; otherwise it is the full name
of the country. Similarly, if this is a "region" search
and the string is two characters long, then it must be a
standard two-letter state or province abbreviation;
otherwise it is the full name of the state or province.
contains spaces or other special characters. An "asnum"
search for autonomous system number can be specified using
the string "ASNNNN" or the integer NNNN.
When "country" search is specified with a string is two
characters long, then it must be a standard ISO-3166-1
two-letter country code; otherwise it is interpreted as
the full name of the country. Similarly, if this is a
"region" search and the string is two characters long,
then it treated as a standard two-letter state or province
abbreviation; otherwise it treated as the full name of the
state or province.
</p>
<p>
The <em class="replaceable"><code>database</code></em> field indicates which
GeoIP database to search for a match. In most cases this is
unnecessary, because most search fields can only be found in
a single database. However, searches for country can be
answered from the "city", "region", or "country" databases,
and searches for region (i.e., state or province) can be
answered from the "city" or "region" databases. For these
search types, specifying a <em class="replaceable"><code>database</code></em>
a single database. However, searches for "continent" or "country"
can be answered from either the "city" or "country" databases,
so for these search types, specifying a
<em class="replaceable"><code>database</code></em>
will force the query to be answered from that database and no
other. If <em class="replaceable"><code>database</code></em> is not
specified, then these queries will be answered from the "city",
database if it is installed, or the "region" database if it is
installed, or the "country" database, in that order.
database if it is installed, or the "country" database if it
is installed, in that order. Valid database names are
"country", "city", "asnum", "isp", and "domain".
</p>
<p>
Some example GeoIP ACLs:
</p>
<pre class="programlisting">geoip country US;
geoip country JAP;
geoip country JP;
geoip db country country Canada;
geoip db region region WA;
geoip region WA;
geoip city "San Francisco";
geoip region Oklahoma;
geoip postal 95062;
......@@ -361,6 +360,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -191,6 +191,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -36,7 +36,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.1</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
......@@ -55,7 +55,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.15.1</h2></div></div></div>
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.15.2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
......@@ -163,6 +163,33 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The GeoIP2 API from MaxMind is now supported. Geolocation support
will be compiled in by default if the <span class="command"><strong>libmaxminddb</strong></span>
library is found at compile time, but can be turned off by using
<span class="command"><strong>configure --disable-geoip</strong></span>.
</p>
<p>
The default path to the GeoIP2 databases will be set based
on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
for example, if it is in <code class="filename">/usr/local/lib</code>,
then the default path will be
<code class="filename">/usr/local/share/GeoIP</code>.
This value can be overridden in <code class="filename">named.conf</code>
using the <span class="command"><strong>geoip-directory</strong></span> option.
</p>
<p>
Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
<span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
no longer work when using GeoIP2. Supported GeoIP2 database
types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
<span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
<span class="command"><strong>as</strong></span>. All of these databases support both IPv4
and IPv6 lookups. [GL #182] [GL #1112]
</p>
</li>
<li class="listitem">
<p>
In order to clarify the configuration of DNSSEC keys,
......@@ -193,6 +220,20 @@
[GL #865]
</p>
</li>
<li class="listitem">
<p>
Two new metrics have been added to the
<span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
signing operations. For each key in each zone, the
<span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
number of signatures <span class="command"><strong>named</strong></span> has generated
using that key since server startup, and the
<span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
many of those signatures were refreshed during zone
maintenance, as opposed to having been generated
as a result of a zone update. [GL #513]
</p>
</li>
</ul></div>
</div>
......@@ -202,7 +243,7 @@
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-enable</strong></span> option has been deprecated and
The <span class="command"><strong>dnssec-enable</strong></span> option has been obsoleted and
no longer has any effect. DNSSEC responses are always enabled
if signatures and other DNSSEC data are present. [GL #866]
</p>
......@@ -213,6 +254,12 @@
removed. [GL !1731]
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-lookaside</strong></span> option has been deprecated.
The feature still works, but it is discouraged to use it. [GL #7]
</p>
</li>
</ul></div>
</div>
......@@ -296,6 +343,23 @@
the problem. [GL #1055]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>./configure</strong></span> no longer sets
<span class="command"><strong>--sysconfdir</strong></span> to <span class="command"><strong>/etc</strong></span> or
<span class="command"><strong>--localstatedir</strong></span> to <span class="command"><strong>/var</strong></span>
when <span class="command"><strong>--prefix</strong></span> is not specified and the
aforementioned options are not specified explicitly. Instead,
Autoconf's defaults of <span class="command"><strong>$prefix/etc</strong></span> and
<span class="command"><strong>$prefix/var</strong></span> are respected.
</p>
</li>
<li class="listitem">
<p>
Glue address records were not being returned in responses
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
</ul></div>
</div>
......@@ -371,6 +435,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -914,6 +914,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -537,6 +537,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -210,6 +210,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -32,7 +32,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.15.1</p></div>
<div><p class="releaseinfo">BIND Version 9.15.2</p></div>
<div><p class="copyright">Copyright 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
......@@ -245,7 +245,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.1</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
......@@ -443,6 +443,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
No preview for this file type
......@@ -90,6 +90,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -220,6 +220,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -628,6 +628,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -1160,6 +1160,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -376,6 +376,6 @@ nsupdate -l
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -164,6 +164,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -270,6 +270,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -356,6 +356,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -250,6 +250,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -498,6 +498,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -163,10 +163,8 @@
</p>
<p>
If the key size is not specified, some algorithms have
pre-defined defaults. For example, RSA keys for use as
DNSSEC zone signing keys have a default size of 1024 bits;
RSA keys for use as key signing keys (KSKs, generated with
<code class="option">-f KSK</code>) default to 2048 bits.
pre-defined defaults. For instance, RSA keys have a default
size of 2048 bits.
</p>
</dd>
<dt><span class="term">-C</span></dt>
......@@ -557,6 +555,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -405,6 +405,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -171,6 +171,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -349,6 +349,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -701,6 +701,6 @@ db.example.com.signed
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -202,6 +202,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -143,6 +143,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -168,6 +168,6 @@ plugin query "/usr/local/lib/filter-aaaa.so" {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -366,6 +366,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -604,6 +604,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -114,6 +114,12 @@
<span class="command"><strong>plugin</strong></span> statements to be ignored.
</p>
</dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Ignore warnings on deprecated options.
</p>
</dd>
<dt><span class="term">-p</span></dt>
<dd>
<p>
......@@ -208,6 +214,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -463,6 +463,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -117,6 +117,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -121,6 +121,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -160,11 +160,12 @@ logging
<div class="refsection">
<a name="id-1.13.27.15"></a><h2>MANAGED-KEYS</h2>
<p>See DNSSEC-KEYS.</p>
<p>Deprecated - see DNSSEC-KEYS.</p>
<div class="literallayout"><p><br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key|<br>
initial-key)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};<br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key<br>
|initial-key)<em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
</p></div>
</div>
......@@ -226,7 +227,6 @@ options
check-spf(warn|ignore);<br>
check-srv-cname(fail|warn|ignore);<br>
check-wildcard<em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval<em class="replaceable"><code>integer</code></em>;<br>
clients-per-query<em class="replaceable"><code>integer</code></em>;<br>
cookie-algorithm(aes|sha1|sha256);<br>
cookie-secret<em class="replaceable"><code>string</code></em>;<br>
......@@ -259,8 +259,9 @@ options
dnssec-accept-expired<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval<em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em>trust-anchor<br>
<em class="replaceable"><code>string</code></em>|auto|no);<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em><br>
trust-anchor<em class="replaceable"><code>string</code></em>|<br>
auto|no);deprecated<br>
dnssec-must-be-secure<em class="replaceable"><code>string</code></em><em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br>
......@@ -544,7 +545,7 @@ statistics-channels
<div class="literallayout"><p><br>
trusted-keys{<em class="replaceable"><code>string</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};,deprecated<br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
</p></div>
</div>
......@@ -590,7 +591,6 @@ view
check-spf(warn|ignore);<br>
check-srv-cname(fail|warn|ignore);<br>
check-wildcard<em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval<em class="replaceable"><code>integer</code></em>;<br>
clients-per-query<em class="replaceable"><code>integer</code></em>;<br>
deny-answer-addresses{<em class="replaceable"><code>address_match_element</code></em>;...}[<br>
except-from{<em class="replaceable"><code>string</code></em>;...}];<br>
......@@ -625,8 +625,9 @@ view
initial-key)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>quoted_string</code></em>;...};<br>
dnssec-loadkeys-interval<em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em>trust-anchor<br>
<em class="replaceable"><code>string</code></em>|auto|no);<br>
dnssec-lookaside(<em class="replaceable"><code>string</code></em><br>
trust-anchor<em class="replaceable"><code>string</code></em>|<br>
auto|no);deprecated<br>
dnssec-must-be-secure<em class="replaceable"><code>string</code></em><em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode(maintain|no-resign);<br>
......@@ -661,9 +662,11 @@ view
key-directory<em class="replaceable"><code>quoted_string</code></em>;<br>
lame-ttl<em class="replaceable"><code>ttlval</code></em>;<br>
lmdb-mapsize<em class="replaceable"><code>sizeval</code></em>;<br>
managed-keys{<em class="replaceable"><code>string</code></em>(static-key|<br>
initial-key)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>quoted_string</code></em>;...};<br>
managed-keys{<em class="replaceable"><code>string</code></em>(<br>
static-key|initial-key<br>
)<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
masterfile-format(map|raw|text);<br>
masterfile-style(full|relative);<br>
match-clients{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -816,7 +819,7 @@ view
trusted-keys{<em class="replaceable"><code>string</code></em><br>
<em class="replaceable"><code>integer</code></em><em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>integer</code></em><br>
<em class="replaceable"><code>quoted_string</code></em>;...};,deprecated<br>
<em class="replaceable"><code>quoted_string</code></em>;...};deprecated<br>
try-tcp-refresh<em class="replaceable"><code>boolean</code></em>;<br>
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
use-alt-transfer-source<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -1075,6 +1078,6 @@ zone
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -492,6 +492,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -155,6 +155,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -437,6 +437,6 @@ nslookup -query=hinfo -timeout=10
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -818,6 +818,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -162,6 +162,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -200,6 +200,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -158,6 +158,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -123,6 +123,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -260,6 +260,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -268,6 +268,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -669,9 +669,8 @@
<dd>
<p>
Dump the security roots (i.e., trust anchors
configured via <span class="command"><strong>dnssec-keys</strong></span> statements,
or the synonymous <span class="command"><strong>managed-keys</strong></span> or
the deprecated <span class="command"><strong>trusted-keys</strong></span> statements, or
configured via <span class="command"><strong>dnssec-keys</strong></span> statements, or the
managed-keys or trusted-keys statements (both deprecated), or
via <span class="command"><strong>dnssec-validation auto</strong></span>) and negative trust
anchors for the specified views. If no view is specified, all
views are dumped. Security roots will indicate whether
......@@ -1018,6 +1017,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>
......@@ -15,7 +15,7 @@
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.15.1</h2></div></div></div>
<a name="id-1.2"></a>Release Notes for BIND Version 9.15.2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
......@@ -123,6 +123,33 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The GeoIP2 API from MaxMind is now supported. Geolocation support
will be compiled in by default if the <span class="command"><strong>libmaxminddb</strong></span>
library is found at compile time, but can be turned off by using
<span class="command"><strong>configure --disable-geoip</strong></span>.
</p>
<p>
The default path to the GeoIP2 databases will be set based
on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
for example, if it is in <code class="filename">/usr/local/lib</code>,
then the default path will be
<code class="filename">/usr/local/share/GeoIP</code>.
This value can be overridden in <code class="filename">named.conf</code>
using the <span class="command"><strong>geoip-directory</strong></span> option.
</p>
<p>
Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
<span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
no longer work when using GeoIP2. Supported GeoIP2 database
types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
<span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
<span class="command"><strong>as</strong></span>. All of these databases support both IPv4
and IPv6 lookups. [GL #182] [GL #1112]
</p>
</li>
<li class="listitem">
<p>
In order to clarify the configuration of DNSSEC keys,
......@@ -153,6 +180,20 @@
[GL #865]
</p>
</li>
<li class="listitem">
<p>
Two new metrics have been added to the
<span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
signing operations. For each key in each zone, the
<span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
number of signatures <span class="command"><strong>named</strong></span> has generated
using that key since server startup, and the
<span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
many of those signatures were refreshed during zone
maintenance, as opposed to having been generated
as a result of a zone update. [GL #513]
</p>
</li>
</ul></div>
</div>
......@@ -162,7 +203,7 @@
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-enable</strong></span> option has been deprecated and
The <span class="command"><strong>dnssec-enable</strong></span> option has been obsoleted and
no longer has any effect. DNSSEC responses are always enabled
if signatures and other DNSSEC data are present. [GL #866]
</p>
......@@ -173,6 +214,12 @@
removed. [GL !1731]
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-lookaside</strong></span> option has been deprecated.
The feature still works, but it is discouraged to use it. [GL #7]
</p>
</li>
</ul></div>
</div>
......@@ -256,6 +303,23 @@
the problem. [GL #1055]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>./configure</strong></span> no longer sets
<span class="command"><strong>--sysconfdir</strong></span> to <span class="command"><strong>/etc</strong></span> or
<span class="command"><strong>--localstatedir</strong></span> to <span class="command"><strong>/var</strong></span>
when <span class="command"><strong>--prefix</strong></span> is not specified and the
aforementioned options are not specified explicitly. Instead,
Autoconf's defaults of <span class="command"><strong>$prefix/etc</strong></span> and
<span class="command"><strong>$prefix/var</strong></span> are respected.
</p>
</li>
<li class="listitem">
<p>
Glue address records were not being returned in responses
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
</ul></div>
</div>
......
No preview for this file type
Release Notes for BIND Version 9.15.1
Release Notes for BIND Version 9.15.2
Introduction
......@@ -65,6 +65,23 @@ Security Fixes
New Features
* The GeoIP2 API from MaxMind is now supported. Geolocation support will
be compiled in by default if the libmaxminddb library is found at
compile time, but can be turned off by using configure --disable-geoip
.
The default path to the GeoIP2 databases will be set based on the
location of the libmaxminddb library; for example, if it is in /usr/
local/lib, then the default path will be /usr/local/share/GeoIP. This
value can be overridden in named.conf using the geoip-directory
option.
Some geoip ACL settings that were available with legacy GeoIP,
including searches for netspeed, org, and three-letter ISO country
codes, will no longer work when using GeoIP2. Supported GeoIP2
database types are country, city, domain, isp, and as. All of these
databases support both IPv4 and IPv6 lookups. [GL #182] [GL #1112]
* In order to clarify the configuration of DNSSEC keys, the trusted-keys
and managed-keys statements have been deprecated, and the new
dnssec-keys statement should now be used for both types of key.
......@@ -82,14 +99,25 @@ New Features
zone's SOA record should be included in the additional section of RPZ
responses. [GL #865]
* Two new metrics have been added to the statistics-channel to report
DNSSEC signing operations. For each key in each zone, the dnssec-sign
counter indicates the total number of signatures named has generated
using that key since server startup, and the dnssec-refresh counter
indicates how many of those signatures were refreshed during zone
maintenance, as opposed to having been generated as a result of a zone
update. [GL #513]
Removed Features
* The dnssec-enable option has been deprecated and no longer has any
* The dnssec-enable option has been obsoleted and no longer has any
effect. DNSSEC responses are always enabled if signatures and other
DNSSEC data are present. [GL #866]
* The cleaning-interval option has been removed. [GL !1731]
* The dnssec-lookaside option has been deprecated. The feature still
works, but it is discouraged to use it. [GL #7]
Feature Changes
* named will now log a warning if a static key is configured for the
......@@ -131,6 +159,14 @@ Bug Fixes
minimal queries in order to reduce the likelihood of encountering the
problem. [GL #1055]
* ./configure no longer sets --sysconfdir to /etc or --localstatedir to
/var when --prefix is not specified and the aforementioned options are
not specified explicitly. Instead, Autoconf's defaults of $prefix/etc
and $prefix/var are respected.
* Glue address records were not being returned in responses to root
priming queries; this has been corrected. [GL #1092]
License
BIND is open source software licensed under the terms of the Mozilla
......
......@@ -193,7 +193,7 @@ options {
fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-size <integer>; // not configured
fstrm-set-reopen-interval <ttlval>; // not configured
geoip-directory ( <quoted_string> | none );
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // obsolete
glue-cache <boolean>;
has-old-clients <boolean>; // ancient
......@@ -214,7 +214,7 @@ options {
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>;
lmdb-mapsize <sizeval>; // non-operational
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
......@@ -565,7 +565,7 @@ view <string> [ <class> ] {
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
lmdb-mapsize <sizeval>;
lmdb-mapsize <sizeval>; // non-operational
maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> (
static-key | initial-key
......
......@@ -11,5 +11,5 @@
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBREVISION = 1
LIBAGE = 0
......@@ -5,7 +5,7 @@ PRODUCT=BIND
DESCRIPTION="(Development Release)"
MAJORVER=9
MINORVER=15
PATCHVER=1
PATCHVER=2
RELEASETYPE=
RELEASEVER=
EXTENSIONS=