diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 3c64383ba5..ef63be1184 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -881,230 +881,19 @@ VIEW validate-except { string; ... }; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; - zone string [ class ] { - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - database string; - delegation-only boolean; - dialup ( notify | notify-passive | passive | refresh | - boolean ); - dlz string; - dnskey-sig-validity integer; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - file quoted_string; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( - ipv4_address | ipv6_address ) [ port integer ] [ - dscp integer ]; ... }; - in-view string; - inline-signing boolean; - ixfr-from-differences boolean; - journal quoted_string; - key-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-records integer; - max-refresh-time integer; - max-retry-time integer; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-zone-ttl ( unlimited | duration ); - min-refresh-time integer; - min-retry-time integer; - multi-master boolean; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; - notify-to-soa boolean; - parental-agents [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - parental-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - request-expire boolean; - request-ixfr boolean; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( ipv4_address | ipv6_address ); ... }; - server-names { string; ... }; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - transfer-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - try-tcp-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | - static-stub | stub ); - update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( - 6to4-self | external | krb5-self | krb5-selfsub | - krb5-subdomain | krb5-subdomain-self-rhs | ms-self | - ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | - name | self | selfsub | selfwild | subdomain | tcp-self - | wildcard | zonesub ) [ string ] rrtypelist; ... }; - use-alt-transfer-source boolean; - zero-no-soa-ttl boolean; - zone-statistics ( full | terse | none | boolean ); - }; zone-statistics ( full | terse | none | boolean ); }; -ZONE -^^^^ - -:: - - zone string [ class ] { - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - database string; - delegation-only boolean; - dialup ( notify | notify-passive | passive | refresh | boolean ); - dlz string; - dnskey-sig-validity integer; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - file quoted_string; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - in-view string; - inline-signing boolean; - ixfr-from-differences boolean; - journal quoted_string; - key-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-records integer; - max-refresh-time integer; - max-retry-time integer; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-zone-ttl ( unlimited | duration ); - min-refresh-time integer; - min-retry-time integer; - multi-master boolean; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify-to-soa boolean; - parental-agents [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - request-expire boolean; - request-ixfr boolean; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( ipv4_address | ipv6_address ); ... }; - server-names { string; ... }; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - try-tcp-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | static-stub | - stub ); - update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( 6to4-self | - external | krb5-self | krb5-selfsub | krb5-subdomain | - krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | - ms-subdomain-self-rhs | name | self | selfsub | selfwild | - subdomain | tcp-self | wildcard | zonesub ) [ string ] - rrtypelist; ... }; - use-alt-transfer-source boolean; - zero-no-soa-ttl boolean; - zone-statistics ( full | terse | none | boolean ); - }; +.. include:: ../../doc/misc/primary.zoneopt.rst +.. include:: ../../doc/misc/secondary.zoneopt.rst +.. include:: ../../doc/misc/mirror.zoneopt.rst +.. include:: ../../doc/misc/forward.zoneopt.rst +.. include:: ../../doc/misc/hint.zoneopt.rst +.. include:: ../../doc/misc/redirect.zoneopt.rst +.. include:: ../../doc/misc/static-stub.zoneopt.rst +.. include:: ../../doc/misc/stub.zoneopt.rst +.. include:: ../../doc/misc/delegation-only.zoneopt.rst +.. include:: ../../doc/misc/in-view.zoneopt.rst Files ~~~~~ diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 0c9bfbba1f..4769bc11cb 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -969,233 +969,334 @@ view string [ class ] { validate\-except { string; ... }; zero\-no\-soa\-ttl boolean; zero\-no\-soa\-ttl\-cache boolean; - zone string [ class ] { - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - auto\-dnssec ( allow | maintain | off ); - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - database string; - delegation\-only boolean; - dialup ( notify | notify\-passive | passive | refresh | - boolean ); - dlz string; - dnskey\-sig\-validity integer; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - file quoted_string; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( - ipv4_address | ipv6_address ) [ port integer ] [ - dscp integer ]; ... }; - in\-view string; - inline\-signing boolean; - ixfr\-from\-differences boolean; - journal quoted_string; - key\-directory quoted_string; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-records integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-zone\-ttl ( unlimited | duration ); - min\-refresh\-time integer; - min\-retry\-time integer; - multi\-master boolean; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; - notify\-to\-soa boolean; - parental\-agents [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - parental\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - request\-expire boolean; - request\-ixfr boolean; - serial\-update\-method ( date | increment | unixtime ); - server\-addresses { ( ipv4_address | ipv6_address ); ... }; - server\-names { string; ... }; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - transfer\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - try\-tcp\-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation\-only | forward | hint | redirect | - static\-stub | stub ); - update\-check\-ksk boolean; - update\-policy ( local | { ( deny | grant ) string ( - 6to4\-self | external | krb5\-self | krb5\-selfsub | - krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | - ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | - name | self | selfsub | selfwild | subdomain | tcp\-self - | wildcard | zonesub ) [ string ] rrtypelist; ... }; - use\-alt\-transfer\-source boolean; - zero\-no\-soa\-ttl boolean; - zone\-statistics ( full | terse | none | boolean ); - }; zone\-statistics ( full | terse | none | boolean ); }; .ft P .fi .UNINDENT .UNINDENT -.SS ZONE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C -zone string [ class ] { - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; +zone [ ] { + type primary; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; auto\-dnssec ( allow | maintain | off ); check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; + check\-integrity ; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); - check\-sibling boolean; + check\-sibling ; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - database string; - delegation\-only boolean; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - dlz string; - dnskey\-sig\-validity integer; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; + check\-wildcard ; + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; dnssec\-update\-mode ( maintain | no\-resign ); - file quoted_string; + file ; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - in\-view string; - inline\-signing boolean; - ixfr\-from\-differences boolean; - journal quoted_string; - key\-directory quoted_string; + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-records integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-zone\-ttl ( unlimited | duration ); - min\-refresh\-time integer; - min\-retry\-time integer; - multi\-master boolean; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify\-to\-soa boolean; - parental\-agents [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - request\-expire boolean; - request\-ixfr boolean; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-out ; + max\-zone\-ttl ( unlimited | ); + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; serial\-update\-method ( date | increment | unixtime ); - server\-addresses { ( ipv4_address | ipv6_address ); ... }; - server\-names { string; ... }; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - try\-tcp\-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation\-only | forward | hint | redirect | static\-stub | - stub ); - update\-check\-ksk boolean; - update\-policy ( local | { ( deny | grant ) string ( 6to4\-self | - external | krb5\-self | krb5\-selfsub | krb5\-subdomain | - krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | - ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | - subdomain | tcp\-self | wildcard | zonesub ) [ string ] - rrtypelist; ... }; - use\-alt\-transfer\-source boolean; - zero\-no\-soa\-ttl boolean; - zone\-statistics ( full | terse | none | boolean ); + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + update\-check\-ksk ; + update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type secondary; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-names ( fail | warn | ignore ); + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type mirror; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + check\-names ( fail | warn | ignore ); + database ; + file ; + ixfr\-from\-differences ; + journal ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type forward; + delegation\-only ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type hint; + check\-names ( fail | warn | ignore ); + delegation\-only ; + file ; +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type redirect; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + dlz ; + file ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-zone\-ttl ( unlimited | ); + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type static\-stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + max\-records ; + server\-addresses { ( | ); ... }; + server\-names { ; ... }; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + check\-names ( fail | warn | ignore ); + database ; + delegation\-only ; + dialup ( notify | notify\-passive | passive | refresh | ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-time\-in ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + use\-alt\-transfer\-source ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type delegation\-only; +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + in\-view ; }; .ft P .fi diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index a2fa397d1b..4b88580b12 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -105,7 +105,7 @@ delegation-only.zoneopt: cfg_test in-view.zoneopt: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@ -../../bin/named/named.conf.rst: options.active rst-options.pl +../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst $(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@ primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl diff --git a/doc/misc/options b/doc/misc/options index d143e86d57..ca4beab2b8 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -756,225 +756,6 @@ view [ ] { validate-except { ; ... }; zero-no-soa-ttl ; zero-no-soa-ttl-cache ; - zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - alt-transfer-source ( | * ) [ port ( - | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | - ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ - dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - parental-source ( | * ) [ port ( | - * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | - static-stub | stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( - 6to4-self | external | krb5-self | krb5-selfsub | - krb5-subdomain | krb5-subdomain-self-rhs | ms-self | - ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | - name | self | selfsub | selfwild | subdomain | tcp-self - | wildcard | zonesub ) [ ] ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; // may occur multiple times - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - -zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | static-stub | - stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | - external | krb5-self | krb5-selfsub | krb5-subdomain | - krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | - ms-subdomain-self-rhs | name | self | selfsub | selfwild | - subdomain | tcp-self | wildcard | zonesub ) [ ] - ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.active b/doc/misc/options.active index 24da22baf1..9a6a705f7c 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -751,223 +751,6 @@ view [ ] { validate-except { ; ... }; zero-no-soa-ttl ; zero-no-soa-ttl-cache ; - zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - alt-transfer-source ( | * ) [ port ( - | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | - ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ - dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - parental-source ( | * ) [ port ( | - * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | - static-stub | stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( - 6to4-self | external | krb5-self | krb5-selfsub | - krb5-subdomain | krb5-subdomain-self-rhs | ms-self | - ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | - name | self | selfsub | selfwild | subdomain | tcp-self - | wildcard | zonesub ) [ ] ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; // may occur multiple times - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - -zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | static-stub | - stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | - external | krb5-self | krb5-selfsub | krb5-subdomain | - krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | - ms-subdomain-self-rhs | name | self | selfsub | selfwild | - subdomain | tcp-self | wildcard | zonesub ) [ ] - ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl index 695144693b..7526ea4f4c 100644 --- a/doc/misc/rst-options.pl +++ b/doc/misc/rst-options.pl @@ -122,6 +122,17 @@ while () { } print <