From 0a8dece1be6c767f007a46e28c6d90a2a42010d4 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 23 Feb 2022 17:36:11 -0800 Subject: [PATCH] document zone grammar more correctly the "zone" clause can be documented using, for instance, `cfg_test --zonegrammar primary", which prints only options that are valid in primary zones. this was not the method being used when generating the named.conf man page; instead, "zone" was documented with all possible options, and no zone types at all. this commit removes "zone" from the generic documentation and adds include statements in named.conf.rst so that correct zone grammars will be included in the man page. (cherry picked from commit 4ca74eee49363a9c24c561a742f0abdd7f71d2a8) --- bin/named/named.conf.rst | 231 +----------------- doc/man/named.conf.5in | 509 +++++++++++++++++++++++---------------- doc/misc/Makefile.am | 2 +- doc/misc/options | 219 ----------------- doc/misc/options.active | 217 ----------------- doc/misc/rst-options.pl | 11 + lib/isccfg/namedconf.c | 2 +- 7 files changed, 328 insertions(+), 863 deletions(-) diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 3c64383ba5..ef63be1184 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -881,230 +881,19 @@ VIEW validate-except { string; ... }; zero-no-soa-ttl boolean; zero-no-soa-ttl-cache boolean; - zone string [ class ] { - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - database string; - delegation-only boolean; - dialup ( notify | notify-passive | passive | refresh | - boolean ); - dlz string; - dnskey-sig-validity integer; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - file quoted_string; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( - ipv4_address | ipv6_address ) [ port integer ] [ - dscp integer ]; ... }; - in-view string; - inline-signing boolean; - ixfr-from-differences boolean; - journal quoted_string; - key-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-records integer; - max-refresh-time integer; - max-retry-time integer; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-zone-ttl ( unlimited | duration ); - min-refresh-time integer; - min-retry-time integer; - multi-master boolean; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; - notify-to-soa boolean; - parental-agents [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - parental-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - request-expire boolean; - request-ixfr boolean; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( ipv4_address | ipv6_address ); ... }; - server-names { string; ... }; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - transfer-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - try-tcp-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | - static-stub | stub ); - update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( - 6to4-self | external | krb5-self | krb5-selfsub | - krb5-subdomain | krb5-subdomain-self-rhs | ms-self | - ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | - name | self | selfsub | selfwild | subdomain | tcp-self - | wildcard | zonesub ) [ string ] rrtypelist; ... }; - use-alt-transfer-source boolean; - zero-no-soa-ttl boolean; - zone-statistics ( full | terse | none | boolean ); - }; zone-statistics ( full | terse | none | boolean ); }; -ZONE -^^^^ - -:: - - zone string [ class ] { - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - database string; - delegation-only boolean; - dialup ( notify | notify-passive | passive | refresh | boolean ); - dlz string; - dnskey-sig-validity integer; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - file quoted_string; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - in-view string; - inline-signing boolean; - ixfr-from-differences boolean; - journal quoted_string; - key-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-records integer; - max-refresh-time integer; - max-retry-time integer; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-zone-ttl ( unlimited | duration ); - min-refresh-time integer; - min-retry-time integer; - multi-master boolean; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify-to-soa boolean; - parental-agents [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - request-expire boolean; - request-ixfr boolean; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( ipv4_address | ipv6_address ); ... }; - server-names { string; ... }; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - try-tcp-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | static-stub | - stub ); - update-check-ksk boolean; - update-policy ( local | { ( deny | grant ) string ( 6to4-self | - external | krb5-self | krb5-selfsub | krb5-subdomain | - krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | - ms-subdomain-self-rhs | name | self | selfsub | selfwild | - subdomain | tcp-self | wildcard | zonesub ) [ string ] - rrtypelist; ... }; - use-alt-transfer-source boolean; - zero-no-soa-ttl boolean; - zone-statistics ( full | terse | none | boolean ); - }; +.. include:: ../../doc/misc/primary.zoneopt.rst +.. include:: ../../doc/misc/secondary.zoneopt.rst +.. include:: ../../doc/misc/mirror.zoneopt.rst +.. include:: ../../doc/misc/forward.zoneopt.rst +.. include:: ../../doc/misc/hint.zoneopt.rst +.. include:: ../../doc/misc/redirect.zoneopt.rst +.. include:: ../../doc/misc/static-stub.zoneopt.rst +.. include:: ../../doc/misc/stub.zoneopt.rst +.. include:: ../../doc/misc/delegation-only.zoneopt.rst +.. include:: ../../doc/misc/in-view.zoneopt.rst Files ~~~~~ diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 0c9bfbba1f..4769bc11cb 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -969,233 +969,334 @@ view string [ class ] { validate\-except { string; ... }; zero\-no\-soa\-ttl boolean; zero\-no\-soa\-ttl\-cache boolean; - zone string [ class ] { - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - auto\-dnssec ( allow | maintain | off ); - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - database string; - delegation\-only boolean; - dialup ( notify | notify\-passive | passive | refresh | - boolean ); - dlz string; - dnskey\-sig\-validity integer; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - file quoted_string; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( - ipv4_address | ipv6_address ) [ port integer ] [ - dscp integer ]; ... }; - in\-view string; - inline\-signing boolean; - ixfr\-from\-differences boolean; - journal quoted_string; - key\-directory quoted_string; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-records integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-zone\-ttl ( unlimited | duration ); - min\-refresh\-time integer; - min\-retry\-time integer; - multi\-master boolean; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; - notify\-to\-soa boolean; - parental\-agents [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - parental\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ - tls string ]; ... }; - request\-expire boolean; - request\-ixfr boolean; - serial\-update\-method ( date | increment | unixtime ); - server\-addresses { ( ipv4_address | ipv6_address ); ... }; - server\-names { string; ... }; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - transfer\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - try\-tcp\-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation\-only | forward | hint | redirect | - static\-stub | stub ); - update\-check\-ksk boolean; - update\-policy ( local | { ( deny | grant ) string ( - 6to4\-self | external | krb5\-self | krb5\-selfsub | - krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | - ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | - name | self | selfsub | selfwild | subdomain | tcp\-self - | wildcard | zonesub ) [ string ] rrtypelist; ... }; - use\-alt\-transfer\-source boolean; - zero\-no\-soa\-ttl boolean; - zone\-statistics ( full | terse | none | boolean ); - }; zone\-statistics ( full | terse | none | boolean ); }; .ft P .fi .UNINDENT .UNINDENT -.SS ZONE .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C -zone string [ class ] { - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; +zone [ ] { + type primary; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; auto\-dnssec ( allow | maintain | off ); check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; + check\-integrity ; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); check\-names ( fail | warn | ignore ); - check\-sibling boolean; + check\-sibling ; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - database string; - delegation\-only boolean; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - dlz string; - dnskey\-sig\-validity integer; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; + check\-wildcard ; + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; dnssec\-update\-mode ( maintain | no\-resign ); - file quoted_string; + file ; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - in\-view string; - inline\-signing boolean; - ixfr\-from\-differences boolean; - journal quoted_string; - key\-directory quoted_string; + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-records integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-zone\-ttl ( unlimited | duration ); - min\-refresh\-time integer; - min\-retry\-time integer; - multi\-master boolean; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify\-to\-soa boolean; - parental\-agents [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - primaries [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - request\-expire boolean; - request\-ixfr boolean; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-out ; + max\-zone\-ttl ( unlimited | ); + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; serial\-update\-method ( date | increment | unixtime ); - server\-addresses { ( ipv4_address | ipv6_address ); ... }; - server\-names { string; ... }; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - try\-tcp\-refresh boolean; - type ( primary | master | secondary | slave | mirror | - delegation\-only | forward | hint | redirect | static\-stub | - stub ); - update\-check\-ksk boolean; - update\-policy ( local | { ( deny | grant ) string ( 6to4\-self | - external | krb5\-self | krb5\-selfsub | krb5\-subdomain | - krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | - ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | - subdomain | tcp\-self | wildcard | zonesub ) [ string ] - rrtypelist; ... }; - use\-alt\-transfer\-source boolean; - zero\-no\-soa\-ttl boolean; - zone\-statistics ( full | terse | none | boolean ); + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + update\-check\-ksk ; + update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type secondary; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-names ( fail | warn | ignore ); + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type mirror; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + check\-names ( fail | warn | ignore ); + database ; + file ; + ixfr\-from\-differences ; + journal ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type forward; + delegation\-only ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type hint; + check\-names ( fail | warn | ignore ); + delegation\-only ; + file ; +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type redirect; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + dlz ; + file ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-zone\-ttl ( unlimited | ); + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type static\-stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + max\-records ; + server\-addresses { ( | ); ... }; + server\-names { ; ... }; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + check\-names ( fail | warn | ignore ); + database ; + delegation\-only ; + dialup ( notify | notify\-passive | passive | refresh | ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-time\-in ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + use\-alt\-transfer\-source ; + zone\-statistics ( full | terse | none | ); +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + type delegation\-only; +}; +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +zone [ ] { + in\-view ; }; .ft P .fi diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index a2fa397d1b..4b88580b12 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -105,7 +105,7 @@ delegation-only.zoneopt: cfg_test in-view.zoneopt: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@ -../../bin/named/named.conf.rst: options.active rst-options.pl +../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst $(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@ primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl diff --git a/doc/misc/options b/doc/misc/options index d143e86d57..ca4beab2b8 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -756,225 +756,6 @@ view [ ] { validate-except { ; ... }; zero-no-soa-ttl ; zero-no-soa-ttl-cache ; - zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - alt-transfer-source ( | * ) [ port ( - | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | - ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ - dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - parental-source ( | * ) [ port ( | - * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | - static-stub | stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( - 6to4-self | external | krb5-self | krb5-selfsub | - krb5-subdomain | krb5-subdomain-self-rhs | ms-self | - ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | - name | self | selfsub | selfwild | subdomain | tcp-self - | wildcard | zonesub ) [ ] ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; // may occur multiple times - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - -zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | static-stub | - stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | - external | krb5-self | krb5-selfsub | krb5-subdomain | - krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | - ms-subdomain-self-rhs | name | self | selfsub | selfwild | - subdomain | tcp-self | wildcard | zonesub ) [ ] - ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.active b/doc/misc/options.active index 24da22baf1..9a6a705f7c 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -751,223 +751,6 @@ view [ ] { validate-except { ; ... }; zero-no-soa-ttl ; zero-no-soa-ttl-cache ; - zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - alt-transfer-source ( | * ) [ port ( - | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | - ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ - dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - parental-source ( | * ) [ port ( | - * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ - tls ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | - static-stub | stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( - 6to4-self | external | krb5-self | krb5-selfsub | - krb5-subdomain | krb5-subdomain-self-rhs | ms-self | - ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | - name | self | selfsub | selfwild | subdomain | tcp-self - | wildcard | zonesub ) [ ] ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; // may occur multiple times - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - -zone [ ] { - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - in-view ; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - primaries [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - request-expire ; - request-ixfr ; - serial-update-method ( date | increment | unixtime ); - server-addresses { ( | ); ... }; - server-names { ; ... }; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - try-tcp-refresh ; - type ( primary | master | secondary | slave | mirror | - delegation-only | forward | hint | redirect | static-stub | - stub ); - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | - external | krb5-self | krb5-selfsub | krb5-subdomain | - krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | - ms-subdomain-self-rhs | name | self | selfsub | selfwild | - subdomain | tcp-self | wildcard | zonesub ) [ ] - ; ... }; - use-alt-transfer-source ; - zero-no-soa-ttl ; zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl index 695144693b..7526ea4f4c 100644 --- a/doc/misc/rst-options.pl +++ b/doc/misc/rst-options.pl @@ -122,6 +122,17 @@ while () { } print <