diff --git a/.reuse/dep5 b/.reuse/dep5 index d539cad8e1..d9dec6a5cb 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -155,7 +155,6 @@ Files: **/.clang-format .uncrustify.cfg doc/misc/*.zoneopt doc/misc/options - doc/misc/options.active doc/misc/rndc.grammar tsan-suppressions.txt Copyright: Internet Systems Consortium, Inc. ("ISC") diff --git a/Makefile.docs b/Makefile.docs index a6bedbe225..4a7b8e597a 100644 --- a/Makefile.docs +++ b/Makefile.docs @@ -60,15 +60,3 @@ AM_V_SED_0 = @echo " SED $@"; AM_V_CFG_TEST = $(AM_V_CFG_TEST_@AM_V@) AM_V_CFG_TEST_ = $(AM_V_CFG_TEST_@AM_DEFAULT_V@) AM_V_CFG_TEST_0 = @echo " CFG_GEN $@"; - -AM_V_RST_OPTIONS = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_OPTIONS_ = $(AM_V_RST_OPTIONS_@AM_DEFAULT_V@) -AM_V_RST_OPTIONS_0 = @echo " RST_OPTIONS $@"; - -AM_V_RST_ZONEOPT = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_ZONEOPT_ = $(AM_V_RST_ZONEOPT_@AM_DEFAULT_V@) -AM_V_RST_ZONEOPT_0 = @echo " RST_ZONEOPT $@"; - -AM_V_RST_GRAMMARS = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_GRAMMARS_ = $(AM_V_RST_GRAMMARS_@AM_DEFAULT_V@) -AM_V_RST_GRAMMARS_0 = @echo " RST_GRAMMARS $@"; diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am index 7065a90b7a..57a023b9fa 100644 --- a/bin/named/Makefile.am +++ b/bin/named/Makefile.am @@ -121,6 +121,3 @@ if HAVE_LIBNGHTTP2 named_LDADD += \ $(LIBNGHTTP2_LIBS) endif HAVE_LIBNGHTTP2 - -MAINTAINERCLEANFILES = \ - named.conf.rst diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 6c99eeed40..820ca2d3cb 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -31,708 +31,24 @@ comment styles are supported: C style: /\* \*/ - C++ style: // to end of line +C++ style: // to end of line Unix style: # to end of line -CONTROLS -^^^^^^^^ - -:: - - controls { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ]; - unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ]; - }; - -DLZ -^^^ - -:: - - dlz string { - database string; - search boolean; - }; - -DNSSEC-POLICY -^^^^^^^^^^^^^ - -:: - - dnssec-policy string { - dnskey-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; - max-zone-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ salt-length integer ]; - parent-ds-ttl duration; - parent-propagation-delay duration; - publish-safety duration; - purge-keys duration; - retire-safety duration; - signatures-refresh duration; - signatures-validity duration; - signatures-validity-dnskey duration; - zone-propagation-delay duration; - }; - -DYNDB -^^^^^ - -:: - - dyndb string quoted_string { unspecified-text }; - -HTTP -^^^^ - -:: - - http string { - endpoints { quoted_string; ... }; - listener-clients integer; - streams-per-connection integer; - }; - -KEY -^^^ - -:: - - key string { - algorithm string; - secret string; - }; - -LOGGING -^^^^^^^ - -:: - - logging { - category string { string; ... }; - channel string { - buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; - null; - print-category boolean; - print-severity boolean; - print-time ( iso8601 | iso8601-utc | local | boolean ); - severity log_severity; - stderr; - syslog [ syslog_facility ]; - }; - }; - -MANAGED-KEYS -^^^^^^^^^^^^ - -See DNSSEC-KEYS. - -:: - - managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated - -OPTIONS -^^^^^^^ - -:: - - options { - allow-new-zones boolean; - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - answer-cookie boolean; - attach-cache string; - auth-nxdomain boolean; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan boolean; - avoid-v4-udp-ports { portrange; ... }; - avoid-v6-udp-ports { portrange; ... }; - bindkeys-file quoted_string; - blackhole { address_match_element; ... }; - catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - clients-per-query integer; - cookie-algorithm ( aes | siphash24 ); - cookie-secret string; - coresize ( default | unlimited | sizeval ); - datasize ( default | unlimited | sizeval ); - deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... } ]; - dialup ( notify | notify-passive | passive | refresh | boolean ); - directory quoted_string; - disable-algorithms string { string; ... }; - disable-ds-digests string { string; ... }; - disable-empty-zone string; - dns64 netprefix { - break-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive-only boolean; - suffix ipv6_address; - }; - dns64-contact string; - dns64-server string; - dnskey-sig-validity integer; - dnsrps-enable boolean; - dnsrps-options { unspecified-text }; - dnssec-accept-expired boolean; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-must-be-secure string boolean; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; - dnstap-version ( quoted_string | none ); - dscp integer; - dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dump-file quoted_string; - edns-udp-size integer; - empty-contact string; - empty-server string; - empty-zones-enable boolean; - fetch-quota-params integer fixedpoint fixedpoint fixedpoint; - fetches-per-server integer [ ( drop | fail ) ]; - fetches-per-zone integer [ ( drop | fail ) ]; - files ( default | unlimited | sizeval ); - flush-zones-on-shutdown boolean; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - fstrm-set-buffer-hint integer; - fstrm-set-flush-timeout integer; - fstrm-set-input-queue-size integer; - fstrm-set-output-notify-threshold integer; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size integer; - fstrm-set-reopen-interval duration; - geoip-directory ( quoted_string | none ); - glue-cache boolean;// deprecated - heartbeat-interval integer; - hostname ( quoted_string | none ); - http-listener-clients integer; - http-port integer; - http-streams-per-connection integer; - https-port integer; - interface-interval duration; - ipv4only-contact string; - ipv4only-enable boolean; - ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | boolean ); - keep-response-order { address_match_element; ... }; - key-directory quoted_string; - lame-ttl duration; - listen-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - listen-on-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - lmdb-mapsize sizeval; - lock-file ( quoted_string | none ); - managed-keys-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses boolean; - max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl duration; - max-clients-per-query integer; - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl duration; - max-records integer; - max-recursion-depth integer; - max-recursion-queries integer; - max-refresh-time integer; - max-retry-time integer; - max-rsa-exponent-size integer; - max-stale-ttl duration; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-udp-size integer; - max-zone-ttl ( unlimited | duration ); - memstatistics boolean; - memstatistics-file quoted_string; - message-compression boolean; - min-cache-ttl duration; - min-ncache-ttl duration; - min-refresh-time integer; - min-retry-time integer; - minimal-any boolean; - minimal-responses ( no-auth | no-auth-recursive | boolean ); - multi-master boolean; - new-zones-directory quoted_string; - no-case-compress { address_match_element; ... }; - nocookie-udp-size integer; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-rate integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-to-soa boolean; - nta-lifetime duration; - nta-recheck duration; - nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - pid-file ( quoted_string | none ); - port integer; - preferred-glue string; - prefetch integer [ integer ]; - provide-ixfr boolean; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - querylog boolean; - random-device ( quoted_string | none ); - rate-limit { - all-per-second integer; - errors-per-second integer; - exempt-clients { address_match_element; ... }; - ipv4-prefix-length integer; - ipv6-prefix-length integer; - log-only boolean; - max-table-size integer; - min-table-size integer; - nodata-per-second integer; - nxdomains-per-second integer; - qps-scale integer; - referrals-per-second integer; - responses-per-second integer; - slip integer; - window integer; - }; - recursing-file quoted_string; - recursion boolean; - recursive-clients integer; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - require-server-cookie boolean; - reserved-sockets integer;// deprecated - resolver-nonbackoff-tries integer; - resolver-query-timeout integer; - resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; - reuseport boolean; - root-delegation-only [ exclude { string; ... } ]; - root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - secroots-file quoted_string; - send-cookie boolean; - serial-query-rate integer; - serial-update-method ( date | increment | unixtime ); - server-id ( quoted_string | none | hostname ); - servfail-ttl duration; - session-keyalg string; - session-keyfile ( quoted_string | none ); - session-keyname string; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stacksize ( default | unlimited | sizeval ); - stale-answer-client-timeout ( disabled | off | integer ); - stale-answer-enable boolean; - stale-answer-ttl duration; - stale-cache-enable boolean; - stale-refresh-time duration; - startup-notify-rate integer; - statistics-file quoted_string; - synth-from-dnssec boolean; - tcp-advertised-timeout integer; - tcp-clients integer; - tcp-idle-timeout integer; - tcp-initial-timeout integer; - tcp-keepalive-timeout integer; - tcp-listen-queue integer; - tcp-receive-buffer integer; - tcp-send-buffer integer; - tkey-dhkey quoted_string integer; - tkey-domain quoted_string; - tkey-gssapi-credential quoted_string; - tkey-gssapi-keytab quoted_string; - tls-port integer; - transfer-format ( many-answers | one-answer ); - transfer-message-size integer; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers-in integer; - transfers-out integer; - transfers-per-ns integer; - trust-anchor-telemetry boolean; // experimental - try-tcp-refresh boolean; - udp-receive-buffer integer; - udp-send-buffer integer; - update-check-ksk boolean; - use-alt-transfer-source boolean; - use-v4-udp-ports { portrange; ... }; - use-v6-udp-ports { portrange; ... }; - v6-bias integer; - validate-except { string; ... }; - version ( quoted_string | none ); - zero-no-soa-ttl boolean; - zero-no-soa-ttl-cache boolean; - zone-statistics ( full | terse | none | boolean ); - }; - -PARENTAL-AGENTS -^^^^^^^^^^^^^^^ - -:: - - parental-agents string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - -PLUGIN -^^^^^^ - -:: - - plugin ( query ) string [ { unspecified-text } ]; - -PRIMARIES -^^^^^^^^^ - -:: - - primaries string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - -SERVER -^^^^^^ - -:: - - server netprefix { - bogus boolean; - edns boolean; - edns-udp-size integer; - edns-version integer; - keys server_key; - max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - send-cookie boolean; - tcp-keepalive boolean; - tcp-only boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; - }; - -STATISTICS-CHANNELS -^^^^^^^^^^^^^^^^^^^ - -:: - - statistics-channels { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; - }; - -TLS -^^^ - -:: - - tls string { - ca-file quoted_string; - cert-file quoted_string; - ciphers string; - dhparam-file quoted_string; - key-file quoted_string; - prefer-server-ciphers boolean; - protocols { string; ... }; - remote-hostname quoted_string; - session-tickets boolean; - }; - -TRUST-ANCHORS -^^^^^^^^^^^^^ - -:: - - trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; - -TRUSTED-KEYS -^^^^^^^^^^^^ - -Deprecated - see DNSSEC-KEYS. - -:: - - trusted-keys { string integer integer integer quoted_string; ... };, deprecated - -VIEW -^^^^ - -:: - - view string [ class ] { - allow-new-zones boolean; - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - attach-cache string; - auth-nxdomain boolean; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - clients-per-query integer; - deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... } ]; - dialup ( notify | notify-passive | passive | refresh | boolean ); - disable-algorithms string { string; ... }; - disable-ds-digests string { string; ... }; - disable-empty-zone string; - dlz string { - database string; - search boolean; - }; - dns64 netprefix { - break-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive-only boolean; - suffix ipv6_address; - }; - dns64-contact string; - dns64-server string; - dnskey-sig-validity integer; - dnsrps-enable boolean; - dnsrps-options { unspecified-text }; - dnssec-accept-expired boolean; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-must-be-secure string boolean; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { unspecified-text }; - edns-udp-size integer; - empty-contact string; - empty-server string; - empty-zones-enable boolean; - fetch-quota-params integer fixedpoint fixedpoint fixedpoint; - fetches-per-server integer [ ( drop | fail ) ]; - fetches-per-zone integer [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - glue-cache boolean;// deprecated - ipv4only-contact string; - ipv4only-enable boolean; - ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | boolean ); - key string { - algorithm string; - secret string; - }; - key-directory quoted_string; - lame-ttl duration; - lmdb-mapsize sizeval; - managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { address_match_element; ... }; - match-destinations { address_match_element; ... }; - match-recursive-only boolean; - max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl duration; - max-clients-per-query integer; - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl duration; - max-records integer; - max-recursion-depth integer; - max-recursion-queries integer; - max-refresh-time integer; - max-retry-time integer; - max-stale-ttl duration; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-udp-size integer; - max-zone-ttl ( unlimited | duration ); - message-compression boolean; - min-cache-ttl duration; - min-ncache-ttl duration; - min-refresh-time integer; - min-retry-time integer; - minimal-any boolean; - minimal-responses ( no-auth | no-auth-recursive | boolean ); - multi-master boolean; - new-zones-directory quoted_string; - no-case-compress { address_match_element; ... }; - nocookie-udp-size integer; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-to-soa boolean; - nta-lifetime duration; - nta-recheck duration; - nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - plugin ( query ) string [ { unspecified-text } ]; - preferred-glue string; - prefetch integer [ integer ]; - provide-ixfr boolean; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - rate-limit { - all-per-second integer; - errors-per-second integer; - exempt-clients { address_match_element; ... }; - ipv4-prefix-length integer; - ipv6-prefix-length integer; - log-only boolean; - max-table-size integer; - min-table-size integer; - nodata-per-second integer; - nxdomains-per-second integer; - qps-scale integer; - referrals-per-second integer; - responses-per-second integer; - slip integer; - window integer; - }; - recursion boolean; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - require-server-cookie boolean; - resolver-nonbackoff-tries integer; - resolver-query-timeout integer; - resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; - root-delegation-only [ exclude { string; ... } ]; - root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - send-cookie boolean; - serial-update-method ( date | increment | unixtime ); - server netprefix { - bogus boolean; - edns boolean; - edns-udp-size integer; - edns-version integer; - keys server_key; - max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - send-cookie boolean; - tcp-keepalive boolean; - tcp-only boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; - }; - servfail-ttl duration; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stale-answer-client-timeout ( disabled | off | integer ); - stale-answer-enable boolean; - stale-answer-ttl duration; - stale-cache-enable boolean; - stale-refresh-time duration; - synth-from-dnssec boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - trust-anchor-telemetry boolean; // experimental - trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; - trusted-keys { string integer integer integer quoted_string; ... };, deprecated - try-tcp-refresh boolean; - update-check-ksk boolean; - use-alt-transfer-source boolean; - v6-bias integer; - validate-except { string; ... }; - zero-no-soa-ttl boolean; - zero-no-soa-ttl-cache boolean; - zone-statistics ( full | terse | none | boolean ); - }; - -ZONE -^^^^ +.. literalinclude:: ../../doc/misc/options Any of these zone statements can also be set inside the view statement. -.. include:: ../../doc/misc/primary.zoneopt.rst -.. include:: ../../doc/misc/secondary.zoneopt.rst -.. include:: ../../doc/misc/mirror.zoneopt.rst -.. include:: ../../doc/misc/forward.zoneopt.rst -.. include:: ../../doc/misc/hint.zoneopt.rst -.. include:: ../../doc/misc/redirect.zoneopt.rst -.. include:: ../../doc/misc/static-stub.zoneopt.rst -.. include:: ../../doc/misc/stub.zoneopt.rst -.. include:: ../../doc/misc/delegation-only.zoneopt.rst -.. include:: ../../doc/misc/in-view.zoneopt.rst +.. literalinclude:: ../../doc/misc/primary.zoneopt +.. literalinclude:: ../../doc/misc/secondary.zoneopt +.. literalinclude:: ../../doc/misc/mirror.zoneopt +.. literalinclude:: ../../doc/misc/forward.zoneopt +.. literalinclude:: ../../doc/misc/hint.zoneopt +.. literalinclude:: ../../doc/misc/redirect.zoneopt +.. literalinclude:: ../../doc/misc/static-stub.zoneopt +.. literalinclude:: ../../doc/misc/stub.zoneopt +.. literalinclude:: ../../doc/misc/delegation-only.zoneopt +.. literalinclude:: ../../doc/misc/in-view.zoneopt Files ~~~~~ diff --git a/doc/arm/Makefile.am b/doc/arm/Makefile.am index 837f748412..3d16b6c953 100644 --- a/doc/arm/Makefile.am +++ b/doc/arm/Makefile.am @@ -67,27 +67,18 @@ EXTRA_DIST = \ _ext/rndcconf.py \ _static/custom.css \ ../dnssec-guide \ - ../misc/acl.grammar.rst \ - ../misc/controls.grammar.rst \ - ../misc/delegation-only.zoneopt.rst \ - ../misc/forward.zoneopt.rst \ - ../misc/hint.zoneopt.rst \ - ../misc/in-view.zoneopt.rst \ - ../misc/key.grammar.rst \ - ../misc/logging.grammar.rst \ - ../misc/managed-keys.grammar.rst \ - ../misc/primary.zoneopt.rst \ - ../misc/mirror.zoneopt.rst \ - ../misc/options.grammar.rst \ - ../misc/parental-agents.grammar.rst \ - ../misc/primaries.grammar.rst \ - ../misc/redirect.zoneopt.rst \ - ../misc/server.grammar.rst \ - ../misc/secondary.zoneopt.rst \ - ../misc/static-stub.zoneopt.rst \ - ../misc/statistics-channels.grammar.rst \ - ../misc/stub.zoneopt.rst \ - ../misc/trusted-keys.grammar.rst \ + ../misc/options \ + ../misc/rndc.grammar \ + ../misc/delegation-only.zoneopt \ + ../misc/forward.zoneopt \ + ../misc/hint.zoneopt \ + ../misc/in-view.zoneopt \ + ../misc/mirror.zoneopt \ + ../misc/primary.zoneopt \ + ../misc/redirect.zoneopt \ + ../misc/secondary.zoneopt \ + ../misc/static-stub.zoneopt \ + ../misc/stub.zoneopt \ ../notes/*.rst html-local: diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 9fabcb763f..b308f645b7 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -427,8 +427,6 @@ configuration. .. namedconf:statement:: acl -.. include:: ../misc/acl.grammar.rst - .. _acl: ``acl`` Statement Definition and Usage @@ -458,8 +456,6 @@ The following ACLs are built-in: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: controls -.. include:: ../misc/controls.grammar.rst - .. _controls_statement_definition_and_usage: ``controls`` Statement Definition and Usage @@ -534,8 +530,6 @@ To disable the command channel, use an empty ``controls`` statement: ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: key -.. include:: ../misc/key.grammar.rst - .. _key_statement: ``key`` Statement Definition and Usage @@ -576,8 +570,6 @@ matching this name, algorithm, and secret. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: logging -.. include:: ../misc/logging.grammar.rst - .. _logging_statement: ``logging`` Statement Definition and Usage @@ -986,8 +978,6 @@ responses such as NXDOMAIN. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: parental-agents -.. include:: ../misc/parental-agents.grammar.rst - .. _parental_agents_statement: ``parental-agents`` Statement Definition and Usage @@ -1004,8 +994,6 @@ change its delegation information (defined in :rfc:`7344`). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: primaries -.. include:: ../misc/primaries.grammar.rst - .. _primaries_statement: ``primaries`` Statement Definition and Usage @@ -1043,8 +1031,6 @@ where ``tls-configuration-name`` refers to a previously defined This is the grammar of the ``options`` statement in the :iscman:`named.conf` file: -.. include:: ../misc/options.grammar.rst - .. _options: ``options`` Statement Definition and Usage @@ -5229,8 +5215,6 @@ redirect zone is tried first. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: server -.. include:: ../misc/server.grammar.rst - .. _server_statement_definition_and_usage: ``server`` Statement Definition and Usage @@ -5336,8 +5320,6 @@ and :namedconf:ref:`options` blocks: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: statistics-channels -.. include:: ../misc/statistics-channels.grammar.rst - .. _statistics_channels: ``statistics-channels`` Statement Definition and Usage @@ -5408,8 +5390,6 @@ statistics), and http://127.0.0.1:8888/json/v1/traffic (traffic sizes). ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: tls -.. include:: ../misc/tls.grammar.rst - ``tls`` Statement Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -5595,8 +5575,6 @@ issues related to shared cryptographic secrets. ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: http -.. include:: ../misc/http.grammar.rst - ``http`` Statement Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -5651,8 +5629,6 @@ all local addresses: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trust-anchors -.. include:: ../misc/trust-anchors.grammar.rst - .. _trust-anchors: ``trust-anchors`` Statement Definition and Usage @@ -5799,8 +5775,6 @@ can be found, the initializing key is also compiled directly into ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: dnssec-policy -.. include:: ../misc/dnssec-policy.grammar.rst - .. _dnssec_policy: ``dnssec-policy`` Statement Definition and Usage @@ -6068,8 +6042,6 @@ The following options apply to DS queries sent to ``parental-agents``: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: managed-keys -.. include:: ../misc/managed-keys.grammar.rst - .. _managed_keys: ``managed-keys`` Statement Definition and Usage @@ -6085,8 +6057,6 @@ with the ``initial-key`` keyword. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trusted-keys -.. include:: ../misc/trusted-keys.grammar.rst - .. _trusted_keys: ``trusted-keys`` Statement Definition and Usage @@ -6209,17 +6179,6 @@ Here is an example of a typical split DNS setup implemented using ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: zone -.. include:: ../misc/primary.zoneopt.rst -.. include:: ../misc/secondary.zoneopt.rst -.. include:: ../misc/mirror.zoneopt.rst -.. include:: ../misc/hint.zoneopt.rst -.. include:: ../misc/stub.zoneopt.rst -.. include:: ../misc/static-stub.zoneopt.rst -.. include:: ../misc/forward.zoneopt.rst -.. include:: ../misc/redirect.zoneopt.rst -.. include:: ../misc/delegation-only.zoneopt.rst -.. include:: ../misc/in-view.zoneopt.rst - .. _zone_statement: ``zone`` Statement Definition and Usage diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index c1d2528102..b537815e9d 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -55,6 +55,7 @@ MANPAGES_RST = \ ../../bin/dnssec/dnssec-settime.rst \ ../../bin/dnssec/dnssec-signzone.rst \ ../../bin/dnssec/dnssec-verify.rst \ + ../../bin/named/named.conf.rst \ ../../bin/named/named.rst \ ../../bin/nsupdate/nsupdate.rst \ ../../bin/plugins/filter-aaaa.rst \ diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 4b023f0b9c..8f3d437f65 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -41,769 +41,616 @@ Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .sp C style: /* */ -.INDENT 0.0 -.INDENT 3.5 +.sp C++ style: // to end of line -.UNINDENT -.UNINDENT .sp Unix style: # to end of line -.SS CONTROLS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C +acl { ; ... }; // may occur multiple times + controls { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read\-only boolean ]; - unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read\-only boolean ]; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DLZ -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dlz string { - database string; - search boolean; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DNSSEC\-POLICY -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dnssec\-policy string { - dnskey\-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; - max\-zone\-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ salt\-length integer ]; - parent\-ds\-ttl duration; - parent\-propagation\-delay duration; - publish\-safety duration; - purge\-keys duration; - retire\-safety duration; - signatures\-refresh duration; - signatures\-validity duration; - signatures\-validity\-dnskey duration; - zone\-propagation\-delay duration; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DYNDB -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dyndb string quoted_string { unspecified\-text }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS HTTP -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -http string { - endpoints { quoted_string; ... }; - listener\-clients integer; - streams\-per\-connection integer; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS KEY -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -key string { - algorithm string; - secret string; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS LOGGING -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read\-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read\-only ]; // may occur multiple times +}; // may occur multiple times + +dlz { + database ; + search ; +}; // may occur multiple times + +dnssec\-policy { + dnskey\-ttl ; + keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime algorithm [ ]; ... }; + max\-zone\-ttl ; + nsec3param [ iterations ] [ optout ] [ salt\-length ]; + parent\-ds\-ttl ; + parent\-propagation\-delay ; + parent\-registration\-delay ; // obsolete + publish\-safety ; + purge\-keys ; + retire\-safety ; + signatures\-refresh ; + signatures\-validity ; + signatures\-validity\-dnskey ; + zone\-propagation\-delay ; +}; // may occur multiple times + +dyndb { }; // may occur multiple times + +http { + endpoints { ; ... }; + listener\-clients ; + streams\-per\-connection ; +}; // may occur multiple times + +key { + algorithm ; + secret ; +}; // may occur multiple times + logging { - category string { string; ... }; - channel string { - buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; - null; - print\-category boolean; - print\-severity boolean; - print\-time ( iso8601 | iso8601\-utc | local | boolean ); - severity log_severity; - stderr; - syslog [ syslog_facility ]; - }; + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print\-category ; + print\-severity ; + print\-time ( iso8601 | iso8601\-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS MANAGED\-KEYS -.sp -See DNSSEC\-KEYS. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated -.ft P -.fi -.UNINDENT -.UNINDENT -.SS OPTIONS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + +managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated + options { - allow\-new\-zones boolean; - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-cache { address_match_element; ... }; - allow\-query\-cache\-on { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-recursion { address_match_element; ... }; - allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - answer\-cookie boolean; - attach\-cache string; - auth\-nxdomain boolean; - auto\-dnssec ( allow | maintain | off ); - automatic\-interface\-scan boolean; - avoid\-v4\-udp\-ports { portrange; ... }; - avoid\-v6\-udp\-ports { portrange; ... }; - bindkeys\-file quoted_string; - blackhole { address_match_element; ... }; - catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - clients\-per\-query integer; - cookie\-algorithm ( aes | siphash24 ); - cookie\-secret string; - coresize ( default | unlimited | sizeval ); - datasize ( default | unlimited | sizeval ); - deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - directory quoted_string; - disable\-algorithms string { string; ... }; - disable\-ds\-digests string { string; ... }; - disable\-empty\-zone string; - dns64 netprefix { - break\-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive\-only boolean; - suffix ipv6_address; - }; - dns64\-contact string; - dns64\-server string; - dnskey\-sig\-validity integer; - dnsrps\-enable boolean; - dnsrps\-options { unspecified\-text }; - dnssec\-accept\-expired boolean; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-must\-be\-secure string boolean; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dnstap\-identity ( quoted_string | none | hostname ); - dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; - dnstap\-version ( quoted_string | none ); - dscp integer; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dump\-file quoted_string; - edns\-udp\-size integer; - empty\-contact string; - empty\-server string; - empty\-zones\-enable boolean; - fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; - fetches\-per\-server integer [ ( drop | fail ) ]; - fetches\-per\-zone integer [ ( drop | fail ) ]; - files ( default | unlimited | sizeval ); - flush\-zones\-on\-shutdown boolean; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - fstrm\-set\-buffer\-hint integer; - fstrm\-set\-flush\-timeout integer; - fstrm\-set\-input\-queue\-size integer; - fstrm\-set\-output\-notify\-threshold integer; - fstrm\-set\-output\-queue\-model ( mpsc | spsc ); - fstrm\-set\-output\-queue\-size integer; - fstrm\-set\-reopen\-interval duration; - geoip\-directory ( quoted_string | none ); - glue\-cache boolean;// deprecated - heartbeat\-interval integer; - hostname ( quoted_string | none ); - http\-listener\-clients integer; - http\-port integer; - http\-streams\-per\-connection integer; - https\-port integer; - interface\-interval duration; - ipv4only\-contact string; - ipv4only\-enable boolean; - ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); - keep\-response\-order { address_match_element; ... }; - key\-directory quoted_string; - lame\-ttl duration; - listen\-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - listen\-on\-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - lmdb\-mapsize sizeval; - lock\-file ( quoted_string | none ); - managed\-keys\-directory quoted_string; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - match\-mapped\-addresses boolean; - max\-cache\-size ( default | unlimited | sizeval | percentage ); - max\-cache\-ttl duration; - max\-clients\-per\-query integer; - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-ncache\-ttl duration; - max\-records integer; - max\-recursion\-depth integer; - max\-recursion\-queries integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-rsa\-exponent\-size integer; - max\-stale\-ttl duration; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-udp\-size integer; - max\-zone\-ttl ( unlimited | duration ); - memstatistics boolean; - memstatistics\-file quoted_string; - message\-compression boolean; - min\-cache\-ttl duration; - min\-ncache\-ttl duration; - min\-refresh\-time integer; - min\-retry\-time integer; - minimal\-any boolean; - minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); - multi\-master boolean; - new\-zones\-directory quoted_string; - no\-case\-compress { address_match_element; ... }; - nocookie\-udp\-size integer; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-rate integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-to\-soa boolean; - nta\-lifetime duration; - nta\-recheck duration; - nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - pid\-file ( quoted_string | none ); - port integer; - preferred\-glue string; - prefetch integer [ integer ]; - provide\-ixfr boolean; - qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - querylog boolean; - random\-device ( quoted_string | none ); - rate\-limit { - all\-per\-second integer; - errors\-per\-second integer; - exempt\-clients { address_match_element; ... }; - ipv4\-prefix\-length integer; - ipv6\-prefix\-length integer; - log\-only boolean; - max\-table\-size integer; - min\-table\-size integer; - nodata\-per\-second integer; - nxdomains\-per\-second integer; - qps\-scale integer; - referrals\-per\-second integer; - responses\-per\-second integer; - slip integer; - window integer; - }; - recursing\-file quoted_string; - recursion boolean; - recursive\-clients integer; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - require\-server\-cookie boolean; - reserved\-sockets integer;// deprecated - resolver\-nonbackoff\-tries integer; - resolver\-query\-timeout integer; - resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size integer; - response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; - reuseport boolean; - root\-delegation\-only [ exclude { string; ... } ]; - root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - secroots\-file quoted_string; - send\-cookie boolean; - serial\-query\-rate integer; - serial\-update\-method ( date | increment | unixtime ); - server\-id ( quoted_string | none | hostname ); - servfail\-ttl duration; - session\-keyalg string; - session\-keyfile ( quoted_string | none ); - session\-keyname string; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stacksize ( default | unlimited | sizeval ); - stale\-answer\-client\-timeout ( disabled | off | integer ); - stale\-answer\-enable boolean; - stale\-answer\-ttl duration; - stale\-cache\-enable boolean; - stale\-refresh\-time duration; - startup\-notify\-rate integer; - statistics\-file quoted_string; - synth\-from\-dnssec boolean; - tcp\-advertised\-timeout integer; - tcp\-clients integer; - tcp\-idle\-timeout integer; - tcp\-initial\-timeout integer; - tcp\-keepalive\-timeout integer; - tcp\-listen\-queue integer; - tcp\-receive\-buffer integer; - tcp\-send\-buffer integer; - tkey\-dhkey quoted_string integer; - tkey\-domain quoted_string; - tkey\-gssapi\-credential quoted_string; - tkey\-gssapi\-keytab quoted_string; - tls\-port integer; - transfer\-format ( many\-answers | one\-answer ); - transfer\-message\-size integer; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers\-in integer; - transfers\-out integer; - transfers\-per\-ns integer; - trust\-anchor\-telemetry boolean; // experimental - try\-tcp\-refresh boolean; - udp\-receive\-buffer integer; - udp\-send\-buffer integer; - update\-check\-ksk boolean; - use\-alt\-transfer\-source boolean; - use\-v4\-udp\-ports { portrange; ... }; - use\-v6\-udp\-ports { portrange; ... }; - v6\-bias integer; - validate\-except { string; ... }; - version ( quoted_string | none ); - zero\-no\-soa\-ttl boolean; - zero\-no\-soa\-ttl\-cache boolean; - zone\-statistics ( full | terse | none | boolean ); + allow\-new\-zones ; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-cache { ; ... }; + allow\-query\-cache\-on { ; ... }; + allow\-query\-on { ; ... }; + allow\-recursion { ; ... }; + allow\-recursion\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer\-cookie ; + attach\-cache ; + auth\-nxdomain ; + auto\-dnssec ( allow | maintain | off ); + automatic\-interface\-scan ; + avoid\-v4\-udp\-ports { ; ... }; + avoid\-v6\-udp\-ports { ; ... }; + bindkeys\-file ; + blackhole { ; ... }; + catalog\-zones { zone [ default\-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + clients\-per\-query ; + cookie\-algorithm ( aes | siphash24 ); + cookie\-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; + deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; + dialup ( notify | notify\-passive | passive | refresh | ); + directory ; + disable\-algorithms { ; ... }; // may occur multiple times + disable\-ds\-digests { ; ... }; // may occur multiple times + disable\-empty\-zone ; // may occur multiple times + dns64 { + break\-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive\-only ; + suffix ; + }; // may occur multiple times + dns64\-contact ; + dns64\-server ; + dnskey\-sig\-validity ; + dnsrps\-enable ; // not configured + dnsrps\-options { }; // not configured + dnssec\-accept\-expired ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-must\-be\-secure ; // may occur multiple times + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + dnssec\-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap\-identity ( | none | hostname ); // not configured + dnstap\-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap\-version ( | none ); // not configured + dscp ; + dual\-stack\-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump\-file ; + edns\-udp\-size ; + empty\-contact ; + empty\-server ; + empty\-zones\-enable ; + fetch\-quota\-params ; + fetches\-per\-server [ ( drop | fail ) ]; + fetches\-per\-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush\-zones\-on\-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm\-set\-buffer\-hint ; // not configured + fstrm\-set\-flush\-timeout ; // not configured + fstrm\-set\-input\-queue\-size ; // not configured + fstrm\-set\-output\-notify\-threshold ; // not configured + fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured + fstrm\-set\-output\-queue\-size ; // not configured + fstrm\-set\-reopen\-interval ; // not configured + geoip\-directory ( | none ); + glue\-cache ; // deprecated + heartbeat\-interval ; + hostname ( | none ); + http\-listener\-clients ; + http\-port ; + http\-streams\-per\-connection ; + https\-port ; + interface\-interval ; + ipv4only\-contact ; + ipv4only\-enable ; + ipv4only\-server ; + ixfr\-from\-differences ( primary | master | secondary | slave | ); + keep\-response\-order { ; ... }; + key\-directory ; + lame\-ttl ; + listen\-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen\-on\-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb\-mapsize ; + lock\-file ( | none ); + managed\-keys\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + match\-mapped\-addresses ; + max\-cache\-size ( default | unlimited | | ); + max\-cache\-ttl ; + max\-clients\-per\-query ; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-ncache\-ttl ; + max\-records ; + max\-recursion\-depth ; + max\-recursion\-queries ; + max\-refresh\-time ; + max\-retry\-time ; + max\-rsa\-exponent\-size ; + max\-stale\-ttl ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + max\-udp\-size ; + max\-zone\-ttl ( unlimited | ); + memstatistics ; + memstatistics\-file ; + message\-compression ; + min\-cache\-ttl ; + min\-ncache\-ttl ; + min\-refresh\-time ; + min\-retry\-time ; + minimal\-any ; + minimal\-responses ( no\-auth | no\-auth\-recursive | ); + multi\-master ; + new\-zones\-directory ; + no\-case\-compress { ; ... }; + nocookie\-udp\-size ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-rate ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + nta\-lifetime ; + nta\-recheck ; + nxdomain\-redirect ; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid\-file ( | none ); + port ; + preferred\-glue ; + prefetch [ ]; + provide\-ixfr ; + qname\-minimization ( strict | relaxed | disabled | off ); + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random\-device ( | none ); + rate\-limit { + all\-per\-second ; + errors\-per\-second ; + exempt\-clients { ; ... }; + ipv4\-prefix\-length ; + ipv6\-prefix\-length ; + log\-only ; + max\-table\-size ; + min\-table\-size ; + nodata\-per\-second ; + nxdomains\-per\-second ; + qps\-scale ; + referrals\-per\-second ; + responses\-per\-second ; + slip ; + window ; + }; + recursing\-file ; + recursion ; + recursive\-clients ; + request\-expire ; + request\-ixfr ; + request\-nsid ; + require\-server\-cookie ; + reserved\-sockets ; // deprecated + resolver\-nonbackoff\-tries ; + resolver\-query\-timeout ; + resolver\-retry\-interval ; + response\-padding { ; ... } block\-size ; + response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; + reuseport ; + root\-delegation\-only [ exclude { ; ... } ]; + root\-key\-sentinel ; + rrset\-order { [ class ] [ type ] [ name ] ; ... }; + secroots\-file ; + send\-cookie ; + serial\-query\-rate ; + serial\-update\-method ( date | increment | unixtime ); + server\-id ( | none | hostname ); + servfail\-ttl ; + session\-keyalg ; + session\-keyfile ( | none ); + session\-keyname ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale\-answer\-client\-timeout ( disabled | off | ); + stale\-answer\-enable ; + stale\-answer\-ttl ; + stale\-cache\-enable ; + stale\-refresh\-time ; + startup\-notify\-rate ; + statistics\-file ; + suppress\-initial\-notify ; // obsolete + synth\-from\-dnssec ; + tcp\-advertised\-timeout ; + tcp\-clients ; + tcp\-idle\-timeout ; + tcp\-initial\-timeout ; + tcp\-keepalive\-timeout ; + tcp\-listen\-queue ; + tcp\-receive\-buffer ; + tcp\-send\-buffer ; + tkey\-dhkey ; + tkey\-domain ; + tkey\-gssapi\-credential ; + tkey\-gssapi\-keytab ; + tls\-port ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-message\-size ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers\-in ; + transfers\-out ; + transfers\-per\-ns ; + trust\-anchor\-telemetry ; // experimental + try\-tcp\-refresh ; + udp\-receive\-buffer ; + udp\-send\-buffer ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + use\-v4\-udp\-ports { ; ... }; + use\-v6\-udp\-ports { ; ... }; + v6\-bias ; + validate\-except { ; ... }; + version ( | none ); + zero\-no\-soa\-ttl ; + zero\-no\-soa\-ttl\-cache ; + zone\-statistics ( full | terse | none | ); }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PARENTAL\-AGENTS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -parental\-agents string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PLUGIN -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -plugin ( query ) string [ { unspecified\-text } ]; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PRIMARIES -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -primaries string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS SERVER -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -server netprefix { - bogus boolean; - edns boolean; - edns\-udp\-size integer; - edns\-version integer; - keys server_key; - max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - send\-cookie boolean; - tcp\-keepalive boolean; - tcp\-only boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS STATISTICS\-CHANNELS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + +parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times + +plugin ( query ) [ { } ]; // may occur multiple times + +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times + +server { + bogus ; + edns ; + edns\-udp\-size ; + edns\-version ; + keys ; + max\-udp\-size ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide\-ixfr ; + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request\-expire ; + request\-ixfr ; + request\-nsid ; + send\-cookie ; + tcp\-keepalive ; + tcp\-only ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; +}; // may occur multiple times + statistics\-channels { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; -}; + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times +}; // may occur multiple times + +tls { + ca\-file ; + cert\-file ; + ciphers ; + dhparam\-file ; + key\-file ; + prefer\-server\-ciphers ; + protocols { ; ... }; + remote\-hostname ; + session\-tickets ; +}; // may occur multiple times + +trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times + +trusted\-keys { ; ... }; // may occur multiple times, deprecated + +view [ ] { + allow\-new\-zones ; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-cache { ; ... }; + allow\-query\-cache\-on { ; ... }; + allow\-query\-on { ; ... }; + allow\-recursion { ; ... }; + allow\-recursion\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach\-cache ; + auth\-nxdomain ; + auto\-dnssec ( allow | maintain | off ); + catalog\-zones { zone [ default\-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + clients\-per\-query ; + deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; + deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; + dialup ( notify | notify\-passive | passive | refresh | ); + disable\-algorithms { ; ... }; // may occur multiple times + disable\-ds\-digests { ; ... }; // may occur multiple times + disable\-empty\-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break\-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive\-only ; + suffix ; + }; // may occur multiple times + dns64\-contact ; + dns64\-server ; + dnskey\-sig\-validity ; + dnsrps\-enable ; // not configured + dnsrps\-options { }; // not configured + dnssec\-accept\-expired ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-must\-be\-secure ; // may occur multiple times + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + dnssec\-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual\-stack\-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns\-udp\-size ; + empty\-contact ; + empty\-server ; + empty\-zones\-enable ; + fetch\-quota\-params ; + fetches\-per\-server [ ( drop | fail ) ]; + fetches\-per\-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + glue\-cache ; // deprecated + ipv4only\-contact ; + ipv4only\-enable ; + ipv4only\-server ; + ixfr\-from\-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key\-directory ; + lame\-ttl ; + lmdb\-mapsize ; + managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + match\-clients { ; ... }; + match\-destinations { ; ... }; + match\-recursive\-only ; + max\-cache\-size ( default | unlimited | | ); + max\-cache\-ttl ; + max\-clients\-per\-query ; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-ncache\-ttl ; + max\-records ; + max\-recursion\-depth ; + max\-recursion\-queries ; + max\-refresh\-time ; + max\-retry\-time ; + max\-stale\-ttl ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + max\-udp\-size ; + max\-zone\-ttl ( unlimited | ); + message\-compression ; + min\-cache\-ttl ; + min\-ncache\-ttl ; + min\-refresh\-time ; + min\-retry\-time ; + minimal\-any ; + minimal\-responses ( no\-auth | no\-auth\-recursive | ); + multi\-master ; + new\-zones\-directory ; + no\-case\-compress { ; ... }; + nocookie\-udp\-size ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + nta\-lifetime ; + nta\-recheck ; + nxdomain\-redirect ; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred\-glue ; + prefetch [ ]; + provide\-ixfr ; + qname\-minimization ( strict | relaxed | disabled | off ); + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate\-limit { + all\-per\-second ; + errors\-per\-second ; + exempt\-clients { ; ... }; + ipv4\-prefix\-length ; + ipv6\-prefix\-length ; + log\-only ; + max\-table\-size ; + min\-table\-size ; + nodata\-per\-second ; + nxdomains\-per\-second ; + qps\-scale ; + referrals\-per\-second ; + responses\-per\-second ; + slip ; + window ; + }; + recursion ; + request\-expire ; + request\-ixfr ; + request\-nsid ; + require\-server\-cookie ; + resolver\-nonbackoff\-tries ; + resolver\-query\-timeout ; + resolver\-retry\-interval ; + response\-padding { ; ... } block\-size ; + response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; + root\-delegation\-only [ exclude { ; ... } ]; + root\-key\-sentinel ; + rrset\-order { [ class ] [ type ] [ name ] ; ... }; + send\-cookie ; + serial\-update\-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns\-udp\-size ; + edns\-version ; + keys ; + max\-udp\-size ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide\-ixfr ; + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request\-expire ; + request\-ixfr ; + request\-nsid ; + send\-cookie ; + tcp\-keepalive ; + tcp\-only ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail\-ttl ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + sortlist { ; ... }; + stale\-answer\-client\-timeout ( disabled | off | ); + stale\-answer\-enable ; + stale\-answer\-ttl ; + stale\-cache\-enable ; + stale\-refresh\-time ; + suppress\-initial\-notify ; // obsolete + synth\-from\-dnssec ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust\-anchor\-telemetry ; // experimental + trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times + trusted\-keys { ; ... }; // may occur multiple times, deprecated + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + v6\-bias ; + validate\-except { ; ... }; + zero\-no\-soa\-ttl ; + zero\-no\-soa\-ttl\-cache ; + zone\-statistics ( full | terse | none | ); +}; // may occur multiple times + + .ft P .fi .UNINDENT .UNINDENT -.SS TLS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -tls string { - ca\-file quoted_string; - cert\-file quoted_string; - ciphers string; - dhparam\-file quoted_string; - key\-file quoted_string; - prefer\-server\-ciphers boolean; - protocols { string; ... }; - remote\-hostname quoted_string; - session\-tickets boolean; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS TRUST\-ANCHORS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS TRUSTED\-KEYS -.sp -Deprecated \- see DNSSEC\-KEYS. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -trusted\-keys { string integer integer integer quoted_string; ... };, deprecated -.ft P -.fi -.UNINDENT -.UNINDENT -.SS VIEW -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -view string [ class ] { - allow\-new\-zones boolean; - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-cache { address_match_element; ... }; - allow\-query\-cache\-on { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-recursion { address_match_element; ... }; - allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - attach\-cache string; - auth\-nxdomain boolean; - auto\-dnssec ( allow | maintain | off ); - catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - clients\-per\-query integer; - deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - disable\-algorithms string { string; ... }; - disable\-ds\-digests string { string; ... }; - disable\-empty\-zone string; - dlz string { - database string; - search boolean; - }; - dns64 netprefix { - break\-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive\-only boolean; - suffix ipv6_address; - }; - dns64\-contact string; - dns64\-server string; - dnskey\-sig\-validity integer; - dnsrps\-enable boolean; - dnsrps\-options { unspecified\-text }; - dnssec\-accept\-expired boolean; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-must\-be\-secure string boolean; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { unspecified\-text }; - edns\-udp\-size integer; - empty\-contact string; - empty\-server string; - empty\-zones\-enable boolean; - fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; - fetches\-per\-server integer [ ( drop | fail ) ]; - fetches\-per\-zone integer [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - glue\-cache boolean;// deprecated - ipv4only\-contact string; - ipv4only\-enable boolean; - ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); - key string { - algorithm string; - secret string; - }; - key\-directory quoted_string; - lame\-ttl duration; - lmdb\-mapsize sizeval; - managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - match\-clients { address_match_element; ... }; - match\-destinations { address_match_element; ... }; - match\-recursive\-only boolean; - max\-cache\-size ( default | unlimited | sizeval | percentage ); - max\-cache\-ttl duration; - max\-clients\-per\-query integer; - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-ncache\-ttl duration; - max\-records integer; - max\-recursion\-depth integer; - max\-recursion\-queries integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-stale\-ttl duration; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-udp\-size integer; - max\-zone\-ttl ( unlimited | duration ); - message\-compression boolean; - min\-cache\-ttl duration; - min\-ncache\-ttl duration; - min\-refresh\-time integer; - min\-retry\-time integer; - minimal\-any boolean; - minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); - multi\-master boolean; - new\-zones\-directory quoted_string; - no\-case\-compress { address_match_element; ... }; - nocookie\-udp\-size integer; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-to\-soa boolean; - nta\-lifetime duration; - nta\-recheck duration; - nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - plugin ( query ) string [ { unspecified\-text } ]; - preferred\-glue string; - prefetch integer [ integer ]; - provide\-ixfr boolean; - qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - rate\-limit { - all\-per\-second integer; - errors\-per\-second integer; - exempt\-clients { address_match_element; ... }; - ipv4\-prefix\-length integer; - ipv6\-prefix\-length integer; - log\-only boolean; - max\-table\-size integer; - min\-table\-size integer; - nodata\-per\-second integer; - nxdomains\-per\-second integer; - qps\-scale integer; - referrals\-per\-second integer; - responses\-per\-second integer; - slip integer; - window integer; - }; - recursion boolean; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - require\-server\-cookie boolean; - resolver\-nonbackoff\-tries integer; - resolver\-query\-timeout integer; - resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size integer; - response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; - root\-delegation\-only [ exclude { string; ... } ]; - root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - send\-cookie boolean; - serial\-update\-method ( date | increment | unixtime ); - server netprefix { - bogus boolean; - edns boolean; - edns\-udp\-size integer; - edns\-version integer; - keys server_key; - max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - send\-cookie boolean; - tcp\-keepalive boolean; - tcp\-only boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; - }; - servfail\-ttl duration; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stale\-answer\-client\-timeout ( disabled | off | integer ); - stale\-answer\-enable boolean; - stale\-answer\-ttl duration; - stale\-cache\-enable boolean; - stale\-refresh\-time duration; - synth\-from\-dnssec boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - trust\-anchor\-telemetry boolean; // experimental - trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; - trusted\-keys { string integer integer integer quoted_string; ... };, deprecated - try\-tcp\-refresh boolean; - update\-check\-ksk boolean; - use\-alt\-transfer\-source boolean; - v6\-bias integer; - validate\-except { string; ... }; - zero\-no\-soa\-ttl boolean; - zero\-no\-soa\-ttl\-cache boolean; - zone\-statistics ( full | terse | none | boolean ); -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS ZONE .sp Any of these zone statements can also be set inside the view statement. .INDENT 0.0 @@ -812,66 +659,68 @@ Any of these zone statements can also be set inside the view statement. .nf .ft C zone [ ] { - type primary; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto\-dnssec ( allow | maintain | off ); - check\-dup\-records ( fail | warn | ignore ); - check\-integrity ; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( fail | warn | ignore ); - check\-sibling ; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard ; - database ; - dialup ( notify | notify\-passive | passive | refresh | ); - dlz ; - dnskey\-sig\-validity ; - dnssec\-dnskey\-kskonly ; - dnssec\-loadkeys\-interval ; - dnssec\-policy ; - dnssec\-secure\-to\-insecure ; - dnssec\-update\-mode ( maintain | no\-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline\-signing ; - ixfr\-from\-differences ; - journal ; - key\-directory ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-out ; - max\-zone\-ttl ( unlimited | ); - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-to\-soa ; - parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - serial\-update\-method ( date | increment | unixtime ); - sig\-signing\-nodes ; - sig\-signing\-signatures ; - sig\-signing\-type ; - sig\-validity\-interval [ ]; - update\-check\-ksk ; - update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type primary; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( fail | warn | ignore ); + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-out ; + max\-zone\-ttl ( unlimited | ); + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + serial\-update\-method ( date | increment | unixtime ); + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + update\-check\-ksk ; + update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -882,69 +731,71 @@ zone [ ] { .nf .ft C zone [ ] { - type secondary; - allow\-notify { ; ... }; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update\-forwarding { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto\-dnssec ( allow | maintain | off ); - check\-names ( fail | warn | ignore ); - database ; - dialup ( notify | notify\-passive | passive | refresh | ); - dlz ; - dnskey\-sig\-validity ; - dnssec\-dnskey\-kskonly ; - dnssec\-loadkeys\-interval ; - dnssec\-policy ; - dnssec\-update\-mode ( maintain | no\-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline\-signing ; - ixfr\-from\-differences ; - journal ; - key\-directory ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-in ; - max\-transfer\-time\-out ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-to\-soa ; - parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request\-expire ; - request\-ixfr ; - sig\-signing\-nodes ; - sig\-signing\-signatures ; - sig\-signing\-type ; - sig\-validity\-interval [ ]; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try\-tcp\-refresh ; - update\-check\-ksk ; - use\-alt\-transfer\-source ; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type secondary; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-names ( fail | warn | ignore ); + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -955,48 +806,49 @@ zone [ ] { .nf .ft C zone [ ] { - type mirror; - allow\-notify { ; ... }; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update\-forwarding { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - check\-names ( fail | warn | ignore ); - database ; - file ; - ixfr\-from\-differences ; - journal ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-in ; - max\-transfer\-time\-out ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request\-expire ; - request\-ixfr ; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try\-tcp\-refresh ; - use\-alt\-transfer\-source ; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type mirror; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + check\-names ( fail | warn | ignore ); + database ; + file ; + ixfr\-from\-differences ; + journal ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1007,11 +859,12 @@ zone [ ] { .nf .ft C zone [ ] { - type forward; - delegation\-only ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + type forward; + delegation\-only ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; }; + .ft P .fi .UNINDENT @@ -1022,11 +875,12 @@ zone [ ] { .nf .ft C zone [ ] { - type hint; - check\-names ( fail | warn | ignore ); - delegation\-only ; - file ; + type hint; + check\-names ( fail | warn | ignore ); + delegation\-only ; + file ; }; + .ft P .fi .UNINDENT @@ -1037,18 +891,19 @@ zone [ ] { .nf .ft C zone [ ] { - type redirect; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - dlz ; - file ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-records ; - max\-zone\-ttl ( unlimited | ); - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - zone\-statistics ( full | terse | none | ); + type redirect; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + dlz ; + file ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-zone\-ttl ( unlimited | ); + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1059,16 +914,17 @@ zone [ ] { .nf .ft C zone [ ] { - type static\-stub; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - max\-records ; - server\-addresses { ( | ); ... }; - server\-names { ; ... }; - zone\-statistics ( full | terse | none | ); + type static\-stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + max\-records ; + server\-addresses { ( | ); ... }; + server\-names { ; ... }; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1079,32 +935,33 @@ zone [ ] { .nf .ft C zone [ ] { - type stub; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - check\-names ( fail | warn | ignore ); - database ; - delegation\-only ; - dialup ( notify | notify\-passive | passive | refresh | ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-time\-in ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - use\-alt\-transfer\-source ; - zone\-statistics ( full | terse | none | ); + type stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + check\-names ( fail | warn | ignore ); + database ; + delegation\-only ; + dialup ( notify | notify\-passive | passive | refresh | ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-time\-in ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + use\-alt\-transfer\-source ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1115,8 +972,9 @@ zone [ ] { .nf .ft C zone [ ] { - type delegation\-only; + type delegation\-only; }; + .ft P .fi .UNINDENT @@ -1127,8 +985,9 @@ zone [ ] { .nf .ft C zone [ ] { - in\-view ; + in\-view ; }; + .ft P .fi .UNINDENT diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index acd0151cff..8d7c80d9c4 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -4,7 +4,6 @@ include $(top_srcdir)/Makefile.docs OPTIONS_FILES = \ rndc.grammar \ options \ - options.active \ primary.zoneopt \ secondary.zoneopt \ mirror.zoneopt \ @@ -14,42 +13,12 @@ OPTIONS_FILES = \ static-stub.zoneopt \ redirect.zoneopt \ delegation-only.zoneopt \ - in-view.zoneopt \ - ../../bin/named/named.conf.rst \ - primary.zoneopt.rst \ - secondary.zoneopt.rst \ - mirror.zoneopt.rst \ - forward.zoneopt.rst \ - hint.zoneopt.rst \ - stub.zoneopt.rst \ - static-stub.zoneopt.rst \ - redirect.zoneopt.rst \ - delegation-only.zoneopt.rst \ - in-view.zoneopt.rst \ - acl.grammar.rst \ - controls.grammar.rst \ - dnssec-policy.grammar.rst \ - key.grammar.rst \ - logging.grammar.rst \ - primaries.grammar.rst \ - options.grammar.rst \ - server.grammar.rst \ - statistics-channels.grammar.rst \ - tls.grammar.rst \ - trust-anchors.grammar.rst \ - managed-keys.grammar.rst \ - trusted-keys.grammar.rst \ - http.grammar.rst \ - parental-agents.grammar.rst + in-view.zoneopt EXTRA_DIST = \ $(OPTIONS_FILES) \ checkgrammar.py \ - format-options.pl \ parsegrammar.py \ - rst-grammars.pl \ - rst-options.pl \ - rst-zoneopt.pl \ sort-options.pl if MAINTAINER_MODE @@ -78,115 +47,34 @@ rndc.grammar: cfg_test options: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ -options.active: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl > $@ - primary.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary > $@ secondary.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary > $@ mirror.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror > $@ forward.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward > $@ hint.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint > $@ stub.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub > $@ static-stub.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub > $@ redirect.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect > $@ delegation-only.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only > $@ in-view.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@ - -../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst - $(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@ - -primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl primary.zoneopt > $@ - -secondary.zoneopt.rst: secondary.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl secondary.zoneopt > $@ - -mirror.zoneopt.rst: mirror.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl mirror.zoneopt > $@ - -forward.zoneopt.rst: forward.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl forward.zoneopt > $@ - -hint.zoneopt.rst: hint.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl hint.zoneopt > $@ - -stub.zoneopt.rst: stub.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl stub.zoneopt > $@ - -static-stub.zoneopt.rst: static-stub.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl static-stub.zoneopt > $@ - -redirect.zoneopt.rst: redirect.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl redirect.zoneopt > $@ - -delegation-only.zoneopt.rst: delegation-only.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl delegation-only.zoneopt > $@ - -in-view.zoneopt.rst: in-view.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl in-view.zoneopt > $@ - -acl.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active acl > $@ - -controls.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active controls > $@ - -dnssec-policy.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active dnssec-policy > $@ - -key.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active key > $@ - -logging.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active logging > $@ - -primaries.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active primaries > $@ - -options.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active options > $@ - -server.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active server > $@ - -statistics-channels.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active statistics-channels > $@ - -tls.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active tls > $@ - -trust-anchors.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trust-anchors > $@ - -managed-keys.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active managed-keys > $@ - -trusted-keys.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trusted-keys > $@ - -http.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active http > $@ - -parental-agents.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active parental-agents > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view > $@ endif diff --git a/doc/misc/acl.grammar.rst b/doc/misc/acl.grammar.rst deleted file mode 100644 index fb57865687..0000000000 --- a/doc/misc/acl.grammar.rst +++ /dev/null @@ -1,13 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - diff --git a/doc/misc/controls.grammar.rst b/doc/misc/controls.grammar.rst deleted file mode 100644 index 0f2ec38d8e..0000000000 --- a/doc/misc/controls.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - controls { - inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; - unix perm owner group [ keys { ; ... } ] [ read-only ]; - }; diff --git a/doc/misc/delegation-only.zoneopt.rst b/doc/misc/delegation-only.zoneopt.rst deleted file mode 100644 index 2a262d14f2..0000000000 --- a/doc/misc/delegation-only.zoneopt.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type delegation-only; - }; diff --git a/doc/misc/dnssec-policy.grammar.rst b/doc/misc/dnssec-policy.grammar.rst deleted file mode 100644 index da56f07770..0000000000 --- a/doc/misc/dnssec-policy.grammar.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; - }; diff --git a/doc/misc/format-options.pl b/doc/misc/format-options.pl deleted file mode 100644 index 6447b4976d..0000000000 --- a/doc/misc/format-options.pl +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use Getopt::Long; - -my $strip_not_configured = ''; - -GetOptions ('strip-not-configured' => \$strip_not_configured); - -print <) { - chomp; - s/\t/ /g; - my $line = $_; - m!^( *)!; - my $indent = $1; - my $comment = ""; - $line =~ s! // not configured,! //! if $strip_not_configured; - $line =~ s! // not configured!! if $strip_not_configured; - if ( $line =~ m!//.*! ) { - $comment = $&; - $line =~ s!//.*!!; - } - my $start = ""; - while (length($line) >= 79 - length($comment)) { - $_ = $line; - # this makes sure that the comment has something in front of it - $len = 75 - length($comment); - m!^(.{0,$len}) (.*)$!; - $start = $start.$1."\n"; - $line = $indent." ".$2; - } - print $start.$line.$comment."\n"; -} diff --git a/doc/misc/forward.zoneopt.rst b/doc/misc/forward.zoneopt.rst deleted file mode 100644 index 3ced3ac356..0000000000 --- a/doc/misc/forward.zoneopt.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type forward; - delegation-only ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - }; diff --git a/doc/misc/hint.zoneopt.rst b/doc/misc/hint.zoneopt.rst deleted file mode 100644 index 998e66240c..0000000000 --- a/doc/misc/hint.zoneopt.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type hint; - check-names ( fail | warn | ignore ); - delegation-only ; - file ; - }; diff --git a/doc/misc/http.grammar.rst b/doc/misc/http.grammar.rst deleted file mode 100644 index 89f0457011..0000000000 --- a/doc/misc/http.grammar.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; - }; diff --git a/doc/misc/in-view.zoneopt.rst b/doc/misc/in-view.zoneopt.rst deleted file mode 100644 index df1a587307..0000000000 --- a/doc/misc/in-view.zoneopt.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - in-view ; - }; diff --git a/doc/misc/key.grammar.rst b/doc/misc/key.grammar.rst deleted file mode 100644 index a417997a72..0000000000 --- a/doc/misc/key.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - key { - algorithm ; - secret ; - }; diff --git a/doc/misc/logging.grammar.rst b/doc/misc/logging.grammar.rst deleted file mode 100644 index 19986ece88..0000000000 --- a/doc/misc/logging.grammar.rst +++ /dev/null @@ -1,27 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - logging { - category { ; ... }; - channel { - buffered ; - file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; - }; diff --git a/doc/misc/managed-keys.grammar.rst b/doc/misc/managed-keys.grammar.rst deleted file mode 100644 index 4393184d7d..0000000000 --- a/doc/misc/managed-keys.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... };, deprecated diff --git a/doc/misc/mirror.zoneopt.rst b/doc/misc/mirror.zoneopt.rst deleted file mode 100644 index 6262f4b712..0000000000 --- a/doc/misc/mirror.zoneopt.rst +++ /dev/null @@ -1,56 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type mirror; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - check-names ( fail | warn | ignore ); - database ; - file ; - ixfr-from-differences ; - journal ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request-expire ; - request-ixfr ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try-tcp-refresh ; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/options.active b/doc/misc/options.active deleted file mode 100644 index b7215e01a2..0000000000 --- a/doc/misc/options.active +++ /dev/null @@ -1,591 +0,0 @@ -acl { ; ... }; // may occur multiple times - -controls { - inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times - unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times -}; // may occur multiple times - -dlz { - database ; - search ; -}; // may occur multiple times - -dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; -}; // may occur multiple times - -dyndb { }; // may occur multiple times - -http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; -}; // may occur multiple times - -key { - algorithm ; - secret ; -}; // may occur multiple times - -logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times -}; - -managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated - -options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; ... }; // may occur multiple times - disable-ds-digests { ; ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; // not configured - dnsrps-options { }; // not configured - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured - dnstap-identity ( | none | hostname ); // not configured - dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured - dnstap-version ( | none ); // not configured - dscp ; - dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; // not configured - fstrm-set-flush-timeout ; // not configured - fstrm-set-input-queue-size ; // not configured - fstrm-set-output-notify-threshold ; // not configured - fstrm-set-output-queue-model ( mpsc | spsc ); // not configured - fstrm-set-output-queue-size ; // not configured - fstrm-set-reopen-interval ; // not configured - geoip-directory ( | none ); - glue-cache ; // deprecated - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | ); - keep-response-order { ; ... }; - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size ; - response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); -}; - -parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times - -plugin ( query ) [ { } ]; // may occur multiple times - -primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times - -server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers ; -}; // may occur multiple times - -statistics-channels { - inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times -}; // may occur multiple times - -tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; -}; // may occur multiple times - -trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times - -trusted-keys { ; ... }; // may occur multiple times, deprecated - -view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; ... }; // may occur multiple times - disable-ds-digests { ; ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; // not configured - dnsrps-options { }; // not configured - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured - dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; - dyndb { }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - glue-cache ; // deprecated - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - plugin ( query ) [ { } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size ; - response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times - trusted-keys { ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst deleted file mode 100644 index e731cf1307..0000000000 --- a/doc/misc/options.grammar.rst +++ /dev/null @@ -1,274 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; ... }; - disable-ds-digests { ; ... }; - disable-empty-zone ; - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - glue-cache ; // deprecated - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | ); - keep-response-order { ; ... }; - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; - listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size ; - response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/parental-agents.grammar.rst b/doc/misc/parental-agents.grammar.rst deleted file mode 100644 index b09cc33787..0000000000 --- a/doc/misc/parental-agents.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/primaries.grammar.rst b/doc/misc/primaries.grammar.rst deleted file mode 100644 index b6c680fb03..0000000000 --- a/doc/misc/primaries.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/primary.zoneopt b/doc/misc/primary.zoneopt index 8811d2023e..c8ceb6d29f 100644 --- a/doc/misc/primary.zoneopt +++ b/doc/misc/primary.zoneopt @@ -46,6 +46,7 @@ zone [ ] { notify-source ( | * ) [ port ( | * ) ] [ dscp ]; notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; + nsec3-test-zone ; // test only parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ) [ port ( | * ) ] [ dscp ]; parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; diff --git a/doc/misc/primary.zoneopt.rst b/doc/misc/primary.zoneopt.rst deleted file mode 100644 index b03d60b905..0000000000 --- a/doc/misc/primary.zoneopt.rst +++ /dev/null @@ -1,74 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type primary; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-transfer-idle-out ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - serial-update-method ( date | increment | unixtime ); - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/redirect.zoneopt.rst b/doc/misc/redirect.zoneopt.rst deleted file mode 100644 index 53e9883e76..0000000000 --- a/doc/misc/redirect.zoneopt.rst +++ /dev/null @@ -1,26 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type redirect; - allow-query { ; ... }; - allow-query-on { ; ... }; - dlz ; - file ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-records ; - max-zone-ttl ( unlimited | ); - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/rst-grammars.pl b/doc/misc/rst-grammars.pl deleted file mode 100644 index 56ff5ea708..0000000000 --- a/doc/misc/rst-grammars.pl +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 2) { - print STDERR <<'END'; -usage: - perl docbook-options.pl options_file section > section.grammar.xml -END - exit 1; -} - -my $FILE = shift; -my $SECTION = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{^\s*$}) { - last if $preamble > 0; - } else { - $preamble++; - } -} - -my $display = 0; -while () { - if (m{^$SECTION\b}) { - $display = 1 - } - - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // non-operational}{}; - s{ // may occur multiple times}{}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - - if (m{^\s*$} && $display) { - last; - } - if ($display) { - print " " . $_; - } -} diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl deleted file mode 100644 index eeb023a1c1..0000000000 --- a/doc/misc/rst-options.pl +++ /dev/null @@ -1,156 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 1) { - print STDERR <<'END'; -usage: - perl rst-options.pl options_file >named.conf.rst -END - exit 1; -} - -my $FILE = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{^\s*$}) { - last if $preamble > 0; - } else { - $preamble++; - } -} - -my $UNDERLINE; - -my $blank = 0; -while () { - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // non-operational}{}; - s{ (// )*may occur multiple times}{}; - s{<([a-z0-9_-]+)>}{$1}g; - s{ // deprecated,*}{// deprecated}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - if (m{^([a-z0-9-]+) }) { - my $HEADING = uc $1; - $UNDERLINE = $HEADING; - $UNDERLINE =~ s/./^/g; - print $HEADING . "\n"; - print $UNDERLINE . "\n\n"; - if ($HEADING eq "TRUSTED-KEYS") { - print "Deprecated - see DNSSEC-KEYS.\n\n"; - } - if ($HEADING eq "MANAGED-KEYS") { - print "See DNSSEC-KEYS.\n\n" ; - } - print "::\n\n"; - } - - if (m{^\s*$}) { - if (!$blank) { - print "\n"; - $blank = 1; - } - next; - } else { - $blank = 0; - } - print " " . $_; - -} - -print "ZONE\n"; -$UNDERLINE = "ZONE"; -$UNDERLINE =~ s/./^/g; -print $UNDERLINE . "\n\n"; -print "Any of these zone statements can also be set inside the view statement.\n\n"; - -print <`, :iscman:`named-checkconf(8) `, :iscman:`rndc(8) `, :iscman:`rndc-confgen(8) `, :iscman:`tsig-keygen(8) `, BIND 9 Administrator Reference Manual. - -END diff --git a/doc/misc/rst-zoneopt.pl b/doc/misc/rst-zoneopt.pl deleted file mode 100644 index e1af5411f0..0000000000 --- a/doc/misc/rst-zoneopt.pl +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 1) { - print STDERR <<'END'; -usage: - perl rst-zoneopt.pl zoneopt_file -END - exit 1; -} - -my $FILE = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // may occur multiple times}{}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - - print " " . $_; -} diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt index 22c3a8d19d..ecb7b7b5d4 100644 --- a/doc/misc/secondary.zoneopt +++ b/doc/misc/secondary.zoneopt @@ -44,6 +44,7 @@ zone [ ] { notify-source ( | * ) [ port ( | * ) ] [ dscp ]; notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; + nsec3-test-zone ; // test only parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ) [ port ( | * ) ] [ dscp ]; parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; diff --git a/doc/misc/secondary.zoneopt.rst b/doc/misc/secondary.zoneopt.rst deleted file mode 100644 index 538f191171..0000000000 --- a/doc/misc/secondary.zoneopt.rst +++ /dev/null @@ -1,77 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type secondary; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-names ( fail | warn | ignore ); - database ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request-expire ; - request-ixfr ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/server.grammar.rst b/doc/misc/server.grammar.rst deleted file mode 100644 index b62959ae7d..0000000000 --- a/doc/misc/server.grammar.rst +++ /dev/null @@ -1,37 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers ; - }; diff --git a/doc/misc/static-stub.zoneopt.rst b/doc/misc/static-stub.zoneopt.rst deleted file mode 100644 index d307586718..0000000000 --- a/doc/misc/static-stub.zoneopt.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type static-stub; - allow-query { ; ... }; - allow-query-on { ; ... }; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - max-records ; - server-addresses { ( | ); ... }; - server-names { ; ... }; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/statistics-channels.grammar.rst b/doc/misc/statistics-channels.grammar.rst deleted file mode 100644 index 8e4d964598..0000000000 --- a/doc/misc/statistics-channels.grammar.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - statistics-channels { - inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; - }; diff --git a/doc/misc/stub.zoneopt.rst b/doc/misc/stub.zoneopt.rst deleted file mode 100644 index d18720b12a..0000000000 --- a/doc/misc/stub.zoneopt.rst +++ /dev/null @@ -1,40 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type stub; - allow-query { ; ... }; - allow-query-on { ; ... }; - check-names ( fail | warn | ignore ); - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-time-in ; - min-refresh-time ; - min-retry-time ; - multi-master ; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - use-alt-transfer-source ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/tls.grammar.rst b/doc/misc/tls.grammar.rst deleted file mode 100644 index 37d1b97a4f..0000000000 --- a/doc/misc/tls.grammar.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; - }; diff --git a/doc/misc/trust-anchors.grammar.rst b/doc/misc/trust-anchors.grammar.rst deleted file mode 100644 index e389e73be9..0000000000 --- a/doc/misc/trust-anchors.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; diff --git a/doc/misc/trusted-keys.grammar.rst b/doc/misc/trusted-keys.grammar.rst deleted file mode 100644 index 47aa831815..0000000000 --- a/doc/misc/trusted-keys.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - trusted-keys { ; ... };, deprecated