Merge branch '3169-named-conf-intro-and-links' into 'main'

Reworked named.conf introduction and link anchors See merge request isc-projects/bind9!6459
2026-06-03 22:08:25 -04:00 · 2022-06-24 14:38:46 +00:00 · 2022-06-24 14:38:46 +00:00 · 24908151a9
commit 24908151a9
parent 0d4084289b d44cb9f194
11 changed files with 1857 additions and 1347 deletions
--- a/doc/arm/catz.inc.rst
+++ b/doc/arm/catz.inc.rst
@ -83,6 +83,7 @@ by editing the configuration file or running

 Configuring Catalog Zones
 ~~~~~~~~~~~~~~~~~~~~~~~~~
+.. namedconf:statement:: catalog-zones

 Catalog zones are configured with a ``catalog-zones`` statement in the
 ``options`` or ``view`` section of :iscman:`named.conf`. For example:
--- a/doc/arm/config-auth.inc.rst
+++ b/doc/arm/config-auth.inc.rst
@ -101,7 +101,6 @@ The zone files are unmodified :ref:`from the base samples<base_zone_file>` but
 the :iscman:`named.conf` file has been modified as shown:

 .. code-block:: c
-        :linenos:

        // authoritative primary named.conf file
        // options clause defining the server-wide properties
@ -167,10 +166,10 @@ the :iscman:`named.conf` file has been modified as shown:
          };
        };

-The added statements and clauses are commented in the above file.
+The added statements and blocks are commented in the above file.

-The :ref:`zone<zone_clause>` clause, and :ref:`allow-query<allow-query>`,
-:ref:`allow-query-cache<allow-query-cache>`,
+The :ref:`zone<zone_clause>` block, and :ref:`allow-query<allow-query>`,
+:any:`allow-query-cache`,
 :ref:`allow-transfer<allow-transfer>`, :ref:`file<file>`,
 :ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and :ref:`type<type>`
 statements are described in detail in the appropriate sections.
@ -183,10 +182,9 @@ Secondary Authoritative Name Server
 The zone files ``local-host-forward.db`` and ``localhost.rev`` are unmodified
 :ref:`from the base samples<base_zone_file>`. The **example.com** zone file is
 not required (the zone file is obtained from the primary via zone transfer).
-The :iscman:`named.conf` file has been modified as shown:
+The :ref:`named.conf<named_conf>` file has been modified as shown:

 .. code-block:: c
-        :linenos:

        // authoritative secondary named.conf file
        // options clause defining the server-wide properties
@ -250,17 +248,17 @@ The :iscman:`named.conf` file has been modified as shown:
          primaries { 192.168.254.2; };
        };

-The statements and clauses added are all commented in the above file.
+The statements and blocks added are all commented in the above file.

-The :ref:`zone<zone_clause>` clause, and :ref:`allow-query<allow-query>`,
-:ref:`allow-query-cache<allow-query-cache>`,
+The :ref:`zone<zone_clause>` block, and :ref:`allow-query<allow-query>`,
+:any:`allow-query-cache`,
 :ref:`allow-transfer<allow-transfer>`, :ref:`file<file>`,
 :ref:`notify<notify_st>`, :ref:`primaries<primaries>`,
 :ref:`recursion<recursion>`, and :ref:`type<type>` statements are described in
 detail in the appropriate sections.

 If NOTIFY is not being used, no changes are required in this
-:iscman:`named.conf` file, since it is the primary that initiates the NOTIFY
+:ref:`named.conf<named_conf>` file, since it is the primary that initiates the NOTIFY
 message.

 .. note::
@ -268,5 +266,5 @@ message.
   can get more complicated.  A secondary zone can also be a primary to other
   secondaries: :iscman:`named`, by default, sends NOTIFY messages for every
   zone it loads.  Specifying :ref:`notify primary-only;<notify>` in the
-   :ref:`zone<zone_clause>` clause for the secondary causes :iscman:`named` to
+   :ref:`zone<zone_clause>` block for the secondary causes :iscman:`named` to
   only send NOTIFY messages for primary zones that it loads.
--- a/doc/arm/config-intro.inc.rst
+++ b/doc/arm/config-intro.inc.rst
@ -19,8 +19,8 @@ Configurations and Zone Files
 Introduction
 ------------

-BIND 9 uses a single configuration file called :iscman:`named.conf`.
-:iscman:`named.conf` is typically located in either /etc/namedb or
+BIND 9 uses a single configuration file called :ref:`named.conf <named_conf>`.
+which is typically located in either /etc/namedb or
 /usr/local/etc/namedb.

   .. Note:: If :ref:`rndc<ops_rndc>` is being used locally (on the same host
@ -47,7 +47,6 @@ This file illustrates the typical format and layout style used for
 as required by the user.

 .. code-block:: c
-        :linenos:

        // base named.conf file
        // Recommended that you always maintain a change log in this file as shown here
@ -79,7 +78,7 @@ as required by the user.
          };
        };

-The :ref:`logging<logging_grammar>` and :ref:`options<options_grammar>` clauses
+The :ref:`logging<logging_grammar>` and :ref:`options<options_grammar>` blocks
 and :ref:`category<the_category_phrase>`, :ref:`channel<channel>`,
 :ref:`directory<directory>`, :ref:`file<file>`, and :ref:`severity<severity>`
 statements are all described further in the appropriate sections of this ARM.
@ -175,7 +174,6 @@ completeness and provides for both IPv4 and IPv6 localhost resolution. The zone
 (domain) name is **localhost.**

 .. code-block::
-        :linenos:

        $TTL 3h
        localhost.  SOA      localhost.  nobody.localhost. 42  1d  12h  1w  3h
@ -195,7 +193,6 @@ from reaching the public DNS hierarchy. The BIND 9 distribution file
 ``localhost.rev`` is shown for completeness:

 .. code-block::
-        :linenos:

        $TTL 1D
        @        IN        SOA  localhost. root.localhost. (
--- a/doc/arm/config-resolve.inc.rst
+++ b/doc/arm/config-resolve.inc.rst
@ -93,7 +93,7 @@ Resolver and Forwarding Resolver
   can be used by rogue actors to cause all kinds of problems including
   **Denial of Service (DoS)** attacks. Resolvers should always be configured
   to limit the IP addresses that can use their services. BIND 9 provides a
-   number of statements and clauses to simplify defining these IP limits and
+   number of statements and blocks to simplify defining these IP limits and
   configuring a **closed resolver**. The resolver samples given here all
   configure closed resolvers using a variety of techniques.

@ -158,7 +158,6 @@ file is named ``192.168.254.rev`` and has a zone name of
 **254.168.192.in-addr.arpa**.

 .. code-block::
-	:linenos:

 	; reverse map zone file for 192.168.254.4 only
 	$TTL 2d  ; 172800 seconds
@ -186,7 +185,6 @@ The resolver provides :ref:`recursive query support<recursive_query>` to a defin
 It is therefore a **closed** resolver and cannot be used in wider network attacks.

 .. code-block:: c
-        :linenos:

        // resolver named.conf file
        // Two corporate subnets we wish to allow queries from
@ -264,7 +262,7 @@ It is therefore a **closed** resolver and cannot be used in wider network attack
          notify no;
        };

-The :ref:`zone<zone_clause>` and :ref:`acl<acl_grammar>` clauses, and the
+The :ref:`zone<zone_clause>` and :ref:`acl<acl_grammar>` blocks, and the
 :ref:`allow-query<allow-query>`, :ref:`empty-zones-enable<empty-zones-enable>`,
 :ref:`file<file>`, :ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and
 :ref:`type<type>` statements are described in detail in the appropriate
@ -303,7 +301,6 @@ A second configuration in which selective forwarding occurs :ref:`is also
 provided<selective_forward_sample>`.

 .. code-block:: c
-        :linenos:

        // forwarding named.conf file
        // Two corporate subnets we wish to allow queries from
@ -383,7 +380,7 @@ provided<selective_forward_sample>`.
          notify no;
        };

-The :ref:`zone<zone_clause>` and :ref:`acl<acl_grammar>` clauses, and the
+The :ref:`zone<zone_clause>` and :ref:`acl<acl_grammar>` blocks, and the
 :ref:`allow-query<allow-query>`, :ref:`empty-zones-enable<empty-zones-enable>`,
 :ref:`file<file>`, :ref:`forward<forward>`, :ref:`forwarders<forwarders>`,
 :ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and :ref:`type<type>`
@ -418,7 +415,6 @@ from the forwarded resolvers.  The configuration is closed, in that it defines
 those IPs from which it will accept recursive queries.

 .. code-block:: c
-        :linenos:

        // selective forwarding named.conf file
        // Two corporate subnets we wish to allow queries from
@ -511,7 +507,7 @@ those IPs from which it will accept recursive queries.
        };


-The :ref:`zone<zone_clause>` and :ref:`acl<acl_grammar>` clauses, and the
+The :ref:`zone<zone_clause>` and :ref:`acl<acl_grammar>` blocks, and the
 :ref:`allow-query<allow-query>`, :ref:`empty-zones-enable<empty-zones-enable>`,
 :ref:`file<file>`, :ref:`forward<forward>`, :ref:`forwarders<forwarders>`,
 :ref:`notify<notify_st>`, :ref:`recursion<recursion>`, and :ref:`type<type>`
@ -567,4 +563,4 @@ and discard the rest.

 For more detail on ordering responses, refer to the
 :ref:`rrset-order<rrset_ordering>` statement in the
-:ref:`options<options_grammar>` clause.
+:ref:`options<options_grammar>` block.
--- a/doc/arm/dlz.inc.rst
+++ b/doc/arm/dlz.inc.rst
@ -32,6 +32,7 @@ database.

 Configuring DLZ
 ~~~~~~~~~~~~~~~
+.. namedconf:statement:: dlz

 A DLZ database is configured with a ``dlz`` statement in :iscman:`named.conf`:

--- a/doc/arm/dns-ops.inc.rst
+++ b/doc/arm/dns-ops.inc.rst
@ -115,14 +115,29 @@ server.
   what associate the secret keys to the servers with which they are
   meant to be shared. The order of statements is not significant.

+.. rndcconf:statement:: options
+
   The ``options`` statement has three clauses: ``default-server``,
-   ``default-key``, and ``default-port``. ``default-server`` takes a
-   host name or address argument and represents the server that is
-   contacted if no :option:`-s <rndc -s>` option is provided on the command line.
-   ``default-key`` takes the name of a key as its argument, as defined
-   by a ``key`` statement. ``default-port`` specifies the port to which
-   :iscman:`rndc` should connect if no port is given on the command line or in
-   a ``server`` statement.
+   ``default-key``, and ``default-port``.
+
+   .. rndcconf:statement:: default-server
+
+      ``default-server`` takes a
+      host name or address argument and represents the server that is
+      contacted if no :option:`-s <rndc -s>` option is provided on the command line.
+
+   .. rndcconf:statement:: default-key
+
+      ``default-key`` takes the name of a key as its argument, as defined
+      by a ``key`` statement.
+
+   .. rndcconf:statement:: default-port
+
+      ``default-port`` specifies the port to which
+      :iscman:`rndc` should connect if no port is given on the command line or in
+      a ``server`` statement.
+
+.. rndcconf:statement:: key

   The ``key`` statement defines a key to be used by :iscman:`rndc` when
   authenticating with :iscman:`named`. Its syntax is identical to the ``key``
@ -130,11 +145,20 @@ server.
   name, which must be a valid domain name, though it need not actually
   be hierarchical; thus, a string like ``rndc_key`` is a valid name.
   The ``key`` statement has two clauses: ``algorithm`` and ``secret``.
-   While the configuration parser accepts any string as the argument
-   to ``algorithm``, currently only the strings ``hmac-md5``,
-   ``hmac-sha1``, ``hmac-sha224``, ``hmac-sha256``,
-   ``hmac-sha384``, and ``hmac-sha512`` have any meaning. The secret
-   is a Base64-encoded string as specified in :rfc:`3548`.
+
+   .. rndcconf:statement:: algorithm
+
+      While the configuration parser accepts any string as the argument
+      to ``algorithm``, currently only the strings ``hmac-md5``,
+      ``hmac-sha1``, ``hmac-sha224``, ``hmac-sha256``,
+      ``hmac-sha384``, and ``hmac-sha512`` have any meaning.
+
+   .. rndcconf:statement:: secret
+
+      The secret
+      is a Base64-encoded string as specified in :rfc:`3548`.
+
+.. rndcconf:statement:: server

   The ``server`` statement associates a key defined using the ``key``
   statement with a server. The keyword ``server`` is followed by a host
--- a/doc/arm/dyndb.inc.rst
+++ b/doc/arm/dyndb.inc.rst
@ -33,6 +33,7 @@ with the BIND source code, in the directory

 Configuring DynDB
 ~~~~~~~~~~~~~~~~~
+.. namedconf:statement:: dyndb

 A DynDB database is configured with a ``dyndb`` statement in
 :iscman:`named.conf`:
--- a/doc/arm/introduction.inc.rst
+++ b/doc/arm/introduction.inc.rst
@ -65,7 +65,7 @@ running BIND 9 in a "jail," and securing file transfers and dynamic updates.
 :ref:`dnssec` describes the theory and practice of cryptographic authentication of DNS
 information. The :ref:`dnssec_guide` is a practical guide to implementing DNSSEC.

-:ref:`Reference` gives exhaustive descriptions of all supported clauses, statements, 
+:ref:`Reference` gives exhaustive descriptions of all supported blocks, statements, 
 and grammars used in BIND 9's ``named.conf`` configuration file.

 :ref:`troubleshooting` provides information on identifying and solving BIND 9 and DNS
--- a/doc/arm/plugins.inc.rst
+++ b/doc/arm/plugins.inc.rst
@ -34,6 +34,7 @@ functionality.

 Configuring Plugins
 ~~~~~~~~~~~~~~~~~~~
+.. namedconf:statement:: plugin

 A plugin is configured with the ``plugin`` statement in :iscman:`named.conf`:

--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
--- a/doc/arm/zones.inc.rst
+++ b/doc/arm/zones.inc.rst
@ -298,8 +298,6 @@ is equivalent to

   WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.

-.. _include_directive:
-
 The **$INCLUDE** Directive
 ^^^^^^^^^^^^^^^^^^^^^^^^^^