upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 07:52:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

prep 9.15.2

Browse source
This commit is contained in:
Tinderbox User 2019-07-10 14:51:09 +00:00
parent 4b4f33e676
commit 2e637325ed
68 changed files with 410 additions and 219 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
--- 9.15.2 released ---
5263. [cleanup] Use atomics and isc_refcount_t wherever possible.
[GL #1038]

28
README
View file

@ -139,7 +139,7 @@ make depend. If you're using Emacs, you might find make tags helpful.
Several environment variables that can be set before running configure
will affect compilation:
Variable Description
Variable Description
CC The C compiler to use. configure tries to figure out the
right one for supported systems.
C compiler flags. Defaults to include -g and/or -O2 as
@ -291,7 +291,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
changes listed first. Change notes include tags indicating the category of
the change that was made; these categories are:
Category Description
Category Description
[func] New feature
[bug] General bug fix
[security] Fix for a significant security flaw
@ -342,21 +342,23 @@ Acknowledgments
* The original development of BIND 9 was underwritten by the following
organizations:
Sun Microsystems, Inc.
Hewlett Packard
Compaq Computer Corporation
IBM
Process Software Corporation
Silicon Graphics, Inc.
Network Associates, Inc.
U.S. Defense Information Systems Agency
USENIX Association
Stichting NLnet - NLnet Foundation
Nominum, Inc.
Sun Microsystems, Inc.
Hewlett Packard
Compaq Computer Corporation
IBM
Process Software Corporation
Silicon Graphics, Inc.
Network Associates, Inc.
U.S. Defense Information Systems Agency
USENIX Association
Stichting NLnet - NLnet Foundation
Nominum, Inc.
* This product includes software developed by the OpenSSL Project for
use in the OpenSSL Toolkit. http://www.OpenSSL.org/
* This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com)
* This product includes software written by Tim Hudson
(tjh@cryptsoft.com)

5
bin/check/named-checkconf.8
View file

@ -86,6 +86,11 @@ Check "core" configuration only\&. This suppresses the loading of plugin modules
statements to be ignored\&.
.RE
.PP
\-i
.RS 4
Ignore warnings on deprecated options\&.
.RE
.PP
\-p
.RS 4
Print out the

6
bin/check/named-checkconf.html
View file

@ -96,6 +96,12 @@
<span class="command"><strong>plugin</strong></span> statements to be ignored.
</p>
</dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Ignore warnings on deprecated options.
</p>
</dd>
<dt><span class="term">-p</span></dt>
<dd>
<p>

3
bin/dnssec/dnssec-keygen.8
View file

@ -92,8 +92,7 @@ to generate TSIG keys\&.
.RS 4
Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSA keys must be between 1024 and 4096 bits\&. Diffie Hellman keys must be between 128 and 4096 bits\&. Elliptic curve algorithms don\*(Aqt need this parameter\&.
.sp
If the key size is not specified, some algorithms have pre\-defined defaults\&. For example, RSA keys for use as DNSSEC zone signing keys have a default size of 1024 bits; RSA keys for use as key signing keys (KSKs, generated with
\fB\-f KSK\fR) default to 2048 bits\&.
If the key size is not specified, some algorithms have pre\-defined defaults\&. For instance, RSA keys have a default size of 2048 bits\&.
.RE
.PP
\-C

6
bin/dnssec/dnssec-keygen.html
View file

@ -145,10 +145,8 @@
</p>
<p>
If the key size is not specified, some algorithms have
pre-defined defaults. For example, RSA keys for use as
DNSSEC zone signing keys have a default size of 1024 bits;
RSA keys for use as key signing keys (KSKs, generated with
<code class="option">-f KSK</code>) default to 2048 bits.
pre-defined defaults. For instance, RSA keys have a default
size of 2048 bits.
</p>
</dd>
<dt><span class="term">-C</span></dt>

37
bin/named/named.conf.5
View file

@ -10,12 +10,12 @@
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2019-05-10
.\" Date: 2019-06-28
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2019\-05\-10" "ISC" "BIND9"
.TH "NAMED\&.CONF" "5" "2019\-06\-28" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@ -163,15 +163,16 @@ logging {
.\}
.SH "MANAGED-KEYS"
.PP
See DNSSEC\-KEYS\&.
Deprecated \- see DNSSEC\-KEYS\&.
.sp
.if n \{\
.RS 4
.\}
.nf
managed\-keys { \fIstring\fR ( static\-key |
initial\-key ) \fIinteger\fR \fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };
managed\-keys { \fIstring\fR ( static\-key
| initial\-key ) \fIinteger\fR
\fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. }; deprecated
.fi
.if n \{\
.RE
@ -241,7 +242,6 @@ options {
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
cookie\-algorithm ( aes | sha1 | sha256 );
cookie\-secret \fIstring\fR;
@ -274,8 +274,9 @@ options {
dnssec\-accept\-expired \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-lookaside ( \fIstring\fR trust\-anchor
\fIstring\fR | auto | no );
dnssec\-lookaside ( \fIstring\fR
trust\-anchor \fIstring\fR |
auto | no ); deprecated
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
@ -576,7 +577,7 @@ Deprecated \- see DNSSEC\-KEYS\&.
.nf
trusted\-keys { \fIstring\fR \fIinteger\fR
\fIinteger\fR \fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };, deprecated
\fIquoted_string\fR; \&.\&.\&. }; deprecated
.fi
.if n \{\
.RE
@ -626,7 +627,6 @@ view \fIstring\fR [ \fIclass\fR ] {
check\-spf ( warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
check\-wildcard \fIboolean\fR;
cleaning\-interval \fIinteger\fR;
clients\-per\-query \fIinteger\fR;
deny\-answer\-addresses { \fIaddress_match_element\fR; \&.\&.\&. } [
except\-from { \fIstring\fR; \&.\&.\&. } ];
@ -661,8 +661,9 @@ view \fIstring\fR [ \fIclass\fR ] {
initial\-key ) \fIinteger\fR \fIinteger\fR
\fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
dnssec\-loadkeys\-interval \fIinteger\fR;
dnssec\-lookaside ( \fIstring\fR trust\-anchor
\fIstring\fR | auto | no );
dnssec\-lookaside ( \fIstring\fR
trust\-anchor \fIstring\fR |
auto | no ); deprecated
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
@ -697,9 +698,11 @@ view \fIstring\fR [ \fIclass\fR ] {
key\-directory \fIquoted_string\fR;
lame\-ttl \fIttlval\fR;
lmdb\-mapsize \fIsizeval\fR;
managed\-keys { \fIstring\fR ( static\-key |
initial\-key ) \fIinteger\fR \fIinteger\fR
\fIinteger\fR \fIquoted_string\fR; \&.\&.\&. };
managed\-keys { \fIstring\fR (
static\-key | initial\-key
) \fIinteger\fR \fIinteger\fR
\fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. }; deprecated
masterfile\-format ( map | raw | text );
masterfile\-style ( full | relative );
match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
@ -852,7 +855,7 @@ view \fIstring\fR [ \fIclass\fR ] {
trusted\-keys { \fIstring\fR
\fIinteger\fR \fIinteger\fR
\fIinteger\fR
\fIquoted_string\fR; \&.\&.\&. };, deprecated
\fIquoted_string\fR; \&.\&.\&. }; deprecated
try\-tcp\-refresh \fIboolean\fR;
update\-check\-ksk \fIboolean\fR;
use\-alt\-transfer\-source \fIboolean\fR;

33
bin/named/named.conf.html
View file

@ -142,11 +142,12 @@ logging
<div class="refsection">
<a name="id-1.15"></a><h2>MANAGED-KEYS</h2>
<p>See DNSSEC-KEYS.</p>
<p>Deprecated - see DNSSEC-KEYS.</p>
<div class="literallayout"><p><br>
managed-keys { <em class="replaceable"><code>string</code></em> ( static-key |<br>
    initial-key ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
managed-keys { <em class="replaceable"><code>string</code></em> ( static-key<br>
    | initial-key ) <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
</p></div>
</div>
@ -208,7 +209,6 @@ options
check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
cookie-algorithm ( aes | sha1 | sha256 );<br>
cookie-secret <em class="replaceable"><code>string</code></em>;<br>
@ -241,8 +241,9 @@ options
dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
    <em class="replaceable"><code>string</code></em> | auto | no );<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em><br>
    trust-anchor <em class="replaceable"><code>string</code></em> |<br>
    auto | no ); deprecated<br>
dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
@ -526,7 +527,7 @@ statistics-channels
<div class="literallayout"><p><br>
trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... };, deprecated<br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
</p></div>
</div>
@ -572,7 +573,6 @@ view
check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<br>
    except-from { <em class="replaceable"><code>string</code></em>; ... } ];<br>
@ -607,8 +607,9 @@ view
    initial-key ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
    <em class="replaceable"><code>string</code></em> | auto | no );<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em><br>
    trust-anchor <em class="replaceable"><code>string</code></em> |<br>
    auto | no ); deprecated<br>
dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
@ -643,9 +644,11 @@ view
key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
lame-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
lmdb-mapsize <em class="replaceable"><code>sizeval</code></em>;<br>
managed-keys { <em class="replaceable"><code>string</code></em> ( static-key |<br>
    initial-key ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
managed-keys { <em class="replaceable"><code>string</code></em> (<br>
    static-key | initial-key<br>
    ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
masterfile-format ( map | raw | text );<br>
masterfile-style ( full | relative );<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@ -798,7 +801,7 @@ view
trusted-keys { <em class="replaceable"><code>string</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... };, deprecated<br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>

6
bin/rndc/rndc.8
View file

@ -516,11 +516,7 @@ timer\&.
.RS 4
Dump the security roots (i\&.e\&., trust anchors configured via
\fBdnssec\-keys\fR
statements, or the synonymous
\fBmanaged\-keys\fR
or the deprecated
\fBtrusted\-keys\fR
statements, or via
statements, or the managed\-keys or trusted\-keys statements (both deprecated), or via
\fBdnssec\-validation auto\fR) and negative trust anchors for the specified views\&. If no view is specified, all views are dumped\&. Security roots will indicate whether they are configured as trusted keys, managed keys, or initializing managed keys (managed keys that have not yet been updated by a successful key refresh query)\&.
.sp
If the first argument is "\-", then the output is returned via the

5
bin/rndc/rndc.html
View file

@ -653,9 +653,8 @@
<dd>
<p>
Dump the security roots (i.e., trust anchors
configured via <span class="command"><strong>dnssec-keys</strong></span> statements,
or the synonymous <span class="command"><strong>managed-keys</strong></span> or
the deprecated <span class="command"><strong>trusted-keys</strong></span> statements, or
configured via <span class="command"><strong>dnssec-keys</strong></span> statements, or the
managed-keys or trusted-keys statements (both deprecated), or
via <span class="command"><strong>dnssec-validation auto</strong></span>) and negative trust
anchors for the specified views. If no view is specified, all
views are dumped. Security roots will indicate whether

24
configure vendored
View file

@ -850,7 +850,6 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@ -1020,7 +1019,6 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1273,15 +1271,6 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1419,7 +1408,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir runstatedir
libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@ -1572,7 +1561,6 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@ -4013,7 +4001,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4059,7 +4047,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4083,7 +4071,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4128,7 +4116,7 @@ else
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];
@ -4152,7 +4140,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
We can't simply define LARGE_OFF_T to be 9223372036854775807,
since some C++ compilers masquerading as C compilers
incorrectly reject 9223372036854775807. */
#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
&& LARGE_OFF_T % 2147483647 == 1)
? 1 : -1];

2
doc/arm/Bv9ARM.ch01.html
View file

@ -614,6 +614,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch02.html
View file

@ -146,6 +146,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch03.html
View file

@ -856,6 +856,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

6
doc/arm/Bv9ARM.ch04.html
View file

@ -1043,8 +1043,8 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
if at least one trust anchor has been explicitly configured
in <code class="filename">named.conf</code>
using a <span class="command"><strong>dnssec-keys</strong></span> statement (or the
synonymous <span class="command"><strong>managed-keys</strong></span> or the deprecated
<span class="command"><strong>trusted-keys</strong></span> statements).
<span class="command"><strong>managed-keys</strong></span> and <span class="command"><strong>trusted-keys</strong></span>
statements, both deprecated).
</p>
<p>
When <span class="command"><strong>dnssec-validation</strong></span> is set to
@ -2840,6 +2840,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

87
doc/arm/Bv9ARM.ch05.html
View file

@ -894,8 +894,6 @@
keys are kept up to date using RFC 5011
trust anchor maintenance, and if used with
<span class="command"><strong>static-key</strong></span>, keys are permanent.
Identical to <span class="command"><strong>managed-keys</strong></span>,
but has been added for improved clarity.
</p>
</td>
</tr>
@ -905,8 +903,11 @@
</td>
<td>
<p>
is identical to <span class="command"><strong>dnssec-keys</strong></span>,
and is retained for backward compatibility.
is identical to <span class="command"><strong>dnssec-keys</strong></span>;
this option is deprecated in favor
of <span class="command"><strong>dnssec-keys</strong></span> with
the <span class="command"><strong>initial-key</strong></span> keyword,
and may be removed in a future release.
</p>
</td>
</tr>
@ -2429,7 +2430,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>check-spf</strong></span> ( warn | ignore );
<span class="command"><strong>check-srv-cname</strong></span> ( fail | warn | ignore );
<span class="command"><strong>check-wildcard</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>cleaning-interval</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>clients-per-query</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>cookie-algorithm</strong></span> ( aes | sha1 | sha256 );
<span class="command"><strong>cookie-secret</strong></span> <em class="replaceable"><code>string</code></em>;
@ -2462,8 +2462,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>dnssec-accept-expired</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>dnssec-dnskey-kskonly</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>dnssec-loadkeys-interval</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>dnssec-lookaside</strong></span> ( <em class="replaceable"><code>string</code></em> trust-anchor
<em class="replaceable"><code>string</code></em> | auto | no );
<span class="command"><strong>dnssec-lookaside</strong></span> ( <em class="replaceable"><code>string</code></em>
<span class="command"><strong>trust-anchor</strong></span> <em class="replaceable"><code>string</code></em> |
<span class="command"><strong>auto</strong></span> | no ); deprecated
<span class="command"><strong>dnssec-must-be-secure</strong></span> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>dnssec-secure-to-insecure</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>dnssec-update-mode</strong></span> ( maintain | no-resign );
@ -3015,14 +3016,19 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<dt><span class="term"><span class="command"><strong>geoip-directory</strong></span></span></dt>
<dd>
<p>
Specifies the directory containing GeoIP
<code class="filename">.dat</code> database files for GeoIP
initialization. By default, this option is unset
and the GeoIP support will use libGeoIP's
built-in directory.
(For details, see <a class="xref" href="Bv9ARM.ch05.html#acl" title="acl Statement Definition and Usage">the section called &#8220;<span class="command"><strong>acl</strong></span> Statement Definition and
Usage&#8221;</a> about the
<span class="command"><strong>geoip</strong></span> ACL.)
When <span class="command"><strong>named</strong></span> is compiled using the
MaxMind GeoIP2 geolocation API,
this specifies the directory containing GeoIP
database files. By default, the option is set based on
the prefix used to build the <span class="command"><strong>libmaxminddb</strong></span>
module: for example, if the library is installed in
<code class="filename">/usr/local/lib</code>, then the default
<span class="command"><strong>geoip-directory</strong></span> will be
<code class="filename">/usr/local/share/GeoIP</code>. On Windows,
the default is the <span class="command"><strong>named</strong></span> working
directory. See <a class="xref" href="Bv9ARM.ch05.html#acl" title="acl Statement Definition and Usage">the section called &#8220;<span class="command"><strong>acl</strong></span> Statement Definition and
Usage&#8221;</a> for details about
<span class="command"><strong>geoip</strong></span> ACLs.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>key-directory</strong></span></span></dt>
@ -3434,10 +3440,11 @@ options {
as insecure.
</p>
<p>
Configured trust anchors in <span class="command"><strong>trusted-keys</strong></span>
or <span class="command"><strong>managed-keys</strong></span> that match a disabled
algorithm will be ignored and treated as if they were not
configured at all.
Configured trust anchors in <span class="command"><strong>dnssec-keys</strong></span>
(or <span class="command"><strong>managed-keys</strong></span> or
<span class="command"><strong>trusted-keys</strong></span>, both deprecated)
that match a disabled algorithm will be ignored and treated
as if they were not configured at all.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>disable-ds-digests</strong></span></span></dt>
@ -3475,6 +3482,9 @@ options {
<strong class="userinput"><code>no</code></strong>, then dnssec-lookaside
is not used.
</p>
<p>
This option is deprecated and its use is discouraged.
</p>
<p>
NOTE: The ISC-provided DLV service at
<code class="literal">dlv.isc.org</code>, has been shut down.
@ -3773,6 +3783,8 @@ options {
<span class="command"><strong>zone-statistics terse</strong></span> or
<span class="command"><strong>zone-statistics none</strong></span>
in the <span class="command"><strong>zone</strong></span> statement).
These include, for example, DNSSEC signing operations
and the number of authoritative answers per query type.
The default is <strong class="userinput"><code>terse</code></strong>, providing
minimal statistics on zones (including name and
current serial number, but not query type
@ -4676,8 +4688,8 @@ options {
If set to <strong class="userinput"><code>yes</code></strong>, DNSSEC validation is
enabled, but a trust anchor must be manually configured
using a <span class="command"><strong>dnssec-keys</strong></span> statement (or
the synonymous <span class="command"><strong>managed-keys</strong></span>, or the
deprecated <span class="command"><strong>trusted-keys</strong></span> statements).
the <span class="command"><strong>managed-keys</strong></span> or the
<span class="command"><strong>trusted-keys</strong></span> statements, both deprecated).
If there is no configured trust anchor, validation will
not take place.
</p>
@ -9007,9 +9019,10 @@ example.com CNAME rpz-tcp-only.
<div class="titlepage"><div><div><h3 class="title">
<a name="managed-keys"></a><span class="command"><strong>managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span class="command"><strong>managed-keys</strong></span> { <em class="replaceable"><code>string</code></em> ( static-key |
<span class="command"><strong>initial-key</strong></span> ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em>
<em class="replaceable"><code>quoted_string</code></em>; ... };
<span class="command"><strong>managed-keys</strong></span> { <em class="replaceable"><code>string</code></em> ( static-key
| initial-key ) <em class="replaceable"><code>integer</code></em>
<em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em>
<em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated
</pre>
</div>
<div class="section">
@ -9018,9 +9031,9 @@ example.com CNAME rpz-tcp-only.
and Usage</h3></div></div></div>
<p>
The <span class="command"><strong>managed-keys</strong></span> statement is
identical to the <span class="command"><strong>dnssec-keys</strong></span>, and is
retained for backward compatibility.
The <span class="command"><strong>managed-keys</strong></span> statement has been
deprecated in favor of <a class="xref" href="Bv9ARM.ch05.html#dnssec_keys" title="dnssec-keys Statement Grammar">the section called &#8220;<span class="command"><strong>dnssec-keys</strong></span> Statement Grammar&#8221;</a>
with the <span class="command"><strong>initial-key</strong></span> keyword.
</p>
</div>
@ -9030,7 +9043,7 @@ example.com CNAME rpz-tcp-only.
<pre class="programlisting">
<span class="command"><strong>trusted-keys</strong></span> { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em>
<em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em>
<em class="replaceable"><code>quoted_string</code></em>; ... };, deprecated
<em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated
</pre>
</div>
<div class="section">
@ -9041,7 +9054,7 @@ example.com CNAME rpz-tcp-only.
<p>
The <span class="command"><strong>trusted-keys</strong></span> statement has been
deprecated in favor of <a class="xref" href="Bv9ARM.ch05.html#dnssec_keys" title="dnssec-keys Statement Grammar">the section called &#8220;<span class="command"><strong>dnssec-keys</strong></span> Statement Grammar&#8221;</a>
with the <span class="command"><strong>static</strong></span> keyword.
with the <span class="command"><strong>static-key</strong></span> keyword.
</p>
</div>
@ -9674,9 +9687,8 @@ view "external" {
For validation to succeed, a key-signing key
(KSK) for the zone must be configured as a trust
anchor in <code class="filename">named.conf</code>: that
is, a key for the zone must either be specified
in <span class="command"><strong>managed-keys</strong></span> or
<span class="command"><strong>trusted-keys</strong></span>. In the case
is, a key for the zone must be specified in
<span class="command"><strong>dnssec-keys</strong></span>. In the case
of the root zone, you may also rely on the
built-in root trust anchor, which is enabled
when <a class="xref" href="Bv9ARM.ch05.html#dnssec_validation"><span class="command"><strong>dnssec-validation</strong></span></a> is set to the
@ -13515,6 +13527,15 @@ HOST-127.EXAMPLE. MX 0 .
<acronym class="acronym">BIND</acronym> 8 statistics, if applicable.
</p>
<p>
Note: BIND statistics counters are signed 64-bit values on
all platforms except one: 32-bit Windows, where they are
signed 32-bit values. Given that 32-bit values have a
vastly smaller range than 64-bit values, BIND statistics
counters in 32-bit Windows builds overflow significantly
more quickly than on all other platforms.
</p>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="stats_counters"></a>Name Server Statistics Counters</h4></div></div></div>
@ -14913,6 +14934,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

45
doc/arm/Bv9ARM.ch06.html
View file

@ -131,46 +131,45 @@ zone "example.com" {
to search for a match. Available fields are "country",
"region", "city", "continent", "postal" (postal code),
"metro" (metro code), "area" (area code), "tz" (timezone),
"isp", "org", "asnum", "domain" and "netspeed".
"isp", "asnum", and "domain".
</p>
<p>
<em class="replaceable"><code>value</code></em> is the value to search
for within the database. A string may be quoted if it
contains spaces or other special characters. If this is
an "asnum" search, then the leading "ASNNNN" string can be
used, otherwise the full description must be used (e.g.
"ASNNNN Example Company Name"). If this is a "country"
search and the string is two characters long, then it must
be a standard ISO-3166-1 two-letter country code, and if it
is three characters long then it must be an ISO-3166-1
three-letter country code; otherwise it is the full name
of the country. Similarly, if this is a "region" search
and the string is two characters long, then it must be a
standard two-letter state or province abbreviation;
otherwise it is the full name of the state or province.
contains spaces or other special characters. An "asnum"
search for autonomous system number can be specified using
the string "ASNNNN" or the integer NNNN.
When "country" search is specified with a string is two
characters long, then it must be a standard ISO-3166-1
two-letter country code; otherwise it is interpreted as
the full name of the country. Similarly, if this is a
"region" search and the string is two characters long,
then it treated as a standard two-letter state or province
abbreviation; otherwise it treated as the full name of the
state or province.
</p>
<p>
The <em class="replaceable"><code>database</code></em> field indicates which
GeoIP database to search for a match. In most cases this is
unnecessary, because most search fields can only be found in
a single database. However, searches for country can be
answered from the "city", "region", or "country" databases,
and searches for region (i.e., state or province) can be
answered from the "city" or "region" databases. For these
search types, specifying a <em class="replaceable"><code>database</code></em>
a single database. However, searches for "continent" or "country"
can be answered from either the "city" or "country" databases,
so for these search types, specifying a
<em class="replaceable"><code>database</code></em>
will force the query to be answered from that database and no
other. If <em class="replaceable"><code>database</code></em> is not
specified, then these queries will be answered from the "city",
database if it is installed, or the "region" database if it is
installed, or the "country" database, in that order.
database if it is installed, or the "country" database if it
is installed, in that order. Valid database names are
"country", "city", "asnum", "isp", and "domain".
</p>
<p>
Some example GeoIP ACLs:
</p>
<pre class="programlisting">geoip country US;
geoip country JAP;
geoip country JP;
geoip db country country Canada;
geoip db region region WA;
geoip region WA;
geoip city "San Francisco";
geoip region Oklahoma;
geoip postal 95062;
@ -361,6 +360,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch07.html
View file

@ -191,6 +191,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

72
doc/arm/Bv9ARM.ch08.html
View file

@ -36,7 +36,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.1</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
@ -55,7 +55,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.15.1</h2></div></div></div>
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.15.2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
@ -163,6 +163,33 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The GeoIP2 API from MaxMind is now supported. Geolocation support
will be compiled in by default if the <span class="command"><strong>libmaxminddb</strong></span>
library is found at compile time, but can be turned off by using
<span class="command"><strong>configure --disable-geoip</strong></span>.
</p>
<p>
The default path to the GeoIP2 databases will be set based
on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
for example, if it is in <code class="filename">/usr/local/lib</code>,
then the default path will be
<code class="filename">/usr/local/share/GeoIP</code>.
This value can be overridden in <code class="filename">named.conf</code>
using the <span class="command"><strong>geoip-directory</strong></span> option.
</p>
<p>
Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
<span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
no longer work when using GeoIP2. Supported GeoIP2 database
types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
<span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
<span class="command"><strong>as</strong></span>. All of these databases support both IPv4
and IPv6 lookups. [GL #182] [GL #1112]
</p>
</li>
<li class="listitem">
<p>
In order to clarify the configuration of DNSSEC keys,
@ -193,6 +220,20 @@
[GL #865]
</p>
</li>
<li class="listitem">
<p>
Two new metrics have been added to the
<span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
signing operations. For each key in each zone, the
<span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
number of signatures <span class="command"><strong>named</strong></span> has generated
using that key since server startup, and the
<span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
many of those signatures were refreshed during zone
maintenance, as opposed to having been generated
as a result of a zone update. [GL #513]
</p>
</li>
</ul></div>
</div>
@ -202,7 +243,7 @@
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-enable</strong></span> option has been deprecated and
The <span class="command"><strong>dnssec-enable</strong></span> option has been obsoleted and
no longer has any effect. DNSSEC responses are always enabled
if signatures and other DNSSEC data are present. [GL #866]
</p>
@ -213,6 +254,12 @@
removed. [GL !1731]
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-lookaside</strong></span> option has been deprecated.
The feature still works, but it is discouraged to use it. [GL #7]
</p>
</li>
</ul></div>
</div>
@ -296,6 +343,23 @@
the problem. [GL #1055]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>./configure</strong></span> no longer sets
<span class="command"><strong>--sysconfdir</strong></span> to <span class="command"><strong>/etc</strong></span> or
<span class="command"><strong>--localstatedir</strong></span> to <span class="command"><strong>/var</strong></span>
when <span class="command"><strong>--prefix</strong></span> is not specified and the
aforementioned options are not specified explicitly. Instead,
Autoconf's defaults of <span class="command"><strong>$prefix/etc</strong></span> and
<span class="command"><strong>$prefix/var</strong></span> are respected.
</p>
</li>
<li class="listitem">
<p>
Glue address records were not being returned in responses
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
</ul></div>
</div>
@ -371,6 +435,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch09.html
View file

@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch10.html
View file

@ -914,6 +914,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch11.html
View file

@ -537,6 +537,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/Bv9ARM.ch12.html
View file

@ -210,6 +210,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

6
doc/arm/Bv9ARM.html
View file

@ -32,7 +32,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.15.1</p></div>
<div><p class="releaseinfo">BIND Version 9.15.2</p></div>
<div><p class="copyright">Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
@ -245,7 +245,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.1</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.15.2</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
@ -443,6 +443,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

BIN
doc/arm/Bv9ARM.pdf
View file

Binary file not shown.

2
doc/arm/man.arpaname.html
View file

@ -90,6 +90,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.ddns-confgen.html
View file

@ -220,6 +220,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.delv.html
View file

@ -628,6 +628,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dig.html
View file

@ -1160,6 +1160,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-cds.html
View file

@ -376,6 +376,6 @@ nsupdate -l
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-checkds.html
View file

@ -164,6 +164,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-coverage.html
View file

@ -270,6 +270,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-dsfromkey.html
View file

@ -356,6 +356,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-importkey.html
View file

@ -250,6 +250,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-keyfromlabel.html
View file

@ -498,6 +498,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

8
doc/arm/man.dnssec-keygen.html
View file

@ -163,10 +163,8 @@
</p>
<p>
If the key size is not specified, some algorithms have
pre-defined defaults. For example, RSA keys for use as
DNSSEC zone signing keys have a default size of 1024 bits;
RSA keys for use as key signing keys (KSKs, generated with
<code class="option">-f KSK</code>) default to 2048 bits.
pre-defined defaults. For instance, RSA keys have a default
size of 2048 bits.
</p>
</dd>
<dt><span class="term">-C</span></dt>
@ -557,6 +555,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-keymgr.html
View file

@ -405,6 +405,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-revoke.html
View file

@ -171,6 +171,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-settime.html
View file

@ -349,6 +349,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-signzone.html
View file

@ -701,6 +701,6 @@ db.example.com.signed
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnssec-verify.html
View file

@ -202,6 +202,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.dnstap-read.html
View file

@ -143,6 +143,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.filter-aaaa.html
View file

@ -168,6 +168,6 @@ plugin query "/usr/local/lib/filter-aaaa.so" {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.host.html
View file

@ -366,6 +366,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.mdig.html
View file

@ -604,6 +604,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

8
doc/arm/man.named-checkconf.html
View file

@ -114,6 +114,12 @@
<span class="command"><strong>plugin</strong></span> statements to be ignored.
</p>
</dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Ignore warnings on deprecated options.
</p>
</dd>
<dt><span class="term">-p</span></dt>
<dd>
<p>
@ -208,6 +214,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.named-checkzone.html
View file

@ -463,6 +463,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.named-journalprint.html
View file

@ -117,6 +117,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.named-nzd2nzf.html
View file

@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.named-rrchecker.html
View file

@ -121,6 +121,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

35
doc/arm/man.named.conf.html
View file

@ -160,11 +160,12 @@ logging
<div class="refsection">
<a name="id-1.13.27.15"></a><h2>MANAGED-KEYS</h2>
<p>See DNSSEC-KEYS.</p>
<p>Deprecated - see DNSSEC-KEYS.</p>
<div class="literallayout"><p><br>
managed-keys { <em class="replaceable"><code>string</code></em> ( static-key |<br>
    initial-key ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
managed-keys { <em class="replaceable"><code>string</code></em> ( static-key<br>
    | initial-key ) <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
</p></div>
</div>
@ -226,7 +227,6 @@ options
check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
cookie-algorithm ( aes | sha1 | sha256 );<br>
cookie-secret <em class="replaceable"><code>string</code></em>;<br>
@ -259,8 +259,9 @@ options
dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
    <em class="replaceable"><code>string</code></em> | auto | no );<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em><br>
    trust-anchor <em class="replaceable"><code>string</code></em> |<br>
    auto | no ); deprecated<br>
dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
@ -544,7 +545,7 @@ statistics-channels
<div class="literallayout"><p><br>
trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... };, deprecated<br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
</p></div>
</div>
@ -590,7 +591,6 @@ view
check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
check-wildcard <em class="replaceable"><code>boolean</code></em>;<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<br>
    except-from { <em class="replaceable"><code>string</code></em>; ... } ];<br>
@ -625,8 +625,9 @@ view
    initial-key ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em> trust-anchor<br>
    <em class="replaceable"><code>string</code></em> | auto | no );<br>
dnssec-lookaside ( <em class="replaceable"><code>string</code></em><br>
    trust-anchor <em class="replaceable"><code>string</code></em> |<br>
    auto | no ); deprecated<br>
dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
@ -661,9 +662,11 @@ view
key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
lame-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
lmdb-mapsize <em class="replaceable"><code>sizeval</code></em>;<br>
managed-keys { <em class="replaceable"><code>string</code></em> ( static-key |<br>
    initial-key ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
managed-keys { <em class="replaceable"><code>string</code></em> (<br>
    static-key | initial-key<br>
    ) <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
masterfile-format ( map | raw | text );<br>
masterfile-style ( full | relative );<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@ -816,7 +819,7 @@ view
trusted-keys { <em class="replaceable"><code>string</code></em><br>
    <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>quoted_string</code></em>; ... };, deprecated<br>
    <em class="replaceable"><code>quoted_string</code></em>; ... }; deprecated<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
@ -1075,6 +1078,6 @@ zone
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.named.html
View file

@ -492,6 +492,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.nsec3hash.html
View file

@ -155,6 +155,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.nslookup.html
View file

@ -437,6 +437,6 @@ nslookup -query=hinfo -timeout=10
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.nsupdate.html
View file

@ -818,6 +818,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-destroy.html
View file

@ -162,6 +162,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-keygen.html
View file

@ -200,6 +200,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-list.html
View file

@ -158,6 +158,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.pkcs11-tokens.html
View file

@ -123,6 +123,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.rndc-confgen.html
View file

@ -260,6 +260,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

2
doc/arm/man.rndc.conf.html
View file

@ -268,6 +268,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

7
doc/arm/man.rndc.html
View file

@ -669,9 +669,8 @@
<dd>
<p>
Dump the security roots (i.e., trust anchors
configured via <span class="command"><strong>dnssec-keys</strong></span> statements,
or the synonymous <span class="command"><strong>managed-keys</strong></span> or
the deprecated <span class="command"><strong>trusted-keys</strong></span> statements, or
configured via <span class="command"><strong>dnssec-keys</strong></span> statements, or the
managed-keys or trusted-keys statements (both deprecated), or
via <span class="command"><strong>dnssec-validation auto</strong></span>) and negative trust
anchors for the specified views. If no view is specified, all
views are dumped. Security roots will indicate whether
@ -1018,6 +1017,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.1 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.15.2 (Development Release)</p>
</body>
</html>

68
doc/arm/notes.html
View file

@ -15,7 +15,7 @@
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.15.1</h2></div></div></div>
<a name="id-1.2"></a>Release Notes for BIND Version 9.15.2</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
@ -123,6 +123,33 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The GeoIP2 API from MaxMind is now supported. Geolocation support
will be compiled in by default if the <span class="command"><strong>libmaxminddb</strong></span>
library is found at compile time, but can be turned off by using
<span class="command"><strong>configure --disable-geoip</strong></span>.
</p>
<p>
The default path to the GeoIP2 databases will be set based
on the location of the <span class="command"><strong>libmaxminddb</strong></span> library;
for example, if it is in <code class="filename">/usr/local/lib</code>,
then the default path will be
<code class="filename">/usr/local/share/GeoIP</code>.
This value can be overridden in <code class="filename">named.conf</code>
using the <span class="command"><strong>geoip-directory</strong></span> option.
</p>
<p>
Some <span class="command"><strong>geoip</strong></span> ACL settings that were available with
legacy GeoIP, including searches for <span class="command"><strong>netspeed</strong></span>,
<span class="command"><strong>org</strong></span>, and three-letter ISO country codes, will
no longer work when using GeoIP2. Supported GeoIP2 database
types are <span class="command"><strong>country</strong></span>, <span class="command"><strong>city</strong></span>,
<span class="command"><strong>domain</strong></span>, <span class="command"><strong>isp</strong></span>, and
<span class="command"><strong>as</strong></span>. All of these databases support both IPv4
and IPv6 lookups. [GL #182] [GL #1112]
</p>
</li>
<li class="listitem">
<p>
In order to clarify the configuration of DNSSEC keys,
@ -153,6 +180,20 @@
[GL #865]
</p>
</li>
<li class="listitem">
<p>
Two new metrics have been added to the
<span class="command"><strong>statistics-channel</strong></span> to report DNSSEC
signing operations. For each key in each zone, the
<span class="command"><strong>dnssec-sign</strong></span> counter indicates the total
number of signatures <span class="command"><strong>named</strong></span> has generated
using that key since server startup, and the
<span class="command"><strong>dnssec-refresh</strong></span> counter indicates how
many of those signatures were refreshed during zone
maintenance, as opposed to having been generated
as a result of a zone update. [GL #513]
</p>
</li>
</ul></div>
</div>
@ -162,7 +203,7 @@
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-enable</strong></span> option has been deprecated and
The <span class="command"><strong>dnssec-enable</strong></span> option has been obsoleted and
no longer has any effect. DNSSEC responses are always enabled
if signatures and other DNSSEC data are present. [GL #866]
</p>
@ -173,6 +214,12 @@
removed. [GL !1731]
</p>
</li>
<li class="listitem">
<p>
The <span class="command"><strong>dnssec-lookaside</strong></span> option has been deprecated.
The feature still works, but it is discouraged to use it. [GL #7]
</p>
</li>
</ul></div>
</div>
@ -256,6 +303,23 @@
the problem. [GL #1055]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>./configure</strong></span> no longer sets
<span class="command"><strong>--sysconfdir</strong></span> to <span class="command"><strong>/etc</strong></span> or
<span class="command"><strong>--localstatedir</strong></span> to <span class="command"><strong>/var</strong></span>
when <span class="command"><strong>--prefix</strong></span> is not specified and the
aforementioned options are not specified explicitly. Instead,
Autoconf's defaults of <span class="command"><strong>$prefix/etc</strong></span> and
<span class="command"><strong>$prefix/var</strong></span> are respected.
</p>
</li>
<li class="listitem">
<p>
Glue address records were not being returned in responses
to root priming queries; this has been corrected. [GL #1092]
</p>
</li>
</ul></div>
</div>

BIN
doc/arm/notes.pdf
View file

Binary file not shown.

40
doc/arm/notes.txt
View file

@ -1,4 +1,4 @@
Release Notes for BIND Version 9.15.1
Release Notes for BIND Version 9.15.2
Introduction
@ -65,6 +65,23 @@ Security Fixes
New Features
* The GeoIP2 API from MaxMind is now supported. Geolocation support will
be compiled in by default if the libmaxminddb library is found at
compile time, but can be turned off by using configure --disable-geoip
.
The default path to the GeoIP2 databases will be set based on the
location of the libmaxminddb library; for example, if it is in /usr/
local/lib, then the default path will be /usr/local/share/GeoIP. This
value can be overridden in named.conf using the geoip-directory
option.
Some geoip ACL settings that were available with legacy GeoIP,
including searches for netspeed, org, and three-letter ISO country
codes, will no longer work when using GeoIP2. Supported GeoIP2
database types are country, city, domain, isp, and as. All of these
databases support both IPv4 and IPv6 lookups. [GL #182] [GL #1112]
* In order to clarify the configuration of DNSSEC keys, the trusted-keys
and managed-keys statements have been deprecated, and the new
dnssec-keys statement should now be used for both types of key.
@ -82,14 +99,25 @@ New Features
zone's SOA record should be included in the additional section of RPZ
responses. [GL #865]
* Two new metrics have been added to the statistics-channel to report
DNSSEC signing operations. For each key in each zone, the dnssec-sign
counter indicates the total number of signatures named has generated
using that key since server startup, and the dnssec-refresh counter
indicates how many of those signatures were refreshed during zone
maintenance, as opposed to having been generated as a result of a zone
update. [GL #513]
Removed Features
* The dnssec-enable option has been deprecated and no longer has any
* The dnssec-enable option has been obsoleted and no longer has any
effect. DNSSEC responses are always enabled if signatures and other
DNSSEC data are present. [GL #866]
* The cleaning-interval option has been removed. [GL !1731]
* The dnssec-lookaside option has been deprecated. The feature still
works, but it is discouraged to use it. [GL #7]
Feature Changes
* named will now log a warning if a static key is configured for the
@ -131,6 +159,14 @@ Bug Fixes
minimal queries in order to reduce the likelihood of encountering the
problem. [GL #1055]
* ./configure no longer sets --sysconfdir to /etc or --localstatedir to
/var when --prefix is not specified and the aforementioned options are
not specified explicitly. Instead, Autoconf's defaults of $prefix/etc
and $prefix/var are respected.
* Glue address records were not being returned in responses to root
priming queries; this has been corrected. [GL #1092]
License
BIND is open source software licensed under the terms of the Mozilla

6
doc/misc/options
View file

@ -193,7 +193,7 @@ options {
fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-size <integer>; // not configured
fstrm-set-reopen-interval <ttlval>; // not configured
geoip-directory ( <quoted_string> | none );
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // obsolete
glue-cache <boolean>;
has-old-clients <boolean>; // ancient
@ -214,7 +214,7 @@ options {
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>;
lmdb-mapsize <sizeval>; // non-operational
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
@ -565,7 +565,7 @@ view <string> [ <class> ] {
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
lmdb-mapsize <sizeval>;
lmdb-mapsize <sizeval>; // non-operational
maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> (
static-key | initial-key

2
lib/isccfg/api
View file

@ -11,5 +11,5 @@
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
LIBINTERFACE = 1500
LIBREVISION = 0
LIBREVISION = 1
LIBAGE = 0

2
version
View file

@ -5,7 +5,7 @@ PRODUCT=BIND
DESCRIPTION="(Development Release)"
MAJORVER=9
MINORVER=15
PATCHVER=1
PATCHVER=2
RELEASETYPE=
RELEASEVER=
EXTENSIONS=