upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 12:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update documentation

Browse source
This commit is contained in:
Michał Kępień 2018-10-09 10:54:51 +02:00 committed by Ondřej Surý
parent adbe2caf28
commit 7bb3d000a5
15 changed files with 375 additions and 171 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bin/named/named.conf.5
View file

@ -884,7 +884,6 @@ view \fIstring\fR [ \fIclass\fR ] {
max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
mirror \fIboolean\fR;
multi\-master \fIboolean\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
@ -910,7 +909,7 @@ view \fIstring\fR [ \fIclass\fR ] {
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port (
\fIinteger\fR | * ) ] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
type ( primary | master | secondary | slave |
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect |
static\-stub | stub );
update\-check\-ksk \fIboolean\fR;
@ -993,7 +992,6 @@ zone \fIstring\fR [ \fIclass\fR ] {
max\-zone\-ttl ( unlimited | \fIttlval\fR );
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
mirror \fIboolean\fR;
multi\-master \fIboolean\fR;
notify ( explicit | master\-only | \fIboolean\fR );
notify\-delay \fIinteger\fR;
@ -1017,8 +1015,9 @@ zone \fIstring\fR [ \fIclass\fR ] {
transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * )
] [ dscp \fIinteger\fR ];
try\-tcp\-refresh \fIboolean\fR;
type ( primary | master | secondary | slave | delegation\-only |
forward | hint | redirect | static\-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation\-only | forward | hint | redirect | static\-stub |
stub );
update\-check\-ksk \fIboolean\fR;
update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self |
external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain

11
bin/named/named.conf.docbook
View file

@ -341,7 +341,6 @@ options {
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
new-zones-directory <replaceable>quoted_string</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
@ -673,7 +672,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
minimal-responses ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
new-zones-directory <replaceable>quoted_string</replaceable>;
no-case-compress { <replaceable>address_match_element</replaceable>; ... };
@ -864,7 +862,6 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
@ -890,7 +887,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( primary | master | secondary | slave |
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
@ -969,7 +966,6 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
mirror <replaceable>boolean</replaceable>;
multi-master <replaceable>boolean</replaceable>;
notify ( explicit | master-only | <replaceable>boolean</replaceable> );
notify-delay <replaceable>integer</replaceable>;
@ -993,8 +989,9 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( primary | master | secondary | slave | delegation-only |
forward | hint | redirect | static-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self

9
bin/named/named.conf.html
View file

@ -853,7 +853,6 @@ view
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
mirror <em class="replaceable"><code>boolean</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
notify-delay <em class="replaceable"><code>integer</code></em>;<br>
@ -879,7 +878,7 @@ view
transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port (<br>
    <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
type ( primary | master | secondary | slave |<br>
type ( primary | master | secondary | slave | mirror |<br>
    delegation-only | forward | hint | redirect |<br>
    static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
@ -959,7 +958,6 @@ zone
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
mirror <em class="replaceable"><code>boolean</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
notify-delay <em class="replaceable"><code>integer</code></em>;<br>
@ -983,8 +981,9 @@ zone
transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * )<br>
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
type ( primary | master | secondary | slave | delegation-only |<br>
    forward | hint | redirect | static-stub | stub );<br>
type ( primary | master | secondary | slave | mirror |<br>
    delegation-only | forward | hint | redirect | static-stub |<br>
    stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>

2
bin/tests/cfg_test.c
View file

@ -115,6 +115,8 @@ main(int argc, char **argv) {
strcmp(argv[1], "seconary") == 0)
{
zonetype = CFG_ZONE_SLAVE;
} else if (strcmp(argv[1], "mirror") == 0) {
zonetype = CFG_ZONE_MIRROR;
} else if (strcmp(argv[1], "stub") == 0) {
zonetype = CFG_ZONE_STUB;
} else if (strcmp(argv[1], "static-stub") == 0) {

174
doc/arm/Bv9ARM-book.xml
View file

@ -7317,8 +7317,8 @@ options {
</listitem>
</varlistentry>
<varlistentry>
<term><command>allow-transfer</command></term>
<varlistentry xml:id="allow_transfer">
<term xml:id="allow_transfer_term"><command>allow-transfer</command></term>
<listitem>
<para>
Specifies which hosts are allowed to
@ -11410,6 +11410,7 @@ view "external" {
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="master.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="slave.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mirror.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="hint.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stub.zoneopt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="static-stub.zoneopt.xml"/>
@ -11429,6 +11430,7 @@ view "external" {
acceptable values include:
<varname>master</varname> (or <varname>primary</varname>),
<varname>slave</varname> (or <varname>secondary</varname>),
<varname>mirror</varname>,
<varname>delegation-only</varname>,
<varname>forward</varname>,
<varname>hint</varname>,
@ -11565,6 +11567,97 @@ view "external" {
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>mirror</varname>
</para>
</entry>
<entry colname="2">
<para>
</para>
<para>
A mirror zone acts like a zone of type
<userinput>secondary</userinput> whose data is
subject to DNSSEC validation before being used
in answers. Validation is performed during the
zone transfer process, and again when the zone
file is loaded from disk when
<command>named</command> is restarted. If
validation fails, a retransfer of the zone is
scheduled; if the mirror zone had not previously
been loaded or if the previous version has
expired, traditional DNS recursion will be used
to look up the answers instead.
</para>
<para>
For validation to succeed, a key-signing key
(KSK) for the zone must be configured as a trust
anchor in <filename>named.conf</filename>: that
is, a key for the zone must either be specified
in <command>managed-keys</command> or
<command>trusted-keys</command>, or in the case
of the root zone,
<command>dnssec-validation</command> must be set
to <userinput>auto</userinput>. Answers coming
from a mirror zone look almost exactly like
answers from a zone of type
<userinput>secondary</userinput>, with the
notable exceptions that the AA bit
("authoritative answer") is not set, and the AD
bit ("authenticated data") is.
</para>
<para>
Since mirror zones are intended to be used by
recursive resolvers, adding one to a view with
recursion disabled is considered to be a
configuration error.
</para>
<para>
When configuring NOTIFY for a mirror zone, only
<userinput>notify no;</userinput> and
<userinput>notify explicit;</userinput> can be
used. Using any other
<userinput>notify</userinput> setting at the
zone level is a configuration error. Using any
other <userinput>notify</userinput> setting at
the <userinput>options</userinput> or
<userinput>view</userinput> level will cause
that setting to be overridden with
<userinput>notify explicit;</userinput> for the
mirror zone in question.
</para>
<para>
Outgoing transfers of mirror zones are disabled
by default but may be enabled using
<xref endterm="allow_transfer_term" linkend="allow_transfer"/>.
</para>
<para>
While any zone may be configured with this type,
it is intended to be used to set up a fast local
copy of the root zone, similar to the one
described in RFC 7706. Note, however, that
mirror zones are not supposed to augment the
example configuration provided by RFC 7706 but
rather to replace it altogether.
</para>
<para>
A default list of primary servers for the root
zone is built into <command>named</command> and
thus IANA root zone mirroring can be enabled
using the following configuration:
</para>
<programlisting>zone "." {
type mirror;
};</programlisting>
<para>
To make mirror zone contents persist between
<command>named</command> restarts, use the
<xref endterm="file_option_term" linkend="file_option"/>
option.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
@ -12067,19 +12160,20 @@ view "external" {
</listitem>
</varlistentry>
<varlistentry>
<term><command>file</command></term>
<varlistentry xml:id="file_option">
<term xml:id="file_option_term"><command>file</command></term>
<listitem>
<para>
Set the zone's filename. In <command>master</command>,
<command>hint</command>, and <command>redirect</command>
zones which do not have <command>masters</command>
defined, zone data is loaded from this file. In
<command>slave</command>, <command>stub</command>, and
<command>redirect</command> zones which do have
<command>masters</command> defined, zone data is
retrieved from another server and saved in this file.
This option is not applicable to other zone types.
<command>slave</command>, <command>mirror</command>,
<command>stub</command>, and <command>redirect</command>
zones which do have <command>masters</command>
defined, zone data is retrieved from another server
and saved in this file. This option is not
applicable to other zone types.
</para>
</listitem>
</varlistentry>
@ -12524,68 +12618,6 @@ example.com. NS ns2.example.net.
</listitem>
</varlistentry>
<varlistentry>
<term><command>mirror</command></term>
<listitem>
<para>
If set to <userinput>yes</userinput>, this causes the
zone to become a mirror zone. A mirror zone is a
<userinput>secondary</userinput> zone whose data
is subject to DNSSEC validation before being
used in answers. The default is
<userinput>no</userinput>.
</para>
<para>
A mirror zone's contents are validated during the transfer
process, and again when the zone file is loaded from disk
when <command>named</command> is restarted. If validation
fails, a retransfer of the zone is scheduled; if the mirror
zone had not previously been loaded or if the previous
version has expired, traditional DNS recursion will be used
to look up the answers instead.
</para>
<para>
For validation to succeed, a key-signing key (KSK) for
the zone must be configured as a trust anchor in
<filename>named.conf</filename>:
that is, a key for the zone must either be specified in
<command>managed-keys</command> or
<command>trusted-keys</command>, or in the case of
the root zone, <command>dnssec-validation</command>
must be set to <userinput>auto</userinput>.
Answers coming from a mirror zone look almost exactly like
answers from a normal slave zone, with the notable
exceptions that the AA bit ("authoritative answer") is
not set, and the AD bit ("authenticated data") is.
</para>
<para>
Though this option can be used for other zones, it
is intended to be used to set up a fast local copy of
the root zone, as described in RFC 7706.
This can be done by using the following configuration:
</para>
<programlisting>zone "." {
type slave;
mirror yes;
file "root.mirror";
masters {
192.228.79.201; # b.root-servers.net
192.33.4.12; # c.root-servers.net
192.5.5.241; # f.root-servers.net
192.112.36.4; # g.root-servers.net
193.0.14.129; # k.root-servers.net
192.0.47.132; # xfr.cjr.dns.icann.org
192.0.32.132; # xfr.lax.dns.icann.org
2001:500:84::b; # b.root-servers.net
2001:500:2f::f; # f.root-servers.net
2001:7fd::1; # k.root-servers.net
2620:0:2830:202::132; # xfr.cjr.dns.icann.org
2620:0:2d0:202::132; # xfr.lax.dns.icann.org
};
};</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term><command>multi-master</command></term>
<listitem>

216
doc/arm/Bv9ARM.ch05.html
View file

@ -2531,7 +2531,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>min-retry-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>minimal-any</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>minimal-responses</strong></span> ( no-auth | no-auth-recursive | <em class="replaceable"><code>boolean</code></em> );
<span class="command"><strong>mirror</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>multi-master</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>new-zones-directory</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>no-case-compress</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
@ -5369,7 +5368,9 @@ options {
It is now ignored with some warning messages.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-transfer</strong></span></span></dt>
<dt>
<a name="allow_transfer"></a><span class="term"><a name="allow_transfer_term"></a><span class="command"><strong>allow-transfer</strong></span></span>
</dt>
<dd>
<p>
Specifies which hosts are allowed to
@ -9398,7 +9399,6 @@ view "external" {
<span class="command"><strong>max-transfer-time-out</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>min-refresh-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>min-retry-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>mirror</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>multi-master</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>notify</strong></span> ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );
<span class="command"><strong>notify-delay</strong></span> <em class="replaceable"><code>integer</code></em>;
@ -9421,6 +9421,50 @@ view "external" {
};
</pre>
<pre class="programlisting">
<span class="command"><strong>zone</strong></span> <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {
<span class="command"><strong>type</strong></span> mirror;
<span class="command"><strong>allow-notify</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>allow-query</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>allow-query-on</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>allow-transfer</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>allow-update-forwarding</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>also-notify</strong></span> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key <em class="replaceable"><code>string</code></em> ]; ... };
<span class="command"><strong>alt-transfer-source</strong></span> ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>alt-transfer-source-v6</strong></span> ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>check-names</strong></span> ( fail | warn | ignore );
<span class="command"><strong>database</strong></span> <em class="replaceable"><code>string</code></em>;
<span class="command"><strong>file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>ixfr-from-differences</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>journal</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>masterfile-format</strong></span> ( map | raw | text );
<span class="command"><strong>masterfile-style</strong></span> ( full | relative );
<span class="command"><strong>masters</strong></span> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key <em class="replaceable"><code>string</code></em> ]; ... };
<span class="command"><strong>max-journal-size</strong></span> ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );
<span class="command"><strong>max-records</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>max-refresh-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>max-retry-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>max-transfer-idle-in</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>max-transfer-idle-out</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>max-transfer-time-in</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>max-transfer-time-out</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>min-refresh-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>min-retry-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>multi-master</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>notify</strong></span> ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );
<span class="command"><strong>notify-delay</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>notify-source</strong></span> ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>notify-source-v6</strong></span> ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>request-expire</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>request-ixfr</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>transfer-source</strong></span> ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>transfer-source-v6</strong></span> ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
<span class="command"><strong>try-tcp-refresh</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>use-alt-transfer-source</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>zero-no-soa-ttl</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>zone-statistics</strong></span> ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );
};
</pre>
<pre class="programlisting">
<span class="command"><strong>zone</strong></span> <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {
<span class="command"><strong>type</strong></span> hint;
<span class="command"><strong>check-names</strong></span> ( fail | warn | ignore );
@ -9519,6 +9563,7 @@ view "external" {
acceptable values include:
<code class="varname">master</code> (or <code class="varname">primary</code>),
<code class="varname">slave</code> (or <code class="varname">secondary</code>),
<code class="varname">mirror</code>,
<code class="varname">delegation-only</code>,
<code class="varname">forward</code>,
<code class="varname">hint</code>,
@ -9656,6 +9701,97 @@ view "external" {
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">mirror</code>
</p>
</td>
<td>
<p>
</p>
<p>
A mirror zone acts like a zone of type
<strong class="userinput"><code>secondary</code></strong> whose data is
subject to DNSSEC validation before being used
in answers. Validation is performed during the
zone transfer process, and again when the zone
file is loaded from disk when
<span class="command"><strong>named</strong></span> is restarted. If
validation fails, a retransfer of the zone is
scheduled; if the mirror zone had not previously
been loaded or if the previous version has
expired, traditional DNS recursion will be used
to look up the answers instead.
</p>
<p>
For validation to succeed, a key-signing key
(KSK) for the zone must be configured as a trust
anchor in <code class="filename">named.conf</code>: that
is, a key for the zone must either be specified
in <span class="command"><strong>managed-keys</strong></span> or
<span class="command"><strong>trusted-keys</strong></span>, or in the case
of the root zone,
<span class="command"><strong>dnssec-validation</strong></span> must be set
to <strong class="userinput"><code>auto</code></strong>. Answers coming
from a mirror zone look almost exactly like
answers from a zone of type
<strong class="userinput"><code>secondary</code></strong>, with the
notable exceptions that the AA bit
("authoritative answer") is not set, and the AD
bit ("authenticated data") is.
</p>
<p>
Since mirror zones are intended to be used by
recursive resolvers, adding one to a view with
recursion disabled is considered to be a
configuration error.
</p>
<p>
When configuring NOTIFY for a mirror zone, only
<strong class="userinput"><code>notify no;</code></strong> and
<strong class="userinput"><code>notify explicit;</code></strong> can be
used. Using any other
<strong class="userinput"><code>notify</code></strong> setting at the
zone level is a configuration error. Using any
other <strong class="userinput"><code>notify</code></strong> setting at
the <strong class="userinput"><code>options</code></strong> or
<strong class="userinput"><code>view</code></strong> level will cause
that setting to be overridden with
<strong class="userinput"><code>notify explicit;</code></strong> for the
mirror zone in question.
</p>
<p>
Outgoing transfers of mirror zones are disabled
by default but may be enabled using
<a class="xref" href="Bv9ARM.ch05.html#allow_transfer"><span class="command"><strong>allow-transfer</strong></span></a>.
</p>
<p>
While any zone may be configured with this type,
it is intended to be used to set up a fast local
copy of the root zone, similar to the one
described in RFC 7706. Note, however, that
mirror zones are not supposed to augment the
example configuration provided by RFC 7706 but
rather to replace it altogether.
</p>
<p>
A default list of primary servers for the root
zone is built into <span class="command"><strong>named</strong></span> and
thus IANA root zone mirroring can be enabled
using the following configuration:
</p>
<pre class="programlisting">zone "." {
type mirror;
};</pre>
<p>
To make mirror zone contents persist between
<span class="command"><strong>named</strong></span> restarts, use the
<a class="xref" href="Bv9ARM.ch05.html#file_option"><span class="command"><strong>file</strong></span></a>
option.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">static-stub</code>
@ -10093,18 +10229,21 @@ view "external" {
See caveats in <a class="xref" href="Bv9ARM.ch05.html#root_delegation_only"><span class="command"><strong>root-delegation-only</strong></span></a>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>file</strong></span></span></dt>
<dt>
<a name="file_option"></a><span class="term"><a name="file_option_term"></a><span class="command"><strong>file</strong></span></span>
</dt>
<dd>
<p>
Set the zone's filename. In <span class="command"><strong>master</strong></span>,
<span class="command"><strong>hint</strong></span>, and <span class="command"><strong>redirect</strong></span>
zones which do not have <span class="command"><strong>masters</strong></span>
defined, zone data is loaded from this file. In
<span class="command"><strong>slave</strong></span>, <span class="command"><strong>stub</strong></span>, and
<span class="command"><strong>redirect</strong></span> zones which do have
<span class="command"><strong>masters</strong></span> defined, zone data is
retrieved from another server and saved in this file.
This option is not applicable to other zone types.
<span class="command"><strong>slave</strong></span>, <span class="command"><strong>mirror</strong></span>,
<span class="command"><strong>stub</strong></span>, and <span class="command"><strong>redirect</strong></span>
zones which do have <span class="command"><strong>masters</strong></span>
defined, zone data is retrieved from another server
and saved in this file. This option is not
applicable to other zone types.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>forward</strong></span></span></dt>
@ -10444,65 +10583,6 @@ example.com. NS ns2.example.net.
behavior is disabled by default.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>mirror</strong></span></span></dt>
<dd>
<p>
If set to <strong class="userinput"><code>yes</code></strong>, this causes the
zone to become a mirror zone. A mirror zone is a
<strong class="userinput"><code>secondary</code></strong> zone whose data
is subject to DNSSEC validation before being
used in answers. The default is
<strong class="userinput"><code>no</code></strong>.
</p>
<p>
A mirror zone's contents are validated during the transfer
process, and again when the zone file is loaded from disk
when <span class="command"><strong>named</strong></span> is restarted. If validation
fails, a retransfer of the zone is scheduled; if the mirror
zone had not previously been loaded or if the previous
version has expired, traditional DNS recursion will be used
to look up the answers instead.
</p>
<p>
For validation to succeed, a key-signing key (KSK) for
the zone must be configured as a trust anchor in
<code class="filename">named.conf</code>:
that is, a key for the zone must either be specified in
<span class="command"><strong>managed-keys</strong></span> or
<span class="command"><strong>trusted-keys</strong></span>, or in the case of
the root zone, <span class="command"><strong>dnssec-validation</strong></span>
must be set to <strong class="userinput"><code>auto</code></strong>.
Answers coming from a mirror zone look almost exactly like
answers from a normal slave zone, with the notable
exceptions that the AA bit ("authoritative answer") is
not set, and the AD bit ("authenticated data") is.
</p>
<p>
Though this option can be used for other zones, it
is intended to be used to set up a fast local copy of
the root zone, as described in RFC 7706.
This can be done by using the following configuration:
</p>
<pre class="programlisting">zone "." {
type slave;
mirror yes;
file "root.mirror";
masters {
192.228.79.201; # b.root-servers.net
192.33.4.12; # c.root-servers.net
192.5.5.241; # f.root-servers.net
192.112.36.4; # g.root-servers.net
193.0.14.129; # k.root-servers.net
192.0.47.132; # xfr.cjr.dns.icann.org
192.0.32.132; # xfr.lax.dns.icann.org
2001:500:84::b; # b.root-servers.net
2001:500:2f::f; # f.root-servers.net
2001:7fd::1; # k.root-servers.net
2620:0:2830:202::132; # xfr.cjr.dns.icann.org
2620:0:2d0:202::132; # xfr.lax.dns.icann.org
};
};</pre>
</dd>
<dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
<dd>
<p>

9
doc/arm/man.named.conf.html
View file

@ -871,7 +871,6 @@ view
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
mirror <em class="replaceable"><code>boolean</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
notify-delay <em class="replaceable"><code>integer</code></em>;<br>
@ -897,7 +896,7 @@ view
transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port (<br>
    <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
type ( primary | master | secondary | slave |<br>
type ( primary | master | secondary | slave | mirror |<br>
    delegation-only | forward | hint | redirect |<br>
    static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
@ -977,7 +976,6 @@ zone
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
mirror <em class="replaceable"><code>boolean</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
notify ( explicit | master-only | <em class="replaceable"><code>boolean</code></em> );<br>
notify-delay <em class="replaceable"><code>integer</code></em>;<br>
@ -1001,8 +999,9 @@ zone
transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * )<br>
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
type ( primary | master | secondary | slave | delegation-only |<br>
    forward | hint | redirect | static-stub | stub );<br>
type ( primary | master | secondary | slave | mirror |<br>
    delegation-only | forward | hint | redirect | static-stub |<br>
    stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>

56
doc/arm/mirror.zoneopt.xml Normal file
View file

@ -0,0 +1,56 @@
<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<!-- Generated by doc/misc/docbook-zoneopt.pl -->
<programlisting>
<command>zone</command> <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
<command>type</command> mirror;
<command>allow-notify</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-query</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-query-on</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-transfer</command> { <replaceable>address_match_element</replaceable>; ... };
<command>allow-update-forwarding</command> { <replaceable>address_match_element</replaceable>; ... };
<command>also-notify</command> [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
<command>alt-transfer-source</command> ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>alt-transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>check-names</command> ( fail | warn | ignore );
<command>database</command> <replaceable>string</replaceable>;
<command>file</command> <replaceable>quoted_string</replaceable>;
<command>ixfr-from-differences</command> <replaceable>boolean</replaceable>;
<command>journal</command> <replaceable>quoted_string</replaceable>;
<command>masterfile-format</command> ( map | raw | text );
<command>masterfile-style</command> ( full | relative );
<command>masters</command> [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key <replaceable>string</replaceable> ]; ... };
<command>max-journal-size</command> ( default | unlimited | <replaceable>sizeval</replaceable> );
<command>max-records</command> <replaceable>integer</replaceable>;
<command>max-refresh-time</command> <replaceable>integer</replaceable>;
<command>max-retry-time</command> <replaceable>integer</replaceable>;
<command>max-transfer-idle-in</command> <replaceable>integer</replaceable>;
<command>max-transfer-idle-out</command> <replaceable>integer</replaceable>;
<command>max-transfer-time-in</command> <replaceable>integer</replaceable>;
<command>max-transfer-time-out</command> <replaceable>integer</replaceable>;
<command>min-refresh-time</command> <replaceable>integer</replaceable>;
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>multi-master</command> <replaceable>boolean</replaceable>;
<command>notify</command> ( explicit | master-only | <replaceable>boolean</replaceable> );
<command>notify-delay</command> <replaceable>integer</replaceable>;
<command>notify-source</command> ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>notify-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>request-expire</command> <replaceable>boolean</replaceable>;
<command>request-ixfr</command> <replaceable>boolean</replaceable>;
<command>transfer-source</command> ( <replaceable>ipv4_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
<command>try-tcp-refresh</command> <replaceable>boolean</replaceable>;
<command>use-alt-transfer-source</command> <replaceable>boolean</replaceable>;
<command>zero-no-soa-ttl</command> <replaceable>boolean</replaceable>;
<command>zone-statistics</command> ( full | terse | none | <replaceable>boolean</replaceable> );
};
</programlisting>

1
doc/arm/options.grammar.xml
View file

@ -180,7 +180,6 @@
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>minimal-any</command> <replaceable>boolean</replaceable>;
<command>minimal-responses</command> ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
<command>mirror</command> <replaceable>boolean</replaceable>;
<command>multi-master</command> <replaceable>boolean</replaceable>;
<command>new-zones-directory</command> <replaceable>quoted_string</replaceable>;
<command>no-case-compress</command> { <replaceable>address_match_element</replaceable>; ... };

1
doc/arm/slave.zoneopt.xml
View file

@ -50,7 +50,6 @@
<command>max-transfer-time-out</command> <replaceable>integer</replaceable>;
<command>min-refresh-time</command> <replaceable>integer</replaceable>;
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>mirror</command> <replaceable>boolean</replaceable>;
<command>multi-master</command> <replaceable>boolean</replaceable>;
<command>notify</command> ( explicit | master-only | <replaceable>boolean</replaceable> );
<command>notify-delay</command> <replaceable>integer</replaceable>;

2
doc/misc/Makefile.in
View file

@ -35,6 +35,7 @@ options: FORCE
${CFG_TEST} --named --grammar > $@.raw ; \
${CFG_TEST} --zonegrammar master > master.zoneopt ; \
${CFG_TEST} --zonegrammar slave > slave.zoneopt ; \
${CFG_TEST} --zonegrammar mirror > mirror.zoneopt ; \
${CFG_TEST} --zonegrammar forward > forward.zoneopt ; \
${CFG_TEST} --zonegrammar hint > hint.zoneopt ; \
${CFG_TEST} --zonegrammar stub > stub.zoneopt ; \
@ -54,6 +55,7 @@ docbook: options
${PERL} docbook-options.pl options > ${top_srcdir}/bin/named/named.conf.docbook
${PERL} docbook-zoneopt.pl master.zoneopt > ${top_srcdir}/doc/arm/master.zoneopt.xml
${PERL} docbook-zoneopt.pl slave.zoneopt > ${top_srcdir}/doc/arm/slave.zoneopt.xml
${PERL} docbook-zoneopt.pl mirror.zoneopt > ${top_srcdir}/doc/arm/mirror.zoneopt.xml
${PERL} docbook-zoneopt.pl forward.zoneopt > ${top_srcdir}/doc/arm/forward.zoneopt.xml
${PERL} docbook-zoneopt.pl hint.zoneopt > ${top_srcdir}/doc/arm/hint.zoneopt.xml
${PERL} docbook-zoneopt.pl stub.zoneopt > ${top_srcdir}/doc/arm/stub.zoneopt.xml

42
doc/misc/mirror.zoneopt Normal file
View file

@ -0,0 +1,42 @@
zone <string> [ <class> ] {
type mirror;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
check-names ( fail | warn | ignore );
database <string>;
file <quoted_string>;
ixfr-from-differences <boolean>;
journal <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

11
doc/misc/options
View file

@ -239,7 +239,6 @@ options {
min-roots <integer>; // not implemented
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
mirror <boolean>;
multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
@ -580,7 +579,6 @@ view <string> [ <class> ] {
min-roots <integer>; // not implemented
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
mirror <boolean>;
multi-master <boolean>;
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
@ -786,7 +784,6 @@ view <string> [ <class> ] {
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
mirror <boolean>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
@ -814,7 +811,7 @@ view <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( primary | master | secondary | slave |
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk <boolean>;
@ -892,7 +889,6 @@ zone <string> [ <class> ] {
max-zone-ttl ( unlimited | <ttlval> );
min-refresh-time <integer>;
min-retry-time <integer>;
mirror <boolean>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
@ -918,8 +914,9 @@ zone <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
try-tcp-refresh <boolean>;
type ( primary | master | secondary | slave | delegation-only |
forward | hint | redirect | static-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self

1
doc/misc/slave.zoneopt
View file

@ -37,7 +37,6 @@ zone <string> [ <class> ] {
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
mirror <boolean>;
multi-master <boolean>;
notify ( explicit | master-only | <boolean> );
notify-delay <integer>;

2
util/copyrights
View file

@ -2682,6 +2682,7 @@
./doc/arm/managed-keys.xml SGML 2010,2014,2015,2016,2017,2018
./doc/arm/master.zoneopt.xml SGML 2018
./doc/arm/masters.grammar.xml SGML 2018
./doc/arm/mirror.zoneopt.xml SGML 2018
./doc/arm/notes-wrapper.xml SGML 2014,2015,2016,2018
./doc/arm/notes.conf X 2015,2018
./doc/arm/notes.html X 2014,2015,2016,2017,2018
@ -2748,6 +2749,7 @@
./doc/misc/master.zoneopt X 2018
./doc/misc/migration TXT.BRIEF 2000,2001,2003,2004,2007,2008,2016,2018
./doc/misc/migration-4to9 TXT.BRIEF 2001,2004,2016,2018
./doc/misc/mirror.zoneopt X 2018
./doc/misc/options X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018
./doc/misc/redirect.zoneopt X 2018
./doc/misc/rfc-compliance TXT.BRIEF 2001,2004,2015,2016,2018