From 7bb3d000a5fa0d20a5564b3f465caa85c026e133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 9 Oct 2018 10:54:51 +0200 Subject: [PATCH] Update documentation --- bin/named/named.conf.5 | 9 +- bin/named/named.conf.docbook | 11 +- bin/named/named.conf.html | 9 +- bin/tests/cfg_test.c | 2 + doc/arm/Bv9ARM-book.xml | 174 ++++++++++++++++------------ doc/arm/Bv9ARM.ch05.html | 216 ++++++++++++++++++++++++----------- doc/arm/man.named.conf.html | 9 +- doc/arm/mirror.zoneopt.xml | 56 +++++++++ doc/arm/options.grammar.xml | 1 - doc/arm/slave.zoneopt.xml | 1 - doc/misc/Makefile.in | 2 + doc/misc/mirror.zoneopt | 42 +++++++ doc/misc/options | 11 +- doc/misc/slave.zoneopt | 1 - util/copyrights | 2 + 15 files changed, 375 insertions(+), 171 deletions(-) create mode 100644 doc/arm/mirror.zoneopt.xml create mode 100644 doc/misc/mirror.zoneopt diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 6104832681..8d109a00b9 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -884,7 +884,6 @@ view \fIstring\fR [ \fIclass\fR ] { max\-zone\-ttl ( unlimited | \fIttlval\fR ); min\-refresh\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; - mirror \fIboolean\fR; multi\-master \fIboolean\fR; notify ( explicit | master\-only | \fIboolean\fR ); notify\-delay \fIinteger\fR; @@ -910,7 +909,7 @@ view \fIstring\fR [ \fIclass\fR ] { transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; try\-tcp\-refresh \fIboolean\fR; - type ( primary | master | secondary | slave | + type ( primary | master | secondary | slave | mirror | delegation\-only | forward | hint | redirect | static\-stub | stub ); update\-check\-ksk \fIboolean\fR; @@ -993,7 +992,6 @@ zone \fIstring\fR [ \fIclass\fR ] { max\-zone\-ttl ( unlimited | \fIttlval\fR ); min\-refresh\-time \fIinteger\fR; min\-retry\-time \fIinteger\fR; - mirror \fIboolean\fR; multi\-master \fIboolean\fR; notify ( explicit | master\-only | \fIboolean\fR ); notify\-delay \fIinteger\fR; @@ -1017,8 +1015,9 @@ zone \fIstring\fR [ \fIclass\fR ] { transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [ dscp \fIinteger\fR ]; try\-tcp\-refresh \fIboolean\fR; - type ( primary | master | secondary | slave | delegation\-only | - forward | hint | redirect | static\-stub | stub ); + type ( primary | master | secondary | slave | mirror | + delegation\-only | forward | hint | redirect | static\-stub | + stub ); update\-check\-ksk \fIboolean\fR; update\-policy ( local | { ( deny | grant ) \fIstring\fR ( 6to4\-self | external | krb5\-self | krb5\-subdomain | ms\-self | ms\-subdomain diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 49aa2104f9..01dc81be6c 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -341,7 +341,6 @@ options { min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); - mirror boolean; multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; @@ -673,7 +672,6 @@ view string [ class ] { min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); - mirror boolean; multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; @@ -864,7 +862,6 @@ view string [ class ] { max-zone-ttl ( unlimited | ttlval ); min-refresh-time integer; min-retry-time integer; - mirror boolean; multi-master boolean; notify ( explicit | master-only | boolean ); notify-delay integer; @@ -890,7 +887,7 @@ view string [ class ] { transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try-tcp-refresh boolean; - type ( primary | master | secondary | slave | + type ( primary | master | secondary | slave | mirror | delegation-only | forward | hint | redirect | static-stub | stub ); update-check-ksk boolean; @@ -969,7 +966,6 @@ zone string [ class ] { max-zone-ttl ( unlimited | ttlval ); min-refresh-time integer; min-retry-time integer; - mirror boolean; multi-master boolean; notify ( explicit | master-only | boolean ); notify-delay integer; @@ -993,8 +989,9 @@ zone string [ class ] { transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; try-tcp-refresh boolean; - type ( primary | master | secondary | slave | delegation-only | - forward | hint | redirect | static-stub | stub ); + type ( primary | master | secondary | slave | mirror | + delegation-only | forward | hint | redirect | static-stub | + stub ); update-check-ksk boolean; update-policy ( local | { ( deny | grant ) string ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 7169f14ceb..a5b2ccd702 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -853,7 +853,6 @@ view max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
- mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
@@ -879,7 +878,7 @@ view transfer-source-v6 ( ipv6_address | * ) [ port (
    integer | * ) ] [ dscp integer ];
try-tcp-refresh boolean;
- type ( primary | master | secondary | slave |
+ type ( primary | master | secondary | slave | mirror |
    delegation-only | forward | hint | redirect |
    static-stub | stub );
update-check-ksk boolean;
@@ -959,7 +958,6 @@ zone max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
- mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
@@ -983,8 +981,9 @@ zone transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
    ] [ dscp integer ];
try-tcp-refresh boolean;
- type ( primary | master | secondary | slave | delegation-only |
-     forward | hint | redirect | static-stub | stub );
+ type ( primary | master | secondary | slave | mirror |
+     delegation-only | forward | hint | redirect | static-stub |
+     stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
diff --git a/bin/tests/cfg_test.c b/bin/tests/cfg_test.c index 4d01e41056..0c8e1a7940 100644 --- a/bin/tests/cfg_test.c +++ b/bin/tests/cfg_test.c @@ -115,6 +115,8 @@ main(int argc, char **argv) { strcmp(argv[1], "seconary") == 0) { zonetype = CFG_ZONE_SLAVE; + } else if (strcmp(argv[1], "mirror") == 0) { + zonetype = CFG_ZONE_MIRROR; } else if (strcmp(argv[1], "stub") == 0) { zonetype = CFG_ZONE_STUB; } else if (strcmp(argv[1], "static-stub") == 0) { diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 02d933c7f6..c2c5e4f43f 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -7317,8 +7317,8 @@ options { - - allow-transfer + + allow-transfer Specifies which hosts are allowed to @@ -11410,6 +11410,7 @@ view "external" { + @@ -11429,6 +11430,7 @@ view "external" { acceptable values include: master (or primary), slave (or secondary), + mirror, delegation-only, forward, hint, @@ -11565,6 +11567,97 @@ view "external" { + + + + mirror + + + + + + + A mirror zone acts like a zone of type + secondary whose data is + subject to DNSSEC validation before being used + in answers. Validation is performed during the + zone transfer process, and again when the zone + file is loaded from disk when + named is restarted. If + validation fails, a retransfer of the zone is + scheduled; if the mirror zone had not previously + been loaded or if the previous version has + expired, traditional DNS recursion will be used + to look up the answers instead. + + + For validation to succeed, a key-signing key + (KSK) for the zone must be configured as a trust + anchor in named.conf: that + is, a key for the zone must either be specified + in managed-keys or + trusted-keys, or in the case + of the root zone, + dnssec-validation must be set + to auto. Answers coming + from a mirror zone look almost exactly like + answers from a zone of type + secondary, with the + notable exceptions that the AA bit + ("authoritative answer") is not set, and the AD + bit ("authenticated data") is. + + + Since mirror zones are intended to be used by + recursive resolvers, adding one to a view with + recursion disabled is considered to be a + configuration error. + + + When configuring NOTIFY for a mirror zone, only + notify no; and + notify explicit; can be + used. Using any other + notify setting at the + zone level is a configuration error. Using any + other notify setting at + the options or + view level will cause + that setting to be overridden with + notify explicit; for the + mirror zone in question. + + + Outgoing transfers of mirror zones are disabled + by default but may be enabled using + . + + + While any zone may be configured with this type, + it is intended to be used to set up a fast local + copy of the root zone, similar to the one + described in RFC 7706. Note, however, that + mirror zones are not supposed to augment the + example configuration provided by RFC 7706 but + rather to replace it altogether. + + + A default list of primary servers for the root + zone is built into named and + thus IANA root zone mirroring can be enabled + using the following configuration: + +zone "." { + type mirror; +}; + + To make mirror zone contents persist between + named restarts, use the + + option. + + + @@ -12067,19 +12160,20 @@ view "external" { - - file + + file Set the zone's filename. In master, hint, and redirect zones which do not have masters defined, zone data is loaded from this file. In - slave, stub, and - redirect zones which do have - masters defined, zone data is - retrieved from another server and saved in this file. - This option is not applicable to other zone types. + slave, mirror, + stub, and redirect + zones which do have masters + defined, zone data is retrieved from another server + and saved in this file. This option is not + applicable to other zone types. @@ -12524,68 +12618,6 @@ example.com. NS ns2.example.net. - - mirror - - - If set to yes, this causes the - zone to become a mirror zone. A mirror zone is a - secondary zone whose data - is subject to DNSSEC validation before being - used in answers. The default is - no. - - - A mirror zone's contents are validated during the transfer - process, and again when the zone file is loaded from disk - when named is restarted. If validation - fails, a retransfer of the zone is scheduled; if the mirror - zone had not previously been loaded or if the previous - version has expired, traditional DNS recursion will be used - to look up the answers instead. - - - For validation to succeed, a key-signing key (KSK) for - the zone must be configured as a trust anchor in - named.conf: - that is, a key for the zone must either be specified in - managed-keys or - trusted-keys, or in the case of - the root zone, dnssec-validation - must be set to auto. - Answers coming from a mirror zone look almost exactly like - answers from a normal slave zone, with the notable - exceptions that the AA bit ("authoritative answer") is - not set, and the AD bit ("authenticated data") is. - - - Though this option can be used for other zones, it - is intended to be used to set up a fast local copy of - the root zone, as described in RFC 7706. - This can be done by using the following configuration: - -zone "." { - type slave; - mirror yes; - file "root.mirror"; - masters { - 192.228.79.201; # b.root-servers.net - 192.33.4.12; # c.root-servers.net - 192.5.5.241; # f.root-servers.net - 192.112.36.4; # g.root-servers.net - 193.0.14.129; # k.root-servers.net - 192.0.47.132; # xfr.cjr.dns.icann.org - 192.0.32.132; # xfr.lax.dns.icann.org - 2001:500:84::b; # b.root-servers.net - 2001:500:2f::f; # f.root-servers.net - 2001:7fd::1; # k.root-servers.net - 2620:0:2830:202::132; # xfr.cjr.dns.icann.org - 2620:0:2d0:202::132; # xfr.lax.dns.icann.org - }; -}; - - - multi-master diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 36939a6ea3..401f9f204c 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -2531,7 +2531,6 @@ badresp:1,adberr:0,findfail:0,valfail:0] min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); - mirror boolean; multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; @@ -5369,7 +5368,9 @@ options { It is now ignored with some warning messages.

-
allow-transfer
+
+allow-transfer +

Specifies which hosts are allowed to @@ -9398,7 +9399,6 @@ view "external" { max-transfer-time-out integer; min-refresh-time integer; min-retry-time integer; - mirror boolean; multi-master boolean; notify ( explicit | master-only | boolean ); notify-delay integer; @@ -9421,6 +9421,50 @@ view "external" { }; 

+zone string [ class ] {
+	type mirror;
+	allow-notify { address_match_element; ... };
+	allow-query { address_match_element; ... };
+	allow-query-on { address_match_element; ... };
+	allow-transfer { address_match_element; ... };
+	allow-update-forwarding { address_match_element; ... };
+	also-notify [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... };
+	alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
+	alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
+	check-names ( fail | warn | ignore );
+	database string;
+	file quoted_string;
+	ixfr-from-differences boolean;
+	journal quoted_string;
+	masterfile-format ( map | raw | text );
+	masterfile-style ( full | relative );
+	masters [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... };
+	max-journal-size ( default | unlimited | sizeval );
+	max-records integer;
+	max-refresh-time integer;
+	max-retry-time integer;
+	max-transfer-idle-in integer;
+	max-transfer-idle-out integer;
+	max-transfer-time-in integer;
+	max-transfer-time-out integer;
+	min-refresh-time integer;
+	min-retry-time integer;
+	multi-master boolean;
+	notify ( explicit | master-only | boolean );
+	notify-delay integer;
+	notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
+	notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
+	request-expire boolean;
+	request-ixfr boolean;
+	transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ];
+	transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ];
+	try-tcp-refresh boolean;
+	use-alt-transfer-source boolean;
+	zero-no-soa-ttl boolean;
+	zone-statistics ( full | terse | none | boolean );
+};
+
+
 zone string [ class ] {
 	type hint;
 	check-names ( fail | warn | ignore );
@@ -9519,6 +9563,7 @@ view "external" {
               acceptable values include:
               master (or primary),
               slave (or secondary),
+              mirror,
               delegation-only,
               forward,
               hint,
@@ -9656,6 +9701,97 @@ view "external" {
                     
 
 
+
+                      

+                        mirror
+                      

+                    
+
+                      

+                      

+                      

+                        A mirror zone acts like a zone of type
+                        secondary whose data is
+                        subject to DNSSEC validation before being used
+                        in answers.  Validation is performed during the
+                        zone transfer process, and again when the zone
+                        file is loaded from disk when
+                        named is restarted.  If
+                        validation fails, a retransfer of the zone is
+                        scheduled; if the mirror zone had not previously
+                        been loaded or if the previous version has
+                        expired, traditional DNS recursion will be used
+                        to look up the answers instead.
+                      

+                      

+                        For validation to succeed, a key-signing key
+                        (KSK) for the zone must be configured as a trust
+                        anchor in named.conf: that
+                        is, a key for the zone must either be specified
+                        in managed-keys or
+                        trusted-keys, or in the case
+                        of the root zone,
+                        dnssec-validation must be set
+                        to auto.  Answers coming
+                        from a mirror zone look almost exactly like
+                        answers from a zone of type
+                        secondary, with the
+                        notable exceptions that the AA bit
+                        ("authoritative answer") is not set, and the AD
+                        bit ("authenticated data") is.
+                      

+                      

+                        Since mirror zones are intended to be used by
+                        recursive resolvers, adding one to a view with
+                        recursion disabled is considered to be a
+                        configuration error.
+                      

+                      

+                        When configuring NOTIFY for a mirror zone, only
+                        notify no; and
+                        notify explicit; can be
+                        used.  Using any other
+                        notify setting at the
+                        zone level is a configuration error.  Using any
+                        other notify setting at
+                        the options or
+                        view level will cause
+                        that setting to be overridden with
+                        notify explicit; for the
+                        mirror zone in question.
+                      

+                      

+                        Outgoing transfers of mirror zones are disabled
+                        by default but may be enabled using
+                        allow-transfer.
+                      

+                      

+                        While any zone may be configured with this type,
+                        it is intended to be used to set up a fast local
+                        copy of the root zone, similar to the one
+                        described in RFC 7706.  Note, however, that
+                        mirror zones are not supposed to augment the
+                        example configuration provided by RFC 7706 but
+                        rather to replace it altogether.
+                      

+                      

+                        A default list of primary servers for the root
+                        zone is built into named and
+                        thus IANA root zone mirroring can be enabled
+                        using the following configuration:
+                      

+
zone "." {
+        type mirror;
+};

+                      

+                        To make mirror zone contents persist between
+                        named restarts, use the
+                        file
+                        option.
+                      

+                    
+
+
 
                       

                         static-stub
@@ -10093,18 +10229,21 @@ view "external" {
                     See caveats in root-delegation-only.
-
file
+
+file +

Set the zone's filename. In master, hint, and redirect zones which do not have masters defined, zone data is loaded from this file. In - slave, stub, and - redirect zones which do have - masters defined, zone data is - retrieved from another server and saved in this file. - This option is not applicable to other zone types. + slave, mirror, + stub, and redirect + zones which do have masters + defined, zone data is retrieved from another server + and saved in this file. This option is not + applicable to other zone types.

forward
@@ -10444,65 +10583,6 @@ example.com. NS ns2.example.net. behavior is disabled by default.

-
mirror
-
-

- If set to yes, this causes the - zone to become a mirror zone. A mirror zone is a - secondary zone whose data - is subject to DNSSEC validation before being - used in answers. The default is - no. -

-

- A mirror zone's contents are validated during the transfer - process, and again when the zone file is loaded from disk - when named is restarted. If validation - fails, a retransfer of the zone is scheduled; if the mirror - zone had not previously been loaded or if the previous - version has expired, traditional DNS recursion will be used - to look up the answers instead. -

-

- For validation to succeed, a key-signing key (KSK) for - the zone must be configured as a trust anchor in - named.conf: - that is, a key for the zone must either be specified in - managed-keys or - trusted-keys, or in the case of - the root zone, dnssec-validation - must be set to auto. - Answers coming from a mirror zone look almost exactly like - answers from a normal slave zone, with the notable - exceptions that the AA bit ("authoritative answer") is - not set, and the AD bit ("authenticated data") is. -

-

- Though this option can be used for other zones, it - is intended to be used to set up a fast local copy of - the root zone, as described in RFC 7706. - This can be done by using the following configuration: -

-
zone "." {
-        type slave;
-        mirror yes;
-        file "root.mirror";
-        masters {
-                192.228.79.201;       # b.root-servers.net
-                192.33.4.12;          # c.root-servers.net
-                192.5.5.241;          # f.root-servers.net
-                192.112.36.4;         # g.root-servers.net
-                193.0.14.129;         # k.root-servers.net
-                192.0.47.132;         # xfr.cjr.dns.icann.org
-                192.0.32.132;         # xfr.lax.dns.icann.org
-                2001:500:84::b;       # b.root-servers.net
-                2001:500:2f::f;       # f.root-servers.net
-                2001:7fd::1;          # k.root-servers.net
-                2620:0:2830:202::132; # xfr.cjr.dns.icann.org
-                2620:0:2d0:202::132;  # xfr.lax.dns.icann.org
-        };
-};
-
multi-master

diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index 3c91638ea3..4a9411be55 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -871,7 +871,6 @@ view max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
- mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
@@ -897,7 +896,7 @@ view transfer-source-v6 ( ipv6_address | * ) [ port (
    integer | * ) ] [ dscp integer ];
try-tcp-refresh boolean;
- type ( primary | master | secondary | slave |
+ type ( primary | master | secondary | slave | mirror |
    delegation-only | forward | hint | redirect |
    static-stub | stub );
update-check-ksk boolean;
@@ -977,7 +976,6 @@ zone max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
- mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
@@ -1001,8 +999,9 @@ zone transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
    ] [ dscp integer ];
try-tcp-refresh boolean;
- type ( primary | master | secondary | slave | delegation-only |
-     forward | hint | redirect | static-stub | stub );
+ type ( primary | master | secondary | slave | mirror |
+     delegation-only | forward | hint | redirect | static-stub |
+     stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
diff --git a/doc/arm/mirror.zoneopt.xml b/doc/arm/mirror.zoneopt.xml new file mode 100644 index 0000000000..694fd80d78 --- /dev/null +++ b/doc/arm/mirror.zoneopt.xml @@ -0,0 +1,56 @@ + + + + +zone string [ class ] { + type mirror; + allow-notify { address_match_element; ... }; + allow-query { address_match_element; ... }; + allow-query-on { address_match_element; ... }; + allow-transfer { address_match_element; ... }; + allow-update-forwarding { address_match_element; ... }; + also-notify [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; + alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + check-names ( fail | warn | ignore ); + database string; + file quoted_string; + ixfr-from-differences boolean; + journal quoted_string; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... }; + max-journal-size ( default | unlimited | sizeval ); + max-records integer; + max-refresh-time integer; + max-retry-time integer; + max-transfer-idle-in integer; + max-transfer-idle-out integer; + max-transfer-time-in integer; + max-transfer-time-out integer; + min-refresh-time integer; + min-retry-time integer; + multi-master boolean; + notify ( explicit | master-only | boolean ); + notify-delay integer; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + request-expire boolean; + request-ixfr boolean; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + try-tcp-refresh boolean; + use-alt-transfer-source boolean; + zero-no-soa-ttl boolean; + zone-statistics ( full | terse | none | boolean ); +}; + diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml index 3eae56c229..d8c9243ae5 100644 --- a/doc/arm/options.grammar.xml +++ b/doc/arm/options.grammar.xml @@ -180,7 +180,6 @@ min-retry-time integer; minimal-any boolean; minimal-responses ( no-auth | no-auth-recursive | boolean ); - mirror boolean; multi-master boolean; new-zones-directory quoted_string; no-case-compress { address_match_element; ... }; diff --git a/doc/arm/slave.zoneopt.xml b/doc/arm/slave.zoneopt.xml index 0c4ee36a70..63c0a4acf1 100644 --- a/doc/arm/slave.zoneopt.xml +++ b/doc/arm/slave.zoneopt.xml @@ -50,7 +50,6 @@ max-transfer-time-out integer; min-refresh-time integer; min-retry-time integer; - mirror boolean; multi-master boolean; notify ( explicit | master-only | boolean ); notify-delay integer; diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in index c4967ff519..21084d5591 100644 --- a/doc/misc/Makefile.in +++ b/doc/misc/Makefile.in @@ -35,6 +35,7 @@ options: FORCE ${CFG_TEST} --named --grammar > $@.raw ; \ ${CFG_TEST} --zonegrammar master > master.zoneopt ; \ ${CFG_TEST} --zonegrammar slave > slave.zoneopt ; \ + ${CFG_TEST} --zonegrammar mirror > mirror.zoneopt ; \ ${CFG_TEST} --zonegrammar forward > forward.zoneopt ; \ ${CFG_TEST} --zonegrammar hint > hint.zoneopt ; \ ${CFG_TEST} --zonegrammar stub > stub.zoneopt ; \ @@ -54,6 +55,7 @@ docbook: options ${PERL} docbook-options.pl options > ${top_srcdir}/bin/named/named.conf.docbook ${PERL} docbook-zoneopt.pl master.zoneopt > ${top_srcdir}/doc/arm/master.zoneopt.xml ${PERL} docbook-zoneopt.pl slave.zoneopt > ${top_srcdir}/doc/arm/slave.zoneopt.xml + ${PERL} docbook-zoneopt.pl mirror.zoneopt > ${top_srcdir}/doc/arm/mirror.zoneopt.xml ${PERL} docbook-zoneopt.pl forward.zoneopt > ${top_srcdir}/doc/arm/forward.zoneopt.xml ${PERL} docbook-zoneopt.pl hint.zoneopt > ${top_srcdir}/doc/arm/hint.zoneopt.xml ${PERL} docbook-zoneopt.pl stub.zoneopt > ${top_srcdir}/doc/arm/stub.zoneopt.xml diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt new file mode 100644 index 0000000000..6184d371d5 --- /dev/null +++ b/doc/misc/mirror.zoneopt @@ -0,0 +1,42 @@ +zone [ ] { + type mirror; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-on { ; ... }; + allow-transfer { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + check-names ( fail | warn | ignore ); + database ; + file ; + ixfr-from-differences ; + journal ; + masterfile-format ( map | raw | text ); + masterfile-style ( full | relative ); + masters [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ]; ... }; + max-journal-size ( default | unlimited | ); + max-records ; + max-refresh-time ; + max-retry-time ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + min-refresh-time ; + min-retry-time ; + multi-master ; + notify ( explicit | master-only | ); + notify-delay ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + request-expire ; + request-ixfr ; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try-tcp-refresh ; + use-alt-transfer-source ; + zero-no-soa-ttl ; + zone-statistics ( full | terse | none | ); +}; diff --git a/doc/misc/options b/doc/misc/options index e845e3e52f..441cda28df 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -239,7 +239,6 @@ options { min-roots ; // not implemented minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); - mirror ; multi-master ; multiple-cnames ; // obsolete named-xfer ; // obsolete @@ -580,7 +579,6 @@ view [ ] { min-roots ; // not implemented minimal-any ; minimal-responses ( no-auth | no-auth-recursive | ); - mirror ; multi-master ; new-zones-directory ; no-case-compress { ; ... }; @@ -786,7 +784,6 @@ view [ ] { max-zone-ttl ( unlimited | ); min-refresh-time ; min-retry-time ; - mirror ; multi-master ; notify ( explicit | master-only | ); notify-delay ; @@ -814,7 +811,7 @@ view [ ] { transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; try-tcp-refresh ; - type ( primary | master | secondary | slave | + type ( primary | master | secondary | slave | mirror | delegation-only | forward | hint | redirect | static-stub | stub ); update-check-ksk ; @@ -892,7 +889,6 @@ zone [ ] { max-zone-ttl ( unlimited | ); min-refresh-time ; min-retry-time ; - mirror ; multi-master ; notify ( explicit | master-only | ); notify-delay ; @@ -918,8 +914,9 @@ zone [ ] { transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; try-tcp-refresh ; - type ( primary | master | secondary | slave | delegation-only | - forward | hint | redirect | static-stub | stub ); + type ( primary | master | secondary | slave | mirror | + delegation-only | forward | hint | redirect | static-stub | + stub ); update-check-ksk ; update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self diff --git a/doc/misc/slave.zoneopt b/doc/misc/slave.zoneopt index 42c87f4678..248823a88b 100644 --- a/doc/misc/slave.zoneopt +++ b/doc/misc/slave.zoneopt @@ -37,7 +37,6 @@ zone [ ] { max-transfer-time-out ; min-refresh-time ; min-retry-time ; - mirror ; multi-master ; notify ( explicit | master-only | ); notify-delay ; diff --git a/util/copyrights b/util/copyrights index 9a19e34162..0b1c923821 100644 --- a/util/copyrights +++ b/util/copyrights @@ -2682,6 +2682,7 @@ ./doc/arm/managed-keys.xml SGML 2010,2014,2015,2016,2017,2018 ./doc/arm/master.zoneopt.xml SGML 2018 ./doc/arm/masters.grammar.xml SGML 2018 +./doc/arm/mirror.zoneopt.xml SGML 2018 ./doc/arm/notes-wrapper.xml SGML 2014,2015,2016,2018 ./doc/arm/notes.conf X 2015,2018 ./doc/arm/notes.html X 2014,2015,2016,2017,2018 @@ -2748,6 +2749,7 @@ ./doc/misc/master.zoneopt X 2018 ./doc/misc/migration TXT.BRIEF 2000,2001,2003,2004,2007,2008,2016,2018 ./doc/misc/migration-4to9 TXT.BRIEF 2001,2004,2016,2018 +./doc/misc/mirror.zoneopt X 2018 ./doc/misc/options X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018 ./doc/misc/redirect.zoneopt X 2018 ./doc/misc/rfc-compliance TXT.BRIEF 2001,2004,2015,2016,2018