When used with the keyword ``initial-key``, ``trust-anchors`` has the
same behavior as ``managed-keys``, i.e., it configures a trust anchor
- that is to be maintained via RFC 5011.
+ that is to be maintained via :rfc:`5011`.
When used with the new keyword ``static-key``, ``trust-anchors`` has
the same behavior as ``trusted-keys``, i.e., it configures a
As with the ``initial-key`` and ``static-key`` keywords,
``initial-ds`` configures a dynamic trust anchor to be maintained via
- RFC 5011, and ``static-ds`` configures a permanent trust anchor. [GL
- #6] [GL #622]
+ :rfc:`5011`, and ``static-ds`` configures a permanent trust anchor.
+ [GL #6] [GL #622]
- ``dig``, ``mdig`` and ``delv`` can all now take a ``+yaml`` option to
print output in a detailed YAML format. [GL #1145]
- ``dig`` now accepts a new command line option, ``+[no]expandaaaa``,
which causes the IPv6 addresses in AAAA records to be printed in full
- 128-bit notation rather than the default RFC 5952 format. [GL #765]
+ 128-bit notation rather than the default :rfc:`5952` format.
+ [GL #765]
- Statistics channel groups can now be toggled. [GL #1030]
- When static and managed DNSSEC keys were both configured for the same
name, or when a static key was used to configure a trust anchor for
the root zone and ``dnssec-validation`` was set to the default value
- of ``auto``, automatic RFC 5011 key rollovers would be disabled. This
- combination of settings was never intended to work, but there was no
- check for it in the parser. This has been corrected, and it is now a
- fatal configuration error. [GL #868]
+ of ``auto``, automatic :rfc:`5011` key rollovers would be disabled.
+ This combination of settings was never intended to work, but there
+ was no check for it in the parser. This has been corrected, and it is
+ now a fatal configuration error. [GL #868]
- DS and CDS records are now generated with SHA-256 digests only,
instead of both SHA-1 and SHA-256. This affects the default output of
- ``named`` will now log a warning if a static key is configured for
the root zone. [GL #6]
-- A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added
+- A SipHash 2-4 based DNS Cookie (:rfc:`7873`) algorithm has been added
and made default. Old non-default HMAC-SHA based DNS Cookie
algorithms have been removed, and only the default AES algorithm is
being kept for legacy reasons. This change has no operational impact
- The default value of ``max-stale-ttl`` has been changed from 12 hours to 1
day and the default value of ``stale-answer-ttl`` has been changed from 1
- second to 30 seconds, following RFC 8767 recommendations. [GL #2248]
+ second to 30 seconds, following :rfc:`8767` recommendations. [GL #2248]
-- As part of an ongoing effort to use RFC 8499 terminology,
+- As part of an ongoing effort to use :rfc:`8499` terminology,
``primaries`` can now be used as a synonym for ``masters`` in
``named.conf``. Similarly, ``notify primary-only`` can now be used as
a synonym for ``notify master-only``. The output of ``rndc
projects / thirdparty / bind9.git / commitdiff
