recursing-file \"named.recursing\";\n\
recursive-clients 1000;\n\
request-nsid false;\n\
- reserved-sockets 512;\n\
resolver-query-timeout 10;\n\
rrset-order { order random; };\n\
secroots-file \"named.secroots\";\n\
This option is mainly of interest to BIND 9 developers and may be
removed or changed in a future release.
-.. option:: -S #max-socks
-
- This option is deprecated and no longer has any function.
-
-.. warning::
-
- This option should be unnecessary for the vast majority of users.
- The use of this option could even be harmful, because the specified
- value may exceed the limitation of the underlying system API. It
- is therefore set only when the default configuration causes
- exhaustion of file descriptors and the operational environment is
- known to support the specified number of sockets. Note also that
- the actual maximum number is normally slightly fewer than the
- specified value, because :program:`named` reserves some file descriptors
- for its internal use.
-
.. option:: -t directory
This option tells :program:`named` to chroot to ``directory`` after processing the command-line arguments, but
Until BIND 9.12, this feature was implemented natively in :iscman:`named` and
enabled with the ``filter-aaaa`` ACL and the ``filter-aaaa-on-v4`` and
-``filter-aaaa-on-v6`` options. These options are now deprecated in
+``filter-aaaa-on-v6`` options. These options are no longer available in
:iscman:`named.conf` but can be passed as parameters to the
``filter-aaaa.so`` plugin, for example:
``yes``.
.. namedconf:statement:: dnssec-secure-to-insecure
- :tags: dnssec
- :short: Allows a dynamic zone to transition from secure to insecure by deleting all DNSKEY records (obsoleted).
+ :tags: obsolete
- This option used to allow a dynamic zone to transition from secure to insecure by deleting all DNSKEY records.
- It has been obsoleted because DNSSEC key operations triggered by dynamic updates are no longer supported.
+ This option no longer has any effect.
.. namedconf:statement:: synth-from-dnssec
:tags: dnssec
arguments are all fixed-point numbers with precision of 1/100; at
most two places after the decimal point are significant.
-.. namedconf:statement:: reserved-sockets
- :tags: deprecated
-
- This option is deprecated and no longer has any effect.
-
.. namedconf:statement:: max-cache-size
:tags: server
:short: Sets the maximum amount of memory to use for an individual cache database and its associated metadata.
The use of this option in :any:`zone` blocks is deprecated and
will be rendered nonoperational in a future release.
-:any:`dnssec-secure-to-insecure`
- See the description of :any:`dnssec-secure-to-insecure` in :ref:`boolean_options`.
-
.. _dynamic_update_policies:
Dynamic Update Policies
nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
parent-ds-ttl <duration>;
parent-propagation-delay <duration>;
- parent-registration-delay <duration>; // obsolete
publish-safety <duration>;
purge-keys <duration>;
retire-safety <duration>;
request-ixfr <boolean>;
request-nsid <boolean>;
require-server-cookie <boolean>;
- reserved-sockets <integer>; // deprecated
resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>;
resolver-retry-interval <integer>;
stale-refresh-time <duration>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
- suppress-initial-notify <boolean>; // obsolete
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
tcp-clients <integer>;
stale-answer-ttl <duration>;
stale-cache-enable <boolean>;
stale-refresh-time <duration>;
- suppress-initial-notify <boolean>; // obsolete
synth-from-dnssec <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * );
*/
DNS_ZONEOPT_NOTIFYTOSOA = 1 << 21, /*%< Notify the SOA MNAME */
DNS_ZONEOPT_NSEC3TESTZONE = 1 << 22, /*%< nsec3-test-zone */
- DNS_ZONEOPT_SECURETOINSECURE = 1 << 23, /*%< dnssec-secure-to-insecure,
- * obsoleted */
- DNS_ZONEOPT_DNSKEYKSKONLY = 1 << 24, /*%< dnssec-dnskey-kskonly */
- DNS_ZONEOPT_CHECKDUPRR = 1 << 25, /*%< check-dup-records */
- DNS_ZONEOPT_CHECKDUPRRFAIL = 1 << 26, /*%< fatal check-dup-records
- * failures */
- DNS_ZONEOPT_CHECKSPF = 1 << 27, /*%< check SPF records */
- DNS_ZONEOPT_CHECKTTL = 1 << 28, /*%< check max-zone-ttl */
- DNS_ZONEOPT_AUTOEMPTY = 1 << 29, /*%< automatic empty zone */
- DNS_ZONEOPT_CHECKSVCB = 1 << 30, /*%< check SVBC records */
+ /* DNS_ZONEOPT_SECURETOINSECURE = 1 << 23, */
+ DNS_ZONEOPT_DNSKEYKSKONLY = 1 << 24, /*%< dnssec-dnskey-kskonly */
+ DNS_ZONEOPT_CHECKDUPRR = 1 << 25, /*%< check-dup-records */
+ DNS_ZONEOPT_CHECKDUPRRFAIL = 1 << 26, /*%< fatal check-dup-records
+ * failures */
+ DNS_ZONEOPT_CHECKSPF = 1 << 27, /*%< check SPF records */
+ DNS_ZONEOPT_CHECKTTL = 1 << 28, /*%< check max-zone-ttl */
+ DNS_ZONEOPT_AUTOEMPTY = 1 << 29, /*%< automatic empty zone */
+ DNS_ZONEOPT_CHECKSVCB = 1 << 30, /*%< check SVBC records */
DNS_ZONEOPT___MAX = UINT64_MAX, /* trick to make the ENUM 64-bit wide */
} dns_zoneopt_t;
{ "recursing-file", &cfg_type_qstring, 0 },
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reuseport", &cfg_type_boolean, 0 },
- { "reserved-sockets", &cfg_type_uint32, CFG_CLAUSEFLAG_DEPRECATED },
+ { "reserved-sockets", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "secroots-file", &cfg_type_qstring, 0 },
{ "serial-queries", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "serial-query-rate", &cfg_type_uint32, 0 },
{ "stale-cache-enable", &cfg_type_boolean, 0 },
{ "stale-refresh-time", &cfg_type_duration, 0 },
{ "suppress-initial-notify", &cfg_type_boolean,
- CFG_CLAUSEFLAG_OBSOLETE },
+ CFG_CLAUSEFLAG_ANCIENT },
{ "synth-from-dnssec", &cfg_type_boolean, 0 },
{ "topology", NULL, CFG_CLAUSEFLAG_ANCIENT },
{ "transfer-format", &cfg_type_transferformat, 0 },
{ "parent-ds-ttl", &cfg_type_duration, 0 },
{ "parent-propagation-delay", &cfg_type_duration, 0 },
{ "parent-registration-delay", &cfg_type_duration,
- CFG_CLAUSEFLAG_OBSOLETE },
+ CFG_CLAUSEFLAG_ANCIENT },
{ "publish-safety", &cfg_type_duration, 0 },
{ "purge-keys", &cfg_type_duration, 0 },
{ "retire-safety", &cfg_type_duration, 0 },
projects / thirdparty / bind9.git / commitdiff
