Remove build requirements from building arm

The meson build switched to generating the file grammars and using meson
to build the manpages/ARM. This is because meson doesn't work well when
writing files outside the build directory.

However, this has been suboptimal when someone only wants to build the
documentation (like RTD). Sphinx can now be used outside meson like it
was with autoconf.

Grammars are now updated by the developer with CI checking if one is
needed or not, like clang-format.

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 84688b08eacebb7b2da89264cfa65d5dc9c9d4ef..cdae394fb54a45523f5c54a318d76025033ec65e 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -474,13 +474,16 @@ stages:
       junit: junit.xml
 
 .docs: &docs_job
-  variables:
-    DOC_BUILD_TARGET: man
   stage: docs
   script:
     - *configure
-    - meson compile -C build ${DOC_BUILD_TARGET}
+    - meson compile -C build arm man
     - find build/man/ -maxdepth 2 -name "*.[0-9]" -exec mandoc -T lint "{}" \; | ( ! grep -v -e "skipping paragraph macro. sp after" -e "unknown font, skipping request. ft C" -e "input text line longer than 80 bytes" )
+    - test -z "${DOC_CHECK_MISC_CHANGE}" || ninja -C build doc-misc
+    - test -z "${DOC_CHECK_MISC_CHANGE}" || cp build/doc/misc/options build/doc/misc/rndc.grammar build/doc/misc/*.zoneopt doc/misc/
+    - test -z "${DOC_CHECK_MISC_CHANGE}" || git diff > doc-misc.patch
+    - test -z "${DOC_CHECK_MISC_CHANGE}" || if test "$(git status --porcelain --untracked-files=no | wc -l)" -gt "0"; then git status --short; exit 1; fi
+
 
 .respdiff: &respdiff_job
   stage: system
@@ -662,7 +665,6 @@ changelog:
     GIT_AUTHOR_EMAIL: $GITLAB_USER_EMAIL
     GIT_COMMITTER_NAME: $GITLAB_USER_NAME
     GIT_COMMITTER_EMAIL: $GITLAB_USER_EMAIL
-    DOC_BUILD_TARGET: arm man
   before_script:
     - echo -e "$CI_MERGE_REQUEST_TITLE\n" > commitmsg
     - sed -i 's/^Draft:\s*//' commitmsg
@@ -695,9 +697,12 @@ docs:
   <<: *default_triggering_rules
   <<: *base_image
   <<: *docs_job
+  variables:
+    DOC_CHECK_MISC_CHANGE: 1
   needs: []
   artifacts:
     untracked: true
+    when: always
 
 docs:tarball:
   <<: *default_triggering_rules

diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py
index 0628be64a1e40cd9cfe5e10c5ebbc5fa1057a714..42fb502265b9613cdc37d510b6032cdc3c181917 100644 (file)
--- a/doc/arm/_ext/mergegrammar.py
+++ b/doc/arm/_ext/mergegrammar.py
@@ -13,17 +13,13 @@
 
 # Depends on CWD - Sphinx plugin
 
-import os
 import json
 from pathlib import Path
 
 import parsegrammar
 
-buildroot = os.getenv("BIND_BUILD_ROOT")
-if buildroot is None:
-    raise RuntimeError("Running outside meson?")
 
-misc_path = Path(buildroot) / "doc" / "misc"
+misc_path = Path(__file__).resolve().parent.parent.parent / "misc"
 options_path = misc_path / "options"
 
 
@@ -47,7 +43,7 @@ def read_zone():
 
 
 def read_main():
-    with Path(options_path).open(encoding="ascii") as fp:
+    with options_path.open(encoding="ascii") as fp:
         optgrammar = parsegrammar.parse_mapbody(fp)
     return optgrammar
 

diff --git a/doc/arm/_ext/rndcconf.py b/doc/arm/_ext/rndcconf.py
index bc7bd7846b873a9574492cae0658b76ea17ff3b3..b09dfcf4beba2bdd067e17a4cc425fdaea48e1dd 100644 (file)
--- a/doc/arm/_ext/rndcconf.py
+++ b/doc/arm/_ext/rndcconf.py
@@ -15,7 +15,6 @@
 Sphinx domain "rndcconf". See iscconf.py for details.
 """
 
-import os
 from pathlib import Path
 
 from docutils import nodes
@@ -23,8 +22,7 @@ from docutils import nodes
 import iscconf
 import parsegrammar
 
-buildroot = os.getenv("BIND_BUILD_ROOT")
-grammar_path = Path(buildroot) / "doc" / "misc" / "rndc.grammar"
+grammar_path = Path(__file__).resolve().parent.parent.parent / "misc" / "rndc.grammar"
 
 
 class ToBeReplacedStatementList(nodes.General, nodes.Element):

diff --git a/doc/arm/conf.py b/doc/arm/conf.py
index dedada00ca91f89eb75258839e05ffee30a57ba6..fc122c1bf73b974653026ef7ca07e736f8708fc0 100644 (file)
--- a/doc/arm/conf.py
+++ b/doc/arm/conf.py
@@ -11,8 +11,8 @@
 # information regarding copyright ownership.
 ############################################################################
 
-import os
 import sys
+import re
 
 from pathlib import Path
 from typing import List, Tuple
@@ -151,7 +151,15 @@ project = "BIND 9"
 copyright = "2023, Internet Systems Consortium"
 author = "Internet Systems Consortium"
 
-version = os.getenv("BIND_PROJECT_VERSION")
+meson_path = Path(__file__).resolve().parent.parent.parent / "meson.build"
+with meson_path.open(encoding="utf-8") as meson_build:
+    pattern = re.compile(r"    version: '(?P<version>.*)',")
+    for line in meson_build:
+        match = pattern.match(line)
+        if match:
+            version = match.group("version")
+            assert version.startswith("9.")
+            break
 
 release = version
 

diff --git a/doc/ext/configblock.py b/doc/ext/configblock.py
index cc34a77ce7d3c5fc4afb53bec86798803f7282e7..368df5ba18d16bf8e98e09416b5294cc4fa50dbd 100644 (file)
--- a/doc/ext/configblock.py
+++ b/doc/ext/configblock.py
@@ -9,7 +9,6 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-import os
 from pathlib import Path
 
 from docutils import nodes
@@ -19,18 +18,14 @@ from sphinx.util.docutils import SphinxDirective
 from sphinx.util.typing import ExtensionMetadata
 
 
-BIND_BUILD_ROOT = os.getenv("BIND_BUILD_ROOT")
-if BIND_BUILD_ROOT is None:
-    raise RuntimeError("running outside meson?")
-
-miscpath = Path(BIND_BUILD_ROOT) / "doc" / "misc"
+misc_path = Path(__file__).resolve().parent.parent.parent / "misc"
 
 
 class ConfigBlockDirective(SphinxDirective):
     required_arguments = 1
 
     def run(self) -> list[nodes.Node]:
-        target = miscpath / self.arguments[0]
+        target = misc_path / self.arguments[0]
 
         block = "{}" if not target.exists() else target.read_text()
 

diff --git a/doc/meson.build b/doc/meson.build
index 3c30d254a1c53dc6e1eb2b8d1937d02fee8a79cb..2faef3bf032492e858ca8bf37c17902069d25be0 100644 (file)
--- a/doc/meson.build
+++ b/doc/meson.build
@@ -11,6 +11,7 @@
 
 # Manpages can be build without sphinx
 subdir('man')
+subdir('misc')
 
 if not sphinx_build.found()
     subdir_done()
@@ -18,4 +19,3 @@ endif
 
 subdir('arm')
 subdir('dnssec-guide')
-subdir('misc')

diff --git a/doc/misc/forward.zoneopt b/doc/misc/forward.zoneopt
new file mode 100644 (file)
index 0000000..af060cf
--- /dev/null
+++ b/doc/misc/forward.zoneopt
@@ -0,0 +1,6 @@
+zone <string> [ <class> ] {
+       type forward;
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       template <string>;
+};

diff --git a/doc/misc/hint.zoneopt b/doc/misc/hint.zoneopt
new file mode 100644 (file)
index 0000000..260db7f
--- /dev/null
+++ b/doc/misc/hint.zoneopt
@@ -0,0 +1,6 @@
+zone <string> [ <class> ] {
+       type hint;
+       check-names ( fail | warn | ignore );
+       file <quoted_string>;
+       template <string>;
+};

diff --git a/doc/misc/in-view.zoneopt b/doc/misc/in-view.zoneopt
new file mode 100644 (file)
index 0000000..c63c427
--- /dev/null
+++ b/doc/misc/in-view.zoneopt
@@ -0,0 +1,3 @@
+zone <string> [ <class> ] {
+       in-view <string>;
+};

diff --git a/doc/misc/mirror.zoneopt b/doc/misc/mirror.zoneopt
new file mode 100644 (file)
index 0000000..aa19323
--- /dev/null
+++ b/doc/misc/mirror.zoneopt
@@ -0,0 +1,47 @@
+zone <string> [ <class> ] {
+       type mirror;
+       allow-notify { <address_match_element>; ... };
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+       allow-update-forwarding { <address_match_element>; ... };
+       also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       check-names ( fail | warn | ignore );
+       database <string>;
+       file <quoted_string>;
+       ixfr-from-differences <boolean>;
+       journal <quoted_string>;
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       max-ixfr-ratio ( unlimited | <percentage> );
+       max-journal-size ( default | unlimited | <sizeval> );
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-refresh-time <integer>;
+       max-retry-time <integer>;
+       max-transfer-idle-in <integer>;
+       max-transfer-idle-out <integer>;
+       max-transfer-time-in <integer>;
+       max-transfer-time-out <integer>;
+       max-types-per-name <integer>;
+       min-refresh-time <integer>;
+       min-retry-time <integer>;
+       min-transfer-rate-in <integer> <integer>;
+       multi-master <boolean>;
+       notify ( explicit | master-only | primary-only | <boolean> );
+       notify-defer <integer>;
+       notify-delay <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       provide-zoneversion <boolean>;
+       request-expire <boolean>;
+       request-ixfr <boolean>;
+       request-ixfr-max-diffs <integer>;
+       template <string>;
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       try-tcp-refresh <boolean>;
+       zero-no-soa-ttl <boolean>;
+       zone-statistics ( full | terse | none | <boolean> );
+};

diff --git a/doc/misc/options b/doc/misc/options
new file mode 100644 (file)
index 0000000..3215fc7
--- /dev/null
+++ b/doc/misc/options
@@ -0,0 +1,695 @@
+acl <string> { <address_match_element>; ... }; // may occur multiple times
+
+controls {
+       inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
+       unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
+}; // may occur multiple times
+
+dlz <string> {
+       database <string>;
+       search <boolean>;
+}; // may occur multiple times
+
+dnssec-policy <string> {
+       cdnskey <boolean>;
+       cds-digest-types { <string>; ... };
+       dnskey-ttl <duration>;
+       inline-signing <boolean>;
+       keys { ( csk | ksk | zsk ) [ key-directory | key-store <string> ] lifetime <duration_or_unlimited> algorithm <string> [ tag-range <integer> <integer> ] [ <integer> ]; ... };
+       max-zone-ttl <duration>;
+       nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
+       offline-ksk <boolean>;
+       parent-ds-ttl <duration>;
+       parent-propagation-delay <duration>;
+       publish-safety <duration>;
+       purge-keys <duration>;
+       retire-safety <duration>;
+       signatures-jitter <duration>;
+       signatures-refresh <duration>;
+       signatures-validity <duration>;
+       signatures-validity-dnskey <duration>;
+       zone-propagation-delay <duration>;
+}; // may occur multiple times
+
+dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
+
+http <string> {
+       endpoints { <quoted_string>; ... };
+       listener-clients <integer>;
+       streams-per-connection <integer>;
+}; // optional (only available if configured), may occur multiple times
+
+key <string> {
+       algorithm <string>;
+       secret <string>;
+}; // may occur multiple times
+
+key-store <string> {
+       directory <string>;
+       pkcs11-uri <quoted_string>;
+}; // may occur multiple times
+
+logging {
+       category <string> { <string>; ... }; // may occur multiple times
+       channel <string> {
+               buffered <boolean>;
+               file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
+               null;
+               print-category <boolean>;
+               print-severity <boolean>;
+               print-time ( iso8601 | iso8601-utc | iso8601-tzinfo | local | <boolean> );
+               severity <log_severity>;
+               stderr;
+               syslog [ <syslog_facility> ];
+       }; // may occur multiple times
+};
+
+options {
+       allow-new-zones <boolean>;
+       allow-notify { <address_match_element>; ... };
+       allow-proxy { <address_match_element>; ... }; // experimental
+       allow-proxy-on { <address_match_element>; ... }; // experimental
+       allow-query { <address_match_element>; ... };
+       allow-query-cache { <address_match_element>; ... };
+       allow-query-cache-on { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       allow-recursion { <address_match_element>; ... };
+       allow-recursion-on { <address_match_element>; ... };
+       allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+       allow-update { <address_match_element>; ... };
+       allow-update-forwarding { <address_match_element>; ... };
+       also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       answer-cookie <boolean>;
+       attach-cache <string>;
+       auth-nxdomain <boolean>;
+       automatic-interface-scan <boolean>;
+       bindkeys-file <quoted_string>; // test only
+       blackhole { <address_match_element>; ... };
+       catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
+       check-dup-records ( fail | warn | ignore );
+       check-integrity <boolean>;
+       check-mx ( fail | warn | ignore );
+       check-mx-cname ( fail | warn | ignore );
+       check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+       check-sibling <boolean>;
+       check-spf ( warn | ignore );
+       check-srv-cname ( fail | warn | ignore );
+       check-svcb <boolean>;
+       check-wildcard <boolean>;
+       clients-per-query <integer>;
+       cookie-algorithm ( siphash24 );
+       cookie-secret <string>; // may occur multiple times
+       deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
+       deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
+       directory <quoted_string>;
+       disable-algorithms <string> { <string>; ... }; // may occur multiple times
+       disable-ds-digests <string> { <string>; ... }; // may occur multiple times
+       disable-empty-zone <string>; // may occur multiple times
+       dns64 <netprefix> {
+               break-dnssec <boolean>;
+               clients { <address_match_element>; ... };
+               exclude { <address_match_element>; ... };
+               mapped { <address_match_element>; ... };
+               recursive-only <boolean>;
+               suffix <ipv6_address>;
+       }; // may occur multiple times
+       dns64-contact <string>;
+       dns64-server <string>;
+       dnskey-sig-validity <integer>; // obsolete
+       dnsrps-enable <boolean>; // obsolete
+       dnsrps-library <quoted_string>; // obsolete
+       dnsrps-options { <unspecified-text> }; // obsolete
+       dnssec-accept-expired <boolean>;
+       dnssec-dnskey-kskonly <boolean>; // obsolete
+       dnssec-loadkeys-interval <integer>;
+       dnssec-policy <string>;
+       dnssec-secure-to-insecure <boolean>; // obsolete
+       dnssec-update-mode ( maintain | no-resign ); // obsolete
+       dnssec-validation ( yes | no | auto );
+       dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // optional (only available if configured)
+       dnstap-identity ( <quoted_string> | none | hostname ); // optional (only available if configured)
+       dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // optional (only available if configured)
+       dnstap-version ( <quoted_string> | none ); // optional (only available if configured)
+       dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+       dump-file <quoted_string>;
+       edns-udp-size <integer>;
+       empty-contact <string>;
+       empty-server <string>;
+       empty-zones-enable <boolean>;
+       fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+       fetches-per-server <integer> [ ( drop | fail ) ];
+       fetches-per-zone <integer> [ ( drop | fail ) ];
+       flush-zones-on-shutdown <boolean>;
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       fstrm-set-buffer-hint <integer>; // optional (only available if configured)
+       fstrm-set-flush-timeout <integer>; // optional (only available if configured)
+       fstrm-set-input-queue-size <integer>; // optional (only available if configured)
+       fstrm-set-output-notify-threshold <integer>; // optional (only available if configured)
+       fstrm-set-output-queue-model ( mpsc | spsc ); // optional (only available if configured)
+       fstrm-set-output-queue-size <integer>; // optional (only available if configured)
+       fstrm-set-reopen-interval <duration>; // optional (only available if configured)
+       geoip-directory ( <quoted_string> | none );
+       hostname ( <quoted_string> | none );
+       http-listener-clients <integer>; // optional (only available if configured)
+       http-port <integer>; // optional (only available if configured)
+       http-streams-per-connection <integer>; // optional (only available if configured)
+       https-port <integer>; // optional (only available if configured)
+       interface-interval <duration>;
+       ipv4only-contact <string>;
+       ipv4only-enable <boolean>;
+       ipv4only-server <string>;
+       ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
+       keep-response-order { <address_match_element>; ... }; // obsolete
+       key-directory <quoted_string>;
+       lame-ttl <duration>;
+       listen-on [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+       listen-on-v6 [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
+       lmdb-mapsize <sizeval>; // optional (only available if configured)
+       managed-keys-directory <quoted_string>;
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       match-mapped-addresses <boolean>;
+       max-cache-size ( default | unlimited | <sizeval> | <percentage> );
+       max-cache-ttl <duration>;
+       max-clients-per-query <integer>;
+       max-ixfr-ratio ( unlimited | <percentage> );
+       max-journal-size ( default | unlimited | <sizeval> );
+       max-ncache-ttl <duration>;
+       max-query-count <integer>;
+       max-query-restarts <integer>;
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-recursion-depth <integer>;
+       max-recursion-queries <integer>;
+       max-refresh-time <integer>;
+       max-retry-time <integer>;
+       max-rsa-exponent-size <integer>;
+       max-stale-ttl <duration>;
+       max-transfer-idle-in <integer>;
+       max-transfer-idle-out <integer>;
+       max-transfer-time-in <integer>;
+       max-transfer-time-out <integer>;
+       max-types-per-name <integer>;
+       max-udp-size <integer>;
+       max-validation-failures-per-fetch <integer>; // experimental
+       max-validations-per-fetch <integer>; // experimental
+       max-zone-ttl ( unlimited | <duration> ); // deprecated
+       memstatistics <boolean>;
+       memstatistics-file <quoted_string>;
+       message-compression <boolean>;
+       min-cache-ttl <duration>;
+       min-ncache-ttl <duration>;
+       min-refresh-time <integer>;
+       min-retry-time <integer>;
+       min-transfer-rate-in <integer> <integer>;
+       minimal-any <boolean>;
+       minimal-responses ( no-auth | no-auth-recursive | <boolean> );
+       multi-master <boolean>;
+       new-zones-directory <quoted_string>;
+       no-case-compress { <address_match_element>; ... };
+       nocookie-udp-size <integer>;
+       notify ( explicit | master-only | primary-only | <boolean> );
+       notify-defer <integer>;
+       notify-delay <integer>;
+       notify-rate <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       notify-to-soa <boolean>;
+       nsec3-test-zone <boolean>; // test only
+       nta-lifetime <duration>;
+       nta-recheck <duration>;
+       nxdomain-redirect <string>;
+       parental-source ( <ipv4_address> | * );
+       parental-source-v6 ( <ipv6_address> | * );
+       pid-file ( <quoted_string> | none );
+       port <integer>;
+       preferred-glue <string>;
+       prefetch <integer> [ <integer> ];
+       provide-ixfr <boolean>;
+       provide-zoneversion <boolean>;
+       qname-minimization ( strict | relaxed | disabled | off );
+       query-source [ address ] ( <ipv4_address> | * | none );
+       query-source-v6 [ address ] ( <ipv6_address> | * | none );
+       querylog <boolean>;
+       rate-limit {
+               all-per-second <integer>;
+               errors-per-second <integer>;
+               exempt-clients { <address_match_element>; ... };
+               ipv4-prefix-length <integer>;
+               ipv6-prefix-length <integer>;
+               log-only <boolean>;
+               max-table-size <integer>;
+               min-table-size <integer>;
+               nodata-per-second <integer>;
+               nxdomains-per-second <integer>;
+               qps-scale <integer>;
+               referrals-per-second <integer>;
+               responses-per-second <integer>;
+               slip <integer>;
+               window <integer>;
+       };
+       recursing-file <quoted_string>;
+       recursion <boolean>;
+       recursive-clients <integer>;
+       request-expire <boolean>;
+       request-ixfr <boolean>;
+       request-ixfr-max-diffs <integer>;
+       request-nsid <boolean>;
+       request-zoneversion <boolean>;
+       require-server-cookie <boolean>;
+       resolver-query-timeout <integer>;
+       resolver-use-dns64 <boolean>;
+       response-padding { <address_match_element>; ... } block-size <integer>;
+       response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
+       responselog <boolean>;
+       reuseport <boolean>;
+       root-key-sentinel <boolean>;
+       rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+       secroots-file <quoted_string>;
+       send-cookie <boolean>;
+       send-report-channel <string>;
+       serial-query-rate <integer>;
+       serial-update-method ( date | increment | unixtime );
+       server-id ( <quoted_string> | none | hostname );
+       servfail-ttl <duration>;
+       session-keyalg <string>;
+       session-keyfile ( <quoted_string> | none );
+       session-keyname <string>;
+       sig-signing-nodes <integer>;
+       sig-signing-signatures <integer>;
+       sig-signing-type <integer>;
+       sig-validity-interval <integer> [ <integer> ]; // obsolete
+       sig0checks-quota <integer>; // experimental
+       sig0checks-quota-exempt { <address_match_element>; ... }; // experimental
+       sig0key-checks-limit <integer>;
+       sig0message-checks-limit <integer>;
+       stale-answer-client-timeout ( disabled | off | <integer> );
+       stale-answer-enable <boolean>;
+       stale-answer-ttl <duration>;
+       stale-cache-enable <boolean>;
+       stale-refresh-time <duration>;
+       startup-notify-rate <integer>;
+       statistics-file <quoted_string>;
+       synth-from-dnssec <boolean>;
+       tcp-advertised-timeout <integer>;
+       tcp-clients <integer>;
+       tcp-idle-timeout <integer>;
+       tcp-initial-timeout <integer>;
+       tcp-keepalive-timeout <integer>;
+       tcp-listen-queue <integer>;
+       tcp-primaries-timeout <integer>;
+       tcp-receive-buffer <integer>;
+       tcp-send-buffer <integer>;
+       tkey-domain <quoted_string>;
+       tkey-gssapi-credential <quoted_string>;
+       tkey-gssapi-keytab <quoted_string>;
+       tls-port <integer>;
+       transfer-format ( many-answers | one-answer );
+       transfer-message-size <integer>;
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       transfers-in <integer>;
+       transfers-out <integer>;
+       transfers-per-ns <integer>;
+       trust-anchor-telemetry <boolean>;
+       try-tcp-refresh <boolean>;
+       udp-receive-buffer <integer>;
+       udp-send-buffer <integer>;
+       update-check-ksk <boolean>; // obsolete
+       update-quota <integer>;
+       v6-bias <integer>;
+       validate-except { <string>; ... };
+       version ( <quoted_string> | none );
+       zero-no-soa-ttl <boolean>;
+       zero-no-soa-ttl-cache <boolean>;
+       zone-statistics ( full | terse | none | <boolean> );
+};
+
+plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
+
+remote-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
+
+server <netprefix> {
+       bogus <boolean>;
+       edns <boolean>;
+       edns-udp-size <integer>;
+       edns-version <integer>;
+       keys <server_key>;
+       max-udp-size <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       padding <integer>;
+       provide-ixfr <boolean>;
+       query-source [ address ] ( <ipv4_address> | * );
+       query-source-v6 [ address ] ( <ipv6_address> | * );
+       request-expire <boolean>;
+       request-ixfr <boolean>;
+       request-ixfr-max-diffs <integer>;
+       request-nsid <boolean>;
+       request-zoneversion <boolean>;
+       require-cookie <boolean>;
+       send-cookie <boolean>;
+       tcp-keepalive <boolean>;
+       tcp-only <boolean>;
+       transfer-format ( many-answers | one-answer );
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       transfers <integer>;
+}; // may occur multiple times
+
+statistics-channels {
+       inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
+}; // optional (only available if configured), may occur multiple times
+
+template <string> {
+       allow-notify { <address_match_element>; ... };
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+       allow-update { <address_match_element>; ... };
+       allow-update-forwarding { <address_match_element>; ... };
+       also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       check-dup-records ( fail | warn | ignore );
+       check-integrity <boolean>;
+       check-mx ( fail | warn | ignore );
+       check-mx-cname ( fail | warn | ignore );
+       check-names ( fail | warn | ignore );
+       check-sibling <boolean>;
+       check-spf ( warn | ignore );
+       check-srv-cname ( fail | warn | ignore );
+       check-svcb <boolean>;
+       check-wildcard <boolean>;
+       checkds ( explicit | <boolean> );
+       database <string>;
+       dlz <string>;
+       dnskey-sig-validity <integer>; // obsolete
+       dnssec-dnskey-kskonly <boolean>; // obsolete
+       dnssec-loadkeys-interval <integer>;
+       dnssec-policy <string>;
+       dnssec-secure-to-insecure <boolean>; // obsolete
+       dnssec-update-mode ( maintain | no-resign ); // obsolete
+       file <quoted_string>;
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       initial-file <quoted_string>;
+       inline-signing <boolean>;
+       ixfr-from-differences <boolean>;
+       journal <quoted_string>;
+       key-directory <quoted_string>;
+       log-report-channel <boolean>;
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       max-ixfr-ratio ( unlimited | <percentage> );
+       max-journal-size ( default | unlimited | <sizeval> );
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-refresh-time <integer>;
+       max-retry-time <integer>;
+       max-transfer-idle-in <integer>;
+       max-transfer-idle-out <integer>;
+       max-transfer-time-in <integer>;
+       max-transfer-time-out <integer>;
+       max-types-per-name <integer>;
+       max-zone-ttl ( unlimited | <duration> ); // deprecated
+       min-refresh-time <integer>;
+       min-retry-time <integer>;
+       min-transfer-rate-in <integer> <integer>;
+       multi-master <boolean>;
+       notify ( explicit | master-only | primary-only | <boolean> );
+       notify-defer <integer>;
+       notify-delay <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       notify-to-soa <boolean>;
+       nsec3-test-zone <boolean>; // test only
+       parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       parental-source ( <ipv4_address> | * );
+       parental-source-v6 ( <ipv6_address> | * );
+       primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       provide-zoneversion <boolean>;
+       request-expire <boolean>;
+       request-ixfr <boolean>;
+       request-ixfr-max-diffs <integer>;
+       send-report-channel <string>;
+       serial-update-method ( date | increment | unixtime );
+       server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
+       server-names { <string>; ... };
+       sig-signing-nodes <integer>;
+       sig-signing-signatures <integer>;
+       sig-signing-type <integer>;
+       sig-validity-interval <integer> [ <integer> ]; // obsolete
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       try-tcp-refresh <boolean>;
+       type ( primary | master | secondary | slave | mirror | forward | hint | redirect | static-stub | stub );
+       update-check-ksk <boolean>; // obsolete
+       update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
+       zero-no-soa-ttl <boolean>;
+       zone-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+
+tls <string> {
+       ca-file <quoted_string>;
+       cert-file <quoted_string>;
+       cipher-suites <string>;
+       ciphers <string>;
+       dhparam-file <quoted_string>;
+       key-file <quoted_string>;
+       prefer-server-ciphers <boolean>;
+       protocols { <string>; ... };
+       remote-hostname <quoted_string>;
+       session-tickets <boolean>;
+}; // may occur multiple times
+
+trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+
+view <string> [ <class> ] {
+       allow-new-zones <boolean>;
+       allow-notify { <address_match_element>; ... };
+       allow-proxy { <address_match_element>; ... }; // experimental
+       allow-proxy-on { <address_match_element>; ... }; // experimental
+       allow-query { <address_match_element>; ... };
+       allow-query-cache { <address_match_element>; ... };
+       allow-query-cache-on { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       allow-recursion { <address_match_element>; ... };
+       allow-recursion-on { <address_match_element>; ... };
+       allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+       allow-update { <address_match_element>; ... };
+       allow-update-forwarding { <address_match_element>; ... };
+       also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       attach-cache <string>;
+       auth-nxdomain <boolean>;
+       catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
+       check-dup-records ( fail | warn | ignore );
+       check-integrity <boolean>;
+       check-mx ( fail | warn | ignore );
+       check-mx-cname ( fail | warn | ignore );
+       check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
+       check-sibling <boolean>;
+       check-spf ( warn | ignore );
+       check-srv-cname ( fail | warn | ignore );
+       check-svcb <boolean>;
+       check-wildcard <boolean>;
+       clients-per-query <integer>;
+       deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
+       deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
+       disable-algorithms <string> { <string>; ... }; // may occur multiple times
+       disable-ds-digests <string> { <string>; ... }; // may occur multiple times
+       disable-empty-zone <string>; // may occur multiple times
+       dlz <string> {
+               database <string>;
+               search <boolean>;
+       }; // may occur multiple times
+       dns64 <netprefix> {
+               break-dnssec <boolean>;
+               clients { <address_match_element>; ... };
+               exclude { <address_match_element>; ... };
+               mapped { <address_match_element>; ... };
+               recursive-only <boolean>;
+               suffix <ipv6_address>;
+       }; // may occur multiple times
+       dns64-contact <string>;
+       dns64-server <string>;
+       dnskey-sig-validity <integer>; // obsolete
+       dnsrps-enable <boolean>; // obsolete
+       dnsrps-options { <unspecified-text> }; // obsolete
+       dnssec-accept-expired <boolean>;
+       dnssec-dnskey-kskonly <boolean>; // obsolete
+       dnssec-loadkeys-interval <integer>;
+       dnssec-policy <string>;
+       dnssec-secure-to-insecure <boolean>; // obsolete
+       dnssec-update-mode ( maintain | no-resign ); // obsolete
+       dnssec-validation ( yes | no | auto );
+       dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // optional (only available if configured)
+       dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+       dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
+       edns-udp-size <integer>;
+       empty-contact <string>;
+       empty-server <string>;
+       empty-zones-enable <boolean>;
+       fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
+       fetches-per-server <integer> [ ( drop | fail ) ];
+       fetches-per-zone <integer> [ ( drop | fail ) ];
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       ipv4only-contact <string>;
+       ipv4only-enable <boolean>;
+       ipv4only-server <string>;
+       ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
+       key <string> {
+               algorithm <string>;
+               secret <string>;
+       }; // may occur multiple times
+       key-directory <quoted_string>;
+       lame-ttl <duration>;
+       lmdb-mapsize <sizeval>; // optional (only available if configured)
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       match-clients { <address_match_element>; ... };
+       match-destinations { <address_match_element>; ... };
+       match-recursive-only <boolean>;
+       max-cache-size ( default | unlimited | <sizeval> | <percentage> );
+       max-cache-ttl <duration>;
+       max-clients-per-query <integer>;
+       max-ixfr-ratio ( unlimited | <percentage> );
+       max-journal-size ( default | unlimited | <sizeval> );
+       max-ncache-ttl <duration>;
+       max-query-count <integer>;
+       max-query-restarts <integer>;
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-recursion-depth <integer>;
+       max-recursion-queries <integer>;
+       max-refresh-time <integer>;
+       max-retry-time <integer>;
+       max-stale-ttl <duration>;
+       max-transfer-idle-in <integer>;
+       max-transfer-idle-out <integer>;
+       max-transfer-time-in <integer>;
+       max-transfer-time-out <integer>;
+       max-types-per-name <integer>;
+       max-udp-size <integer>;
+       max-validation-failures-per-fetch <integer>; // experimental
+       max-validations-per-fetch <integer>; // experimental
+       max-zone-ttl ( unlimited | <duration> ); // deprecated
+       message-compression <boolean>;
+       min-cache-ttl <duration>;
+       min-ncache-ttl <duration>;
+       min-refresh-time <integer>;
+       min-retry-time <integer>;
+       min-transfer-rate-in <integer> <integer>;
+       minimal-any <boolean>;
+       minimal-responses ( no-auth | no-auth-recursive | <boolean> );
+       multi-master <boolean>;
+       new-zones-directory <quoted_string>;
+       no-case-compress { <address_match_element>; ... };
+       nocookie-udp-size <integer>;
+       notify ( explicit | master-only | primary-only | <boolean> );
+       notify-defer <integer>;
+       notify-delay <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       notify-to-soa <boolean>;
+       nsec3-test-zone <boolean>; // test only
+       nta-lifetime <duration>;
+       nta-recheck <duration>;
+       nxdomain-redirect <string>;
+       parental-source ( <ipv4_address> | * );
+       parental-source-v6 ( <ipv6_address> | * );
+       plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
+       preferred-glue <string>;
+       prefetch <integer> [ <integer> ];
+       provide-ixfr <boolean>;
+       provide-zoneversion <boolean>;
+       qname-minimization ( strict | relaxed | disabled | off );
+       query-source [ address ] ( <ipv4_address> | * | none );
+       query-source-v6 [ address ] ( <ipv6_address> | * | none );
+       rate-limit {
+               all-per-second <integer>;
+               errors-per-second <integer>;
+               exempt-clients { <address_match_element>; ... };
+               ipv4-prefix-length <integer>;
+               ipv6-prefix-length <integer>;
+               log-only <boolean>;
+               max-table-size <integer>;
+               min-table-size <integer>;
+               nodata-per-second <integer>;
+               nxdomains-per-second <integer>;
+               qps-scale <integer>;
+               referrals-per-second <integer>;
+               responses-per-second <integer>;
+               slip <integer>;
+               window <integer>;
+       };
+       recursion <boolean>;
+       request-expire <boolean>;
+       request-ixfr <boolean>;
+       request-ixfr-max-diffs <integer>;
+       request-nsid <boolean>;
+       request-zoneversion <boolean>;
+       require-server-cookie <boolean>;
+       resolver-query-timeout <integer>;
+       resolver-use-dns64 <boolean>;
+       response-padding { <address_match_element>; ... } block-size <integer>;
+       response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
+       root-key-sentinel <boolean>;
+       rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
+       send-cookie <boolean>;
+       send-report-channel <string>;
+       serial-update-method ( date | increment | unixtime );
+       server <netprefix> {
+               bogus <boolean>;
+               edns <boolean>;
+               edns-udp-size <integer>;
+               edns-version <integer>;
+               keys <server_key>;
+               max-udp-size <integer>;
+               notify-source ( <ipv4_address> | * );
+               notify-source-v6 ( <ipv6_address> | * );
+               padding <integer>;
+               provide-ixfr <boolean>;
+               query-source [ address ] ( <ipv4_address> | * );
+               query-source-v6 [ address ] ( <ipv6_address> | * );
+               request-expire <boolean>;
+               request-ixfr <boolean>;
+               request-ixfr-max-diffs <integer>;
+               request-nsid <boolean>;
+               request-zoneversion <boolean>;
+               require-cookie <boolean>;
+               send-cookie <boolean>;
+               tcp-keepalive <boolean>;
+               tcp-only <boolean>;
+               transfer-format ( many-answers | one-answer );
+               transfer-source ( <ipv4_address> | * );
+               transfer-source-v6 ( <ipv6_address> | * );
+               transfers <integer>;
+       }; // may occur multiple times
+       servfail-ttl <duration>;
+       sig-signing-nodes <integer>;
+       sig-signing-signatures <integer>;
+       sig-signing-type <integer>;
+       sig-validity-interval <integer> [ <integer> ]; // obsolete
+       sig0key-checks-limit <integer>;
+       sig0message-checks-limit <integer>;
+       stale-answer-client-timeout ( disabled | off | <integer> );
+       stale-answer-enable <boolean>;
+       stale-answer-ttl <duration>;
+       stale-cache-enable <boolean>;
+       stale-refresh-time <duration>;
+       synth-from-dnssec <boolean>;
+       transfer-format ( many-answers | one-answer );
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       trust-anchor-telemetry <boolean>;
+       trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
+       try-tcp-refresh <boolean>;
+       update-check-ksk <boolean>; // obsolete
+       v6-bias <integer>;
+       validate-except { <string>; ... };
+       zero-no-soa-ttl <boolean>;
+       zero-no-soa-ttl-cache <boolean>;
+       zone-statistics ( full | terse | none | <boolean> );
+}; // may occur multiple times
+

diff --git a/doc/misc/primary.zoneopt b/doc/misc/primary.zoneopt
new file mode 100644 (file)
index 0000000..dd1b947
--- /dev/null
+++ b/doc/misc/primary.zoneopt
@@ -0,0 +1,68 @@
+zone <string> [ <class> ] {
+       type primary;
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+       allow-update { <address_match_element>; ... };
+       also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       check-dup-records ( fail | warn | ignore );
+       check-integrity <boolean>;
+       check-mx ( fail | warn | ignore );
+       check-mx-cname ( fail | warn | ignore );
+       check-names ( fail | warn | ignore );
+       check-sibling <boolean>;
+       check-spf ( warn | ignore );
+       check-srv-cname ( fail | warn | ignore );
+       check-svcb <boolean>;
+       check-wildcard <boolean>;
+       checkds ( explicit | <boolean> );
+       database <string>;
+       dlz <string>;
+       dnskey-sig-validity <integer>; // obsolete
+       dnssec-dnskey-kskonly <boolean>; // obsolete
+       dnssec-loadkeys-interval <integer>;
+       dnssec-policy <string>;
+       dnssec-secure-to-insecure <boolean>; // obsolete
+       dnssec-update-mode ( maintain | no-resign ); // obsolete
+       file <quoted_string>;
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       initial-file <quoted_string>;
+       inline-signing <boolean>;
+       ixfr-from-differences <boolean>;
+       journal <quoted_string>;
+       key-directory <quoted_string>;
+       log-report-channel <boolean>;
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       max-ixfr-ratio ( unlimited | <percentage> );
+       max-journal-size ( default | unlimited | <sizeval> );
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-transfer-idle-out <integer>;
+       max-transfer-time-out <integer>;
+       max-types-per-name <integer>;
+       max-zone-ttl ( unlimited | <duration> ); // deprecated
+       notify ( explicit | master-only | primary-only | <boolean> );
+       notify-defer <integer>;
+       notify-delay <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       notify-to-soa <boolean>;
+       nsec3-test-zone <boolean>; // test only
+       parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       parental-source ( <ipv4_address> | * );
+       parental-source-v6 ( <ipv6_address> | * );
+       provide-zoneversion <boolean>;
+       send-report-channel <string>;
+       serial-update-method ( date | increment | unixtime );
+       sig-signing-nodes <integer>;
+       sig-signing-signatures <integer>;
+       sig-signing-type <integer>;
+       sig-validity-interval <integer> [ <integer> ]; // obsolete
+       template <string>;
+       update-check-ksk <boolean>; // obsolete
+       update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } );
+       zero-no-soa-ttl <boolean>;
+       zone-statistics ( full | terse | none | <boolean> );
+};

diff --git a/doc/misc/redirect.zoneopt b/doc/misc/redirect.zoneopt
new file mode 100644 (file)
index 0000000..e338b6e
--- /dev/null
+++ b/doc/misc/redirect.zoneopt
@@ -0,0 +1,16 @@
+zone <string> [ <class> ] {
+       type redirect;
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       dlz <string>;
+       file <quoted_string>;
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-types-per-name <integer>;
+       max-zone-ttl ( unlimited | <duration> ); // deprecated
+       primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       template <string>;
+       zone-statistics ( full | terse | none | <boolean> );
+};

diff --git a/doc/misc/rndc.grammar b/doc/misc/rndc.grammar
new file mode 100644 (file)
index 0000000..9d5604f
--- /dev/null
+++ b/doc/misc/rndc.grammar
@@ -0,0 +1,21 @@
+key <string> {
+       algorithm <string>;
+       secret <string>;
+}; // may occur multiple times
+
+options {
+       default-key <string>;
+       default-port <integer>;
+       default-server <string>;
+       default-source-address ( <ipv4_address> | * );
+       default-source-address-v6 ( <ipv6_address> | * );
+};
+
+server <string> {
+       addresses { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
+       key <string>;
+       port <integer>;
+       source-address ( <ipv4_address> | * );
+       source-address-v6 ( <ipv6_address> | * );
+}; // may occur multiple times
+

diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt
new file mode 100644 (file)
index 0000000..7529112
--- /dev/null
+++ b/doc/misc/secondary.zoneopt
@@ -0,0 +1,70 @@
+zone <string> [ <class> ] {
+       type secondary;
+       allow-notify { <address_match_element>; ... };
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
+       allow-update-forwarding { <address_match_element>; ... };
+       also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       check-names ( fail | warn | ignore );
+       checkds ( explicit | <boolean> );
+       database <string>;
+       dlz <string>;
+       dnskey-sig-validity <integer>; // obsolete
+       dnssec-dnskey-kskonly <boolean>; // obsolete
+       dnssec-loadkeys-interval <integer>;
+       dnssec-policy <string>;
+       dnssec-update-mode ( maintain | no-resign ); // obsolete
+       file <quoted_string>;
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       inline-signing <boolean>;
+       ixfr-from-differences <boolean>;
+       journal <quoted_string>;
+       key-directory <quoted_string>;
+       log-report-channel <boolean>;
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       max-ixfr-ratio ( unlimited | <percentage> );
+       max-journal-size ( default | unlimited | <sizeval> );
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-refresh-time <integer>;
+       max-retry-time <integer>;
+       max-transfer-idle-in <integer>;
+       max-transfer-idle-out <integer>;
+       max-transfer-time-in <integer>;
+       max-transfer-time-out <integer>;
+       max-types-per-name <integer>;
+       min-refresh-time <integer>;
+       min-retry-time <integer>;
+       min-transfer-rate-in <integer> <integer>;
+       multi-master <boolean>;
+       notify ( explicit | master-only | primary-only | <boolean> );
+       notify-defer <integer>;
+       notify-delay <integer>;
+       notify-source ( <ipv4_address> | * );
+       notify-source-v6 ( <ipv6_address> | * );
+       notify-to-soa <boolean>;
+       nsec3-test-zone <boolean>; // test only
+       parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       parental-source ( <ipv4_address> | * );
+       parental-source-v6 ( <ipv6_address> | * );
+       primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       provide-zoneversion <boolean>;
+       request-expire <boolean>;
+       request-ixfr <boolean>;
+       request-ixfr-max-diffs <integer>;
+       send-report-channel <string>;
+       sig-signing-nodes <integer>;
+       sig-signing-signatures <integer>;
+       sig-signing-type <integer>;
+       sig-validity-interval <integer> [ <integer> ]; // obsolete
+       template <string>;
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       try-tcp-refresh <boolean>;
+       update-check-ksk <boolean>; // obsolete
+       zero-no-soa-ttl <boolean>;
+       zone-statistics ( full | terse | none | <boolean> );
+};

diff --git a/doc/misc/static-stub.zoneopt b/doc/misc/static-stub.zoneopt
new file mode 100644 (file)
index 0000000..1492892
--- /dev/null
+++ b/doc/misc/static-stub.zoneopt
@@ -0,0 +1,14 @@
+zone <string> [ <class> ] {
+       type static-stub;
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-types-per-name <integer>;
+       server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
+       server-names { <string>; ... };
+       template <string>;
+       zone-statistics ( full | terse | none | <boolean> );
+};

diff --git a/doc/misc/stub.zoneopt b/doc/misc/stub.zoneopt
new file mode 100644 (file)
index 0000000..4d25095
--- /dev/null
+++ b/doc/misc/stub.zoneopt
@@ -0,0 +1,28 @@
+zone <string> [ <class> ] {
+       type stub;
+       allow-query { <address_match_element>; ... };
+       allow-query-on { <address_match_element>; ... };
+       check-names ( fail | warn | ignore );
+       database <string>;
+       file <quoted_string>;
+       forward ( first | only );
+       forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
+       masterfile-format ( raw | text );
+       masterfile-style ( full | relative );
+       max-records <integer>;
+       max-records-per-type <integer>;
+       max-refresh-time <integer>;
+       max-retry-time <integer>;
+       max-transfer-idle-in <integer>;
+       max-transfer-time-in <integer>;
+       max-types-per-name <integer>;
+       min-refresh-time <integer>;
+       min-retry-time <integer>;
+       min-transfer-rate-in <integer> <integer>;
+       multi-master <boolean>;
+       primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
+       template <string>;
+       transfer-source ( <ipv4_address> | * );
+       transfer-source-v6 ( <ipv6_address> | * );
+       zone-statistics ( full | terse | none | <boolean> );
+};

diff --git a/meson.build b/meson.build
index 154820dfdbf00d5f78c93282664fe9c7c95d2b21..8d6b9c77a9187584fc79f5b14d0ae1653585446b 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -1619,6 +1619,8 @@ alias_target('system-test-dependencies', system_test_targets)
 
 ### Documentation
 
+alias_target('doc-misc', doc_misc_targets)
+
 if doc_opt.allowed()
     man_srcconf = man_srcset.apply(config, strict: false)
     foreach man : man_srcconf.sources()