From: Matthijs Mekking Date: Tue, 28 Oct 2025 10:37:47 +0000 (+0100) Subject: Document 'notify-cds' configuration option X-Git-Tag: v9.21.17~21^2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dda2e99c36a8b52f9d82aae806a1a82df3ec7753;p=thirdparty%2Fbind9.git Document 'notify-cds' configuration option Add text about the 'notify-cds' option in the ARM reference. --- diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index bc680650c6a..e2381957485 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2097,9 +2097,9 @@ Boolean Options .. namedconf:statement:: notify :tags: transfer - :short: Controls whether ``NOTIFY`` messages are sent on zone changes. + :short: Controls whether ``NOTIFY(SOA)`` messages are sent on zone changes. - If set to ``yes`` (the default), DNS NOTIFY messages are sent when a + If set to ``yes`` (the default), DNS NOTIFY(SOA) messages are sent when a zone the server is authoritative for changes; see :ref:`using notify`. The messages are sent to the servers listed in the zone's NS records (except the primary server identified in the SOA MNAME field), and to @@ -2115,6 +2115,22 @@ Boolean Options statement. It would only be necessary to turn off this option if it caused secondary zones to crash. +.. namedconf:statement:: notify-cds + :tags: dnssec + :short: Controls whether ``NOTIFY(CDS)`` messages are sent on zone changes. + + If set to ``yes``, DNS NOTIFY(CDS) messages are sent when the CDS or CDNSKEY + RRset changes. The messages are sent to the servers listed in the parent + zone's matching DSYNC records. A DSYNC record matches if the owner name under + `_dsync` subdomain of the parent zone corresponds to the given zone. For + example, the zone `child.example` should have a DSYNC record at + `child._dsync.example`. In addition, the RRtype field of the record must be + `CDS` and the Scheme field must be 1 (NOTIFY). + + The default is ``no``. The :namedconf:ref:`notify-cds` option may also be + specified in the :any:`zone` statement, in which case it overrides the + ``options notify-cds`` statement. + .. namedconf:statement:: notify-to-soa :tags: transfer :short: Controls whether the name servers in the NS RRset are checked against the SOA MNAME.