.RS 4
If either of the key\*(Aqs unpublication or deletion dates are set and in the past, the key is NOT published or used to sign the zone, regardless of any other metadata\&.
.RE
+.PP
+.RS 4
+If key\*(Aqs sync publication date is set and in the past, synchronization records (type CDS and/or CDNSKEY) are created\&.
+.RE
+.PP
+.RS 4
+If key\*(Aqs sync deletion date is set and in the past, synchronization records (type CDS and/or CDNSKEY) are removed\&.
+.RE
.RE
.PP
\-T \fIttl\fR
zone, regardless of any other metadata.
</p>
</dd>
+<dt></dt>
+<dd>
+ <p>
+ If key's sync publication date is set and in the past,
+ synchronization records (type CDS and/or CDNSKEY) are
+ created.
+ </p>
+ </dd>
+<dt></dt>
+<dd>
+ <p>
+ If key's sync deletion date is set and in the past,
+ synchronization records (type CDS and/or CDNSKEY) are
+ removed.
+ </p>
+ </dd>
</dl></div>
</dd>
<dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
<span class="command"><strong>print-time</strong></span> can be set to
<strong class="userinput"><code>yes</code></strong>, <strong class="userinput"><code>no</code></strong>,
or a time format specifier, which may be one of
- <code class="option">local</code>, <code class="option">iso8601</code> or
- <code class="option">iso8601-utc</code>. If set to
+ <strong class="userinput"><code>local</code></strong>, <strong class="userinput"><code>iso8601</code></strong> or
+ <strong class="userinput"><code>iso8601-utc</code></strong>. If set to
<strong class="userinput"><code>no</code></strong>, then the date and time will
not be logged. If set to <strong class="userinput"><code>yes</code></strong>
- or <code class="option">local</code>, the date and time are logged
+ or <strong class="userinput"><code>local</code></strong>, the date and time are logged
in a human readable format, using the local time zone.
- If set to <code class="option">iso8601</code> the local time is
+ If set to <strong class="userinput"><code>iso8601</code></strong> the local time is
logged in ISO8601 format. If set to
- <code class="option">iso8601-utc</code>, then the date and time
+ <strong class="userinput"><code>iso8601-utc</code></strong>, then the date and time
are logged in ISO8601 format, with time zone set to
- UTC. The default is <code class="option">local</code>.
+ UTC. The default is <strong class="userinput"><code>local</code></strong>.
</p>
<p>
<span class="command"><strong>print-time</strong></span> may
<p>
Specifies the directory in which to store the configuration
parameters for zones added via <span class="command"><strong>rndc addzone</strong></span>.
- By default, this is the working directory.
+ By default, this is the working directory. If set to a relative
+ path, it will be relative to the working directory.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>named-xfer</strong></span></span></dt>
<dd>
<p>
Specifies the TTL to be returned on stale answers.
- The default is 1 second. The minimal allowed is
+ The default is 1 second. The minimum allowed is
also 1 second; a value of 0 will be updated silently
- to 1 second. For stale answers to be returned
+ to 1 second. For stale answers to be returned,
+ they must be enabled (either in the configuration file
+ using <span class="command"><strong>stale-answer-enable</strong></span> or via
+ <span class="command"><strong>rndc</strong></span>), and
<code class="option">max-stale-ttl</code> must be set to a
- non zero value and they must not have been disabled
- by <span class="command"><strong>rndc</strong></span>.
+ nonzero value.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>serial-update-method</strong></span></span></dt>
<span class="command"><strong>nocookie-udp-size</strong></span> option.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>serve-stale-enable</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>stale-answer-enable</strong></span></span></dt>
<dd>
<p>
Enable the returning of stale answers when the
nameservers for the zone are not answering. This
- is off by default but can be enabled/disabled via
- <span class="command"><strong>rndc server-stale on</strong></span> and
- <span class="command"><strong>rndc server-stale off</strong></span> which
- override the named.conf setting. <span class="command"><strong>rndc
- server-stale reset</strong></span> will restore control
- via named.conf.
+ is off by default, but can be enabled/disabled via
+ <span class="command"><strong>rndc serve-stale on</strong></span> and
+ <span class="command"><strong>rndc serve-stale off</strong></span>, which
+ override the <code class="filename">named.conf</code>
+ setting. <span class="command"><strong>rndc serve-stale reset</strong></span>
+ restores the setting to the one specified in
+ <code class="filename">named.conf</code>. Note that
+ reloading or reconfiguring <span class="command"><strong>named</strong></span>
+ will not re-enable serving of stale records if they
+ have been disabled via <span class="command"><strong>rndc</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>nocookie-udp-size</strong></span></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Windows XP No Longer Supported</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
anything other than the changes you made to our software.
</p>
<p>
- This requirement will not affect anyone who is using BIND
- without redistributing it, nor anyone redistributing it without
- changes, therefore this change will be without consequence
- for most individuals and organizations who are using BIND.
+ This requirement will not affect anyone who is using BIND, with
+ or without modifications, without redistributing it, nor anyone
+ redistributing it without changes. Therefore, this change will be
+ without consequence for most individuals and organizations who are
+ using BIND.
</p>
<p>
Those unsure whether or not the license change affects their
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="win_support"></a>Windows XP No Longer Supported</h3></div></div></div>
+<a name="win_support"></a>Legacy Windows No Longer Supported</h3></div></div></div>
<p>
- As of BIND 9.11.2, Windows XP is no longer a supported platform for
- BIND, and Windows XP binaries are no longer available for download
+ As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
+ platforms for BIND; "XP" binaries are no longer available for download
from ISC.
</p>
</div>
zone's validated CDS or CDNSKEY records. It can produce a
<code class="filename">dsset</code> file suitable for input to
<span class="command"><strong>dnssec-signzone</strong></span>, or a series of
- <span class="command"><strong>nsupdate</strong></span> to update the parent zone via dynamic
- DNS. Thanks to Tony Finch for the contribution. [RT #46090]
+ <span class="command"><strong>nsupdate</strong></span> commands to update the parent zone
+ via dynamic DNS. Thanks to Tony Finch for the contribution.
+ [RT #46090]
</p>
</li>
<li class="listitem">
<p>
- <span class="command"><strong>nsupdate</strong></span> and <span class="command"><strong>rndc</strong></span> now accepts
+ <span class="command"><strong>nsupdate</strong></span> and <span class="command"><strong>rndc</strong></span> now accept
command line options <span class="command"><strong>-4</strong></span> and <span class="command"><strong>-6</strong></span>
which force using only IPv4 or only IPv6, respectively. [RT #45632]
</p>
these algorithms must be supported in OpenSSL;
currently they are only available in the development branch
of OpenSSL at
- <a class="link" href="https://github.com/openssl/openssl" target="_top">https://github.com/openssl/openssl</a>.
+ <a class="link" href="https://github.com/openssl/openssl" target="_top">
+ https://github.com/openssl/openssl</a>.
[RT #44696]
</p>
</li>
<li class="listitem">
<p>
- EDNS KEY TAG options are verified and printed.
+ When parsing DNS messages, EDNS KEY TAG options are checked
+ for correctness. When printing messages (for example, in
+ <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed
+ in readable format.
</p>
</li>
</ul></div>
are now fully rolled back in the event of failure. [RT #45841]
</p>
</li>
-<li class="listitem">
- <p>
- Fixed a bug that was introduced in an earlier development
- release which caused multi-packet AXFR and IXFR messages to fail
- validation if not all packets contained TSIG records; this
- caused interoperability problems with some other DNS
- implementations. [RT #45509]
- </p>
- </li>
<li class="listitem">
<p>
Multiple <span class="command"><strong>cookie-secret</strong></span> clauses are now
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Windows XP No Longer Supported</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
zone, regardless of any other metadata.
</p>
</dd>
+<dt></dt>
+<dd>
+ <p>
+ If key's sync publication date is set and in the past,
+ synchronization records (type CDS and/or CDNSKEY) are
+ created.
+ </p>
+ </dd>
+<dt></dt>
+<dd>
+ <p>
+ If key's sync deletion date is set and in the past,
+ synchronization records (type CDS and/or CDNSKEY) are
+ removed.
+ </p>
+ </dd>
</dl></div>
</dd>
<dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
anything other than the changes you made to our software.
</p>
<p>
- This requirement will not affect anyone who is using BIND
- without redistributing it, nor anyone redistributing it without
- changes, therefore this change will be without consequence
- for most individuals and organizations who are using BIND.
+ This requirement will not affect anyone who is using BIND, with
+ or without modifications, without redistributing it, nor anyone
+ redistributing it without changes. Therefore, this change will be
+ without consequence for most individuals and organizations who are
+ using BIND.
</p>
<p>
Those unsure whether or not the license change affects their
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="win_support"></a>Windows XP No Longer Supported</h3></div></div></div>
+<a name="win_support"></a>Legacy Windows No Longer Supported</h3></div></div></div>
<p>
- As of BIND 9.11.2, Windows XP is no longer a supported platform for
- BIND, and Windows XP binaries are no longer available for download
+ As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
+ platforms for BIND; "XP" binaries are no longer available for download
from ISC.
</p>
</div>
zone's validated CDS or CDNSKEY records. It can produce a
<code class="filename">dsset</code> file suitable for input to
<span class="command"><strong>dnssec-signzone</strong></span>, or a series of
- <span class="command"><strong>nsupdate</strong></span> to update the parent zone via dynamic
- DNS. Thanks to Tony Finch for the contribution. [RT #46090]
+ <span class="command"><strong>nsupdate</strong></span> commands to update the parent zone
+ via dynamic DNS. Thanks to Tony Finch for the contribution.
+ [RT #46090]
</p>
</li>
<li class="listitem">
<p>
- <span class="command"><strong>nsupdate</strong></span> and <span class="command"><strong>rndc</strong></span> now accepts
+ <span class="command"><strong>nsupdate</strong></span> and <span class="command"><strong>rndc</strong></span> now accept
command line options <span class="command"><strong>-4</strong></span> and <span class="command"><strong>-6</strong></span>
which force using only IPv4 or only IPv6, respectively. [RT #45632]
</p>
these algorithms must be supported in OpenSSL;
currently they are only available in the development branch
of OpenSSL at
- <a class="link" href="https://github.com/openssl/openssl" target="_top">https://github.com/openssl/openssl</a>.
+ <a class="link" href="https://github.com/openssl/openssl" target="_top">
+ https://github.com/openssl/openssl</a>.
[RT #44696]
</p>
</li>
<li class="listitem">
<p>
- EDNS KEY TAG options are verified and printed.
+ When parsing DNS messages, EDNS KEY TAG options are checked
+ for correctness. When printing messages (for example, in
+ <span class="command"><strong>dig</strong></span>), EDNS KEY TAG options are printed
+ in readable format.
</p>
</li>
</ul></div>
are now fully rolled back in the event of failure. [RT #45841]
</p>
</li>
-<li class="listitem">
- <p>
- Fixed a bug that was introduced in an earlier development
- release which caused multi-packet AXFR and IXFR messages to fail
- validation if not all packets contained TSIG records; this
- caused interoperability problems with some other DNS
- implementations. [RT #45509]
- </p>
- </li>
<li class="listitem">
<p>
Multiple <span class="command"><strong>cookie-secret</strong></span> clauses are now
projects / thirdparty / bind9.git / commitdiff
