+ --- 9.13.6 released ---
+
5156. [doc] Extended and refined the section of the ARM describing
mirror zones. [GL #774]
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
+ * "named -V" now outputs the default paths for files used by named and
+ other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
+* "named -V" now outputs the default paths for files used by named
+ and other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.sp
The
\fIalgorithm\fR
-must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), or SHA\-384 (SHA384)\&. These values are case insensitive\&. If no algorithm is specified, the default is SHA\-256\&.
+must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is SHA\-256\&.
.RE
.PP
\-c \fIclass\fR
.RE
.SH "COPYRIGHT"
.br
-Copyright \(co 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2017-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
record. This option has no effect when using CDS records.
</p>
<p>
- The <em class="replaceable"><code>algorithm</code></em> must be one of SHA-1
- (SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
- values are case insensitive. If no algorithm is specified,
+ The <em class="replaceable"><code>algorithm</code></em> must be one of
+ SHA-1, SHA-256, or SHA-384. These values are case insensitive,
+ and the hyphen may be omitted. If no algorithm is specified,
the default is SHA-256.
</p>
</dd>
-.\" Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
dnssec-dsfromkey \- DNSSEC DS RR generation tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
+\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] {keyfile}
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
+\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-A\fR] {\fB\-f\ \fR\fB\fIfile\fR\fR} [dnsname]
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR [\fB\-h\fR] [\fB\-V\fR]
+\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] {\-s} {dnsname}
+.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
+\fBdnssec\-dsfromkey\fR [\fB\-h\fR | \fB\-V\fR]
.SH "DESCRIPTION"
.PP
+The
\fBdnssec\-dsfromkey\fR
-outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s)\&.
+command outputs DS (Delegation Signer) resource records (RRs) and other similarly\-constructed RRs: with the
+\fB\-l\fR
+option it outputs DLV (DNSSEC Lookaside Validation) RRs; or with the
+\fB\-C\fR
+it outputs CDS (Child DS) RRs\&.
+.PP
+The input keys can be specified in a number of ways:
+.PP
+By default,
+\fBdnssec\-dsfromkey\fR
+reads a key file named like
+Knnnn\&.+aaa+iiiii\&.key, as generated by
+\fBdnssec\-keygen\fR\&.
+.PP
+With the
+\fB\-f \fR\fB\fIfile\fR\fR
+option,
+\fBdnssec\-dsfromkey\fR
+reads keys from a zone file or partial zone file (which can contain just the DNSKEY records)\&.
+.PP
+With the
+\fB\-s\fR
+option,
+\fBdnssec\-dsfromkey\fR
+reads a
+keyset\-
+file, as generated by
+\fBdnssec\-keygen\fR\fB\-C\fR\&.
.SH "OPTIONS"
.PP
\-1
.RS 4
-Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256)\&.
+An abbreviation for
+\fB\-a SHA1\fR
.RE
.PP
\-2
.RS 4
-Use SHA\-256 as the digest algorithm\&.
+An abbreviation for
+\fB\-a SHA\-256\fR
.RE
.PP
\-a \fIalgorithm\fR
.RS 4
-Select the digest algorithm\&. The value of
-\fBalgorithm\fR
-must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or SHA\-384 (SHA384)\&. These values are case insensitive\&.
+Specify a digest algorithm to use when converting DNSKEY records to DS records\&. This option can be repeated, so that multiple DS records are created for each DNSKEY record\&.
+.sp
+The
+\fIalgorithm\fR
+must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is SHA\-256\&.
.RE
.PP
-\-C
+\-A
.RS 4
-Generate CDS records rather than DS records\&. This is mutually exclusive with generating lookaside records\&.
+Include ZSKs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in
+\fB\-f\fR
+zone file mode\&.
.RE
.PP
-\-T \fITTL\fR
+\-c \fIclass\fR
.RS 4
-Specifies the TTL of the DS records\&.
+Specifies the DNS class (default is IN)\&. Useful only in
+\fB\-s\fR
+keyset or
+\fB\-f\fR
+zone file mode\&.
.RE
.PP
-\-K \fIdirectory\fR
+\-C
.RS 4
-Look for key files (or, in keyset mode,
-keyset\-
-files) in
-\fBdirectory\fR\&.
+Generate CDS records rather than DS records\&. This is mutually exclusive with the
+\fB\-l\fR
+option for generating DLV records\&.
.RE
.PP
\-f \fIfile\fR
.RS 4
-Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
+Zone file mode:
+\fBdnssec\-dsfromkey\fR\*(Aqs final
+\fIdnsname\fR
+argument is the DNS domain name of a zone whose master file can be read from
\fBfile\fR\&. If the zone name is the same as
\fBfile\fR, then it may be omitted\&.
.sp
If
-\fBfile\fR
-is set to
+\fIfile\fR
+is
"\-", then the zone data is read from the standard input\&. This makes it possible to use the output of the
\fBdig\fR
command as input, as in:
\fBdig dnskey example\&.com | dnssec\-dsfromkey \-f \- example\&.com\fR
.RE
.PP
-\-A
+\-h
.RS 4
-Include ZSKs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in zone file mode\&.
+Prints usage information\&.
+.RE
+.PP
+\-K \fIdirectory\fR
+.RS 4
+Look for key files or
+keyset\-
+files in
+\fBdirectory\fR\&.
.RE
.PP
\-l \fIdomain\fR
.RS 4
Generate a DLV set instead of a DS set\&. The specified
-\fBdomain\fR
-is appended to the name for each record in the set\&. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431\&. This is mutually exclusive with generating CDS records\&.
+\fIdomain\fR
+is appended to the name for each record in the set\&. This is mutually exclusive with the
+\fB\-C\fR
+option for generating CDS records\&.
.RE
.PP
\-s
.RS 4
-Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file\&.
+Keyset mode:
+\fBdnssec\-dsfromkey\fR\*(Aqs final
+\fIdnsname\fR
+argument is the DNS domain name used to locate a
+keyset\-
+file\&.
.RE
.PP
-\-c \fIclass\fR
+\-T \fITTL\fR
.RS 4
-Specifies the DNS class (default is IN)\&. Useful only in keyset or zone file mode\&.
+Specifies the TTL of the DS records\&. By default the TTL is omitted\&.
.RE
.PP
\-v \fIlevel\fR
Sets the debugging level\&.
.RE
.PP
-\-h
-.RS 4
-Prints usage information\&.
-.RE
-.PP
\-V
.RS 4
Prints version information\&.
.PP
To build the SHA\-256 DS RR from the
\fBKexample\&.com\&.+003+26160\fR
-keyfile name, the following command would be issued:
+keyfile name, you can issue the following command:
.PP
\fBdnssec\-dsfromkey \-2 Kexample\&.com\&.+003+26160\fR
.PP
The command would print something like:
.PP
-\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
+\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94\fR
.SH "FILES"
.PP
-The keyfile can be designed by the key identification
+The keyfile can be designated by the key identification
Knnnn\&.+aaa+iiiii
or the full file name
Knnnn\&.+aaa+iiiii\&.key
\fBdnssec-keygen\fR(8),
\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 3658,
-RFC 4431\&.
-RFC 4509\&.
+RFC 3658
+(DS RRs),
+RFC 4431
+(DLV RRs),
+RFC 4509
+(SHA\-256 for DS RRs),
+RFC 6605
+(SHA\-384 for DS RRs),
+RFC 7344
+(CDS and CDNSKEY RRs)\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
- [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
- [<code class="option">-1</code>]
- [<code class="option">-2</code>]
- [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
- [<code class="option">-C</code>]
- [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
+ [
+ <code class="option">-1</code>
+ | <code class="option">-2</code>
+ | <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
+ ]
+ [
+ <code class="option">-C</code>
+ | <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
+ ]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
+ [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+ [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
{keyfile}
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
- {-s}
- [<code class="option">-1</code>]
- [<code class="option">-2</code>]
- [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
- [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
- [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
- [<code class="option">-s</code>]
- [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+ [
+ <code class="option">-1</code>
+ | <code class="option">-2</code>
+ | <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
+ ]
+ [
+ <code class="option">-C</code>
+ | <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
+ ]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
- [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
+ [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+ [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-A</code>]
+ {<code class="option">-f <em class="replaceable"><code>file</code></em></code>}
+ [dnsname]
+ </p></div>
+ <div class="cmdsynopsis"><p>
+ <code class="command">dnssec-dsfromkey</code>
+ [
+ <code class="option">-1</code>
+ | <code class="option">-2</code>
+ | <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
+ ]
+ [
+ <code class="option">-C</code>
+ | <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
+ ]
+ [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+ [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+ [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
+ {-s}
{dnsname}
- </p></div>
+ </p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
- [<code class="option">-h</code>]
- [<code class="option">-V</code>]
- </p></div>
+ [
+ <code class="option">-h</code>
+ | <code class="option">-V</code>
+ ]
+ </p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
- <p><span class="command"><strong>dnssec-dsfromkey</strong></span>
- outputs the Delegation Signer (DS) resource record (RR), as defined in
- RFC 3658 and RFC 4509, for the given key(s).
+ <p>
+ The <span class="command"><strong>dnssec-dsfromkey</strong></span> command outputs DS (Delegation
+ Signer) resource records (RRs) and other similarly-constructed RRs:
+ with the <code class="option">-l</code> option it outputs DLV (DNSSEC Lookaside
+ Validation) RRs; or with the <code class="option">-C</code> it outputs CDS (Child
+ DS) RRs.
+ </p>
+
+ <p>
+ The input keys can be specified in a number of ways:
+ </p>
+
+ <p>
+ By default, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads a key file
+ named like <code class="filename">Knnnn.+aaa+iiiii.key</code>, as generated
+ by <span class="command"><strong>dnssec-keygen</strong></span>.
+ </p>
+
+ <p>
+ With the <code class="option">-f <em class="replaceable"><code>file</code></em></code>
+ option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads keys from a zone file
+ or partial zone file (which can contain just the DNSKEY records).
+ </p>
+
+ <p>
+ With the <code class="option">-s</code>
+ option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads
+ a <code class="filename">keyset-</code> file, as generated
+ by <span class="command"><strong>dnssec-keygen</strong></span> <code class="option">-C</code>.
</p>
+
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>OPTIONS</h2>
-
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd>
<p>
- Use SHA-1 as the digest algorithm (the default is to use
- both SHA-1 and SHA-256).
+ An abbreviation for <code class="option">-a SHA1</code>
</p>
</dd>
<dt><span class="term">-2</span></dt>
<dd>
<p>
- Use SHA-256 as the digest algorithm.
+ An abbreviation for <code class="option">-a SHA-256</code>
</p>
</dd>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
- Select the digest algorithm. The value of
- <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
- SHA-256 (SHA256) or SHA-384 (SHA384).
- These values are case insensitive.
+ Specify a digest algorithm to use when converting DNSKEY
+ records to DS records. This option can be repeated, so
+ that multiple DS records are created for each DNSKEY
+ record.
+ </p>
+ <p>
+ The <em class="replaceable"><code>algorithm</code></em> must be one of
+ SHA-1, SHA-256, or SHA-384. These values are case insensitive,
+ and the hyphen may be omitted. If no algorithm is specified,
+ the default is SHA-256.
</p>
</dd>
-<dt><span class="term">-C</span></dt>
+<dt><span class="term">-A</span></dt>
<dd>
- <p>
- Generate CDS records rather than DS records. This is mutually
- exclusive with generating lookaside records.
- </p>
- </dd>
-<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
+ <p>
+ Include ZSKs when generating DS records. Without this option, only
+ keys which have the KSK flag set will be converted to DS records
+ and printed. Useful only in <code class="option">-f</code> zone file mode.
+ </p>
+ </dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd>
<p>
- Specifies the TTL of the DS records.
+ Specifies the DNS class (default is IN). Useful only
+ in <code class="option">-s</code> keyset or <code class="option">-f</code>
+ zone file mode.
</p>
</dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
+<dt><span class="term">-C</span></dt>
<dd>
<p>
- Look for key files (or, in keyset mode,
- <code class="filename">keyset-</code> files) in
- <code class="option">directory</code>.
+ Generate CDS records rather than DS records. This is mutually
+ exclusive with the <code class="option">-l</code> option for generating DLV
+ records.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd>
<p>
- Zone file mode: in place of the keyfile name, the argument is
- the DNS domain name of a zone master file, which can be read
+ Zone file mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
+ final <em class="replaceable"><code>dnsname</code></em> argument is
+ the DNS domain name of a zone whose master file can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
<p>
- If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
+ If <em class="replaceable"><code>file</code></em> is <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
-<dt><span class="term">-A</span></dt>
+<dt><span class="term">-h</span></dt>
<dd>
- <p>
- Include ZSKs when generating DS records. Without this option,
- only keys which have the KSK flag set will be converted to DS
- records and printed. Useful only in zone file mode.
- </p>
- </dd>
+ <p>
+ Prints usage information.
+ </p>
+ </dd>
+<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+ <p>
+ Look for key files or <code class="filename">keyset-</code> files in
+ <code class="option">directory</code>.
+ </p>
+ </dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd>
<p>
- Generate a DLV set instead of a DS set. The specified
- <code class="option">domain</code> is appended to the name for each
+ Generate a DLV set instead of a DS set. The specified
+ <em class="replaceable"><code>domain</code></em> is appended to the name for each
record in the set.
- The DNSSEC Lookaside Validation (DLV) RR is described
- in RFC 4431. This is mutually exclusive with generating
- CDS records.
+ This is mutually exclusive with the <code class="option">-C</code> option
+ for generating CDS records.
</p>
</dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
- Keyset mode: in place of the keyfile name, the argument is
- the DNS domain name of a keyset file.
+ Keyset mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
+ final <em class="replaceable"><code>dnsname</code></em> argument is the DNS
+ domain name used to locate a <code class="filename">keyset-</code> file.
</p>
</dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd>
<p>
- Specifies the DNS class (default is IN). Useful only
- in keyset or zone file mode.
+ Specifies the TTL of the DS records. By default the TTL is omitted.
</p>
</dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
Sets the debugging level.
</p>
</dd>
-<dt><span class="term">-h</span></dt>
-<dd>
- <p>
- Prints usage information.
- </p>
- </dd>
<dt><span class="term">-V</span></dt>
<dd>
<p>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
- keyfile name, the following command would be issued:
+ keyfile name, you can issue the following command:
</p>
<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
</p>
<p>
The command would print something like:
</p>
- <p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
+ <p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94</code></strong>
</p>
+
</div>
<div class="refsection">
<a name="id-1.10"></a><h2>FILES</h2>
<p>
- The keyfile can be designed by the key identification
+ The keyfile can be designated by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
<code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
<span class="refentrytitle">dnssec-keygen</span>(8).
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 3658</em>,
- <em class="citetitle">RFC 4431</em>.
- <em class="citetitle">RFC 4509</em>.
+ <em class="citetitle">RFC 3658</em> (DS RRs),
+ <em class="citetitle">RFC 4431</em> (DLV RRs),
+ <em class="citetitle">RFC 4509</em> (SHA-256 for DS RRs),
+ <em class="citetitle">RFC 6605</em> (SHA-384 for DS RRs),
+ <em class="citetitle">RFC 7344</em> (CDS and CDNSKEY RRs).
</p>
</div>
-.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.RS 4
Selects the cryptographic algorithm\&. The value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
+must be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<dd>
<p>
Selects the cryptographic algorithm. The value of
- <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
+ <code class="option">algorithm</code> must be one of RSASHA1,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</p>
-.\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.RS 4
Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
+must be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
\fB\-T KEY\fR
option as well\&.
.sp
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<dd>
<p>
Selects the cryptographic algorithm. For DNSSEC keys, the value
- of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
+ of <code class="option">algorithm</code> must be one of RSASHA1,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
-.\" Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br
-.\" Copyright (C) 2004-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 2018-10-23
+.\" Date: 2018-12-07
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
-.TH "NAMED\&.CONF" "5" "2018\-10\-23" "ISC" "BIND9"
+.TH "NAMED\&.CONF" "5" "2018\-12\-07" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
bindkeys\-file \fIquoted_string\fR;
blackhole { \fIaddress_match_element\fR; \&.\&.\&. };
cache\-file \fIquoted_string\fR;
- catalog\-zones { zone \fIquoted_string\fR [ default\-masters [ port
- \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [
- port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
+ catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ]
+ [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port
+ \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
\fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [
in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. };
check\-dup\-records ( fail | warn | ignore );
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [
- ( query | response ) ]; \&.\&.\&. };
- dnstap\-identity ( \fIquoted_string\fR | none | hostname );
- dnstap\-output ( file | unix ) \fIquoted_string\fR [ size ( unlimited |
- \fIsize\fR ) ] [ versions ( unlimited | \fIinteger\fR ) ] [ suffix (
- increment | timestamp ) ];
+ dnstap { ( all | auth | client | forwarder |
+ resolver | update ) [ ( query | response ) ];
+ \&.\&.\&. };
+ dnstap\-identity ( \fIquoted_string\fR | none |
+ hostname );
+ dnstap\-output ( file | unix ) \fIquoted_string\fR [
+ size ( unlimited | \fIsize\fR ) ] [ versions (
+ unlimited | \fIinteger\fR ) ] [ suffix ( increment
+ | timestamp ) ];
dnstap\-version ( \fIquoted_string\fR | none );
dscp \fIinteger\fR;
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
files ( default | unlimited | \fIsizeval\fR );
- filter\-aaaa { \fIaddress_match_element\fR; \&.\&.\&. };
- filter\-aaaa\-on\-v4 ( break\-dnssec | \fIboolean\fR );
- filter\-aaaa\-on\-v6 ( break\-dnssec | \fIboolean\fR );
flush\-zones\-on\-shutdown \fIboolean\fR;
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
resolver\-retry\-interval \fIinteger\fR;
response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size
\fIinteger\fR;
- response\-policy { zone \fIquoted_string\fR [ log \fIboolean\fR ] [
- max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
- policy ( cname | disabled | drop | given | no\-op | nodata |
- nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
- recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
- nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ break\-dnssec \fIboolean\fR ] [
- max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
- min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
- qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ] [
- nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ] [
- dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR
- } ];
+ response\-policy { zone \fIstring\fR [ log \fIboolean\fR ] [ max\-policy\-ttl
+ \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname |
+ disabled | drop | given | no\-op | nodata | nxdomain | passthru
+ | tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [
+ nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [
+ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [
+ min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [
+ nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ]
+ [ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
+ nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [
+ dnsrps\-options { \fIunspecified\-text\fR } ];
root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ];
root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
.if n \{\
.RE
.\}
+.SH "PLUGIN"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+plugin ( query ) \fIstring\fR [ { \fIunspecified\-text\fR
+ } ];
+.fi
+.if n \{\
+.RE
+.\}
.SH "SERVER"
.sp
.if n \{\
auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off );
cache\-file \fIquoted_string\fR;
- catalog\-zones { zone \fIquoted_string\fR [ default\-masters [ port
- \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [
- port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
+ catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ]
+ [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port
+ \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
\fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [
in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. };
check\-dup\-records ( fail | warn | ignore );
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [
- ( query | response ) ]; \&.\&.\&. };
+ dnstap { ( all | auth | client | forwarder |
+ resolver | update ) [ ( query | response ) ];
+ \&.\&.\&. };
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR \fIfixedpoint\fR \fIfixedpoint\fR;
fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
- filter\-aaaa { \fIaddress_match_element\fR; \&.\&.\&. };
- filter\-aaaa\-on\-v4 ( break\-dnssec | \fIboolean\fR );
- filter\-aaaa\-on\-v6 ( break\-dnssec | \fIboolean\fR );
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
| \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
max\-udp\-size \fIinteger\fR;
max\-zone\-ttl ( unlimited | \fIttlval\fR );
message\-compression \fIboolean\fR;
+ min\-cache\-ttl \fIttlval\fR;
+ min\-ncache\-ttl \fIttlval\fR;
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
minimal\-any \fIboolean\fR;
nta\-lifetime \fIttlval\fR;
nta\-recheck \fIttlval\fR;
nxdomain\-redirect \fIstring\fR;
+ plugin ( query ) \fIstring\fR [ {
+ \fIunspecified\-text\fR } ];
preferred\-glue \fIstring\fR;
prefetch \fIinteger\fR [ \fIinteger\fR ];
provide\-ixfr \fIboolean\fR;
resolver\-retry\-interval \fIinteger\fR;
response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size
\fIinteger\fR;
- response\-policy { zone \fIquoted_string\fR [ log \fIboolean\fR ] [
- max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
- policy ( cname | disabled | drop | given | no\-op | nodata |
- nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
- recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
- nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ break\-dnssec \fIboolean\fR ] [
- max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
- min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
- qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ] [
- nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ] [
- dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR
- } ];
+ response\-policy { zone \fIstring\fR [ log \fIboolean\fR ] [ max\-policy\-ttl
+ \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname |
+ disabled | drop | given | no\-op | nodata | nxdomain | passthru
+ | tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [
+ nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [
+ break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [
+ min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [
+ nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ]
+ [ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
+ nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [
+ dnsrps\-options { \fIunspecified\-text\fR } ];
root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ];
root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR
| * ) ] [ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
- pubkey \fIinteger\fR
- \fIinteger\fR
- \fIinteger\fR
+ pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
[ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
- pubkey \fIinteger\fR \fIinteger\fR
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2004-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2004-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
bindkeys-file <em class="replaceable"><code>quoted_string</code></em>;<br>
blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- catalog-zones { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port<br>
-     <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
-     port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
+ catalog-zones { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]<br>
+     [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
+     <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
- dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
-     ( query | response ) ]; ... };<br>
- dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );<br>
- dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [ size ( unlimited |<br>
-     <em class="replaceable"><code>size</code></em> ) ] [ versions ( unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix (<br>
-     increment | timestamp ) ];<br>
+ dnstap { ( all | auth | client | forwarder |<br>
+     resolver | update ) [ ( query | response ) ];<br>
+     ... };<br>
+ dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none |<br>
+     hostname );<br>
+ dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [<br>
+     size ( unlimited | <em class="replaceable"><code>size</code></em> ) ] [ versions (<br>
+     unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix ( increment<br>
+     | timestamp ) ];<br>
dnstap-version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
dscp <em class="replaceable"><code>integer</code></em>;<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
fetches-per-server <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
fetches-per-zone <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
files ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
- filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
- filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
flush-zones-on-shutdown <em class="replaceable"><code>boolean</code></em>;<br>
forward ( first | only );<br>
forwarders [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
resolver-retry-interval <em class="replaceable"><code>integer</code></em>;<br>
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
- response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     policy ( cname | disabled | drop | given | no-op | nodata |<br>
-     nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
-     recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
-     qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
- Â Â Â Â }Â ];<br>
+ response-policy { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl<br>
+     <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |<br>
+     disabled | drop | given | no-op | nodata | nxdomain | passthru<br>
+     | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [<br>
+     break-dnssec <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [<br>
+     min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [<br>
+     nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]<br>
+     [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
</div>
<div class="refsection">
-<a name="id-1.17"></a><h2>SERVER</h2>
+<a name="id-1.17"></a><h2>PLUGIN</h2>
+
+ <div class="literallayout"><p><br>
+plugin ( query ) <em class="replaceable"><code>string</code></em> [ { <em class="replaceable"><code>unspecified-text</code></em><br>
+Â Â Â Â }Â ];<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.18"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server <em class="replaceable"><code>netprefix</code></em> {<br>
</div>
<div class="refsection">
-<a name="id-1.18"></a><h2>STATISTICS-CHANNELS</h2>
+<a name="id-1.19"></a><h2>STATISTICS-CHANNELS</h2>
<div class="literallayout"><p><br>
statistics-channels {<br>
</div>
<div class="refsection">
-<a name="id-1.19"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.20"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
</div>
<div class="refsection">
-<a name="id-1.20"></a><h2>VIEW</h2>
+<a name="id-1.21"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- catalog-zones { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port<br>
-     <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
-     port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
+ catalog-zones { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]<br>
+     [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
+     <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
- dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
-     ( query | response ) ]; ... };<br>
+ dnstap { ( all | auth | client | forwarder |<br>
+     resolver | update ) [ ( query | response ) ];<br>
+     ... };<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port<br>
fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
fetches-per-server <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
fetches-per-zone <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
- filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
- filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
forward ( first | only );<br>
forwarders [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
    | <em class="replaceable"><code>ipv6_address</code></em> ) [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ]; ... };<br>
max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
message-compression <em class="replaceable"><code>boolean</code></em>;<br>
+ min-cache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
+ min-ncache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
minimal-any <em class="replaceable"><code>boolean</code></em>;<br>
nta-lifetime <em class="replaceable"><code>ttlval</code></em>;<br>
nta-recheck <em class="replaceable"><code>ttlval</code></em>;<br>
nxdomain-redirect <em class="replaceable"><code>string</code></em>;<br>
+ plugin ( query ) <em class="replaceable"><code>string</code></em> [ {<br>
+ Â Â Â Â <em class="replaceable"><code>unspecified-text</code></em>Â }Â ];<br>
preferred-glue <em class="replaceable"><code>string</code></em>;<br>
prefetch <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
resolver-retry-interval <em class="replaceable"><code>integer</code></em>;<br>
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
- response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     policy ( cname | disabled | drop | given | no-op | nodata |<br>
-     nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
-     recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
-     qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
- Â Â Â Â }Â ];<br>
+ response-policy { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl<br>
+     <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |<br>
+     disabled | drop | given | no-op | nodata | nxdomain | passthru<br>
+     | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [<br>
+     break-dnssec <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [<br>
+     min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [<br>
+     nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]<br>
+     [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em><br>
    | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- pubkey <em class="replaceable"><code>integer</code></em><br>
- Â Â Â Â <em class="replaceable"><code>integer</code></em><br>
- Â Â Â Â <em class="replaceable"><code>integer</code></em><br>
+ pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
</div>
<div class="refsection">
-<a name="id-1.21"></a><h2>ZONE</h2>
+<a name="id-1.22"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ]<br>
    [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
</div>
<div class="refsection">
-<a name="id-1.22"></a><h2>FILES</h2>
+<a name="id-1.23"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.23"></a><h2>SEE ALSO</h2>
+<a name="id-1.24"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">ddns-confgen</span>(8)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fB\-K\fR
option), and check the keys for all the zones represented in the directory\&.
.PP
+Key times that are in the past will not be updated unless the
+\fB\-f\fR
+is used (see below)\&. Key inactivation and deletion times that are less than five minutes in the future will be delayed by five minutes\&.
+.PP
It is expected that this tool will be run automatically and unattended (for example, by
\fBcron\fR)\&.
.SH "OPTIONS"
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2016-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
set by the <code class="option">-K</code> option), and check the keys for
all the zones represented in the directory.
</p>
+ <p>
+ Key times that are in the past will not be updated unless
+ the <code class="option">-f</code> is used (see below). Key inactivation
+ and deletion times that are less than five minutes in the future
+ will be delayed by five minutes.
+ </p>
<p>
It is expected that this tool will be run automatically and
unattended (for example, by <span class="command"><strong>cron</strong></span>).
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
Internet Systems Consortium
.SH "COPYRIGHT"
.br
-Copyright \(co 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
(<span class="command"><strong>rndc</strong></span>) program allows the
system
administrator to control the operation of a name server.
- Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
- supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
- utility except <span class="command"><strong>ndc start</strong></span> and
- <span class="command"><strong>ndc restart</strong></span>, which were also
- not supported in <span class="command"><strong>ndc</strong></span>'s
- channel mode.
If you run <span class="command"><strong>rndc</strong></span> without any
- options
- it will display a usage message as follows:
+ options, it will display a usage message as follows:
</p>
<div class="cmdsynopsis"><p>
<code class="command">rndc</code>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</p>
<p>
- A secure zone must contain one or more zone keys. The
- zone keys will sign all other records in the zone, as well as
- the zone keys of any secure delegated zones. Zone keys must
- have the same name as the zone, a name type of
- <span class="command"><strong>ZONE</strong></span>, and must be usable for
- authentication.
- It is recommended that zone keys use a cryptographic algorithm
- designated as "mandatory to implement" by the IETF; currently
- the only one is RSASHA1.
+ A secure zone must contain one or more zone keys. The zone keys will
+ sign all other records in the zone, as well as the zone keys of any
+ secure delegated zones. Zone keys must have the same name as the
+ zone, a name type of <span class="command"><strong>ZONE</strong></span>, and must be usable for
+ authentication. It is recommended that zone keys use a cryptographic
+ algorithm designated as "mandatory to implement" by the IETF;
+ currently the are two algorithms: RSASHA256 and ECDSAP256SHA256.
+ ECDSAP256SHA256 is recommended for current and future deployments.
</p>
<p>
- The following command will generate a 768-bit RSASHA1 key for
+ The following command will generate a ECDSAP256SHA256 key for
the <code class="filename">child.example</code> zone:
</p>
<p>
- <strong class="userinput"><code>dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.</code></strong>
+ <strong class="userinput"><code>dnssec-keygen -a ECDSAP256SHA256 -n ZONE child.example.</code></strong>
</p>
<p>
Two output files will be produced:
- <code class="filename">Kchild.example.+005+12345.key</code> and
- <code class="filename">Kchild.example.+005+12345.private</code>
- (where
- 12345 is an example of a key tag). The key filenames contain
- the key name (<code class="filename">child.example.</code>),
- algorithm (3
- is DSA, 1 is RSAMD5, 5 is RSASHA1, etc.), and the key tag (12345 in
- this case).
- The private key (in the <code class="filename">.private</code>
- file) is
- used to generate signatures, and the public key (in the
- <code class="filename">.key</code> file) is used for signature
- verification.
+ <code class="filename">Kchild.example.+013+12345.key</code> and
+ <code class="filename">Kchild.example.+013+12345.private</code> (where 12345 is
+ an example of a key tag). The key filenames contain the key name
+ (<code class="filename">child.example.</code>), algorithm (5 is RSASHA1, 8 is
+ RSASHA256, 13 is ECDSAP256SHA256, 15 is ED25519 etc.), and the key tag
+ (12345 in this case). The private key (in the
+ <code class="filename">.private</code> file) is used to generate signatures,
+ and the public key (in the <code class="filename">.key</code> file) is used for
+ signature verification.
</p>
<p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</pre>
<p>
- In <acronym class="acronym">BIND</acronym> 9, the logging configuration
- is only established when
- the entire configuration file has been parsed. In <acronym class="acronym">BIND</acronym> 8, it was
- established as soon as the <span class="command"><strong>logging</strong></span>
- statement
- was parsed. When the server is starting up, all logging messages
+ The logging configuration is only established when
+ the entire configuration file has been parsed.
+ When the server is starting up, all logging messages
regarding syntax errors in the configuration file go to the default
channels, or to standard error if the <code class="option">-g</code> option
was specified.
<span class="command"><strong>bindkeys-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>blackhole</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>cache-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
- <span class="command"><strong>catalog-zones</strong></span> { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port
- <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [
- <span class="command"><strong>port</strong></span> <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key
+ <span class="command"><strong>catalog-zones</strong></span> { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]
+ [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port
+ <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key
<em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [
<span class="command"><strong>in-memory</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };
<span class="command"><strong>check-dup-records</strong></span> ( fail | warn | ignore );
<span class="command"><strong>dnssec-secure-to-insecure</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>dnssec-update-mode</strong></span> ( maintain | no-resign );
<span class="command"><strong>dnssec-validation</strong></span> ( yes | no | auto );
- <span class="command"><strong>dnstap</strong></span> { ( all | auth | client | forwarder | resolver | update ) [
- ( query | response ) ]; ... };
- <span class="command"><strong>dnstap-identity</strong></span> ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );
- <span class="command"><strong>dnstap-output</strong></span> ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [ size ( unlimited |
- <em class="replaceable"><code>size</code></em> ) ] [ versions ( unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix (
- <span class="command"><strong>increment</strong></span> | timestamp ) ];
+ <span class="command"><strong>dnstap</strong></span> { ( all | auth | client | forwarder |
+ <span class="command"><strong>resolver</strong></span> | update ) [ ( query | response ) ];
+ ... };
+ <span class="command"><strong>dnstap-identity</strong></span> ( <em class="replaceable"><code>quoted_string</code></em> | none |
+ <span class="command"><strong>hostname</strong></span> );
+ <span class="command"><strong>dnstap-output</strong></span> ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [
+ <span class="command"><strong>size</strong></span> ( unlimited | <em class="replaceable"><code>size</code></em> ) ] [ versions (
+ <span class="command"><strong>unlimited</strong></span> | <em class="replaceable"><code>integer</code></em> ) ] [ suffix ( increment
+ | timestamp ) ];
<span class="command"><strong>dnstap-version</strong></span> ( <em class="replaceable"><code>quoted_string</code></em> | none );
<span class="command"><strong>dscp</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>dual-stack-servers</strong></span> [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port
<span class="command"><strong>fetches-per-server</strong></span> <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];
<span class="command"><strong>fetches-per-zone</strong></span> <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];
<span class="command"><strong>files</strong></span> ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );
- <span class="command"><strong>filter-aaaa</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
- <span class="command"><strong>filter-aaaa-on-v4</strong></span> ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );
- <span class="command"><strong>filter-aaaa-on-v6</strong></span> ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );
<span class="command"><strong>flush-zones-on-shutdown</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>forward</strong></span> ( first | only );
<span class="command"><strong>forwarders</strong></span> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em>
<span class="command"><strong>memstatistics</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>memstatistics-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>message-compression</strong></span> <em class="replaceable"><code>boolean</code></em>;
+ <span class="command"><strong>min-cache-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em>;
+ <span class="command"><strong>min-ncache-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em>;
<span class="command"><strong>min-refresh-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>min-retry-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>minimal-any</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>resolver-retry-interval</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>response-padding</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size
<em class="replaceable"><code>integer</code></em>;
- <span class="command"><strong>response-policy</strong></span> { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [
- <span class="command"><strong>max-policy-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [
- <span class="command"><strong>policy</strong></span> ( cname | disabled | drop | given | no-op | nodata |
- <span class="command"><strong>nxdomain</strong></span> | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [
- <span class="command"><strong>recursive-only</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [
- <span class="command"><strong>nsdname-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [
- <span class="command"><strong>max-policy-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [
- <span class="command"><strong>min-ns-dots</strong></span> <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [
- <span class="command"><strong>qname-wait-recurse</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [
- <span class="command"><strong>nsip-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [
- <span class="command"><strong>dnsrps-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em>
- } ];
+ <span class="command"><strong>response-policy</strong></span> { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl
+ <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |
+ <span class="command"><strong>disabled</strong></span> | drop | given | no-op | nodata | nxdomain | passthru
+ | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [
+ <span class="command"><strong>nsip-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [
+ <span class="command"><strong>break-dnssec</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [
+ <span class="command"><strong>min-update-interval</strong></span> <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [
+ <span class="command"><strong>nsip-wait-recurse</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]
+ [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [
+ <span class="command"><strong>nsdname-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [
+ <span class="command"><strong>dnsrps-options</strong></span> { <em class="replaceable"><code>unspecified-text</code></em> } ];
<span class="command"><strong>root-delegation-only</strong></span> [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];
<span class="command"><strong>root-key-sentinel</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>rrset-order</strong></span> { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name
effective user ID of the <span class="command"><strong>named</strong></span> process.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>named-xfer</strong></span></span></dt>
-<dd>
- <p>
- <span class="emphasis"><em>This option is obsolete.</em></span> It
- was used in <acronym class="acronym">BIND</acronym> 8 to specify
- the pathname to the <span class="command"><strong>named-xfer</strong></span>
- program. In <acronym class="acronym">BIND</acronym> 9, no separate
- <span class="command"><strong>named-xfer</strong></span> program is needed;
- its functionality is built into the name server.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>qname-minimization</strong></span></span></dt>
<dd>
<p>
<dt><span class="term"><span class="command"><strong>auth-nxdomain</strong></span></span></dt>
<dd>
<p>
- If <strong class="userinput"><code>yes</code></strong>, then the <span class="command"><strong>AA</strong></span> bit
- is always set on NXDOMAIN responses, even if the server is
- not actually
- authoritative. The default is <strong class="userinput"><code>no</code></strong>;
- this is
- a change from <acronym class="acronym">BIND</acronym> 8. If you
- are using very old DNS software, you
+ If <strong class="userinput"><code>yes</code></strong>, then the
+ <span class="command"><strong>AA</strong></span> bit is always set on NXDOMAIN
+ responses, even if the server is not actually
+ authoritative. The default is <strong class="userinput"><code>no</code></strong>.
+ If you are using very old DNS software, you
may need to set it to <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>fake-iquery</strong></span></span></dt>
-<dd>
- <p>
- In <acronym class="acronym">BIND</acronym> 8, this option
- enabled simulating the obsolete DNS query type
- IQUERY. <acronym class="acronym">BIND</acronym> 9 never does
- IQUERY simulation.
- </p>
- </dd>
-<dt><span class="term"><span class="command"><strong>fetch-glue</strong></span></span></dt>
-<dd>
- <p>
- <span class="emphasis"><em>This option is obsolete</em></span>.
- In BIND 8, <strong class="userinput"><code>fetch-glue yes</code></strong>
- caused the server to attempt to fetch glue resource records
- it
- didn't have when constructing the additional
- data section of a response. This is now considered a bad
- idea
- and BIND 9 never does it.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>flush-zones-on-shutdown</strong></span></span></dt>
<dd>
<p>
but is now obsolete.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>has-old-clients</strong></span></span></dt>
-<dd>
- <p>
- This option was incorrectly implemented
- in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
- To achieve the intended effect
- of
- <span class="command"><strong>has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
- the two separate options <span class="command"><strong>auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
- and <span class="command"><strong>rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
- </p>
- </dd>
-<dt><span class="term"><span class="command"><strong>host-statistics</strong></span></span></dt>
-<dd>
- <p>
- In BIND 8, this enabled keeping of
- statistics for every host that the name server interacts
- with.
- Not implemented in BIND 9.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>root-key-sentinel</strong></span></span></dt>
<dd>
<p>
<strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>maintain-ixfr-base</strong></span></span></dt>
-<dd>
- <p>
- <span class="emphasis"><em>This option is obsolete</em></span>.
- It was used in <acronym class="acronym">BIND</acronym> 8 to
- determine whether a transaction log was
- kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
- log whenever possible. If you need to disable outgoing
- incremental zone
- transfers, use <span class="command"><strong>provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>message-compression</strong></span></span></dt>
<dd>
<p>
The default is <strong class="userinput"><code>no</code></strong>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>multiple-cnames</strong></span></span></dt>
-<dd>
- <p>
- This option was used in <acronym class="acronym">BIND</acronym> 8 to allow
- a domain name to have multiple CNAME records in violation of
- the DNS standards. <acronym class="acronym">BIND</acronym> 9.2 onwards
- always strictly enforces the CNAME rules both in master
- files and dynamic updates.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>notify</strong></span></span></dt>
<dd>
<p>
of two (for instance, 128), but this is not mandatory.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>rfc2308-type1</strong></span></span></dt>
-<dd>
- <p>
- Setting this to <strong class="userinput"><code>yes</code></strong> will
- cause the server to send NS records along with the SOA
- record for negative
- answers. The default is <strong class="userinput"><code>no</code></strong>.
- </p>
- <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
-<h3 class="title">Note</h3>
- <p>
- Not yet implemented in <acronym class="acronym">BIND</acronym>
- 9.
- </p>
- </div>
- </dd>
<dt><span class="term"><span class="command"><strong>trust-anchor-telemetry</strong></span></span></dt>
<dd>
<p>
The default is <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>use-id-pool</strong></span></span></dt>
-<dd>
- <p>
- <span class="emphasis"><em>This option is obsolete</em></span>.
- <acronym class="acronym">BIND</acronym> 9 always allocates query
- IDs from a pool.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>use-ixfr</strong></span></span></dt>
<dd>
<p>
Usage”</a>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>treat-cr-as-space</strong></span></span></dt>
-<dd>
- <p>
- This option was used in <acronym class="acronym">BIND</acronym>
- 8 to make
- the server treat carriage return ("<span class="command"><strong>\r</strong></span>") characters the same way
- as a space or tab character,
- to facilitate loading of zone files on a UNIX system that
- were generated
- on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span class="command"><strong>\n</strong></span>"
- and NT/DOS "<span class="command"><strong>\r\n</strong></span>" newlines
- are always accepted,
- and the option is ignored.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>match-mapped-addresses</strong></span></span></dt>
<dd>
<p>
The default is <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>dnssec-validation</strong></span></span></dt>
+<dt>
+<a name="dnssec_validation"></a><span class="term"><a name="dnssec_validation_term"></a><span class="command"><strong>dnssec-validation</strong></span></span>
+</dt>
<dd>
<p>
This enables DNSSEC validation in <span class="command"><strong>named</strong></span>.
<dd>
<p>
Try to refresh the zone using TCP if UDP queries fail.
- For BIND 8 compatibility, the default is
- <span class="command"><strong>yes</strong></span>.
+ The default is <span class="command"><strong>yes</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>dnssec-secure-to-insecure</strong></span></span></dt>
<dt><span class="term"><span class="command"><strong>allow-notify</strong></span></span></dt>
<dd>
<p>
- Specifies which hosts are allowed to
- notify this server, a slave, of zone changes in addition
- to the zone masters.
- <span class="command"><strong>allow-notify</strong></span> may also be
- specified in the
- <span class="command"><strong>zone</strong></span> statement, in which case
- it overrides the
- <span class="command"><strong>options allow-notify</strong></span>
- statement. It is only meaningful
- for a slave zone. If not specified, the default is to
- process notify messages
- only from a zone's master.
+ This ACL specifies which hosts may send NOTIFY messages
+ to inform this server of changes to zones for which it
+ is acting as a secondary server. This is only
+ applicable for secondary zones (i.e., type
+ <code class="literal">secondary</code> or <code class="literal">slave</code>).
+ </p>
+ <p>
+ If this option is set in <span class="command"><strong>view</strong></span> or
+ <span class="command"><strong>options</strong></span>, it is globally applied to
+ all secondary zones. If set in the <span class="command"><strong>zone</strong></span>
+ statement, the global value is overridden.
+ </p>
+ <p>
+ If not specified, the default is to process NOTIFY
+ messages only from the configured
+ <span class="command"><strong>masters</strong></span> for the zone.
+ <span class="command"><strong>allow-notify</strong></span> can be used to expand the
+ list of permitted hosts, not to reduce it.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-query</strong></span></span></dt>
<dt><span class="term"><span class="command"><strong>allow-update</strong></span></span></dt>
<dd>
<p>
- Specifies which hosts are allowed to
- submit Dynamic DNS updates for master zones. The default is
- to deny
- updates from all hosts. Note that allowing updates based
- on the requestor's IP address is insecure; see
+ When set in the <span class="command"><strong>zone</strong></span> statement for
+ a master zone, specifies which hosts are allowed to
+ submit Dynamic DNS updates to that zone. The default
+ is to deny updates from all hosts. This can only
+ be set at the <span class="command"><strong>zone</strong></span> level, not in
+ <span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span>.
+ </p>
+ <p>
+ Note that allowing updates based on the
+ requestor's IP address is insecure; see
<a class="xref" href="Bv9ARM.ch06.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for details.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-update-forwarding</strong></span></span></dt>
<dd>
<p>
- Specifies which hosts are allowed to
- submit Dynamic DNS updates to slave zones to be forwarded to
- the
- master. The default is <strong class="userinput"><code>{ none; }</code></strong>,
- which
- means that no update forwarding will be performed. To
- enable
- update forwarding, specify
+ When set in the <span class="command"><strong>zone</strong></span> statement for
+ a slave zone, specifies which hosts are allowed to
+ submit Dynamic DNS updates and have them be forwarded
+ to the master. The default is
+ <strong class="userinput"><code>{ none; }</code></strong>, which means that no
+ update forwarding will be performed. This can only be
+ set at the <span class="command"><strong>zone</strong></span> level, not in
+ <span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span>.
+ </p>
+ <p>
+ To enable update forwarding, specify
<strong class="userinput"><code>allow-update-forwarding { any; };</code></strong>.
- Specifying values other than <strong class="userinput"><code>{ none; }</code></strong> or
- <strong class="userinput"><code>{ any; }</code></strong> is usually
- counterproductive, since
- the responsibility for update access control should rest
- with the
- master server, not the slaves.
+ in the <span class="command"><strong>zone</strong></span> statement.
+ Specifying values other than <strong class="userinput"><code>{ none; }</code></strong>
+ or <strong class="userinput"><code>{ any; }</code></strong> is usually
+ counterproductive; the responsibility for update
+ access control should rest with the master server, not
+ the slave.
</p>
<p>
Note that enabling the update forwarding feature on a slave
- server
- may expose master servers relying on insecure IP address
- based
- access control to attacks; see <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a>
- for more details.
+ server may expose master servers to attacks if they rely
+ on insecure IP-address-based access control; see
+ <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_security" title="Dynamic Update Security">the section called “Dynamic Update Security”</a> for more details.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-v6-synthesis</strong></span></span></dt>
</dt>
<dd>
<p>
- Specifies which hosts are allowed to
- receive zone transfers from the server. <span class="command"><strong>allow-transfer</strong></span> may
- also be specified in the <span class="command"><strong>zone</strong></span>
- statement, in which
- case it overrides the <span class="command"><strong>options allow-transfer</strong></span> statement.
- If not specified, the default is to allow transfers to all
- hosts.
+ Specifies which hosts are allowed to receive zone
+ transfers from the server. <span class="command"><strong>allow-transfer</strong></span>
+ may also be specified in the <span class="command"><strong>zone</strong></span>
+ statement, in which case it overrides the
+ <span class="command"><strong>allow-transfer</strong></span> statement set in
+ <span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span>.
+ If not specified, the default is to allow transfers to
+ all hosts.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>blackhole</strong></span></span></dt>
to zero, it will be silently raised to one.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>serial-queries</strong></span></span></dt>
-<dd>
- <p>
- In BIND 8, the <span class="command"><strong>serial-queries</strong></span>
- option
- set the maximum number of concurrent serial number queries
- allowed to be outstanding at any given time.
- BIND 9 does not limit the number of outstanding
- serial queries and ignores the <span class="command"><strong>serial-queries</strong></span> option.
- Instead, it limits the rate at which the queries are sent
- as defined using the <span class="command"><strong>serial-query-rate</strong></span> option.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>transfer-format</strong></span></span></dt>
<dd>
<dd>
<p>
Use the alternate transfer sources or not. If views are
- specified this defaults to <span class="command"><strong>no</strong></span>
+ specified this defaults to <span class="command"><strong>no</strong></span>,
otherwise it defaults to
- <span class="command"><strong>yes</strong></span> (for BIND 8
- compatibility).
+ <span class="command"><strong>yes</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>notify-source</strong></span></span></dt>
</p>
<div class="variablelist"><dl class="variablelist">
-<dt><span class="term"><span class="command"><strong>max-ixfr-log-size</strong></span></span></dt>
-<dd>
- <p>
- This option is obsolete; it is accepted
- and ignored for BIND 8 compatibility. The option
- <span class="command"><strong>max-journal-size</strong></span> performs a
- similar function in BIND 9.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>max-journal-size</strong></span></span></dt>
<dd>
<p>
The default is zero which means unlimited.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
-<dd>
- <p>
- In BIND 8, specifies the maximum number of host statistics
- entries to be kept.
- Not implemented in BIND 9.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>recursive-clients</strong></span></span></dt>
<dd>
<p>
used to specify the value.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>statistics-interval</strong></span></span></dt>
-<dd>
- <p>
- Name server statistics will be logged
- every <span class="command"><strong>statistics-interval</strong></span>
- minutes. The default is
- 60. The maximum value is 28 days (40320 minutes).
- If set to 0, no statistics will be logged.
- </p>
-<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
-<h3 class="title">Note</h3>
- <p>
- Not yet implemented in
- <acronym class="acronym">BIND</acronym> 9.
- </p>
- </div>
- </dd>
-<dt><span class="term"><span class="command"><strong>topology</strong></span></span></dt>
-<dd>
- <p>
- In BIND 8, this option indicated network topology
- so that preferential treatment could be given to
- the topologicaly closest name servers when sending
- queries. It is not implemented in BIND 9.
- </p>
- </dd>
</dl></div>
</div>
<span class="command"><strong>rndc serve-stale on</strong></span>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>min-roots</strong></span></span></dt>
-<dd>
- <p>
- The minimum number of root servers that
- is required for a request for the root servers to be
- accepted. The default
- is <strong class="userinput"><code>2</code></strong>.
- </p>
- <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
-<h3 class="title">Note</h3>
- <p>
- Not implemented in <acronym class="acronym">BIND</acronym> 9.
- </p>
- </div>
- </dd>
<dt><span class="term"><span class="command"><strong>sig-validity-interval</strong></span></span></dt>
<dd>
<p>
in <span class="command"><strong>managed-keys</strong></span> or
<span class="command"><strong>trusted-keys</strong></span>. In the case
of the root zone, you may also rely on the
- built-in root trust anchor, which can be enabled
- by setting <span class="command"><strong>dnssec-validation</strong></span>
- to <strong class="userinput"><code>auto</code></strong>. Answers coming
- from a mirror zone look almost exactly like
- answers from a zone of type
+ built-in root trust anchor, which is enabled
+ when <a class="xref" href="Bv9ARM.ch05.html#dnssec_validation"><span class="command"><strong>dnssec-validation</strong></span></a> is set to the
+ default value <strong class="userinput"><code>auto</code></strong>.
+ </p>
+ <p>
+ Answers coming from a mirror zone look almost
+ exactly like answers from a zone of type
<strong class="userinput"><code>secondary</code></strong>, with the
notable exceptions that the AA bit
("authoritative answer") is not set, and the AD
not used.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>ixfr-base</strong></span></span></dt>
-<dd>
- <p>
- Was used in <acronym class="acronym">BIND</acronym> 8 to
- specify the name
- of the transaction log (journal) file for dynamic update
- and IXFR.
- <acronym class="acronym">BIND</acronym> 9 ignores the option
- and constructs the name of the journal
- file by appending "<code class="filename">.jnl</code>"
- to the name of the
- zone file.
- </p>
- </dd>
-<dt><span class="term"><span class="command"><strong>ixfr-tmp-file</strong></span></span></dt>
-<dd>
- <p>
- Was an undocumented option in <acronym class="acronym">BIND</acronym> 8.
- Ignored in <acronym class="acronym">BIND</acronym> 9.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>journal</strong></span></span></dt>
<dd>
<p>
<a class="xref" href="Bv9ARM.ch05.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
</p>
</dd>
-<dt><span class="term"><span class="command"><strong>pubkey</strong></span></span></dt>
-<dd>
- <p>
- In <acronym class="acronym">BIND</acronym> 8, this option was
- intended for specifying
- a public zone key for verification of signatures in DNSSEC
- signed
- zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
- on load and ignores the option.
- </p>
- </dd>
<dt><span class="term"><span class="command"><strong>zone-statistics</strong></span></span></dt>
<dd>
<p>
The <span class="command"><strong>$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
and not part of the standard zone file format.
</p>
- <p>
- BIND 8 did not support the optional TTL and CLASS fields.
- </p>
</div>
<div class="section">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.5</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.6</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
configuration options cannot exceed 90 seconds.
</p>
</li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>rndc status</strong></span> output now includes a
+ <span class="command"><strong>reconfig/reload in progress</strong></span> status line if named
+ configuration is being reloaded.
+ </p>
+ </li>
</ul></div>
</div>
removed from BIND as the DSA key length is limited to 1024
bits and this is not considered secure enough.
</p>
+ <p>
+ Support for RSAMD5 algorithm has been removed freom BIND as the usage
+ of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
+ the security of MD5 algorithm has been compromised and the its usage
+ is considered harmful.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The incomplete support for internationalization message catalogs has
+ been removed from BIND. Since the internationalization was never
+ completed, and no localized message catalogs were ever made available
+ for the portions of BIND in which they could have been used, this
+ change will have no effect except to simplify the source code. BIND's
+ log messages and other output were already only available in English.
+ </p>
</li>
</ul></div>
</div>
disables reading of the file <code class="filename">$HOME/.digrc</code>.
</p>
</li>
+<li class="listitem">
+ <p>
+ Zone signing and key maintenance events are now logged to the
+ <span class="command"><strong>dnssec</strong></span> category rather than
+ <span class="command"><strong>zone</strong></span>.
+ </p>
+ </li>
</ul></div>
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.13.5</p></div>
-<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
+<div><p class="releaseinfo">BIND Version 9.13.6</p></div>
+<div><p class="copyright">Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</div>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.5</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
record. This option has no effect when using CDS records.
</p>
<p>
- The <em class="replaceable"><code>algorithm</code></em> must be one of SHA-1
- (SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
- values are case insensitive. If no algorithm is specified,
+ The <em class="replaceable"><code>algorithm</code></em> must be one of
+ SHA-1, SHA-256, or SHA-384. These values are case insensitive,
+ and the hyphen may be omitted. If no algorithm is specified,
the default is SHA-256.
</p>
</dd>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
- [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
- [<code class="option">-1</code>]
- [<code class="option">-2</code>]
- [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
- [<code class="option">-C</code>]
- [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
+ [
+ <code class="option">-1</code>
+ | <code class="option">-2</code>
+ | <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
+ ]
+ [
+ <code class="option">-C</code>
+ | <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
+ ]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
+ [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+ [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
{keyfile}
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
- {-s}
- [<code class="option">-1</code>]
- [<code class="option">-2</code>]
- [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
- [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
- [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
- [<code class="option">-s</code>]
- [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+ [
+ <code class="option">-1</code>
+ | <code class="option">-2</code>
+ | <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
+ ]
+ [
+ <code class="option">-C</code>
+ | <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
+ ]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
- [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
+ [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+ [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-A</code>]
+ {<code class="option">-f <em class="replaceable"><code>file</code></em></code>}
+ [dnsname]
+ </p></div>
+ <div class="cmdsynopsis"><p>
+ <code class="command">dnssec-dsfromkey</code>
+ [
+ <code class="option">-1</code>
+ | <code class="option">-2</code>
+ | <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
+ ]
+ [
+ <code class="option">-C</code>
+ | <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
+ ]
+ [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+ [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+ [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
+ {-s}
{dnsname}
- </p></div>
+ </p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
- [<code class="option">-h</code>]
- [<code class="option">-V</code>]
- </p></div>
+ [
+ <code class="option">-h</code>
+ | <code class="option">-V</code>
+ ]
+ </p></div>
</div>
<div class="refsection">
<a name="id-1.13.9.7"></a><h2>DESCRIPTION</h2>
- <p><span class="command"><strong>dnssec-dsfromkey</strong></span>
- outputs the Delegation Signer (DS) resource record (RR), as defined in
- RFC 3658 and RFC 4509, for the given key(s).
+ <p>
+ The <span class="command"><strong>dnssec-dsfromkey</strong></span> command outputs DS (Delegation
+ Signer) resource records (RRs) and other similarly-constructed RRs:
+ with the <code class="option">-l</code> option it outputs DLV (DNSSEC Lookaside
+ Validation) RRs; or with the <code class="option">-C</code> it outputs CDS (Child
+ DS) RRs.
+ </p>
+
+ <p>
+ The input keys can be specified in a number of ways:
+ </p>
+
+ <p>
+ By default, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads a key file
+ named like <code class="filename">Knnnn.+aaa+iiiii.key</code>, as generated
+ by <span class="command"><strong>dnssec-keygen</strong></span>.
+ </p>
+
+ <p>
+ With the <code class="option">-f <em class="replaceable"><code>file</code></em></code>
+ option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads keys from a zone file
+ or partial zone file (which can contain just the DNSKEY records).
+ </p>
+
+ <p>
+ With the <code class="option">-s</code>
+ option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads
+ a <code class="filename">keyset-</code> file, as generated
+ by <span class="command"><strong>dnssec-keygen</strong></span> <code class="option">-C</code>.
</p>
+
</div>
<div class="refsection">
<a name="id-1.13.9.8"></a><h2>OPTIONS</h2>
-
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd>
<p>
- Use SHA-1 as the digest algorithm (the default is to use
- both SHA-1 and SHA-256).
+ An abbreviation for <code class="option">-a SHA1</code>
</p>
</dd>
<dt><span class="term">-2</span></dt>
<dd>
<p>
- Use SHA-256 as the digest algorithm.
+ An abbreviation for <code class="option">-a SHA-256</code>
</p>
</dd>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
- Select the digest algorithm. The value of
- <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
- SHA-256 (SHA256) or SHA-384 (SHA384).
- These values are case insensitive.
+ Specify a digest algorithm to use when converting DNSKEY
+ records to DS records. This option can be repeated, so
+ that multiple DS records are created for each DNSKEY
+ record.
+ </p>
+ <p>
+ The <em class="replaceable"><code>algorithm</code></em> must be one of
+ SHA-1, SHA-256, or SHA-384. These values are case insensitive,
+ and the hyphen may be omitted. If no algorithm is specified,
+ the default is SHA-256.
</p>
</dd>
-<dt><span class="term">-C</span></dt>
+<dt><span class="term">-A</span></dt>
<dd>
- <p>
- Generate CDS records rather than DS records. This is mutually
- exclusive with generating lookaside records.
- </p>
- </dd>
-<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
+ <p>
+ Include ZSKs when generating DS records. Without this option, only
+ keys which have the KSK flag set will be converted to DS records
+ and printed. Useful only in <code class="option">-f</code> zone file mode.
+ </p>
+ </dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd>
<p>
- Specifies the TTL of the DS records.
+ Specifies the DNS class (default is IN). Useful only
+ in <code class="option">-s</code> keyset or <code class="option">-f</code>
+ zone file mode.
</p>
</dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
+<dt><span class="term">-C</span></dt>
<dd>
<p>
- Look for key files (or, in keyset mode,
- <code class="filename">keyset-</code> files) in
- <code class="option">directory</code>.
+ Generate CDS records rather than DS records. This is mutually
+ exclusive with the <code class="option">-l</code> option for generating DLV
+ records.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd>
<p>
- Zone file mode: in place of the keyfile name, the argument is
- the DNS domain name of a zone master file, which can be read
+ Zone file mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
+ final <em class="replaceable"><code>dnsname</code></em> argument is
+ the DNS domain name of a zone whose master file can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
<p>
- If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
+ If <em class="replaceable"><code>file</code></em> is <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
-<dt><span class="term">-A</span></dt>
+<dt><span class="term">-h</span></dt>
<dd>
- <p>
- Include ZSKs when generating DS records. Without this option,
- only keys which have the KSK flag set will be converted to DS
- records and printed. Useful only in zone file mode.
- </p>
- </dd>
+ <p>
+ Prints usage information.
+ </p>
+ </dd>
+<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+ <p>
+ Look for key files or <code class="filename">keyset-</code> files in
+ <code class="option">directory</code>.
+ </p>
+ </dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd>
<p>
- Generate a DLV set instead of a DS set. The specified
- <code class="option">domain</code> is appended to the name for each
+ Generate a DLV set instead of a DS set. The specified
+ <em class="replaceable"><code>domain</code></em> is appended to the name for each
record in the set.
- The DNSSEC Lookaside Validation (DLV) RR is described
- in RFC 4431. This is mutually exclusive with generating
- CDS records.
+ This is mutually exclusive with the <code class="option">-C</code> option
+ for generating CDS records.
</p>
</dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
- Keyset mode: in place of the keyfile name, the argument is
- the DNS domain name of a keyset file.
+ Keyset mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
+ final <em class="replaceable"><code>dnsname</code></em> argument is the DNS
+ domain name used to locate a <code class="filename">keyset-</code> file.
</p>
</dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd>
<p>
- Specifies the DNS class (default is IN). Useful only
- in keyset or zone file mode.
+ Specifies the TTL of the DS records. By default the TTL is omitted.
</p>
</dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
Sets the debugging level.
</p>
</dd>
-<dt><span class="term">-h</span></dt>
-<dd>
- <p>
- Prints usage information.
- </p>
- </dd>
<dt><span class="term">-V</span></dt>
<dd>
<p>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
- keyfile name, the following command would be issued:
+ keyfile name, you can issue the following command:
</p>
<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
</p>
<p>
The command would print something like:
</p>
- <p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
+ <p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94</code></strong>
</p>
+
</div>
<div class="refsection">
<a name="id-1.13.9.10"></a><h2>FILES</h2>
<p>
- The keyfile can be designed by the key identification
+ The keyfile can be designated by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
<code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
<span class="refentrytitle">dnssec-keygen</span>(8).
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 3658</em>,
- <em class="citetitle">RFC 4431</em>.
- <em class="citetitle">RFC 4509</em>.
+ <em class="citetitle">RFC 3658</em> (DS RRs),
+ <em class="citetitle">RFC 4431</em> (DLV RRs),
+ <em class="citetitle">RFC 4509</em> (SHA-256 for DS RRs),
+ <em class="citetitle">RFC 6605</em> (SHA-384 for DS RRs),
+ <em class="citetitle">RFC 7344</em> (CDS and CDNSKEY RRs).
</p>
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<dd>
<p>
Selects the cryptographic algorithm. The value of
- <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
+ <code class="option">algorithm</code> must be one of RSASHA1,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<dd>
<p>
Selects the cryptographic algorithm. For DNSSEC keys, the value
- of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
+ of <code class="option">algorithm</code> must be one of RSASHA1,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
set by the <code class="option">-K</code> option), and check the keys for
all the zones represented in the directory.
</p>
+ <p>
+ Key times that are in the past will not be updated unless
+ the <code class="option">-f</code> is used (see below). Key inactivation
+ and deletion times that are less than five minutes in the future
+ will be delayed by five minutes.
+ </p>
<p>
It is expected that this tool will be run automatically and
unattended (for example, by <span class="command"><strong>cron</strong></span>).
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
bindkeys-file <em class="replaceable"><code>quoted_string</code></em>;<br>
blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- catalog-zones { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port<br>
-     <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
-     port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
+ catalog-zones { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]<br>
+     [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
+     <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
- dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
-     ( query | response ) ]; ... };<br>
- dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );<br>
- dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [ size ( unlimited |<br>
-     <em class="replaceable"><code>size</code></em> ) ] [ versions ( unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix (<br>
-     increment | timestamp ) ];<br>
+ dnstap { ( all | auth | client | forwarder |<br>
+     resolver | update ) [ ( query | response ) ];<br>
+     ... };<br>
+ dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none |<br>
+     hostname );<br>
+ dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [<br>
+     size ( unlimited | <em class="replaceable"><code>size</code></em> ) ] [ versions (<br>
+     unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix ( increment<br>
+     | timestamp ) ];<br>
dnstap-version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
dscp <em class="replaceable"><code>integer</code></em>;<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
fetches-per-server <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
fetches-per-zone <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
files ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
- filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
- filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
flush-zones-on-shutdown <em class="replaceable"><code>boolean</code></em>;<br>
forward ( first | only );<br>
forwarders [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
resolver-retry-interval <em class="replaceable"><code>integer</code></em>;<br>
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
- response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     policy ( cname | disabled | drop | given | no-op | nodata |<br>
-     nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
-     recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
-     qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
- Â Â Â Â }Â ];<br>
+ response-policy { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl<br>
+     <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |<br>
+     disabled | drop | given | no-op | nodata | nxdomain | passthru<br>
+     | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [<br>
+     break-dnssec <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [<br>
+     min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [<br>
+     nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]<br>
+     [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.17"></a><h2>SERVER</h2>
+<a name="id-1.13.27.17"></a><h2>PLUGIN</h2>
+
+ <div class="literallayout"><p><br>
+plugin ( query ) <em class="replaceable"><code>string</code></em> [ { <em class="replaceable"><code>unspecified-text</code></em><br>
+Â Â Â Â }Â ];<br>
+</p></div>
+ </div>
+
+ <div class="refsection">
+<a name="id-1.13.27.18"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server <em class="replaceable"><code>netprefix</code></em> {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.18"></a><h2>STATISTICS-CHANNELS</h2>
+<a name="id-1.13.27.19"></a><h2>STATISTICS-CHANNELS</h2>
<div class="literallayout"><p><br>
statistics-channels {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.19"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.13.27.20"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
</div>
<div class="refsection">
-<a name="id-1.13.27.20"></a><h2>VIEW</h2>
+<a name="id-1.13.27.21"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
- catalog-zones { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port<br>
-     <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
-     port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
+ catalog-zones { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]<br>
+     [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
+     <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
- dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
-     ( query | response ) ]; ... };<br>
+ dnstap { ( all | auth | client | forwarder |<br>
+     resolver | update ) [ ( query | response ) ];<br>
+     ... };<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port<br>
fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
fetches-per-server <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
fetches-per-zone <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
- filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
- filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
- filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
forward ( first | only );<br>
forwarders [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
    | <em class="replaceable"><code>ipv6_address</code></em> ) [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ]; ... };<br>
max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
message-compression <em class="replaceable"><code>boolean</code></em>;<br>
+ min-cache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
+ min-ncache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
minimal-any <em class="replaceable"><code>boolean</code></em>;<br>
nta-lifetime <em class="replaceable"><code>ttlval</code></em>;<br>
nta-recheck <em class="replaceable"><code>ttlval</code></em>;<br>
nxdomain-redirect <em class="replaceable"><code>string</code></em>;<br>
+ plugin ( query ) <em class="replaceable"><code>string</code></em> [ {<br>
+ Â Â Â Â <em class="replaceable"><code>unspecified-text</code></em>Â }Â ];<br>
preferred-glue <em class="replaceable"><code>string</code></em>;<br>
prefetch <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
resolver-retry-interval <em class="replaceable"><code>integer</code></em>;<br>
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
- response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     policy ( cname | disabled | drop | given | no-op | nodata |<br>
-     nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
-     recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
-     max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
-     min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
-     qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
-     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
-     dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
- Â Â Â Â }Â ];<br>
+ response-policy { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl<br>
+     <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |<br>
+     disabled | drop | given | no-op | nodata | nxdomain | passthru<br>
+     | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [<br>
+     break-dnssec <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [<br>
+     min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [<br>
+     nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]<br>
+     [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
+     dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em><br>
    | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- pubkey <em class="replaceable"><code>integer</code></em><br>
- Â Â Â Â <em class="replaceable"><code>integer</code></em><br>
- Â Â Â Â <em class="replaceable"><code>integer</code></em><br>
+ pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.21"></a><h2>ZONE</h2>
+<a name="id-1.13.27.22"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ]<br>
    [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
- pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.22"></a><h2>FILES</h2>
+<a name="id-1.13.27.23"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.13.27.23"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.27.24"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">ddns-confgen</span>(8)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.13.5</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.13.6</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
configuration options cannot exceed 90 seconds.
</p>
</li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>rndc status</strong></span> output now includes a
+ <span class="command"><strong>reconfig/reload in progress</strong></span> status line if named
+ configuration is being reloaded.
+ </p>
+ </li>
</ul></div>
</div>
removed from BIND as the DSA key length is limited to 1024
bits and this is not considered secure enough.
</p>
+ <p>
+ Support for RSAMD5 algorithm has been removed freom BIND as the usage
+ of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
+ the security of MD5 algorithm has been compromised and the its usage
+ is considered harmful.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The incomplete support for internationalization message catalogs has
+ been removed from BIND. Since the internationalization was never
+ completed, and no localized message catalogs were ever made available
+ for the portions of BIND in which they could have been used, this
+ change will have no effect except to simplify the source code. BIND's
+ log messages and other output were already only available in English.
+ </p>
</li>
</ul></div>
</div>
disables reading of the file <code class="filename">$HOME/.digrc</code>.
</p>
</li>
+<li class="listitem">
+ <p>
+ Zone signing and key maintenance events are now logged to the
+ <span class="command"><strong>dnssec</strong></span> category rather than
+ <span class="command"><strong>zone</strong></span>.
+ </p>
+ </li>
</ul></div>
</div>
-Release Notes for BIND Version 9.13.5
+Release Notes for BIND Version 9.13.6
Introduction
configured minimum TTL for both configuration options cannot exceed 90
seconds.
+ * rndc status output now includes a reconfig/reload in progress status
+ line if named configuration is being reloaded.
+
Removed Features
* Workarounds for servers that misbehave when queried with EDNS have
BIND as the DSA key length is limited to 1024 bits and this is not
considered secure enough.
+ Support for RSAMD5 algorithm has been removed freom BIND as the usage
+ of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
+ the security of MD5 algorithm has been compromised and the its usage
+ is considered harmful.
+
+ * The incomplete support for internationalization message catalogs has
+ been removed from BIND. Since the internationalization was never
+ completed, and no localized message catalogs were ever made available
+ for the portions of BIND in which they could have been used, this
+ change will have no effect except to simplify the source code. BIND's
+ log messages and other output were already only available in English.
+
Feature Changes
* BIND will now always use the best CSPRNG (cryptographically-secure
* The new dig -r command line option disables reading of the file $HOME
/.digrc.
+ * Zone signing and key maintenance events are now logged to the dnssec
+ category rather than zone.
+
Bug Fixes
* Running rndc reconfig could cause inline-signing zones to stop
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
- lmdb-mapsize <sizeval>;
+ lmdb-mapsize <sizeval>; // non-operational
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
- lmdb-mapsize <sizeval>;
+ lmdb-mapsize <sizeval>; // non-operational
maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> <string>
<integer> <integer> <integer>
-.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1302
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
-LIBINTERFACE = 1305
+LIBINTERFACE = 1306
LIBREVISION = 0
LIBAGE = 0
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1301
-LIBREVISION = 2
+LIBREVISION = 3
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
-LIBINTERFACE = 1305
+LIBINTERFACE = 1306
LIBREVISION = 0
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
-LIBINTERFACE = 1301
-LIBREVISION = 1
+LIBINTERFACE = 1302
+LIBREVISION = 0
LIBAGE = 0
# 9.11: 160-169,1100-1199
# 9.12: 1200-1299
# 9.13: 1300-1399
-LIBINTERFACE = 1301
+LIBINTERFACE = 1302
LIBREVISION = 0
LIBAGE = 0
# 9.12: 1200-1299
# 9.13: 1300-1399
LIBINTERFACE = 1304
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 0
DESCRIPTION="(Development Release)"
MAJORVER=9
MINORVER=13
-PATCHVER=5
+PATCHVER=6
RELEASETYPE=
RELEASEVER=
EXTENSIONS=
projects / thirdparty / bind9.git / commitdiff
