]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Add documentation for mirror zones
authorMichał Kępień <michal@isc.org>
Thu, 28 Jun 2018 11:38:39 +0000 (13:38 +0200)
committerMichał Kępień <michal@isc.org>
Thu, 28 Jun 2018 11:38:39 +0000 (13:38 +0200)
Update the ARM and various option lists with information about the
"mirror" option for slave zones.

bin/named/named.conf.docbook
doc/arm/Bv9ARM-book.xml
doc/arm/options.grammar.xml
doc/arm/slave.zoneopt.xml
doc/misc/options
doc/misc/slave.zoneopt

index 442c4ab61fd58b315852f0679b49719828f7d122..8587f7283cd4085546ab68e26c54e79fdaad7167 100644 (file)
@@ -861,6 +861,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
                max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
                min-refresh-time <replaceable>integer</replaceable>;
                min-retry-time <replaceable>integer</replaceable>;
+               mirror <replaceable>boolean</replaceable>;
                multi-master <replaceable>boolean</replaceable>;
                notify ( explicit | master-only | <replaceable>boolean</replaceable> );
                notify-delay <replaceable>integer</replaceable>;
@@ -966,6 +967,7 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
        max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
        min-refresh-time <replaceable>integer</replaceable>;
        min-retry-time <replaceable>integer</replaceable>;
+       mirror <replaceable>boolean</replaceable>;
        multi-master <replaceable>boolean</replaceable>;
        notify ( explicit | master-only | <replaceable>boolean</replaceable> );
        notify-delay <replaceable>integer</replaceable>;
index 9aa63163e9be3281bbf8f26b74e078d7fc0be199..c8eec62d4e03070bc3f8d64e00063814a8c39f46 100644 (file)
@@ -12455,6 +12455,46 @@ example.com. NS ns2.example.net.
                </listitem>
              </varlistentry>
 
+             <varlistentry>
+               <term><command>mirror</command></term>
+               <listitem>
+                 <para>
+                   If set to <userinput>yes</userinput>, causes the
+                   zone to become a mirror zone.  A mirror zone is a
+                   <userinput>slave</userinput> zone whose every
+                   version is subject to DNSSEC validation before being
+                   used.  In order for zone validation to succeed, its
+                   KSK must be configured as a trust anchor.  Answers
+                   coming from a mirror zone look almost exactly like
+                   answers from a regular <userinput>slave</userinput>
+                   zone, with the notable exception of the AA bit not
+                   being set.  The default is <userinput>no</userinput>.
+                   This option is meant to be used for deploying an RFC
+                   7706-style local copy of the root zone, e.g. using a
+                   configuration like this:
+                 </para>
+<programlisting>zone "." {
+       type slave;
+       mirror yes;
+       file "root.mirror";
+       masters {
+               192.228.79.201;       # b.root-servers.net
+               192.33.4.12;          # c.root-servers.net
+               192.5.5.241;          # f.root-servers.net
+               192.112.36.4;         # g.root-servers.net
+               193.0.14.129;         # k.root-servers.net
+               192.0.47.132;         # xfr.cjr.dns.icann.org
+               192.0.32.132;         # xfr.lax.dns.icann.org
+               2001:500:84::b;       # b.root-servers.net
+               2001:500:2f::f;       # f.root-servers.net
+               2001:7fd::1;          # k.root-servers.net
+               2620:0:2830:202::132; # xfr.cjr.dns.icann.org
+               2620:0:2d0:202::132;  # xfr.lax.dns.icann.org
+       };
+};</programlisting>
+               </listitem>
+             </varlistentry>
+
              <varlistentry>
                <term><command>multi-master</command></term>
                <listitem>
index 4624fbfa9da1689ad5c541d09c94bfd5e0fbbd27..ef3f33ce9bb925a55402ad9c288a75e2a13ddeee 100644 (file)
        <command>min-retry-time</command> <replaceable>integer</replaceable>;
        <command>minimal-any</command> <replaceable>boolean</replaceable>;
        <command>minimal-responses</command> ( no-auth | no-auth-recursive | <replaceable>boolean</replaceable> );
+       <command>mirror</command> <replaceable>boolean</replaceable>;
        <command>multi-master</command> <replaceable>boolean</replaceable>;
        <command>new-zones-directory</command> <replaceable>quoted_string</replaceable>;
        <command>no-case-compress</command> { <replaceable>address_match_element</replaceable>; ... };
index 63c0a4acf182ffc6ac7e41a386284085d0d7cbf4..0c4ee36a70cc85d5c195e91b128ef520a8726392 100644 (file)
@@ -50,6 +50,7 @@
        <command>max-transfer-time-out</command> <replaceable>integer</replaceable>;
        <command>min-refresh-time</command> <replaceable>integer</replaceable>;
        <command>min-retry-time</command> <replaceable>integer</replaceable>;
+       <command>mirror</command> <replaceable>boolean</replaceable>;
        <command>multi-master</command> <replaceable>boolean</replaceable>;
        <command>notify</command> ( explicit | master-only | <replaceable>boolean</replaceable> );
        <command>notify-delay</command> <replaceable>integer</replaceable>;
index 294f8b84effab704655f314d5e60cf094d96a02a..72a852b2ff8a83541149080f02e48a4ebf31dfd2 100644 (file)
@@ -784,6 +784,7 @@ view <string> [ <class> ] {
                 max-zone-ttl ( unlimited | <ttlval> );
                 min-refresh-time <integer>;
                 min-retry-time <integer>;
+                mirror <boolean>;
                 multi-master <boolean>;
                 notify ( explicit | master-only | <boolean> );
                 notify-delay <integer>;
@@ -890,6 +891,7 @@ zone <string> [ <class> ] {
         max-zone-ttl ( unlimited | <ttlval> );
         min-refresh-time <integer>;
         min-retry-time <integer>;
+        mirror <boolean>;
         multi-master <boolean>;
         notify ( explicit | master-only | <boolean> );
         notify-delay <integer>;
index 248823a88bd5a7f6617da4d9dd0cdfdcd8badeb8..42c87f46780a1307e087e8d82e783b9f28741eab 100644 (file)
@@ -37,6 +37,7 @@ zone <string> [ <class> ] {
        max-transfer-time-out <integer>;
        min-refresh-time <integer>;
        min-retry-time <integer>;
+       mirror <boolean>;
        multi-master <boolean>;
        notify ( explicit | master-only | <boolean> );
        notify-delay <integer>;