<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
- <date>2018-10-23</date>
+ <date>2018-12-07</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
bindkeys-file <replaceable>quoted_string</replaceable>;
blackhole { <replaceable>address_match_element</replaceable>; ... };
cache-file <replaceable>quoted_string</replaceable>;
- catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
- <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
- port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
+ catalog-zones { zone <replaceable>string</replaceable> [ default-masters [ port <replaceable>integer</replaceable> ]
+ [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [
- ( query | response ) ]; ... };
- dnstap-identity ( <replaceable>quoted_string</replaceable> | none | hostname );
- dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> [ size ( unlimited |
- <replaceable>size</replaceable> ) ] [ versions ( unlimited | <replaceable>integer</replaceable> ) ] [ suffix (
- increment | timestamp ) ];
+ dnstap { ( all | auth | client | forwarder |
+ resolver | update ) [ ( query | response ) ];
+ ... };
+ dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
+ hostname );
+ dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> [
+ size ( unlimited | <replaceable>size</replaceable> ) ] [ versions (
+ unlimited | <replaceable>integer</replaceable> ) ] [ suffix ( increment
+ | timestamp ) ];
dnstap-version ( <replaceable>quoted_string</replaceable> | none );
dscp <replaceable>integer</replaceable>;
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
files ( default | unlimited | <replaceable>sizeval</replaceable> );
- filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
- filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
- filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
flush-zones-on-shutdown <replaceable>boolean</replaceable>;
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
resolver-retry-interval <replaceable>integer</replaceable>;
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
- response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
- max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
- policy ( cname | disabled | drop | given | no-op | nodata |
- nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
- recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
- nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
- max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
- min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
- qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
- nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
- dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
- } ];
+ response-policy { zone <replaceable>string</replaceable> [ log <replaceable>boolean</replaceable> ] [ max-policy-ttl
+ <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [ policy ( cname |
+ disabled | drop | given | no-op | nodata | nxdomain | passthru
+ | tcp-only <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ] [
+ nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ]; ... } [
+ break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>ttlval</replaceable> ] [
+ min-update-interval <replaceable>ttlval</replaceable> ] [ min-ns-dots <replaceable>integer</replaceable> ] [
+ nsip-wait-recurse <replaceable>boolean</replaceable> ] [ qname-wait-recurse <replaceable>boolean</replaceable> ]
+ [ recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
+ nsdname-enable <replaceable>boolean</replaceable> ] [ dnsrps-enable <replaceable>boolean</replaceable> ] [
+ dnsrps-options { <replaceable>unspecified-text</replaceable> } ];
root-delegation-only [ exclude { <replaceable>string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
</literallayout>
</refsection>
+ <refsection><info><title>PLUGIN</title></info>
+
+ <literallayout class="normal">
+plugin ( query ) <replaceable>string</replaceable> [ { <replaceable>unspecified-text</replaceable>
+ } ];
+</literallayout>
+ </refsection>
+
<refsection><info><title>SERVER</title></info>
<literallayout class="normal">
auth-nxdomain <replaceable>boolean</replaceable>; // default changed
auto-dnssec ( allow | maintain | off );
cache-file <replaceable>quoted_string</replaceable>;
- catalog-zones { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
- <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
- port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
+ catalog-zones { zone <replaceable>string</replaceable> [ default-masters [ port <replaceable>integer</replaceable> ]
+ [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver | update ) [
- ( query | response ) ]; ... };
+ dnstap { ( all | auth | client | forwarder |
+ resolver | update ) [ ( query | response ) ];
+ ... };
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
fetch-quota-params <replaceable>integer</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable> <replaceable>fixedpoint</replaceable>;
fetches-per-server <replaceable>integer</replaceable> [ ( drop | fail ) ];
fetches-per-zone <replaceable>integer</replaceable> [ ( drop | fail ) ];
- filter-aaaa { <replaceable>address_match_element</replaceable>; ... };
- filter-aaaa-on-v4 ( break-dnssec | <replaceable>boolean</replaceable> );
- filter-aaaa-on-v6 ( break-dnssec | <replaceable>boolean</replaceable> );
forward ( first | only );
forwarders [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
max-udp-size <replaceable>integer</replaceable>;
max-zone-ttl ( unlimited | <replaceable>ttlval</replaceable> );
message-compression <replaceable>boolean</replaceable>;
+ min-cache-ttl <replaceable>ttlval</replaceable>;
+ min-ncache-ttl <replaceable>ttlval</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
nta-lifetime <replaceable>ttlval</replaceable>;
nta-recheck <replaceable>ttlval</replaceable>;
nxdomain-redirect <replaceable>string</replaceable>;
+ plugin ( query ) <replaceable>string</replaceable> [ {
+ <replaceable>unspecified-text</replaceable> } ];
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
resolver-retry-interval <replaceable>integer</replaceable>;
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
- response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
- max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
- policy ( cname | disabled | drop | given | no-op | nodata |
- nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
- recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
- nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
- max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
- min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
- qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
- nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
- dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
- } ];
+ response-policy { zone <replaceable>string</replaceable> [ log <replaceable>boolean</replaceable> ] [ max-policy-ttl
+ <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [ policy ( cname |
+ disabled | drop | given | no-op | nodata | nxdomain | passthru
+ | tcp-only <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ] [
+ nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ]; ... } [
+ break-dnssec <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>ttlval</replaceable> ] [
+ min-update-interval <replaceable>ttlval</replaceable> ] [ min-ns-dots <replaceable>integer</replaceable> ] [
+ nsip-wait-recurse <replaceable>boolean</replaceable> ] [ qname-wait-recurse <replaceable>boolean</replaceable> ]
+ [ recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
+ nsdname-enable <replaceable>boolean</replaceable> ] [ dnsrps-enable <replaceable>boolean</replaceable> ] [
+ dnsrps-options { <replaceable>unspecified-text</replaceable> } ];
root-delegation-only [ exclude { <replaceable>string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable>
| * ) ] [ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
- pubkey <replaceable>integer</replaceable>
- <replaceable>integer</replaceable>
- <replaceable>integer</replaceable>
+ pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable>
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * ) ]
[ dscp <replaceable>integer</replaceable> ];
notify-to-soa <replaceable>boolean</replaceable>;
- pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable>
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * Ancient options are fatal.
+ */
+options {
+ fake-iquery yes;
+};
};
coresize 1073741824;
datasize 104857600;
- deallocate-on-exit yes;
directory ".";
dscp 41;
dump-file "named_dumpdb";
- fake-iquery yes;
files 1000;
- has-old-clients no;
heartbeat-interval 30;
- host-statistics yes;
- host-statistics-max 100;
hostname none;
interface-interval 30;
keep-response-order {
};
match-mapped-addresses yes;
memstatistics-file "named.memstats";
- multiple-cnames no;
- named-xfer "this is no longer needed";
pid-file none;
port 5300;
querylog yes;
recursing-file "named.recursing";
recursive-clients 3000;
- serial-queries 10;
serial-query-rate 100;
server-id none;
max-cache-size 20000000000000;
status=`expr $status + $ret`
done
+n=`expr $n + 1`
+echo_i "checking that ancient options report a fatal error ($n)"
+ret=0
+$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1
+grep "no longer exists" ancient.out > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
n=`expr $n + 1`
echo_i "checking that named-checkconf -z catches missing hint file ($n)"
ret=0
ret=0
$CHECKCONF -l good.conf |
grep -v "is not implemented" |
+grep -v "no longer exists" |
grep -v "is obsolete" > checkconf.out$n || ret=1
diff good.zonelist checkconf.out$n > diff.out$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
(<command>rndc</command>) program allows the
system
administrator to control the operation of a name server.
- Since <acronym>BIND</acronym> 9.2, <command>rndc</command>
- supports all the commands of the BIND 8 <command>ndc</command>
- utility except <command>ndc start</command> and
- <command>ndc restart</command>, which were also
- not supported in <command>ndc</command>'s
- channel mode.
If you run <command>rndc</command> without any
- options
- it will display a usage message as follows:
+ options, it will display a usage message as follows:
</para>
<cmdsynopsis label="Usage" sepchar=" ">
<command>rndc</command>
</programlisting>
<para>
- In <acronym>BIND</acronym> 9, the logging configuration
- is only established when
- the entire configuration file has been parsed. In <acronym>BIND</acronym> 8, it was
- established as soon as the <command>logging</command>
- statement
- was parsed. When the server is starting up, all logging messages
+ The logging configuration is only established when
+ the entire configuration file has been parsed.
+ When the server is starting up, all logging messages
regarding syntax errors in the configuration file go to the default
channels, or to standard error if the <option>-g</option> option
was specified.
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>named-xfer</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete.</emphasis> It
- was used in <acronym>BIND</acronym> 8 to specify
- the pathname to the <command>named-xfer</command>
- program. In <acronym>BIND</acronym> 9, no separate
- <command>named-xfer</command> program is needed;
- its functionality is built into the name server.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>qname-minimization</command></term>
<listitem>
<term><command>auth-nxdomain</command></term>
<listitem>
<para>
- If <userinput>yes</userinput>, then the <command>AA</command> bit
- is always set on NXDOMAIN responses, even if the server is
- not actually
- authoritative. The default is <userinput>no</userinput>;
- this is
- a change from <acronym>BIND</acronym> 8. If you
- are using very old DNS software, you
+ If <userinput>yes</userinput>, then the
+ <command>AA</command> bit is always set on NXDOMAIN
+ responses, even if the server is not actually
+ authoritative. The default is <userinput>no</userinput>.
+ If you are using very old DNS software, you
may need to set it to <userinput>yes</userinput>.
</para>
</listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>fake-iquery</command></term>
- <listitem>
- <para>
- In <acronym>BIND</acronym> 8, this option
- enabled simulating the obsolete DNS query type
- IQUERY. <acronym>BIND</acronym> 9 never does
- IQUERY simulation.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><command>fetch-glue</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete</emphasis>.
- In BIND 8, <userinput>fetch-glue yes</userinput>
- caused the server to attempt to fetch glue resource records
- it
- didn't have when constructing the additional
- data section of a response. This is now considered a bad
- idea
- and BIND 9 never does it.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>flush-zones-on-shutdown</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>has-old-clients</command></term>
- <listitem>
- <para>
- This option was incorrectly implemented
- in <acronym>BIND</acronym> 8, and is ignored by <acronym>BIND</acronym> 9.
- To achieve the intended effect
- of
- <command>has-old-clients</command> <userinput>yes</userinput>, specify
- the two separate options <command>auth-nxdomain</command> <userinput>yes</userinput>
- and <command>rfc2308-type1</command> <userinput>no</userinput> instead.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><command>host-statistics</command></term>
- <listitem>
- <para>
- In BIND 8, this enabled keeping of
- statistics for every host that the name server interacts
- with.
- Not implemented in BIND 9.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>root-key-sentinel</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>maintain-ixfr-base</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete</emphasis>.
- It was used in <acronym>BIND</acronym> 8 to
- determine whether a transaction log was
- kept for Incremental Zone Transfer. <acronym>BIND</acronym> 9 maintains a transaction
- log whenever possible. If you need to disable outgoing
- incremental zone
- transfers, use <command>provide-ixfr</command> <userinput>no</userinput>.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>message-compression</command></term> <listitem>
<para>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>multiple-cnames</command></term>
- <listitem>
- <para>
- This option was used in <acronym>BIND</acronym> 8 to allow
- a domain name to have multiple CNAME records in violation of
- the DNS standards. <acronym>BIND</acronym> 9.2 onwards
- always strictly enforces the CNAME rules both in master
- files and dynamic updates.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>notify</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>rfc2308-type1</command></term>
- <listitem>
- <para>
- Setting this to <userinput>yes</userinput> will
- cause the server to send NS records along with the SOA
- record for negative
- answers. The default is <userinput>no</userinput>.
- </para>
- <note>
- <simpara>
- Not yet implemented in <acronym>BIND</acronym>
- 9.
- </simpara>
- </note>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>trust-anchor-telemetry</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>use-id-pool</command></term>
- <listitem>
- <para>
- <emphasis>This option is obsolete</emphasis>.
- <acronym>BIND</acronym> 9 always allocates query
- IDs from a pool.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>use-ixfr</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>treat-cr-as-space</command></term>
- <listitem>
- <para>
- This option was used in <acronym>BIND</acronym>
- 8 to make
- the server treat carriage return ("<command>\r</command>") characters the same way
- as a space or tab character,
- to facilitate loading of zone files on a UNIX system that
- were generated
- on an NT or DOS machine. In <acronym>BIND</acronym> 9, both UNIX "<command>\n</command>"
- and NT/DOS "<command>\r\n</command>" newlines
- are always accepted,
- and the option is ignored.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>match-mapped-addresses</command></term>
<listitem>
<listitem>
<para>
Try to refresh the zone using TCP if UDP queries fail.
- For BIND 8 compatibility, the default is
- <command>yes</command>.
+ The default is <command>yes</command>.
</para>
</listitem>
</varlistentry>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>serial-queries</command></term>
- <listitem>
- <para>
- In BIND 8, the <command>serial-queries</command>
- option
- set the maximum number of concurrent serial number queries
- allowed to be outstanding at any given time.
- BIND 9 does not limit the number of outstanding
- serial queries and ignores the <command>serial-queries</command> option.
- Instead, it limits the rate at which the queries are sent
- as defined using the <command>serial-query-rate</command> option.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>transfer-format</command></term>
<listitem>
<listitem>
<para>
Use the alternate transfer sources or not. If views are
- specified this defaults to <command>no</command>
+ specified this defaults to <command>no</command>,
otherwise it defaults to
- <command>yes</command> (for BIND 8
- compatibility).
+ <command>yes</command>.
</para>
</listitem>
</varlistentry>
<variablelist>
- <varlistentry>
- <term><command>max-ixfr-log-size</command></term>
- <listitem>
- <para>
- This option is obsolete; it is accepted
- and ignored for BIND 8 compatibility. The option
- <command>max-journal-size</command> performs a
- similar function in BIND 9.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>max-journal-size</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>host-statistics-max</command></term>
- <listitem>
- <para>
- In BIND 8, specifies the maximum number of host statistics
- entries to be kept.
- Not implemented in BIND 9.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>recursive-clients</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>statistics-interval</command></term>
- <listitem>
- <para>
- Name server statistics will be logged
- every <command>statistics-interval</command>
- minutes. The default is
- 60. The maximum value is 28 days (40320 minutes).
- If set to 0, no statistics will be logged.
- </para><note>
- <simpara>
- Not yet implemented in
- <acronym>BIND</acronym> 9.
- </simpara>
- </note>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><command>topology</command></term>
- <listitem>
- <para>
- In BIND 8, this option indicated network topology
- so that preferential treatment could be given to
- the topologicaly closest name servers when sending
- queries. It is not implemented in BIND 9.
- </para>
- </listitem>
- </varlistentry>
-
</variablelist>
</section>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>min-roots</command></term>
- <listitem>
- <para>
- The minimum number of root servers that
- is required for a request for the root servers to be
- accepted. The default
- is <userinput>2</userinput>.
- </para>
- <note>
- <simpara>
- Not implemented in <acronym>BIND</acronym> 9.
- </simpara>
- </note>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>sig-validity-interval</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>ixfr-base</command></term>
- <listitem>
- <para>
- Was used in <acronym>BIND</acronym> 8 to
- specify the name
- of the transaction log (journal) file for dynamic update
- and IXFR.
- <acronym>BIND</acronym> 9 ignores the option
- and constructs the name of the journal
- file by appending "<filename>.jnl</filename>"
- to the name of the
- zone file.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><command>ixfr-tmp-file</command></term>
- <listitem>
- <para>
- Was an undocumented option in <acronym>BIND</acronym> 8.
- Ignored in <acronym>BIND</acronym> 9.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>journal</command></term>
<listitem>
</listitem>
</varlistentry>
- <varlistentry>
- <term><command>pubkey</command></term>
- <listitem>
- <para>
- In <acronym>BIND</acronym> 8, this option was
- intended for specifying
- a public zone key for verification of signatures in DNSSEC
- signed
- zones when they are loaded from disk. <acronym>BIND</acronym> 9 does not verify signatures
- on load and ignores the option.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><command>zone-statistics</command></term>
<listitem>
The <command>$GENERATE</command> directive is a <acronym>BIND</acronym> extension
and not part of the standard zone file format.
</para>
- <para>
- BIND 8 did not support the optional TTL and CLASS fields.
- </para>
</section>
<section xml:id="zonefile_format"><info><title>Additional File Formats</title></info>
<command>bindkeys-file</command> <replaceable>quoted_string</replaceable>;
<command>blackhole</command> { <replaceable>address_match_element</replaceable>; ... };
<command>cache-file</command> <replaceable>quoted_string</replaceable>;
- <command>catalog-zones</command> { zone <replaceable>quoted_string</replaceable> [ default-masters [ port
- <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
- <command>port</command> <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
+ <command>catalog-zones</command> { zone <replaceable>string</replaceable> [ default-masters [ port <replaceable>integer</replaceable> ]
+ [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [ port
+ <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
<command>in-memory</command> <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
<command>check-dup-records</command> ( fail | warn | ignore );
<command>dnssec-secure-to-insecure</command> <replaceable>boolean</replaceable>;
<command>dnssec-update-mode</command> ( maintain | no-resign );
<command>dnssec-validation</command> ( yes | no | auto );
- <command>dnstap</command> { ( all | auth | client | forwarder | resolver | update ) [
- ( query | response ) ]; ... };
- <command>dnstap-identity</command> ( <replaceable>quoted_string</replaceable> | none | hostname );
- <command>dnstap-output</command> ( file | unix ) <replaceable>quoted_string</replaceable> [ size ( unlimited |
- <replaceable>size</replaceable> ) ] [ versions ( unlimited | <replaceable>integer</replaceable> ) ] [ suffix (
- <command>increment</command> | timestamp ) ];
+ <command>dnstap</command> { ( all | auth | client | forwarder |
+ <command>resolver</command> | update ) [ ( query | response ) ];
+ ... };
+ <command>dnstap-identity</command> ( <replaceable>quoted_string</replaceable> | none |
+ <command>hostname</command> );
+ <command>dnstap-output</command> ( file | unix ) <replaceable>quoted_string</replaceable> [
+ <command>size</command> ( unlimited | <replaceable>size</replaceable> ) ] [ versions (
+ <command>unlimited</command> | <replaceable>integer</replaceable> ) ] [ suffix ( increment
+ | timestamp ) ];
<command>dnstap-version</command> ( <replaceable>quoted_string</replaceable> | none );
<command>dscp</command> <replaceable>integer</replaceable>;
<command>dual-stack-servers</command> [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
<command>fetches-per-server</command> <replaceable>integer</replaceable> [ ( drop | fail ) ];
<command>fetches-per-zone</command> <replaceable>integer</replaceable> [ ( drop | fail ) ];
<command>files</command> ( default | unlimited | <replaceable>sizeval</replaceable> );
- <command>filter-aaaa</command> { <replaceable>address_match_element</replaceable>; ... };
- <command>filter-aaaa-on-v4</command> ( break-dnssec | <replaceable>boolean</replaceable> );
- <command>filter-aaaa-on-v6</command> ( break-dnssec | <replaceable>boolean</replaceable> );
<command>flush-zones-on-shutdown</command> <replaceable>boolean</replaceable>;
<command>forward</command> ( first | only );
<command>forwarders</command> [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>ipv4_address</replaceable>
<command>memstatistics</command> <replaceable>boolean</replaceable>;
<command>memstatistics-file</command> <replaceable>quoted_string</replaceable>;
<command>message-compression</command> <replaceable>boolean</replaceable>;
+ <command>min-cache-ttl</command> <replaceable>ttlval</replaceable>;
+ <command>min-ncache-ttl</command> <replaceable>ttlval</replaceable>;
<command>min-refresh-time</command> <replaceable>integer</replaceable>;
<command>min-retry-time</command> <replaceable>integer</replaceable>;
<command>minimal-any</command> <replaceable>boolean</replaceable>;
<command>resolver-retry-interval</command> <replaceable>integer</replaceable>;
<command>response-padding</command> { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
- <command>response-policy</command> { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
- <command>max-policy-ttl</command> <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
- <command>policy</command> ( cname | disabled | drop | given | no-op | nodata |
- <command>nxdomain</command> | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
- <command>recursive-only</command> <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
- <command>nsdname-enable</command> <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
- <command>max-policy-ttl</command> <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
- <command>min-ns-dots</command> <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
- <command>qname-wait-recurse</command> <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
- <command>nsip-enable</command> <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
- <command>dnsrps-enable</command> <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
- } ];
+ <command>response-policy</command> { zone <replaceable>string</replaceable> [ log <replaceable>boolean</replaceable> ] [ max-policy-ttl
+ <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [ policy ( cname |
+ <command>disabled</command> | drop | given | no-op | nodata | nxdomain | passthru
+ | tcp-only <replaceable>quoted_string</replaceable> ) ] [ recursive-only <replaceable>boolean</replaceable> ] [
+ <command>nsip-enable</command> <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ]; ... } [
+ <command>break-dnssec</command> <replaceable>boolean</replaceable> ] [ max-policy-ttl <replaceable>ttlval</replaceable> ] [
+ <command>min-update-interval</command> <replaceable>ttlval</replaceable> ] [ min-ns-dots <replaceable>integer</replaceable> ] [
+ <command>nsip-wait-recurse</command> <replaceable>boolean</replaceable> ] [ qname-wait-recurse <replaceable>boolean</replaceable> ]
+ [ recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
+ <command>nsdname-enable</command> <replaceable>boolean</replaceable> ] [ dnsrps-enable <replaceable>boolean</replaceable> ] [
+ <command>dnsrps-options</command> { <replaceable>unspecified-text</replaceable> } ];
<command>root-delegation-only</command> [ exclude { <replaceable>string</replaceable>; ... } ];
<command>root-key-sentinel</command> <replaceable>boolean</replaceable>;
<command>rrset-order</command> { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
$display = 1
}
- if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) {
+ if (m{// not.*implemented} || m{// obsolete} ||
+ m{// ancient} || m{// test.*only})
+ {
next;
}
my $blank = 0;
while (<FH>) {
- if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) {
+ if (m{// not.*implemented} || m{// obsolete} ||
+ m{// ancient} || m{// test.*only})
+ {
next;
}
END
while (<FH>) {
- if (m{// not.*implemented} || m{// obsolete} || m{// test.*only}) {
+ if (m{// not.*implemented} || m{// obsolete} ||
+ m{// ancient} || m{// test.*only})
+ {
next;
}
cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
- deallocate-on-exit <boolean>; // obsolete
+ deallocate-on-exit <boolean>; // ancient
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
- fake-iquery <boolean>; // obsolete
- fetch-glue <boolean>; // obsolete
+ fake-iquery <boolean>; // ancient
+ fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // obsolete
glue-cache <boolean>;
- has-old-clients <boolean>; // obsolete
+ has-old-clients <boolean>; // ancient
heartbeat-interval <integer>;
- host-statistics <boolean>; // not implemented
- host-statistics-max <integer>; // not implemented
+ host-statistics <boolean>; // ancient
+ host-statistics-max <integer>; // ancient
hostname ( <quoted_string> | none );
inline-signing <boolean>;
interface-interval <ttlval>;
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
- lmdb-mapsize <sizeval>; // non-operational
+ lmdb-mapsize <sizeval>;
lock-file ( <quoted_string> | none );
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
- max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <ttlval>;
max-records <integer>;
min-ncache-ttl <ttlval>;
min-refresh-time <integer>;
min-retry-time <integer>;
- min-roots <integer>; // not implemented
+ min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
- multiple-cnames <boolean>; // obsolete
- named-xfer <quoted_string>; // obsolete
+ multiple-cnames <boolean>; // ancient
+ named-xfer <quoted_string>; // ancient
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
[ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
dnsrps-options { <unspecified-text> } ];
- rfc2308-type1 <boolean>; // not yet implemented
+ rfc2308-type1 <boolean>; // ancient
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
- serial-queries <integer>; // obsolete
+ serial-queries <integer>; // ancient
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
stale-answer-ttl <ttlval>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
- statistics-interval <integer>; // not yet implemented
+ statistics-interval <integer>; // ancient
suppress-initial-notify <boolean>; // not yet implemented
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
- topology { <address_match_element>; ... }; // not implemented
+ topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
- treat-cr-as-space <boolean>; // obsolete
+ treat-cr-as-space <boolean>; // ancient
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
- use-id-pool <boolean>; // obsolete
+ use-id-pool <boolean>; // ancient
use-ixfr <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
- fetch-glue <boolean>; // obsolete
+ fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
- lmdb-mapsize <sizeval>; // non-operational
- maintain-ixfr-base <boolean>; // obsolete
+ lmdb-mapsize <sizeval>;
+ maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> <string>
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
- max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <ttlval>;
max-records <integer>;
min-ncache-ttl <ttlval>;
min-refresh-time <integer>;
min-retry-time <integer>;
- min-roots <integer>; // not implemented
+ min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
[ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
dnsrps-options { <unspecified-text> } ];
- rfc2308-type1 <boolean>; // not yet implemented
+ rfc2308-type1 <boolean>; // ancient
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
stale-answer-ttl <ttlval>;
suppress-initial-notify <boolean>; // not yet implemented
synth-from-dnssec <boolean>;
- topology { <address_match_element>; ... }; // not implemented
+ topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
- ixfr-base <quoted_string>; // obsolete
+ ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
- ixfr-tmp-file <quoted_string>; // obsolete
+ ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
| <ipv4_address> [ port <integer> ] | <ipv6_address> [
port <integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited |
- <sizeval> ); // obsolete
+ <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
| * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
- pubkey <integer>
- <integer>
- <integer>
- <quoted_string>; // obsolete, may occur multiple times
+ pubkey <integer> <integer> <integer>
+ <quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
- ixfr-base <quoted_string>; // obsolete
+ ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
- ixfr-tmp-file <quoted_string>; // obsolete
+ ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
- max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
- pubkey <integer> <integer>
- <integer> <quoted_string>; // obsolete, may occur multiple times
+ pubkey <integer> <integer> <integer> <quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
/*% Clause may occur multiple times (e.g., "zone") */
#define CFG_CLAUSEFLAG_MULTI 0x00000001
-/*% Clause is obsolete */
+/*% Clause is obsolete (logs a warning, but is not a fatal error) */
#define CFG_CLAUSEFLAG_OBSOLETE 0x00000002
/*% Clause is not implemented, and may never be */
#define CFG_CLAUSEFLAG_NOTIMP 0x00000004
/*% A configuration option that is ineffective due to
* compile time options, but is harmless. */
#define CFG_CLAUSEFLAG_NOOP 0x00000200
-/*% Clause is obsolete in a future release */
+/*% Clause will be obsolete in a future release (logs a warning) */
#define CFG_CLAUSEFLAG_DEPRECATED 0x00000400
+/*% Clause has been obsolete so long that it's now a fatal error */
+#define CFG_CLAUSEFLAG_ANCIENT 0x00000800
/*%
* Zone types for which a clause is valid:
&cfg_rep_tuple, portiplist_fields
};
-/*%
- * A public key, as in the "pubkey" statement.
+/*
+ * Obsolete format for the "pubkey" statement.
*/
static cfg_tuplefielddef_t pubkey_fields[] = {
- { "flags", &cfg_type_uint32, 0 },
- { "protocol", &cfg_type_uint32, 0 },
- { "algorithm", &cfg_type_uint32, 0 },
- { "key", &cfg_type_qstring, 0 },
- { NULL, NULL, 0 }
+ { "flags", &cfg_type_uint32, 0 },
+ { "protocol", &cfg_type_uint32, 0 },
+ { "algorithm", &cfg_type_uint32, 0 },
+ { "key", &cfg_type_qstring, 0 },
+ { NULL, NULL, 0 }
};
static cfg_type_t cfg_type_pubkey = {
- "pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
- &cfg_rep_tuple, pubkey_fields
+ "pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
+ &cfg_rep_tuple, pubkey_fields
};
/*%
{ "cookie-secret", &cfg_type_sstring, CFG_CLAUSEFLAG_MULTI },
{ "coresize", &cfg_type_size, 0 },
{ "datasize", &cfg_type_size, 0 },
- { "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+ { "deallocate-on-exit", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "directory", &cfg_type_qstring, CFG_CLAUSEFLAG_CALLBACK },
#ifdef HAVE_DNSTAP
{ "dnstap-output", &cfg_type_dnstapoutput, 0 },
#endif
{ "dscp", &cfg_type_uint32, 0 },
{ "dump-file", &cfg_type_qstring, 0 },
- { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+ { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "files", &cfg_type_size, 0 },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
#ifdef HAVE_DNSTAP
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_GEOIP */
{ "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
- { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+ { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "heartbeat-interval", &cfg_type_uint32, 0 },
- { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP },
- { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
+ { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+ { "host-statistics-max", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "hostname", &cfg_type_qstringornone, 0 },
{ "interface-interval", &cfg_type_ttlval, 0 },
{ "keep-response-order", &cfg_type_bracketed_aml, 0 },
{ "max-rsa-exponent-size", &cfg_type_uint32, 0 },
{ "memstatistics", &cfg_type_boolean, 0 },
{ "memstatistics-file", &cfg_type_qstring, 0 },
- { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
- { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE },
+ { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+ { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_ANCIENT },
{ "notify-rate", &cfg_type_uint32, 0 },
{ "pid-file", &cfg_type_qstringornone, 0 },
{ "port", &cfg_type_uint32, 0 },
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 },
{ "secroots-file", &cfg_type_qstring, 0 },
- { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
+ { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "serial-query-rate", &cfg_type_uint32, 0 },
{ "server-id", &cfg_type_serverid, 0 },
{ "session-keyalg", &cfg_type_astring, 0 },
{ "stacksize", &cfg_type_size, 0 },
{ "startup-notify-rate", &cfg_type_uint32, 0 },
{ "statistics-file", &cfg_type_qstring, 0 },
- { "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_NYI },
+ { "statistics-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "tcp-advertised-timeout", &cfg_type_uint32, 0 },
{ "tcp-clients", &cfg_type_uint32, 0 },
{ "tcp-idle-timeout", &cfg_type_uint32, 0 },
{ "transfers-in", &cfg_type_uint32, 0 },
{ "transfers-out", &cfg_type_uint32, 0 },
{ "transfers-per-ns", &cfg_type_uint32, 0 },
- { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
- { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+ { "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
+ { "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "empty-contact", &cfg_type_astring, 0 },
{ "empty-server", &cfg_type_astring, 0 },
{ "empty-zones-enable", &cfg_type_boolean, 0 },
- { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+ { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
{ "fetches-per-server", &cfg_type_fetchesper, 0 },
{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
#else
{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP },
#endif
- { "max-acache-size", &cfg_type_sizenodefault,
- CFG_CLAUSEFLAG_OBSOLETE },
+ { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE },
{ "max-cache-size", &cfg_type_sizeorpercent, 0 },
{ "max-cache-ttl", &cfg_type_ttlval, 0 },
{ "max-clients-per-query", &cfg_type_uint32, 0 },
{ "message-compression", &cfg_type_boolean, 0 },
{ "min-cache-ttl", &cfg_type_ttlval, 0 },
{ "min-ncache-ttl", &cfg_type_ttlval, 0 },
- { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
+ { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_ANCIENT },
{ "minimal-any", &cfg_type_boolean, 0 },
{ "minimal-responses", &cfg_type_minimal, 0 },
{ "new-zones-directory", &cfg_type_qstring, 0 },
{ "resolver-retry-interval", &cfg_type_uint32, 0 },
{ "response-padding", &cfg_type_resppadding, 0 },
{ "response-policy", &cfg_type_rpz, 0 },
- { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
+ { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_ANCIENT },
{ "root-delegation-only", &cfg_type_optional_exclude, 0 },
{ "root-key-sentinel", &cfg_type_boolean, 0 },
{ "rrset-order", &cfg_type_rrsetorder, 0 },
{ "stale-answer-ttl", &cfg_type_ttlval, 0 },
{ "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI },
{ "synth-from-dnssec", &cfg_type_boolean, 0 },
- { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },
+ { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_ANCIENT },
{ "transfer-format", &cfg_type_transferformat, 0 },
{ "trust-anchor-telemetry", &cfg_type_boolean,
CFG_CLAUSEFLAG_EXPERIMENTAL },
CFG_ZONE_MASTER | CFG_ZONE_SLAVE
},
{ "maintain-ixfr-base", &cfg_type_boolean,
- CFG_CLAUSEFLAG_OBSOLETE
+ CFG_CLAUSEFLAG_ANCIENT
},
{ "masterfile-format", &cfg_type_masterformat,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR |
CFG_ZONE_STUB | CFG_ZONE_REDIRECT
},
{ "max-ixfr-log-size", &cfg_type_size,
- CFG_CLAUSEFLAG_OBSOLETE
+ CFG_CLAUSEFLAG_ANCIENT
},
{ "max-journal-size", &cfg_type_size,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR
CFG_ZONE_INVIEW
},
{ "ixfr-base", &cfg_type_qstring,
- CFG_CLAUSEFLAG_OBSOLETE
+ CFG_CLAUSEFLAG_ANCIENT
},
{ "ixfr-from-differences", &cfg_type_boolean,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR
},
{ "ixfr-tmp-file", &cfg_type_qstring,
- CFG_CLAUSEFLAG_OBSOLETE
+ CFG_CLAUSEFLAG_ANCIENT
},
{ "journal", &cfg_type_qstring,
CFG_ZONE_MASTER | CFG_ZONE_SLAVE | CFG_ZONE_MIRROR
CFG_ZONE_REDIRECT
},
{ "pubkey", &cfg_type_pubkey,
- CFG_CLAUSEFLAG_MULTI | CFG_CLAUSEFLAG_OBSOLETE
+ CFG_CLAUSEFLAG_ANCIENT
},
{ "server-addresses", &cfg_type_bracketed_netaddrlist,
CFG_ZONE_STATICSTUB
/* Clause is known. */
+ /* Issue fatal errors if appropriate */
+ if ((clause->flags & CFG_CLAUSEFLAG_ANCIENT) != 0) {
+ cfg_parser_error(pctx, 0,
+ "option '%s' no longer exists",
+ clause->name);
+ CHECK(ISC_R_FAILURE);
+ }
+
/* Issue warnings if appropriate */
if ((pctx->flags & CFG_PCTX_NODEPRECATED) == 0 &&
(clause->flags & CFG_CLAUSEFLAG_DEPRECATED) != 0)
{
- cfg_parser_warning(pctx, 0, "option '%s' is deprecated",
+ cfg_parser_warning(pctx, 0,
+ "option '%s' is deprecated",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_OBSOLETE) != 0) {
- cfg_parser_warning(pctx, 0, "option '%s' is obsolete",
+ cfg_parser_warning(pctx, 0,
+ "option '%s' is obsolete and "
+ "should be removed ",
clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTIMP) != 0) {
- cfg_parser_warning(pctx, 0, "option '%s' is "
- "not implemented", clause->name);
+ cfg_parser_warning(pctx, 0,
+ "option '%s' is not implemented",
+ clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NYI) != 0) {
- cfg_parser_warning(pctx, 0, "option '%s' is "
- "not implemented", clause->name);
+ cfg_parser_warning(pctx, 0,
+ "option '%s' is not implemented",
+ clause->name);
}
if ((clause->flags & CFG_CLAUSEFLAG_NOOP) != 0) {
cfg_parser_warning(pctx, 0, "option '%s' was not "
}
if ((clause->flags & CFG_CLAUSEFLAG_NOTCONFIGURED) != 0) {
- cfg_parser_warning(pctx, 0, "option '%s' was not "
+ cfg_parser_error(pctx, 0, "option '%s' was not "
"enabled at compile time",
clause->name);
- result = ISC_R_FAILURE;
- goto cleanup;
+ CHECK(ISC_R_FAILURE);
}
/*
callback));
CHECK(parse_semicolon(pctx));
} else if (result == ISC_R_SUCCESS) {
- cfg_parser_error(pctx, CFG_LOG_NEAR, "'%s' redefined",
- clause->name);
+ cfg_parser_error(pctx, CFG_LOG_NEAR,
+ "'%s' redefined",
+ clause->name);
result = ISC_R_EXISTS;
goto cleanup;
} else {
{ CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" },
{ CFG_CLAUSEFLAG_NOOP, "non-operational" },
{ CFG_CLAUSEFLAG_DEPRECATED, "deprecated" },
+ { CFG_CLAUSEFLAG_ANCIENT, "ancient" },
{ 0, NULL }
};
projects / thirdparty / bind9.git / commitdiff
