mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

regen master

Browse Source
This commit is contained in:
Tinderbox User 2017-08-31 01:11:54 +00:00
parent 587f005032
commit 2bfc294f0a
8 changed files with 79 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/named/named.conf.5
View File

@ -451,6 +451,7 @@ options {
stacksize ( default | unlimited | \fIsizeval\fR );
startup\-notify\-rate \fIinteger\fR;
statistics\-file \fIquoted_string\fR;
synth\-from\-dnssec \fIboolean\fR;
tcp\-advertised\-timeout \fIinteger\fR;
tcp\-clients \fIinteger\fR;
tcp\-idle\-timeout \fIinteger\fR;
@ -801,6 +802,7 @@ view \fIstring\fR [ \fIclass\fR ] {
sig\-signing\-type \fIinteger\fR;
sig\-validity\-interval \fIinteger\fR [ \fIinteger\fR ];
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
synth\-from\-dnssec \fIboolean\fR;
transfer\-format ( many\-answers | one\-answer );
transfer\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ] [
dscp \fIinteger\fR ];

2
bin/named/named.conf.html
View File

@ -428,6 +428,7 @@ options
stacksize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
startup-notify-rate <em class="replaceable"><code>integer</code></em>;<br>
statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
synth-from-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
tcp-advertised-timeout <em class="replaceable"><code>integer</code></em>;<br>
tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
tcp-idle-timeout <em class="replaceable"><code>integer</code></em>;<br>
@ -766,6 +767,7 @@ view
sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
synth-from-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
transfer-format ( many-answers | one-answer );<br>
transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
    dscp <em class="replaceable"><code>integer</code></em> </span>];<br>

4
doc/arm/Bv9ARM.ch04.html
View File

@ -229,7 +229,7 @@
<p>
Changes that result from incoming incremental zone transfers are
also
journalled in a similar way.
journaled in a similar way.
</p>
<p>
@ -987,7 +987,7 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
<p>
Any <code class="filename">keyset</code> files corresponding to
secure subzones should be present. The zone signer will
secure sub-zones should be present. The zone signer will
generate <code class="literal">NSEC</code>, <code class="literal">NSEC3</code>
and <code class="literal">RRSIG</code> records for the zone, as
well as <code class="literal">DS</code> for the child zones if

31
doc/arm/Bv9ARM.ch06.html
View File

@ -5032,6 +5032,37 @@ options {
next time <span class="command"><strong>named</strong></span> is started.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>synth-from-dnssec</strong></span></span></dt>
<dd>
<p>
Synthesize answers from cached NSEC, NSEC3 and
other RRsets that have been proved to be correct
using DNSSEC. The default is <span class="command"><strong>yes</strong></span>.
</p>
<p>
Note:
</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
DNSSEC validation must be enabled for this
option to be effective.
</p>
</li>
<li class="listitem">
<p>
This initial implementation only covers
NXDOMAIN synthesis from NSEC records.
Synthesis of NODATA and wildcard responses
is also planned, as is synthesis from NSEC3
records. All of these will be controlled
by <span class="command"><strong>synth-from-dnssec</strong></span>.
</p>
</li>
</ul></div>
<p>
</p>
</dd>
</dl></div>
</div>

15
doc/arm/Bv9ARM.ch09.html
View File

@ -442,6 +442,21 @@
"[ECS <em class="replaceable"><code>address/source/scope</code></em>]".
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> will now synthesize responses
from cached DNSSEC-verified records. This will reduce
query loads on authoritative servers for signed domains:
if existing cached records can be used to determine
the answer then no query needs to be sent.
</p>
<p>
This behavior is controlled by the new
<code class="filename">named.conf</code> option
<span class="command"><strong>synth-from-dnssec</strong></span>. It is enabled by
default.
</p>
</li>
</ul></div>
</div>

2
doc/arm/man.named.conf.html
View File

@ -446,6 +446,7 @@ options
stacksize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
startup-notify-rate <em class="replaceable"><code>integer</code></em>;<br>
statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
synth-from-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
tcp-advertised-timeout <em class="replaceable"><code>integer</code></em>;<br>
tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
tcp-idle-timeout <em class="replaceable"><code>integer</code></em>;<br>
@ -784,6 +785,7 @@ view
sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
sig-validity-interval <em class="replaceable"><code>integer</code></em> [<span class="optional"> <em class="replaceable"><code>integer</code></em> </span>];<br>
sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
synth-from-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
transfer-format ( many-answers | one-answer );<br>
transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>] [<span class="optional"><br>
    dscp <em class="replaceable"><code>integer</code></em> </span>];<br>

15
doc/arm/notes.html
View File

@ -403,6 +403,21 @@
"[ECS <em class="replaceable"><code>address/source/scope</code></em>]".
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> will now synthesize responses
from cached DNSSEC-verified records. This will reduce
query loads on authoritative servers for signed domains:
if existing cached records can be used to determine
the answer then no query needs to be sent.
</p>
<p>
This behavior is controlled by the new
<code class="filename">named.conf</code> option
<span class="command"><strong>synth-from-dnssec</strong></span>. It is enabled by
default.
</p>
</li>
</ul></div>
</div>

20
doc/misc/options
View File

@ -174,9 +174,9 @@ options {
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
filter-aaaa { <address_match_element>; ... };
filter-aaaa-on-v4 ( break-dnssec | <boolean> );
filter-aaaa-on-v6 ( break-dnssec | <boolean> );
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
@ -188,8 +188,8 @@ options {
fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-size <integer>; // not configured
fstrm-set-reopen-interval <integer>; // not configured
geoip-directory ( <quoted_string> | none );
geoip-use-ecs <boolean>;
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // not configured
glue-cache <boolean>;
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
@ -208,7 +208,7 @@ options {
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>;
lmdb-mapsize <sizeval>; // non-operational
lock-file ( <quoted_string> | none );
maintain-ixfr-base <boolean>; // obsolete
managed-keys-directory <quoted_string>;
@ -516,9 +516,9 @@ view <string> [ <class> ] {
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
filter-aaaa { <address_match_element>; ... };
filter-aaaa-on-v4 ( break-dnssec | <boolean> );
filter-aaaa-on-v6 ( break-dnssec | <boolean> );
filter-aaaa { <address_match_element>; ... }; // not configured
filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
@ -531,7 +531,7 @@ view <string> [ <class> ] {
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <ttlval>;
lmdb-mapsize <sizeval>;
lmdb-mapsize <sizeval>; // non-operational
maintain-ixfr-base <boolean>; // obsolete
managed-keys { <string> <string>
<integer> <integer> <integer>