diff --git a/.reuse/dep5 b/.reuse/dep5 index de69b93035..d9dec6a5cb 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -155,7 +155,7 @@ Files: **/.clang-format .uncrustify.cfg doc/misc/*.zoneopt doc/misc/options - doc/misc/options.active + doc/misc/rndc.grammar tsan-suppressions.txt Copyright: Internet Systems Consortium, Inc. ("ISC") License: CC0-1.0 diff --git a/Makefile.docs b/Makefile.docs index a6bedbe225..4a7b8e597a 100644 --- a/Makefile.docs +++ b/Makefile.docs @@ -60,15 +60,3 @@ AM_V_SED_0 = @echo " SED $@"; AM_V_CFG_TEST = $(AM_V_CFG_TEST_@AM_V@) AM_V_CFG_TEST_ = $(AM_V_CFG_TEST_@AM_DEFAULT_V@) AM_V_CFG_TEST_0 = @echo " CFG_GEN $@"; - -AM_V_RST_OPTIONS = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_OPTIONS_ = $(AM_V_RST_OPTIONS_@AM_DEFAULT_V@) -AM_V_RST_OPTIONS_0 = @echo " RST_OPTIONS $@"; - -AM_V_RST_ZONEOPT = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_ZONEOPT_ = $(AM_V_RST_ZONEOPT_@AM_DEFAULT_V@) -AM_V_RST_ZONEOPT_0 = @echo " RST_ZONEOPT $@"; - -AM_V_RST_GRAMMARS = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_GRAMMARS_ = $(AM_V_RST_GRAMMARS_@AM_DEFAULT_V@) -AM_V_RST_GRAMMARS_0 = @echo " RST_GRAMMARS $@"; diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am index 7065a90b7a..57a023b9fa 100644 --- a/bin/named/Makefile.am +++ b/bin/named/Makefile.am @@ -121,6 +121,3 @@ if HAVE_LIBNGHTTP2 named_LDADD += \ $(LIBNGHTTP2_LIBS) endif HAVE_LIBNGHTTP2 - -MAINTAINERCLEANFILES = \ - named.conf.rst diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 15ebf87595..8e93f8b3fe 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -25,882 +25,35 @@ Description ~~~~~~~~~~~ :file:`named.conf` is the configuration file for :iscman:`named`. + +For complete documentation about the configuration statements, please refer to +the Configuration Reference section in the BIND 9 Administrator Reference +Manual. + Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported: C style: /\* \*/ - C++ style: // to end of line +C++ style: // to end of line Unix style: # to end of line -ACL -^^^ - -:: - - acl string { address_match_element; ... }; - -CONTROLS -^^^^^^^^ - -:: - - controls { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] allow - { address_match_element; ... } [ - keys { string; ... } ] [ read-only - boolean ]; - unix quoted_string perm integer - owner integer group integer [ - keys { string; ... } ] [ read-only - boolean ]; - }; - -DLZ -^^^ - -:: - - dlz string { - database string; - search boolean; - }; - -DNSSEC-POLICY -^^^^^^^^^^^^^ - -:: - - dnssec-policy string { - dnskey-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - duration_or_unlimited algorithm string [ integer ]; ... }; - max-zone-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ - salt-length integer ]; - parent-ds-ttl duration; - parent-propagation-delay duration; - publish-safety duration; - purge-keys duration; - retire-safety duration; - signatures-refresh duration; - signatures-validity duration; - signatures-validity-dnskey duration; - zone-propagation-delay duration; - }; - -DYNDB -^^^^^ - -:: - - dyndb string quoted_string { - unspecified-text }; - -HTTP -^^^^ - -:: - - http string { - endpoints { quoted_string; ... }; - listener-clients integer; - streams-per-connection integer; - }; - -KEY -^^^ - -:: - - key string { - algorithm string; - secret string; - }; - -LOGGING -^^^^^^^ - -:: - - logging { - category string { string; ... }; - channel string { - buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] - [ size size ] [ suffix ( increment | timestamp ) ]; - null; - print-category boolean; - print-severity boolean; - print-time ( iso8601 | iso8601-utc | local | boolean ); - severity log_severity; - stderr; - syslog [ syslog_facility ]; - }; - }; - -MANAGED-KEYS -^^^^^^^^^^^^ - -See DNSSEC-KEYS. - -:: - - managed-keys { string ( static-key - | initial-key | static-ds | - initial-ds ) integer integer - integer quoted_string; ... };, deprecated - -OPTIONS -^^^^^^^ - -:: - - options { - allow-new-zones boolean; - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - answer-cookie boolean; - attach-cache string; - auth-nxdomain boolean; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan boolean; - avoid-v4-udp-ports { portrange; ... }; - avoid-v6-udp-ports { portrange; ... }; - bindkeys-file quoted_string; - blackhole { address_match_element; ... }; - catalog-zones { zone string [ default-primaries [ port integer - ] [ dscp integer ] { ( remote-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - clients-per-query integer; - cookie-algorithm ( aes | siphash24 ); - cookie-secret string; - coresize ( default | unlimited | sizeval ); - datasize ( default | unlimited | sizeval ); - deny-answer-addresses { address_match_element; ... } [ - except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | boolean ); - directory quoted_string; - disable-algorithms string { string; - ... }; - disable-ds-digests string { string; - ... }; - disable-empty-zone string; - dns64 netprefix { - break-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive-only boolean; - suffix ipv6_address; - }; - dns64-contact string; - dns64-server string; - dnskey-sig-validity integer; - dnsrps-enable boolean; - dnsrps-options { unspecified-text }; - dnssec-accept-expired boolean; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-must-be-secure string boolean; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( quoted_string | none ); - dscp integer; - dual-stack-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dump-file quoted_string; - edns-udp-size integer; - empty-contact string; - empty-server string; - empty-zones-enable boolean; - fetch-quota-params integer fixedpoint fixedpoint fixedpoint; - fetches-per-server integer [ ( drop | fail ) ]; - fetches-per-zone integer [ ( drop | fail ) ]; - files ( default | unlimited | sizeval ); - flush-zones-on-shutdown boolean; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - fstrm-set-buffer-hint integer; - fstrm-set-flush-timeout integer; - fstrm-set-input-queue-size integer; - fstrm-set-output-notify-threshold integer; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size integer; - fstrm-set-reopen-interval duration; - geoip-directory ( quoted_string | none ); - heartbeat-interval integer; - hostname ( quoted_string | none ); - http-listener-clients integer; - http-port integer; - http-streams-per-connection integer; - https-port integer; - interface-interval duration; - ipv4only-contact string; - ipv4only-enable boolean; - ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | - boolean ); - key-directory quoted_string; - lame-ttl duration; - listen-on [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - listen-on-v6 [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - lmdb-mapsize sizeval; - lock-file ( quoted_string | none ); - managed-keys-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses boolean; - max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl duration; - max-clients-per-query integer; - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl duration; - max-records integer; - max-recursion-depth integer; - max-recursion-queries integer; - max-refresh-time integer; - max-retry-time integer; - max-rsa-exponent-size integer; - max-stale-ttl duration; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-udp-size integer; - max-zone-ttl ( unlimited | duration ); - memstatistics boolean; - memstatistics-file quoted_string; - message-compression boolean; - min-cache-ttl duration; - min-ncache-ttl duration; - min-refresh-time integer; - min-retry-time integer; - minimal-any boolean; - minimal-responses ( no-auth | no-auth-recursive | boolean ); - multi-master boolean; - new-zones-directory quoted_string; - no-case-compress { address_match_element; ... }; - nocookie-udp-size integer; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-rate integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify-to-soa boolean; - nta-lifetime duration; - nta-recheck duration; - nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - pid-file ( quoted_string | none ); - port integer; - preferred-glue string; - prefetch integer [ integer ]; - provide-ixfr boolean; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - querylog boolean; - random-device ( quoted_string | none ); - rate-limit { - all-per-second integer; - errors-per-second integer; - exempt-clients { address_match_element; ... }; - ipv4-prefix-length integer; - ipv6-prefix-length integer; - log-only boolean; - max-table-size integer; - min-table-size integer; - nodata-per-second integer; - nxdomains-per-second integer; - qps-scale integer; - referrals-per-second integer; - responses-per-second integer; - slip integer; - window integer; - }; - recursing-file quoted_string; - recursion boolean; - recursive-clients integer; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - require-server-cookie boolean; - reserved-sockets integer;// deprecated - resolver-nonbackoff-tries integer; - resolver-query-timeout integer; - resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size - integer; - response-policy { zone string [ add-soa boolean ] [ log - boolean ] [ max-policy-ttl duration ] [ min-update-interval - duration ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ add-soa boolean ] [ - break-dnssec boolean ] [ max-policy-ttl duration ] [ - min-update-interval duration ] [ min-ns-dots integer ] [ - nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean - ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] - [ nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; - reuseport boolean; - root-delegation-only [ exclude { string; ... } ]; - root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; - secroots-file quoted_string; - send-cookie boolean; - serial-query-rate integer; - serial-update-method ( date | increment | unixtime ); - server-id ( quoted_string | none | hostname ); - servfail-ttl duration; - session-keyalg string; - session-keyfile ( quoted_string | none ); - session-keyname string; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stacksize ( default | unlimited | sizeval ); - stale-answer-client-timeout ( disabled | off | integer ); - stale-answer-enable boolean; - stale-answer-ttl duration; - stale-cache-enable boolean; - stale-refresh-time duration; - startup-notify-rate integer; - statistics-file quoted_string; - synth-from-dnssec boolean; - tcp-advertised-timeout integer; - tcp-clients integer; - tcp-idle-timeout integer; - tcp-initial-timeout integer; - tcp-keepalive-timeout integer; - tcp-listen-queue integer; - tcp-receive-buffer integer; - tcp-send-buffer integer; - tkey-dhkey quoted_string integer; - tkey-domain quoted_string; - tkey-gssapi-credential quoted_string; - tkey-gssapi-keytab quoted_string; - tls-port integer; - transfer-format ( many-answers | one-answer ); - transfer-message-size integer; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - transfers-in integer; - transfers-out integer; - transfers-per-ns integer; - trust-anchor-telemetry boolean; // experimental - try-tcp-refresh boolean; - udp-receive-buffer integer; - udp-send-buffer integer; - update-check-ksk boolean; - use-alt-transfer-source boolean; - use-v4-udp-ports { portrange; ... }; - use-v6-udp-ports { portrange; ... }; - v6-bias integer; - validate-except { string; ... }; - version ( quoted_string | none ); - zero-no-soa-ttl boolean; - zero-no-soa-ttl-cache boolean; - zone-statistics ( full | terse | none | boolean ); - }; - -PARENTAL-AGENTS -^^^^^^^^^^^^^^^ - -:: - - parental-agents string [ port integer ] [ - dscp integer ] { ( remote-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; - -PLUGIN -^^^^^^ - -:: - - plugin ( query ) string [ { unspecified-text - } ]; - -PRIMARIES -^^^^^^^^^ - -:: - - primaries string [ port integer ] [ dscp - integer ] { ( remote-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; - -SERVER -^^^^^^ - -:: - - server netprefix { - bogus boolean; - edns boolean; - edns-udp-size integer; - edns-version integer; - keys server_key; - max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - padding integer; - provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - send-cookie boolean; - tcp-keepalive boolean; - tcp-only boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - transfers integer; - }; - -STATISTICS-CHANNELS -^^^^^^^^^^^^^^^^^^^ - -:: - - statistics-channels { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] [ - allow { address_match_element; ... - } ]; - }; - -TLS -^^^ - -:: - - tls string { - ca-file quoted_string; - cert-file quoted_string; - ciphers string; - dhparam-file quoted_string; - key-file quoted_string; - prefer-server-ciphers boolean; - protocols { string; ... }; - remote-hostname quoted_string; - session-tickets boolean; - }; - -TRUST-ANCHORS -^^^^^^^^^^^^^ - -:: - - trust-anchors { string ( static-key | - initial-key | static-ds | initial-ds ) - integer integer integer - quoted_string; ... }; - -TRUSTED-KEYS -^^^^^^^^^^^^ - -Deprecated - see DNSSEC-KEYS. - -:: - - trusted-keys { string integer - integer integer - quoted_string; ... };, deprecated - -VIEW -^^^^ - -:: - - view string [ class ] { - allow-new-zones boolean; - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - attach-cache string; - auth-nxdomain boolean; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone string [ default-primaries [ port integer - ] [ dscp integer ] { ( remote-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - clients-per-query integer; - deny-answer-addresses { address_match_element; ... } [ - except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | boolean ); - disable-algorithms string { string; - ... }; - disable-ds-digests string { string; - ... }; - disable-empty-zone string; - dlz string { - database string; - search boolean; - }; - dns64 netprefix { - break-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive-only boolean; - suffix ipv6_address; - }; - dns64-contact string; - dns64-server string; - dnskey-sig-validity integer; - dnsrps-enable boolean; - dnsrps-options { unspecified-text }; - dnssec-accept-expired boolean; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-must-be-secure string boolean; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { - unspecified-text }; - edns-udp-size integer; - empty-contact string; - empty-server string; - empty-zones-enable boolean; - fetch-quota-params integer fixedpoint fixedpoint fixedpoint; - fetches-per-server integer [ ( drop | fail ) ]; - fetches-per-zone integer [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - ipv4only-contact string; - ipv4only-enable boolean; - ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | - boolean ); - key string { - algorithm string; - secret string; - }; - key-directory quoted_string; - lame-ttl duration; - lmdb-mapsize sizeval; - managed-keys { string ( - static-key | initial-key - | static-ds | initial-ds - ) integer integer - integer - quoted_string; ... };, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { address_match_element; ... }; - match-destinations { address_match_element; ... }; - match-recursive-only boolean; - max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl duration; - max-clients-per-query integer; - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl duration; - max-records integer; - max-recursion-depth integer; - max-recursion-queries integer; - max-refresh-time integer; - max-retry-time integer; - max-stale-ttl duration; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-udp-size integer; - max-zone-ttl ( unlimited | duration ); - message-compression boolean; - min-cache-ttl duration; - min-ncache-ttl duration; - min-refresh-time integer; - min-retry-time integer; - minimal-any boolean; - minimal-responses ( no-auth | no-auth-recursive | boolean ); - multi-master boolean; - new-zones-directory quoted_string; - no-case-compress { address_match_element; ... }; - nocookie-udp-size integer; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify-to-soa boolean; - nta-lifetime duration; - nta-recheck duration; - nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - plugin ( query ) string [ { - unspecified-text } ]; - preferred-glue string; - prefetch integer [ integer ]; - provide-ixfr boolean; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - rate-limit { - all-per-second integer; - errors-per-second integer; - exempt-clients { address_match_element; ... }; - ipv4-prefix-length integer; - ipv6-prefix-length integer; - log-only boolean; - max-table-size integer; - min-table-size integer; - nodata-per-second integer; - nxdomains-per-second integer; - qps-scale integer; - referrals-per-second integer; - responses-per-second integer; - slip integer; - window integer; - }; - recursion boolean; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - require-server-cookie boolean; - resolver-nonbackoff-tries integer; - resolver-query-timeout integer; - resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size - integer; - response-policy { zone string [ add-soa boolean ] [ log - boolean ] [ max-policy-ttl duration ] [ min-update-interval - duration ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ add-soa boolean ] [ - break-dnssec boolean ] [ max-policy-ttl duration ] [ - min-update-interval duration ] [ min-ns-dots integer ] [ - nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean - ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] - [ nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; - root-delegation-only [ exclude { string; ... } ]; - root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; - send-cookie boolean; - serial-update-method ( date | increment | unixtime ); - server netprefix { - bogus boolean; - edns boolean; - edns-udp-size integer; - edns-version integer; - keys server_key; - max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; - padding integer; - provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port - ( integer | * ) ] ) | ( [ [ address ] ( - ipv4_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ - port ( integer | * ) ] ) | ( [ [ address ] ( - ipv6_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - send-cookie boolean; - tcp-keepalive boolean; - tcp-only boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - transfers integer; - }; - servfail-ttl duration; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stale-answer-client-timeout ( disabled | off | integer ); - stale-answer-enable boolean; - stale-answer-ttl duration; - stale-cache-enable boolean; - stale-refresh-time duration; - synth-from-dnssec boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - trust-anchor-telemetry boolean; // experimental - trust-anchors { string ( static-key | - initial-key | static-ds | initial-ds - ) integer integer integer - quoted_string; ... }; - trusted-keys { string - integer integer - integer - quoted_string; ... };, deprecated - try-tcp-refresh boolean; - update-check-ksk boolean; - use-alt-transfer-source boolean; - v6-bias integer; - validate-except { string; ... }; - zero-no-soa-ttl boolean; - zero-no-soa-ttl-cache boolean; - zone-statistics ( full | terse | none | boolean ); - }; - -ZONE -^^^^ +.. literalinclude:: ../../doc/misc/options Any of these zone statements can also be set inside the view statement. -.. include:: ../../doc/misc/primary.zoneopt.rst -.. include:: ../../doc/misc/secondary.zoneopt.rst -.. include:: ../../doc/misc/mirror.zoneopt.rst -.. include:: ../../doc/misc/forward.zoneopt.rst -.. include:: ../../doc/misc/hint.zoneopt.rst -.. include:: ../../doc/misc/redirect.zoneopt.rst -.. include:: ../../doc/misc/static-stub.zoneopt.rst -.. include:: ../../doc/misc/stub.zoneopt.rst -.. include:: ../../doc/misc/delegation-only.zoneopt.rst -.. include:: ../../doc/misc/in-view.zoneopt.rst +.. literalinclude:: ../../doc/misc/primary.zoneopt +.. literalinclude:: ../../doc/misc/secondary.zoneopt +.. literalinclude:: ../../doc/misc/mirror.zoneopt +.. literalinclude:: ../../doc/misc/forward.zoneopt +.. literalinclude:: ../../doc/misc/hint.zoneopt +.. literalinclude:: ../../doc/misc/redirect.zoneopt +.. literalinclude:: ../../doc/misc/static-stub.zoneopt +.. literalinclude:: ../../doc/misc/stub.zoneopt +.. literalinclude:: ../../doc/misc/delegation-only.zoneopt +.. literalinclude:: ../../doc/misc/in-view.zoneopt Files ~~~~~ diff --git a/doc/arm/Makefile.am b/doc/arm/Makefile.am index d4aa22b767..3d16b6c953 100644 --- a/doc/arm/Makefile.am +++ b/doc/arm/Makefile.am @@ -62,31 +62,23 @@ EXTRA_DIST = \ tsig.inc.rst \ zones.inc.rst \ _ext/iscconf.py \ + _ext/mergegrammar.py \ _ext/namedconf.py \ _ext/rndcconf.py \ _static/custom.css \ ../dnssec-guide \ - ../misc/acl.grammar.rst \ - ../misc/controls.grammar.rst \ - ../misc/delegation-only.zoneopt.rst \ - ../misc/forward.zoneopt.rst \ - ../misc/hint.zoneopt.rst \ - ../misc/in-view.zoneopt.rst \ - ../misc/key.grammar.rst \ - ../misc/logging.grammar.rst \ - ../misc/managed-keys.grammar.rst \ - ../misc/primary.zoneopt.rst \ - ../misc/mirror.zoneopt.rst \ - ../misc/options.grammar.rst \ - ../misc/parental-agents.grammar.rst \ - ../misc/primaries.grammar.rst \ - ../misc/redirect.zoneopt.rst \ - ../misc/server.grammar.rst \ - ../misc/secondary.zoneopt.rst \ - ../misc/static-stub.zoneopt.rst \ - ../misc/statistics-channels.grammar.rst \ - ../misc/stub.zoneopt.rst \ - ../misc/trusted-keys.grammar.rst \ + ../misc/options \ + ../misc/rndc.grammar \ + ../misc/delegation-only.zoneopt \ + ../misc/forward.zoneopt \ + ../misc/hint.zoneopt \ + ../misc/in-view.zoneopt \ + ../misc/mirror.zoneopt \ + ../misc/primary.zoneopt \ + ../misc/redirect.zoneopt \ + ../misc/secondary.zoneopt \ + ../misc/static-stub.zoneopt \ + ../misc/stub.zoneopt \ ../notes/*.rst html-local: diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 670dca4998..4380a8c4c1 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -34,6 +34,8 @@ from sphinx.util import logging from sphinx.util.docutils import SphinxDirective from sphinx.util.nodes import make_refnode +import checkgrammar + logger = logging.getLogger(__name__) @@ -50,7 +52,7 @@ def split_csv(argument, required): # pylint: disable=too-many-statements -def domain_factory(domainname, domainlabel, todolist): +def domain_factory(domainname, domainlabel, todolist, grammar): """ Return parametrized Sphinx domain object. @param domainname Name used when referencing domain in .rst: e.g. namedconf @@ -65,11 +67,17 @@ def domain_factory(domainname, domainlabel, todolist): process_statementlist_nodes() callback. """ - option_spec = {"filter_tags": lambda arg: split_csv(arg, required=True)} + option_spec = { + "filter_blocks": lambda arg: split_csv(arg, required=True), + "filter_tags": lambda arg: split_csv(arg, required=True), + } def run(self): placeholder = todolist("") placeholder["isc_filter_tags"] = set(self.options.get("filter_tags", [])) + placeholder["isc_filter_blocks"] = set( + self.options.get("filter_blocks", []) + ) return [placeholder] class ISCConfDomain(Domain): @@ -94,8 +102,18 @@ def domain_factory(domainname, domainlabel, todolist): "tags": lambda arg: split_csv(arg, required=False), # one-sentece description for use in summary tables "short": directives.unchanged_required, + "suppress_grammar": directives.flag, } + @property + def isc_name(self): + names = self.get_signatures() + if len(names) != 1: + raise NotImplementedError( + "statements with more than one name are not supported", names + ) + return names[0] + def handle_signature(self, sig, signode): signode += addnodes.desc_name(text=sig) return sig @@ -114,6 +132,87 @@ def domain_factory(domainname, domainlabel, todolist): def isc_short(self): return self.options.get("short", "") + def format_path(self, path): + assert path[0] == "_top" + if len(path) == 1: + return "topmost" + return ".".join(path[1:]) + + def format_paths(self, paths): + zone_types = set() + nozone_paths = [] + for path in paths: + try: + zone_idx = path.index("zone") + zone_type_txt = path[zone_idx + 1] + if zone_type_txt.startswith("type "): + zone_types.add(zone_type_txt[len("type ") :]) + else: + assert zone_type_txt == "in-view" + zone_types.add(zone_type_txt) + except (ValueError, IndexError): + nozone_paths.append(path) + condensed_paths = nozone_paths[:] + if zone_types: + condensed_paths.append( + ("_top", "zone (" + ", ".join(sorted(zone_types)) + ")") + ) + condensed_paths = sorted(condensed_paths, key=len) + return list(self.format_path(path) for path in condensed_paths) + + def format_blocks(self, grammar_blocks): + """Generate node with list of all allowed blocks""" + blocks = nodes.paragraph() + blocks += nodes.strong(text="Blocks: ") + blocks += nodes.Text(", ".join(self.format_paths(grammar_blocks))) + return blocks + + def format_grammar(self, list_blocks, grammar_grp): + """ + Generate grammar description node, optionally with list of + blocks accepting this particular grammar. + Example: Grammar (block1, block2): grammar; + """ + grammarnode = nodes.paragraph() + if list_blocks: + separator = " " + paths = ", ".join( + self.format_paths(variant.path for variant in grammar_grp) + ) + else: + separator = "" + paths = "" + subgrammar = grammar_grp[0].subgrammar + subgrammar_txt = checkgrammar.pformat_grammar(subgrammar).strip() + grammar_txt = subgrammar.get("_pprint_name", self.isc_name) + if subgrammar_txt != ";": + grammar_txt += " " + grammar_txt += subgrammar_txt + if "\n" in grammar_txt.strip(): + nodetype = nodes.literal_block + else: + nodetype = nodes.literal + grammarnode += nodes.strong(text=f"Grammar{separator}{paths}: ") + grammarnode += nodetype(text=grammar_txt) + return grammarnode + + def format_warnings(self, flags): + """Return node with a warning box about deprecated and + experimental options""" + warn = nodes.warning() + if "deprecated" in flags: + warn += nodes.paragraph( + text=( + "This option is deprecated and will be removed in a future" + " version of BIND." + ) + ) + if "experimental" in flags: + warn += nodes.paragraph( + text="This option is experimental and subject to change." + ) + return warn + def parse_nested_str(self, instr): """Parse string as nested rst syntax and produce a node""" raw = nodes.paragraph(text=instr) @@ -132,6 +231,32 @@ def domain_factory(domainname, domainlabel, todolist): tags += nodes.Text(", ".join(self.isc_tags)) contentnode.insert(0, tags) + iscconf = self.env.get_domain(domainname) + + name = self.isc_name + if name not in iscconf.statement_blocks: + return # not defined in grammar, nothing to render + + blocks = self.format_blocks(iscconf.statement_blocks[name]) + contentnode.insert(0, blocks) + + grammars = iscconf.statement_grammar_groups[name] + multi_grammar = len(grammars) > 1 + union_flags = set() + for grammar_grp in grammars: + for one_grammar_dict in grammar_grp: + union_flags = union_flags.union( + set(one_grammar_dict.subgrammar.get("_flags", [])) + ) + if "suppress_grammar" in self.options: + continue + grammarnode = self.format_grammar(multi_grammar, grammar_grp) + contentnode.insert(0, grammarnode) + + warn = self.format_warnings(union_flags) + if len(warn): + contentnode.insert(0, warn) + name = domainname label = domainlabel @@ -148,6 +273,14 @@ def domain_factory(domainname, domainlabel, todolist): indices = {} # no custom indicies + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.grammar = grammar + self.statement_blocks = checkgrammar.statement2block(grammar, ["_top"]) + self.statement_grammar_groups = checkgrammar.diff_statements( + self.grammar, self.statement_blocks + ) + def get_objects(self): """ Sphinx API: @@ -206,12 +339,15 @@ def domain_factory(domainname, domainlabel, todolist): location=(new["docname"], new["lineno"]), ) + def get_statement_name(self, signature): + return "{}.{}.{}".format(domainname, "statement", signature) + def add_statement(self, signature, tags, short, lineno): """ Add a new statement to the domain data structures. No visible effect. """ - name = "{}.{}.{}".format(domainname, "statement", signature) + name = self.get_statement_name(signature) anchor = "{}-statement-{}".format(domainname, signature) new = { @@ -258,6 +394,41 @@ def domain_factory(domainname, domainlabel, todolist): self.log_statement_overlap(new[name], old[name]) old.update(new) + def check_consistency(self): + """Sphinx API""" + defined_statements = set( + obj["signature"] for obj in self.data["statements"].values() + ) + statements_in_grammar = set(self.statement_blocks) + missing_statement_sigs = statements_in_grammar.difference( + defined_statements + ) + for missing in missing_statement_sigs: + grammars = self.statement_grammar_groups[missing] + if len(grammars) == 1: + flags = grammars[0][0].subgrammar.get("_flags", []) + if ("obsolete" in flags) or ("test only" in flags): + continue + + logger.warning( + "statement %s is defined in %s grammar but is not described" + " using .. statement:: directive", + missing, + domainlabel, + ) + + extra_statement_sigs = defined_statements.difference(statements_in_grammar) + for extra in extra_statement_sigs: + fullname = self.get_statement_name(extra) + desc = self.data["statements"][fullname] + logger.warning( + ".. statement:: %s found but matching definition in %s grammar is" + " missing", + extra, + domainlabel, + location=(desc["docname"], desc["lineno"]), + ) + @classmethod def process_statementlist_nodes(cls, app, doctree, fromdocname): """ @@ -266,32 +437,33 @@ def domain_factory(domainname, domainlabel, todolist): of statements. """ - def gen_replacement_table(acceptable_tags): + def gen_replacement_table(acceptable_blocks, acceptable_tags): table_header = [ TableColumn("ref", "Statement"), TableColumn("short", "Description"), ] - table_b = DictToDocutilsTableBuilder(table_header) - table_b.append_iterable( - sorted( - iscconf.list_all(fromdocname), - key=lambda x: x["fullname"], - ) - ) tag_header = [] - if len(acceptable_tags) != 1: # tags column only if tag filter is not applied tag_header = [ TableColumn("tags_txt", "Tags"), ] + table_b = DictToDocutilsTableBuilder(table_header + tag_header) table_b.append_iterable( sorted( filter( lambda item: ( - not acceptable_tags - or item["tags"].intersection(acceptable_tags) + ( + not acceptable_tags + or item["tags"].intersection(acceptable_tags) + ) + and ( + not acceptable_blocks + or item["block_names"].intersection( + acceptable_blocks + ) + ) ), iscconf.list_all(fromdocname), ), @@ -305,10 +477,17 @@ def domain_factory(domainname, domainlabel, todolist): for node in doctree.traverse(todolist): acceptable_tags = node["isc_filter_tags"] - node.replace_self(gen_replacement_table(acceptable_tags)) + acceptable_blocks = node["isc_filter_blocks"] + node.replace_self( + gen_replacement_table(acceptable_blocks, acceptable_tags) + ) def list_all(self, fromdocname): for statement in self.data["statements"].values(): + block_names = set( + path[-1] + for path in self.statement_blocks.get(statement["signature"], []) + ) tags_txt = ", ".join(statement["tags"]) refpara = nodes.inline() @@ -323,6 +502,7 @@ def domain_factory(domainname, domainlabel, todolist): ) copy = statement.copy() + copy["block_names"] = block_names copy["ref"] = refpara copy["tags_txt"] = tags_txt yield copy @@ -388,12 +568,12 @@ class DictToDocutilsTableBuilder: return self.table -def setup(app, domainname, confname, docutilsplaceholder): +def setup(app, domainname, confname, docutilsplaceholder, grammar): """ Install new parametrized Sphinx domain. """ - Conf = domain_factory(domainname, confname, docutilsplaceholder) + Conf = domain_factory(domainname, confname, docutilsplaceholder, grammar) app.add_domain(Conf) app.connect("doctree-resolved", Conf.process_statementlist_nodes) diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py new file mode 100644 index 0000000000..b0500eb4b5 --- /dev/null +++ b/doc/arm/_ext/mergegrammar.py @@ -0,0 +1,63 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +# Depends on CWD - Sphinx plugin + +import json +from pathlib import Path + +import parsegrammar + + +def read_zone(): + zone_grammars = {} + for file in Path("../misc/").glob("*.zoneopt"): + # in-view is not really a zone type + if file.stem == "in-view": + zone_type = "in-view" + else: + zone_type = f"type {file.stem}" + + with file.open(encoding="ascii") as fp: + zonegrammar = parsegrammar.parse_mapbody(fp) + assert len(zonegrammar) == 1 + assert "zone" in zonegrammar + zone_grammars[zone_type] = zonegrammar["zone"] + zone_grammars[zone_type]["_pprint_name"] = "zone" + + return {"zone": {"_mapbody": zone_grammars, "_ignore_this_level": True}} + + +def read_main(): + with Path("../misc/options").open(encoding="ascii") as fp: + optgrammar = parsegrammar.parse_mapbody(fp) + return optgrammar + + +def combine(): + zones = read_zone() + assert zones + rest = read_main() + assert rest + rest.update(zones) + + # this is a terrible hack + # but cfg_test cannot print zone grammars inside view + rest["view"]["_mapbody"].update(zones) + + return rest + + +if __name__ == "__main__": + full_grammar = combine() + print(json.dumps(full_grammar)) diff --git a/doc/arm/_ext/namedconf.py b/doc/arm/_ext/namedconf.py index 2011d5a118..bcf4a0c007 100644 --- a/doc/arm/_ext/namedconf.py +++ b/doc/arm/_ext/namedconf.py @@ -18,6 +18,7 @@ Sphinx domain "namedconf". See iscconf.py for details. from docutils import nodes import iscconf +import mergegrammar class ToBeReplacedStatementList(nodes.General, nodes.Element): @@ -28,4 +29,7 @@ class ToBeReplacedStatementList(nodes.General, nodes.Element): def setup(app): - return iscconf.setup(app, "namedconf", "named.conf", ToBeReplacedStatementList) + grammar = mergegrammar.combine() + return iscconf.setup( + app, "namedconf", "named.conf", ToBeReplacedStatementList, grammar + ) diff --git a/doc/arm/_ext/rndcconf.py b/doc/arm/_ext/rndcconf.py index bb9dbba065..cac10e2f46 100644 --- a/doc/arm/_ext/rndcconf.py +++ b/doc/arm/_ext/rndcconf.py @@ -18,6 +18,7 @@ Sphinx domain "rndcconf". See iscconf.py for details. from docutils import nodes import iscconf +import parsegrammar class ToBeReplacedStatementList(nodes.General, nodes.Element): @@ -28,4 +29,8 @@ class ToBeReplacedStatementList(nodes.General, nodes.Element): def setup(app): - return iscconf.setup(app, "rndcconf", "rndc.conf", ToBeReplacedStatementList) + with open("../misc/rndc.grammar", encoding="utf-8") as filein: + grammar = parsegrammar.parse_mapbody(filein) + return iscconf.setup( + app, "rndcconf", "rndc.conf", ToBeReplacedStatementList, grammar + ) diff --git a/doc/arm/conf.py b/doc/arm/conf.py index 578591e463..695ca9a77f 100644 --- a/doc/arm/conf.py +++ b/doc/arm/conf.py @@ -104,6 +104,7 @@ def setup(app): # documentation root, make it absolute. # sys.path.append(str(Path(__file__).resolve().parent / "_ext")) +sys.path.append(str(Path(__file__).resolve().parent.parent / "misc")) # -- Project information ----------------------------------------------------- diff --git a/doc/arm/dlz.inc.rst b/doc/arm/dlz.inc.rst index ed4c93d5bd..cae251311e 100644 --- a/doc/arm/dlz.inc.rst +++ b/doc/arm/dlz.inc.rst @@ -46,9 +46,13 @@ A DLZ database is configured with a ``dlz`` statement in :iscman:`named.conf`: This specifies a DLZ module to search when answering queries; the module is implemented in ``driver.so`` and is loaded at runtime by the dlopen -DLZ driver. Multiple ``dlz`` statements can be specified; when answering -a query, all DLZ modules with ``search`` set to ``yes`` are queried -to see whether they contain an answer for the query name. The best +DLZ driver. Multiple ``dlz`` statements can be specified. + + +.. namedconf:statement:: search + +When answering a query, all DLZ modules with ``search`` set to ``yes`` are +queried to see whether they contain an answer for the query name. The best available answer is returned to the client. The ``search`` option in the above example can be omitted, because diff --git a/doc/arm/dns-ops.inc.rst b/doc/arm/dns-ops.inc.rst index e4f7e38f72..9984c6e1cd 100644 --- a/doc/arm/dns-ops.inc.rst +++ b/doc/arm/dns-ops.inc.rst @@ -117,9 +117,6 @@ server. .. rndcconf:statement:: options - The ``options`` statement has three clauses: ``default-server``, - ``default-key``, and ``default-port``. - .. rndcconf:statement:: default-server ``default-server`` takes a @@ -137,6 +134,14 @@ server. :iscman:`rndc` should connect if no port is given on the command line or in a ``server`` statement. + .. rndcconf:statement:: default-source-address + .. rndcconf:statement:: default-source-address-v6 + + ``default-source-address`` and ``default-source-address-v6`` specify + the IPv4 and IPv6 source address used to communicate with the server + if no address is given on the command line or in a + :rndcconf:ref:`server` block. + .. rndcconf:statement:: key The ``key`` statement defines a key to be used by :iscman:`rndc` when @@ -160,12 +165,27 @@ server. .. rndcconf:statement:: server - The ``server`` statement associates a key defined using the ``key`` - statement with a server. The keyword ``server`` is followed by a host - name or address. The ``server`` statement has two clauses: ``key`` - and ``port``. The ``key`` clause specifies the name of the key to be - used when communicating with this server, and the ``port`` clause can - be used to specify the port :iscman:`rndc` should connect to on the server. + The ``server`` statement specifies connection parameters for a given server. + The server can be specified as a host name or address. + + .. rndcconf:statement:: addresses + + Specifies one or more addresses to use when communicating with this + server. + + :rndcconf:ref:`key` + Associates a key defined using the :rndcconf:ref:`key` statement with a + server. + + .. rndcconf:statement:: port + + Specifes the port :iscman:`rndc` should connect to on the server. + + .. rndcconf:statement:: source-address + .. rndcconf:statement:: source-address-v6 + + Overrides :rndcconf:ref:`default-source-address` and + :rndcconf:ref:`default-source-address-v6` for this specific server. A sample minimal configuration file is as follows: diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index a8e03a92c4..941887cf1a 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -44,8 +44,8 @@ The file :file:`named.conf` may contain three types of entities: - Statements define and control specific BIND behaviors. - Statements may have a single parameter (a **Value**) or multiple parameters (**Argument/Value** pairs). For example, the :any:`recursion` statement takes a - single value parameter which, in this case, is the string ``yes`` or ``no`` - (``recursion yes;``) whereas the :any:`port` statement takes a numeric value + single value parameter - in this case, the string ``yes`` or ``no`` + (``recursion yes;``) - while the :namedconf:ref:`port` statement takes a numeric value defining the DNS port number (``port 53;``). More complex statements take one or more argument/value pairs. The :any:`also-notify` statement may take a number of such argument/value pairs, such as ``also-notify port 5353;``, @@ -313,10 +313,12 @@ file documentation: When specifying a prefix involving an IPv6-scoped address, the scope may be omitted. In that case, the prefix matches packets from any scope. ``key_id`` - A ``domain_name`` representing the name of a shared key, to be used for transaction security. + A ``domain_name`` representing the name of a shared key, to be used for + :ref:`transaction security `. Keys are defined using + :namedconf:ref:`key` blocks. ``key_list`` - A list of one or more ``key_id``, separated by semicolons and ending with a semicolon. + A list of one or more :term:`key_id` s, separated by semicolons and ending with a semicolon. ``tls_id`` A string representing a TLS configuration object, including a key and certificate. @@ -427,8 +429,6 @@ configuration. .. namedconf:statement:: acl -.. include:: ../misc/acl.grammar.rst - .. _acl: ``acl`` Statement Definition and Usage @@ -458,8 +458,6 @@ The following ACLs are built-in: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: controls -.. include:: ../misc/controls.grammar.rst - .. _controls_statement_definition_and_usage: ``controls`` Statement Definition and Usage @@ -504,8 +502,8 @@ and retrieve non-DNS results from a name server. ``keys`` The primary authorization mechanism of the command channel is the - ``key_list``, which contains a list of ``key_id``s. Each ``key_id`` in - the ``key_list`` is authorized to execute commands over the control + :term:`key_list`, which contains a list of :term:`key_id` s. Each + :namedconf:ref:`key` is authorized to execute commands over the control channel. See :ref:`admin_tools` for information about configuring keys in :iscman:`rndc`. @@ -534,8 +532,6 @@ To disable the command channel, use an empty ``controls`` statement: ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: key -.. include:: ../misc/key.grammar.rst - .. _key_statement: ``key`` Statement Definition and Usage @@ -576,8 +572,6 @@ matching this name, algorithm, and secret. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: logging -.. include:: ../misc/logging.grammar.rst - .. _logging_statement: ``logging`` Statement Definition and Usage @@ -986,8 +980,6 @@ responses such as NXDOMAIN. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: parental-agents -.. include:: ../misc/parental-agents.grammar.rst - .. _parental_agents_statement: ``parental-agents`` Statement Definition and Usage @@ -1004,8 +996,6 @@ change its delegation information (defined in :rfc:`7344`). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: primaries -.. include:: ../misc/primaries.grammar.rst - .. _primaries_statement: ``primaries`` Statement Definition and Usage @@ -1043,8 +1033,6 @@ where ``tls-configuration-name`` refers to a previously defined This is the grammar of the ``options`` statement in the :iscman:`named.conf` file: -.. include:: ../misc/options.grammar.rst - .. _options: ``options`` Statement Definition and Usage @@ -1703,6 +1691,20 @@ default is used. suffix ::; }; +.. namedconf:statement:: ipv4only-enable + + This enables or disables automatic zones ``ipv4only.arpa``, + ``170.0.0.192.in-addr.arpa``, and ``171.0.0.192.in-addr.arpa``. + + By default these zones are loaded if :any:`dns64` is configured. + +.. namedconf:statement:: ipv4only-server +.. namedconf:statement:: ipv4only-contact + + ``ipv4only-server`` and ``ipv4only-contact`` can be used to specify the name + of the server and contact for the IPV4ONLY.ARPA zone created by + :any:`dns64`. + .. namedconf:statement:: dnssec-loadkeys-interval When a zone is configured with ``auto-dnssec maintain;``, its key @@ -5207,8 +5209,6 @@ redirect zone is tried first. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: server -.. include:: ../misc/server.grammar.rst - .. _server_statement_definition_and_usage: ``server`` Statement Definition and Usage @@ -5279,9 +5279,17 @@ any top-level ``server`` statements are used as defaults. specified, the limit is set according to the ``transfers-per-ns`` option. -``keys`` - The option identifies a ``key_id`` defined by the ``key`` - statement, to be used for transaction security (see :ref:`tsig`) +.. namedconf:statement:: keys + :suppress_grammar: + + .. warning:: + Not to be confused with ``keys`` in :any:`dnssec-policy` specification. + Although statements with the same name exist in both contexts, they refer + to fundamentally incompatible concepts. + + In the context of a :namedconf:ref:`server` block, the option identifies a + :term:`key_id` defined by the :namedconf:ref:`key` statement, to be used for + transaction security (see :ref:`tsig`) when talking to the remote server. When a request is sent to the remote server, a request signature is generated using the key specified here and appended to the message. A request originating from the remote @@ -5314,8 +5322,6 @@ and :namedconf:ref:`options` blocks: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: statistics-channels -.. include:: ../misc/statistics-channels.grammar.rst - .. _statistics_channels: ``statistics-channels`` Statement Definition and Usage @@ -5386,8 +5392,6 @@ statistics), and http://127.0.0.1:8888/json/v1/traffic (traffic sizes). ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: tls -.. include:: ../misc/tls.grammar.rst - ``tls`` Statement Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -5573,8 +5577,6 @@ issues related to shared cryptographic secrets. ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: http -.. include:: ../misc/http.grammar.rst - ``http`` Statement Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -5629,8 +5631,6 @@ all local addresses: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trust-anchors -.. include:: ../misc/trust-anchors.grammar.rst - .. _trust-anchors: ``trust-anchors`` Statement Definition and Usage @@ -5777,8 +5777,6 @@ can be found, the initializing key is also compiled directly into ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: dnssec-policy -.. include:: ../misc/dnssec-policy.grammar.rst - .. _dnssec_policy: ``dnssec-policy`` Statement Definition and Usage @@ -6046,8 +6044,6 @@ The following options apply to DS queries sent to ``parental-agents``: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: managed-keys -.. include:: ../misc/managed-keys.grammar.rst - .. _managed_keys: ``managed-keys`` Statement Definition and Usage @@ -6063,8 +6059,6 @@ with the ``initial-key`` keyword. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trusted-keys -.. include:: ../misc/trusted-keys.grammar.rst - .. _trusted_keys: ``trusted-keys`` Statement Definition and Usage @@ -6109,8 +6103,9 @@ run multiple servers. ``address_match_list`` of the view's ``match-destinations`` clause. If not specified, both ``match-clients`` and ``match-destinations`` default to matching all addresses. In addition to checking IP addresses, - ``match-clients`` and ``match-destinations`` can also take ``keys`` - which provide an mechanism for the client to select the view. + ``match-clients`` and ``match-destinations`` can also take the name of a + TSIG :namedconf:ref:`key`, which provides a mechanism for the client to select + the view. .. namedconf:statement:: match-recursive-only @@ -6186,17 +6181,7 @@ Here is an example of a typical split DNS setup implemented using ``zone`` Statement Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: zone - -.. include:: ../misc/primary.zoneopt.rst -.. include:: ../misc/secondary.zoneopt.rst -.. include:: ../misc/mirror.zoneopt.rst -.. include:: ../misc/hint.zoneopt.rst -.. include:: ../misc/stub.zoneopt.rst -.. include:: ../misc/static-stub.zoneopt.rst -.. include:: ../misc/forward.zoneopt.rst -.. include:: ../misc/redirect.zoneopt.rst -.. include:: ../misc/delegation-only.zoneopt.rst -.. include:: ../misc/in-view.zoneopt.rst + :suppress_grammar: .. _zone_statement: @@ -6210,6 +6195,7 @@ Here is an example of a typical split DNS setup implemented using Zone Types ^^^^^^^^^^ .. namedconf:statement:: type + :suppress_grammar: The ``type`` keyword is required for the ``zone`` configuration unless it is an ``in-view`` configuration. Its acceptable values are: diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index c1d2528102..b537815e9d 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -55,6 +55,7 @@ MANPAGES_RST = \ ../../bin/dnssec/dnssec-settime.rst \ ../../bin/dnssec/dnssec-signzone.rst \ ../../bin/dnssec/dnssec-verify.rst \ + ../../bin/named/named.conf.rst \ ../../bin/named/named.rst \ ../../bin/nsupdate/nsupdate.rst \ ../../bin/plugins/filter-aaaa.rst \ diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index c05335d992..2fc6bd1eb7 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -36,946 +36,624 @@ named.conf \- configuration file for **named** .SH DESCRIPTION .sp \fBnamed.conf\fP is the configuration file for \fI\%named\fP\&. +.sp +For complete documentation about the configuration statements, please refer to +the Configuration Reference section in the BIND 9 Administrator Reference +Manual. +.sp Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .sp C style: /* */ -.INDENT 0.0 -.INDENT 3.5 +.sp C++ style: // to end of line -.UNINDENT -.UNINDENT .sp Unix style: # to end of line -.SS ACL -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -acl string { address_match_element; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS CONTROLS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C +acl { ; ... }; // may occur multiple times + controls { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] allow - { address_match_element; ... } [ - keys { string; ... } ] [ read\-only - boolean ]; - unix quoted_string perm integer - owner integer group integer [ - keys { string; ... } ] [ read\-only - boolean ]; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DLZ -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dlz string { - database string; - search boolean; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DNSSEC\-POLICY -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dnssec\-policy string { - dnskey\-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime - duration_or_unlimited algorithm string [ integer ]; ... }; - max\-zone\-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ - salt\-length integer ]; - parent\-ds\-ttl duration; - parent\-propagation\-delay duration; - publish\-safety duration; - purge\-keys duration; - retire\-safety duration; - signatures\-refresh duration; - signatures\-validity duration; - signatures\-validity\-dnskey duration; - zone\-propagation\-delay duration; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DYNDB -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dyndb string quoted_string { - unspecified\-text }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS HTTP -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -http string { - endpoints { quoted_string; ... }; - listener\-clients integer; - streams\-per\-connection integer; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS KEY -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -key string { - algorithm string; - secret string; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS LOGGING -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read\-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read\-only ]; // may occur multiple times +}; // may occur multiple times + +dlz { + database ; + search ; +}; // may occur multiple times + +dnssec\-policy { + dnskey\-ttl ; + keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime algorithm [ ]; ... }; + max\-zone\-ttl ; + nsec3param [ iterations ] [ optout ] [ salt\-length ]; + parent\-ds\-ttl ; + parent\-propagation\-delay ; + parent\-registration\-delay ; // obsolete + publish\-safety ; + purge\-keys ; + retire\-safety ; + signatures\-refresh ; + signatures\-validity ; + signatures\-validity\-dnskey ; + zone\-propagation\-delay ; +}; // may occur multiple times + +dyndb { }; // may occur multiple times + +http { + endpoints { ; ... }; + listener\-clients ; + streams\-per\-connection ; +}; // may occur multiple times + +key { + algorithm ; + secret ; +}; // may occur multiple times + logging { - category string { string; ... }; - channel string { - buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] - [ size size ] [ suffix ( increment | timestamp ) ]; - null; - print\-category boolean; - print\-severity boolean; - print\-time ( iso8601 | iso8601\-utc | local | boolean ); - severity log_severity; - stderr; - syslog [ syslog_facility ]; - }; + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print\-category ; + print\-severity ; + print\-time ( iso8601 | iso8601\-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS MANAGED\-KEYS -.sp -See DNSSEC\-KEYS. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -managed\-keys { string ( static\-key - | initial\-key | static\-ds | - initial\-ds ) integer integer - integer quoted_string; ... };, deprecated -.ft P -.fi -.UNINDENT -.UNINDENT -.SS OPTIONS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + +managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated + options { - allow\-new\-zones boolean; - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-cache { address_match_element; ... }; - allow\-query\-cache\-on { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-recursion { address_match_element; ... }; - allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - answer\-cookie boolean; - attach\-cache string; - auth\-nxdomain boolean; - auto\-dnssec ( allow | maintain | off ); - automatic\-interface\-scan boolean; - avoid\-v4\-udp\-ports { portrange; ... }; - avoid\-v6\-udp\-ports { portrange; ... }; - bindkeys\-file quoted_string; - blackhole { address_match_element; ... }; - catalog\-zones { zone string [ default\-primaries [ port integer - ] [ dscp integer ] { ( remote\-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - clients\-per\-query integer; - cookie\-algorithm ( aes | siphash24 ); - cookie\-secret string; - coresize ( default | unlimited | sizeval ); - datasize ( default | unlimited | sizeval ); - deny\-answer\-addresses { address_match_element; ... } [ - except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... - } ]; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - directory quoted_string; - disable\-algorithms string { string; - ... }; - disable\-ds\-digests string { string; - ... }; - disable\-empty\-zone string; - dns64 netprefix { - break\-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive\-only boolean; - suffix ipv6_address; - }; - dns64\-contact string; - dns64\-server string; - dnskey\-sig\-validity integer; - dnsrps\-enable boolean; - dnsrps\-options { unspecified\-text }; - dnssec\-accept\-expired boolean; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-must\-be\-secure string boolean; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap\-identity ( quoted_string | none | hostname ); - dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; - dnstap\-version ( quoted_string | none ); - dscp integer; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dump\-file quoted_string; - edns\-udp\-size integer; - empty\-contact string; - empty\-server string; - empty\-zones\-enable boolean; - fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; - fetches\-per\-server integer [ ( drop | fail ) ]; - fetches\-per\-zone integer [ ( drop | fail ) ]; - files ( default | unlimited | sizeval ); - flush\-zones\-on\-shutdown boolean; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - fstrm\-set\-buffer\-hint integer; - fstrm\-set\-flush\-timeout integer; - fstrm\-set\-input\-queue\-size integer; - fstrm\-set\-output\-notify\-threshold integer; - fstrm\-set\-output\-queue\-model ( mpsc | spsc ); - fstrm\-set\-output\-queue\-size integer; - fstrm\-set\-reopen\-interval duration; - geoip\-directory ( quoted_string | none ); - heartbeat\-interval integer; - hostname ( quoted_string | none ); - http\-listener\-clients integer; - http\-port integer; - http\-streams\-per\-connection integer; - https\-port integer; - interface\-interval duration; - ipv4only\-contact string; - ipv4only\-enable boolean; - ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | - boolean ); - key\-directory quoted_string; - lame\-ttl duration; - listen\-on [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - listen\-on\-v6 [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - lmdb\-mapsize sizeval; - lock\-file ( quoted_string | none ); - managed\-keys\-directory quoted_string; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - match\-mapped\-addresses boolean; - max\-cache\-size ( default | unlimited | sizeval | percentage ); - max\-cache\-ttl duration; - max\-clients\-per\-query integer; - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-ncache\-ttl duration; - max\-records integer; - max\-recursion\-depth integer; - max\-recursion\-queries integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-rsa\-exponent\-size integer; - max\-stale\-ttl duration; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-udp\-size integer; - max\-zone\-ttl ( unlimited | duration ); - memstatistics boolean; - memstatistics\-file quoted_string; - message\-compression boolean; - min\-cache\-ttl duration; - min\-ncache\-ttl duration; - min\-refresh\-time integer; - min\-retry\-time integer; - minimal\-any boolean; - minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); - multi\-master boolean; - new\-zones\-directory quoted_string; - no\-case\-compress { address_match_element; ... }; - nocookie\-udp\-size integer; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-rate integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify\-to\-soa boolean; - nta\-lifetime duration; - nta\-recheck duration; - nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - pid\-file ( quoted_string | none ); - port integer; - preferred\-glue string; - prefetch integer [ integer ]; - provide\-ixfr boolean; - qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - querylog boolean; - random\-device ( quoted_string | none ); - rate\-limit { - all\-per\-second integer; - errors\-per\-second integer; - exempt\-clients { address_match_element; ... }; - ipv4\-prefix\-length integer; - ipv6\-prefix\-length integer; - log\-only boolean; - max\-table\-size integer; - min\-table\-size integer; - nodata\-per\-second integer; - nxdomains\-per\-second integer; - qps\-scale integer; - referrals\-per\-second integer; - responses\-per\-second integer; - slip integer; - window integer; - }; - recursing\-file quoted_string; - recursion boolean; - recursive\-clients integer; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - require\-server\-cookie boolean; - reserved\-sockets integer;// deprecated - resolver\-nonbackoff\-tries integer; - resolver\-query\-timeout integer; - resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size - integer; - response\-policy { zone string [ add\-soa boolean ] [ log - boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval - duration ] [ policy ( cname | disabled | drop | given | no\-op - | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ - recursive\-only boolean ] [ nsip\-enable boolean ] [ - nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ - break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ - min\-update\-interval duration ] [ min\-ns\-dots integer ] [ - nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean - ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] - [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ - dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text - } ]; - reuseport boolean; - root\-delegation\-only [ exclude { string; ... } ]; - root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; - secroots\-file quoted_string; - send\-cookie boolean; - serial\-query\-rate integer; - serial\-update\-method ( date | increment | unixtime ); - server\-id ( quoted_string | none | hostname ); - servfail\-ttl duration; - session\-keyalg string; - session\-keyfile ( quoted_string | none ); - session\-keyname string; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stacksize ( default | unlimited | sizeval ); - stale\-answer\-client\-timeout ( disabled | off | integer ); - stale\-answer\-enable boolean; - stale\-answer\-ttl duration; - stale\-cache\-enable boolean; - stale\-refresh\-time duration; - startup\-notify\-rate integer; - statistics\-file quoted_string; - synth\-from\-dnssec boolean; - tcp\-advertised\-timeout integer; - tcp\-clients integer; - tcp\-idle\-timeout integer; - tcp\-initial\-timeout integer; - tcp\-keepalive\-timeout integer; - tcp\-listen\-queue integer; - tcp\-receive\-buffer integer; - tcp\-send\-buffer integer; - tkey\-dhkey quoted_string integer; - tkey\-domain quoted_string; - tkey\-gssapi\-credential quoted_string; - tkey\-gssapi\-keytab quoted_string; - tls\-port integer; - transfer\-format ( many\-answers | one\-answer ); - transfer\-message\-size integer; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - transfers\-in integer; - transfers\-out integer; - transfers\-per\-ns integer; - trust\-anchor\-telemetry boolean; // experimental - try\-tcp\-refresh boolean; - udp\-receive\-buffer integer; - udp\-send\-buffer integer; - update\-check\-ksk boolean; - use\-alt\-transfer\-source boolean; - use\-v4\-udp\-ports { portrange; ... }; - use\-v6\-udp\-ports { portrange; ... }; - v6\-bias integer; - validate\-except { string; ... }; - version ( quoted_string | none ); - zero\-no\-soa\-ttl boolean; - zero\-no\-soa\-ttl\-cache boolean; - zone\-statistics ( full | terse | none | boolean ); + allow\-new\-zones ; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-cache { ; ... }; + allow\-query\-cache\-on { ; ... }; + allow\-query\-on { ; ... }; + allow\-recursion { ; ... }; + allow\-recursion\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer\-cookie ; + attach\-cache ; + auth\-nxdomain ; + auto\-dnssec ( allow | maintain | off ); + automatic\-interface\-scan ; + avoid\-v4\-udp\-ports { ; ... }; + avoid\-v6\-udp\-ports { ; ... }; + bindkeys\-file ; + blackhole { ; ... }; + catalog\-zones { zone [ default\-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + clients\-per\-query ; + cookie\-algorithm ( aes | siphash24 ); + cookie\-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; + deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; + dialup ( notify | notify\-passive | passive | refresh | ); + directory ; + disable\-algorithms { ; ... }; // may occur multiple times + disable\-ds\-digests { ; ... }; // may occur multiple times + disable\-empty\-zone ; // may occur multiple times + dns64 { + break\-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive\-only ; + suffix ; + }; // may occur multiple times + dns64\-contact ; + dns64\-server ; + dnskey\-sig\-validity ; + dnsrps\-enable ; // not configured + dnsrps\-options { }; // not configured + dnssec\-accept\-expired ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-must\-be\-secure ; // may occur multiple times + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + dnssec\-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap\-identity ( | none | hostname ); // not configured + dnstap\-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap\-version ( | none ); // not configured + dscp ; + dual\-stack\-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump\-file ; + edns\-udp\-size ; + empty\-contact ; + empty\-server ; + empty\-zones\-enable ; + fetch\-quota\-params ; + fetches\-per\-server [ ( drop | fail ) ]; + fetches\-per\-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush\-zones\-on\-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm\-set\-buffer\-hint ; // not configured + fstrm\-set\-flush\-timeout ; // not configured + fstrm\-set\-input\-queue\-size ; // not configured + fstrm\-set\-output\-notify\-threshold ; // not configured + fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured + fstrm\-set\-output\-queue\-size ; // not configured + fstrm\-set\-reopen\-interval ; // not configured + geoip\-directory ( | none ); + heartbeat\-interval ; + hostname ( | none ); + http\-listener\-clients ; + http\-port ; + http\-streams\-per\-connection ; + https\-port ; + interface\-interval ; + ipv4only\-contact ; + ipv4only\-enable ; + ipv4only\-server ; + ixfr\-from\-differences ( primary | master | secondary | slave | ); + keep\-response\-order { ; ... }; // obsolete + key\-directory ; + lame\-ttl ; + listen\-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen\-on\-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb\-mapsize ; + lock\-file ( | none ); + managed\-keys\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + match\-mapped\-addresses ; + max\-cache\-size ( default | unlimited | | ); + max\-cache\-ttl ; + max\-clients\-per\-query ; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-ncache\-ttl ; + max\-records ; + max\-recursion\-depth ; + max\-recursion\-queries ; + max\-refresh\-time ; + max\-retry\-time ; + max\-rsa\-exponent\-size ; + max\-stale\-ttl ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + max\-udp\-size ; + max\-zone\-ttl ( unlimited | ); + memstatistics ; + memstatistics\-file ; + message\-compression ; + min\-cache\-ttl ; + min\-ncache\-ttl ; + min\-refresh\-time ; + min\-retry\-time ; + minimal\-any ; + minimal\-responses ( no\-auth | no\-auth\-recursive | ); + multi\-master ; + new\-zones\-directory ; + no\-case\-compress { ; ... }; + nocookie\-udp\-size ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-rate ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + nta\-lifetime ; + nta\-recheck ; + nxdomain\-redirect ; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid\-file ( | none ); + port ; + preferred\-glue ; + prefetch [ ]; + provide\-ixfr ; + qname\-minimization ( strict | relaxed | disabled | off ); + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random\-device ( | none ); + rate\-limit { + all\-per\-second ; + errors\-per\-second ; + exempt\-clients { ; ... }; + ipv4\-prefix\-length ; + ipv6\-prefix\-length ; + log\-only ; + max\-table\-size ; + min\-table\-size ; + nodata\-per\-second ; + nxdomains\-per\-second ; + qps\-scale ; + referrals\-per\-second ; + responses\-per\-second ; + slip ; + window ; + }; + recursing\-file ; + recursion ; + recursive\-clients ; + request\-expire ; + request\-ixfr ; + request\-nsid ; + require\-server\-cookie ; + reserved\-sockets ; // deprecated + resolver\-nonbackoff\-tries ; + resolver\-query\-timeout ; + resolver\-retry\-interval ; + response\-padding { ; ... } block\-size ; + response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; + reuseport ; + root\-delegation\-only [ exclude { ; ... } ]; + root\-key\-sentinel ; + rrset\-order { [ class ] [ type ] [ name ] ; ... }; + secroots\-file ; + send\-cookie ; + serial\-query\-rate ; + serial\-update\-method ( date | increment | unixtime ); + server\-id ( | none | hostname ); + servfail\-ttl ; + session\-keyalg ; + session\-keyfile ( | none ); + session\-keyname ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale\-answer\-client\-timeout ( disabled | off | ); + stale\-answer\-enable ; + stale\-answer\-ttl ; + stale\-cache\-enable ; + stale\-refresh\-time ; + startup\-notify\-rate ; + statistics\-file ; + suppress\-initial\-notify ; // obsolete + synth\-from\-dnssec ; + tcp\-advertised\-timeout ; + tcp\-clients ; + tcp\-idle\-timeout ; + tcp\-initial\-timeout ; + tcp\-keepalive\-timeout ; + tcp\-listen\-queue ; + tcp\-receive\-buffer ; + tcp\-send\-buffer ; + tkey\-dhkey ; + tkey\-domain ; + tkey\-gssapi\-credential ; + tkey\-gssapi\-keytab ; + tls\-port ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-message\-size ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers\-in ; + transfers\-out ; + transfers\-per\-ns ; + trust\-anchor\-telemetry ; // experimental + try\-tcp\-refresh ; + udp\-receive\-buffer ; + udp\-send\-buffer ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + use\-v4\-udp\-ports { ; ... }; + use\-v6\-udp\-ports { ; ... }; + v6\-bias ; + validate\-except { ; ... }; + version ( | none ); + zero\-no\-soa\-ttl ; + zero\-no\-soa\-ttl\-cache ; + zone\-statistics ( full | terse | none | ); }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PARENTAL\-AGENTS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -parental\-agents string [ port integer ] [ - dscp integer ] { ( remote\-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PLUGIN -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -plugin ( query ) string [ { unspecified\-text - } ]; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PRIMARIES -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -primaries string [ port integer ] [ dscp - integer ] { ( remote\-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS SERVER -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -server netprefix { - bogus boolean; - edns boolean; - edns\-udp\-size integer; - edns\-version integer; - keys server_key; - max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - padding integer; - provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - send\-cookie boolean; - tcp\-keepalive boolean; - tcp\-only boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - transfers integer; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS STATISTICS\-CHANNELS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + +parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times + +plugin ( query ) [ { } ]; // may occur multiple times + +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times + +server { + bogus ; + edns ; + edns\-udp\-size ; + edns\-version ; + keys ; + max\-udp\-size ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide\-ixfr ; + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request\-expire ; + request\-ixfr ; + request\-nsid ; + send\-cookie ; + tcp\-keepalive ; + tcp\-only ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; +}; // may occur multiple times + statistics\-channels { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] [ - allow { address_match_element; ... - } ]; -}; + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times +}; // may occur multiple times + +tls { + ca\-file ; + cert\-file ; + ciphers ; + dhparam\-file ; + key\-file ; + prefer\-server\-ciphers ; + protocols { ; ... }; + remote\-hostname ; + session\-tickets ; +}; // may occur multiple times + +trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times + +trusted\-keys { ; ... }; // may occur multiple times, deprecated + +view [ ] { + allow\-new\-zones ; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-cache { ; ... }; + allow\-query\-cache\-on { ; ... }; + allow\-query\-on { ; ... }; + allow\-recursion { ; ... }; + allow\-recursion\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach\-cache ; + auth\-nxdomain ; + auto\-dnssec ( allow | maintain | off ); + catalog\-zones { zone [ default\-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + clients\-per\-query ; + deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; + deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; + dialup ( notify | notify\-passive | passive | refresh | ); + disable\-algorithms { ; ... }; // may occur multiple times + disable\-ds\-digests { ; ... }; // may occur multiple times + disable\-empty\-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break\-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive\-only ; + suffix ; + }; // may occur multiple times + dns64\-contact ; + dns64\-server ; + dnskey\-sig\-validity ; + dnsrps\-enable ; // not configured + dnsrps\-options { }; // not configured + dnssec\-accept\-expired ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-must\-be\-secure ; // may occur multiple times + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + dnssec\-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual\-stack\-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns\-udp\-size ; + empty\-contact ; + empty\-server ; + empty\-zones\-enable ; + fetch\-quota\-params ; + fetches\-per\-server [ ( drop | fail ) ]; + fetches\-per\-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + ipv4only\-contact ; + ipv4only\-enable ; + ipv4only\-server ; + ixfr\-from\-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key\-directory ; + lame\-ttl ; + lmdb\-mapsize ; + managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + match\-clients { ; ... }; + match\-destinations { ; ... }; + match\-recursive\-only ; + max\-cache\-size ( default | unlimited | | ); + max\-cache\-ttl ; + max\-clients\-per\-query ; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-ncache\-ttl ; + max\-records ; + max\-recursion\-depth ; + max\-recursion\-queries ; + max\-refresh\-time ; + max\-retry\-time ; + max\-stale\-ttl ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + max\-udp\-size ; + max\-zone\-ttl ( unlimited | ); + message\-compression ; + min\-cache\-ttl ; + min\-ncache\-ttl ; + min\-refresh\-time ; + min\-retry\-time ; + minimal\-any ; + minimal\-responses ( no\-auth | no\-auth\-recursive | ); + multi\-master ; + new\-zones\-directory ; + no\-case\-compress { ; ... }; + nocookie\-udp\-size ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + nta\-lifetime ; + nta\-recheck ; + nxdomain\-redirect ; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred\-glue ; + prefetch [ ]; + provide\-ixfr ; + qname\-minimization ( strict | relaxed | disabled | off ); + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate\-limit { + all\-per\-second ; + errors\-per\-second ; + exempt\-clients { ; ... }; + ipv4\-prefix\-length ; + ipv6\-prefix\-length ; + log\-only ; + max\-table\-size ; + min\-table\-size ; + nodata\-per\-second ; + nxdomains\-per\-second ; + qps\-scale ; + referrals\-per\-second ; + responses\-per\-second ; + slip ; + window ; + }; + recursion ; + request\-expire ; + request\-ixfr ; + request\-nsid ; + require\-server\-cookie ; + resolver\-nonbackoff\-tries ; + resolver\-query\-timeout ; + resolver\-retry\-interval ; + response\-padding { ; ... } block\-size ; + response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; + root\-delegation\-only [ exclude { ; ... } ]; + root\-key\-sentinel ; + rrset\-order { [ class ] [ type ] [ name ] ; ... }; + send\-cookie ; + serial\-update\-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns\-udp\-size ; + edns\-version ; + keys ; + max\-udp\-size ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide\-ixfr ; + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request\-expire ; + request\-ixfr ; + request\-nsid ; + send\-cookie ; + tcp\-keepalive ; + tcp\-only ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail\-ttl ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + sortlist { ; ... }; + stale\-answer\-client\-timeout ( disabled | off | ); + stale\-answer\-enable ; + stale\-answer\-ttl ; + stale\-cache\-enable ; + stale\-refresh\-time ; + suppress\-initial\-notify ; // obsolete + synth\-from\-dnssec ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust\-anchor\-telemetry ; // experimental + trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times + trusted\-keys { ; ... }; // may occur multiple times, deprecated + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + v6\-bias ; + validate\-except { ; ... }; + zero\-no\-soa\-ttl ; + zero\-no\-soa\-ttl\-cache ; + zone\-statistics ( full | terse | none | ); +}; // may occur multiple times + + .ft P .fi .UNINDENT .UNINDENT -.SS TLS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -tls string { - ca\-file quoted_string; - cert\-file quoted_string; - ciphers string; - dhparam\-file quoted_string; - key\-file quoted_string; - prefer\-server\-ciphers boolean; - protocols { string; ... }; - remote\-hostname quoted_string; - session\-tickets boolean; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS TRUST\-ANCHORS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -trust\-anchors { string ( static\-key | - initial\-key | static\-ds | initial\-ds ) - integer integer integer - quoted_string; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS TRUSTED\-KEYS -.sp -Deprecated \- see DNSSEC\-KEYS. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -trusted\-keys { string integer - integer integer - quoted_string; ... };, deprecated -.ft P -.fi -.UNINDENT -.UNINDENT -.SS VIEW -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -view string [ class ] { - allow\-new\-zones boolean; - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-cache { address_match_element; ... }; - allow\-query\-cache\-on { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-recursion { address_match_element; ... }; - allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - attach\-cache string; - auth\-nxdomain boolean; - auto\-dnssec ( allow | maintain | off ); - catalog\-zones { zone string [ default\-primaries [ port integer - ] [ dscp integer ] { ( remote\-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - clients\-per\-query integer; - deny\-answer\-addresses { address_match_element; ... } [ - except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... - } ]; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - disable\-algorithms string { string; - ... }; - disable\-ds\-digests string { string; - ... }; - disable\-empty\-zone string; - dlz string { - database string; - search boolean; - }; - dns64 netprefix { - break\-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive\-only boolean; - suffix ipv6_address; - }; - dns64\-contact string; - dns64\-server string; - dnskey\-sig\-validity integer; - dnsrps\-enable boolean; - dnsrps\-options { unspecified\-text }; - dnssec\-accept\-expired boolean; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-must\-be\-secure string boolean; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { - unspecified\-text }; - edns\-udp\-size integer; - empty\-contact string; - empty\-server string; - empty\-zones\-enable boolean; - fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; - fetches\-per\-server integer [ ( drop | fail ) ]; - fetches\-per\-zone integer [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - ipv4only\-contact string; - ipv4only\-enable boolean; - ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | - boolean ); - key string { - algorithm string; - secret string; - }; - key\-directory quoted_string; - lame\-ttl duration; - lmdb\-mapsize sizeval; - managed\-keys { string ( - static\-key | initial\-key - | static\-ds | initial\-ds - ) integer integer - integer - quoted_string; ... };, deprecated - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - match\-clients { address_match_element; ... }; - match\-destinations { address_match_element; ... }; - match\-recursive\-only boolean; - max\-cache\-size ( default | unlimited | sizeval | percentage ); - max\-cache\-ttl duration; - max\-clients\-per\-query integer; - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-ncache\-ttl duration; - max\-records integer; - max\-recursion\-depth integer; - max\-recursion\-queries integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-stale\-ttl duration; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-udp\-size integer; - max\-zone\-ttl ( unlimited | duration ); - message\-compression boolean; - min\-cache\-ttl duration; - min\-ncache\-ttl duration; - min\-refresh\-time integer; - min\-retry\-time integer; - minimal\-any boolean; - minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); - multi\-master boolean; - new\-zones\-directory quoted_string; - no\-case\-compress { address_match_element; ... }; - nocookie\-udp\-size integer; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; - notify\-to\-soa boolean; - nta\-lifetime duration; - nta\-recheck duration; - nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - plugin ( query ) string [ { - unspecified\-text } ]; - preferred\-glue string; - prefetch integer [ integer ]; - provide\-ixfr boolean; - qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - rate\-limit { - all\-per\-second integer; - errors\-per\-second integer; - exempt\-clients { address_match_element; ... }; - ipv4\-prefix\-length integer; - ipv6\-prefix\-length integer; - log\-only boolean; - max\-table\-size integer; - min\-table\-size integer; - nodata\-per\-second integer; - nxdomains\-per\-second integer; - qps\-scale integer; - referrals\-per\-second integer; - responses\-per\-second integer; - slip integer; - window integer; - }; - recursion boolean; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - require\-server\-cookie boolean; - resolver\-nonbackoff\-tries integer; - resolver\-query\-timeout integer; - resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size - integer; - response\-policy { zone string [ add\-soa boolean ] [ log - boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval - duration ] [ policy ( cname | disabled | drop | given | no\-op - | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ - recursive\-only boolean ] [ nsip\-enable boolean ] [ - nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ - break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ - min\-update\-interval duration ] [ min\-ns\-dots integer ] [ - nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean - ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] - [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ - dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text - } ]; - root\-delegation\-only [ exclude { string; ... } ]; - root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; - send\-cookie boolean; - serial\-update\-method ( date | increment | unixtime ); - server netprefix { - bogus boolean; - edns boolean; - edns\-udp\-size integer; - edns\-version integer; - keys server_key; - max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; - padding integer; - provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port - ( integer | * ) ] ) | ( [ [ address ] ( - ipv4_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ - port ( integer | * ) ] ) | ( [ [ address ] ( - ipv6_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - send\-cookie boolean; - tcp\-keepalive boolean; - tcp\-only boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; - transfers integer; - }; - servfail\-ttl duration; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stale\-answer\-client\-timeout ( disabled | off | integer ); - stale\-answer\-enable boolean; - stale\-answer\-ttl duration; - stale\-cache\-enable boolean; - stale\-refresh\-time duration; - synth\-from\-dnssec boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - trust\-anchor\-telemetry boolean; // experimental - trust\-anchors { string ( static\-key | - initial\-key | static\-ds | initial\-ds - ) integer integer integer - quoted_string; ... }; - trusted\-keys { string - integer integer - integer - quoted_string; ... };, deprecated - try\-tcp\-refresh boolean; - update\-check\-ksk boolean; - use\-alt\-transfer\-source boolean; - v6\-bias integer; - validate\-except { string; ... }; - zero\-no\-soa\-ttl boolean; - zero\-no\-soa\-ttl\-cache boolean; - zone\-statistics ( full | terse | none | boolean ); -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS ZONE .sp Any of these zone statements can also be set inside the view statement. .INDENT 0.0 @@ -984,66 +662,68 @@ Any of these zone statements can also be set inside the view statement. .nf .ft C zone [ ] { - type primary; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto\-dnssec ( allow | maintain | off ); - check\-dup\-records ( fail | warn | ignore ); - check\-integrity ; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( fail | warn | ignore ); - check\-sibling ; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard ; - database ; - dialup ( notify | notify\-passive | passive | refresh | ); - dlz ; - dnskey\-sig\-validity ; - dnssec\-dnskey\-kskonly ; - dnssec\-loadkeys\-interval ; - dnssec\-policy ; - dnssec\-secure\-to\-insecure ; - dnssec\-update\-mode ( maintain | no\-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline\-signing ; - ixfr\-from\-differences ; - journal ; - key\-directory ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-out ; - max\-zone\-ttl ( unlimited | ); - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-to\-soa ; - parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - serial\-update\-method ( date | increment | unixtime ); - sig\-signing\-nodes ; - sig\-signing\-signatures ; - sig\-signing\-type ; - sig\-validity\-interval [ ]; - update\-check\-ksk ; - update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type primary; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( fail | warn | ignore ); + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-out ; + max\-zone\-ttl ( unlimited | ); + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + serial\-update\-method ( date | increment | unixtime ); + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + update\-check\-ksk ; + update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1054,69 +734,71 @@ zone [ ] { .nf .ft C zone [ ] { - type secondary; - allow\-notify { ; ... }; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update\-forwarding { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto\-dnssec ( allow | maintain | off ); - check\-names ( fail | warn | ignore ); - database ; - dialup ( notify | notify\-passive | passive | refresh | ); - dlz ; - dnskey\-sig\-validity ; - dnssec\-dnskey\-kskonly ; - dnssec\-loadkeys\-interval ; - dnssec\-policy ; - dnssec\-update\-mode ( maintain | no\-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline\-signing ; - ixfr\-from\-differences ; - journal ; - key\-directory ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-in ; - max\-transfer\-time\-out ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-to\-soa ; - parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request\-expire ; - request\-ixfr ; - sig\-signing\-nodes ; - sig\-signing\-signatures ; - sig\-signing\-type ; - sig\-validity\-interval [ ]; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try\-tcp\-refresh ; - update\-check\-ksk ; - use\-alt\-transfer\-source ; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type secondary; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-names ( fail | warn | ignore ); + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1127,48 +809,49 @@ zone [ ] { .nf .ft C zone [ ] { - type mirror; - allow\-notify { ; ... }; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update\-forwarding { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - check\-names ( fail | warn | ignore ); - database ; - file ; - ixfr\-from\-differences ; - journal ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-in ; - max\-transfer\-time\-out ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request\-expire ; - request\-ixfr ; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try\-tcp\-refresh ; - use\-alt\-transfer\-source ; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type mirror; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + check\-names ( fail | warn | ignore ); + database ; + file ; + ixfr\-from\-differences ; + journal ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1179,11 +862,12 @@ zone [ ] { .nf .ft C zone [ ] { - type forward; - delegation\-only ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + type forward; + delegation\-only ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; }; + .ft P .fi .UNINDENT @@ -1194,11 +878,12 @@ zone [ ] { .nf .ft C zone [ ] { - type hint; - check\-names ( fail | warn | ignore ); - delegation\-only ; - file ; + type hint; + check\-names ( fail | warn | ignore ); + delegation\-only ; + file ; }; + .ft P .fi .UNINDENT @@ -1209,18 +894,19 @@ zone [ ] { .nf .ft C zone [ ] { - type redirect; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - dlz ; - file ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-records ; - max\-zone\-ttl ( unlimited | ); - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - zone\-statistics ( full | terse | none | ); + type redirect; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + dlz ; + file ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-zone\-ttl ( unlimited | ); + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1231,16 +917,17 @@ zone [ ] { .nf .ft C zone [ ] { - type static\-stub; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - max\-records ; - server\-addresses { ( | ); ... }; - server\-names { ; ... }; - zone\-statistics ( full | terse | none | ); + type static\-stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + max\-records ; + server\-addresses { ( | ); ... }; + server\-names { ; ... }; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1251,32 +938,33 @@ zone [ ] { .nf .ft C zone [ ] { - type stub; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - check\-names ( fail | warn | ignore ); - database ; - delegation\-only ; - dialup ( notify | notify\-passive | passive | refresh | ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-time\-in ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - use\-alt\-transfer\-source ; - zone\-statistics ( full | terse | none | ); + type stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + check\-names ( fail | warn | ignore ); + database ; + delegation\-only ; + dialup ( notify | notify\-passive | passive | refresh | ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-time\-in ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + use\-alt\-transfer\-source ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1287,8 +975,9 @@ zone [ ] { .nf .ft C zone [ ] { - type delegation\-only; + type delegation\-only; }; + .ft P .fi .UNINDENT @@ -1299,8 +988,9 @@ zone [ ] { .nf .ft C zone [ ] { - in\-view ; + in\-view ; }; + .ft P .fi .UNINDENT diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index 7481632e96..8d7c80d9c4 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -2,8 +2,8 @@ include $(top_srcdir)/Makefile.top include $(top_srcdir)/Makefile.docs OPTIONS_FILES = \ + rndc.grammar \ options \ - options.active \ primary.zoneopt \ secondary.zoneopt \ mirror.zoneopt \ @@ -13,40 +13,12 @@ OPTIONS_FILES = \ static-stub.zoneopt \ redirect.zoneopt \ delegation-only.zoneopt \ - in-view.zoneopt \ - ../../bin/named/named.conf.rst \ - primary.zoneopt.rst \ - secondary.zoneopt.rst \ - mirror.zoneopt.rst \ - forward.zoneopt.rst \ - hint.zoneopt.rst \ - stub.zoneopt.rst \ - static-stub.zoneopt.rst \ - redirect.zoneopt.rst \ - delegation-only.zoneopt.rst \ - in-view.zoneopt.rst \ - acl.grammar.rst \ - controls.grammar.rst \ - dnssec-policy.grammar.rst \ - key.grammar.rst \ - logging.grammar.rst \ - primaries.grammar.rst \ - options.grammar.rst \ - server.grammar.rst \ - statistics-channels.grammar.rst \ - tls.grammar.rst \ - trust-anchors.grammar.rst \ - managed-keys.grammar.rst \ - trusted-keys.grammar.rst \ - http.grammar.rst \ - parental-agents.grammar.rst + in-view.zoneopt EXTRA_DIST = \ $(OPTIONS_FILES) \ - format-options.pl \ - rst-grammars.pl \ - rst-options.pl \ - rst-zoneopt.pl \ + checkgrammar.py \ + parsegrammar.py \ sort-options.pl if MAINTAINER_MODE @@ -69,118 +41,40 @@ cfg_test_LDADD = \ BUILT_SOURCES = \ $(OPTIONS_FILES) -options: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ +rndc.grammar: cfg_test + $(AM_V_CFG_TEST)$(builddir)/cfg_test --rndc --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ -options.active: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ +options: cfg_test + $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ primary.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary > $@ secondary.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary > $@ mirror.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror > $@ forward.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward > $@ hint.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint > $@ stub.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub > $@ static-stub.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub > $@ redirect.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect > $@ delegation-only.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only > $@ in-view.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@ - -../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst - $(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@ - -primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl primary.zoneopt > $@ - -secondary.zoneopt.rst: secondary.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl secondary.zoneopt > $@ - -mirror.zoneopt.rst: mirror.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl mirror.zoneopt > $@ - -forward.zoneopt.rst: forward.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl forward.zoneopt > $@ - -hint.zoneopt.rst: hint.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl hint.zoneopt > $@ - -stub.zoneopt.rst: stub.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl stub.zoneopt > $@ - -static-stub.zoneopt.rst: static-stub.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl static-stub.zoneopt > $@ - -redirect.zoneopt.rst: redirect.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl redirect.zoneopt > $@ - -delegation-only.zoneopt.rst: delegation-only.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl delegation-only.zoneopt > $@ - -in-view.zoneopt.rst: in-view.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl in-view.zoneopt > $@ - -acl.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active acl > $@ - -controls.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active controls > $@ - -dnssec-policy.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active dnssec-policy > $@ - -key.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active key > $@ - -logging.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active logging > $@ - -primaries.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active primaries > $@ - -options.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active options > $@ - -server.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active server > $@ - -statistics-channels.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active statistics-channels > $@ - -tls.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active tls > $@ - -trust-anchors.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trust-anchors > $@ - -managed-keys.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active managed-keys > $@ - -trusted-keys.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trusted-keys > $@ - -http.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active http > $@ - -parental-agents.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active parental-agents > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view > $@ endif diff --git a/doc/misc/acl.grammar.rst b/doc/misc/acl.grammar.rst deleted file mode 100644 index d27dab3a15..0000000000 --- a/doc/misc/acl.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - acl { ; ... }; diff --git a/doc/misc/checkgrammar.py b/doc/misc/checkgrammar.py new file mode 100644 index 0000000000..09984eceb4 --- /dev/null +++ b/doc/misc/checkgrammar.py @@ -0,0 +1,167 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +""" +Utility to check ISC config grammar consistency. It detects statement names +which use different grammar depending on position in the configuration file. +E.g. "max-zone-ttl" in dnssec-policy uses '' +vs. '( unlimited | ) used in options. +""" + +from collections import namedtuple +from itertools import groupby +import fileinput + +import parsegrammar + + +def statement2block(grammar, path): + """Return mapping statement name to "path" where it is allowed. + _top is placeholder name for the namesless topmost context. + + E.g. { + 'options: [('_top',)], + 'server': [('_top', 'view'), ('_top',)], + 'rate-limit': [('_top', 'options'), ('_top', 'view')], + 'slip': [('_top', 'options', 'rate-limit'), ('_top', 'view', 'rate-limit')] + } + """ + key2place = {} + + for key in grammar: + assert not key.startswith("_") + key2place.setdefault(key, []).append(tuple(path)) + if "_mapbody" in grammar[key]: + nested2block = statement2block(grammar[key]["_mapbody"], path + [key]) + # merge to uppermost output dictionary + for nested_key, nested_path in nested2block.items(): + key2place.setdefault(nested_key, []).extend(nested_path) + return key2place + + +def get_statement_grammar(grammar, path, name): + """Descend into grammar dict using provided path + and return final dict found there. + + Intermediate steps into "_mapbody" subkeys are done automatically. + """ + assert path[0] == "_top" + path = list(path) + [name] + for step in path[1:]: + if "_mapbody" in grammar: + grammar = grammar["_mapbody"] + grammar = grammar[step] + return grammar + + +Statement = namedtuple("Statement", ["path", "name", "subgrammar"]) + + +def groupby_grammar(statements): + """ + Return groups of Statement tuples with identical grammars and flags. + See itertools.groupby. + """ + + def keyfunc(statement): + return sorted(statement.subgrammar.items()) + + groups = [] + statements = sorted(statements, key=keyfunc) + for _key, group in groupby(statements, keyfunc): + groups.append(list(group)) # Store group iterator as a list + return groups + + +def diff_statements(whole_grammar, places): + """ + Return map {statement name: [groups of [Statement]s with identical grammar]. + """ + out = {} + for statement_name, paths in places.items(): + grammars = [] + for path in paths: + statement_grammar = get_statement_grammar( + whole_grammar, path, statement_name + ) + grammars.append(Statement(path, statement_name, statement_grammar)) + groups = groupby_grammar(grammars) + out[statement_name] = groups + return out + + +def pformat_grammar(node, level=1): + """Pretty print a given grammar node in the same way as cfg_test would""" + + def sortkey(item): + """Treat 'type' specially and always put it first, for zone types""" + key, _ = item + if key == "type": + return "" + return key + + if "_grammar" in node: # no nesting + assert "_id" not in node + assert "_mapbody" not in node + out = node["_grammar"] + ";" + if "_flags" in node: + out += " // " + ", ".join(node["_flags"]) + return out + "\n" + + # a nested map + out = "" + indent = level * "\t" + if not node.get("_ignore_this_level"): + if "_id" in node: + out += node["_id"] + " " + out += "{\n" + + for key, subnode in sorted(node["_mapbody"].items(), key=sortkey): + if not subnode.get("_ignore_this_level"): + out += f"{indent}{subnode.get('_pprint_name', key)}" + inner_grammar = pformat_grammar(node["_mapbody"][key], level=level + 1) + else: # act as if we were not in a map + inner_grammar = pformat_grammar(node["_mapbody"][key], level=level) + if inner_grammar[0] != ";": # we _did_ find some arguments + out += " " + out += inner_grammar + + if not node.get("_ignore_this_level"): + out += indent[:-1] + "};" # unindent the closing bracket + if "_flags" in node: + out += " // " + ", ".join(node["_flags"]) + return out + "\n" + + +def main(): + """ + Ingest output from cfg_test --grammar and print out statements which use + different grammar in different contexts. + """ + with fileinput.input() as filein: + grammar = parsegrammar.parse_mapbody(filein) + places = statement2block(grammar, ["_top"]) + + for statementname, groups in diff_statements(grammar, places).items(): + if len(groups) > 1: + print(f'statement "{statementname}" is inconsistent across blocks') + for group in groups: + print( + "- path:", ", ".join(" -> ".join(variant.path) for variant in group) + ) + print(" ", pformat_grammar(group[0].subgrammar, level=1)) + print() + + +if __name__ == "__main__": + main() diff --git a/doc/misc/controls.grammar.rst b/doc/misc/controls.grammar.rst deleted file mode 100644 index 440bce4929..0000000000 --- a/doc/misc/controls.grammar.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; - }; diff --git a/doc/misc/delegation-only.zoneopt.rst b/doc/misc/delegation-only.zoneopt.rst deleted file mode 100644 index 2a262d14f2..0000000000 --- a/doc/misc/delegation-only.zoneopt.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type delegation-only; - }; diff --git a/doc/misc/dnssec-policy.grammar.rst b/doc/misc/dnssec-policy.grammar.rst deleted file mode 100644 index 0aec73b683..0000000000 --- a/doc/misc/dnssec-policy.grammar.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; - }; diff --git a/doc/misc/format-options.pl b/doc/misc/format-options.pl deleted file mode 100644 index b152b844a5..0000000000 --- a/doc/misc/format-options.pl +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use Getopt::Long; - -my $strip_not_configured = ''; - -GetOptions ('strip-not-configured' => \$strip_not_configured); - -print <) { - chomp; - s/\t/ /g; - my $line = $_; - m!^( *)!; - my $indent = $1; - my $comment = ""; - $line =~ s! // not configured,! //! if $strip_not_configured; - $line =~ s! // not configured!! if $strip_not_configured; - if ( $line =~ m!//.*! ) { - $comment = $&; - $line =~ s!//.*!!; - } - my $start = ""; - while (length($line) >= 79 - length($comment)) { - $_ = $line; - # this makes sure that the comment has something in front of it - $len = 75 - length($comment); - m!^(.{0,$len}) (.*)$!; - $start = $start.$1."\n"; - $line = $indent." ".$2; - } - print $start.$line.$comment."\n"; -} diff --git a/doc/misc/forward.zoneopt.rst b/doc/misc/forward.zoneopt.rst deleted file mode 100644 index 3ced3ac356..0000000000 --- a/doc/misc/forward.zoneopt.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type forward; - delegation-only ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - }; diff --git a/doc/misc/hint.zoneopt.rst b/doc/misc/hint.zoneopt.rst deleted file mode 100644 index 998e66240c..0000000000 --- a/doc/misc/hint.zoneopt.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type hint; - check-names ( fail | warn | ignore ); - delegation-only ; - file ; - }; diff --git a/doc/misc/http.grammar.rst b/doc/misc/http.grammar.rst deleted file mode 100644 index 89f0457011..0000000000 --- a/doc/misc/http.grammar.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; - }; diff --git a/doc/misc/in-view.zoneopt.rst b/doc/misc/in-view.zoneopt.rst deleted file mode 100644 index df1a587307..0000000000 --- a/doc/misc/in-view.zoneopt.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - in-view ; - }; diff --git a/doc/misc/key.grammar.rst b/doc/misc/key.grammar.rst deleted file mode 100644 index a417997a72..0000000000 --- a/doc/misc/key.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - key { - algorithm ; - secret ; - }; diff --git a/doc/misc/logging.grammar.rst b/doc/misc/logging.grammar.rst deleted file mode 100644 index 377d6e968d..0000000000 --- a/doc/misc/logging.grammar.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - logging { - category { ; ... }; - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; - }; diff --git a/doc/misc/managed-keys.grammar.rst b/doc/misc/managed-keys.grammar.rst deleted file mode 100644 index a57f8ef8a6..0000000000 --- a/doc/misc/managed-keys.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... };, deprecated diff --git a/doc/misc/mirror.zoneopt.rst b/doc/misc/mirror.zoneopt.rst deleted file mode 100644 index 6262f4b712..0000000000 --- a/doc/misc/mirror.zoneopt.rst +++ /dev/null @@ -1,56 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type mirror; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - check-names ( fail | warn | ignore ); - database ; - file ; - ixfr-from-differences ; - journal ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request-expire ; - request-ixfr ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try-tcp-refresh ; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/options b/doc/misc/options index bffd4e7a90..37558e36da 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -1,762 +1,594 @@ - -This is a summary of the named.conf options supported by -this version of BIND 9. - acl { ; ... }; // may occur multiple times controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times }; // may occur multiple times dlz { - database ; - search ; + database ; + search ; }; // may occur multiple times dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - parent-registration-delay ; // obsolete - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; + dnskey-ttl ; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; + max-zone-ttl ; + nsec3param [ iterations ] [ optout ] [ salt-length ]; + parent-ds-ttl ; + parent-propagation-delay ; + parent-registration-delay ; // obsolete + publish-safety ; + purge-keys ; + retire-safety ; + signatures-refresh ; + signatures-validity ; + signatures-validity-dnskey ; + zone-propagation-delay ; }; // may occur multiple times -dyndb { - }; // may occur multiple times +dyndb { }; // may occur multiple times http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; + endpoints { ; ... }; + listener-clients ; + streams-per-connection ; }; // may occur multiple times key { - algorithm ; - secret ; + algorithm ; + secret ; }; // may occur multiple times logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print-category ; + print-severity ; + print-time ( iso8601 | iso8601-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... }; // may occur multiple times, deprecated +managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - keep-response-order { ; ... }; // obsolete - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - suppress-initial-notify ; // obsolete - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer-cookie ; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + automatic-interface-scan ; + avoid-v4-udp-ports { ; ... }; + avoid-v6-udp-ports { ; ... }; + bindkeys-file ; + blackhole { ; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + cookie-algorithm ( aes | siphash24 ); + cookie-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + directory ; + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap-identity ( | none | hostname ); // not configured + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap-version ( | none ); // not configured + dscp ; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump-file ; + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush-zones-on-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm-set-buffer-hint ; // not configured + fstrm-set-flush-timeout ; // not configured + fstrm-set-input-queue-size ; // not configured + fstrm-set-output-notify-threshold ; // not configured + fstrm-set-output-queue-model ( mpsc | spsc ); // not configured + fstrm-set-output-queue-size ; // not configured + fstrm-set-reopen-interval ; // not configured + geoip-directory ( | none ); + heartbeat-interval ; + hostname ( | none ); + http-listener-clients ; + http-port ; + http-streams-per-connection ; + https-port ; + interface-interval ; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + keep-response-order { ; ... }; // obsolete + key-directory ; + lame-ttl ; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb-mapsize ; + lock-file ( | none ); + managed-keys-directory ; + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-rsa-exponent-size ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + memstatistics ; + memstatistics-file ; + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-rate ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nsec3-test-zone ; // test only + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid-file ( | none ); + port ; + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random-device ( | none ); + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursing-file ; + recursion ; + recursive-clients ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + reserved-sockets ; // deprecated + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + reuseport ; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + secroots-file ; + send-cookie ; + serial-query-rate ; + serial-update-method ( date | increment | unixtime ); + server-id ( | none | hostname ); + servfail-ttl ; + session-keyalg ; + session-keyfile ( | none ); + session-keyname ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + startup-notify-rate ; + statistics-file ; + suppress-initial-notify ; // obsolete + synth-from-dnssec ; + tcp-advertised-timeout ; + tcp-clients ; + tcp-idle-timeout ; + tcp-initial-timeout ; + tcp-keepalive-timeout ; + tcp-listen-queue ; + tcp-receive-buffer ; + tcp-send-buffer ; + tkey-dhkey ; + tkey-domain ; + tkey-gssapi-credential ; + tkey-gssapi-keytab ; + tls-port ; + transfer-format ( many-answers | one-answer ); + transfer-message-size ; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers-in ; + transfers-out ; + transfers-per-ns ; + trust-anchor-telemetry ; // experimental + try-tcp-refresh ; + udp-receive-buffer ; + udp-send-buffer ; + update-check-ksk ; + use-alt-transfer-source ; + use-v4-udp-ports { ; ... }; + use-v6-udp-ports { ; ... }; + v6-bias ; + validate-except { ; ... }; + version ( | none ); + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; -parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times -plugin ( query ) [ { - } ]; // may occur multiple times +plugin ( query ) [ { } ]; // may occur multiple times -primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; }; // may occur multiple times statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times }; // may occur multiple times tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; + ca-file ; + cert-file ; + ciphers ; + dhparam-file ; + key-file ; + prefer-server-ciphers ; + protocols { ; ... }; + remote-hostname ; + session-tickets ; }; // may occur multiple times -trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; // may occur multiple times +trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times -trusted-keys { - - ; ... }; // may occur multiple times, deprecated +trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dyndb { - }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( - static-key | initial-key - | static-ds | initial-ds - ) - - ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - plugin ( query ) [ { - } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port - ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ - port ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - suppress-initial-notify ; // obsolete - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds - ) - ; ... }; // may occur multiple times - trusted-keys { - - - ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key-directory ; + lame-ttl ; + lmdb-mapsize ; + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-clients { ; ... }; + match-destinations { ; ... }; + match-recursive-only ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nsec3-test-zone ; // test only + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursion ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + send-cookie ; + serial-update-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail-ttl ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + suppress-initial-notify ; // obsolete + synth-from-dnssec ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust-anchor-telemetry ; // experimental + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times + trusted-keys { ; ... }; // may occur multiple times, deprecated + try-tcp-refresh ; + update-check-ksk ; + use-alt-transfer-source ; + v6-bias ; + validate-except { ; ... }; + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.active b/doc/misc/options.active deleted file mode 100644 index cedb810e39..0000000000 --- a/doc/misc/options.active +++ /dev/null @@ -1,756 +0,0 @@ - -This is a summary of the named.conf options supported by -this version of BIND 9. - -acl { ; ... }; // may occur multiple times - -controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times -}; // may occur multiple times - -dlz { - database ; - search ; -}; // may occur multiple times - -dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; -}; // may occur multiple times - -dyndb { - }; // may occur multiple times - -http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; -}; // may occur multiple times - -key { - algorithm ; - secret ; -}; // may occur multiple times - -logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times -}; - -managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... }; // may occur multiple times, deprecated - -options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); -}; - -parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times - -plugin ( query ) [ { - } ]; // may occur multiple times - -primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times - -server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; -}; // may occur multiple times - -statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; // may occur multiple times -}; // may occur multiple times - -tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; -}; // may occur multiple times - -trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; // may occur multiple times - -trusted-keys { - - ; ... }; // may occur multiple times, deprecated - -view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dyndb { - }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( - static-key | initial-key - | static-ds | initial-ds - ) - - ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - plugin ( query ) [ { - } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port - ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ - port ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds - ) - ; ... }; // may occur multiple times - trusted-keys { - - - ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst deleted file mode 100644 index d0e8eeea3a..0000000000 --- a/doc/misc/options.grammar.rst +++ /dev/null @@ -1,327 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; - disable-ds-digests { ; - ... }; - disable-empty-zone ; - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/parental-agents.grammar.rst b/doc/misc/parental-agents.grammar.rst deleted file mode 100644 index f30e6a8105..0000000000 --- a/doc/misc/parental-agents.grammar.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; diff --git a/doc/misc/parsegrammar.py b/doc/misc/parsegrammar.py new file mode 100644 index 0000000000..b3fede04e5 --- /dev/null +++ b/doc/misc/parsegrammar.py @@ -0,0 +1,194 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +""" +Read ISC config grammar description produced by "cfg_test --grammar", +transform it into JSON, and print it to stdout. + +Beware: This parser is pretty dumb and heavily depends on cfg_test output +format. See parse_mapbody() for more details. + +Maps are recursively parsed into sub-dicts, all other elements (lists etc.) +are left intact and returned as one string. + +Output example from named.conf grammar showing three variants follow. +Keys "_flags" and "_id" are present only if non-empty. Key "_grammar" denotes +end node, key "_mapbody" denotes a nested map. + +{ + "acl": { + "_flags": [ + "may occur multiple times" + ], + "_grammar": " { ; ... }" + }, + "http": { + "_flags": [ + "may occur multiple times" + ], + "_id": "", + "_mapbody": { + "endpoints": { + "_grammar": "{ ; ... }" + }, + "streams-per-connection": { + "_grammar": "" + } + } + }, + "options": { + "_mapbody": { + "rate-limit": { + "_mapbody": { + "all-per-second": { + "_grammar": "" + } + } + } + } + } +} +""" +import fileinput +import json +import re + +FLAGS = [ + "may occur multiple times", + "obsolete", + "deprecated", + "experimental", + "test only", +] + +KEY_REGEX = re.compile("[a-zA-Z0-9-]+") + + +def split_comments(line): + """Split line on comment boundary and strip right-side whitespace. + Supports only #, //, and /* comments which end at the end of line. + It does NOT handle: + - quoted strings + - /* comments which do not end at line boundary + - multiple /* comments on a single line + """ + assert '"' not in line, 'lines with " are not supported' + data_end_idx = len(line) + for delimiter in ["#", "//", "/*"]: + try: + data_end_idx = min(line.index(delimiter), data_end_idx) + except ValueError: + continue + if delimiter == "/*": + # sanity checks + if not line.rstrip().endswith("*/"): + raise NotImplementedError( + "unsupported /* comment, does not end at the end of line", line + ) + if "/*" in line[data_end_idx + 1 :]: + raise NotImplementedError( + "unsupported line with multiple /* comments", line + ) + + noncomment = line[:data_end_idx] + comment = line[data_end_idx:] + return noncomment, comment + + +def parse_line(filein): + """Consume single line from input, return non-comment and comment.""" + for line in filein: + line, comment = split_comments(line) + line = line.strip() + comment = comment.strip() + if not line: + continue + yield line, comment + + +def parse_flags(comments): + """Extract known flags from comments. Must match exact strings used by cfg_test.""" + out = [] + for flag in FLAGS: + if flag in comments: + out.append(flag) + return out + + +def parse_mapbody(filein): + """Parse body of a "map" in ISC config format. + + Input lines can be only: + - whitespace & comments only -> ignore + - ; -> store as "_grammar" for this keyword + - { -> parse sub-map and store (optional) as "_id", + producing nested dict under "_mapbody" + Also store known strings found at the end of line in "_flags". + + Returns: + - tuple (map dict, map comment) when }; line is reached + - map dict when we run out of lines without the closing }; + """ + thismap = {} + for line, comment in parse_line(filein): + flags = parse_flags(comment) + if line == "};": # end of a nested map + return thismap, flags + + # first word - a map key name + # beware: some statements do not have parameters, e.g. "null;" + key = line.split()[0].rstrip(";") + # map key sanity check + if not KEY_REGEX.fullmatch(key): + raise NotImplementedError("suspicious keyword detected", line) + + # omit keyword from the grammar + grammar = line[len(key) :].strip() + # also skip final ; or { + grammar = grammar[:-1].strip() + + thismap[key] = {} + if line.endswith("{"): + # nested map, recurse, but keep "extra identifiers" if any + try: + subkeys, flags = parse_mapbody(filein) + except ValueError: + raise ValueError("unfinished nested map, missing }; detected") from None + if flags: + thismap[key]["_flags"] = flags + if grammar: + # for lines which look like "view {" store "" + thismap[key]["_id"] = grammar + thismap[key]["_mapbody"] = subkeys + else: + assert line.endswith(";") + if flags: + thismap[key]["_flags"] = flags + thismap[key]["_grammar"] = grammar + + # Ran out of lines: can happen only on the end of the top-level map-body! + # Intentionally do not return second parameter to cause ValueError + # if we reach this spot with a missing }; in a nested map. + assert len(thismap) + return thismap + + +def main(): + """Read stdin or filename provided on command line""" + with fileinput.input() as filein: + grammar = parse_mapbody(filein) + print(json.dumps(grammar, indent=4)) + + +if __name__ == "__main__": + main() diff --git a/doc/misc/primaries.grammar.rst b/doc/misc/primaries.grammar.rst deleted file mode 100644 index aceea97306..0000000000 --- a/doc/misc/primaries.grammar.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; diff --git a/doc/misc/primary.zoneopt b/doc/misc/primary.zoneopt index 8811d2023e..c8ceb6d29f 100644 --- a/doc/misc/primary.zoneopt +++ b/doc/misc/primary.zoneopt @@ -46,6 +46,7 @@ zone [ ] { notify-source ( | * ) [ port ( | * ) ] [ dscp ]; notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; + nsec3-test-zone ; // test only parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ) [ port ( | * ) ] [ dscp ]; parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; diff --git a/doc/misc/primary.zoneopt.rst b/doc/misc/primary.zoneopt.rst deleted file mode 100644 index b03d60b905..0000000000 --- a/doc/misc/primary.zoneopt.rst +++ /dev/null @@ -1,74 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type primary; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-transfer-idle-out ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - serial-update-method ( date | increment | unixtime ); - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/redirect.zoneopt.rst b/doc/misc/redirect.zoneopt.rst deleted file mode 100644 index 53e9883e76..0000000000 --- a/doc/misc/redirect.zoneopt.rst +++ /dev/null @@ -1,26 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type redirect; - allow-query { ; ... }; - allow-query-on { ; ... }; - dlz ; - file ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-records ; - max-zone-ttl ( unlimited | ); - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/rndc.grammar b/doc/misc/rndc.grammar new file mode 100644 index 0000000000..716a21d938 --- /dev/null +++ b/doc/misc/rndc.grammar @@ -0,0 +1,21 @@ +key { + algorithm ; + secret ; +}; // may occur multiple times + +options { + default-key ; + default-port ; + default-server ; + default-source-address ( | * ); + default-source-address-v6 ( | * ); +}; + +server { + addresses { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + key ; + port ; + source-address ( | * ); + source-address-v6 ( | * ); +}; // may occur multiple times + diff --git a/doc/misc/rst-grammars.pl b/doc/misc/rst-grammars.pl deleted file mode 100644 index 56ff5ea708..0000000000 --- a/doc/misc/rst-grammars.pl +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 2) { - print STDERR <<'END'; -usage: - perl docbook-options.pl options_file section > section.grammar.xml -END - exit 1; -} - -my $FILE = shift; -my $SECTION = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{^\s*$}) { - last if $preamble > 0; - } else { - $preamble++; - } -} - -my $display = 0; -while () { - if (m{^$SECTION\b}) { - $display = 1 - } - - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // non-operational}{}; - s{ // may occur multiple times}{}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - - if (m{^\s*$} && $display) { - last; - } - if ($display) { - print " " . $_; - } -} diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl deleted file mode 100644 index eeb023a1c1..0000000000 --- a/doc/misc/rst-options.pl +++ /dev/null @@ -1,156 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 1) { - print STDERR <<'END'; -usage: - perl rst-options.pl options_file >named.conf.rst -END - exit 1; -} - -my $FILE = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{^\s*$}) { - last if $preamble > 0; - } else { - $preamble++; - } -} - -my $UNDERLINE; - -my $blank = 0; -while () { - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // non-operational}{}; - s{ (// )*may occur multiple times}{}; - s{<([a-z0-9_-]+)>}{$1}g; - s{ // deprecated,*}{// deprecated}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - if (m{^([a-z0-9-]+) }) { - my $HEADING = uc $1; - $UNDERLINE = $HEADING; - $UNDERLINE =~ s/./^/g; - print $HEADING . "\n"; - print $UNDERLINE . "\n\n"; - if ($HEADING eq "TRUSTED-KEYS") { - print "Deprecated - see DNSSEC-KEYS.\n\n"; - } - if ($HEADING eq "MANAGED-KEYS") { - print "See DNSSEC-KEYS.\n\n" ; - } - print "::\n\n"; - } - - if (m{^\s*$}) { - if (!$blank) { - print "\n"; - $blank = 1; - } - next; - } else { - $blank = 0; - } - print " " . $_; - -} - -print "ZONE\n"; -$UNDERLINE = "ZONE"; -$UNDERLINE =~ s/./^/g; -print $UNDERLINE . "\n\n"; -print "Any of these zone statements can also be set inside the view statement.\n\n"; - -print <`, :iscman:`named-checkconf(8) `, :iscman:`rndc(8) `, :iscman:`rndc-confgen(8) `, :iscman:`tsig-keygen(8) `, BIND 9 Administrator Reference Manual. - -END diff --git a/doc/misc/rst-zoneopt.pl b/doc/misc/rst-zoneopt.pl deleted file mode 100644 index e1af5411f0..0000000000 --- a/doc/misc/rst-zoneopt.pl +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 1) { - print STDERR <<'END'; -usage: - perl rst-zoneopt.pl zoneopt_file -END - exit 1; -} - -my $FILE = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // may occur multiple times}{}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - - print " " . $_; -} diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt index 22c3a8d19d..ecb7b7b5d4 100644 --- a/doc/misc/secondary.zoneopt +++ b/doc/misc/secondary.zoneopt @@ -44,6 +44,7 @@ zone [ ] { notify-source ( | * ) [ port ( | * ) ] [ dscp ]; notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; + nsec3-test-zone ; // test only parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ) [ port ( | * ) ] [ dscp ]; parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; diff --git a/doc/misc/secondary.zoneopt.rst b/doc/misc/secondary.zoneopt.rst deleted file mode 100644 index 538f191171..0000000000 --- a/doc/misc/secondary.zoneopt.rst +++ /dev/null @@ -1,77 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type secondary; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-names ( fail | warn | ignore ); - database ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request-expire ; - request-ixfr ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/server.grammar.rst b/doc/misc/server.grammar.rst deleted file mode 100644 index 526636ec90..0000000000 --- a/doc/misc/server.grammar.rst +++ /dev/null @@ -1,45 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; - }; diff --git a/doc/misc/static-stub.zoneopt.rst b/doc/misc/static-stub.zoneopt.rst deleted file mode 100644 index d307586718..0000000000 --- a/doc/misc/static-stub.zoneopt.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type static-stub; - allow-query { ; ... }; - allow-query-on { ; ... }; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - max-records ; - server-addresses { ( | ); ... }; - server-names { ; ... }; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/statistics-channels.grammar.rst b/doc/misc/statistics-channels.grammar.rst deleted file mode 100644 index 7a4ef27d25..0000000000 --- a/doc/misc/statistics-channels.grammar.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; - }; diff --git a/doc/misc/stub.zoneopt.rst b/doc/misc/stub.zoneopt.rst deleted file mode 100644 index d18720b12a..0000000000 --- a/doc/misc/stub.zoneopt.rst +++ /dev/null @@ -1,40 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type stub; - allow-query { ; ... }; - allow-query-on { ; ... }; - check-names ( fail | warn | ignore ); - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-time-in ; - min-refresh-time ; - min-retry-time ; - multi-master ; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - use-alt-transfer-source ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/tls.grammar.rst b/doc/misc/tls.grammar.rst deleted file mode 100644 index 37d1b97a4f..0000000000 --- a/doc/misc/tls.grammar.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; - }; diff --git a/doc/misc/trust-anchors.grammar.rst b/doc/misc/trust-anchors.grammar.rst deleted file mode 100644 index eabe7c082c..0000000000 --- a/doc/misc/trust-anchors.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; diff --git a/doc/misc/trusted-keys.grammar.rst b/doc/misc/trusted-keys.grammar.rst deleted file mode 100644 index 55cfa3805d..0000000000 --- a/doc/misc/trusted-keys.grammar.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - trusted-keys { - - ; ... };, deprecated