From af3683f436aa8dac755b5dea709cd257a2220abf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Wed, 11 May 2022 08:03:40 +0200 Subject: [PATCH 01/29] Add missing comment markers to doc/misc/ grammar files These files can be consumed by scripts, so obviously missing comment markers wreak havoc. --- doc/misc/format-options.pl | 4 ++-- doc/misc/options | 4 ++-- doc/misc/options.active | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/misc/format-options.pl b/doc/misc/format-options.pl index b152b844a5..6447b4976d 100644 --- a/doc/misc/format-options.pl +++ b/doc/misc/format-options.pl @@ -19,8 +19,8 @@ GetOptions ('strip-not-configured' => \$strip_not_configured); print < { ; ... }; // may occur multiple times diff --git a/doc/misc/options.active b/doc/misc/options.active index cedb810e39..429ab8763b 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -1,6 +1,6 @@ -This is a summary of the named.conf options supported by -this version of BIND 9. +// This is a summary of the named.conf options supported by +// this version of BIND 9. acl { ; ... }; // may occur multiple times From 699570cdecee31ed6af01bed5e95afc9867011dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Wed, 11 May 2022 09:20:51 +0200 Subject: [PATCH 02/29] Un-format grammar files in doc/misc The next commit is going to add parser for ISC configuration format. To simplify the parser the grammar files in doc/misc are no longer line-wrapped as handling it would make the grammar parser unnecessairly complicated. This affects visible output in the ARM, but in the end we are going to replace the auto-generated .rst files with grammar pretty printed, so formatting of these files does not matter in practical terms. --- bin/named/named.conf.rst | 337 ++---- doc/man/named.conf.5in | 341 ++---- doc/misc/Makefile.am | 4 +- doc/misc/acl.grammar.rst | 1 - doc/misc/controls.grammar.rst | 11 +- doc/misc/dnssec-policy.grammar.rst | 6 +- doc/misc/logging.grammar.rst | 3 +- doc/misc/managed-keys.grammar.rst | 5 +- doc/misc/options | 1272 ++++++++++------------ doc/misc/options.active | 1260 ++++++++++----------- doc/misc/options.grammar.rst | 111 +- doc/misc/parental-agents.grammar.rst | 6 +- doc/misc/primaries.grammar.rst | 6 +- doc/misc/server.grammar.rst | 20 +- doc/misc/statistics-channels.grammar.rst | 5 +- doc/misc/trust-anchors.grammar.rst | 5 +- doc/misc/trusted-keys.grammar.rst | 4 +- 17 files changed, 1311 insertions(+), 2086 deletions(-) diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 15ebf87595..4e5cbfbe94 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -35,28 +35,14 @@ C style: /\* \*/ Unix style: # to end of line -ACL -^^^ - -:: - - acl string { address_match_element; ... }; - CONTROLS ^^^^^^^^ :: controls { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] allow - { address_match_element; ... } [ - keys { string; ... } ] [ read-only - boolean ]; - unix quoted_string perm integer - owner integer group integer [ - keys { string; ... } ] [ read-only - boolean ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ]; + unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ]; }; DLZ @@ -76,11 +62,9 @@ DNSSEC-POLICY dnssec-policy string { dnskey-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - duration_or_unlimited algorithm string [ integer ]; ... }; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; max-zone-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ - salt-length integer ]; + nsec3param [ iterations integer ] [ optout boolean ] [ salt-length integer ]; parent-ds-ttl duration; parent-propagation-delay duration; publish-safety duration; @@ -97,8 +81,7 @@ DYNDB :: - dyndb string quoted_string { - unspecified-text }; + dyndb string quoted_string { unspecified-text }; HTTP ^^^^ @@ -130,8 +113,7 @@ LOGGING category string { string; ... }; channel string { buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] - [ size size ] [ suffix ( increment | timestamp ) ]; + file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print-category boolean; print-severity boolean; @@ -149,10 +131,7 @@ See DNSSEC-KEYS. :: - managed-keys { string ( static-key - | initial-key | static-ds | - initial-ds ) integer integer - integer quoted_string; ... };, deprecated + managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated OPTIONS ^^^^^^^ @@ -168,18 +147,12 @@ OPTIONS allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer-cookie boolean; attach-cache string; auth-nxdomain boolean; @@ -189,19 +162,12 @@ OPTIONS avoid-v6-udp-ports { portrange; ... }; bindkeys-file quoted_string; blackhole { address_match_element; ... }; - catalog-zones { zone string [ default-primaries [ port integer - ] [ dscp integer ] { ( remote-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; + catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); @@ -211,16 +177,12 @@ OPTIONS cookie-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); - deny-answer-addresses { address_match_element; ... } [ - except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... - } ]; + deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; + deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); directory quoted_string; - disable-algorithms string { string; - ... }; - disable-ds-digests string { string; - ... }; + disable-algorithms string { string; ... }; + disable-ds-digests string { string; ... }; disable-empty-zone string; dns64 netprefix { break-dnssec boolean; @@ -243,18 +205,12 @@ OPTIONS dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; + dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap-version ( quoted_string | none ); dscp integer; - dual-stack-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; + dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump-file quoted_string; edns-udp-size integer; empty-contact string; @@ -266,8 +222,7 @@ OPTIONS files ( default | unlimited | sizeval ); flush-zones-on-shutdown boolean; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm-set-buffer-hint integer; fstrm-set-flush-timeout integer; fstrm-set-input-queue-size integer; @@ -286,18 +241,11 @@ OPTIONS ipv4only-contact string; ipv4only-enable boolean; ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | - boolean ); + ixfr-from-differences ( primary | master | secondary | slave | boolean ); key-directory quoted_string; lame-ttl duration; - listen-on [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - listen-on-v6 [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; + listen-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; + listen-on-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; lmdb-mapsize sizeval; lock-file ( quoted_string | none ); managed-keys-directory quoted_string; @@ -339,30 +287,22 @@ OPTIONS notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; notify-rate integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime duration; nta-recheck duration; nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; pid-file ( quoted_string | none ); port integer; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random-device ( quoted_string | none ); rate-limit { @@ -393,26 +333,12 @@ OPTIONS resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size - integer; - response-policy { zone string [ add-soa boolean ] [ log - boolean ] [ max-policy-ttl duration ] [ min-update-interval - duration ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ add-soa boolean ] [ - break-dnssec boolean ] [ max-policy-ttl duration ] [ - min-update-interval duration ] [ min-ns-dots integer ] [ - nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean - ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] - [ nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-padding { address_match_element; ... } block-size integer; + response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; reuseport boolean; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots-file quoted_string; send-cookie boolean; serial-query-rate integer; @@ -451,10 +377,8 @@ OPTIONS tls-port integer; transfer-format ( many-answers | one-answer ); transfer-message-size integer; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers-in integer; transfers-out integer; transfers-per-ns integer; @@ -479,30 +403,21 @@ PARENTAL-AGENTS :: - parental-agents string [ port integer ] [ - dscp integer ] { ( remote-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; + parental-agents string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; PLUGIN ^^^^^^ :: - plugin ( query ) string [ { unspecified-text - } ]; + plugin ( query ) string [ { unspecified-text } ]; PRIMARIES ^^^^^^^^^ :: - primaries string [ port integer ] [ dscp - integer ] { ( remote-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; + primaries string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; SERVER ^^^^^^ @@ -516,18 +431,12 @@ SERVER edns-version integer; keys server_key; max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; @@ -535,10 +444,8 @@ SERVER tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; @@ -548,10 +455,7 @@ STATISTICS-CHANNELS :: statistics-channels { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] [ - allow { address_match_element; ... - } ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; }; TLS @@ -576,10 +480,7 @@ TRUST-ANCHORS :: - trust-anchors { string ( static-key | - initial-key | static-ds | initial-ds ) - integer integer integer - quoted_string; ... }; + trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; TRUSTED-KEYS ^^^^^^^^^^^^ @@ -588,9 +489,7 @@ Deprecated - see DNSSEC-KEYS. :: - trusted-keys { string integer - integer integer - quoted_string; ... };, deprecated + trusted-keys { string integer integer integer quoted_string; ... };, deprecated VIEW ^^^^ @@ -606,48 +505,31 @@ VIEW allow-query-on { address_match_element; ... }; allow-recursion { address_match_element; ... }; allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow-update { address_match_element; ... }; allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( - remote-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach-cache string; auth-nxdomain boolean; auto-dnssec ( allow | maintain | off ); - catalog-zones { zone string [ default-primaries [ port integer - ] [ dscp integer ] { ( remote-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone-directory - quoted_string ] [ in-memory boolean ] [ min-update-interval - duration ]; ... }; + catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling boolean; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); check-wildcard boolean; clients-per-query integer; - deny-answer-addresses { address_match_element; ... } [ - except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... - } ]; + deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; + deny-answer-aliases { string; ... } [ except-from { string; ... } ]; dialup ( notify | notify-passive | passive | refresh | boolean ); - disable-algorithms string { string; - ... }; - disable-ds-digests string { string; - ... }; + disable-algorithms string { string; ... }; + disable-ds-digests string { string; ... }; disable-empty-zone string; dlz string { database string; @@ -674,14 +556,9 @@ VIEW dnssec-secure-to-insecure boolean; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { - unspecified-text }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; + dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; + dyndb string quoted_string { unspecified-text }; edns-udp-size integer; empty-contact string; empty-server string; @@ -690,13 +567,11 @@ VIEW fetches-per-server integer [ ( drop | fail ) ]; fetches-per-zone integer [ ( drop | fail ) ]; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; ipv4only-contact string; ipv4only-enable boolean; ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | - boolean ); + ixfr-from-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; @@ -704,12 +579,7 @@ VIEW key-directory quoted_string; lame-ttl duration; lmdb-mapsize sizeval; - managed-keys { string ( - static-key | initial-key - | static-ds | initial-ds - ) integer integer - integer - quoted_string; ... };, deprecated + managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated masterfile-format ( raw | text ); masterfile-style ( full | relative ); match-clients { address_match_element; ... }; @@ -746,30 +616,21 @@ VIEW nocookie-udp-size integer; notify ( explicit | master-only | primary-only | boolean ); notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify-to-soa boolean; nta-lifetime duration; nta-recheck duration; nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - plugin ( query ) string [ { - unspecified-text } ]; + parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + plugin ( query ) string [ { unspecified-text } ]; preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate-limit { all-per-second integer; errors-per-second integer; @@ -795,25 +656,11 @@ VIEW resolver-nonbackoff-tries integer; resolver-query-timeout integer; resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size - integer; - response-policy { zone string [ add-soa boolean ] [ log - boolean ] [ max-policy-ttl duration ] [ min-update-interval - duration ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ - recursive-only boolean ] [ nsip-enable boolean ] [ - nsdname-enable boolean ]; ... } [ add-soa boolean ] [ - break-dnssec boolean ] [ max-policy-ttl duration ] [ - min-update-interval duration ] [ min-ns-dots integer ] [ - nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean - ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] - [ nsip-enable boolean ] [ nsdname-enable boolean ] [ - dnsrps-enable boolean ] [ dnsrps-options { unspecified-text - } ]; + response-padding { address_match_element; ... } block-size integer; + response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { string; ... } ]; root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send-cookie boolean; serial-update-method ( date | increment | unixtime ); server netprefix { @@ -823,20 +670,12 @@ VIEW edns-version integer; keys server_key; max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; + notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port - ( integer | * ) ] ) | ( [ [ address ] ( - ipv4_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ - port ( integer | * ) ] ) | ( [ [ address ] ( - ipv6_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; + query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request-expire boolean; request-ixfr boolean; request-nsid boolean; @@ -844,10 +683,8 @@ VIEW tcp-keepalive boolean; tcp-only boolean; transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail-ttl duration; @@ -863,19 +700,11 @@ VIEW stale-refresh-time duration; synth-from-dnssec boolean; transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust-anchor-telemetry boolean; // experimental - trust-anchors { string ( static-key | - initial-key | static-ds | initial-ds - ) integer integer integer - quoted_string; ... }; - trusted-keys { string - integer integer - integer - quoted_string; ... };, deprecated + trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; + trusted-keys { string integer integer integer quoted_string; ... };, deprecated try-tcp-refresh boolean; update-check-ksk boolean; use-alt-transfer-source boolean; diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index c05335d992..7c94944b43 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -48,17 +48,6 @@ C++ style: // to end of line .UNINDENT .sp Unix style: # to end of line -.SS ACL -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -acl string { address_match_element; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT .SS CONTROLS .INDENT 0.0 .INDENT 3.5 @@ -66,15 +55,8 @@ acl string { address_match_element; ... }; .nf .ft C controls { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] allow - { address_match_element; ... } [ - keys { string; ... } ] [ read\-only - boolean ]; - unix quoted_string perm integer - owner integer group integer [ - keys { string; ... } ] [ read\-only - boolean ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read\-only boolean ]; + unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read\-only boolean ]; }; .ft P .fi @@ -102,11 +84,9 @@ dlz string { .ft C dnssec\-policy string { dnskey\-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime - duration_or_unlimited algorithm string [ integer ]; ... }; + keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; max\-zone\-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ - salt\-length integer ]; + nsec3param [ iterations integer ] [ optout boolean ] [ salt\-length integer ]; parent\-ds\-ttl duration; parent\-propagation\-delay duration; publish\-safety duration; @@ -127,8 +107,7 @@ dnssec\-policy string { .sp .nf .ft C -dyndb string quoted_string { - unspecified\-text }; +dyndb string quoted_string { unspecified\-text }; .ft P .fi .UNINDENT @@ -172,8 +151,7 @@ logging { category string { string; ... }; channel string { buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] - [ size size ] [ suffix ( increment | timestamp ) ]; + file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; null; print\-category boolean; print\-severity boolean; @@ -195,10 +173,7 @@ See DNSSEC\-KEYS. .sp .nf .ft C -managed\-keys { string ( static\-key - | initial\-key | static\-ds | - initial\-ds ) integer integer - integer quoted_string; ... };, deprecated +managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated .ft P .fi .UNINDENT @@ -218,18 +193,12 @@ options { allow\-query\-on { address_match_element; ... }; allow\-recursion { address_match_element; ... }; allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; answer\-cookie boolean; attach\-cache string; auth\-nxdomain boolean; @@ -239,19 +208,12 @@ options { avoid\-v6\-udp\-ports { portrange; ... }; bindkeys\-file quoted_string; blackhole { address_match_element; ... }; - catalog\-zones { zone string [ default\-primaries [ port integer - ] [ dscp integer ] { ( remote\-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; + catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); @@ -261,16 +223,12 @@ options { cookie\-secret string; coresize ( default | unlimited | sizeval ); datasize ( default | unlimited | sizeval ); - deny\-answer\-addresses { address_match_element; ... } [ - except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... - } ]; + deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; + deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; dialup ( notify | notify\-passive | passive | refresh | boolean ); directory quoted_string; - disable\-algorithms string { string; - ... }; - disable\-ds\-digests string { string; - ... }; + disable\-algorithms string { string; ... }; + disable\-ds\-digests string { string; ... }; disable\-empty\-zone string; dns64 netprefix { break\-dnssec boolean; @@ -293,18 +251,12 @@ options { dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap\-identity ( quoted_string | none | hostname ); - dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | - size ) ] [ versions ( unlimited | integer ) ] [ suffix ( - increment | timestamp ) ]; + dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; dnstap\-version ( quoted_string | none ); dscp integer; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; + dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; dump\-file quoted_string; edns\-udp\-size integer; empty\-contact string; @@ -316,8 +268,7 @@ options { files ( default | unlimited | sizeval ); flush\-zones\-on\-shutdown boolean; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; fstrm\-set\-buffer\-hint integer; fstrm\-set\-flush\-timeout integer; fstrm\-set\-input\-queue\-size integer; @@ -336,18 +287,11 @@ options { ipv4only\-contact string; ipv4only\-enable boolean; ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | - boolean ); + ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); key\-directory quoted_string; lame\-ttl duration; - listen\-on [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; - listen\-on\-v6 [ port integer ] [ dscp - integer ] [ tls string ] [ http - string ] { - address_match_element; ... }; + listen\-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; + listen\-on\-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; lmdb\-mapsize sizeval; lock\-file ( quoted_string | none ); managed\-keys\-directory quoted_string; @@ -389,30 +333,22 @@ options { notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; notify\-rate integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; nta\-lifetime duration; nta\-recheck duration; nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; pid\-file ( quoted_string | none ); port integer; preferred\-glue string; prefetch integer [ integer ]; provide\-ixfr boolean; qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; querylog boolean; random\-device ( quoted_string | none ); rate\-limit { @@ -443,26 +379,12 @@ options { resolver\-nonbackoff\-tries integer; resolver\-query\-timeout integer; resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size - integer; - response\-policy { zone string [ add\-soa boolean ] [ log - boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval - duration ] [ policy ( cname | disabled | drop | given | no\-op - | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ - recursive\-only boolean ] [ nsip\-enable boolean ] [ - nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ - break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ - min\-update\-interval duration ] [ min\-ns\-dots integer ] [ - nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean - ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] - [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ - dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text - } ]; + response\-padding { address_match_element; ... } block\-size integer; + response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; reuseport boolean; root\-delegation\-only [ exclude { string; ... } ]; root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots\-file quoted_string; send\-cookie boolean; serial\-query\-rate integer; @@ -501,10 +423,8 @@ options { tls\-port integer; transfer\-format ( many\-answers | one\-answer ); transfer\-message\-size integer; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers\-in integer; transfers\-out integer; transfers\-per\-ns integer; @@ -533,11 +453,7 @@ options { .sp .nf .ft C -parental\-agents string [ port integer ] [ - dscp integer ] { ( remote\-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; +parental\-agents string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; .ft P .fi .UNINDENT @@ -548,8 +464,7 @@ parental\-agents string [ port integer ] [ .sp .nf .ft C -plugin ( query ) string [ { unspecified\-text - } ]; +plugin ( query ) string [ { unspecified\-text } ]; .ft P .fi .UNINDENT @@ -560,11 +475,7 @@ plugin ( query ) string [ { unspecified\-text .sp .nf .ft C -primaries string [ port integer ] [ dscp - integer ] { ( remote\-servers | - ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... }; +primaries string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; .ft P .fi .UNINDENT @@ -582,18 +493,12 @@ server netprefix { edns\-version integer; keys server_key; max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; @@ -601,10 +506,8 @@ server netprefix { tcp\-keepalive boolean; tcp\-only boolean; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; .ft P @@ -618,10 +521,7 @@ server netprefix { .nf .ft C statistics\-channels { - inet ( ipv4_address | ipv6_address | - * ) [ port ( integer | * ) ] [ - allow { address_match_element; ... - } ]; + inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; }; .ft P .fi @@ -654,10 +554,7 @@ tls string { .sp .nf .ft C -trust\-anchors { string ( static\-key | - initial\-key | static\-ds | initial\-ds ) - integer integer integer - quoted_string; ... }; +trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; .ft P .fi .UNINDENT @@ -670,9 +567,7 @@ Deprecated \- see DNSSEC\-KEYS. .sp .nf .ft C -trusted\-keys { string integer - integer integer - quoted_string; ... };, deprecated +trusted\-keys { string integer integer integer quoted_string; ... };, deprecated .ft P .fi .UNINDENT @@ -692,48 +587,31 @@ view string [ class ] { allow\-query\-on { address_match_element; ... }; allow\-recursion { address_match_element; ... }; allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { - address_match_element; ... }; + allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; allow\-update { address_match_element; ... }; allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( - remote\-servers | ipv4_address [ port integer ] | - ipv6_address [ port integer ] ) [ key string ] [ tls - string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; + also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; + alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; attach\-cache string; auth\-nxdomain boolean; auto\-dnssec ( allow | maintain | off ); - catalog\-zones { zone string [ default\-primaries [ port integer - ] [ dscp integer ] { ( remote\-servers | ipv4_address [ - port integer ] | ipv6_address [ port integer ] ) [ key - string ] [ tls string ]; ... } ] [ zone\-directory - quoted_string ] [ in\-memory boolean ] [ min\-update\-interval - duration ]; ... }; + catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; check\-dup\-records ( fail | warn | ignore ); check\-integrity boolean; check\-mx ( fail | warn | ignore ); check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check\-sibling boolean; check\-spf ( warn | ignore ); check\-srv\-cname ( fail | warn | ignore ); check\-wildcard boolean; clients\-per\-query integer; - deny\-answer\-addresses { address_match_element; ... } [ - except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... - } ]; + deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; + deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; dialup ( notify | notify\-passive | passive | refresh | boolean ); - disable\-algorithms string { string; - ... }; - disable\-ds\-digests string { string; - ... }; + disable\-algorithms string { string; ... }; + disable\-ds\-digests string { string; ... }; disable\-empty\-zone string; dlz string { database string; @@ -760,14 +638,9 @@ view string [ class ] { dnssec\-secure\-to\-insecure boolean; dnssec\-update\-mode ( maintain | no\-resign ); dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port - integer ] [ dscp integer ] | ipv4_address [ port - integer ] [ dscp integer ] | ipv6_address [ port - integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { - unspecified\-text }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; + dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; + dyndb string quoted_string { unspecified\-text }; edns\-udp\-size integer; empty\-contact string; empty\-server string; @@ -776,13 +649,11 @@ view string [ class ] { fetches\-per\-server integer [ ( drop | fail ) ]; fetches\-per\-zone integer [ ( drop | fail ) ]; forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address - | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; + forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; ipv4only\-contact string; ipv4only\-enable boolean; ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | - boolean ); + ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); key string { algorithm string; secret string; @@ -790,12 +661,7 @@ view string [ class ] { key\-directory quoted_string; lame\-ttl duration; lmdb\-mapsize sizeval; - managed\-keys { string ( - static\-key | initial\-key - | static\-ds | initial\-ds - ) integer integer - integer - quoted_string; ... };, deprecated + managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated masterfile\-format ( raw | text ); masterfile\-style ( full | relative ); match\-clients { address_match_element; ... }; @@ -832,30 +698,21 @@ view string [ class ] { nocookie\-udp\-size integer; notify ( explicit | master\-only | primary\-only | boolean ); notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] - [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; notify\-to\-soa boolean; nta\-lifetime duration; nta\-recheck duration; nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; - plugin ( query ) string [ { - unspecified\-text } ]; + parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + plugin ( query ) string [ { unspecified\-text } ]; preferred\-glue string; prefetch integer [ integer ]; provide\-ixfr boolean; qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( - integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] - port ( integer | * ) ) ) [ dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; rate\-limit { all\-per\-second integer; errors\-per\-second integer; @@ -881,25 +738,11 @@ view string [ class ] { resolver\-nonbackoff\-tries integer; resolver\-query\-timeout integer; resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size - integer; - response\-policy { zone string [ add\-soa boolean ] [ log - boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval - duration ] [ policy ( cname | disabled | drop | given | no\-op - | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ - recursive\-only boolean ] [ nsip\-enable boolean ] [ - nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ - break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ - min\-update\-interval duration ] [ min\-ns\-dots integer ] [ - nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean - ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] - [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ - dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text - } ]; + response\-padding { address_match_element; ... } block\-size integer; + response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; root\-delegation\-only [ exclude { string; ... } ]; root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name - quoted_string ] string string; ... }; + rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send\-cookie boolean; serial\-update\-method ( date | increment | unixtime ); server netprefix { @@ -909,20 +752,12 @@ view string [ class ] { edns\-version integer; keys server_key; max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * - ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer - | * ) ] [ dscp integer ]; + notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; padding integer; provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port - ( integer | * ) ] ) | ( [ [ address ] ( - ipv4_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ - port ( integer | * ) ] ) | ( [ [ address ] ( - ipv6_address | * ) ] port ( integer | * ) ) ) [ - dscp integer ]; + query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; + query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; request\-expire boolean; request\-ixfr boolean; request\-nsid boolean; @@ -930,10 +765,8 @@ view string [ class ] { tcp\-keepalive boolean; tcp\-only boolean; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | - * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( - integer | * ) ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; transfers integer; }; servfail\-ttl duration; @@ -949,19 +782,11 @@ view string [ class ] { stale\-refresh\-time duration; synth\-from\-dnssec boolean; transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ - dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) - ] [ dscp integer ]; + transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; + transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; trust\-anchor\-telemetry boolean; // experimental - trust\-anchors { string ( static\-key | - initial\-key | static\-ds | initial\-ds - ) integer integer integer - quoted_string; ... }; - trusted\-keys { string - integer integer - integer - quoted_string; ... };, deprecated + trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; + trusted\-keys { string integer integer integer quoted_string; ... };, deprecated try\-tcp\-refresh boolean; update\-check\-ksk boolean; use\-alt\-transfer\-source boolean; diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index 7481632e96..30a3c30e80 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -70,10 +70,10 @@ BUILT_SOURCES = \ $(OPTIONS_FILES) options: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ options.active: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl > $@ primary.zoneopt: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@ diff --git a/doc/misc/acl.grammar.rst b/doc/misc/acl.grammar.rst index d27dab3a15..fb57865687 100644 --- a/doc/misc/acl.grammar.rst +++ b/doc/misc/acl.grammar.rst @@ -11,4 +11,3 @@ :: - acl { ; ... }; diff --git a/doc/misc/controls.grammar.rst b/doc/misc/controls.grammar.rst index 440bce4929..0f2ec38d8e 100644 --- a/doc/misc/controls.grammar.rst +++ b/doc/misc/controls.grammar.rst @@ -12,13 +12,6 @@ :: controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; + unix perm owner group [ keys { ; ... } ] [ read-only ]; }; diff --git a/doc/misc/dnssec-policy.grammar.rst b/doc/misc/dnssec-policy.grammar.rst index 0aec73b683..da56f07770 100644 --- a/doc/misc/dnssec-policy.grammar.rst +++ b/doc/misc/dnssec-policy.grammar.rst @@ -13,11 +13,9 @@ dnssec-policy { dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; + nsec3param [ iterations ] [ optout ] [ salt-length ]; parent-ds-ttl ; parent-propagation-delay ; publish-safety ; diff --git a/doc/misc/logging.grammar.rst b/doc/misc/logging.grammar.rst index 377d6e968d..19986ece88 100644 --- a/doc/misc/logging.grammar.rst +++ b/doc/misc/logging.grammar.rst @@ -15,8 +15,7 @@ category { ; ... }; channel { buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; null; print-category ; print-severity ; diff --git a/doc/misc/managed-keys.grammar.rst b/doc/misc/managed-keys.grammar.rst index a57f8ef8a6..4393184d7d 100644 --- a/doc/misc/managed-keys.grammar.rst +++ b/doc/misc/managed-keys.grammar.rst @@ -11,7 +11,4 @@ :: - managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... };, deprecated + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... };, deprecated diff --git a/doc/misc/options b/doc/misc/options index 9ae75d1e04..37558e36da 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -1,762 +1,594 @@ - -// This is a summary of the named.conf options supported by -// this version of BIND 9. - acl { ; ... }; // may occur multiple times controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times }; // may occur multiple times dlz { - database ; - search ; + database ; + search ; }; // may occur multiple times dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - parent-registration-delay ; // obsolete - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; + dnskey-ttl ; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; + max-zone-ttl ; + nsec3param [ iterations ] [ optout ] [ salt-length ]; + parent-ds-ttl ; + parent-propagation-delay ; + parent-registration-delay ; // obsolete + publish-safety ; + purge-keys ; + retire-safety ; + signatures-refresh ; + signatures-validity ; + signatures-validity-dnskey ; + zone-propagation-delay ; }; // may occur multiple times -dyndb { - }; // may occur multiple times +dyndb { }; // may occur multiple times http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; + endpoints { ; ... }; + listener-clients ; + streams-per-connection ; }; // may occur multiple times key { - algorithm ; - secret ; + algorithm ; + secret ; }; // may occur multiple times logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print-category ; + print-severity ; + print-time ( iso8601 | iso8601-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... }; // may occur multiple times, deprecated +managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - keep-response-order { ; ... }; // obsolete - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - suppress-initial-notify ; // obsolete - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer-cookie ; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + automatic-interface-scan ; + avoid-v4-udp-ports { ; ... }; + avoid-v6-udp-ports { ; ... }; + bindkeys-file ; + blackhole { ; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + cookie-algorithm ( aes | siphash24 ); + cookie-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + directory ; + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap-identity ( | none | hostname ); // not configured + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap-version ( | none ); // not configured + dscp ; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump-file ; + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush-zones-on-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm-set-buffer-hint ; // not configured + fstrm-set-flush-timeout ; // not configured + fstrm-set-input-queue-size ; // not configured + fstrm-set-output-notify-threshold ; // not configured + fstrm-set-output-queue-model ( mpsc | spsc ); // not configured + fstrm-set-output-queue-size ; // not configured + fstrm-set-reopen-interval ; // not configured + geoip-directory ( | none ); + heartbeat-interval ; + hostname ( | none ); + http-listener-clients ; + http-port ; + http-streams-per-connection ; + https-port ; + interface-interval ; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + keep-response-order { ; ... }; // obsolete + key-directory ; + lame-ttl ; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb-mapsize ; + lock-file ( | none ); + managed-keys-directory ; + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-rsa-exponent-size ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + memstatistics ; + memstatistics-file ; + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-rate ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nsec3-test-zone ; // test only + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid-file ( | none ); + port ; + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random-device ( | none ); + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursing-file ; + recursion ; + recursive-clients ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + reserved-sockets ; // deprecated + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + reuseport ; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + secroots-file ; + send-cookie ; + serial-query-rate ; + serial-update-method ( date | increment | unixtime ); + server-id ( | none | hostname ); + servfail-ttl ; + session-keyalg ; + session-keyfile ( | none ); + session-keyname ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + startup-notify-rate ; + statistics-file ; + suppress-initial-notify ; // obsolete + synth-from-dnssec ; + tcp-advertised-timeout ; + tcp-clients ; + tcp-idle-timeout ; + tcp-initial-timeout ; + tcp-keepalive-timeout ; + tcp-listen-queue ; + tcp-receive-buffer ; + tcp-send-buffer ; + tkey-dhkey ; + tkey-domain ; + tkey-gssapi-credential ; + tkey-gssapi-keytab ; + tls-port ; + transfer-format ( many-answers | one-answer ); + transfer-message-size ; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers-in ; + transfers-out ; + transfers-per-ns ; + trust-anchor-telemetry ; // experimental + try-tcp-refresh ; + udp-receive-buffer ; + udp-send-buffer ; + update-check-ksk ; + use-alt-transfer-source ; + use-v4-udp-ports { ; ... }; + use-v6-udp-ports { ; ... }; + v6-bias ; + validate-except { ; ... }; + version ( | none ); + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; -parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times -plugin ( query ) [ { - } ]; // may occur multiple times +plugin ( query ) [ { } ]; // may occur multiple times -primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; }; // may occur multiple times statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times }; // may occur multiple times tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; + ca-file ; + cert-file ; + ciphers ; + dhparam-file ; + key-file ; + prefer-server-ciphers ; + protocols { ; ... }; + remote-hostname ; + session-tickets ; }; // may occur multiple times -trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; // may occur multiple times +trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times -trusted-keys { - - ; ... }; // may occur multiple times, deprecated +trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dyndb { - }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( - static-key | initial-key - | static-ds | initial-ds - ) - - ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nsec3-test-zone ; // test only - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - plugin ( query ) [ { - } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port - ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ - port ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - suppress-initial-notify ; // obsolete - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds - ) - ; ... }; // may occur multiple times - trusted-keys { - - - ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key-directory ; + lame-ttl ; + lmdb-mapsize ; + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-clients { ; ... }; + match-destinations { ; ... }; + match-recursive-only ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nsec3-test-zone ; // test only + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursion ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + send-cookie ; + serial-update-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail-ttl ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + suppress-initial-notify ; // obsolete + synth-from-dnssec ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust-anchor-telemetry ; // experimental + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times + trusted-keys { ; ... }; // may occur multiple times, deprecated + try-tcp-refresh ; + update-check-ksk ; + use-alt-transfer-source ; + v6-bias ; + validate-except { ; ... }; + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.active b/doc/misc/options.active index 429ab8763b..b6d61d153e 100644 --- a/doc/misc/options.active +++ b/doc/misc/options.active @@ -1,756 +1,588 @@ - -// This is a summary of the named.conf options supported by -// this version of BIND 9. - acl { ; ... }; // may occur multiple times controls { - inet ( | | - * ) [ port ( | * ) ] allow - { ; ... } [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times - unix perm - owner group [ - keys { ; ... } ] [ read-only - ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times }; // may occur multiple times dlz { - database ; - search ; + database ; + search ; }; // may occur multiple times dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime - algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ - salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; + dnskey-ttl ; + keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; + max-zone-ttl ; + nsec3param [ iterations ] [ optout ] [ salt-length ]; + parent-ds-ttl ; + parent-propagation-delay ; + publish-safety ; + purge-keys ; + retire-safety ; + signatures-refresh ; + signatures-validity ; + signatures-validity-dnskey ; + zone-propagation-delay ; }; // may occur multiple times -dyndb { - }; // may occur multiple times +dyndb { }; // may occur multiple times http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; + endpoints { ; ... }; + listener-clients ; + streams-per-connection ; }; // may occur multiple times key { - algorithm ; - secret ; + algorithm ; + secret ; }; // may occur multiple times logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] - [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print-category ; + print-severity ; + print-time ( iso8601 | iso8601-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -managed-keys { ( static-key - | initial-key | static-ds | - initial-ds ) - ; ... }; // may occur multiple times, deprecated +managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer-cookie ; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + automatic-interface-scan ; + avoid-v4-udp-ports { ; ... }; + avoid-v6-udp-ports { ; ... }; + bindkeys-file ; + blackhole { ; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + cookie-algorithm ( aes | siphash24 ); + cookie-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + directory ; + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap-identity ( | none | hostname ); // not configured + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap-version ( | none ); // not configured + dscp ; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump-file ; + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush-zones-on-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm-set-buffer-hint ; // not configured + fstrm-set-flush-timeout ; // not configured + fstrm-set-input-queue-size ; // not configured + fstrm-set-output-notify-threshold ; // not configured + fstrm-set-output-queue-model ( mpsc | spsc ); // not configured + fstrm-set-output-queue-size ; // not configured + fstrm-set-reopen-interval ; // not configured + geoip-directory ( | none ); + heartbeat-interval ; + hostname ( | none ); + http-listener-clients ; + http-port ; + http-streams-per-connection ; + https-port ; + interface-interval ; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + key-directory ; + lame-ttl ; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb-mapsize ; + lock-file ( | none ); + managed-keys-directory ; + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-mapped-addresses ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-rsa-exponent-size ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + memstatistics ; + memstatistics-file ; + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-rate ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid-file ( | none ); + port ; + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random-device ( | none ); + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursing-file ; + recursion ; + recursive-clients ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + reserved-sockets ; // deprecated + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + reuseport ; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + secroots-file ; + send-cookie ; + serial-query-rate ; + serial-update-method ( date | increment | unixtime ); + server-id ( | none | hostname ); + servfail-ttl ; + session-keyalg ; + session-keyfile ( | none ); + session-keyname ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + startup-notify-rate ; + statistics-file ; + synth-from-dnssec ; + tcp-advertised-timeout ; + tcp-clients ; + tcp-idle-timeout ; + tcp-initial-timeout ; + tcp-keepalive-timeout ; + tcp-listen-queue ; + tcp-receive-buffer ; + tcp-send-buffer ; + tkey-dhkey ; + tkey-domain ; + tkey-gssapi-credential ; + tkey-gssapi-keytab ; + tls-port ; + transfer-format ( many-answers | one-answer ); + transfer-message-size ; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers-in ; + transfers-out ; + transfers-per-ns ; + trust-anchor-telemetry ; // experimental + try-tcp-refresh ; + udp-receive-buffer ; + udp-send-buffer ; + update-check-ksk ; + use-alt-transfer-source ; + use-v4-udp-ports { ; ... }; + use-v6-udp-ports { ; ... }; + v6-bias ; + validate-except { ; ... }; + version ( | none ); + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; -parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times -plugin ( query ) [ { - } ]; // may occur multiple times +plugin ( query ) [ { } ]; // may occur multiple times -primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; // may occur multiple times +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - transfers ; + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; }; // may occur multiple times statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; // may occur multiple times + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times }; // may occur multiple times tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; + ca-file ; + cert-file ; + ciphers ; + dhparam-file ; + key-file ; + prefer-server-ciphers ; + protocols { ; ... }; + remote-hostname ; + session-tickets ; }; // may occur multiple times -trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; // may occur multiple times +trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times -trusted-keys { - - ; ... }; // may occur multiple times, deprecated +trusted-keys { ; ... }; // may occur multiple times, deprecated view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; - ... }; // may occur multiple times - disable-ds-digests { ; - ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; - dyndb { - }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( - static-key | initial-key - | static-ds | initial-ds - ) - - ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - plugin ( query ) [ { - } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * - ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port - ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ - port ( | * ) ] ) | ( [ [ address ] ( - | * ) ] port ( | * ) ) ) [ - dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | - * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( - | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds - ) - ; ... }; // may occur multiple times - trusted-keys { - - - ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); + allow-new-zones ; + allow-notify { ; ... }; + allow-query { ; ... }; + allow-query-cache { ; ... }; + allow-query-cache-on { ; ... }; + allow-query-on { ; ... }; + allow-recursion { ; ... }; + allow-recursion-on { ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; + allow-update { ; ... }; + allow-update-forwarding { ; ... }; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach-cache ; + auth-nxdomain ; + auto-dnssec ( allow | maintain | off ); + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; + check-dup-records ( fail | warn | ignore ); + check-integrity ; + check-mx ( fail | warn | ignore ); + check-mx-cname ( fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check-sibling ; + check-spf ( warn | ignore ); + check-srv-cname ( fail | warn | ignore ); + check-wildcard ; + clients-per-query ; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; + dialup ( notify | notify-passive | passive | refresh | ); + disable-algorithms { ; ... }; // may occur multiple times + disable-ds-digests { ; ... }; // may occur multiple times + disable-empty-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive-only ; + suffix ; + }; // may occur multiple times + dns64-contact ; + dns64-server ; + dnskey-sig-validity ; + dnsrps-enable ; // not configured + dnsrps-options { }; // not configured + dnssec-accept-expired ; + dnssec-dnskey-kskonly ; + dnssec-loadkeys-interval ; + dnssec-must-be-secure ; // may occur multiple times + dnssec-policy ; + dnssec-secure-to-insecure ; + dnssec-update-mode ( maintain | no-resign ); + dnssec-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns-udp-size ; + empty-contact ; + empty-server ; + empty-zones-enable ; + fetch-quota-params ; + fetches-per-server [ ( drop | fail ) ]; + fetches-per-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + ipv4only-contact ; + ipv4only-enable ; + ipv4only-server ; + ixfr-from-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key-directory ; + lame-ttl ; + lmdb-mapsize ; + managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated + masterfile-format ( raw | text ); + masterfile-style ( full | relative ); + match-clients { ; ... }; + match-destinations { ; ... }; + match-recursive-only ; + max-cache-size ( default | unlimited | | ); + max-cache-ttl ; + max-clients-per-query ; + max-ixfr-ratio ( unlimited | ); + max-journal-size ( default | unlimited | ); + max-ncache-ttl ; + max-records ; + max-recursion-depth ; + max-recursion-queries ; + max-refresh-time ; + max-retry-time ; + max-stale-ttl ; + max-transfer-idle-in ; + max-transfer-idle-out ; + max-transfer-time-in ; + max-transfer-time-out ; + max-udp-size ; + max-zone-ttl ( unlimited | ); + message-compression ; + min-cache-ttl ; + min-ncache-ttl ; + min-refresh-time ; + min-retry-time ; + minimal-any ; + minimal-responses ( no-auth | no-auth-recursive | ); + multi-master ; + new-zones-directory ; + no-case-compress { ; ... }; + nocookie-udp-size ; + notify ( explicit | master-only | primary-only | ); + notify-delay ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify-to-soa ; + nta-lifetime ; + nta-recheck ; + nxdomain-redirect ; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred-glue ; + prefetch [ ]; + provide-ixfr ; + qname-minimization ( strict | relaxed | disabled | off ); + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate-limit { + all-per-second ; + errors-per-second ; + exempt-clients { ; ... }; + ipv4-prefix-length ; + ipv6-prefix-length ; + log-only ; + max-table-size ; + min-table-size ; + nodata-per-second ; + nxdomains-per-second ; + qps-scale ; + referrals-per-second ; + responses-per-second ; + slip ; + window ; + }; + recursion ; + request-expire ; + request-ixfr ; + request-nsid ; + require-server-cookie ; + resolver-nonbackoff-tries ; + resolver-query-timeout ; + resolver-retry-interval ; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; + root-delegation-only [ exclude { ; ... } ]; + root-key-sentinel ; + rrset-order { [ class ] [ type ] [ name ] ; ... }; + send-cookie ; + serial-update-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns-udp-size ; + edns-version ; + keys ; + max-udp-size ; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide-ixfr ; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request-expire ; + request-ixfr ; + request-nsid ; + send-cookie ; + tcp-keepalive ; + tcp-only ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail-ttl ; + sig-signing-nodes ; + sig-signing-signatures ; + sig-signing-type ; + sig-validity-interval [ ]; + sortlist { ; ... }; + stale-answer-client-timeout ( disabled | off | ); + stale-answer-enable ; + stale-answer-ttl ; + stale-cache-enable ; + stale-refresh-time ; + synth-from-dnssec ; + transfer-format ( many-answers | one-answer ); + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust-anchor-telemetry ; // experimental + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times + trusted-keys { ; ... }; // may occur multiple times, deprecated + try-tcp-refresh ; + update-check-ksk ; + use-alt-transfer-source ; + v6-bias ; + validate-except { ; ... }; + zero-no-soa-ttl ; + zero-no-soa-ttl-cache ; + zone-statistics ( full | terse | none | ); }; // may occur multiple times diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst index d0e8eeea3a..b930acc843 100644 --- a/doc/misc/options.grammar.rst +++ b/doc/misc/options.grammar.rst @@ -20,18 +20,12 @@ allow-query-on { ; ... }; allow-recursion { ; ... }; allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { - ; ... }; + allow-transfer [ port ] [ transport ] { ; ... }; allow-update { ; ... }; allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( - | [ port ] | - [ port ] ) [ key ] [ tls - ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) - ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | - * ) ] [ dscp ]; + also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; answer-cookie ; attach-cache ; auth-nxdomain ; @@ -41,19 +35,12 @@ avoid-v6-udp-ports { ; ... }; bindkeys-file ; blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port - ] [ dscp ] { ( | [ - port ] | [ port ] ) [ key - ] [ tls ]; ... } ] [ zone-directory - ] [ in-memory ] [ min-update-interval - ]; ... }; + catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity ; check-mx ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | - secondary | slave | response ) ( - fail | warn | ignore ); + check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); check-sibling ; check-spf ( warn | ignore ); check-srv-cname ( fail | warn | ignore ); @@ -63,16 +50,12 @@ cookie-secret ; coresize ( default | unlimited | ); datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ - except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... - } ]; + deny-answer-addresses { ; ... } [ except-from { ; ... } ]; + deny-answer-aliases { ; ... } [ except-from { ; ... } ]; dialup ( notify | notify-passive | passive | refresh | ); directory ; - disable-algorithms { ; - ... }; - disable-ds-digests { ; - ... }; + disable-algorithms { ; ... }; + disable-ds-digests { ; ... }; disable-empty-zone ; dns64 { break-dnssec ; @@ -95,18 +78,12 @@ dnssec-secure-to-insecure ; dnssec-update-mode ( maintain | no-resign ); dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ - ( query | response ) ]; ... }; + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | - ) ] [ versions ( unlimited | ) ] [ suffix ( - increment | timestamp ) ]; + dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; dnstap-version ( | none ); dscp ; - dual-stack-servers [ port ] { ( [ port - ] [ dscp ] | [ port - ] [ dscp ] | [ port - ] [ dscp ] ); ... }; + dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; dump-file ; edns-udp-size ; empty-contact ; @@ -118,8 +95,7 @@ files ( default | unlimited | ); flush-zones-on-shutdown ; forward ( first | only ); - forwarders [ port ] [ dscp ] { ( - | ) [ port ] [ dscp ]; ... }; + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; fstrm-set-buffer-hint ; fstrm-set-flush-timeout ; fstrm-set-input-queue-size ; @@ -138,18 +114,11 @@ ipv4only-contact ; ipv4only-enable ; ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | - ); + ixfr-from-differences ( primary | master | secondary | slave | ); key-directory ; lame-ttl ; - listen-on [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; - listen-on-v6 [ port ] [ dscp - ] [ tls ] [ http - ] { - ; ... }; + listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; + listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; lmdb-mapsize ; lock-file ( | none ); managed-keys-directory ; @@ -191,30 +160,22 @@ notify ( explicit | master-only | primary-only | ); notify-delay ; notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; nta-lifetime ; nta-recheck ; nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ - dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; + parental-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; pid-file ( | none ); port ; preferred-glue ; prefetch [ ]; provide-ixfr ; qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; querylog ; random-device ( | none ); rate-limit { @@ -245,26 +206,12 @@ resolver-nonbackoff-tries ; resolver-query-timeout ; resolver-retry-interval ; - response-padding { ; ... } block-size - ; - response-policy { zone [ add-soa ] [ log - ] [ max-policy-ttl ] [ min-update-interval - ] [ policy ( cname | disabled | drop | given | no-op - | nodata | nxdomain | passthru | tcp-only ) ] [ - recursive-only ] [ nsip-enable ] [ - nsdname-enable ]; ... } [ add-soa ] [ - break-dnssec ] [ max-policy-ttl ] [ - min-update-interval ] [ min-ns-dots ] [ - nsip-wait-recurse ] [ nsdname-wait-recurse - ] [ qname-wait-recurse ] [ recursive-only ] - [ nsip-enable ] [ nsdname-enable ] [ - dnsrps-enable ] [ dnsrps-options { - } ]; + response-padding { ; ... } block-size ; + response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; reuseport ; root-delegation-only [ exclude { ; ... } ]; root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name - ] ; ... }; + rrset-order { [ class ] [ type ] [ name ] ; ... }; secroots-file ; send-cookie ; serial-query-rate ; @@ -303,10 +250,8 @@ tls-port ; transfer-format ( many-answers | one-answer ); transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; transfers-in ; transfers-out ; transfers-per-ns ; diff --git a/doc/misc/parental-agents.grammar.rst b/doc/misc/parental-agents.grammar.rst index f30e6a8105..b09cc33787 100644 --- a/doc/misc/parental-agents.grammar.rst +++ b/doc/misc/parental-agents.grammar.rst @@ -11,8 +11,4 @@ :: - parental-agents [ port ] [ - dscp ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; + parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/primaries.grammar.rst b/doc/misc/primaries.grammar.rst index aceea97306..b6c680fb03 100644 --- a/doc/misc/primaries.grammar.rst +++ b/doc/misc/primaries.grammar.rst @@ -11,8 +11,4 @@ :: - primaries [ port ] [ dscp - ] { ( | - [ port ] | - [ port ] ) [ key - ] [ tls ]; ... }; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/server.grammar.rst b/doc/misc/server.grammar.rst index 526636ec90..b62959ae7d 100644 --- a/doc/misc/server.grammar.rst +++ b/doc/misc/server.grammar.rst @@ -18,18 +18,12 @@ edns-version ; keys ; max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ - dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] - [ dscp ]; + notify-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; padding ; provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( - | * ) ] ) | ( [ [ address ] ( | * ) ] - port ( | * ) ) ) [ dscp ]; + query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; request-expire ; request-ixfr ; request-nsid ; @@ -37,9 +31,7 @@ tcp-keepalive ; tcp-only ; transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ - dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) - ] [ dscp ]; + transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; transfers ; }; diff --git a/doc/misc/statistics-channels.grammar.rst b/doc/misc/statistics-channels.grammar.rst index 7a4ef27d25..8e4d964598 100644 --- a/doc/misc/statistics-channels.grammar.rst +++ b/doc/misc/statistics-channels.grammar.rst @@ -12,8 +12,5 @@ :: statistics-channels { - inet ( | | - * ) [ port ( | * ) ] [ - allow { ; ... - } ]; + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; }; diff --git a/doc/misc/trust-anchors.grammar.rst b/doc/misc/trust-anchors.grammar.rst index eabe7c082c..e389e73be9 100644 --- a/doc/misc/trust-anchors.grammar.rst +++ b/doc/misc/trust-anchors.grammar.rst @@ -11,7 +11,4 @@ :: - trust-anchors { ( static-key | - initial-key | static-ds | initial-ds ) - - ; ... }; + trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; diff --git a/doc/misc/trusted-keys.grammar.rst b/doc/misc/trusted-keys.grammar.rst index 55cfa3805d..47aa831815 100644 --- a/doc/misc/trusted-keys.grammar.rst +++ b/doc/misc/trusted-keys.grammar.rst @@ -11,6 +11,4 @@ :: - trusted-keys { - - ; ... };, deprecated + trusted-keys { ; ... };, deprecated From fb474de3ab64196c0d3d37d333023502425e7e23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Wed, 11 May 2022 09:20:51 +0200 Subject: [PATCH 03/29] Add rndc.conf grammar into doc/misc It uses the same mechanism as all other grammars, but the file is named differently to distinguish it from named.conf grammars. --- .reuse/dep5 | 1 + doc/misc/Makefile.am | 4 ++++ doc/misc/rndc.grammar | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 doc/misc/rndc.grammar diff --git a/.reuse/dep5 b/.reuse/dep5 index de69b93035..d539cad8e1 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -156,6 +156,7 @@ Files: **/.clang-format doc/misc/*.zoneopt doc/misc/options doc/misc/options.active + doc/misc/rndc.grammar tsan-suppressions.txt Copyright: Internet Systems Consortium, Inc. ("ISC") License: CC0-1.0 diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index 30a3c30e80..b4c5f40621 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -2,6 +2,7 @@ include $(top_srcdir)/Makefile.top include $(top_srcdir)/Makefile.docs OPTIONS_FILES = \ + rndc.grammar \ options \ options.active \ primary.zoneopt \ @@ -69,6 +70,9 @@ cfg_test_LDADD = \ BUILT_SOURCES = \ $(OPTIONS_FILES) +rndc.grammar: cfg_test + $(AM_V_CFG_TEST)$(builddir)/cfg_test --rndc --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ + options: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ diff --git a/doc/misc/rndc.grammar b/doc/misc/rndc.grammar new file mode 100644 index 0000000000..716a21d938 --- /dev/null +++ b/doc/misc/rndc.grammar @@ -0,0 +1,21 @@ +key { + algorithm ; + secret ; +}; // may occur multiple times + +options { + default-key ; + default-port ; + default-server ; + default-source-address ( | * ); + default-source-address-v6 ( | * ); +}; + +server { + addresses { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + key ; + port ; + source-address ( | * ); + source-address-v6 ( | * ); +}; // may occur multiple times + From df089829304f5892c3c62b3ff3d475b4093dffde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 3 May 2022 09:09:16 +0200 Subject: [PATCH 04/29] Add a new library to parse grammar format produced by cfg_test It transforms named.conf/rndc.conf grammar from text format into Python dictionary. This allows granular access to grammar elements. Beware: It heavity depens on cfg_test output format! --- doc/misc/Makefile.am | 1 + doc/misc/parsegrammar.py | 194 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 195 insertions(+) create mode 100644 doc/misc/parsegrammar.py diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index b4c5f40621..948243ccac 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -45,6 +45,7 @@ OPTIONS_FILES = \ EXTRA_DIST = \ $(OPTIONS_FILES) \ format-options.pl \ + parsegrammar.py \ rst-grammars.pl \ rst-options.pl \ rst-zoneopt.pl \ diff --git a/doc/misc/parsegrammar.py b/doc/misc/parsegrammar.py new file mode 100644 index 0000000000..b3fede04e5 --- /dev/null +++ b/doc/misc/parsegrammar.py @@ -0,0 +1,194 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +""" +Read ISC config grammar description produced by "cfg_test --grammar", +transform it into JSON, and print it to stdout. + +Beware: This parser is pretty dumb and heavily depends on cfg_test output +format. See parse_mapbody() for more details. + +Maps are recursively parsed into sub-dicts, all other elements (lists etc.) +are left intact and returned as one string. + +Output example from named.conf grammar showing three variants follow. +Keys "_flags" and "_id" are present only if non-empty. Key "_grammar" denotes +end node, key "_mapbody" denotes a nested map. + +{ + "acl": { + "_flags": [ + "may occur multiple times" + ], + "_grammar": " { ; ... }" + }, + "http": { + "_flags": [ + "may occur multiple times" + ], + "_id": "", + "_mapbody": { + "endpoints": { + "_grammar": "{ ; ... }" + }, + "streams-per-connection": { + "_grammar": "" + } + } + }, + "options": { + "_mapbody": { + "rate-limit": { + "_mapbody": { + "all-per-second": { + "_grammar": "" + } + } + } + } + } +} +""" +import fileinput +import json +import re + +FLAGS = [ + "may occur multiple times", + "obsolete", + "deprecated", + "experimental", + "test only", +] + +KEY_REGEX = re.compile("[a-zA-Z0-9-]+") + + +def split_comments(line): + """Split line on comment boundary and strip right-side whitespace. + Supports only #, //, and /* comments which end at the end of line. + It does NOT handle: + - quoted strings + - /* comments which do not end at line boundary + - multiple /* comments on a single line + """ + assert '"' not in line, 'lines with " are not supported' + data_end_idx = len(line) + for delimiter in ["#", "//", "/*"]: + try: + data_end_idx = min(line.index(delimiter), data_end_idx) + except ValueError: + continue + if delimiter == "/*": + # sanity checks + if not line.rstrip().endswith("*/"): + raise NotImplementedError( + "unsupported /* comment, does not end at the end of line", line + ) + if "/*" in line[data_end_idx + 1 :]: + raise NotImplementedError( + "unsupported line with multiple /* comments", line + ) + + noncomment = line[:data_end_idx] + comment = line[data_end_idx:] + return noncomment, comment + + +def parse_line(filein): + """Consume single line from input, return non-comment and comment.""" + for line in filein: + line, comment = split_comments(line) + line = line.strip() + comment = comment.strip() + if not line: + continue + yield line, comment + + +def parse_flags(comments): + """Extract known flags from comments. Must match exact strings used by cfg_test.""" + out = [] + for flag in FLAGS: + if flag in comments: + out.append(flag) + return out + + +def parse_mapbody(filein): + """Parse body of a "map" in ISC config format. + + Input lines can be only: + - whitespace & comments only -> ignore + - ; -> store as "_grammar" for this keyword + - { -> parse sub-map and store (optional) as "_id", + producing nested dict under "_mapbody" + Also store known strings found at the end of line in "_flags". + + Returns: + - tuple (map dict, map comment) when }; line is reached + - map dict when we run out of lines without the closing }; + """ + thismap = {} + for line, comment in parse_line(filein): + flags = parse_flags(comment) + if line == "};": # end of a nested map + return thismap, flags + + # first word - a map key name + # beware: some statements do not have parameters, e.g. "null;" + key = line.split()[0].rstrip(";") + # map key sanity check + if not KEY_REGEX.fullmatch(key): + raise NotImplementedError("suspicious keyword detected", line) + + # omit keyword from the grammar + grammar = line[len(key) :].strip() + # also skip final ; or { + grammar = grammar[:-1].strip() + + thismap[key] = {} + if line.endswith("{"): + # nested map, recurse, but keep "extra identifiers" if any + try: + subkeys, flags = parse_mapbody(filein) + except ValueError: + raise ValueError("unfinished nested map, missing }; detected") from None + if flags: + thismap[key]["_flags"] = flags + if grammar: + # for lines which look like "view {" store "" + thismap[key]["_id"] = grammar + thismap[key]["_mapbody"] = subkeys + else: + assert line.endswith(";") + if flags: + thismap[key]["_flags"] = flags + thismap[key]["_grammar"] = grammar + + # Ran out of lines: can happen only on the end of the top-level map-body! + # Intentionally do not return second parameter to cause ValueError + # if we reach this spot with a missing }; in a nested map. + assert len(thismap) + return thismap + + +def main(): + """Read stdin or filename provided on command line""" + with fileinput.input() as filein: + grammar = parse_mapbody(filein) + print(json.dumps(grammar, indent=4)) + + +if __name__ == "__main__": + main() From 8960d51aa34de152b8f135928974974cb69eb751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 9 May 2022 18:04:40 +0200 Subject: [PATCH 05/29] Add utility to search for context-dependent configuration statements The utility detects statements which use the same name (e.g. max-zone-ttl) but use different grammar in different contexts. These typically need special case in docs. --- doc/misc/Makefile.am | 1 + doc/misc/checkgrammar.py | 125 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 doc/misc/checkgrammar.py diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index 948243ccac..acd0151cff 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -44,6 +44,7 @@ OPTIONS_FILES = \ EXTRA_DIST = \ $(OPTIONS_FILES) \ + checkgrammar.py \ format-options.pl \ parsegrammar.py \ rst-grammars.pl \ diff --git a/doc/misc/checkgrammar.py b/doc/misc/checkgrammar.py new file mode 100644 index 0000000000..157944e090 --- /dev/null +++ b/doc/misc/checkgrammar.py @@ -0,0 +1,125 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +""" +Utility to check ISC config grammar consistency. It detects statement names +which use different grammar depending on position in the configuration file. +E.g. "max-zone-ttl" in dnssec-policy uses '' +vs. '( unlimited | ) used in options. +""" + +from collections import namedtuple +from itertools import groupby +from pprint import pformat +import fileinput + +import parsegrammar + + +def statement2block(grammar, path): + """Return mapping statement name to "path" where it is allowed. + _top is placeholder name for the namesless topmost context. + + E.g. { + 'options: [('_top',)], + 'server': [('_top', 'view'), ('_top',)], + 'rate-limit': [('_top', 'options'), ('_top', 'view')], + 'slip': [('_top', 'options', 'rate-limit'), ('_top', 'view', 'rate-limit')] + } + """ + key2place = {} + + for key in grammar: + assert not key.startswith("_") + key2place.setdefault(key, []).append(tuple(path)) + if "_mapbody" in grammar[key]: + nested2block = statement2block(grammar[key]["_mapbody"], path + [key]) + # merge to uppermost output dictionary + for nested_key, nested_path in nested2block.items(): + key2place.setdefault(nested_key, []).extend(nested_path) + return key2place + + +def get_statement_grammar(grammar, path, name): + """Descend into grammar dict using provided path + and return final dict found there. + + Intermediate steps into "_mapbody" subkeys are done automatically. + """ + assert path[0] == "_top" + path = list(path) + [name] + for step in path[1:]: + if "_mapbody" in grammar: + grammar = grammar["_mapbody"] + grammar = grammar[step] + return grammar + + +Statement = namedtuple("Statement", ["path", "name", "subgrammar"]) + + +def groupby_grammar(statements): + """ + Return groups of Statement tuples with identical grammars and flags. + See itertools.groupby. + """ + + def keyfunc(statement): + return sorted(statement.subgrammar.items()) + + groups = [] + statements = sorted(statements, key=keyfunc) + for _key, group in groupby(statements, keyfunc): + groups.append(list(group)) # Store group iterator as a list + return groups + + +def diff_statements(whole_grammar, places): + """ + Return map {statement name: [groups of [Statement]s with identical grammar]. + """ + out = {} + for statement_name, paths in places.items(): + grammars = [] + for path in paths: + statement_grammar = get_statement_grammar( + whole_grammar, path, statement_name + ) + grammars.append(Statement(path, statement_name, statement_grammar)) + groups = groupby_grammar(grammars) + out[statement_name] = groups + return out + + +def main(): + """ + Ingest output from cfg_test --grammar and print out statements which use + different grammar in different contexts. + """ + with fileinput.input() as filein: + grammar = parsegrammar.parse_mapbody(filein) + places = statement2block(grammar, ["_top"]) + + for statementname, groups in diff_statements(grammar, places).items(): + if len(groups) > 1: + print(f'statement "{statementname}" is inconsistent across blocks') + for group in groups: + print( + "- path:", ", ".join(" -> ".join(variant.path) for variant in group) + ) + print(" ", pformat(group[0].subgrammar)) + print() + + +if __name__ == "__main__": + main() From 190004e46ce6dddd3c52dc90302351e98d4758f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 9 May 2022 18:25:18 +0200 Subject: [PATCH 06/29] Add pretty printer for JSON grammar It produces the same format as cfg_test --grammar. The advantage is that it allows to print any node in configuration the tree, not just whole blocks. --- doc/misc/checkgrammar.py | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/doc/misc/checkgrammar.py b/doc/misc/checkgrammar.py index 157944e090..57f4c8ede5 100644 --- a/doc/misc/checkgrammar.py +++ b/doc/misc/checkgrammar.py @@ -20,7 +20,6 @@ vs. '( unlimited | ) used in options. from collections import namedtuple from itertools import groupby -from pprint import pformat import fileinput import parsegrammar @@ -101,6 +100,35 @@ def diff_statements(whole_grammar, places): return out +def pformat_grammar(node, level=1): + """Pretty print a given grammar node in the same way as cfg_test would""" + if "_grammar" in node: # no nesting + assert "_id" not in node + assert "_mapbody" not in node + out = node["_grammar"] + ";" + if "_flags" in node: + out += " // " + ", ".join(node["_flags"]) + return out + "\n" + + # a nested map + out = "" + indent = level * "\t" + if "_id" in node: + out += node["_id"] + " " + out += "{\n" + + for key in node["_mapbody"]: + out += f"{indent}{key}" + inner_grammar = pformat_grammar(node["_mapbody"][key], level=level + 1) + if inner_grammar[0] != ";": # we _did_ find some arguments + out += " " + out += inner_grammar + out += indent[:-1] + "};" # unindent the closing bracket + if "_flags" in node: + out += " // " + ", ".join(node["_flags"]) + return out + "\n" + + def main(): """ Ingest output from cfg_test --grammar and print out statements which use @@ -117,7 +145,7 @@ def main(): print( "- path:", ", ".join(" -> ".join(variant.path) for variant in group) ) - print(" ", pformat(group[0].subgrammar)) + print(" ", pformat_grammar(group[0].subgrammar, level=1)) print() From a691ebd0c96ecc094f5711526d5ba55c5f3f323a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Wed, 11 May 2022 09:20:51 +0200 Subject: [PATCH 07/29] Add helper to unify options and zone block grammars A helper is needed to combine cfg_test output for generic options and all the type-dependent zone block variants. --- doc/arm/Makefile.am | 1 + doc/arm/_ext/mergegrammar.py | 54 ++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 doc/arm/_ext/mergegrammar.py diff --git a/doc/arm/Makefile.am b/doc/arm/Makefile.am index d4aa22b767..837f748412 100644 --- a/doc/arm/Makefile.am +++ b/doc/arm/Makefile.am @@ -62,6 +62,7 @@ EXTRA_DIST = \ tsig.inc.rst \ zones.inc.rst \ _ext/iscconf.py \ + _ext/mergegrammar.py \ _ext/namedconf.py \ _ext/rndcconf.py \ _static/custom.css \ diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py new file mode 100644 index 0000000000..c95f7ae4ce --- /dev/null +++ b/doc/arm/_ext/mergegrammar.py @@ -0,0 +1,54 @@ +############################################################################ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +############################################################################ + +# Depends on CWD - Sphinx plugin + +import json +from pathlib import Path + +from . import parsegrammar + + +def read_zone(): + zone_grammars = {} + for file in Path("../misc/").glob("*.zoneopt"): + zone_type = f"type {file.stem}" + + with file.open(encoding="ascii") as fp: + zonegrammar = parsegrammar.parse_mapbody(fp) + assert len(zonegrammar) == 1 + assert "zone" in zonegrammar + zone_grammars[zone_type] = zonegrammar["zone"] + + return {"zone": {"_mapbody": zone_grammars}} + + +def read_main(): + with Path("../misc/options").open(encoding="ascii") as fp: + optgrammar = parsegrammar.parse_mapbody(fp) + return optgrammar + + +def combine(): + zones = read_zone() + assert zones + rest = read_main() + assert rest + rest.update(zones) + + return rest + + +if __name__ == "__main__": + full_grammar = combine() + print(json.dumps(full_grammar)) From 1c6f2c5ad1755e21343c534329e23dde4cff6b30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Wed, 11 May 2022 10:38:05 +0200 Subject: [PATCH 08/29] Give Sphinx configuration domains access to grammar --- doc/arm/_ext/iscconf.py | 16 +++++++++++++--- doc/arm/_ext/mergegrammar.py | 2 +- doc/arm/_ext/namedconf.py | 6 +++++- doc/arm/_ext/rndcconf.py | 7 ++++++- doc/arm/conf.py | 1 + 5 files changed, 26 insertions(+), 6 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 670dca4998..cc03766475 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -34,6 +34,8 @@ from sphinx.util import logging from sphinx.util.docutils import SphinxDirective from sphinx.util.nodes import make_refnode +import checkgrammar + logger = logging.getLogger(__name__) @@ -50,7 +52,7 @@ def split_csv(argument, required): # pylint: disable=too-many-statements -def domain_factory(domainname, domainlabel, todolist): +def domain_factory(domainname, domainlabel, todolist, grammar): """ Return parametrized Sphinx domain object. @param domainname Name used when referencing domain in .rst: e.g. namedconf @@ -148,6 +150,14 @@ def domain_factory(domainname, domainlabel, todolist): indices = {} # no custom indicies + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.grammar = grammar + self.statement_blocks = checkgrammar.statement2block(grammar, ["_top"]) + self.statement_grammar_groups = checkgrammar.diff_statements( + self.grammar, self.statement_blocks + ) + def get_objects(self): """ Sphinx API: @@ -388,12 +398,12 @@ class DictToDocutilsTableBuilder: return self.table -def setup(app, domainname, confname, docutilsplaceholder): +def setup(app, domainname, confname, docutilsplaceholder, grammar): """ Install new parametrized Sphinx domain. """ - Conf = domain_factory(domainname, confname, docutilsplaceholder) + Conf = domain_factory(domainname, confname, docutilsplaceholder, grammar) app.add_domain(Conf) app.connect("doctree-resolved", Conf.process_statementlist_nodes) diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py index c95f7ae4ce..d339da1645 100644 --- a/doc/arm/_ext/mergegrammar.py +++ b/doc/arm/_ext/mergegrammar.py @@ -16,7 +16,7 @@ import json from pathlib import Path -from . import parsegrammar +import parsegrammar def read_zone(): diff --git a/doc/arm/_ext/namedconf.py b/doc/arm/_ext/namedconf.py index 2011d5a118..bcf4a0c007 100644 --- a/doc/arm/_ext/namedconf.py +++ b/doc/arm/_ext/namedconf.py @@ -18,6 +18,7 @@ Sphinx domain "namedconf". See iscconf.py for details. from docutils import nodes import iscconf +import mergegrammar class ToBeReplacedStatementList(nodes.General, nodes.Element): @@ -28,4 +29,7 @@ class ToBeReplacedStatementList(nodes.General, nodes.Element): def setup(app): - return iscconf.setup(app, "namedconf", "named.conf", ToBeReplacedStatementList) + grammar = mergegrammar.combine() + return iscconf.setup( + app, "namedconf", "named.conf", ToBeReplacedStatementList, grammar + ) diff --git a/doc/arm/_ext/rndcconf.py b/doc/arm/_ext/rndcconf.py index bb9dbba065..cac10e2f46 100644 --- a/doc/arm/_ext/rndcconf.py +++ b/doc/arm/_ext/rndcconf.py @@ -18,6 +18,7 @@ Sphinx domain "rndcconf". See iscconf.py for details. from docutils import nodes import iscconf +import parsegrammar class ToBeReplacedStatementList(nodes.General, nodes.Element): @@ -28,4 +29,8 @@ class ToBeReplacedStatementList(nodes.General, nodes.Element): def setup(app): - return iscconf.setup(app, "rndcconf", "rndc.conf", ToBeReplacedStatementList) + with open("../misc/rndc.grammar", encoding="utf-8") as filein: + grammar = parsegrammar.parse_mapbody(filein) + return iscconf.setup( + app, "rndcconf", "rndc.conf", ToBeReplacedStatementList, grammar + ) diff --git a/doc/arm/conf.py b/doc/arm/conf.py index 578591e463..695ca9a77f 100644 --- a/doc/arm/conf.py +++ b/doc/arm/conf.py @@ -104,6 +104,7 @@ def setup(app): # documentation root, make it absolute. # sys.path.append(str(Path(__file__).resolve().parent / "_ext")) +sys.path.append(str(Path(__file__).resolve().parent.parent / "misc")) # -- Project information ----------------------------------------------------- From cbad1803a55ded505c6dc042cd75c8d0b0dc0ac9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 12 May 2022 19:16:52 +0200 Subject: [PATCH 09/29] Warn about statements in grammar not described in docs Skip over obsolete options. --- doc/arm/_ext/iscconf.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index cc03766475..a6ecf212fd 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -268,6 +268,29 @@ def domain_factory(domainname, domainlabel, todolist, grammar): self.log_statement_overlap(new[name], old[name]) old.update(new) + def check_consistency(self): + """Sphinx API""" + defined_statements = set( + obj["signature"] for obj in self.data["statements"].values() + ) + statements_in_grammar = set(self.statement_blocks) + missing_statement_sigs = statements_in_grammar.difference( + defined_statements + ) + for missing in missing_statement_sigs: + grammars = self.statement_grammar_groups[missing] + if len(grammars) == 1: + flags = grammars[0][0].subgrammar.get("_flags", []) + if ("obsolete" in flags) or ("test only" in flags): + continue + + logger.warning( + "statement %s is defined in %s grammar but is not described" + " using .. statement:: directive", + missing, + domainlabel, + ) + @classmethod def process_statementlist_nodes(cls, app, doctree, fromdocname): """ From ebe6ede2ec7982aa7346bf9369a4be87b6b6c764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 12 May 2022 19:33:20 +0200 Subject: [PATCH 10/29] Warn about statements not found in the grammar --- doc/arm/_ext/iscconf.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index a6ecf212fd..f1b4c7e118 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -216,12 +216,15 @@ def domain_factory(domainname, domainlabel, todolist, grammar): location=(new["docname"], new["lineno"]), ) + def get_statement_name(self, signature): + return "{}.{}.{}".format(domainname, "statement", signature) + def add_statement(self, signature, tags, short, lineno): """ Add a new statement to the domain data structures. No visible effect. """ - name = "{}.{}.{}".format(domainname, "statement", signature) + name = self.get_statement_name(signature) anchor = "{}-statement-{}".format(domainname, signature) new = { @@ -291,6 +294,18 @@ def domain_factory(domainname, domainlabel, todolist, grammar): domainlabel, ) + extra_statement_sigs = defined_statements.difference(statements_in_grammar) + for extra in extra_statement_sigs: + fullname = self.get_statement_name(extra) + desc = self.data["statements"][fullname] + logger.warning( + ".. statement:: %s found but matching definition in %s grammar is" + " missing", + extra, + domainlabel, + location=(desc["docname"], desc["lineno"]), + ) + @classmethod def process_statementlist_nodes(cls, app, doctree, fromdocname): """ From d61d998e3b2e1aeeacea117ec8d25b45552f0da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 10:00:59 +0200 Subject: [PATCH 11/29] Detect unsupported statement:: directives with multiple names --- doc/arm/_ext/iscconf.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index f1b4c7e118..0edd285965 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -134,6 +134,12 @@ def domain_factory(domainname, domainlabel, todolist, grammar): tags += nodes.Text(", ".join(self.isc_tags)) contentnode.insert(0, tags) + names = self.get_signatures() + if len(names) != 1: + raise NotImplementedError( + "statements with more than one name are not supported", names + ) + name = domainname label = domainlabel From eba3b1ad163801d10c45333a36c80187f716d174 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 10:03:48 +0200 Subject: [PATCH 12/29] Render list of blocks accepting a given statement --- doc/arm/_ext/iscconf.py | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 0edd285965..54043007f7 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -116,6 +116,38 @@ def domain_factory(domainname, domainlabel, todolist, grammar): def isc_short(self): return self.options.get("short", "") + def format_path(self, path): + assert path[0] == "_top" + if len(path) == 1: + return "topmost" + return ".".join(path[1:]) + + def format_paths(self, paths): + zone_types = [] + nozone_paths = [] + for path in paths: + try: + zone_idx = path.index("zone") + zone_type_txt = path[zone_idx + 1] + assert zone_type_txt.startswith("type "), zone_type_txt + zone_types.append(zone_type_txt[len("type ") :]) + except (ValueError, IndexError): + nozone_paths.append(path) + condensed_paths = nozone_paths[:] + if zone_types: + condensed_paths.append( + ("_top", "zone (" + ", ".join(sorted(zone_types)) + ")") + ) + condensed_paths = sorted(condensed_paths, key=len) + return list(self.format_path(path) for path in condensed_paths) + + def format_blocks(self, grammar_blocks): + """Generate node with list of all allowed blocks""" + blocks = nodes.paragraph() + blocks += nodes.strong(text="Blocks: ") + blocks += nodes.Text(", ".join(self.format_paths(grammar_blocks))) + return blocks + def parse_nested_str(self, instr): """Parse string as nested rst syntax and produce a node""" raw = nodes.paragraph(text=instr) @@ -139,6 +171,14 @@ def domain_factory(domainname, domainlabel, todolist, grammar): raise NotImplementedError( "statements with more than one name are not supported", names ) + name = names[0] + iscconf = self.env.get_domain(domainname) + + if name not in iscconf.statement_blocks: + return # not defined in grammar, nothing to render + + blocks = self.format_blocks(iscconf.statement_blocks[name]) + contentnode.insert(0, blocks) name = domainname label = domainlabel From c6fe8970f6985fcf9a083cf79ef9886c377fa2ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 10:04:48 +0200 Subject: [PATCH 13/29] Render statement's grammar This is replacement for auto-generated *.rst files stored in the repo. --- doc/arm/_ext/iscconf.py | 50 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 54043007f7..06f3d6c9f5 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -98,6 +98,15 @@ def domain_factory(domainname, domainlabel, todolist, grammar): "short": directives.unchanged_required, } + @property + def isc_name(self): + names = self.get_signatures() + if len(names) != 1: + raise NotImplementedError( + "statements with more than one name are not supported", names + ) + return names[0] + def handle_signature(self, sig, signode): signode += addnodes.desc_name(text=sig) return sig @@ -148,6 +157,34 @@ def domain_factory(domainname, domainlabel, todolist, grammar): blocks += nodes.Text(", ".join(self.format_paths(grammar_blocks))) return blocks + def format_grammar(self, list_blocks, grammar_grp): + """ + Generate grammar description node, optionally with list of + blocks accepting this particular grammar. + Example: Grammar (block1, block2): grammar; + """ + grammarnode = nodes.paragraph() + if list_blocks: + separator = " " + paths = ", ".join( + self.format_paths(variant.path for variant in grammar_grp) + ) + else: + separator = "" + paths = "" + grammar_txt = ( + self.isc_name + + " " + + checkgrammar.pformat_grammar(grammar_grp[0].subgrammar, level=1) + ) + if "\n" in grammar_txt.strip(): + nodetype = nodes.literal_block + else: + nodetype = nodes.literal + grammarnode += nodes.strong(text=f"Grammar{separator}{paths}: ") + grammarnode += nodetype(text=grammar_txt) + return grammarnode + def parse_nested_str(self, instr): """Parse string as nested rst syntax and produce a node""" raw = nodes.paragraph(text=instr) @@ -166,20 +203,21 @@ def domain_factory(domainname, domainlabel, todolist, grammar): tags += nodes.Text(", ".join(self.isc_tags)) contentnode.insert(0, tags) - names = self.get_signatures() - if len(names) != 1: - raise NotImplementedError( - "statements with more than one name are not supported", names - ) - name = names[0] iscconf = self.env.get_domain(domainname) + name = self.isc_name if name not in iscconf.statement_blocks: return # not defined in grammar, nothing to render blocks = self.format_blocks(iscconf.statement_blocks[name]) contentnode.insert(0, blocks) + grammars = iscconf.statement_grammar_groups[name] + multi_grammar = len(grammars) > 1 + for grammar_grp in grammars: + grammarnode = self.format_grammar(multi_grammar, grammar_grp) + contentnode.insert(0, grammarnode) + name = domainname label = domainlabel From 7b4ad8a3ff4dc8fb5d5da41e713c9111d620753b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 09:55:01 +0200 Subject: [PATCH 14/29] Warn about experimental and deprecated options --- doc/arm/_ext/iscconf.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 06f3d6c9f5..f4a74897e7 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -185,6 +185,23 @@ def domain_factory(domainname, domainlabel, todolist, grammar): grammarnode += nodetype(text=grammar_txt) return grammarnode + def format_warnings(self, flags): + """Return node with a warning box about deprecated and + experimental options""" + warn = nodes.warning() + if "deprecated" in flags: + warn += nodes.paragraph( + text=( + "This option is deprecated and will be removed in a future" + " version of BIND." + ) + ) + if "experimental" in flags: + warn += nodes.paragraph( + text="This option is experimental and subject to change." + ) + return warn + def parse_nested_str(self, instr): """Parse string as nested rst syntax and produce a node""" raw = nodes.paragraph(text=instr) @@ -214,10 +231,19 @@ def domain_factory(domainname, domainlabel, todolist, grammar): grammars = iscconf.statement_grammar_groups[name] multi_grammar = len(grammars) > 1 + union_flags = set() for grammar_grp in grammars: + for one_grammar_dict in grammar_grp: + union_flags = union_flags.union( + set(one_grammar_dict.subgrammar.get("_flags", [])) + ) grammarnode = self.format_grammar(multi_grammar, grammar_grp) contentnode.insert(0, grammarnode) + warn = self.format_warnings(union_flags) + if len(warn): + contentnode.insert(0, warn) + name = domainname label = domainlabel From 0bbbdc6244351ac479ed45c4ce9b6e33e8baf428 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 13:16:53 +0200 Subject: [PATCH 15/29] Remove auto-generated rst files in repo in favour of grammar pretty printer --- .reuse/dep5 | 1 - Makefile.docs | 12 - bin/named/Makefile.am | 3 - bin/named/named.conf.rst | 705 +-------- doc/arm/Makefile.am | 33 +- doc/arm/reference.rst | 41 - doc/man/Makefile.am | 1 + doc/man/named.conf.5in | 1778 ++++++++++------------ doc/misc/Makefile.am | 134 +- doc/misc/acl.grammar.rst | 13 - doc/misc/controls.grammar.rst | 17 - doc/misc/delegation-only.zoneopt.rst | 16 - doc/misc/dnssec-policy.grammar.rst | 28 - doc/misc/format-options.pl | 51 - doc/misc/forward.zoneopt.rst | 19 - doc/misc/hint.zoneopt.rst | 19 - doc/misc/http.grammar.rst | 18 - doc/misc/in-view.zoneopt.rst | 16 - doc/misc/key.grammar.rst | 17 - doc/misc/logging.grammar.rst | 27 - doc/misc/managed-keys.grammar.rst | 14 - doc/misc/mirror.zoneopt.rst | 56 - doc/misc/options.active | 588 ------- doc/misc/options.grammar.rst | 272 ---- doc/misc/parental-agents.grammar.rst | 14 - doc/misc/primaries.grammar.rst | 14 - doc/misc/primary.zoneopt | 1 + doc/misc/primary.zoneopt.rst | 74 - doc/misc/redirect.zoneopt.rst | 26 - doc/misc/rst-grammars.pl | 81 - doc/misc/rst-options.pl | 156 -- doc/misc/rst-zoneopt.pl | 59 - doc/misc/secondary.zoneopt | 1 + doc/misc/secondary.zoneopt.rst | 77 - doc/misc/server.grammar.rst | 37 - doc/misc/static-stub.zoneopt.rst | 24 - doc/misc/statistics-channels.grammar.rst | 16 - doc/misc/stub.zoneopt.rst | 40 - doc/misc/tls.grammar.rst | 24 - doc/misc/trust-anchors.grammar.rst | 14 - doc/misc/trusted-keys.grammar.rst | 14 - 41 files changed, 857 insertions(+), 3694 deletions(-) delete mode 100644 doc/misc/acl.grammar.rst delete mode 100644 doc/misc/controls.grammar.rst delete mode 100644 doc/misc/delegation-only.zoneopt.rst delete mode 100644 doc/misc/dnssec-policy.grammar.rst delete mode 100644 doc/misc/format-options.pl delete mode 100644 doc/misc/forward.zoneopt.rst delete mode 100644 doc/misc/hint.zoneopt.rst delete mode 100644 doc/misc/http.grammar.rst delete mode 100644 doc/misc/in-view.zoneopt.rst delete mode 100644 doc/misc/key.grammar.rst delete mode 100644 doc/misc/logging.grammar.rst delete mode 100644 doc/misc/managed-keys.grammar.rst delete mode 100644 doc/misc/mirror.zoneopt.rst delete mode 100644 doc/misc/options.active delete mode 100644 doc/misc/options.grammar.rst delete mode 100644 doc/misc/parental-agents.grammar.rst delete mode 100644 doc/misc/primaries.grammar.rst delete mode 100644 doc/misc/primary.zoneopt.rst delete mode 100644 doc/misc/redirect.zoneopt.rst delete mode 100644 doc/misc/rst-grammars.pl delete mode 100644 doc/misc/rst-options.pl delete mode 100644 doc/misc/rst-zoneopt.pl delete mode 100644 doc/misc/secondary.zoneopt.rst delete mode 100644 doc/misc/server.grammar.rst delete mode 100644 doc/misc/static-stub.zoneopt.rst delete mode 100644 doc/misc/statistics-channels.grammar.rst delete mode 100644 doc/misc/stub.zoneopt.rst delete mode 100644 doc/misc/tls.grammar.rst delete mode 100644 doc/misc/trust-anchors.grammar.rst delete mode 100644 doc/misc/trusted-keys.grammar.rst diff --git a/.reuse/dep5 b/.reuse/dep5 index d539cad8e1..d9dec6a5cb 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -155,7 +155,6 @@ Files: **/.clang-format .uncrustify.cfg doc/misc/*.zoneopt doc/misc/options - doc/misc/options.active doc/misc/rndc.grammar tsan-suppressions.txt Copyright: Internet Systems Consortium, Inc. ("ISC") diff --git a/Makefile.docs b/Makefile.docs index a6bedbe225..4a7b8e597a 100644 --- a/Makefile.docs +++ b/Makefile.docs @@ -60,15 +60,3 @@ AM_V_SED_0 = @echo " SED $@"; AM_V_CFG_TEST = $(AM_V_CFG_TEST_@AM_V@) AM_V_CFG_TEST_ = $(AM_V_CFG_TEST_@AM_DEFAULT_V@) AM_V_CFG_TEST_0 = @echo " CFG_GEN $@"; - -AM_V_RST_OPTIONS = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_OPTIONS_ = $(AM_V_RST_OPTIONS_@AM_DEFAULT_V@) -AM_V_RST_OPTIONS_0 = @echo " RST_OPTIONS $@"; - -AM_V_RST_ZONEOPT = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_ZONEOPT_ = $(AM_V_RST_ZONEOPT_@AM_DEFAULT_V@) -AM_V_RST_ZONEOPT_0 = @echo " RST_ZONEOPT $@"; - -AM_V_RST_GRAMMARS = $(AM_V_CFG_TEST_@AM_V@) -AM_V_RST_GRAMMARS_ = $(AM_V_RST_GRAMMARS_@AM_DEFAULT_V@) -AM_V_RST_GRAMMARS_0 = @echo " RST_GRAMMARS $@"; diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am index 7065a90b7a..57a023b9fa 100644 --- a/bin/named/Makefile.am +++ b/bin/named/Makefile.am @@ -121,6 +121,3 @@ if HAVE_LIBNGHTTP2 named_LDADD += \ $(LIBNGHTTP2_LIBS) endif HAVE_LIBNGHTTP2 - -MAINTAINERCLEANFILES = \ - named.conf.rst diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 4e5cbfbe94..820ca2d3cb 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -31,705 +31,24 @@ comment styles are supported: C style: /\* \*/ - C++ style: // to end of line +C++ style: // to end of line Unix style: # to end of line -CONTROLS -^^^^^^^^ - -:: - - controls { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read-only boolean ]; - unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read-only boolean ]; - }; - -DLZ -^^^ - -:: - - dlz string { - database string; - search boolean; - }; - -DNSSEC-POLICY -^^^^^^^^^^^^^ - -:: - - dnssec-policy string { - dnskey-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; - max-zone-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ salt-length integer ]; - parent-ds-ttl duration; - parent-propagation-delay duration; - publish-safety duration; - purge-keys duration; - retire-safety duration; - signatures-refresh duration; - signatures-validity duration; - signatures-validity-dnskey duration; - zone-propagation-delay duration; - }; - -DYNDB -^^^^^ - -:: - - dyndb string quoted_string { unspecified-text }; - -HTTP -^^^^ - -:: - - http string { - endpoints { quoted_string; ... }; - listener-clients integer; - streams-per-connection integer; - }; - -KEY -^^^ - -:: - - key string { - algorithm string; - secret string; - }; - -LOGGING -^^^^^^^ - -:: - - logging { - category string { string; ... }; - channel string { - buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; - null; - print-category boolean; - print-severity boolean; - print-time ( iso8601 | iso8601-utc | local | boolean ); - severity log_severity; - stderr; - syslog [ syslog_facility ]; - }; - }; - -MANAGED-KEYS -^^^^^^^^^^^^ - -See DNSSEC-KEYS. - -:: - - managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated - -OPTIONS -^^^^^^^ - -:: - - options { - allow-new-zones boolean; - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - answer-cookie boolean; - attach-cache string; - auth-nxdomain boolean; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan boolean; - avoid-v4-udp-ports { portrange; ... }; - avoid-v6-udp-ports { portrange; ... }; - bindkeys-file quoted_string; - blackhole { address_match_element; ... }; - catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - clients-per-query integer; - cookie-algorithm ( aes | siphash24 ); - cookie-secret string; - coresize ( default | unlimited | sizeval ); - datasize ( default | unlimited | sizeval ); - deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... } ]; - dialup ( notify | notify-passive | passive | refresh | boolean ); - directory quoted_string; - disable-algorithms string { string; ... }; - disable-ds-digests string { string; ... }; - disable-empty-zone string; - dns64 netprefix { - break-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive-only boolean; - suffix ipv6_address; - }; - dns64-contact string; - dns64-server string; - dnskey-sig-validity integer; - dnsrps-enable boolean; - dnsrps-options { unspecified-text }; - dnssec-accept-expired boolean; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-must-be-secure string boolean; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dnstap-identity ( quoted_string | none | hostname ); - dnstap-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; - dnstap-version ( quoted_string | none ); - dscp integer; - dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dump-file quoted_string; - edns-udp-size integer; - empty-contact string; - empty-server string; - empty-zones-enable boolean; - fetch-quota-params integer fixedpoint fixedpoint fixedpoint; - fetches-per-server integer [ ( drop | fail ) ]; - fetches-per-zone integer [ ( drop | fail ) ]; - files ( default | unlimited | sizeval ); - flush-zones-on-shutdown boolean; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - fstrm-set-buffer-hint integer; - fstrm-set-flush-timeout integer; - fstrm-set-input-queue-size integer; - fstrm-set-output-notify-threshold integer; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size integer; - fstrm-set-reopen-interval duration; - geoip-directory ( quoted_string | none ); - heartbeat-interval integer; - hostname ( quoted_string | none ); - http-listener-clients integer; - http-port integer; - http-streams-per-connection integer; - https-port integer; - interface-interval duration; - ipv4only-contact string; - ipv4only-enable boolean; - ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | boolean ); - key-directory quoted_string; - lame-ttl duration; - listen-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - listen-on-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - lmdb-mapsize sizeval; - lock-file ( quoted_string | none ); - managed-keys-directory quoted_string; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses boolean; - max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl duration; - max-clients-per-query integer; - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl duration; - max-records integer; - max-recursion-depth integer; - max-recursion-queries integer; - max-refresh-time integer; - max-retry-time integer; - max-rsa-exponent-size integer; - max-stale-ttl duration; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-udp-size integer; - max-zone-ttl ( unlimited | duration ); - memstatistics boolean; - memstatistics-file quoted_string; - message-compression boolean; - min-cache-ttl duration; - min-ncache-ttl duration; - min-refresh-time integer; - min-retry-time integer; - minimal-any boolean; - minimal-responses ( no-auth | no-auth-recursive | boolean ); - multi-master boolean; - new-zones-directory quoted_string; - no-case-compress { address_match_element; ... }; - nocookie-udp-size integer; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-rate integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-to-soa boolean; - nta-lifetime duration; - nta-recheck duration; - nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - pid-file ( quoted_string | none ); - port integer; - preferred-glue string; - prefetch integer [ integer ]; - provide-ixfr boolean; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - querylog boolean; - random-device ( quoted_string | none ); - rate-limit { - all-per-second integer; - errors-per-second integer; - exempt-clients { address_match_element; ... }; - ipv4-prefix-length integer; - ipv6-prefix-length integer; - log-only boolean; - max-table-size integer; - min-table-size integer; - nodata-per-second integer; - nxdomains-per-second integer; - qps-scale integer; - referrals-per-second integer; - responses-per-second integer; - slip integer; - window integer; - }; - recursing-file quoted_string; - recursion boolean; - recursive-clients integer; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - require-server-cookie boolean; - reserved-sockets integer;// deprecated - resolver-nonbackoff-tries integer; - resolver-query-timeout integer; - resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; - reuseport boolean; - root-delegation-only [ exclude { string; ... } ]; - root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - secroots-file quoted_string; - send-cookie boolean; - serial-query-rate integer; - serial-update-method ( date | increment | unixtime ); - server-id ( quoted_string | none | hostname ); - servfail-ttl duration; - session-keyalg string; - session-keyfile ( quoted_string | none ); - session-keyname string; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stacksize ( default | unlimited | sizeval ); - stale-answer-client-timeout ( disabled | off | integer ); - stale-answer-enable boolean; - stale-answer-ttl duration; - stale-cache-enable boolean; - stale-refresh-time duration; - startup-notify-rate integer; - statistics-file quoted_string; - synth-from-dnssec boolean; - tcp-advertised-timeout integer; - tcp-clients integer; - tcp-idle-timeout integer; - tcp-initial-timeout integer; - tcp-keepalive-timeout integer; - tcp-listen-queue integer; - tcp-receive-buffer integer; - tcp-send-buffer integer; - tkey-dhkey quoted_string integer; - tkey-domain quoted_string; - tkey-gssapi-credential quoted_string; - tkey-gssapi-keytab quoted_string; - tls-port integer; - transfer-format ( many-answers | one-answer ); - transfer-message-size integer; - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers-in integer; - transfers-out integer; - transfers-per-ns integer; - trust-anchor-telemetry boolean; // experimental - try-tcp-refresh boolean; - udp-receive-buffer integer; - udp-send-buffer integer; - update-check-ksk boolean; - use-alt-transfer-source boolean; - use-v4-udp-ports { portrange; ... }; - use-v6-udp-ports { portrange; ... }; - v6-bias integer; - validate-except { string; ... }; - version ( quoted_string | none ); - zero-no-soa-ttl boolean; - zero-no-soa-ttl-cache boolean; - zone-statistics ( full | terse | none | boolean ); - }; - -PARENTAL-AGENTS -^^^^^^^^^^^^^^^ - -:: - - parental-agents string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - -PLUGIN -^^^^^^ - -:: - - plugin ( query ) string [ { unspecified-text } ]; - -PRIMARIES -^^^^^^^^^ - -:: - - primaries string [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - -SERVER -^^^^^^ - -:: - - server netprefix { - bogus boolean; - edns boolean; - edns-udp-size integer; - edns-version integer; - keys server_key; - max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - send-cookie boolean; - tcp-keepalive boolean; - tcp-only boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; - }; - -STATISTICS-CHANNELS -^^^^^^^^^^^^^^^^^^^ - -:: - - statistics-channels { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; - }; - -TLS -^^^ - -:: - - tls string { - ca-file quoted_string; - cert-file quoted_string; - ciphers string; - dhparam-file quoted_string; - key-file quoted_string; - prefer-server-ciphers boolean; - protocols { string; ... }; - remote-hostname quoted_string; - session-tickets boolean; - }; - -TRUST-ANCHORS -^^^^^^^^^^^^^ - -:: - - trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; - -TRUSTED-KEYS -^^^^^^^^^^^^ - -Deprecated - see DNSSEC-KEYS. - -:: - - trusted-keys { string integer integer integer quoted_string; ... };, deprecated - -VIEW -^^^^ - -:: - - view string [ class ] { - allow-new-zones boolean; - allow-notify { address_match_element; ... }; - allow-query { address_match_element; ... }; - allow-query-cache { address_match_element; ... }; - allow-query-cache-on { address_match_element; ... }; - allow-query-on { address_match_element; ... }; - allow-recursion { address_match_element; ... }; - allow-recursion-on { address_match_element; ... }; - allow-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow-update { address_match_element; ... }; - allow-update-forwarding { address_match_element; ... }; - also-notify [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt-transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - attach-cache string; - auth-nxdomain boolean; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone string [ default-primaries [ port integer ] [ dscp integer ] { ( remote-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone-directory quoted_string ] [ in-memory boolean ] [ min-update-interval duration ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity boolean; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check-sibling boolean; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard boolean; - clients-per-query integer; - deny-answer-addresses { address_match_element; ... } [ except-from { string; ... } ]; - deny-answer-aliases { string; ... } [ except-from { string; ... } ]; - dialup ( notify | notify-passive | passive | refresh | boolean ); - disable-algorithms string { string; ... }; - disable-ds-digests string { string; ... }; - disable-empty-zone string; - dlz string { - database string; - search boolean; - }; - dns64 netprefix { - break-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive-only boolean; - suffix ipv6_address; - }; - dns64-contact string; - dns64-server string; - dnskey-sig-validity integer; - dnsrps-enable boolean; - dnsrps-options { unspecified-text }; - dnssec-accept-expired boolean; - dnssec-dnskey-kskonly boolean; - dnssec-loadkeys-interval integer; - dnssec-must-be-secure string boolean; - dnssec-policy string; - dnssec-secure-to-insecure boolean; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dual-stack-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { unspecified-text }; - edns-udp-size integer; - empty-contact string; - empty-server string; - empty-zones-enable boolean; - fetch-quota-params integer fixedpoint fixedpoint fixedpoint; - fetches-per-server integer [ ( drop | fail ) ]; - fetches-per-zone integer [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - ipv4only-contact string; - ipv4only-enable boolean; - ipv4only-server string; - ixfr-from-differences ( primary | master | secondary | slave | boolean ); - key string { - algorithm string; - secret string; - }; - key-directory quoted_string; - lame-ttl duration; - lmdb-mapsize sizeval; - managed-keys { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... };, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { address_match_element; ... }; - match-destinations { address_match_element; ... }; - match-recursive-only boolean; - max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl duration; - max-clients-per-query integer; - max-ixfr-ratio ( unlimited | percentage ); - max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl duration; - max-records integer; - max-recursion-depth integer; - max-recursion-queries integer; - max-refresh-time integer; - max-retry-time integer; - max-stale-ttl duration; - max-transfer-idle-in integer; - max-transfer-idle-out integer; - max-transfer-time-in integer; - max-transfer-time-out integer; - max-udp-size integer; - max-zone-ttl ( unlimited | duration ); - message-compression boolean; - min-cache-ttl duration; - min-ncache-ttl duration; - min-refresh-time integer; - min-retry-time integer; - minimal-any boolean; - minimal-responses ( no-auth | no-auth-recursive | boolean ); - multi-master boolean; - new-zones-directory quoted_string; - no-case-compress { address_match_element; ... }; - nocookie-udp-size integer; - notify ( explicit | master-only | primary-only | boolean ); - notify-delay integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-to-soa boolean; - nta-lifetime duration; - nta-recheck duration; - nxdomain-redirect string; - parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - plugin ( query ) string [ { unspecified-text } ]; - preferred-glue string; - prefetch integer [ integer ]; - provide-ixfr boolean; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - rate-limit { - all-per-second integer; - errors-per-second integer; - exempt-clients { address_match_element; ... }; - ipv4-prefix-length integer; - ipv6-prefix-length integer; - log-only boolean; - max-table-size integer; - min-table-size integer; - nodata-per-second integer; - nxdomains-per-second integer; - qps-scale integer; - referrals-per-second integer; - responses-per-second integer; - slip integer; - window integer; - }; - recursion boolean; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - require-server-cookie boolean; - resolver-nonbackoff-tries integer; - resolver-query-timeout integer; - resolver-retry-interval integer; - response-padding { address_match_element; ... } block-size integer; - response-policy { zone string [ add-soa boolean ] [ log boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ add-soa boolean ] [ break-dnssec boolean ] [ max-policy-ttl duration ] [ min-update-interval duration ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; - root-delegation-only [ exclude { string; ... } ]; - root-key-sentinel boolean; - rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - send-cookie boolean; - serial-update-method ( date | increment | unixtime ); - server netprefix { - bogus boolean; - edns boolean; - edns-udp-size integer; - edns-version integer; - keys server_key; - max-udp-size integer; - notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide-ixfr boolean; - query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request-expire boolean; - request-ixfr boolean; - request-nsid boolean; - send-cookie boolean; - tcp-keepalive boolean; - tcp-only boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; - }; - servfail-ttl duration; - sig-signing-nodes integer; - sig-signing-signatures integer; - sig-signing-type integer; - sig-validity-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stale-answer-client-timeout ( disabled | off | integer ); - stale-answer-enable boolean; - stale-answer-ttl duration; - stale-cache-enable boolean; - stale-refresh-time duration; - synth-from-dnssec boolean; - transfer-format ( many-answers | one-answer ); - transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - trust-anchor-telemetry boolean; // experimental - trust-anchors { string ( static-key | initial-key | static-ds | initial-ds ) integer integer integer quoted_string; ... }; - trusted-keys { string integer integer integer quoted_string; ... };, deprecated - try-tcp-refresh boolean; - update-check-ksk boolean; - use-alt-transfer-source boolean; - v6-bias integer; - validate-except { string; ... }; - zero-no-soa-ttl boolean; - zero-no-soa-ttl-cache boolean; - zone-statistics ( full | terse | none | boolean ); - }; - -ZONE -^^^^ +.. literalinclude:: ../../doc/misc/options Any of these zone statements can also be set inside the view statement. -.. include:: ../../doc/misc/primary.zoneopt.rst -.. include:: ../../doc/misc/secondary.zoneopt.rst -.. include:: ../../doc/misc/mirror.zoneopt.rst -.. include:: ../../doc/misc/forward.zoneopt.rst -.. include:: ../../doc/misc/hint.zoneopt.rst -.. include:: ../../doc/misc/redirect.zoneopt.rst -.. include:: ../../doc/misc/static-stub.zoneopt.rst -.. include:: ../../doc/misc/stub.zoneopt.rst -.. include:: ../../doc/misc/delegation-only.zoneopt.rst -.. include:: ../../doc/misc/in-view.zoneopt.rst +.. literalinclude:: ../../doc/misc/primary.zoneopt +.. literalinclude:: ../../doc/misc/secondary.zoneopt +.. literalinclude:: ../../doc/misc/mirror.zoneopt +.. literalinclude:: ../../doc/misc/forward.zoneopt +.. literalinclude:: ../../doc/misc/hint.zoneopt +.. literalinclude:: ../../doc/misc/redirect.zoneopt +.. literalinclude:: ../../doc/misc/static-stub.zoneopt +.. literalinclude:: ../../doc/misc/stub.zoneopt +.. literalinclude:: ../../doc/misc/delegation-only.zoneopt +.. literalinclude:: ../../doc/misc/in-view.zoneopt Files ~~~~~ diff --git a/doc/arm/Makefile.am b/doc/arm/Makefile.am index 837f748412..3d16b6c953 100644 --- a/doc/arm/Makefile.am +++ b/doc/arm/Makefile.am @@ -67,27 +67,18 @@ EXTRA_DIST = \ _ext/rndcconf.py \ _static/custom.css \ ../dnssec-guide \ - ../misc/acl.grammar.rst \ - ../misc/controls.grammar.rst \ - ../misc/delegation-only.zoneopt.rst \ - ../misc/forward.zoneopt.rst \ - ../misc/hint.zoneopt.rst \ - ../misc/in-view.zoneopt.rst \ - ../misc/key.grammar.rst \ - ../misc/logging.grammar.rst \ - ../misc/managed-keys.grammar.rst \ - ../misc/primary.zoneopt.rst \ - ../misc/mirror.zoneopt.rst \ - ../misc/options.grammar.rst \ - ../misc/parental-agents.grammar.rst \ - ../misc/primaries.grammar.rst \ - ../misc/redirect.zoneopt.rst \ - ../misc/server.grammar.rst \ - ../misc/secondary.zoneopt.rst \ - ../misc/static-stub.zoneopt.rst \ - ../misc/statistics-channels.grammar.rst \ - ../misc/stub.zoneopt.rst \ - ../misc/trusted-keys.grammar.rst \ + ../misc/options \ + ../misc/rndc.grammar \ + ../misc/delegation-only.zoneopt \ + ../misc/forward.zoneopt \ + ../misc/hint.zoneopt \ + ../misc/in-view.zoneopt \ + ../misc/mirror.zoneopt \ + ../misc/primary.zoneopt \ + ../misc/redirect.zoneopt \ + ../misc/secondary.zoneopt \ + ../misc/static-stub.zoneopt \ + ../misc/stub.zoneopt \ ../notes/*.rst html-local: diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index a8e03a92c4..91ba493750 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -427,8 +427,6 @@ configuration. .. namedconf:statement:: acl -.. include:: ../misc/acl.grammar.rst - .. _acl: ``acl`` Statement Definition and Usage @@ -458,8 +456,6 @@ The following ACLs are built-in: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: controls -.. include:: ../misc/controls.grammar.rst - .. _controls_statement_definition_and_usage: ``controls`` Statement Definition and Usage @@ -534,8 +530,6 @@ To disable the command channel, use an empty ``controls`` statement: ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: key -.. include:: ../misc/key.grammar.rst - .. _key_statement: ``key`` Statement Definition and Usage @@ -576,8 +570,6 @@ matching this name, algorithm, and secret. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: logging -.. include:: ../misc/logging.grammar.rst - .. _logging_statement: ``logging`` Statement Definition and Usage @@ -986,8 +978,6 @@ responses such as NXDOMAIN. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: parental-agents -.. include:: ../misc/parental-agents.grammar.rst - .. _parental_agents_statement: ``parental-agents`` Statement Definition and Usage @@ -1004,8 +994,6 @@ change its delegation information (defined in :rfc:`7344`). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: primaries -.. include:: ../misc/primaries.grammar.rst - .. _primaries_statement: ``primaries`` Statement Definition and Usage @@ -1043,8 +1031,6 @@ where ``tls-configuration-name`` refers to a previously defined This is the grammar of the ``options`` statement in the :iscman:`named.conf` file: -.. include:: ../misc/options.grammar.rst - .. _options: ``options`` Statement Definition and Usage @@ -5207,8 +5193,6 @@ redirect zone is tried first. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: server -.. include:: ../misc/server.grammar.rst - .. _server_statement_definition_and_usage: ``server`` Statement Definition and Usage @@ -5314,8 +5298,6 @@ and :namedconf:ref:`options` blocks: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: statistics-channels -.. include:: ../misc/statistics-channels.grammar.rst - .. _statistics_channels: ``statistics-channels`` Statement Definition and Usage @@ -5386,8 +5368,6 @@ statistics), and http://127.0.0.1:8888/json/v1/traffic (traffic sizes). ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: tls -.. include:: ../misc/tls.grammar.rst - ``tls`` Statement Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -5573,8 +5553,6 @@ issues related to shared cryptographic secrets. ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: http -.. include:: ../misc/http.grammar.rst - ``http`` Statement Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -5629,8 +5607,6 @@ all local addresses: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trust-anchors -.. include:: ../misc/trust-anchors.grammar.rst - .. _trust-anchors: ``trust-anchors`` Statement Definition and Usage @@ -5777,8 +5753,6 @@ can be found, the initializing key is also compiled directly into ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: dnssec-policy -.. include:: ../misc/dnssec-policy.grammar.rst - .. _dnssec_policy: ``dnssec-policy`` Statement Definition and Usage @@ -6046,8 +6020,6 @@ The following options apply to DS queries sent to ``parental-agents``: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: managed-keys -.. include:: ../misc/managed-keys.grammar.rst - .. _managed_keys: ``managed-keys`` Statement Definition and Usage @@ -6063,8 +6035,6 @@ with the ``initial-key`` keyword. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trusted-keys -.. include:: ../misc/trusted-keys.grammar.rst - .. _trusted_keys: ``trusted-keys`` Statement Definition and Usage @@ -6187,17 +6157,6 @@ Here is an example of a typical split DNS setup implemented using ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: zone -.. include:: ../misc/primary.zoneopt.rst -.. include:: ../misc/secondary.zoneopt.rst -.. include:: ../misc/mirror.zoneopt.rst -.. include:: ../misc/hint.zoneopt.rst -.. include:: ../misc/stub.zoneopt.rst -.. include:: ../misc/static-stub.zoneopt.rst -.. include:: ../misc/forward.zoneopt.rst -.. include:: ../misc/redirect.zoneopt.rst -.. include:: ../misc/delegation-only.zoneopt.rst -.. include:: ../misc/in-view.zoneopt.rst - .. _zone_statement: ``zone`` Statement Definition and Usage diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index c1d2528102..b537815e9d 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -55,6 +55,7 @@ MANPAGES_RST = \ ../../bin/dnssec/dnssec-settime.rst \ ../../bin/dnssec/dnssec-signzone.rst \ ../../bin/dnssec/dnssec-verify.rst \ + ../../bin/named/named.conf.rst \ ../../bin/named/named.rst \ ../../bin/nsupdate/nsupdate.rst \ ../../bin/plugins/filter-aaaa.rst \ diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 7c94944b43..68ee4e4ee1 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -41,766 +41,614 @@ Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .sp C style: /* */ -.INDENT 0.0 -.INDENT 3.5 +.sp C++ style: // to end of line -.UNINDENT -.UNINDENT .sp Unix style: # to end of line -.SS CONTROLS .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C +acl { ; ... }; // may occur multiple times + controls { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] allow { address_match_element; ... } [ keys { string; ... } ] [ read\-only boolean ]; - unix quoted_string perm integer owner integer group integer [ keys { string; ... } ] [ read\-only boolean ]; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DLZ -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dlz string { - database string; - search boolean; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DNSSEC\-POLICY -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dnssec\-policy string { - dnskey\-ttl duration; - keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime duration_or_unlimited algorithm string [ integer ]; ... }; - max\-zone\-ttl duration; - nsec3param [ iterations integer ] [ optout boolean ] [ salt\-length integer ]; - parent\-ds\-ttl duration; - parent\-propagation\-delay duration; - publish\-safety duration; - purge\-keys duration; - retire\-safety duration; - signatures\-refresh duration; - signatures\-validity duration; - signatures\-validity\-dnskey duration; - zone\-propagation\-delay duration; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS DYNDB -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -dyndb string quoted_string { unspecified\-text }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS HTTP -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -http string { - endpoints { quoted_string; ... }; - listener\-clients integer; - streams\-per\-connection integer; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS KEY -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -key string { - algorithm string; - secret string; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS LOGGING -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read\-only ]; // may occur multiple times + unix perm owner group [ keys { ; ... } ] [ read\-only ]; // may occur multiple times +}; // may occur multiple times + +dlz { + database ; + search ; +}; // may occur multiple times + +dnssec\-policy { + dnskey\-ttl ; + keys { ( csk | ksk | zsk ) [ ( key\-directory ) ] lifetime algorithm [ ]; ... }; + max\-zone\-ttl ; + nsec3param [ iterations ] [ optout ] [ salt\-length ]; + parent\-ds\-ttl ; + parent\-propagation\-delay ; + parent\-registration\-delay ; // obsolete + publish\-safety ; + purge\-keys ; + retire\-safety ; + signatures\-refresh ; + signatures\-validity ; + signatures\-validity\-dnskey ; + zone\-propagation\-delay ; +}; // may occur multiple times + +dyndb { }; // may occur multiple times + +http { + endpoints { ; ... }; + listener\-clients ; + streams\-per\-connection ; +}; // may occur multiple times + +key { + algorithm ; + secret ; +}; // may occur multiple times + logging { - category string { string; ... }; - channel string { - buffered boolean; - file quoted_string [ versions ( unlimited | integer ) ] [ size size ] [ suffix ( increment | timestamp ) ]; - null; - print\-category boolean; - print\-severity boolean; - print\-time ( iso8601 | iso8601\-utc | local | boolean ); - severity log_severity; - stderr; - syslog [ syslog_facility ]; - }; + category { ; ... }; // may occur multiple times + channel { + buffered ; + file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; + null; + print\-category ; + print\-severity ; + print\-time ( iso8601 | iso8601\-utc | local | ); + severity ; + stderr; + syslog [ ]; + }; // may occur multiple times }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS MANAGED\-KEYS -.sp -See DNSSEC\-KEYS. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated -.ft P -.fi -.UNINDENT -.UNINDENT -.SS OPTIONS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + +managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated + options { - allow\-new\-zones boolean; - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-cache { address_match_element; ... }; - allow\-query\-cache\-on { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-recursion { address_match_element; ... }; - allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - answer\-cookie boolean; - attach\-cache string; - auth\-nxdomain boolean; - auto\-dnssec ( allow | maintain | off ); - automatic\-interface\-scan boolean; - avoid\-v4\-udp\-ports { portrange; ... }; - avoid\-v6\-udp\-ports { portrange; ... }; - bindkeys\-file quoted_string; - blackhole { address_match_element; ... }; - catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - clients\-per\-query integer; - cookie\-algorithm ( aes | siphash24 ); - cookie\-secret string; - coresize ( default | unlimited | sizeval ); - datasize ( default | unlimited | sizeval ); - deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - directory quoted_string; - disable\-algorithms string { string; ... }; - disable\-ds\-digests string { string; ... }; - disable\-empty\-zone string; - dns64 netprefix { - break\-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive\-only boolean; - suffix ipv6_address; - }; - dns64\-contact string; - dns64\-server string; - dnskey\-sig\-validity integer; - dnsrps\-enable boolean; - dnsrps\-options { unspecified\-text }; - dnssec\-accept\-expired boolean; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-must\-be\-secure string boolean; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dnstap\-identity ( quoted_string | none | hostname ); - dnstap\-output ( file | unix ) quoted_string [ size ( unlimited | size ) ] [ versions ( unlimited | integer ) ] [ suffix ( increment | timestamp ) ]; - dnstap\-version ( quoted_string | none ); - dscp integer; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dump\-file quoted_string; - edns\-udp\-size integer; - empty\-contact string; - empty\-server string; - empty\-zones\-enable boolean; - fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; - fetches\-per\-server integer [ ( drop | fail ) ]; - fetches\-per\-zone integer [ ( drop | fail ) ]; - files ( default | unlimited | sizeval ); - flush\-zones\-on\-shutdown boolean; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - fstrm\-set\-buffer\-hint integer; - fstrm\-set\-flush\-timeout integer; - fstrm\-set\-input\-queue\-size integer; - fstrm\-set\-output\-notify\-threshold integer; - fstrm\-set\-output\-queue\-model ( mpsc | spsc ); - fstrm\-set\-output\-queue\-size integer; - fstrm\-set\-reopen\-interval duration; - geoip\-directory ( quoted_string | none ); - heartbeat\-interval integer; - hostname ( quoted_string | none ); - http\-listener\-clients integer; - http\-port integer; - http\-streams\-per\-connection integer; - https\-port integer; - interface\-interval duration; - ipv4only\-contact string; - ipv4only\-enable boolean; - ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); - key\-directory quoted_string; - lame\-ttl duration; - listen\-on [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - listen\-on\-v6 [ port integer ] [ dscp integer ] [ tls string ] [ http string ] { address_match_element; ... }; - lmdb\-mapsize sizeval; - lock\-file ( quoted_string | none ); - managed\-keys\-directory quoted_string; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - match\-mapped\-addresses boolean; - max\-cache\-size ( default | unlimited | sizeval | percentage ); - max\-cache\-ttl duration; - max\-clients\-per\-query integer; - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-ncache\-ttl duration; - max\-records integer; - max\-recursion\-depth integer; - max\-recursion\-queries integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-rsa\-exponent\-size integer; - max\-stale\-ttl duration; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-udp\-size integer; - max\-zone\-ttl ( unlimited | duration ); - memstatistics boolean; - memstatistics\-file quoted_string; - message\-compression boolean; - min\-cache\-ttl duration; - min\-ncache\-ttl duration; - min\-refresh\-time integer; - min\-retry\-time integer; - minimal\-any boolean; - minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); - multi\-master boolean; - new\-zones\-directory quoted_string; - no\-case\-compress { address_match_element; ... }; - nocookie\-udp\-size integer; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-rate integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-to\-soa boolean; - nta\-lifetime duration; - nta\-recheck duration; - nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - pid\-file ( quoted_string | none ); - port integer; - preferred\-glue string; - prefetch integer [ integer ]; - provide\-ixfr boolean; - qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - querylog boolean; - random\-device ( quoted_string | none ); - rate\-limit { - all\-per\-second integer; - errors\-per\-second integer; - exempt\-clients { address_match_element; ... }; - ipv4\-prefix\-length integer; - ipv6\-prefix\-length integer; - log\-only boolean; - max\-table\-size integer; - min\-table\-size integer; - nodata\-per\-second integer; - nxdomains\-per\-second integer; - qps\-scale integer; - referrals\-per\-second integer; - responses\-per\-second integer; - slip integer; - window integer; - }; - recursing\-file quoted_string; - recursion boolean; - recursive\-clients integer; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - require\-server\-cookie boolean; - reserved\-sockets integer;// deprecated - resolver\-nonbackoff\-tries integer; - resolver\-query\-timeout integer; - resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size integer; - response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; - reuseport boolean; - root\-delegation\-only [ exclude { string; ... } ]; - root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - secroots\-file quoted_string; - send\-cookie boolean; - serial\-query\-rate integer; - serial\-update\-method ( date | increment | unixtime ); - server\-id ( quoted_string | none | hostname ); - servfail\-ttl duration; - session\-keyalg string; - session\-keyfile ( quoted_string | none ); - session\-keyname string; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stacksize ( default | unlimited | sizeval ); - stale\-answer\-client\-timeout ( disabled | off | integer ); - stale\-answer\-enable boolean; - stale\-answer\-ttl duration; - stale\-cache\-enable boolean; - stale\-refresh\-time duration; - startup\-notify\-rate integer; - statistics\-file quoted_string; - synth\-from\-dnssec boolean; - tcp\-advertised\-timeout integer; - tcp\-clients integer; - tcp\-idle\-timeout integer; - tcp\-initial\-timeout integer; - tcp\-keepalive\-timeout integer; - tcp\-listen\-queue integer; - tcp\-receive\-buffer integer; - tcp\-send\-buffer integer; - tkey\-dhkey quoted_string integer; - tkey\-domain quoted_string; - tkey\-gssapi\-credential quoted_string; - tkey\-gssapi\-keytab quoted_string; - tls\-port integer; - transfer\-format ( many\-answers | one\-answer ); - transfer\-message\-size integer; - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers\-in integer; - transfers\-out integer; - transfers\-per\-ns integer; - trust\-anchor\-telemetry boolean; // experimental - try\-tcp\-refresh boolean; - udp\-receive\-buffer integer; - udp\-send\-buffer integer; - update\-check\-ksk boolean; - use\-alt\-transfer\-source boolean; - use\-v4\-udp\-ports { portrange; ... }; - use\-v6\-udp\-ports { portrange; ... }; - v6\-bias integer; - validate\-except { string; ... }; - version ( quoted_string | none ); - zero\-no\-soa\-ttl boolean; - zero\-no\-soa\-ttl\-cache boolean; - zone\-statistics ( full | terse | none | boolean ); + allow\-new\-zones ; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-cache { ; ... }; + allow\-query\-cache\-on { ; ... }; + allow\-query\-on { ; ... }; + allow\-recursion { ; ... }; + allow\-recursion\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + answer\-cookie ; + attach\-cache ; + auth\-nxdomain ; + auto\-dnssec ( allow | maintain | off ); + automatic\-interface\-scan ; + avoid\-v4\-udp\-ports { ; ... }; + avoid\-v6\-udp\-ports { ; ... }; + bindkeys\-file ; + blackhole { ; ... }; + catalog\-zones { zone [ default\-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + clients\-per\-query ; + cookie\-algorithm ( aes | siphash24 ); + cookie\-secret ; // may occur multiple times + coresize ( default | unlimited | ); + datasize ( default | unlimited | ); + deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; + deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; + dialup ( notify | notify\-passive | passive | refresh | ); + directory ; + disable\-algorithms { ; ... }; // may occur multiple times + disable\-ds\-digests { ; ... }; // may occur multiple times + disable\-empty\-zone ; // may occur multiple times + dns64 { + break\-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive\-only ; + suffix ; + }; // may occur multiple times + dns64\-contact ; + dns64\-server ; + dnskey\-sig\-validity ; + dnsrps\-enable ; // not configured + dnsrps\-options { }; // not configured + dnssec\-accept\-expired ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-must\-be\-secure ; // may occur multiple times + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + dnssec\-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dnstap\-identity ( | none | hostname ); // not configured + dnstap\-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured + dnstap\-version ( | none ); // not configured + dscp ; + dual\-stack\-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dump\-file ; + edns\-udp\-size ; + empty\-contact ; + empty\-server ; + empty\-zones\-enable ; + fetch\-quota\-params ; + fetches\-per\-server [ ( drop | fail ) ]; + fetches\-per\-zone [ ( drop | fail ) ]; + files ( default | unlimited | ); + flush\-zones\-on\-shutdown ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + fstrm\-set\-buffer\-hint ; // not configured + fstrm\-set\-flush\-timeout ; // not configured + fstrm\-set\-input\-queue\-size ; // not configured + fstrm\-set\-output\-notify\-threshold ; // not configured + fstrm\-set\-output\-queue\-model ( mpsc | spsc ); // not configured + fstrm\-set\-output\-queue\-size ; // not configured + fstrm\-set\-reopen\-interval ; // not configured + geoip\-directory ( | none ); + heartbeat\-interval ; + hostname ( | none ); + http\-listener\-clients ; + http\-port ; + http\-streams\-per\-connection ; + https\-port ; + interface\-interval ; + ipv4only\-contact ; + ipv4only\-enable ; + ipv4only\-server ; + ixfr\-from\-differences ( primary | master | secondary | slave | ); + keep\-response\-order { ; ... }; // obsolete + key\-directory ; + lame\-ttl ; + listen\-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + listen\-on\-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times + lmdb\-mapsize ; + lock\-file ( | none ); + managed\-keys\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + match\-mapped\-addresses ; + max\-cache\-size ( default | unlimited | | ); + max\-cache\-ttl ; + max\-clients\-per\-query ; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-ncache\-ttl ; + max\-records ; + max\-recursion\-depth ; + max\-recursion\-queries ; + max\-refresh\-time ; + max\-retry\-time ; + max\-rsa\-exponent\-size ; + max\-stale\-ttl ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + max\-udp\-size ; + max\-zone\-ttl ( unlimited | ); + memstatistics ; + memstatistics\-file ; + message\-compression ; + min\-cache\-ttl ; + min\-ncache\-ttl ; + min\-refresh\-time ; + min\-retry\-time ; + minimal\-any ; + minimal\-responses ( no\-auth | no\-auth\-recursive | ); + multi\-master ; + new\-zones\-directory ; + no\-case\-compress { ; ... }; + nocookie\-udp\-size ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-rate ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + nta\-lifetime ; + nta\-recheck ; + nxdomain\-redirect ; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + pid\-file ( | none ); + port ; + preferred\-glue ; + prefetch [ ]; + provide\-ixfr ; + qname\-minimization ( strict | relaxed | disabled | off ); + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + querylog ; + random\-device ( | none ); + rate\-limit { + all\-per\-second ; + errors\-per\-second ; + exempt\-clients { ; ... }; + ipv4\-prefix\-length ; + ipv6\-prefix\-length ; + log\-only ; + max\-table\-size ; + min\-table\-size ; + nodata\-per\-second ; + nxdomains\-per\-second ; + qps\-scale ; + referrals\-per\-second ; + responses\-per\-second ; + slip ; + window ; + }; + recursing\-file ; + recursion ; + recursive\-clients ; + request\-expire ; + request\-ixfr ; + request\-nsid ; + require\-server\-cookie ; + reserved\-sockets ; // deprecated + resolver\-nonbackoff\-tries ; + resolver\-query\-timeout ; + resolver\-retry\-interval ; + response\-padding { ; ... } block\-size ; + response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; + reuseport ; + root\-delegation\-only [ exclude { ; ... } ]; + root\-key\-sentinel ; + rrset\-order { [ class ] [ type ] [ name ] ; ... }; + secroots\-file ; + send\-cookie ; + serial\-query\-rate ; + serial\-update\-method ( date | increment | unixtime ); + server\-id ( | none | hostname ); + servfail\-ttl ; + session\-keyalg ; + session\-keyfile ( | none ); + session\-keyname ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + sortlist { ; ... }; + stacksize ( default | unlimited | ); + stale\-answer\-client\-timeout ( disabled | off | ); + stale\-answer\-enable ; + stale\-answer\-ttl ; + stale\-cache\-enable ; + stale\-refresh\-time ; + startup\-notify\-rate ; + statistics\-file ; + suppress\-initial\-notify ; // obsolete + synth\-from\-dnssec ; + tcp\-advertised\-timeout ; + tcp\-clients ; + tcp\-idle\-timeout ; + tcp\-initial\-timeout ; + tcp\-keepalive\-timeout ; + tcp\-listen\-queue ; + tcp\-receive\-buffer ; + tcp\-send\-buffer ; + tkey\-dhkey ; + tkey\-domain ; + tkey\-gssapi\-credential ; + tkey\-gssapi\-keytab ; + tls\-port ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-message\-size ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers\-in ; + transfers\-out ; + transfers\-per\-ns ; + trust\-anchor\-telemetry ; // experimental + try\-tcp\-refresh ; + udp\-receive\-buffer ; + udp\-send\-buffer ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + use\-v4\-udp\-ports { ; ... }; + use\-v6\-udp\-ports { ; ... }; + v6\-bias ; + validate\-except { ; ... }; + version ( | none ); + zero\-no\-soa\-ttl ; + zero\-no\-soa\-ttl\-cache ; + zone\-statistics ( full | terse | none | ); }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PARENTAL\-AGENTS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -parental\-agents string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PLUGIN -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -plugin ( query ) string [ { unspecified\-text } ]; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS PRIMARIES -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -primaries string [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS SERVER -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -server netprefix { - bogus boolean; - edns boolean; - edns\-udp\-size integer; - edns\-version integer; - keys server_key; - max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - send\-cookie boolean; - tcp\-keepalive boolean; - tcp\-only boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS STATISTICS\-CHANNELS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C + +parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times + +plugin ( query ) [ { } ]; // may occur multiple times + +primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times + +server { + bogus ; + edns ; + edns\-udp\-size ; + edns\-version ; + keys ; + max\-udp\-size ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide\-ixfr ; + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request\-expire ; + request\-ixfr ; + request\-nsid ; + send\-cookie ; + tcp\-keepalive ; + tcp\-only ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; +}; // may occur multiple times + statistics\-channels { - inet ( ipv4_address | ipv6_address | * ) [ port ( integer | * ) ] [ allow { address_match_element; ... } ]; -}; + inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times +}; // may occur multiple times + +tls { + ca\-file ; + cert\-file ; + ciphers ; + dhparam\-file ; + key\-file ; + prefer\-server\-ciphers ; + protocols { ; ... }; + remote\-hostname ; + session\-tickets ; +}; // may occur multiple times + +trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times + +trusted\-keys { ; ... }; // may occur multiple times, deprecated + +view [ ] { + allow\-new\-zones ; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-cache { ; ... }; + allow\-query\-cache\-on { ; ... }; + allow\-query\-on { ; ... }; + allow\-recursion { ; ... }; + allow\-recursion\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + attach\-cache ; + auth\-nxdomain ; + auto\-dnssec ( allow | maintain | off ); + catalog\-zones { zone [ default\-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone\-directory ] [ in\-memory ] [ min\-update\-interval ]; ... }; + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + clients\-per\-query ; + deny\-answer\-addresses { ; ... } [ except\-from { ; ... } ]; + deny\-answer\-aliases { ; ... } [ except\-from { ; ... } ]; + dialup ( notify | notify\-passive | passive | refresh | ); + disable\-algorithms { ; ... }; // may occur multiple times + disable\-ds\-digests { ; ... }; // may occur multiple times + disable\-empty\-zone ; // may occur multiple times + dlz { + database ; + search ; + }; // may occur multiple times + dns64 { + break\-dnssec ; + clients { ; ... }; + exclude { ; ... }; + mapped { ; ... }; + recursive\-only ; + suffix ; + }; // may occur multiple times + dns64\-contact ; + dns64\-server ; + dnskey\-sig\-validity ; + dnsrps\-enable ; // not configured + dnsrps\-options { }; // not configured + dnssec\-accept\-expired ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-must\-be\-secure ; // may occur multiple times + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + dnssec\-validation ( yes | no | auto ); + dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured + dual\-stack\-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; + dyndb { }; // may occur multiple times + edns\-udp\-size ; + empty\-contact ; + empty\-server ; + empty\-zones\-enable ; + fetch\-quota\-params ; + fetches\-per\-server [ ( drop | fail ) ]; + fetches\-per\-zone [ ( drop | fail ) ]; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + ipv4only\-contact ; + ipv4only\-enable ; + ipv4only\-server ; + ixfr\-from\-differences ( primary | master | secondary | slave | ); + key { + algorithm ; + secret ; + }; // may occur multiple times + key\-directory ; + lame\-ttl ; + lmdb\-mapsize ; + managed\-keys { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times, deprecated + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + match\-clients { ; ... }; + match\-destinations { ; ... }; + match\-recursive\-only ; + max\-cache\-size ( default | unlimited | | ); + max\-cache\-ttl ; + max\-clients\-per\-query ; + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-ncache\-ttl ; + max\-records ; + max\-recursion\-depth ; + max\-recursion\-queries ; + max\-refresh\-time ; + max\-retry\-time ; + max\-stale\-ttl ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + max\-udp\-size ; + max\-zone\-ttl ( unlimited | ); + message\-compression ; + min\-cache\-ttl ; + min\-ncache\-ttl ; + min\-refresh\-time ; + min\-retry\-time ; + minimal\-any ; + minimal\-responses ( no\-auth | no\-auth\-recursive | ); + multi\-master ; + new\-zones\-directory ; + no\-case\-compress { ; ... }; + nocookie\-udp\-size ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + nta\-lifetime ; + nta\-recheck ; + nxdomain\-redirect ; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + plugin ( query ) [ { } ]; // may occur multiple times + preferred\-glue ; + prefetch [ ]; + provide\-ixfr ; + qname\-minimization ( strict | relaxed | disabled | off ); + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + rate\-limit { + all\-per\-second ; + errors\-per\-second ; + exempt\-clients { ; ... }; + ipv4\-prefix\-length ; + ipv6\-prefix\-length ; + log\-only ; + max\-table\-size ; + min\-table\-size ; + nodata\-per\-second ; + nxdomains\-per\-second ; + qps\-scale ; + referrals\-per\-second ; + responses\-per\-second ; + slip ; + window ; + }; + recursion ; + request\-expire ; + request\-ixfr ; + request\-nsid ; + require\-server\-cookie ; + resolver\-nonbackoff\-tries ; + resolver\-query\-timeout ; + resolver\-retry\-interval ; + response\-padding { ; ... } block\-size ; + response\-policy { zone [ add\-soa ] [ log ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only ) ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ]; ... } [ add\-soa ] [ break\-dnssec ] [ max\-policy\-ttl ] [ min\-update\-interval ] [ min\-ns\-dots ] [ nsip\-wait\-recurse ] [ nsdname\-wait\-recurse ] [ qname\-wait\-recurse ] [ recursive\-only ] [ nsip\-enable ] [ nsdname\-enable ] [ dnsrps\-enable ] [ dnsrps\-options { } ]; + root\-delegation\-only [ exclude { ; ... } ]; + root\-key\-sentinel ; + rrset\-order { [ class ] [ type ] [ name ] ; ... }; + send\-cookie ; + serial\-update\-method ( date | increment | unixtime ); + server { + bogus ; + edns ; + edns\-udp\-size ; + edns\-version ; + keys ; + max\-udp\-size ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + padding ; + provide\-ixfr ; + query\-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + query\-source\-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; + request\-expire ; + request\-ixfr ; + request\-nsid ; + send\-cookie ; + tcp\-keepalive ; + tcp\-only ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + transfers ; + }; // may occur multiple times + servfail\-ttl ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + sortlist { ; ... }; + stale\-answer\-client\-timeout ( disabled | off | ); + stale\-answer\-enable ; + stale\-answer\-ttl ; + stale\-cache\-enable ; + stale\-refresh\-time ; + suppress\-initial\-notify ; // obsolete + synth\-from\-dnssec ; + transfer\-format ( many\-answers | one\-answer ); + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + trust\-anchor\-telemetry ; // experimental + trust\-anchors { ( static\-key | initial\-key | static\-ds | initial\-ds ) ; ... }; // may occur multiple times + trusted\-keys { ; ... }; // may occur multiple times, deprecated + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + v6\-bias ; + validate\-except { ; ... }; + zero\-no\-soa\-ttl ; + zero\-no\-soa\-ttl\-cache ; + zone\-statistics ( full | terse | none | ); +}; // may occur multiple times + + .ft P .fi .UNINDENT .UNINDENT -.SS TLS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -tls string { - ca\-file quoted_string; - cert\-file quoted_string; - ciphers string; - dhparam\-file quoted_string; - key\-file quoted_string; - prefer\-server\-ciphers boolean; - protocols { string; ... }; - remote\-hostname quoted_string; - session\-tickets boolean; -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS TRUST\-ANCHORS -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS TRUSTED\-KEYS -.sp -Deprecated \- see DNSSEC\-KEYS. -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -trusted\-keys { string integer integer integer quoted_string; ... };, deprecated -.ft P -.fi -.UNINDENT -.UNINDENT -.SS VIEW -.INDENT 0.0 -.INDENT 3.5 -.sp -.nf -.ft C -view string [ class ] { - allow\-new\-zones boolean; - allow\-notify { address_match_element; ... }; - allow\-query { address_match_element; ... }; - allow\-query\-cache { address_match_element; ... }; - allow\-query\-cache\-on { address_match_element; ... }; - allow\-query\-on { address_match_element; ... }; - allow\-recursion { address_match_element; ... }; - allow\-recursion\-on { address_match_element; ... }; - allow\-transfer [ port integer ] [ transport string ] { address_match_element; ... }; - allow\-update { address_match_element; ... }; - allow\-update\-forwarding { address_match_element; ... }; - also\-notify [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... }; - alt\-transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - alt\-transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - attach\-cache string; - auth\-nxdomain boolean; - auto\-dnssec ( allow | maintain | off ); - catalog\-zones { zone string [ default\-primaries [ port integer ] [ dscp integer ] { ( remote\-servers | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ] [ tls string ]; ... } ] [ zone\-directory quoted_string ] [ in\-memory boolean ] [ min\-update\-interval duration ]; ... }; - check\-dup\-records ( fail | warn | ignore ); - check\-integrity boolean; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check\-sibling boolean; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard boolean; - clients\-per\-query integer; - deny\-answer\-addresses { address_match_element; ... } [ except\-from { string; ... } ]; - deny\-answer\-aliases { string; ... } [ except\-from { string; ... } ]; - dialup ( notify | notify\-passive | passive | refresh | boolean ); - disable\-algorithms string { string; ... }; - disable\-ds\-digests string { string; ... }; - disable\-empty\-zone string; - dlz string { - database string; - search boolean; - }; - dns64 netprefix { - break\-dnssec boolean; - clients { address_match_element; ... }; - exclude { address_match_element; ... }; - mapped { address_match_element; ... }; - recursive\-only boolean; - suffix ipv6_address; - }; - dns64\-contact string; - dns64\-server string; - dnskey\-sig\-validity integer; - dnsrps\-enable boolean; - dnsrps\-options { unspecified\-text }; - dnssec\-accept\-expired boolean; - dnssec\-dnskey\-kskonly boolean; - dnssec\-loadkeys\-interval integer; - dnssec\-must\-be\-secure string boolean; - dnssec\-policy string; - dnssec\-secure\-to\-insecure boolean; - dnssec\-update\-mode ( maintain | no\-resign ); - dnssec\-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dual\-stack\-servers [ port integer ] { ( quoted_string [ port integer ] [ dscp integer ] | ipv4_address [ port integer ] [ dscp integer ] | ipv6_address [ port integer ] [ dscp integer ] ); ... }; - dyndb string quoted_string { unspecified\-text }; - edns\-udp\-size integer; - empty\-contact string; - empty\-server string; - empty\-zones\-enable boolean; - fetch\-quota\-params integer fixedpoint fixedpoint fixedpoint; - fetches\-per\-server integer [ ( drop | fail ) ]; - fetches\-per\-zone integer [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port integer ] [ dscp integer ] { ( ipv4_address | ipv6_address ) [ port integer ] [ dscp integer ]; ... }; - ipv4only\-contact string; - ipv4only\-enable boolean; - ipv4only\-server string; - ixfr\-from\-differences ( primary | master | secondary | slave | boolean ); - key string { - algorithm string; - secret string; - }; - key\-directory quoted_string; - lame\-ttl duration; - lmdb\-mapsize sizeval; - managed\-keys { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... };, deprecated - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - match\-clients { address_match_element; ... }; - match\-destinations { address_match_element; ... }; - match\-recursive\-only boolean; - max\-cache\-size ( default | unlimited | sizeval | percentage ); - max\-cache\-ttl duration; - max\-clients\-per\-query integer; - max\-ixfr\-ratio ( unlimited | percentage ); - max\-journal\-size ( default | unlimited | sizeval ); - max\-ncache\-ttl duration; - max\-records integer; - max\-recursion\-depth integer; - max\-recursion\-queries integer; - max\-refresh\-time integer; - max\-retry\-time integer; - max\-stale\-ttl duration; - max\-transfer\-idle\-in integer; - max\-transfer\-idle\-out integer; - max\-transfer\-time\-in integer; - max\-transfer\-time\-out integer; - max\-udp\-size integer; - max\-zone\-ttl ( unlimited | duration ); - message\-compression boolean; - min\-cache\-ttl duration; - min\-ncache\-ttl duration; - min\-refresh\-time integer; - min\-retry\-time integer; - minimal\-any boolean; - minimal\-responses ( no\-auth | no\-auth\-recursive | boolean ); - multi\-master boolean; - new\-zones\-directory quoted_string; - no\-case\-compress { address_match_element; ... }; - nocookie\-udp\-size integer; - notify ( explicit | master\-only | primary\-only | boolean ); - notify\-delay integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-to\-soa boolean; - nta\-lifetime duration; - nta\-recheck duration; - nxdomain\-redirect string; - parental\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - parental\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - plugin ( query ) string [ { unspecified\-text } ]; - preferred\-glue string; - prefetch integer [ integer ]; - provide\-ixfr boolean; - qname\-minimization ( strict | relaxed | disabled | off ); - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - rate\-limit { - all\-per\-second integer; - errors\-per\-second integer; - exempt\-clients { address_match_element; ... }; - ipv4\-prefix\-length integer; - ipv6\-prefix\-length integer; - log\-only boolean; - max\-table\-size integer; - min\-table\-size integer; - nodata\-per\-second integer; - nxdomains\-per\-second integer; - qps\-scale integer; - referrals\-per\-second integer; - responses\-per\-second integer; - slip integer; - window integer; - }; - recursion boolean; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - require\-server\-cookie boolean; - resolver\-nonbackoff\-tries integer; - resolver\-query\-timeout integer; - resolver\-retry\-interval integer; - response\-padding { address_match_element; ... } block\-size integer; - response\-policy { zone string [ add\-soa boolean ] [ log boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ policy ( cname | disabled | drop | given | no\-op | nodata | nxdomain | passthru | tcp\-only quoted_string ) ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ]; ... } [ add\-soa boolean ] [ break\-dnssec boolean ] [ max\-policy\-ttl duration ] [ min\-update\-interval duration ] [ min\-ns\-dots integer ] [ nsip\-wait\-recurse boolean ] [ nsdname\-wait\-recurse boolean ] [ qname\-wait\-recurse boolean ] [ recursive\-only boolean ] [ nsip\-enable boolean ] [ nsdname\-enable boolean ] [ dnsrps\-enable boolean ] [ dnsrps\-options { unspecified\-text } ]; - root\-delegation\-only [ exclude { string; ... } ]; - root\-key\-sentinel boolean; - rrset\-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; - send\-cookie boolean; - serial\-update\-method ( date | increment | unixtime ); - server netprefix { - bogus boolean; - edns boolean; - edns\-udp\-size integer; - edns\-version integer; - keys server_key; - max\-udp\-size integer; - notify\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - notify\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - padding integer; - provide\-ixfr boolean; - query\-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - query\-source\-v6 ( ( [ address ] ( ipv6_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; - request\-expire boolean; - request\-ixfr boolean; - request\-nsid boolean; - send\-cookie boolean; - tcp\-keepalive boolean; - tcp\-only boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfers integer; - }; - servfail\-ttl duration; - sig\-signing\-nodes integer; - sig\-signing\-signatures integer; - sig\-signing\-type integer; - sig\-validity\-interval integer [ integer ]; - sortlist { address_match_element; ... }; - stale\-answer\-client\-timeout ( disabled | off | integer ); - stale\-answer\-enable boolean; - stale\-answer\-ttl duration; - stale\-cache\-enable boolean; - stale\-refresh\-time duration; - synth\-from\-dnssec boolean; - transfer\-format ( many\-answers | one\-answer ); - transfer\-source ( ipv4_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - transfer\-source\-v6 ( ipv6_address | * ) [ port ( integer | * ) ] [ dscp integer ]; - trust\-anchor\-telemetry boolean; // experimental - trust\-anchors { string ( static\-key | initial\-key | static\-ds | initial\-ds ) integer integer integer quoted_string; ... }; - trusted\-keys { string integer integer integer quoted_string; ... };, deprecated - try\-tcp\-refresh boolean; - update\-check\-ksk boolean; - use\-alt\-transfer\-source boolean; - v6\-bias integer; - validate\-except { string; ... }; - zero\-no\-soa\-ttl boolean; - zero\-no\-soa\-ttl\-cache boolean; - zone\-statistics ( full | terse | none | boolean ); -}; -.ft P -.fi -.UNINDENT -.UNINDENT -.SS ZONE .sp Any of these zone statements can also be set inside the view statement. .INDENT 0.0 @@ -809,66 +657,68 @@ Any of these zone statements can also be set inside the view statement. .nf .ft C zone [ ] { - type primary; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto\-dnssec ( allow | maintain | off ); - check\-dup\-records ( fail | warn | ignore ); - check\-integrity ; - check\-mx ( fail | warn | ignore ); - check\-mx\-cname ( fail | warn | ignore ); - check\-names ( fail | warn | ignore ); - check\-sibling ; - check\-spf ( warn | ignore ); - check\-srv\-cname ( fail | warn | ignore ); - check\-wildcard ; - database ; - dialup ( notify | notify\-passive | passive | refresh | ); - dlz ; - dnskey\-sig\-validity ; - dnssec\-dnskey\-kskonly ; - dnssec\-loadkeys\-interval ; - dnssec\-policy ; - dnssec\-secure\-to\-insecure ; - dnssec\-update\-mode ( maintain | no\-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline\-signing ; - ixfr\-from\-differences ; - journal ; - key\-directory ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-out ; - max\-zone\-ttl ( unlimited | ); - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-to\-soa ; - parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - serial\-update\-method ( date | increment | unixtime ); - sig\-signing\-nodes ; - sig\-signing\-signatures ; - sig\-signing\-type ; - sig\-validity\-interval [ ]; - update\-check\-ksk ; - update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type primary; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-dup\-records ( fail | warn | ignore ); + check\-integrity ; + check\-mx ( fail | warn | ignore ); + check\-mx\-cname ( fail | warn | ignore ); + check\-names ( fail | warn | ignore ); + check\-sibling ; + check\-spf ( warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + check\-wildcard ; + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-secure\-to\-insecure ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-out ; + max\-zone\-ttl ( unlimited | ); + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + serial\-update\-method ( date | increment | unixtime ); + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + update\-check\-ksk ; + update\-policy ( local | { ( deny | grant ) ( 6to4\-self | external | krb5\-self | krb5\-selfsub | krb5\-subdomain | krb5\-subdomain\-self\-rhs | ms\-self | ms\-selfsub | ms\-subdomain | ms\-subdomain\-self\-rhs | name | self | selfsub | selfwild | subdomain | tcp\-self | wildcard | zonesub ) [ ] ; ... }; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -879,69 +729,71 @@ zone [ ] { .nf .ft C zone [ ] { - type secondary; - allow\-notify { ; ... }; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update\-forwarding { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto\-dnssec ( allow | maintain | off ); - check\-names ( fail | warn | ignore ); - database ; - dialup ( notify | notify\-passive | passive | refresh | ); - dlz ; - dnskey\-sig\-validity ; - dnssec\-dnskey\-kskonly ; - dnssec\-loadkeys\-interval ; - dnssec\-policy ; - dnssec\-update\-mode ( maintain | no\-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline\-signing ; - ixfr\-from\-differences ; - journal ; - key\-directory ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-in ; - max\-transfer\-time\-out ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-to\-soa ; - parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request\-expire ; - request\-ixfr ; - sig\-signing\-nodes ; - sig\-signing\-signatures ; - sig\-signing\-type ; - sig\-validity\-interval [ ]; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try\-tcp\-refresh ; - update\-check\-ksk ; - use\-alt\-transfer\-source ; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type secondary; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + auto\-dnssec ( allow | maintain | off ); + check\-names ( fail | warn | ignore ); + database ; + dialup ( notify | notify\-passive | passive | refresh | ); + dlz ; + dnskey\-sig\-validity ; + dnssec\-dnskey\-kskonly ; + dnssec\-loadkeys\-interval ; + dnssec\-policy ; + dnssec\-update\-mode ( maintain | no\-resign ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + inline\-signing ; + ixfr\-from\-differences ; + journal ; + key\-directory ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-to\-soa ; + nsec3\-test\-zone ; // test only + parental\-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + parental\-source ( | * ) [ port ( | * ) ] [ dscp ]; + parental\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + sig\-signing\-nodes ; + sig\-signing\-signatures ; + sig\-signing\-type ; + sig\-validity\-interval [ ]; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + update\-check\-ksk ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -952,48 +804,49 @@ zone [ ] { .nf .ft C zone [ ] { - type mirror; - allow\-notify { ; ... }; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - allow\-transfer [ port ] [ transport ] { ; ... }; - allow\-update\-forwarding { ; ... }; - also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - check\-names ( fail | warn | ignore ); - database ; - file ; - ixfr\-from\-differences ; - journal ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-ixfr\-ratio ( unlimited | ); - max\-journal\-size ( default | unlimited | ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-idle\-out ; - max\-transfer\-time\-in ; - max\-transfer\-time\-out ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - notify ( explicit | master\-only | primary\-only | ); - notify\-delay ; - notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request\-expire ; - request\-ixfr ; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try\-tcp\-refresh ; - use\-alt\-transfer\-source ; - zero\-no\-soa\-ttl ; - zone\-statistics ( full | terse | none | ); + type mirror; + allow\-notify { ; ... }; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + allow\-transfer [ port ] [ transport ] { ; ... }; + allow\-update\-forwarding { ; ... }; + also\-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + alt\-transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + alt\-transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + check\-names ( fail | warn | ignore ); + database ; + file ; + ixfr\-from\-differences ; + journal ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-ixfr\-ratio ( unlimited | ); + max\-journal\-size ( default | unlimited | ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-idle\-out ; + max\-transfer\-time\-in ; + max\-transfer\-time\-out ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + notify ( explicit | master\-only | primary\-only | ); + notify\-delay ; + notify\-source ( | * ) [ port ( | * ) ] [ dscp ]; + notify\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + request\-expire ; + request\-ixfr ; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + try\-tcp\-refresh ; + use\-alt\-transfer\-source ; + zero\-no\-soa\-ttl ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1004,11 +857,12 @@ zone [ ] { .nf .ft C zone [ ] { - type forward; - delegation\-only ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + type forward; + delegation\-only ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; }; + .ft P .fi .UNINDENT @@ -1019,11 +873,12 @@ zone [ ] { .nf .ft C zone [ ] { - type hint; - check\-names ( fail | warn | ignore ); - delegation\-only ; - file ; + type hint; + check\-names ( fail | warn | ignore ); + delegation\-only ; + file ; }; + .ft P .fi .UNINDENT @@ -1034,18 +889,19 @@ zone [ ] { .nf .ft C zone [ ] { - type redirect; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - dlz ; - file ; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-records ; - max\-zone\-ttl ( unlimited | ); - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - zone\-statistics ( full | terse | none | ); + type redirect; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + dlz ; + file ; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-zone\-ttl ( unlimited | ); + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1056,16 +912,17 @@ zone [ ] { .nf .ft C zone [ ] { - type static\-stub; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - max\-records ; - server\-addresses { ( | ); ... }; - server\-names { ; ... }; - zone\-statistics ( full | terse | none | ); + type static\-stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + max\-records ; + server\-addresses { ( | ); ... }; + server\-names { ; ... }; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1076,32 +933,33 @@ zone [ ] { .nf .ft C zone [ ] { - type stub; - allow\-query { ; ... }; - allow\-query\-on { ; ... }; - check\-names ( fail | warn | ignore ); - database ; - delegation\-only ; - dialup ( notify | notify\-passive | passive | refresh | ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - masterfile\-format ( raw | text ); - masterfile\-style ( full | relative ); - max\-records ; - max\-refresh\-time ; - max\-retry\-time ; - max\-transfer\-idle\-in ; - max\-transfer\-time\-in ; - min\-refresh\-time ; - min\-retry\-time ; - multi\-master ; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - use\-alt\-transfer\-source ; - zone\-statistics ( full | terse | none | ); + type stub; + allow\-query { ; ... }; + allow\-query\-on { ; ... }; + check\-names ( fail | warn | ignore ); + database ; + delegation\-only ; + dialup ( notify | notify\-passive | passive | refresh | ); + file ; + forward ( first | only ); + forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; + masterfile\-format ( raw | text ); + masterfile\-style ( full | relative ); + max\-records ; + max\-refresh\-time ; + max\-retry\-time ; + max\-transfer\-idle\-in ; + max\-transfer\-time\-in ; + min\-refresh\-time ; + min\-retry\-time ; + multi\-master ; + primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; + transfer\-source ( | * ) [ port ( | * ) ] [ dscp ]; + transfer\-source\-v6 ( | * ) [ port ( | * ) ] [ dscp ]; + use\-alt\-transfer\-source ; + zone\-statistics ( full | terse | none | ); }; + .ft P .fi .UNINDENT @@ -1112,8 +970,9 @@ zone [ ] { .nf .ft C zone [ ] { - type delegation\-only; + type delegation\-only; }; + .ft P .fi .UNINDENT @@ -1124,8 +983,9 @@ zone [ ] { .nf .ft C zone [ ] { - in\-view ; + in\-view ; }; + .ft P .fi .UNINDENT diff --git a/doc/misc/Makefile.am b/doc/misc/Makefile.am index acd0151cff..8d7c80d9c4 100644 --- a/doc/misc/Makefile.am +++ b/doc/misc/Makefile.am @@ -4,7 +4,6 @@ include $(top_srcdir)/Makefile.docs OPTIONS_FILES = \ rndc.grammar \ options \ - options.active \ primary.zoneopt \ secondary.zoneopt \ mirror.zoneopt \ @@ -14,42 +13,12 @@ OPTIONS_FILES = \ static-stub.zoneopt \ redirect.zoneopt \ delegation-only.zoneopt \ - in-view.zoneopt \ - ../../bin/named/named.conf.rst \ - primary.zoneopt.rst \ - secondary.zoneopt.rst \ - mirror.zoneopt.rst \ - forward.zoneopt.rst \ - hint.zoneopt.rst \ - stub.zoneopt.rst \ - static-stub.zoneopt.rst \ - redirect.zoneopt.rst \ - delegation-only.zoneopt.rst \ - in-view.zoneopt.rst \ - acl.grammar.rst \ - controls.grammar.rst \ - dnssec-policy.grammar.rst \ - key.grammar.rst \ - logging.grammar.rst \ - primaries.grammar.rst \ - options.grammar.rst \ - server.grammar.rst \ - statistics-channels.grammar.rst \ - tls.grammar.rst \ - trust-anchors.grammar.rst \ - managed-keys.grammar.rst \ - trusted-keys.grammar.rst \ - http.grammar.rst \ - parental-agents.grammar.rst + in-view.zoneopt EXTRA_DIST = \ $(OPTIONS_FILES) \ checkgrammar.py \ - format-options.pl \ parsegrammar.py \ - rst-grammars.pl \ - rst-options.pl \ - rst-zoneopt.pl \ sort-options.pl if MAINTAINER_MODE @@ -78,115 +47,34 @@ rndc.grammar: cfg_test options: cfg_test $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@ -options.active: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl > $@ - primary.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary > $@ secondary.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary > $@ mirror.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror > $@ forward.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward > $@ hint.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint > $@ stub.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub > $@ static-stub.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub > $@ redirect.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect > $@ delegation-only.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only --active > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only > $@ in-view.zoneopt: cfg_test - $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@ - -../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst - $(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@ - -primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl primary.zoneopt > $@ - -secondary.zoneopt.rst: secondary.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl secondary.zoneopt > $@ - -mirror.zoneopt.rst: mirror.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl mirror.zoneopt > $@ - -forward.zoneopt.rst: forward.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl forward.zoneopt > $@ - -hint.zoneopt.rst: hint.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl hint.zoneopt > $@ - -stub.zoneopt.rst: stub.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl stub.zoneopt > $@ - -static-stub.zoneopt.rst: static-stub.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl static-stub.zoneopt > $@ - -redirect.zoneopt.rst: redirect.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl redirect.zoneopt > $@ - -delegation-only.zoneopt.rst: delegation-only.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl delegation-only.zoneopt > $@ - -in-view.zoneopt.rst: in-view.zoneopt rst-zoneopt.pl - $(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl in-view.zoneopt > $@ - -acl.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active acl > $@ - -controls.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active controls > $@ - -dnssec-policy.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active dnssec-policy > $@ - -key.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active key > $@ - -logging.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active logging > $@ - -primaries.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active primaries > $@ - -options.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active options > $@ - -server.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active server > $@ - -statistics-channels.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active statistics-channels > $@ - -tls.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active tls > $@ - -trust-anchors.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trust-anchors > $@ - -managed-keys.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active managed-keys > $@ - -trusted-keys.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trusted-keys > $@ - -http.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active http > $@ - -parental-agents.grammar.rst: options.active rst-grammars.pl - $(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active parental-agents > $@ + $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view > $@ endif diff --git a/doc/misc/acl.grammar.rst b/doc/misc/acl.grammar.rst deleted file mode 100644 index fb57865687..0000000000 --- a/doc/misc/acl.grammar.rst +++ /dev/null @@ -1,13 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - diff --git a/doc/misc/controls.grammar.rst b/doc/misc/controls.grammar.rst deleted file mode 100644 index 0f2ec38d8e..0000000000 --- a/doc/misc/controls.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - controls { - inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; - unix perm owner group [ keys { ; ... } ] [ read-only ]; - }; diff --git a/doc/misc/delegation-only.zoneopt.rst b/doc/misc/delegation-only.zoneopt.rst deleted file mode 100644 index 2a262d14f2..0000000000 --- a/doc/misc/delegation-only.zoneopt.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type delegation-only; - }; diff --git a/doc/misc/dnssec-policy.grammar.rst b/doc/misc/dnssec-policy.grammar.rst deleted file mode 100644 index da56f07770..0000000000 --- a/doc/misc/dnssec-policy.grammar.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; - }; diff --git a/doc/misc/format-options.pl b/doc/misc/format-options.pl deleted file mode 100644 index 6447b4976d..0000000000 --- a/doc/misc/format-options.pl +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use Getopt::Long; - -my $strip_not_configured = ''; - -GetOptions ('strip-not-configured' => \$strip_not_configured); - -print <) { - chomp; - s/\t/ /g; - my $line = $_; - m!^( *)!; - my $indent = $1; - my $comment = ""; - $line =~ s! // not configured,! //! if $strip_not_configured; - $line =~ s! // not configured!! if $strip_not_configured; - if ( $line =~ m!//.*! ) { - $comment = $&; - $line =~ s!//.*!!; - } - my $start = ""; - while (length($line) >= 79 - length($comment)) { - $_ = $line; - # this makes sure that the comment has something in front of it - $len = 75 - length($comment); - m!^(.{0,$len}) (.*)$!; - $start = $start.$1."\n"; - $line = $indent." ".$2; - } - print $start.$line.$comment."\n"; -} diff --git a/doc/misc/forward.zoneopt.rst b/doc/misc/forward.zoneopt.rst deleted file mode 100644 index 3ced3ac356..0000000000 --- a/doc/misc/forward.zoneopt.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type forward; - delegation-only ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - }; diff --git a/doc/misc/hint.zoneopt.rst b/doc/misc/hint.zoneopt.rst deleted file mode 100644 index 998e66240c..0000000000 --- a/doc/misc/hint.zoneopt.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type hint; - check-names ( fail | warn | ignore ); - delegation-only ; - file ; - }; diff --git a/doc/misc/http.grammar.rst b/doc/misc/http.grammar.rst deleted file mode 100644 index 89f0457011..0000000000 --- a/doc/misc/http.grammar.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; - }; diff --git a/doc/misc/in-view.zoneopt.rst b/doc/misc/in-view.zoneopt.rst deleted file mode 100644 index df1a587307..0000000000 --- a/doc/misc/in-view.zoneopt.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - in-view ; - }; diff --git a/doc/misc/key.grammar.rst b/doc/misc/key.grammar.rst deleted file mode 100644 index a417997a72..0000000000 --- a/doc/misc/key.grammar.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - key { - algorithm ; - secret ; - }; diff --git a/doc/misc/logging.grammar.rst b/doc/misc/logging.grammar.rst deleted file mode 100644 index 19986ece88..0000000000 --- a/doc/misc/logging.grammar.rst +++ /dev/null @@ -1,27 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - logging { - category { ; ... }; - channel { - buffered ; - file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; - }; diff --git a/doc/misc/managed-keys.grammar.rst b/doc/misc/managed-keys.grammar.rst deleted file mode 100644 index 4393184d7d..0000000000 --- a/doc/misc/managed-keys.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... };, deprecated diff --git a/doc/misc/mirror.zoneopt.rst b/doc/misc/mirror.zoneopt.rst deleted file mode 100644 index 6262f4b712..0000000000 --- a/doc/misc/mirror.zoneopt.rst +++ /dev/null @@ -1,56 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type mirror; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - check-names ( fail | warn | ignore ); - database ; - file ; - ixfr-from-differences ; - journal ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request-expire ; - request-ixfr ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try-tcp-refresh ; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/options.active b/doc/misc/options.active deleted file mode 100644 index b6d61d153e..0000000000 --- a/doc/misc/options.active +++ /dev/null @@ -1,588 +0,0 @@ -acl { ; ... }; // may occur multiple times - -controls { - inet ( | | * ) [ port ( | * ) ] allow { ; ... } [ keys { ; ... } ] [ read-only ]; // may occur multiple times - unix perm owner group [ keys { ; ... } ] [ read-only ]; // may occur multiple times -}; // may occur multiple times - -dlz { - database ; - search ; -}; // may occur multiple times - -dnssec-policy { - dnskey-ttl ; - keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime algorithm [ ]; ... }; - max-zone-ttl ; - nsec3param [ iterations ] [ optout ] [ salt-length ]; - parent-ds-ttl ; - parent-propagation-delay ; - publish-safety ; - purge-keys ; - retire-safety ; - signatures-refresh ; - signatures-validity ; - signatures-validity-dnskey ; - zone-propagation-delay ; -}; // may occur multiple times - -dyndb { }; // may occur multiple times - -http { - endpoints { ; ... }; - listener-clients ; - streams-per-connection ; -}; // may occur multiple times - -key { - algorithm ; - secret ; -}; // may occur multiple times - -logging { - category { ; ... }; // may occur multiple times - channel { - buffered ; - file [ versions ( unlimited | ) ] [ size ] [ suffix ( increment | timestamp ) ]; - null; - print-category ; - print-severity ; - print-time ( iso8601 | iso8601-utc | local | ); - severity ; - stderr; - syslog [ ]; - }; // may occur multiple times -}; - -managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated - -options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; // may occur multiple times - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; ... }; // may occur multiple times - disable-ds-digests { ; ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; // not configured - dnsrps-options { }; // not configured - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured - dnstap-identity ( | none | hostname ); // not configured - dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; // not configured - dnstap-version ( | none ); // not configured - dscp ; - dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; // not configured - fstrm-set-flush-timeout ; // not configured - fstrm-set-input-queue-size ; // not configured - fstrm-set-output-notify-threshold ; // not configured - fstrm-set-output-queue-model ( mpsc | spsc ); // not configured - fstrm-set-output-queue-size ; // not configured - fstrm-set-reopen-interval ; // not configured - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | ); - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times - listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; // may occur multiple times - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size ; - response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); -}; - -parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times - -plugin ( query ) [ { } ]; // may occur multiple times - -primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; // may occur multiple times - -server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers ; -}; // may occur multiple times - -statistics-channels { - inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; // may occur multiple times -}; // may occur multiple times - -tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; -}; // may occur multiple times - -trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times - -trusted-keys { ; ... }; // may occur multiple times, deprecated - -view [ ] { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - deny-answer-addresses { ; ... } [ except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... } ]; - dialup ( notify | notify-passive | passive | refresh | ); - disable-algorithms { ; ... }; // may occur multiple times - disable-ds-digests { ; ... }; // may occur multiple times - disable-empty-zone ; // may occur multiple times - dlz { - database ; - search ; - }; // may occur multiple times - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; // may occur multiple times - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; // not configured - dnsrps-options { }; // not configured - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; // may occur multiple times - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured - dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; - dyndb { }; // may occur multiple times - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | ); - key { - algorithm ; - secret ; - }; // may occur multiple times - key-directory ; - lame-ttl ; - lmdb-mapsize ; - managed-keys { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times, deprecated - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-clients { ; ... }; - match-destinations { ; ... }; - match-recursive-only ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - plugin ( query ) [ { } ]; // may occur multiple times - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursion ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size ; - response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name ] ; ... }; - send-cookie ; - serial-update-method ( date | increment | unixtime ); - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers ; - }; // may occur multiple times - servfail-ttl ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - synth-from-dnssec ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - trust-anchor-telemetry ; // experimental - trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; // may occur multiple times - trusted-keys { ; ... }; // may occur multiple times, deprecated - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - v6-bias ; - validate-except { ; ... }; - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); -}; // may occur multiple times - diff --git a/doc/misc/options.grammar.rst b/doc/misc/options.grammar.rst deleted file mode 100644 index b930acc843..0000000000 --- a/doc/misc/options.grammar.rst +++ /dev/null @@ -1,272 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - options { - allow-new-zones ; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-cache { ; ... }; - allow-query-cache-on { ; ... }; - allow-query-on { ; ... }; - allow-recursion { ; ... }; - allow-recursion-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - answer-cookie ; - attach-cache ; - auth-nxdomain ; - auto-dnssec ( allow | maintain | off ); - automatic-interface-scan ; - avoid-v4-udp-ports { ; ... }; - avoid-v6-udp-ports { ; ... }; - bindkeys-file ; - blackhole { ; ... }; - catalog-zones { zone [ default-primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... } ] [ zone-directory ] [ in-memory ] [ min-update-interval ]; ... }; - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - clients-per-query ; - cookie-algorithm ( aes | siphash24 ); - cookie-secret ; - coresize ( default | unlimited | ); - datasize ( default | unlimited | ); - deny-answer-addresses { ; ... } [ except-from { ; ... } ]; - deny-answer-aliases { ; ... } [ except-from { ; ... } ]; - dialup ( notify | notify-passive | passive | refresh | ); - directory ; - disable-algorithms { ; ... }; - disable-ds-digests { ; ... }; - disable-empty-zone ; - dns64 { - break-dnssec ; - clients { ; ... }; - exclude { ; ... }; - mapped { ; ... }; - recursive-only ; - suffix ; - }; - dns64-contact ; - dns64-server ; - dnskey-sig-validity ; - dnsrps-enable ; - dnsrps-options { }; - dnssec-accept-expired ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-must-be-secure ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - dnssec-validation ( yes | no | auto ); - dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; - dnstap-identity ( | none | hostname ); - dnstap-output ( file | unix ) [ size ( unlimited | ) ] [ versions ( unlimited | ) ] [ suffix ( increment | timestamp ) ]; - dnstap-version ( | none ); - dscp ; - dual-stack-servers [ port ] { ( [ port ] [ dscp ] | [ port ] [ dscp ] | [ port ] [ dscp ] ); ... }; - dump-file ; - edns-udp-size ; - empty-contact ; - empty-server ; - empty-zones-enable ; - fetch-quota-params ; - fetches-per-server [ ( drop | fail ) ]; - fetches-per-zone [ ( drop | fail ) ]; - files ( default | unlimited | ); - flush-zones-on-shutdown ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - fstrm-set-buffer-hint ; - fstrm-set-flush-timeout ; - fstrm-set-input-queue-size ; - fstrm-set-output-notify-threshold ; - fstrm-set-output-queue-model ( mpsc | spsc ); - fstrm-set-output-queue-size ; - fstrm-set-reopen-interval ; - geoip-directory ( | none ); - heartbeat-interval ; - hostname ( | none ); - http-listener-clients ; - http-port ; - http-streams-per-connection ; - https-port ; - interface-interval ; - ipv4only-contact ; - ipv4only-enable ; - ipv4only-server ; - ixfr-from-differences ( primary | master | secondary | slave | ); - key-directory ; - lame-ttl ; - listen-on [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; - listen-on-v6 [ port ] [ dscp ] [ tls ] [ http ] { ; ... }; - lmdb-mapsize ; - lock-file ( | none ); - managed-keys-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - match-mapped-addresses ; - max-cache-size ( default | unlimited | | ); - max-cache-ttl ; - max-clients-per-query ; - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-ncache-ttl ; - max-records ; - max-recursion-depth ; - max-recursion-queries ; - max-refresh-time ; - max-retry-time ; - max-rsa-exponent-size ; - max-stale-ttl ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - max-udp-size ; - max-zone-ttl ( unlimited | ); - memstatistics ; - memstatistics-file ; - message-compression ; - min-cache-ttl ; - min-ncache-ttl ; - min-refresh-time ; - min-retry-time ; - minimal-any ; - minimal-responses ( no-auth | no-auth-recursive | ); - multi-master ; - new-zones-directory ; - no-case-compress { ; ... }; - nocookie-udp-size ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-rate ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - nta-lifetime ; - nta-recheck ; - nxdomain-redirect ; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - pid-file ( | none ); - port ; - preferred-glue ; - prefetch [ ]; - provide-ixfr ; - qname-minimization ( strict | relaxed | disabled | off ); - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - querylog ; - random-device ( | none ); - rate-limit { - all-per-second ; - errors-per-second ; - exempt-clients { ; ... }; - ipv4-prefix-length ; - ipv6-prefix-length ; - log-only ; - max-table-size ; - min-table-size ; - nodata-per-second ; - nxdomains-per-second ; - qps-scale ; - referrals-per-second ; - responses-per-second ; - slip ; - window ; - }; - recursing-file ; - recursion ; - recursive-clients ; - request-expire ; - request-ixfr ; - request-nsid ; - require-server-cookie ; - reserved-sockets ; // deprecated - resolver-nonbackoff-tries ; - resolver-query-timeout ; - resolver-retry-interval ; - response-padding { ; ... } block-size ; - response-policy { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ]; ... } [ add-soa ] [ break-dnssec ] [ max-policy-ttl ] [ min-update-interval ] [ min-ns-dots ] [ nsip-wait-recurse ] [ nsdname-wait-recurse ] [ qname-wait-recurse ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ dnsrps-enable ] [ dnsrps-options { } ]; - reuseport ; - root-delegation-only [ exclude { ; ... } ]; - root-key-sentinel ; - rrset-order { [ class ] [ type ] [ name ] ; ... }; - secroots-file ; - send-cookie ; - serial-query-rate ; - serial-update-method ( date | increment | unixtime ); - server-id ( | none | hostname ); - servfail-ttl ; - session-keyalg ; - session-keyfile ( | none ); - session-keyname ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - sortlist { ; ... }; - stacksize ( default | unlimited | ); - stale-answer-client-timeout ( disabled | off | ); - stale-answer-enable ; - stale-answer-ttl ; - stale-cache-enable ; - stale-refresh-time ; - startup-notify-rate ; - statistics-file ; - synth-from-dnssec ; - tcp-advertised-timeout ; - tcp-clients ; - tcp-idle-timeout ; - tcp-initial-timeout ; - tcp-keepalive-timeout ; - tcp-listen-queue ; - tcp-receive-buffer ; - tcp-send-buffer ; - tkey-dhkey ; - tkey-domain ; - tkey-gssapi-credential ; - tkey-gssapi-keytab ; - tls-port ; - transfer-format ( many-answers | one-answer ); - transfer-message-size ; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers-in ; - transfers-out ; - transfers-per-ns ; - trust-anchor-telemetry ; // experimental - try-tcp-refresh ; - udp-receive-buffer ; - udp-send-buffer ; - update-check-ksk ; - use-alt-transfer-source ; - use-v4-udp-ports { ; ... }; - use-v6-udp-ports { ; ... }; - v6-bias ; - validate-except { ; ... }; - version ( | none ); - zero-no-soa-ttl ; - zero-no-soa-ttl-cache ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/parental-agents.grammar.rst b/doc/misc/parental-agents.grammar.rst deleted file mode 100644 index b09cc33787..0000000000 --- a/doc/misc/parental-agents.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/primaries.grammar.rst b/doc/misc/primaries.grammar.rst deleted file mode 100644 index b6c680fb03..0000000000 --- a/doc/misc/primaries.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; diff --git a/doc/misc/primary.zoneopt b/doc/misc/primary.zoneopt index 8811d2023e..c8ceb6d29f 100644 --- a/doc/misc/primary.zoneopt +++ b/doc/misc/primary.zoneopt @@ -46,6 +46,7 @@ zone [ ] { notify-source ( | * ) [ port ( | * ) ] [ dscp ]; notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; + nsec3-test-zone ; // test only parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ) [ port ( | * ) ] [ dscp ]; parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; diff --git a/doc/misc/primary.zoneopt.rst b/doc/misc/primary.zoneopt.rst deleted file mode 100644 index b03d60b905..0000000000 --- a/doc/misc/primary.zoneopt.rst +++ /dev/null @@ -1,74 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type primary; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-dup-records ( fail | warn | ignore ); - check-integrity ; - check-mx ( fail | warn | ignore ); - check-mx-cname ( fail | warn | ignore ); - check-names ( fail | warn | ignore ); - check-sibling ; - check-spf ( warn | ignore ); - check-srv-cname ( fail | warn | ignore ); - check-wildcard ; - database ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-secure-to-insecure ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-transfer-idle-out ; - max-transfer-time-out ; - max-zone-ttl ( unlimited | ); - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - serial-update-method ( date | increment | unixtime ); - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - update-check-ksk ; - update-policy ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ; ... }; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/redirect.zoneopt.rst b/doc/misc/redirect.zoneopt.rst deleted file mode 100644 index 53e9883e76..0000000000 --- a/doc/misc/redirect.zoneopt.rst +++ /dev/null @@ -1,26 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type redirect; - allow-query { ; ... }; - allow-query-on { ; ... }; - dlz ; - file ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-records ; - max-zone-ttl ( unlimited | ); - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/rst-grammars.pl b/doc/misc/rst-grammars.pl deleted file mode 100644 index 56ff5ea708..0000000000 --- a/doc/misc/rst-grammars.pl +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 2) { - print STDERR <<'END'; -usage: - perl docbook-options.pl options_file section > section.grammar.xml -END - exit 1; -} - -my $FILE = shift; -my $SECTION = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{^\s*$}) { - last if $preamble > 0; - } else { - $preamble++; - } -} - -my $display = 0; -while () { - if (m{^$SECTION\b}) { - $display = 1 - } - - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // non-operational}{}; - s{ // may occur multiple times}{}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - - if (m{^\s*$} && $display) { - last; - } - if ($display) { - print " " . $_; - } -} diff --git a/doc/misc/rst-options.pl b/doc/misc/rst-options.pl deleted file mode 100644 index eeb023a1c1..0000000000 --- a/doc/misc/rst-options.pl +++ /dev/null @@ -1,156 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 1) { - print STDERR <<'END'; -usage: - perl rst-options.pl options_file >named.conf.rst -END - exit 1; -} - -my $FILE = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{^\s*$}) { - last if $preamble > 0; - } else { - $preamble++; - } -} - -my $UNDERLINE; - -my $blank = 0; -while () { - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // non-operational}{}; - s{ (// )*may occur multiple times}{}; - s{<([a-z0-9_-]+)>}{$1}g; - s{ // deprecated,*}{// deprecated}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - if (m{^([a-z0-9-]+) }) { - my $HEADING = uc $1; - $UNDERLINE = $HEADING; - $UNDERLINE =~ s/./^/g; - print $HEADING . "\n"; - print $UNDERLINE . "\n\n"; - if ($HEADING eq "TRUSTED-KEYS") { - print "Deprecated - see DNSSEC-KEYS.\n\n"; - } - if ($HEADING eq "MANAGED-KEYS") { - print "See DNSSEC-KEYS.\n\n" ; - } - print "::\n\n"; - } - - if (m{^\s*$}) { - if (!$blank) { - print "\n"; - $blank = 1; - } - next; - } else { - $blank = 0; - } - print " " . $_; - -} - -print "ZONE\n"; -$UNDERLINE = "ZONE"; -$UNDERLINE =~ s/./^/g; -print $UNDERLINE . "\n\n"; -print "Any of these zone statements can also be set inside the view statement.\n\n"; - -print <`, :iscman:`named-checkconf(8) `, :iscman:`rndc(8) `, :iscman:`rndc-confgen(8) `, :iscman:`tsig-keygen(8) `, BIND 9 Administrator Reference Manual. - -END diff --git a/doc/misc/rst-zoneopt.pl b/doc/misc/rst-zoneopt.pl deleted file mode 100644 index e1af5411f0..0000000000 --- a/doc/misc/rst-zoneopt.pl +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use warnings; -use strict; - -if (@ARGV < 1) { - print STDERR <<'END'; -usage: - perl rst-zoneopt.pl zoneopt_file -END - exit 1; -} - -my $FILE = shift; - -open (FH, "<", $FILE) or die "Can't open $FILE"; - -print <) { - if (m{// not.*implemented} || m{// obsolete} || - m{// ancient} || m{// test.*only}) - { - next; - } - - s{ // not configured}{}; - s{ // may occur multiple times}{}; - s{[[]}{[}g; - s{[]]}{]}g; - s{ }{\t}g; - - print " " . $_; -} diff --git a/doc/misc/secondary.zoneopt b/doc/misc/secondary.zoneopt index 22c3a8d19d..ecb7b7b5d4 100644 --- a/doc/misc/secondary.zoneopt +++ b/doc/misc/secondary.zoneopt @@ -44,6 +44,7 @@ zone [ ] { notify-source ( | * ) [ port ( | * ) ] [ dscp ]; notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; notify-to-soa ; + nsec3-test-zone ; // test only parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; parental-source ( | * ) [ port ( | * ) ] [ dscp ]; parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; diff --git a/doc/misc/secondary.zoneopt.rst b/doc/misc/secondary.zoneopt.rst deleted file mode 100644 index 538f191171..0000000000 --- a/doc/misc/secondary.zoneopt.rst +++ /dev/null @@ -1,77 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type secondary; - allow-notify { ; ... }; - allow-query { ; ... }; - allow-query-on { ; ... }; - allow-transfer [ port ] [ transport ] { ; ... }; - allow-update-forwarding { ; ... }; - also-notify [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - alt-transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - alt-transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - auto-dnssec ( allow | maintain | off ); - check-names ( fail | warn | ignore ); - database ; - dialup ( notify | notify-passive | passive | refresh | ); - dlz ; - dnskey-sig-validity ; - dnssec-dnskey-kskonly ; - dnssec-loadkeys-interval ; - dnssec-policy ; - dnssec-update-mode ( maintain | no-resign ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - inline-signing ; - ixfr-from-differences ; - journal ; - key-directory ; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-ixfr-ratio ( unlimited | ); - max-journal-size ( default | unlimited | ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-idle-out ; - max-transfer-time-in ; - max-transfer-time-out ; - min-refresh-time ; - min-retry-time ; - multi-master ; - notify ( explicit | master-only | primary-only | ); - notify-delay ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - notify-to-soa ; - parental-agents [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - parental-source ( | * ) [ port ( | * ) ] [ dscp ]; - parental-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - request-expire ; - request-ixfr ; - sig-signing-nodes ; - sig-signing-signatures ; - sig-signing-type ; - sig-validity-interval [ ]; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - try-tcp-refresh ; - update-check-ksk ; - use-alt-transfer-source ; - zero-no-soa-ttl ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/server.grammar.rst b/doc/misc/server.grammar.rst deleted file mode 100644 index b62959ae7d..0000000000 --- a/doc/misc/server.grammar.rst +++ /dev/null @@ -1,37 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - server { - bogus ; - edns ; - edns-udp-size ; - edns-version ; - keys ; - max-udp-size ; - notify-source ( | * ) [ port ( | * ) ] [ dscp ]; - notify-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - padding ; - provide-ixfr ; - query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - query-source-v6 ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; - request-expire ; - request-ixfr ; - request-nsid ; - send-cookie ; - tcp-keepalive ; - tcp-only ; - transfer-format ( many-answers | one-answer ); - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - transfers ; - }; diff --git a/doc/misc/static-stub.zoneopt.rst b/doc/misc/static-stub.zoneopt.rst deleted file mode 100644 index d307586718..0000000000 --- a/doc/misc/static-stub.zoneopt.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type static-stub; - allow-query { ; ... }; - allow-query-on { ; ... }; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - max-records ; - server-addresses { ( | ); ... }; - server-names { ; ... }; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/statistics-channels.grammar.rst b/doc/misc/statistics-channels.grammar.rst deleted file mode 100644 index 8e4d964598..0000000000 --- a/doc/misc/statistics-channels.grammar.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - statistics-channels { - inet ( | | * ) [ port ( | * ) ] [ allow { ; ... } ]; - }; diff --git a/doc/misc/stub.zoneopt.rst b/doc/misc/stub.zoneopt.rst deleted file mode 100644 index d18720b12a..0000000000 --- a/doc/misc/stub.zoneopt.rst +++ /dev/null @@ -1,40 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - zone [ ] { - type stub; - allow-query { ; ... }; - allow-query-on { ; ... }; - check-names ( fail | warn | ignore ); - database ; - delegation-only ; - dialup ( notify | notify-passive | passive | refresh | ); - file ; - forward ( first | only ); - forwarders [ port ] [ dscp ] { ( | ) [ port ] [ dscp ]; ... }; - masterfile-format ( raw | text ); - masterfile-style ( full | relative ); - max-records ; - max-refresh-time ; - max-retry-time ; - max-transfer-idle-in ; - max-transfer-time-in ; - min-refresh-time ; - min-retry-time ; - multi-master ; - primaries [ port ] [ dscp ] { ( | [ port ] | [ port ] ) [ key ] [ tls ]; ... }; - transfer-source ( | * ) [ port ( | * ) ] [ dscp ]; - transfer-source-v6 ( | * ) [ port ( | * ) ] [ dscp ]; - use-alt-transfer-source ; - zone-statistics ( full | terse | none | ); - }; diff --git a/doc/misc/tls.grammar.rst b/doc/misc/tls.grammar.rst deleted file mode 100644 index 37d1b97a4f..0000000000 --- a/doc/misc/tls.grammar.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - tls { - ca-file ; - cert-file ; - ciphers ; - dhparam-file ; - key-file ; - prefer-server-ciphers ; - protocols { ; ... }; - remote-hostname ; - session-tickets ; - }; diff --git a/doc/misc/trust-anchors.grammar.rst b/doc/misc/trust-anchors.grammar.rst deleted file mode 100644 index e389e73be9..0000000000 --- a/doc/misc/trust-anchors.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - trust-anchors { ( static-key | initial-key | static-ds | initial-ds ) ; ... }; diff --git a/doc/misc/trusted-keys.grammar.rst b/doc/misc/trusted-keys.grammar.rst deleted file mode 100644 index 47aa831815..0000000000 --- a/doc/misc/trusted-keys.grammar.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -:: - - trusted-keys { ; ... };, deprecated From 1f5bc4fe3bc9c01bb38807604262c814fe9036a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 13:30:53 +0200 Subject: [PATCH 16/29] Add option to suppress grammar rendering A new flag .. namedconf:statement:: :suppress_grammar: suppresses pretty-printing grammar. It is useful mostly for zones because each zone has it's own grammar, so printing all of them at once usually does not make sense. --- doc/arm/_ext/iscconf.py | 3 +++ doc/arm/reference.rst | 2 ++ 2 files changed, 5 insertions(+) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index f4a74897e7..c4252c4202 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -96,6 +96,7 @@ def domain_factory(domainname, domainlabel, todolist, grammar): "tags": lambda arg: split_csv(arg, required=False), # one-sentece description for use in summary tables "short": directives.unchanged_required, + "suppress_grammar": directives.flag, } @property @@ -237,6 +238,8 @@ def domain_factory(domainname, domainlabel, todolist, grammar): union_flags = union_flags.union( set(one_grammar_dict.subgrammar.get("_flags", [])) ) + if "suppress_grammar" in self.options: + continue grammarnode = self.format_grammar(multi_grammar, grammar_grp) contentnode.insert(0, grammarnode) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 91ba493750..6cec9157b7 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -6156,6 +6156,7 @@ Here is an example of a typical split DNS setup implemented using ``zone`` Statement Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: zone + :suppress_grammar: .. _zone_statement: @@ -6169,6 +6170,7 @@ Here is an example of a typical split DNS setup implemented using Zone Types ^^^^^^^^^^ .. namedconf:statement:: type + :suppress_grammar: The ``type`` keyword is required for the ``zone`` configuration unless it is an ``in-view`` configuration. Its acceptable values are: From 435cbb61bad65bcef7fa13d47d5b5789e7106846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 14:06:39 +0200 Subject: [PATCH 17/29] Add zone definitions into the view grammar I cannot see a reasonable way to achieve this without the hack in this commit. --- doc/arm/_ext/iscconf.py | 4 ++-- doc/arm/_ext/mergegrammar.py | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index c4252c4202..022d303de0 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -133,14 +133,14 @@ def domain_factory(domainname, domainlabel, todolist, grammar): return ".".join(path[1:]) def format_paths(self, paths): - zone_types = [] + zone_types = set() nozone_paths = [] for path in paths: try: zone_idx = path.index("zone") zone_type_txt = path[zone_idx + 1] assert zone_type_txt.startswith("type "), zone_type_txt - zone_types.append(zone_type_txt[len("type ") :]) + zone_types.add(zone_type_txt[len("type ") :]) except (ValueError, IndexError): nozone_paths.append(path) condensed_paths = nozone_paths[:] diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py index d339da1645..75146f7dc4 100644 --- a/doc/arm/_ext/mergegrammar.py +++ b/doc/arm/_ext/mergegrammar.py @@ -46,6 +46,10 @@ def combine(): assert rest rest.update(zones) + # this is a terrible hack + # but cfg_test cannot print zone grammars inside view + rest["view"]["_mapbody"].update(zones) + return rest From 0392144e995bb90d8fd8022c5243edc260bd7156 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 15:05:02 +0200 Subject: [PATCH 18/29] Pretty-print grammar for zones It turns out the tree of dictionaries is not the best structure to represent our grammar, unfortunatelly. The problem is that "zone" has several context-dependent variants which change meaning of "zone" based on inner field "type". Redesigning the whole structure does not seem to be worth, so I settled on this terrible hack. --- doc/arm/_ext/iscconf.py | 3 ++- doc/arm/_ext/mergegrammar.py | 3 ++- doc/misc/checkgrammar.py | 24 +++++++++++++++--------- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 022d303de0..99f6b533aa 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -173,8 +173,9 @@ def domain_factory(domainname, domainlabel, todolist, grammar): else: separator = "" paths = "" + subgrammar = grammar_grp[0].subgrammar grammar_txt = ( - self.isc_name + subgrammar.get("_pprint_name", self.isc_name) + " " + checkgrammar.pformat_grammar(grammar_grp[0].subgrammar, level=1) ) diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py index 75146f7dc4..966d1c3bc9 100644 --- a/doc/arm/_ext/mergegrammar.py +++ b/doc/arm/_ext/mergegrammar.py @@ -29,8 +29,9 @@ def read_zone(): assert len(zonegrammar) == 1 assert "zone" in zonegrammar zone_grammars[zone_type] = zonegrammar["zone"] + zone_grammars[zone_type]["_pprint_name"] = "zone" - return {"zone": {"_mapbody": zone_grammars}} + return {"zone": {"_mapbody": zone_grammars, "_ignore_this_level": True}} def read_main(): diff --git a/doc/misc/checkgrammar.py b/doc/misc/checkgrammar.py index 57f4c8ede5..8483b2edaf 100644 --- a/doc/misc/checkgrammar.py +++ b/doc/misc/checkgrammar.py @@ -113,19 +113,25 @@ def pformat_grammar(node, level=1): # a nested map out = "" indent = level * "\t" - if "_id" in node: - out += node["_id"] + " " - out += "{\n" + if not node.get("_ignore_this_level"): + if "_id" in node: + out += node["_id"] + " " + out += "{\n" - for key in node["_mapbody"]: - out += f"{indent}{key}" - inner_grammar = pformat_grammar(node["_mapbody"][key], level=level + 1) + for key, subnode in node["_mapbody"].items(): + if not subnode.get("_ignore_this_level"): + out += f"{indent}{subnode.get('_pprint_name', key)}" + inner_grammar = pformat_grammar(node["_mapbody"][key], level=level + 1) + else: # act as if we were not in a map + inner_grammar = pformat_grammar(node["_mapbody"][key], level=level) if inner_grammar[0] != ";": # we _did_ find some arguments out += " " out += inner_grammar - out += indent[:-1] + "};" # unindent the closing bracket - if "_flags" in node: - out += " // " + ", ".join(node["_flags"]) + + if not node.get("_ignore_this_level"): + out += indent[:-1] + "};" # unindent the closing bracket + if "_flags" in node: + out += " // " + ", ".join(node["_flags"]) return out + "\n" From 5c04e3c524cc236c73e98d84d292ae4944b1cc43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 24 Jun 2022 15:17:22 +0200 Subject: [PATCH 19/29] Sort grammar map keys while pretty printing them It would be too easy if we could just call sorted(). Thanks to zone grammar the most important key "type" gets sorted near end, so we pull it up to the top using a hack. --- doc/misc/checkgrammar.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/misc/checkgrammar.py b/doc/misc/checkgrammar.py index 8483b2edaf..09984eceb4 100644 --- a/doc/misc/checkgrammar.py +++ b/doc/misc/checkgrammar.py @@ -102,6 +102,14 @@ def diff_statements(whole_grammar, places): def pformat_grammar(node, level=1): """Pretty print a given grammar node in the same way as cfg_test would""" + + def sortkey(item): + """Treat 'type' specially and always put it first, for zone types""" + key, _ = item + if key == "type": + return "" + return key + if "_grammar" in node: # no nesting assert "_id" not in node assert "_mapbody" not in node @@ -118,7 +126,7 @@ def pformat_grammar(node, level=1): out += node["_id"] + " " out += "{\n" - for key, subnode in node["_mapbody"].items(): + for key, subnode in sorted(node["_mapbody"].items(), key=sortkey): if not subnode.get("_ignore_this_level"): out += f"{indent}{subnode.get('_pprint_name', key)}" inner_grammar = pformat_grammar(node["_mapbody"][key], level=level + 1) From 08a8acffdc573dbccd11d6f420708f60edae05d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Mon, 27 Jun 2022 18:19:25 +0200 Subject: [PATCH 20/29] Add ability to filter tables using blocks A new syntax .. namedconf:statementlist:: :filter_blocks: type secondary allows to generate tables with statements allowed within specified blocks. --- doc/arm/_ext/iscconf.py | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 99f6b533aa..e59cf4d6f9 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -67,11 +67,17 @@ def domain_factory(domainname, domainlabel, todolist, grammar): process_statementlist_nodes() callback. """ - option_spec = {"filter_tags": lambda arg: split_csv(arg, required=True)} + option_spec = { + "filter_blocks": lambda arg: split_csv(arg, required=True), + "filter_tags": lambda arg: split_csv(arg, required=True), + } def run(self): placeholder = todolist("") placeholder["isc_filter_tags"] = set(self.options.get("filter_tags", [])) + placeholder["isc_filter_blocks"] = set( + self.options.get("filter_blocks", []) + ) return [placeholder] class ISCConfDomain(Domain): @@ -428,7 +434,7 @@ def domain_factory(domainname, domainlabel, todolist, grammar): of statements. """ - def gen_replacement_table(acceptable_tags): + def gen_replacement_table(acceptable_blocks, acceptable_tags): table_header = [ TableColumn("ref", "Statement"), TableColumn("short", "Description"), @@ -452,8 +458,16 @@ def domain_factory(domainname, domainlabel, todolist, grammar): sorted( filter( lambda item: ( - not acceptable_tags - or item["tags"].intersection(acceptable_tags) + ( + not acceptable_tags + or item["tags"].intersection(acceptable_tags) + ) + and ( + not acceptable_blocks + or item["block_names"].intersection( + acceptable_blocks + ) + ) ), iscconf.list_all(fromdocname), ), @@ -467,10 +481,17 @@ def domain_factory(domainname, domainlabel, todolist, grammar): for node in doctree.traverse(todolist): acceptable_tags = node["isc_filter_tags"] - node.replace_self(gen_replacement_table(acceptable_tags)) + acceptable_blocks = node["isc_filter_blocks"] + node.replace_self( + gen_replacement_table(acceptable_blocks, acceptable_tags) + ) def list_all(self, fromdocname): for statement in self.data["statements"].values(): + block_names = set( + path[-1] + for path in self.statement_blocks.get(statement["signature"], []) + ) tags_txt = ", ".join(statement["tags"]) refpara = nodes.inline() @@ -485,6 +506,7 @@ def domain_factory(domainname, domainlabel, todolist, grammar): ) copy = statement.copy() + copy["block_names"] = block_names copy["ref"] = refpara copy["tags_txt"] = tags_txt yield copy From 1af157eb2095aca49f078d8e7d831b26cd9a676e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 10:03:38 +0200 Subject: [PATCH 21/29] Remove extra whitespace in grammar for null statement --- doc/arm/_ext/iscconf.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index e59cf4d6f9..d7f1e495de 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -180,11 +180,11 @@ def domain_factory(domainname, domainlabel, todolist, grammar): separator = "" paths = "" subgrammar = grammar_grp[0].subgrammar - grammar_txt = ( - subgrammar.get("_pprint_name", self.isc_name) - + " " - + checkgrammar.pformat_grammar(grammar_grp[0].subgrammar, level=1) - ) + subgrammar_txt = checkgrammar.pformat_grammar(subgrammar).strip() + grammar_txt = subgrammar.get("_pprint_name", self.isc_name) + if subgrammar_txt != ";": + grammar_txt += " " + grammar_txt += subgrammar_txt if "\n" in grammar_txt.strip(): nodetype = nodes.literal_block else: From 261bdc7358630abb12b1423b68efbd4409bec9fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 11:48:16 +0200 Subject: [PATCH 22/29] Special-case zone in-view It is not really a zone type, so let's not generate "type in-view" anchor for it. --- doc/arm/_ext/iscconf.py | 7 +++++-- doc/arm/_ext/mergegrammar.py | 6 +++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index d7f1e495de..809445ec50 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -145,8 +145,11 @@ def domain_factory(domainname, domainlabel, todolist, grammar): try: zone_idx = path.index("zone") zone_type_txt = path[zone_idx + 1] - assert zone_type_txt.startswith("type "), zone_type_txt - zone_types.add(zone_type_txt[len("type ") :]) + if zone_type_txt.startswith("type "): + zone_types.add(zone_type_txt[len("type ") :]) + else: + assert zone_type_txt == "in-view" + zone_types.add(zone_type_txt) except (ValueError, IndexError): nozone_paths.append(path) condensed_paths = nozone_paths[:] diff --git a/doc/arm/_ext/mergegrammar.py b/doc/arm/_ext/mergegrammar.py index 966d1c3bc9..b0500eb4b5 100644 --- a/doc/arm/_ext/mergegrammar.py +++ b/doc/arm/_ext/mergegrammar.py @@ -22,7 +22,11 @@ import parsegrammar def read_zone(): zone_grammars = {} for file in Path("../misc/").glob("*.zoneopt"): - zone_type = f"type {file.stem}" + # in-view is not really a zone type + if file.stem == "in-view": + zone_type = "in-view" + else: + zone_type = f"type {file.stem}" with file.open(encoding="ascii") as fp: zonegrammar = parsegrammar.parse_mapbody(fp) From 40b3ce727c9d7a721902555ec3adee90d1d11bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 13:28:09 +0200 Subject: [PATCH 23/29] Add missing link anchor for dlz search statement --- doc/arm/dlz.inc.rst | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/arm/dlz.inc.rst b/doc/arm/dlz.inc.rst index ed4c93d5bd..cae251311e 100644 --- a/doc/arm/dlz.inc.rst +++ b/doc/arm/dlz.inc.rst @@ -46,9 +46,13 @@ A DLZ database is configured with a ``dlz`` statement in :iscman:`named.conf`: This specifies a DLZ module to search when answering queries; the module is implemented in ``driver.so`` and is loaded at runtime by the dlopen -DLZ driver. Multiple ``dlz`` statements can be specified; when answering -a query, all DLZ modules with ``search`` set to ``yes`` are queried -to see whether they contain an answer for the query name. The best +DLZ driver. Multiple ``dlz`` statements can be specified. + + +.. namedconf:statement:: search + +When answering a query, all DLZ modules with ``search`` set to ``yes`` are +queried to see whether they contain an answer for the query name. The best available answer is returned to the client. The ``search`` option in the above example can be omitted, because From 1687b408495f68ab1ad48ae3b05c95b31056a1dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 13:37:57 +0200 Subject: [PATCH 24/29] Document ipv4only-* options in the ARM Statements ipv4only-contact, ipv4only-enable, ipv4only-server did not have their own section in the ARM. Now they have. --- doc/arm/reference.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 6cec9157b7..4e5cda53bc 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -1689,6 +1689,20 @@ default is used. suffix ::; }; +.. namedconf:statement:: ipv4only-enable + + This enables or disables automatic zones ``ipv4only.arpa``, + ``170.0.0.192.in-addr.arpa``, and ``171.0.0.192.in-addr.arpa``. + + By default these zones are loaded if :any:`dns64` is configured. + +.. namedconf:statement:: ipv4only-server +.. namedconf:statement:: ipv4only-contact + + ``ipv4only-server`` and ``ipv4only-contact`` can be used to specify the name + of the server and contact for the IPV4ONLY.ARPA zone created by + :any:`dns64`. + .. namedconf:statement:: dnssec-loadkeys-interval When a zone is configured with ``auto-dnssec maintain;``, its key From 10f88bffe59f60b2b386e1398c4ba194b12d2ec0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 13:58:03 +0200 Subject: [PATCH 25/29] Define default-source-address, default-source-address-v6 for rndc --- doc/arm/dns-ops.inc.rst | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/arm/dns-ops.inc.rst b/doc/arm/dns-ops.inc.rst index e4f7e38f72..ff9670ab45 100644 --- a/doc/arm/dns-ops.inc.rst +++ b/doc/arm/dns-ops.inc.rst @@ -117,9 +117,6 @@ server. .. rndcconf:statement:: options - The ``options`` statement has three clauses: ``default-server``, - ``default-key``, and ``default-port``. - .. rndcconf:statement:: default-server ``default-server`` takes a @@ -137,6 +134,14 @@ server. :iscman:`rndc` should connect if no port is given on the command line or in a ``server`` statement. + .. rndcconf:statement:: default-source-address + .. rndcconf:statement:: default-source-address-v6 + + ``default-source-address`` and ``default-source-address-v6`` specify + the IPv4 and IPv6 source address used to communicate with the server + if no address is given on the command line or in a + :rndcconf:ref:`server` block. + .. rndcconf:statement:: key The ``key`` statement defines a key to be used by :iscman:`rndc` when From 82e2f0b37efabf8f1a6119095ef025c92bd80c6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 14:09:36 +0200 Subject: [PATCH 26/29] Describe rndc server block using .. rndcconf syntax We need to split the description to silence warnings about undescribed statements. --- doc/arm/dns-ops.inc.rst | 27 +++++++++++++++++++++------ doc/arm/reference.rst | 4 ++-- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/doc/arm/dns-ops.inc.rst b/doc/arm/dns-ops.inc.rst index ff9670ab45..9984c6e1cd 100644 --- a/doc/arm/dns-ops.inc.rst +++ b/doc/arm/dns-ops.inc.rst @@ -165,12 +165,27 @@ server. .. rndcconf:statement:: server - The ``server`` statement associates a key defined using the ``key`` - statement with a server. The keyword ``server`` is followed by a host - name or address. The ``server`` statement has two clauses: ``key`` - and ``port``. The ``key`` clause specifies the name of the key to be - used when communicating with this server, and the ``port`` clause can - be used to specify the port :iscman:`rndc` should connect to on the server. + The ``server`` statement specifies connection parameters for a given server. + The server can be specified as a host name or address. + + .. rndcconf:statement:: addresses + + Specifies one or more addresses to use when communicating with this + server. + + :rndcconf:ref:`key` + Associates a key defined using the :rndcconf:ref:`key` statement with a + server. + + .. rndcconf:statement:: port + + Specifes the port :iscman:`rndc` should connect to on the server. + + .. rndcconf:statement:: source-address + .. rndcconf:statement:: source-address-v6 + + Overrides :rndcconf:ref:`default-source-address` and + :rndcconf:ref:`default-source-address-v6` for this specific server. A sample minimal configuration file is as follows: diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 4e5cda53bc..58bf7f217f 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -44,8 +44,8 @@ The file :file:`named.conf` may contain three types of entities: - Statements define and control specific BIND behaviors. - Statements may have a single parameter (a **Value**) or multiple parameters (**Argument/Value** pairs). For example, the :any:`recursion` statement takes a - single value parameter which, in this case, is the string ``yes`` or ``no`` - (``recursion yes;``) whereas the :any:`port` statement takes a numeric value + single value parameter - in this case, the string ``yes`` or ``no`` + (``recursion yes;``) - while the :namedconf:ref:`port` statement takes a numeric value defining the DNS port number (``port 53;``). More complex statements take one or more argument/value pairs. The :any:`also-notify` statement may take a number of such argument/value pairs, such as ``also-notify port 5353;``, From d88fefbb4a7b58bfd7cfea73507f49c919d80340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 14:20:17 +0200 Subject: [PATCH 27/29] Add link anchor and hyperlinks to keys statement This is super confusing because statement "keys" exists in context controls and server blocks where it refers to symmetric TSIG key, and it _also_ exists in dnssec-policy block where it specifies public-private key pair parameters. In an (unsuccessful) attempt to disambiguate these two I added bunch of hyperlinks and a warning. --- doc/arm/reference.rst | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 58bf7f217f..941887cf1a 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -313,10 +313,12 @@ file documentation: When specifying a prefix involving an IPv6-scoped address, the scope may be omitted. In that case, the prefix matches packets from any scope. ``key_id`` - A ``domain_name`` representing the name of a shared key, to be used for transaction security. + A ``domain_name`` representing the name of a shared key, to be used for + :ref:`transaction security `. Keys are defined using + :namedconf:ref:`key` blocks. ``key_list`` - A list of one or more ``key_id``, separated by semicolons and ending with a semicolon. + A list of one or more :term:`key_id` s, separated by semicolons and ending with a semicolon. ``tls_id`` A string representing a TLS configuration object, including a key and certificate. @@ -500,8 +502,8 @@ and retrieve non-DNS results from a name server. ``keys`` The primary authorization mechanism of the command channel is the - ``key_list``, which contains a list of ``key_id``s. Each ``key_id`` in - the ``key_list`` is authorized to execute commands over the control + :term:`key_list`, which contains a list of :term:`key_id` s. Each + :namedconf:ref:`key` is authorized to execute commands over the control channel. See :ref:`admin_tools` for information about configuring keys in :iscman:`rndc`. @@ -5277,9 +5279,17 @@ any top-level ``server`` statements are used as defaults. specified, the limit is set according to the ``transfers-per-ns`` option. -``keys`` - The option identifies a ``key_id`` defined by the ``key`` - statement, to be used for transaction security (see :ref:`tsig`) +.. namedconf:statement:: keys + :suppress_grammar: + + .. warning:: + Not to be confused with ``keys`` in :any:`dnssec-policy` specification. + Although statements with the same name exist in both contexts, they refer + to fundamentally incompatible concepts. + + In the context of a :namedconf:ref:`server` block, the option identifies a + :term:`key_id` defined by the :namedconf:ref:`key` statement, to be used for + transaction security (see :ref:`tsig`) when talking to the remote server. When a request is sent to the remote server, a request signature is generated using the key specified here and appended to the message. A request originating from the remote @@ -6093,8 +6103,9 @@ run multiple servers. ``address_match_list`` of the view's ``match-destinations`` clause. If not specified, both ``match-clients`` and ``match-destinations`` default to matching all addresses. In addition to checking IP addresses, - ``match-clients`` and ``match-destinations`` can also take ``keys`` - which provide an mechanism for the client to select the view. + ``match-clients`` and ``match-destinations`` can also take the name of a + TSIG :namedconf:ref:`key`, which provides a mechanism for the client to select + the view. .. namedconf:statement:: match-recursive-only From f5faddd08ad5aa8f95c647559e3529e0e3f16ed9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 17:29:18 +0200 Subject: [PATCH 28/29] Cleanup tag filtering code for statementlist:: RST directive Technically this is fixup for 33931c97faaa0f728b4194b8077825e75c351e12 but that commit is already merged. --- doc/arm/_ext/iscconf.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/doc/arm/_ext/iscconf.py b/doc/arm/_ext/iscconf.py index 809445ec50..4380a8c4c1 100644 --- a/doc/arm/_ext/iscconf.py +++ b/doc/arm/_ext/iscconf.py @@ -442,20 +442,13 @@ def domain_factory(domainname, domainlabel, todolist, grammar): TableColumn("ref", "Statement"), TableColumn("short", "Description"), ] - table_b = DictToDocutilsTableBuilder(table_header) - table_b.append_iterable( - sorted( - iscconf.list_all(fromdocname), - key=lambda x: x["fullname"], - ) - ) tag_header = [] - if len(acceptable_tags) != 1: # tags column only if tag filter is not applied tag_header = [ TableColumn("tags_txt", "Tags"), ] + table_b = DictToDocutilsTableBuilder(table_header + tag_header) table_b.append_iterable( sorted( From 908acd5d7084a68b698f3dfac7ce9ce250ea1216 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Thu, 30 Jun 2022 17:35:06 +0200 Subject: [PATCH 29/29] Add note that named.conf man page is not a complete manual We cannot simply do URL because it would make our lives more complicated with -S edition. --- bin/named/named.conf.rst | 5 +++++ doc/man/named.conf.5in | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/bin/named/named.conf.rst b/bin/named/named.conf.rst index 820ca2d3cb..8e93f8b3fe 100644 --- a/bin/named/named.conf.rst +++ b/bin/named/named.conf.rst @@ -25,6 +25,11 @@ Description ~~~~~~~~~~~ :file:`named.conf` is the configuration file for :iscman:`named`. + +For complete documentation about the configuration statements, please refer to +the Configuration Reference section in the BIND 9 Administrator Reference +Manual. + Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported: diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 68ee4e4ee1..2fc6bd1eb7 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -36,6 +36,11 @@ named.conf \- configuration file for **named** .SH DESCRIPTION .sp \fBnamed.conf\fP is the configuration file for \fI\%named\fP\&. +.sp +For complete documentation about the configuration statements, please refer to +the Configuration Reference section in the BIND 9 Administrator Reference +Manual. +.sp Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: