mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Merge branch 'pspacek/arm-grammar-render' into 'main'

Browse Source 
Render grammar snippets in the ARM

See merge request isc-projects/bind9!6491
This commit is contained in:
Petr Špaček
2022-07-01 07:25:48 +00:00
parent b18fa6c7b2 908acd5d70
commit 4a460fb420
52 changed files with 2156 additions and 5064 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.reuse/dep5
View File

@@ -155,7 +155,7 @@ Files: **/.clang-format
.uncrustify.cfg .uncrustify.cfg
doc/misc/*.zoneopt doc/misc/*.zoneopt
doc/misc/options doc/misc/options
doc/misc/options.active doc/misc/rndc.grammar
tsan-suppressions.txt tsan-suppressions.txt
Copyright: Internet Systems Consortium, Inc. ("ISC") Copyright: Internet Systems Consortium, Inc. ("ISC")
License: CC0-1.0 License: CC0-1.0

12
Makefile.docs
View File

@@ -60,15 +60,3 @@ AM_V_SED_0 = @echo " SED $@";
AM_V_CFG_TEST = $(AM_V_CFG_TEST_@AM_V@) AM_V_CFG_TEST = $(AM_V_CFG_TEST_@AM_V@)
AM_V_CFG_TEST_ = $(AM_V_CFG_TEST_@AM_DEFAULT_V@) AM_V_CFG_TEST_ = $(AM_V_CFG_TEST_@AM_DEFAULT_V@)
AM_V_CFG_TEST_0 = @echo " CFG_GEN $@"; AM_V_CFG_TEST_0 = @echo " CFG_GEN $@";
AM_V_RST_OPTIONS = $(AM_V_CFG_TEST_@AM_V@)
AM_V_RST_OPTIONS_ = $(AM_V_RST_OPTIONS_@AM_DEFAULT_V@)
AM_V_RST_OPTIONS_0 = @echo " RST_OPTIONS $@";
AM_V_RST_ZONEOPT = $(AM_V_CFG_TEST_@AM_V@)
AM_V_RST_ZONEOPT_ = $(AM_V_RST_ZONEOPT_@AM_DEFAULT_V@)
AM_V_RST_ZONEOPT_0 = @echo " RST_ZONEOPT $@";
AM_V_RST_GRAMMARS = $(AM_V_CFG_TEST_@AM_V@)
AM_V_RST_GRAMMARS_ = $(AM_V_RST_GRAMMARS_@AM_DEFAULT_V@)
AM_V_RST_GRAMMARS_0 = @echo " RST_GRAMMARS $@";

3
bin/named/Makefile.am
View File

@@ -121,6 +121,3 @@ if HAVE_LIBNGHTTP2
named_LDADD += \ named_LDADD += \
$(LIBNGHTTP2_LIBS) $(LIBNGHTTP2_LIBS)
endif HAVE_LIBNGHTTP2 endif HAVE_LIBNGHTTP2
MAINTAINERCLEANFILES = \
named.conf.rst

879
bin/named/named.conf.rst
View File

@@ -25,6 +25,11 @@ Description
~~~~~~~~~~~ ~~~~~~~~~~~
:file:`named.conf` is the configuration file for :iscman:`named`. :file:`named.conf` is the configuration file for :iscman:`named`.
For complete documentation about the configuration statements, please refer to
the Configuration Reference section in the BIND 9 Administrator Reference
Manual.
Statements are enclosed in braces and terminated with a semi-colon. Statements are enclosed in braces and terminated with a semi-colon.
Clauses in the statements are also semi-colon terminated. The usual Clauses in the statements are also semi-colon terminated. The usual
comment styles are supported: comment styles are supported:
@@ -35,872 +40,20 @@ C style: /\* \*/
Unix style: # to end of line Unix style: # to end of line
ACL .. literalinclude:: ../../doc/misc/options
^^^
::
acl string { address_match_element; ... };
CONTROLS
^^^^^^^^
::
controls {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] allow
{ address_match_element; ... } [
keys { string; ... } ] [ read-only
boolean ];
unix quoted_string perm integer
owner integer group integer [
keys { string; ... } ] [ read-only
boolean ];
};
DLZ
^^^
::
dlz string {
database string;
search boolean;
};
DNSSEC-POLICY
^^^^^^^^^^^^^
::
dnssec-policy string {
dnskey-ttl duration;
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
duration_or_unlimited algorithm string [ integer ]; ... };
max-zone-ttl duration;
nsec3param [ iterations integer ] [ optout boolean ] [
salt-length integer ];
parent-ds-ttl duration;
parent-propagation-delay duration;
publish-safety duration;
purge-keys duration;
retire-safety duration;
signatures-refresh duration;
signatures-validity duration;
signatures-validity-dnskey duration;
zone-propagation-delay duration;
};
DYNDB
^^^^^
::
dyndb string quoted_string {
unspecified-text };
HTTP
^^^^
::
http string {
endpoints { quoted_string; ... };
listener-clients integer;
streams-per-connection integer;
};
KEY
^^^
::
key string {
algorithm string;
secret string;
};
LOGGING
^^^^^^^
::
logging {
category string { string; ... };
channel string {
buffered boolean;
file quoted_string [ versions ( unlimited | integer ) ]
[ size size ] [ suffix ( increment | timestamp ) ];
null;
print-category boolean;
print-severity boolean;
print-time ( iso8601 | iso8601-utc | local | boolean );
severity log_severity;
stderr;
syslog [ syslog_facility ];
};
};
MANAGED-KEYS
^^^^^^^^^^^^
See DNSSEC-KEYS.
::
managed-keys { string ( static-key
| initial-key | static-ds |
initial-ds ) integer integer
integer quoted_string; ... };, deprecated
OPTIONS
^^^^^^^
::
options {
allow-new-zones boolean;
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-cache { address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
allow-transfer [ port integer ] [ transport string ] {
address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { (
remote-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [ tls
string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan boolean;
avoid-v4-udp-ports { portrange; ... };
avoid-v6-udp-ports { portrange; ... };
bindkeys-file quoted_string;
blackhole { address_match_element; ... };
catalog-zones { zone string [ default-primaries [ port integer
] [ dscp integer ] { ( remote-servers | ipv4_address [
port integer ] | ipv6_address [ port integer ] ) [ key
string ] [ tls string ]; ... } ] [ zone-directory
quoted_string ] [ in-memory boolean ] [ min-update-interval
duration ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
clients-per-query integer;
cookie-algorithm ( aes | siphash24 );
cookie-secret string;
coresize ( default | unlimited | sizeval );
datasize ( default | unlimited | sizeval );
deny-answer-addresses { address_match_element; ... } [
except-from { string; ... } ];
deny-answer-aliases { string; ... } [ except-from { string; ...
} ];
dialup ( notify | notify-passive | passive | refresh | boolean );
directory quoted_string;
disable-algorithms string { string;
... };
disable-ds-digests string { string;
... };
disable-empty-zone string;
dns64 netprefix {
break-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive-only boolean;
suffix ipv6_address;
};
dns64-contact string;
dns64-server string;
dnskey-sig-validity integer;
dnsrps-enable boolean;
dnsrps-options { unspecified-text };
dnssec-accept-expired boolean;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-must-be-secure string boolean;
dnssec-policy string;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap-identity ( quoted_string | none | hostname );
dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
size ) ] [ versions ( unlimited | integer ) ] [ suffix (
increment | timestamp ) ];
dnstap-version ( quoted_string | none );
dscp integer;
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dump-file quoted_string;
edns-udp-size integer;
empty-contact string;
empty-server string;
empty-zones-enable boolean;
fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
fetches-per-server integer [ ( drop | fail ) ];
fetches-per-zone integer [ ( drop | fail ) ];
files ( default | unlimited | sizeval );
flush-zones-on-shutdown boolean;
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
fstrm-set-buffer-hint integer;
fstrm-set-flush-timeout integer;
fstrm-set-input-queue-size integer;
fstrm-set-output-notify-threshold integer;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size integer;
fstrm-set-reopen-interval duration;
geoip-directory ( quoted_string | none );
heartbeat-interval integer;
hostname ( quoted_string | none );
http-listener-clients integer;
http-port integer;
http-streams-per-connection integer;
https-port integer;
interface-interval duration;
ipv4only-contact string;
ipv4only-enable boolean;
ipv4only-server string;
ixfr-from-differences ( primary | master | secondary | slave |
boolean );
key-directory quoted_string;
lame-ttl duration;
listen-on [ port integer ] [ dscp
integer ] [ tls string ] [ http
string ] {
address_match_element; ... };
listen-on-v6 [ port integer ] [ dscp
integer ] [ tls string ] [ http
string ] {
address_match_element; ... };
lmdb-mapsize sizeval;
lock-file ( quoted_string | none );
managed-keys-directory quoted_string;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
match-mapped-addresses boolean;
max-cache-size ( default | unlimited | sizeval | percentage );
max-cache-ttl duration;
max-clients-per-query integer;
max-ixfr-ratio ( unlimited | percentage );
max-journal-size ( default | unlimited | sizeval );
max-ncache-ttl duration;
max-records integer;
max-recursion-depth integer;
max-recursion-queries integer;
max-refresh-time integer;
max-retry-time integer;
max-rsa-exponent-size integer;
max-stale-ttl duration;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-udp-size integer;
max-zone-ttl ( unlimited | duration );
memstatistics boolean;
memstatistics-file quoted_string;
message-compression boolean;
min-cache-ttl duration;
min-ncache-ttl duration;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
multi-master boolean;
new-zones-directory quoted_string;
no-case-compress { address_match_element; ... };
nocookie-udp-size integer;
notify ( explicit | master-only | primary-only | boolean );
notify-delay integer;
notify-rate integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
nta-lifetime duration;
nta-recheck duration;
nxdomain-redirect string;
parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
pid-file ( quoted_string | none );
port integer;
preferred-glue string;
prefetch integer [ integer ];
provide-ixfr boolean;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
querylog boolean;
random-device ( quoted_string | none );
rate-limit {
all-per-second integer;
errors-per-second integer;
exempt-clients { address_match_element; ... };
ipv4-prefix-length integer;
ipv6-prefix-length integer;
log-only boolean;
max-table-size integer;
min-table-size integer;
nodata-per-second integer;
nxdomains-per-second integer;
qps-scale integer;
referrals-per-second integer;
responses-per-second integer;
slip integer;
window integer;
};
recursing-file quoted_string;
recursion boolean;
recursive-clients integer;
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
require-server-cookie boolean;
reserved-sockets integer;// deprecated
resolver-nonbackoff-tries integer;
resolver-query-timeout integer;
resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
integer;
response-policy { zone string [ add-soa boolean ] [ log
boolean ] [ max-policy-ttl duration ] [ min-update-interval
duration ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
recursive-only boolean ] [ nsip-enable boolean ] [
nsdname-enable boolean ]; ... } [ add-soa boolean ] [
break-dnssec boolean ] [ max-policy-ttl duration ] [
min-update-interval duration ] [ min-ns-dots integer ] [
nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean
] [ qname-wait-recurse boolean ] [ recursive-only boolean ]
[ nsip-enable boolean ] [ nsdname-enable boolean ] [
dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
} ];
reuseport boolean;
root-delegation-only [ exclude { string; ... } ];
root-key-sentinel boolean;
rrset-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
secroots-file quoted_string;
send-cookie boolean;
serial-query-rate integer;
serial-update-method ( date | increment | unixtime );
server-id ( quoted_string | none | hostname );
servfail-ttl duration;
session-keyalg string;
session-keyfile ( quoted_string | none );
session-keyname string;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
sortlist { address_match_element; ... };
stacksize ( default | unlimited | sizeval );
stale-answer-client-timeout ( disabled | off | integer );
stale-answer-enable boolean;
stale-answer-ttl duration;
stale-cache-enable boolean;
stale-refresh-time duration;
startup-notify-rate integer;
statistics-file quoted_string;
synth-from-dnssec boolean;
tcp-advertised-timeout integer;
tcp-clients integer;
tcp-idle-timeout integer;
tcp-initial-timeout integer;
tcp-keepalive-timeout integer;
tcp-listen-queue integer;
tcp-receive-buffer integer;
tcp-send-buffer integer;
tkey-dhkey quoted_string integer;
tkey-domain quoted_string;
tkey-gssapi-credential quoted_string;
tkey-gssapi-keytab quoted_string;
tls-port integer;
transfer-format ( many-answers | one-answer );
transfer-message-size integer;
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers-in integer;
transfers-out integer;
transfers-per-ns integer;
trust-anchor-telemetry boolean; // experimental
try-tcp-refresh boolean;
udp-receive-buffer integer;
udp-send-buffer integer;
update-check-ksk boolean;
use-alt-transfer-source boolean;
use-v4-udp-ports { portrange; ... };
use-v6-udp-ports { portrange; ... };
v6-bias integer;
validate-except { string; ... };
version ( quoted_string | none );
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
zone-statistics ( full | terse | none | boolean );
};
PARENTAL-AGENTS
^^^^^^^^^^^^^^^
::
parental-agents string [ port integer ] [
dscp integer ] { ( remote-servers |
ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key
string ] [ tls string ]; ... };
PLUGIN
^^^^^^
::
plugin ( query ) string [ { unspecified-text
} ];
PRIMARIES
^^^^^^^^^
::
primaries string [ port integer ] [ dscp
integer ] { ( remote-servers |
ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key
string ] [ tls string ]; ... };
SERVER
^^^^^^
::
server netprefix {
bogus boolean;
edns boolean;
edns-udp-size integer;
edns-version integer;
keys server_key;
max-udp-size integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
padding integer;
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
send-cookie boolean;
tcp-keepalive boolean;
tcp-only boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
transfers integer;
};
STATISTICS-CHANNELS
^^^^^^^^^^^^^^^^^^^
::
statistics-channels {
inet ( ipv4_address | ipv6_address |
* ) [ port ( integer | * ) ] [
allow { address_match_element; ...
} ];
};
TLS
^^^
::
tls string {
ca-file quoted_string;
cert-file quoted_string;
ciphers string;
dhparam-file quoted_string;
key-file quoted_string;
prefer-server-ciphers boolean;
protocols { string; ... };
remote-hostname quoted_string;
session-tickets boolean;
};
TRUST-ANCHORS
^^^^^^^^^^^^^
::
trust-anchors { string ( static-key |
initial-key | static-ds | initial-ds )
integer integer integer
quoted_string; ... };
TRUSTED-KEYS
^^^^^^^^^^^^
Deprecated - see DNSSEC-KEYS.
::
trusted-keys { string integer
integer integer
quoted_string; ... };, deprecated
VIEW
^^^^
::
view string [ class ] {
allow-new-zones boolean;
allow-notify { address_match_element; ... };
allow-query { address_match_element; ... };
allow-query-cache { address_match_element; ... };
allow-query-cache-on { address_match_element; ... };
allow-query-on { address_match_element; ... };
allow-recursion { address_match_element; ... };
allow-recursion-on { address_match_element; ... };
allow-transfer [ port integer ] [ transport string ] {
address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
also-notify [ port integer ] [ dscp integer ] { (
remote-servers | ipv4_address [ port integer ] |
ipv6_address [ port integer ] ) [ key string ] [ tls
string ]; ... };
alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
] [ dscp integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
attach-cache string;
auth-nxdomain boolean;
auto-dnssec ( allow | maintain | off );
catalog-zones { zone string [ default-primaries [ port integer
] [ dscp integer ] { ( remote-servers | ipv4_address [
port integer ] | ipv6_address [ port integer ] ) [ key
string ] [ tls string ]; ... } ] [ zone-directory
quoted_string ] [ in-memory boolean ] [ min-update-interval
duration ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity boolean;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling boolean;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard boolean;
clients-per-query integer;
deny-answer-addresses { address_match_element; ... } [
except-from { string; ... } ];
deny-answer-aliases { string; ... } [ except-from { string; ...
} ];
dialup ( notify | notify-passive | passive | refresh | boolean );
disable-algorithms string { string;
... };
disable-ds-digests string { string;
... };
disable-empty-zone string;
dlz string {
database string;
search boolean;
};
dns64 netprefix {
break-dnssec boolean;
clients { address_match_element; ... };
exclude { address_match_element; ... };
mapped { address_match_element; ... };
recursive-only boolean;
suffix ipv6_address;
};
dns64-contact string;
dns64-server string;
dnskey-sig-validity integer;
dnsrps-enable boolean;
dnsrps-options { unspecified-text };
dnssec-accept-expired boolean;
dnssec-dnskey-kskonly boolean;
dnssec-loadkeys-interval integer;
dnssec-must-be-secure string boolean;
dnssec-policy string;
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
integer ] [ dscp integer ] ); ... };
dyndb string quoted_string {
unspecified-text };
edns-udp-size integer;
empty-contact string;
empty-server string;
empty-zones-enable boolean;
fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
fetches-per-server integer [ ( drop | fail ) ];
fetches-per-zone integer [ ( drop | fail ) ];
forward ( first | only );
forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
| ipv6_address ) [ port integer ] [ dscp integer ]; ... };
ipv4only-contact string;
ipv4only-enable boolean;
ipv4only-server string;
ixfr-from-differences ( primary | master | secondary | slave |
boolean );
key string {
algorithm string;
secret string;
};
key-directory quoted_string;
lame-ttl duration;
lmdb-mapsize sizeval;
managed-keys { string (
static-key | initial-key
| static-ds | initial-ds
) integer integer
integer
quoted_string; ... };, deprecated
masterfile-format ( raw | text );
masterfile-style ( full | relative );
match-clients { address_match_element; ... };
match-destinations { address_match_element; ... };
match-recursive-only boolean;
max-cache-size ( default | unlimited | sizeval | percentage );
max-cache-ttl duration;
max-clients-per-query integer;
max-ixfr-ratio ( unlimited | percentage );
max-journal-size ( default | unlimited | sizeval );
max-ncache-ttl duration;
max-records integer;
max-recursion-depth integer;
max-recursion-queries integer;
max-refresh-time integer;
max-retry-time integer;
max-stale-ttl duration;
max-transfer-idle-in integer;
max-transfer-idle-out integer;
max-transfer-time-in integer;
max-transfer-time-out integer;
max-udp-size integer;
max-zone-ttl ( unlimited | duration );
message-compression boolean;
min-cache-ttl duration;
min-ncache-ttl duration;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
multi-master boolean;
new-zones-directory quoted_string;
no-case-compress { address_match_element; ... };
nocookie-udp-size integer;
notify ( explicit | master-only | primary-only | boolean );
notify-delay integer;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
[ dscp integer ];
notify-to-soa boolean;
nta-lifetime duration;
nta-recheck duration;
nxdomain-redirect string;
parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
plugin ( query ) string [ {
unspecified-text } ];
preferred-glue string;
prefetch integer [ integer ];
provide-ixfr boolean;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( ipv4_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
port ( integer | * ) ) ) [ dscp integer ];
rate-limit {
all-per-second integer;
errors-per-second integer;
exempt-clients { address_match_element; ... };
ipv4-prefix-length integer;
ipv6-prefix-length integer;
log-only boolean;
max-table-size integer;
min-table-size integer;
nodata-per-second integer;
nxdomains-per-second integer;
qps-scale integer;
referrals-per-second integer;
responses-per-second integer;
slip integer;
window integer;
};
recursion boolean;
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
require-server-cookie boolean;
resolver-nonbackoff-tries integer;
resolver-query-timeout integer;
resolver-retry-interval integer;
response-padding { address_match_element; ... } block-size
integer;
response-policy { zone string [ add-soa boolean ] [ log
boolean ] [ max-policy-ttl duration ] [ min-update-interval
duration ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
recursive-only boolean ] [ nsip-enable boolean ] [
nsdname-enable boolean ]; ... } [ add-soa boolean ] [
break-dnssec boolean ] [ max-policy-ttl duration ] [
min-update-interval duration ] [ min-ns-dots integer ] [
nsip-wait-recurse boolean ] [ nsdname-wait-recurse boolean
] [ qname-wait-recurse boolean ] [ recursive-only boolean ]
[ nsip-enable boolean ] [ nsdname-enable boolean ] [
dnsrps-enable boolean ] [ dnsrps-options { unspecified-text
} ];
root-delegation-only [ exclude { string; ... } ];
root-key-sentinel boolean;
rrset-order { [ class string ] [ type string ] [ name
quoted_string ] string string; ... };
send-cookie boolean;
serial-update-method ( date | increment | unixtime );
server netprefix {
bogus boolean;
edns boolean;
edns-udp-size integer;
edns-version integer;
keys server_key;
max-udp-size integer;
notify-source ( ipv4_address | * ) [ port ( integer | *
) ] [ dscp integer ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer
| * ) ] [ dscp integer ];
padding integer;
provide-ixfr boolean;
query-source ( ( [ address ] ( ipv4_address | * ) [ port
( integer | * ) ] ) | ( [ [ address ] (
ipv4_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
port ( integer | * ) ] ) | ( [ [ address ] (
ipv6_address | * ) ] port ( integer | * ) ) ) [
dscp integer ];
request-expire boolean;
request-ixfr boolean;
request-nsid boolean;
send-cookie boolean;
tcp-keepalive boolean;
tcp-only boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port (
integer | * ) ] [ dscp integer ];
transfers integer;
};
servfail-ttl duration;
sig-signing-nodes integer;
sig-signing-signatures integer;
sig-signing-type integer;
sig-validity-interval integer [ integer ];
sortlist { address_match_element; ... };
stale-answer-client-timeout ( disabled | off | integer );
stale-answer-enable boolean;
stale-answer-ttl duration;
stale-cache-enable boolean;
stale-refresh-time duration;
synth-from-dnssec boolean;
transfer-format ( many-answers | one-answer );
transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
dscp integer ];
transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
] [ dscp integer ];
trust-anchor-telemetry boolean; // experimental
trust-anchors { string ( static-key |
initial-key | static-ds | initial-ds
) integer integer integer
quoted_string; ... };
trusted-keys { string
integer integer
integer
quoted_string; ... };, deprecated
try-tcp-refresh boolean;
update-check-ksk boolean;
use-alt-transfer-source boolean;
v6-bias integer;
validate-except { string; ... };
zero-no-soa-ttl boolean;
zero-no-soa-ttl-cache boolean;
zone-statistics ( full | terse | none | boolean );
};
ZONE
^^^^
Any of these zone statements can also be set inside the view statement. Any of these zone statements can also be set inside the view statement.
.. include:: ../../doc/misc/primary.zoneopt.rst .. literalinclude:: ../../doc/misc/primary.zoneopt
.. include:: ../../doc/misc/secondary.zoneopt.rst .. literalinclude:: ../../doc/misc/secondary.zoneopt
.. include:: ../../doc/misc/mirror.zoneopt.rst .. literalinclude:: ../../doc/misc/mirror.zoneopt
.. include:: ../../doc/misc/forward.zoneopt.rst .. literalinclude:: ../../doc/misc/forward.zoneopt
.. include:: ../../doc/misc/hint.zoneopt.rst .. literalinclude:: ../../doc/misc/hint.zoneopt
.. include:: ../../doc/misc/redirect.zoneopt.rst .. literalinclude:: ../../doc/misc/redirect.zoneopt
.. include:: ../../doc/misc/static-stub.zoneopt.rst .. literalinclude:: ../../doc/misc/static-stub.zoneopt
.. include:: ../../doc/misc/stub.zoneopt.rst .. literalinclude:: ../../doc/misc/stub.zoneopt
.. include:: ../../doc/misc/delegation-only.zoneopt.rst .. literalinclude:: ../../doc/misc/delegation-only.zoneopt
.. include:: ../../doc/misc/in-view.zoneopt.rst .. literalinclude:: ../../doc/misc/in-view.zoneopt
Files Files
~~~~~ ~~~~~

34
doc/arm/Makefile.am
View File

@@ -62,31 +62,23 @@ EXTRA_DIST = \
tsig.inc.rst \ tsig.inc.rst \
zones.inc.rst \ zones.inc.rst \
_ext/iscconf.py \ _ext/iscconf.py \
_ext/mergegrammar.py \
_ext/namedconf.py \ _ext/namedconf.py \
_ext/rndcconf.py \ _ext/rndcconf.py \
_static/custom.css \ _static/custom.css \
../dnssec-guide \ ../dnssec-guide \
../misc/acl.grammar.rst \ ../misc/options \
../misc/controls.grammar.rst \ ../misc/rndc.grammar \
../misc/delegation-only.zoneopt.rst \ ../misc/delegation-only.zoneopt \
../misc/forward.zoneopt.rst \ ../misc/forward.zoneopt \
../misc/hint.zoneopt.rst \ ../misc/hint.zoneopt \
../misc/in-view.zoneopt.rst \ ../misc/in-view.zoneopt \
../misc/key.grammar.rst \ ../misc/mirror.zoneopt \
../misc/logging.grammar.rst \ ../misc/primary.zoneopt \
../misc/managed-keys.grammar.rst \ ../misc/redirect.zoneopt \
../misc/primary.zoneopt.rst \ ../misc/secondary.zoneopt \
../misc/mirror.zoneopt.rst \ ../misc/static-stub.zoneopt \
../misc/options.grammar.rst \ ../misc/stub.zoneopt \
../misc/parental-agents.grammar.rst \
../misc/primaries.grammar.rst \
../misc/redirect.zoneopt.rst \
../misc/server.grammar.rst \
../misc/secondary.zoneopt.rst \
../misc/static-stub.zoneopt.rst \
../misc/statistics-channels.grammar.rst \
../misc/stub.zoneopt.rst \
../misc/trusted-keys.grammar.rst \
../notes/*.rst ../notes/*.rst
html-local: html-local:

210
doc/arm/_ext/iscconf.py
View File

@@ -34,6 +34,8 @@ from sphinx.util import logging
from sphinx.util.docutils import SphinxDirective from sphinx.util.docutils import SphinxDirective
from sphinx.util.nodes import make_refnode from sphinx.util.nodes import make_refnode
import checkgrammar
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@@ -50,7 +52,7 @@ def split_csv(argument, required):
# pylint: disable=too-many-statements # pylint: disable=too-many-statements
def domain_factory(domainname, domainlabel, todolist): def domain_factory(domainname, domainlabel, todolist, grammar):
""" """
Return parametrized Sphinx domain object. Return parametrized Sphinx domain object.
@param domainname Name used when referencing domain in .rst: e.g. namedconf @param domainname Name used when referencing domain in .rst: e.g. namedconf
@@ -65,11 +67,17 @@ def domain_factory(domainname, domainlabel, todolist):
process_statementlist_nodes() callback. process_statementlist_nodes() callback.
""" """
option_spec = {"filter_tags": lambda arg: split_csv(arg, required=True)} option_spec = {
"filter_blocks": lambda arg: split_csv(arg, required=True),
"filter_tags": lambda arg: split_csv(arg, required=True),
}
def run(self): def run(self):
placeholder = todolist("") placeholder = todolist("")
placeholder["isc_filter_tags"] = set(self.options.get("filter_tags", [])) placeholder["isc_filter_tags"] = set(self.options.get("filter_tags", []))
placeholder["isc_filter_blocks"] = set(
self.options.get("filter_blocks", [])
)
return [placeholder] return [placeholder]
class ISCConfDomain(Domain): class ISCConfDomain(Domain):
@@ -94,8 +102,18 @@ def domain_factory(domainname, domainlabel, todolist):
"tags": lambda arg: split_csv(arg, required=False), "tags": lambda arg: split_csv(arg, required=False),
# one-sentece description for use in summary tables # one-sentece description for use in summary tables
"short": directives.unchanged_required, "short": directives.unchanged_required,
"suppress_grammar": directives.flag,
} }
@property
def isc_name(self):
names = self.get_signatures()
if len(names) != 1:
raise NotImplementedError(
"statements with more than one name are not supported", names
)
return names[0]
def handle_signature(self, sig, signode): def handle_signature(self, sig, signode):
signode += addnodes.desc_name(text=sig) signode += addnodes.desc_name(text=sig)
return sig return sig
@@ -114,6 +132,87 @@ def domain_factory(domainname, domainlabel, todolist):
def isc_short(self): def isc_short(self):
return self.options.get("short", "") return self.options.get("short", "")
def format_path(self, path):
assert path[0] == "_top"
if len(path) == 1:
return "topmost"
return ".".join(path[1:])
def format_paths(self, paths):
zone_types = set()
nozone_paths = []
for path in paths:
try:
zone_idx = path.index("zone")
zone_type_txt = path[zone_idx + 1]
if zone_type_txt.startswith("type "):
zone_types.add(zone_type_txt[len("type ") :])
else:
assert zone_type_txt == "in-view"
zone_types.add(zone_type_txt)
except (ValueError, IndexError):
nozone_paths.append(path)
condensed_paths = nozone_paths[:]
if zone_types:
condensed_paths.append(
("_top", "zone (" + ", ".join(sorted(zone_types)) + ")")
)
condensed_paths = sorted(condensed_paths, key=len)
return list(self.format_path(path) for path in condensed_paths)
def format_blocks(self, grammar_blocks):
"""Generate node with list of all allowed blocks"""
blocks = nodes.paragraph()
blocks += nodes.strong(text="Blocks: ")
blocks += nodes.Text(", ".join(self.format_paths(grammar_blocks)))
return blocks
def format_grammar(self, list_blocks, grammar_grp):
"""
Generate grammar description node, optionally with list of
blocks accepting this particular grammar.
Example: Grammar (block1, block2): grammar;
"""
grammarnode = nodes.paragraph()
if list_blocks:
separator = " "
paths = ", ".join(
self.format_paths(variant.path for variant in grammar_grp)
)
else:
separator = ""
paths = ""
subgrammar = grammar_grp[0].subgrammar
subgrammar_txt = checkgrammar.pformat_grammar(subgrammar).strip()
grammar_txt = subgrammar.get("_pprint_name", self.isc_name)
if subgrammar_txt != ";":
grammar_txt += " "
grammar_txt += subgrammar_txt
if "\n" in grammar_txt.strip():
nodetype = nodes.literal_block
else:
nodetype = nodes.literal
grammarnode += nodes.strong(text=f"Grammar{separator}{paths}: ")
grammarnode += nodetype(text=grammar_txt)
return grammarnode
def format_warnings(self, flags):
"""Return node with a warning box about deprecated and
experimental options"""
warn = nodes.warning()
if "deprecated" in flags:
warn += nodes.paragraph(
text=(
"This option is deprecated and will be removed in a future"
" version of BIND."
)
)
if "experimental" in flags:
warn += nodes.paragraph(
text="This option is experimental and subject to change."
)
return warn
def parse_nested_str(self, instr): def parse_nested_str(self, instr):
"""Parse string as nested rst syntax and produce a node""" """Parse string as nested rst syntax and produce a node"""
raw = nodes.paragraph(text=instr) raw = nodes.paragraph(text=instr)
@@ -132,6 +231,32 @@ def domain_factory(domainname, domainlabel, todolist):
tags += nodes.Text(", ".join(self.isc_tags)) tags += nodes.Text(", ".join(self.isc_tags))
contentnode.insert(0, tags) contentnode.insert(0, tags)
iscconf = self.env.get_domain(domainname)
name = self.isc_name
if name not in iscconf.statement_blocks:
return # not defined in grammar, nothing to render
blocks = self.format_blocks(iscconf.statement_blocks[name])
contentnode.insert(0, blocks)
grammars = iscconf.statement_grammar_groups[name]
multi_grammar = len(grammars) > 1
union_flags = set()
for grammar_grp in grammars:
for one_grammar_dict in grammar_grp:
union_flags = union_flags.union(
set(one_grammar_dict.subgrammar.get("_flags", []))
)
if "suppress_grammar" in self.options:
continue
grammarnode = self.format_grammar(multi_grammar, grammar_grp)
contentnode.insert(0, grammarnode)
warn = self.format_warnings(union_flags)
if len(warn):
contentnode.insert(0, warn)
name = domainname name = domainname
label = domainlabel label = domainlabel
@@ -148,6 +273,14 @@ def domain_factory(domainname, domainlabel, todolist):
indices = {} # no custom indicies indices = {} # no custom indicies
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.grammar = grammar
self.statement_blocks = checkgrammar.statement2block(grammar, ["_top"])
self.statement_grammar_groups = checkgrammar.diff_statements(
self.grammar, self.statement_blocks
)
def get_objects(self): def get_objects(self):
""" """
Sphinx API: Sphinx API:
@@ -206,12 +339,15 @@ def domain_factory(domainname, domainlabel, todolist):
location=(new["docname"], new["lineno"]), location=(new["docname"], new["lineno"]),
) )
def get_statement_name(self, signature):
return "{}.{}.{}".format(domainname, "statement", signature)
def add_statement(self, signature, tags, short, lineno): def add_statement(self, signature, tags, short, lineno):
""" """
Add a new statement to the domain data structures. Add a new statement to the domain data structures.
No visible effect. No visible effect.
""" """
name = "{}.{}.{}".format(domainname, "statement", signature) name = self.get_statement_name(signature)
anchor = "{}-statement-{}".format(domainname, signature) anchor = "{}-statement-{}".format(domainname, signature)
new = { new = {
@@ -258,6 +394,41 @@ def domain_factory(domainname, domainlabel, todolist):
self.log_statement_overlap(new[name], old[name]) self.log_statement_overlap(new[name], old[name])
old.update(new) old.update(new)
def check_consistency(self):
"""Sphinx API"""
defined_statements = set(
obj["signature"] for obj in self.data["statements"].values()
)
statements_in_grammar = set(self.statement_blocks)
missing_statement_sigs = statements_in_grammar.difference(
defined_statements
)
for missing in missing_statement_sigs:
grammars = self.statement_grammar_groups[missing]
if len(grammars) == 1:
flags = grammars[0][0].subgrammar.get("_flags", [])
if ("obsolete" in flags) or ("test only" in flags):
continue
logger.warning(
"statement %s is defined in %s grammar but is not described"
" using .. statement:: directive",
missing,
domainlabel,
)
extra_statement_sigs = defined_statements.difference(statements_in_grammar)
for extra in extra_statement_sigs:
fullname = self.get_statement_name(extra)
desc = self.data["statements"][fullname]
logger.warning(
".. statement:: %s found but matching definition in %s grammar is"
" missing",
extra,
domainlabel,
location=(desc["docname"], desc["lineno"]),
)
@classmethod @classmethod
def process_statementlist_nodes(cls, app, doctree, fromdocname): def process_statementlist_nodes(cls, app, doctree, fromdocname):
""" """
@@ -266,32 +437,33 @@ def domain_factory(domainname, domainlabel, todolist):
of statements. of statements.
""" """
def gen_replacement_table(acceptable_tags): def gen_replacement_table(acceptable_blocks, acceptable_tags):
table_header = [ table_header = [
TableColumn("ref", "Statement"), TableColumn("ref", "Statement"),
TableColumn("short", "Description"), TableColumn("short", "Description"),
] ]
table_b = DictToDocutilsTableBuilder(table_header)
table_b.append_iterable(
sorted(
iscconf.list_all(fromdocname),
key=lambda x: x["fullname"],
)
)
tag_header = [] tag_header = []
if len(acceptable_tags) != 1: if len(acceptable_tags) != 1:
# tags column only if tag filter is not applied # tags column only if tag filter is not applied
tag_header = [ tag_header = [
TableColumn("tags_txt", "Tags"), TableColumn("tags_txt", "Tags"),
] ]
table_b = DictToDocutilsTableBuilder(table_header + tag_header) table_b = DictToDocutilsTableBuilder(table_header + tag_header)
table_b.append_iterable( table_b.append_iterable(
sorted( sorted(
filter( filter(
lambda item: ( lambda item: (
(
not acceptable_tags not acceptable_tags
or item["tags"].intersection(acceptable_tags) or item["tags"].intersection(acceptable_tags)
)
and (
not acceptable_blocks
or item["block_names"].intersection(
acceptable_blocks
)
)
), ),
iscconf.list_all(fromdocname), iscconf.list_all(fromdocname),
), ),
@@ -305,10 +477,17 @@ def domain_factory(domainname, domainlabel, todolist):
for node in doctree.traverse(todolist): for node in doctree.traverse(todolist):
acceptable_tags = node["isc_filter_tags"] acceptable_tags = node["isc_filter_tags"]
node.replace_self(gen_replacement_table(acceptable_tags)) acceptable_blocks = node["isc_filter_blocks"]
node.replace_self(
gen_replacement_table(acceptable_blocks, acceptable_tags)
)
def list_all(self, fromdocname): def list_all(self, fromdocname):
for statement in self.data["statements"].values(): for statement in self.data["statements"].values():
block_names = set(
path[-1]
for path in self.statement_blocks.get(statement["signature"], [])
)
tags_txt = ", ".join(statement["tags"]) tags_txt = ", ".join(statement["tags"])
refpara = nodes.inline() refpara = nodes.inline()
@@ -323,6 +502,7 @@ def domain_factory(domainname, domainlabel, todolist):
) )
copy = statement.copy() copy = statement.copy()
copy["block_names"] = block_names
copy["ref"] = refpara copy["ref"] = refpara
copy["tags_txt"] = tags_txt copy["tags_txt"] = tags_txt
yield copy yield copy
@@ -388,12 +568,12 @@ class DictToDocutilsTableBuilder:
return self.table return self.table
def setup(app, domainname, confname, docutilsplaceholder): def setup(app, domainname, confname, docutilsplaceholder, grammar):
""" """
Install new parametrized Sphinx domain. Install new parametrized Sphinx domain.
""" """
Conf = domain_factory(domainname, confname, docutilsplaceholder) Conf = domain_factory(domainname, confname, docutilsplaceholder, grammar)
app.add_domain(Conf) app.add_domain(Conf)
app.connect("doctree-resolved", Conf.process_statementlist_nodes) app.connect("doctree-resolved", Conf.process_statementlist_nodes)

63
doc/arm/_ext/mergegrammar.py Normal file
View File

@@ -0,0 +1,63 @@
############################################################################
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
############################################################################
# Depends on CWD - Sphinx plugin
import json
from pathlib import Path
import parsegrammar
def read_zone():
zone_grammars = {}
for file in Path("../misc/").glob("*.zoneopt"):
# in-view is not really a zone type
if file.stem == "in-view":
zone_type = "in-view"
else:
zone_type = f"type {file.stem}"
with file.open(encoding="ascii") as fp:
zonegrammar = parsegrammar.parse_mapbody(fp)
assert len(zonegrammar) == 1
assert "zone" in zonegrammar
zone_grammars[zone_type] = zonegrammar["zone"]
zone_grammars[zone_type]["_pprint_name"] = "zone"
return {"zone": {"_mapbody": zone_grammars, "_ignore_this_level": True}}
def read_main():
with Path("../misc/options").open(encoding="ascii") as fp:
optgrammar = parsegrammar.parse_mapbody(fp)
return optgrammar
def combine():
zones = read_zone()
assert zones
rest = read_main()
assert rest
rest.update(zones)
# this is a terrible hack
# but cfg_test cannot print zone grammars inside view
rest["view"]["_mapbody"].update(zones)
return rest
if __name__ == "__main__":
full_grammar = combine()
print(json.dumps(full_grammar))

6
doc/arm/_ext/namedconf.py
View File

@@ -18,6 +18,7 @@ Sphinx domain "namedconf". See iscconf.py for details.
from docutils import nodes from docutils import nodes
import iscconf import iscconf
import mergegrammar
class ToBeReplacedStatementList(nodes.General, nodes.Element): class ToBeReplacedStatementList(nodes.General, nodes.Element):
@@ -28,4 +29,7 @@ class ToBeReplacedStatementList(nodes.General, nodes.Element):
def setup(app): def setup(app):
return iscconf.setup(app, "namedconf", "named.conf", ToBeReplacedStatementList) grammar = mergegrammar.combine()
return iscconf.setup(
app, "namedconf", "named.conf", ToBeReplacedStatementList, grammar
)

7
doc/arm/_ext/rndcconf.py
View File

@@ -18,6 +18,7 @@ Sphinx domain "rndcconf". See iscconf.py for details.
from docutils import nodes from docutils import nodes
import iscconf import iscconf
import parsegrammar
class ToBeReplacedStatementList(nodes.General, nodes.Element): class ToBeReplacedStatementList(nodes.General, nodes.Element):
@@ -28,4 +29,8 @@ class ToBeReplacedStatementList(nodes.General, nodes.Element):
def setup(app): def setup(app):
return iscconf.setup(app, "rndcconf", "rndc.conf", ToBeReplacedStatementList) with open("../misc/rndc.grammar", encoding="utf-8") as filein:
grammar = parsegrammar.parse_mapbody(filein)
return iscconf.setup(
app, "rndcconf", "rndc.conf", ToBeReplacedStatementList, grammar
)

1
doc/arm/conf.py
View File

@@ -104,6 +104,7 @@ def setup(app):
# documentation root, make it absolute. # documentation root, make it absolute.
# #
sys.path.append(str(Path(__file__).resolve().parent / "_ext")) sys.path.append(str(Path(__file__).resolve().parent / "_ext"))
sys.path.append(str(Path(__file__).resolve().parent.parent / "misc"))
# -- Project information ----------------------------------------------------- # -- Project information -----------------------------------------------------

10
doc/arm/dlz.inc.rst
View File

@@ -46,9 +46,13 @@ A DLZ database is configured with a ``dlz`` statement in :iscman:`named.conf`:
This specifies a DLZ module to search when answering queries; the module This specifies a DLZ module to search when answering queries; the module
is implemented in ``driver.so`` and is loaded at runtime by the dlopen is implemented in ``driver.so`` and is loaded at runtime by the dlopen
DLZ driver. Multiple ``dlz`` statements can be specified; when answering DLZ driver. Multiple ``dlz`` statements can be specified.
a query, all DLZ modules with ``search`` set to ``yes`` are queried
to see whether they contain an answer for the query name. The best
.. namedconf:statement:: search
When answering a query, all DLZ modules with ``search`` set to ``yes`` are
queried to see whether they contain an answer for the query name. The best
available answer is returned to the client. available answer is returned to the client.
The ``search`` option in the above example can be omitted, because The ``search`` option in the above example can be omitted, because

38
doc/arm/dns-ops.inc.rst
View File

@@ -117,9 +117,6 @@ server.
.. rndcconf:statement:: options .. rndcconf:statement:: options
The ``options`` statement has three clauses: ``default-server``,
``default-key``, and ``default-port``.
.. rndcconf:statement:: default-server .. rndcconf:statement:: default-server
``default-server`` takes a ``default-server`` takes a
@@ -137,6 +134,14 @@ server.
:iscman:`rndc` should connect if no port is given on the command line or in :iscman:`rndc` should connect if no port is given on the command line or in
a ``server`` statement. a ``server`` statement.
.. rndcconf:statement:: default-source-address
.. rndcconf:statement:: default-source-address-v6
``default-source-address`` and ``default-source-address-v6`` specify
the IPv4 and IPv6 source address used to communicate with the server
if no address is given on the command line or in a
:rndcconf:ref:`server` block.
.. rndcconf:statement:: key .. rndcconf:statement:: key
The ``key`` statement defines a key to be used by :iscman:`rndc` when The ``key`` statement defines a key to be used by :iscman:`rndc` when
@@ -160,12 +165,27 @@ server.
.. rndcconf:statement:: server .. rndcconf:statement:: server
The ``server`` statement associates a key defined using the ``key`` The ``server`` statement specifies connection parameters for a given server.
statement with a server. The keyword ``server`` is followed by a host The server can be specified as a host name or address.
name or address. The ``server`` statement has two clauses: ``key``
and ``port``. The ``key`` clause specifies the name of the key to be .. rndcconf:statement:: addresses
used when communicating with this server, and the ``port`` clause can
be used to specify the port :iscman:`rndc` should connect to on the server. Specifies one or more addresses to use when communicating with this
server.
:rndcconf:ref:`key`
Associates a key defined using the :rndcconf:ref:`key` statement with a
server.
.. rndcconf:statement:: port
Specifes the port :iscman:`rndc` should connect to on the server.
.. rndcconf:statement:: source-address
.. rndcconf:statement:: source-address-v6
Overrides :rndcconf:ref:`default-source-address` and
:rndcconf:ref:`default-source-address-v6` for this specific server.
A sample minimal configuration file is as follows: A sample minimal configuration file is as follows:

90
doc/arm/reference.rst
View File

@@ -44,8 +44,8 @@ The file :file:`named.conf` may contain three types of entities:
- Statements define and control specific BIND behaviors. - Statements define and control specific BIND behaviors.
- Statements may have a single parameter (a **Value**) or multiple parameters - Statements may have a single parameter (a **Value**) or multiple parameters
(**Argument/Value** pairs). For example, the :any:`recursion` statement takes a (**Argument/Value** pairs). For example, the :any:`recursion` statement takes a
single value parameter which, in this case, is the string ``yes`` or ``no`` single value parameter - in this case, the string ``yes`` or ``no``
(``recursion yes;``) whereas the :any:`port` statement takes a numeric value (``recursion yes;``) - while the :namedconf:ref:`port` statement takes a numeric value
defining the DNS port number (``port 53;``). More complex statements take one or defining the DNS port number (``port 53;``). More complex statements take one or
more argument/value pairs. The :any:`also-notify` statement may take a number more argument/value pairs. The :any:`also-notify` statement may take a number
of such argument/value pairs, such as ``also-notify port 5353;``, of such argument/value pairs, such as ``also-notify port 5353;``,
@@ -313,10 +313,12 @@ file documentation:
When specifying a prefix involving an IPv6-scoped address, the scope may be omitted. In that case, the prefix matches packets from any scope. When specifying a prefix involving an IPv6-scoped address, the scope may be omitted. In that case, the prefix matches packets from any scope.
``key_id`` ``key_id``
A ``domain_name`` representing the name of a shared key, to be used for transaction security. A ``domain_name`` representing the name of a shared key, to be used for
:ref:`transaction security <tsig>`. Keys are defined using
:namedconf:ref:`key` blocks.
``key_list`` ``key_list``
A list of one or more ``key_id``, separated by semicolons and ending with a semicolon. A list of one or more :term:`key_id` s, separated by semicolons and ending with a semicolon.
``tls_id`` ``tls_id``
A string representing a TLS configuration object, including a key and certificate. A string representing a TLS configuration object, including a key and certificate.
@@ -427,8 +429,6 @@ configuration.
.. namedconf:statement:: acl .. namedconf:statement:: acl
.. include:: ../misc/acl.grammar.rst
.. _acl: .. _acl:
``acl`` Statement Definition and Usage ``acl`` Statement Definition and Usage
@@ -458,8 +458,6 @@ The following ACLs are built-in:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: controls .. namedconf:statement:: controls
.. include:: ../misc/controls.grammar.rst
.. _controls_statement_definition_and_usage: .. _controls_statement_definition_and_usage:
``controls`` Statement Definition and Usage ``controls`` Statement Definition and Usage
@@ -504,8 +502,8 @@ and retrieve non-DNS results from a name server.
``keys`` ``keys``
The primary authorization mechanism of the command channel is the The primary authorization mechanism of the command channel is the
``key_list``, which contains a list of ``key_id``s. Each ``key_id`` in :term:`key_list`, which contains a list of :term:`key_id` s. Each
the ``key_list`` is authorized to execute commands over the control :namedconf:ref:`key` is authorized to execute commands over the control
channel. See :ref:`admin_tools` for information about channel. See :ref:`admin_tools` for information about
configuring keys in :iscman:`rndc`. configuring keys in :iscman:`rndc`.
@@ -534,8 +532,6 @@ To disable the command channel, use an empty ``controls`` statement:
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: key .. namedconf:statement:: key
.. include:: ../misc/key.grammar.rst
.. _key_statement: .. _key_statement:
``key`` Statement Definition and Usage ``key`` Statement Definition and Usage
@@ -576,8 +572,6 @@ matching this name, algorithm, and secret.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: logging .. namedconf:statement:: logging
.. include:: ../misc/logging.grammar.rst
.. _logging_statement: .. _logging_statement:
``logging`` Statement Definition and Usage ``logging`` Statement Definition and Usage
@@ -986,8 +980,6 @@ responses such as NXDOMAIN.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: parental-agents .. namedconf:statement:: parental-agents
.. include:: ../misc/parental-agents.grammar.rst
.. _parental_agents_statement: .. _parental_agents_statement:
``parental-agents`` Statement Definition and Usage ``parental-agents`` Statement Definition and Usage
@@ -1004,8 +996,6 @@ change its delegation information (defined in :rfc:`7344`).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: primaries .. namedconf:statement:: primaries
.. include:: ../misc/primaries.grammar.rst
.. _primaries_statement: .. _primaries_statement:
``primaries`` Statement Definition and Usage ``primaries`` Statement Definition and Usage
@@ -1043,8 +1033,6 @@ where ``tls-configuration-name`` refers to a previously defined
This is the grammar of the ``options`` statement in the :iscman:`named.conf` This is the grammar of the ``options`` statement in the :iscman:`named.conf`
file: file:
.. include:: ../misc/options.grammar.rst
.. _options: .. _options:
``options`` Statement Definition and Usage ``options`` Statement Definition and Usage
@@ -1703,6 +1691,20 @@ default is used.
suffix ::; suffix ::;
}; };
.. namedconf:statement:: ipv4only-enable
This enables or disables automatic zones ``ipv4only.arpa``,
``170.0.0.192.in-addr.arpa``, and ``171.0.0.192.in-addr.arpa``.
By default these zones are loaded if :any:`dns64` is configured.
.. namedconf:statement:: ipv4only-server
.. namedconf:statement:: ipv4only-contact
``ipv4only-server`` and ``ipv4only-contact`` can be used to specify the name
of the server and contact for the IPV4ONLY.ARPA zone created by
:any:`dns64`.
.. namedconf:statement:: dnssec-loadkeys-interval .. namedconf:statement:: dnssec-loadkeys-interval
When a zone is configured with ``auto-dnssec maintain;``, its key When a zone is configured with ``auto-dnssec maintain;``, its key
@@ -5207,8 +5209,6 @@ redirect zone is tried first.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: server .. namedconf:statement:: server
.. include:: ../misc/server.grammar.rst
.. _server_statement_definition_and_usage: .. _server_statement_definition_and_usage:
``server`` Statement Definition and Usage ``server`` Statement Definition and Usage
@@ -5279,9 +5279,17 @@ any top-level ``server`` statements are used as defaults.
specified, the limit is set according to the ``transfers-per-ns`` specified, the limit is set according to the ``transfers-per-ns``
option. option.
``keys`` .. namedconf:statement:: keys
The option identifies a ``key_id`` defined by the ``key`` :suppress_grammar:
statement, to be used for transaction security (see :ref:`tsig`)
.. warning::
Not to be confused with ``keys`` in :any:`dnssec-policy` specification.
Although statements with the same name exist in both contexts, they refer
to fundamentally incompatible concepts.
In the context of a :namedconf:ref:`server` block, the option identifies a
:term:`key_id` defined by the :namedconf:ref:`key` statement, to be used for
transaction security (see :ref:`tsig`)
when talking to the remote server. When a request is sent to the remote when talking to the remote server. When a request is sent to the remote
server, a request signature is generated using the key specified server, a request signature is generated using the key specified
here and appended to the message. A request originating from the remote here and appended to the message. A request originating from the remote
@@ -5314,8 +5322,6 @@ and :namedconf:ref:`options` blocks:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: statistics-channels .. namedconf:statement:: statistics-channels
.. include:: ../misc/statistics-channels.grammar.rst
.. _statistics_channels: .. _statistics_channels:
``statistics-channels`` Statement Definition and Usage ``statistics-channels`` Statement Definition and Usage
@@ -5386,8 +5392,6 @@ statistics), and http://127.0.0.1:8888/json/v1/traffic (traffic sizes).
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: tls .. namedconf:statement:: tls
.. include:: ../misc/tls.grammar.rst
``tls`` Statement Definition and Usage ``tls`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -5573,8 +5577,6 @@ issues related to shared cryptographic secrets.
~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: http .. namedconf:statement:: http
.. include:: ../misc/http.grammar.rst
``http`` Statement Definition and Usage ``http`` Statement Definition and Usage
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -5629,8 +5631,6 @@ all local addresses:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: trust-anchors .. namedconf:statement:: trust-anchors
.. include:: ../misc/trust-anchors.grammar.rst
.. _trust-anchors: .. _trust-anchors:
``trust-anchors`` Statement Definition and Usage ``trust-anchors`` Statement Definition and Usage
@@ -5777,8 +5777,6 @@ can be found, the initializing key is also compiled directly into
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: dnssec-policy .. namedconf:statement:: dnssec-policy
.. include:: ../misc/dnssec-policy.grammar.rst
.. _dnssec_policy: .. _dnssec_policy:
``dnssec-policy`` Statement Definition and Usage ``dnssec-policy`` Statement Definition and Usage
@@ -6046,8 +6044,6 @@ The following options apply to DS queries sent to ``parental-agents``:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: managed-keys .. namedconf:statement:: managed-keys
.. include:: ../misc/managed-keys.grammar.rst
.. _managed_keys: .. _managed_keys:
``managed-keys`` Statement Definition and Usage ``managed-keys`` Statement Definition and Usage
@@ -6063,8 +6059,6 @@ with the ``initial-key`` keyword.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: trusted-keys .. namedconf:statement:: trusted-keys
.. include:: ../misc/trusted-keys.grammar.rst
.. _trusted_keys: .. _trusted_keys:
``trusted-keys`` Statement Definition and Usage ``trusted-keys`` Statement Definition and Usage
@@ -6109,8 +6103,9 @@ run multiple servers.
``address_match_list`` of the view's ``match-destinations`` clause. If ``address_match_list`` of the view's ``match-destinations`` clause. If
not specified, both ``match-clients`` and ``match-destinations`` default not specified, both ``match-clients`` and ``match-destinations`` default
to matching all addresses. In addition to checking IP addresses, to matching all addresses. In addition to checking IP addresses,
``match-clients`` and ``match-destinations`` can also take ``keys`` ``match-clients`` and ``match-destinations`` can also take the name of a
which provide an mechanism for the client to select the view. TSIG :namedconf:ref:`key`, which provides a mechanism for the client to select
the view.
.. namedconf:statement:: match-recursive-only .. namedconf:statement:: match-recursive-only
@@ -6186,17 +6181,7 @@ Here is an example of a typical split DNS setup implemented using
``zone`` Statement Grammar ``zone`` Statement Grammar
~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~
.. namedconf:statement:: zone .. namedconf:statement:: zone
:suppress_grammar:
.. include:: ../misc/primary.zoneopt.rst
.. include:: ../misc/secondary.zoneopt.rst
.. include:: ../misc/mirror.zoneopt.rst
.. include:: ../misc/hint.zoneopt.rst
.. include:: ../misc/stub.zoneopt.rst
.. include:: ../misc/static-stub.zoneopt.rst
.. include:: ../misc/forward.zoneopt.rst
.. include:: ../misc/redirect.zoneopt.rst
.. include:: ../misc/delegation-only.zoneopt.rst
.. include:: ../misc/in-view.zoneopt.rst
.. _zone_statement: .. _zone_statement:
@@ -6210,6 +6195,7 @@ Here is an example of a typical split DNS setup implemented using
Zone Types Zone Types
^^^^^^^^^^ ^^^^^^^^^^
.. namedconf:statement:: type .. namedconf:statement:: type
:suppress_grammar:
The ``type`` keyword is required for the ``zone`` configuration unless The ``type`` keyword is required for the ``zone`` configuration unless
it is an ``in-view`` configuration. Its acceptable values are: it is an ``in-view`` configuration. Its acceptable values are:

1
doc/man/Makefile.am
View File

@@ -55,6 +55,7 @@ MANPAGES_RST = \
../../bin/dnssec/dnssec-settime.rst \ ../../bin/dnssec/dnssec-settime.rst \
../../bin/dnssec/dnssec-signzone.rst \ ../../bin/dnssec/dnssec-signzone.rst \
../../bin/dnssec/dnssec-verify.rst \ ../../bin/dnssec/dnssec-verify.rst \
../../bin/named/named.conf.rst \
../../bin/named/named.rst \ ../../bin/named/named.rst \
../../bin/nsupdate/nsupdate.rst \ ../../bin/nsupdate/nsupdate.rst \
../../bin/plugins/filter-aaaa.rst \ ../../bin/plugins/filter-aaaa.rst \

1450
doc/man/named.conf.5in
View File

File diff suppressed because it is too large Load Diff

142
doc/misc/Makefile.am
View File

@@ -2,8 +2,8 @@ include $(top_srcdir)/Makefile.top
include $(top_srcdir)/Makefile.docs include $(top_srcdir)/Makefile.docs
OPTIONS_FILES = \ OPTIONS_FILES = \
rndc.grammar \
options \ options \
options.active \
primary.zoneopt \ primary.zoneopt \
secondary.zoneopt \ secondary.zoneopt \
mirror.zoneopt \ mirror.zoneopt \
@@ -13,40 +13,12 @@ OPTIONS_FILES = \
static-stub.zoneopt \ static-stub.zoneopt \
redirect.zoneopt \ redirect.zoneopt \
delegation-only.zoneopt \ delegation-only.zoneopt \
in-view.zoneopt \ in-view.zoneopt
../../bin/named/named.conf.rst \
primary.zoneopt.rst \
secondary.zoneopt.rst \
mirror.zoneopt.rst \
forward.zoneopt.rst \
hint.zoneopt.rst \
stub.zoneopt.rst \
static-stub.zoneopt.rst \
redirect.zoneopt.rst \
delegation-only.zoneopt.rst \
in-view.zoneopt.rst \
acl.grammar.rst \
controls.grammar.rst \
dnssec-policy.grammar.rst \
key.grammar.rst \
logging.grammar.rst \
primaries.grammar.rst \
options.grammar.rst \
server.grammar.rst \
statistics-channels.grammar.rst \
tls.grammar.rst \
trust-anchors.grammar.rst \
managed-keys.grammar.rst \
trusted-keys.grammar.rst \
http.grammar.rst \
parental-agents.grammar.rst
EXTRA_DIST = \ EXTRA_DIST = \
$(OPTIONS_FILES) \ $(OPTIONS_FILES) \
format-options.pl \ checkgrammar.py \
rst-grammars.pl \ parsegrammar.py \
rst-options.pl \
rst-zoneopt.pl \
sort-options.pl sort-options.pl
if MAINTAINER_MODE if MAINTAINER_MODE
@@ -69,118 +41,40 @@ cfg_test_LDADD = \
BUILT_SOURCES = \ BUILT_SOURCES = \
$(OPTIONS_FILES) $(OPTIONS_FILES)
options: cfg_test rndc.grammar: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --rndc --grammar | $(PERL) $(srcdir)/sort-options.pl > $@
options.active: cfg_test options: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar --active | $(PERL) $(srcdir)/sort-options.pl | $(PERL) $(srcdir)/format-options.pl --strip-not-configured > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --named --grammar | $(PERL) $(srcdir)/sort-options.pl > $@
primary.zoneopt: cfg_test primary.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar primary > $@
secondary.zoneopt: cfg_test secondary.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar secondary > $@
mirror.zoneopt: cfg_test mirror.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar mirror > $@
forward.zoneopt: cfg_test forward.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar forward > $@
hint.zoneopt: cfg_test hint.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar hint > $@
stub.zoneopt: cfg_test stub.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar stub > $@
static-stub.zoneopt: cfg_test static-stub.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar static-stub > $@
redirect.zoneopt: cfg_test redirect.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar redirect > $@
delegation-only.zoneopt: cfg_test delegation-only.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar delegation-only > $@
in-view.zoneopt: cfg_test in-view.zoneopt: cfg_test
$(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view --active > $@ $(AM_V_CFG_TEST)$(builddir)/cfg_test --zonegrammar in-view > $@
../../bin/named/named.conf.rst: options.active rst-options.pl delegation-only.zoneopt.rst forward.zoneopt.rst hint.zoneopt.rst in-view.zoneopt.rst mirror.zoneopt.rst primary.zoneopt.rst redirect.zoneopt.rst secondary.zoneopt.rst static-stub.zoneopt.rst stub.zoneopt.rst
$(AM_V_RST_OPTIONS)$(PERL) $(srcdir)/rst-options.pl options.active > $@
primary.zoneopt.rst: primary.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl primary.zoneopt > $@
secondary.zoneopt.rst: secondary.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl secondary.zoneopt > $@
mirror.zoneopt.rst: mirror.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl mirror.zoneopt > $@
forward.zoneopt.rst: forward.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl forward.zoneopt > $@
hint.zoneopt.rst: hint.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl hint.zoneopt > $@
stub.zoneopt.rst: stub.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl stub.zoneopt > $@
static-stub.zoneopt.rst: static-stub.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl static-stub.zoneopt > $@
redirect.zoneopt.rst: redirect.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl redirect.zoneopt > $@
delegation-only.zoneopt.rst: delegation-only.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl delegation-only.zoneopt > $@
in-view.zoneopt.rst: in-view.zoneopt rst-zoneopt.pl
$(AM_V_RST_ZONEOPT)$(PERL) $(srcdir)/rst-zoneopt.pl in-view.zoneopt > $@
acl.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active acl > $@
controls.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active controls > $@
dnssec-policy.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active dnssec-policy > $@
key.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active key > $@
logging.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active logging > $@
primaries.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active primaries > $@
options.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active options > $@
server.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active server > $@
statistics-channels.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active statistics-channels > $@
tls.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active tls > $@
trust-anchors.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trust-anchors > $@
managed-keys.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active managed-keys > $@
trusted-keys.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active trusted-keys > $@
http.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active http > $@
parental-agents.grammar.rst: options.active rst-grammars.pl
$(AM_V_RST_GRAMMARS)$(PERL) $(srcdir)/rst-grammars.pl options.active parental-agents > $@
endif endif

14
doc/misc/acl.grammar.rst
View File

@@ -1,14 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
acl <string> { <address_match_element>; ... };

167
doc/misc/checkgrammar.py Normal file
View File

@@ -0,0 +1,167 @@
############################################################################
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
############################################################################
"""
Utility to check ISC config grammar consistency. It detects statement names
which use different grammar depending on position in the configuration file.
E.g. "max-zone-ttl" in dnssec-policy uses '<duration>'
vs. '( unlimited | <duration> ) used in options.
"""
from collections import namedtuple
from itertools import groupby
import fileinput
import parsegrammar
def statement2block(grammar, path):
"""Return mapping statement name to "path" where it is allowed.
_top is placeholder name for the namesless topmost context.
E.g. {
'options: [('_top',)],
'server': [('_top', 'view'), ('_top',)],
'rate-limit': [('_top', 'options'), ('_top', 'view')],
'slip': [('_top', 'options', 'rate-limit'), ('_top', 'view', 'rate-limit')]
}
"""
key2place = {}
for key in grammar:
assert not key.startswith("_")
key2place.setdefault(key, []).append(tuple(path))
if "_mapbody" in grammar[key]:
nested2block = statement2block(grammar[key]["_mapbody"], path + [key])
# merge to uppermost output dictionary
for nested_key, nested_path in nested2block.items():
key2place.setdefault(nested_key, []).extend(nested_path)
return key2place
def get_statement_grammar(grammar, path, name):
"""Descend into grammar dict using provided path
and return final dict found there.
Intermediate steps into "_mapbody" subkeys are done automatically.
"""
assert path[0] == "_top"
path = list(path) + [name]
for step in path[1:]:
if "_mapbody" in grammar:
grammar = grammar["_mapbody"]
grammar = grammar[step]
return grammar
Statement = namedtuple("Statement", ["path", "name", "subgrammar"])
def groupby_grammar(statements):
"""
Return groups of Statement tuples with identical grammars and flags.
See itertools.groupby.
"""
def keyfunc(statement):
return sorted(statement.subgrammar.items())
groups = []
statements = sorted(statements, key=keyfunc)
for _key, group in groupby(statements, keyfunc):
groups.append(list(group)) # Store group iterator as a list
return groups
def diff_statements(whole_grammar, places):
"""
Return map {statement name: [groups of [Statement]s with identical grammar].
"""
out = {}
for statement_name, paths in places.items():
grammars = []
for path in paths:
statement_grammar = get_statement_grammar(
whole_grammar, path, statement_name
)
grammars.append(Statement(path, statement_name, statement_grammar))
groups = groupby_grammar(grammars)
out[statement_name] = groups
return out
def pformat_grammar(node, level=1):
"""Pretty print a given grammar node in the same way as cfg_test would"""
def sortkey(item):
"""Treat 'type' specially and always put it first, for zone types"""
key, _ = item
if key == "type":
return ""
return key
if "_grammar" in node: # no nesting
assert "_id" not in node
assert "_mapbody" not in node
out = node["_grammar"] + ";"
if "_flags" in node:
out += " // " + ", ".join(node["_flags"])
return out + "\n"
# a nested map
out = ""
indent = level * "\t"
if not node.get("_ignore_this_level"):
if "_id" in node:
out += node["_id"] + " "
out += "{\n"
for key, subnode in sorted(node["_mapbody"].items(), key=sortkey):
if not subnode.get("_ignore_this_level"):
out += f"{indent}{subnode.get('_pprint_name', key)}"
inner_grammar = pformat_grammar(node["_mapbody"][key], level=level + 1)
else: # act as if we were not in a map
inner_grammar = pformat_grammar(node["_mapbody"][key], level=level)
if inner_grammar[0] != ";": # we _did_ find some arguments
out += " "
out += inner_grammar
if not node.get("_ignore_this_level"):
out += indent[:-1] + "};" # unindent the closing bracket
if "_flags" in node:
out += " // " + ", ".join(node["_flags"])
return out + "\n"
def main():
"""
Ingest output from cfg_test --grammar and print out statements which use
different grammar in different contexts.
"""
with fileinput.input() as filein:
grammar = parsegrammar.parse_mapbody(filein)
places = statement2block(grammar, ["_top"])
for statementname, groups in diff_statements(grammar, places).items():
if len(groups) > 1:
print(f'statement "{statementname}" is inconsistent across blocks')
for group in groups:
print(
"- path:", ", ".join(" -> ".join(variant.path) for variant in group)
)
print(" ", pformat_grammar(group[0].subgrammar, level=1))
print()
if __name__ == "__main__":
main()

24
doc/misc/controls.grammar.rst
View File

@@ -1,24 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
controls {
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] allow
{ <address_match_element>; ... } [
keys { <string>; ... } ] [ read-only
<boolean> ];
unix <quoted_string> perm <integer>
owner <integer> group <integer> [
keys { <string>; ... } ] [ read-only
<boolean> ];
};

16
doc/misc/delegation-only.zoneopt.rst
View File

@@ -1,16 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type delegation-only;
};

30
doc/misc/dnssec-policy.grammar.rst
View File

@@ -1,30 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
dnssec-policy <string> {
dnskey-ttl <duration>;
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
<duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
max-zone-ttl <duration>;
nsec3param [ iterations <integer> ] [ optout <boolean> ] [
salt-length <integer> ];
parent-ds-ttl <duration>;
parent-propagation-delay <duration>;
publish-safety <duration>;
purge-keys <duration>;
retire-safety <duration>;
signatures-refresh <duration>;
signatures-validity <duration>;
signatures-validity-dnskey <duration>;
zone-propagation-delay <duration>;
};

51
doc/misc/format-options.pl
View File

@@ -1,51 +0,0 @@
#!/usr/bin/perl
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
use Getopt::Long;
my $strip_not_configured = '';
GetOptions ('strip-not-configured' => \$strip_not_configured);
print <<END;
This is a summary of the named.conf options supported by
this version of BIND 9.
END
# Break long lines
while (<>) {
chomp;
s/\t/ /g;
my $line = $_;
m!^( *)!;
my $indent = $1;
my $comment = "";
$line =~ s! // not configured,! //! if $strip_not_configured;
$line =~ s! // not configured!! if $strip_not_configured;
if ( $line =~ m!//.*! ) {
$comment = $&;
$line =~ s!//.*!!;
}
my $start = "";
while (length($line) >= 79 - length($comment)) {
$_ = $line;
# this makes sure that the comment has something in front of it
$len = 75 - length($comment);
m!^(.{0,$len}) (.*)$!;
$start = $start.$1."\n";
$line = $indent." ".$2;
}
print $start.$line.$comment."\n";
}

19
doc/misc/forward.zoneopt.rst
View File

@@ -1,19 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type forward;
delegation-only <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
};

19
doc/misc/hint.zoneopt.rst
View File

@@ -1,19 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type hint;
check-names ( fail | warn | ignore );
delegation-only <boolean>;
file <quoted_string>;
};

18
doc/misc/http.grammar.rst
View File

@@ -1,18 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
http <string> {
endpoints { <quoted_string>; ... };
listener-clients <integer>;
streams-per-connection <integer>;
};

16
doc/misc/in-view.zoneopt.rst
View File

@@ -1,16 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
in-view <string>;
};

17
doc/misc/key.grammar.rst
View File

@@ -1,17 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
key <string> {
algorithm <string>;
secret <string>;
};

28
doc/misc/logging.grammar.rst
View File

@@ -1,28 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
logging {
category <string> { <string>; ... };
channel <string> {
buffered <boolean>;
file <quoted_string> [ versions ( unlimited | <integer> ) ]
[ size <size> ] [ suffix ( increment | timestamp ) ];
null;
print-category <boolean>;
print-severity <boolean>;
print-time ( iso8601 | iso8601-utc | local | <boolean> );
severity <log_severity>;
stderr;
syslog [ <syslog_facility> ];
};
};

17
doc/misc/managed-keys.grammar.rst
View File

@@ -1,17 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
managed-keys { <string> ( static-key
| initial-key | static-ds |
initial-ds ) <integer> <integer>
<integer> <quoted_string>; ... };, deprecated

56
doc/misc/mirror.zoneopt.rst
View File

@@ -1,56 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type mirror;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
check-names ( fail | warn | ignore );
database <string>;
file <quoted_string>;
ixfr-from-differences <boolean>;
journal <quoted_string>;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

360
doc/misc/options
View File

@@ -1,19 +1,8 @@
This is a summary of the named.conf options supported by
this version of BIND 9.
acl <string> { <address_match_element>; ... }; // may occur multiple times acl <string> { <address_match_element>; ... }; // may occur multiple times
controls { controls {
inet ( <ipv4_address> | <ipv6_address> | inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
* ) [ port ( <integer> | * ) ] allow unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
{ <address_match_element>; ... } [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
unix <quoted_string> perm <integer>
owner <integer> group <integer> [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
}; // may occur multiple times }; // may occur multiple times
dlz <string> { dlz <string> {
@@ -23,11 +12,9 @@ dlz <string> {
dnssec-policy <string> { dnssec-policy <string> {
dnskey-ttl <duration>; dnskey-ttl <duration>;
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
<duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
max-zone-ttl <duration>; max-zone-ttl <duration>;
nsec3param [ iterations <integer> ] [ optout <boolean> ] [ nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
salt-length <integer> ];
parent-ds-ttl <duration>; parent-ds-ttl <duration>;
parent-propagation-delay <duration>; parent-propagation-delay <duration>;
parent-registration-delay <duration>; // obsolete parent-registration-delay <duration>; // obsolete
@@ -40,8 +27,7 @@ dnssec-policy <string> {
zone-propagation-delay <duration>; zone-propagation-delay <duration>;
}; // may occur multiple times }; // may occur multiple times
dyndb <string> <quoted_string> { dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
<unspecified-text> }; // may occur multiple times
http <string> { http <string> {
endpoints { <quoted_string>; ... }; endpoints { <quoted_string>; ... };
@@ -58,8 +44,7 @@ logging {
category <string> { <string>; ... }; // may occur multiple times category <string> { <string>; ... }; // may occur multiple times
channel <string> { channel <string> {
buffered <boolean>; buffered <boolean>;
file <quoted_string> [ versions ( unlimited | <integer> ) ] file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
[ size <size> ] [ suffix ( increment | timestamp ) ];
null; null;
print-category <boolean>; print-category <boolean>;
print-severity <boolean>; print-severity <boolean>;
@@ -70,10 +55,7 @@ logging {
}; // may occur multiple times }; // may occur multiple times
}; };
managed-keys { <string> ( static-key managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
| initial-key | static-ds |
initial-ds ) <integer> <integer>
<integer> <quoted_string>; ... }; // may occur multiple times, deprecated
options { options {
allow-new-zones <boolean>; allow-new-zones <boolean>;
@@ -84,18 +66,12 @@ options {
allow-query-on { <address_match_element>; ... }; allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... }; allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... }; allow-recursion-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
<address_match_element>; ... };
allow-update { <address_match_element>; ... }; allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... }; allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
<remote-servers> | <ipv4_address> [ port <integer> ] | alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
<string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
answer-cookie <boolean>; answer-cookie <boolean>;
attach-cache <string>; attach-cache <string>;
auth-nxdomain <boolean>; auth-nxdomain <boolean>;
@@ -105,19 +81,12 @@ options {
avoid-v6-udp-ports { <portrange>; ... }; avoid-v6-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>; bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... }; blackhole { <address_match_element>; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer> catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... } ] [ zone-directory
<quoted_string> ] [ in-memory <boolean> ] [ min-update-interval
<duration> ]; ... };
check-dup-records ( fail | warn | ignore ); check-dup-records ( fail | warn | ignore );
check-integrity <boolean>; check-integrity <boolean>;
check-mx ( fail | warn | ignore ); check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore );
check-names ( primary | master | check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
secondary | slave | response ) (
fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>; check-sibling <boolean>;
check-spf ( warn | ignore ); check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore );
@@ -127,16 +96,12 @@ options {
cookie-secret <string>; // may occur multiple times cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> ); coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> ); datasize ( default | unlimited | <sizeval> );
deny-answer-addresses { <address_match_element>; ... } [ deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
except-from { <string>; ... } ]; deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <boolean> ); dialup ( notify | notify-passive | passive | refresh | <boolean> );
directory <quoted_string>; directory <quoted_string>;
disable-algorithms <string> { <string>; disable-algorithms <string> { <string>; ... }; // may occur multiple times
... }; // may occur multiple times disable-ds-digests <string> { <string>; ... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times disable-empty-zone <string>; // may occur multiple times
dns64 <netprefix> { dns64 <netprefix> {
break-dnssec <boolean>; break-dnssec <boolean>;
@@ -149,8 +114,8 @@ options {
dns64-contact <string>; dns64-contact <string>;
dns64-server <string>; dns64-server <string>;
dnskey-sig-validity <integer>; dnskey-sig-validity <integer>;
dnsrps-enable <boolean>; dnsrps-enable <boolean>; // not configured
dnsrps-options { <unspecified-text> }; dnsrps-options { <unspecified-text> }; // not configured
dnssec-accept-expired <boolean>; dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>; dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>; dnssec-loadkeys-interval <integer>;
@@ -159,18 +124,12 @@ options {
dnssec-secure-to-insecure <boolean>; dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign ); dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto ); dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [ dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
( query | response ) ]; ... }; dnstap-identity ( <quoted_string> | none | hostname ); // not configured
dnstap-identity ( <quoted_string> | none | hostname ); dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | dnstap-version ( <quoted_string> | none ); // not configured
<size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix (
increment | timestamp ) ];
dnstap-version ( <quoted_string> | none );
dscp <integer>; dscp <integer>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dump-file <quoted_string>; dump-file <quoted_string>;
edns-udp-size <integer>; edns-udp-size <integer>;
empty-contact <string>; empty-contact <string>;
@@ -182,15 +141,14 @@ options {
files ( default | unlimited | <sizeval> ); files ( default | unlimited | <sizeval> );
flush-zones-on-shutdown <boolean>; flush-zones-on-shutdown <boolean>;
forward ( first | only ); forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... }; fstrm-set-buffer-hint <integer>; // not configured
fstrm-set-buffer-hint <integer>; fstrm-set-flush-timeout <integer>; // not configured
fstrm-set-flush-timeout <integer>; fstrm-set-input-queue-size <integer>; // not configured
fstrm-set-input-queue-size <integer>; fstrm-set-output-notify-threshold <integer>; // not configured
fstrm-set-output-notify-threshold <integer>; fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-model ( mpsc | spsc ); fstrm-set-output-queue-size <integer>; // not configured
fstrm-set-output-queue-size <integer>; fstrm-set-reopen-interval <duration>; // not configured
fstrm-set-reopen-interval <duration>;
geoip-directory ( <quoted_string> | none ); geoip-directory ( <quoted_string> | none );
heartbeat-interval <integer>; heartbeat-interval <integer>;
hostname ( <quoted_string> | none ); hostname ( <quoted_string> | none );
@@ -202,19 +160,12 @@ options {
ipv4only-contact <string>; ipv4only-contact <string>;
ipv4only-enable <boolean>; ipv4only-enable <boolean>;
ipv4only-server <string>; ipv4only-server <string>;
ixfr-from-differences ( primary | master | secondary | slave | ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
<boolean> );
keep-response-order { <address_match_element>; ... }; // obsolete keep-response-order { <address_match_element>; ... }; // obsolete
key-directory <quoted_string>; key-directory <quoted_string>;
lame-ttl <duration>; lame-ttl <duration>;
listen-on [ port <integer> ] [ dscp listen-on [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
<integer> ] [ tls <string> ] [ http listen-on-v6 [ port <integer> ] [ dscp <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
<string> ] {
<address_match_element>; ... }; // may occur multiple times
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] [ tls <string> ] [ http
<string> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>; lmdb-mapsize <sizeval>;
lock-file ( <quoted_string> | none ); lock-file ( <quoted_string> | none );
managed-keys-directory <quoted_string>; managed-keys-directory <quoted_string>;
@@ -256,31 +207,23 @@ options {
notify ( explicit | master-only | primary-only | <boolean> ); notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>; notify-delay <integer>;
notify-rate <integer>; notify-rate <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>; notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only nsec3-test-zone <boolean>; // test only
nta-lifetime <duration>; nta-lifetime <duration>;
nta-recheck <duration>; nta-recheck <duration>;
nxdomain-redirect <string>; nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
pid-file ( <quoted_string> | none ); pid-file ( <quoted_string> | none );
port <integer>; port <integer>;
preferred-glue <string>; preferred-glue <string>;
prefetch <integer> [ <integer> ]; prefetch <integer> [ <integer> ];
provide-ixfr <boolean>; provide-ixfr <boolean>;
qname-minimization ( strict | relaxed | disabled | off ); qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>; querylog <boolean>;
random-device ( <quoted_string> | none ); random-device ( <quoted_string> | none );
rate-limit { rate-limit {
@@ -311,26 +254,12 @@ options {
resolver-nonbackoff-tries <integer>; resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>; resolver-query-timeout <integer>;
resolver-retry-interval <integer>; resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size response-padding { <address_match_element>; ... } block-size <integer>;
<integer>; response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
response-policy { zone <string> [ add-soa <boolean> ] [ log
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
<duration> ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
reuseport <boolean>; reuseport <boolean>;
root-delegation-only [ exclude { <string>; ... } ]; root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>; root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>; secroots-file <quoted_string>;
send-cookie <boolean>; send-cookie <boolean>;
serial-query-rate <integer>; serial-query-rate <integer>;
@@ -370,10 +299,8 @@ options {
tls-port <integer>; tls-port <integer>;
transfer-format ( many-answers | one-answer ); transfer-format ( many-answers | one-answer );
transfer-message-size <integer>; transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers-in <integer>; transfers-in <integer>;
transfers-out <integer>; transfers-out <integer>;
transfers-per-ns <integer>; transfers-per-ns <integer>;
@@ -393,20 +320,11 @@ options {
zone-statistics ( full | terse | none | <boolean> ); zone-statistics ( full | terse | none | <boolean> );
}; };
parental-agents <string> [ port <integer> ] [ parental-agents <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
dscp <integer> ] { ( <remote-servers> |
<ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... }; // may occur multiple times
plugin ( query ) <string> [ { <unspecified-text> plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
} ]; // may occur multiple times
primaries <string> [ port <integer> ] [ dscp primaries <string> [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
<integer> ] { ( <remote-servers> |
<ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... }; // may occur multiple times
server <netprefix> { server <netprefix> {
bogus <boolean>; bogus <boolean>;
@@ -415,18 +333,12 @@ server <netprefix> {
edns-version <integer>; edns-version <integer>;
keys <server_key>; keys <server_key>;
max-udp-size <integer>; max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
padding <integer>; padding <integer>;
provide-ixfr <boolean>; provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
request-expire <boolean>; request-expire <boolean>;
request-ixfr <boolean>; request-ixfr <boolean>;
request-nsid <boolean>; request-nsid <boolean>;
@@ -434,18 +346,13 @@ server <netprefix> {
tcp-keepalive <boolean>; tcp-keepalive <boolean>;
tcp-only <boolean>; tcp-only <boolean>;
transfer-format ( many-answers | one-answer ); transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers <integer>; transfers <integer>;
}; // may occur multiple times }; // may occur multiple times
statistics-channels { statistics-channels {
inet ( <ipv4_address> | <ipv6_address> | inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
* ) [ port ( <integer> | * ) ] [
allow { <address_match_element>; ...
} ]; // may occur multiple times
}; // may occur multiple times }; // may occur multiple times
tls <string> { tls <string> {
@@ -460,14 +367,9 @@ tls <string> {
session-tickets <boolean>; session-tickets <boolean>;
}; // may occur multiple times }; // may occur multiple times
trust-anchors { <string> ( static-key | trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
initial-key | static-ds | initial-ds )
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
trusted-keys { <string> <integer> trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
<integer> <integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
view <string> [ <class> ] { view <string> [ <class> ] {
allow-new-zones <boolean>; allow-new-zones <boolean>;
@@ -478,48 +380,31 @@ view <string> [ <class> ] {
allow-query-on { <address_match_element>; ... }; allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... }; allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... }; allow-recursion-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
<address_match_element>; ... };
allow-update { <address_match_element>; ... }; allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... }; allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
<remote-servers> | <ipv4_address> [ port <integer> ] | alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
<string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
attach-cache <string>; attach-cache <string>;
auth-nxdomain <boolean>; auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off ); auto-dnssec ( allow | maintain | off );
catalog-zones { zone <string> [ default-primaries [ port <integer> catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... } ] [ zone-directory
<quoted_string> ] [ in-memory <boolean> ] [ min-update-interval
<duration> ]; ... };
check-dup-records ( fail | warn | ignore ); check-dup-records ( fail | warn | ignore );
check-integrity <boolean>; check-integrity <boolean>;
check-mx ( fail | warn | ignore ); check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore ); check-mx-cname ( fail | warn | ignore );
check-names ( primary | master | check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
secondary | slave | response ) (
fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>; check-sibling <boolean>;
check-spf ( warn | ignore ); check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore ); check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>; check-wildcard <boolean>;
clients-per-query <integer>; clients-per-query <integer>;
deny-answer-addresses { <address_match_element>; ... } [ deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
except-from { <string>; ... } ]; deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <boolean> ); dialup ( notify | notify-passive | passive | refresh | <boolean> );
disable-algorithms <string> { <string>; disable-algorithms <string> { <string>; ... }; // may occur multiple times
... }; // may occur multiple times disable-ds-digests <string> { <string>; ... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times disable-empty-zone <string>; // may occur multiple times
dlz <string> { dlz <string> {
database <string>; database <string>;
@@ -536,8 +421,8 @@ view <string> [ <class> ] {
dns64-contact <string>; dns64-contact <string>;
dns64-server <string>; dns64-server <string>;
dnskey-sig-validity <integer>; dnskey-sig-validity <integer>;
dnsrps-enable <boolean>; dnsrps-enable <boolean>; // not configured
dnsrps-options { <unspecified-text> }; dnsrps-options { <unspecified-text> }; // not configured
dnssec-accept-expired <boolean>; dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>; dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>; dnssec-loadkeys-interval <integer>;
@@ -546,14 +431,9 @@ view <string> [ <class> ] {
dnssec-secure-to-insecure <boolean>; dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign ); dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto ); dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [ dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
( query | response ) ]; ... }; dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
edns-udp-size <integer>; edns-udp-size <integer>;
empty-contact <string>; empty-contact <string>;
empty-server <string>; empty-server <string>;
@@ -562,13 +442,11 @@ view <string> [ <class> ] {
fetches-per-server <integer> [ ( drop | fail ) ]; fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ]; fetches-per-zone <integer> [ ( drop | fail ) ];
forward ( first | only ); forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
ipv4only-contact <string>; ipv4only-contact <string>;
ipv4only-enable <boolean>; ipv4only-enable <boolean>;
ipv4only-server <string>; ipv4only-server <string>;
ixfr-from-differences ( primary | master | secondary | slave | ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
<boolean> );
key <string> { key <string> {
algorithm <string>; algorithm <string>;
secret <string>; secret <string>;
@@ -576,12 +454,7 @@ view <string> [ <class> ] {
key-directory <quoted_string>; key-directory <quoted_string>;
lame-ttl <duration>; lame-ttl <duration>;
lmdb-mapsize <sizeval>; lmdb-mapsize <sizeval>;
managed-keys { <string> ( managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
static-key | initial-key
| static-ds | initial-ds
) <integer> <integer>
<integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
masterfile-format ( raw | text ); masterfile-format ( raw | text );
masterfile-style ( full | relative ); masterfile-style ( full | relative );
match-clients { <address_match_element>; ... }; match-clients { <address_match_element>; ... };
@@ -618,31 +491,22 @@ view <string> [ <class> ] {
nocookie-udp-size <integer>; nocookie-udp-size <integer>;
notify ( explicit | master-only | primary-only | <boolean> ); notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>; notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>; notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only nsec3-test-zone <boolean>; // test only
nta-lifetime <duration>; nta-lifetime <duration>;
nta-recheck <duration>; nta-recheck <duration>;
nxdomain-redirect <string>; nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
] [ dscp <integer> ];
plugin ( query ) <string> [ {
<unspecified-text> } ]; // may occur multiple times
preferred-glue <string>; preferred-glue <string>;
prefetch <integer> [ <integer> ]; prefetch <integer> [ <integer> ];
provide-ixfr <boolean>; provide-ixfr <boolean>;
qname-minimization ( strict | relaxed | disabled | off ); qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
rate-limit { rate-limit {
all-per-second <integer>; all-per-second <integer>;
errors-per-second <integer>; errors-per-second <integer>;
@@ -668,25 +532,11 @@ view <string> [ <class> ] {
resolver-nonbackoff-tries <integer>; resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>; resolver-query-timeout <integer>;
resolver-retry-interval <integer>; resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size response-padding { <address_match_element>; ... } block-size <integer>;
<integer>; response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
response-policy { zone <string> [ add-soa <boolean> ] [ log
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
<duration> ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
root-delegation-only [ exclude { <string>; ... } ]; root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>; root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
<quoted_string> ] <string> <string>; ... };
send-cookie <boolean>; send-cookie <boolean>;
serial-update-method ( date | increment | unixtime ); serial-update-method ( date | increment | unixtime );
server <netprefix> { server <netprefix> {
@@ -696,20 +546,12 @@ view <string> [ <class> ] {
edns-version <integer>; edns-version <integer>;
keys <server_key>; keys <server_key>;
max-udp-size <integer>; max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
) ] [ dscp <integer> ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ] [ dscp <integer> ];
padding <integer>; padding <integer>;
provide-ixfr <boolean>; provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
( <integer> | * ) ] ) | ( [ [ address ] ( query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
<ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
port ( <integer> | * ) ] ) | ( [ [ address ] (
<ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
dscp <integer> ];
request-expire <boolean>; request-expire <boolean>;
request-ixfr <boolean>; request-ixfr <boolean>;
request-nsid <boolean>; request-nsid <boolean>;
@@ -717,10 +559,8 @@ view <string> [ <class> ] {
tcp-keepalive <boolean>; tcp-keepalive <boolean>;
tcp-only <boolean>; tcp-only <boolean>;
transfer-format ( many-answers | one-answer ); transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
* ) ] [ dscp <integer> ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
transfers <integer>; transfers <integer>;
}; // may occur multiple times }; // may occur multiple times
servfail-ttl <duration>; servfail-ttl <duration>;
@@ -737,19 +577,11 @@ view <string> [ <class> ] {
suppress-initial-notify <boolean>; // obsolete suppress-initial-notify <boolean>; // obsolete
synth-from-dnssec <boolean>; synth-from-dnssec <boolean>;
transfer-format ( many-answers | one-answer ); transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
dscp <integer> ]; transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
trust-anchor-telemetry <boolean>; // experimental trust-anchor-telemetry <boolean>; // experimental
trust-anchors { <string> ( static-key | trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
initial-key | static-ds | initial-ds trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
) <integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
trusted-keys { <string>
<integer> <integer>
<integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
try-tcp-refresh <boolean>; try-tcp-refresh <boolean>;
update-check-ksk <boolean>; update-check-ksk <boolean>;
use-alt-transfer-source <boolean>; use-alt-transfer-source <boolean>;

756
doc/misc/options.active
View File

@@ -1,756 +0,0 @@
This is a summary of the named.conf options supported by
this version of BIND 9.
acl <string> { <address_match_element>; ... }; // may occur multiple times
controls {
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] allow
{ <address_match_element>; ... } [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
unix <quoted_string> perm <integer>
owner <integer> group <integer> [
keys { <string>; ... } ] [ read-only
<boolean> ]; // may occur multiple times
}; // may occur multiple times
dlz <string> {
database <string>;
search <boolean>;
}; // may occur multiple times
dnssec-policy <string> {
dnskey-ttl <duration>;
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
<duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
max-zone-ttl <duration>;
nsec3param [ iterations <integer> ] [ optout <boolean> ] [
salt-length <integer> ];
parent-ds-ttl <duration>;
parent-propagation-delay <duration>;
publish-safety <duration>;
purge-keys <duration>;
retire-safety <duration>;
signatures-refresh <duration>;
signatures-validity <duration>;
signatures-validity-dnskey <duration>;
zone-propagation-delay <duration>;
}; // may occur multiple times
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
http <string> {
endpoints { <quoted_string>; ... };
listener-clients <integer>;
streams-per-connection <integer>;
}; // may occur multiple times
key <string> {
algorithm <string>;
secret <string>;
}; // may occur multiple times
logging {
category <string> { <string>; ... }; // may occur multiple times
channel <string> {
buffered <boolean>;
file <quoted_string> [ versions ( unlimited | <integer> ) ]
[ size <size> ] [ suffix ( increment | timestamp ) ];
null;
print-category <boolean>;
print-severity <boolean>;
print-time ( iso8601 | iso8601-utc | local | <boolean> );
severity <log_severity>;
stderr;
syslog [ <syslog_facility> ];
}; // may occur multiple times
};
managed-keys { <string> ( static-key
| initial-key | static-ds |
initial-ds ) <integer> <integer>
<integer> <quoted_string>; ... }; // may occur multiple times, deprecated
options {
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] {
<address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls
<string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer>
] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... } ] [ zone-directory
<quoted_string> ] [ in-memory <boolean> ] [ min-update-interval
<duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
clients-per-query <integer>;
cookie-algorithm ( aes | siphash24 );
cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
directory <quoted_string>;
disable-algorithms <string> { <string>;
... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
dnskey-sig-validity <integer>;
dnsrps-enable <boolean>;
dnsrps-options { <unspecified-text> };
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-policy <string>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap-identity ( <quoted_string> | none | hostname );
dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited |
<size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix (
increment | timestamp ) ];
dnstap-version ( <quoted_string> | none );
dscp <integer>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dump-file <quoted_string>;
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
fstrm-set-buffer-hint <integer>;
fstrm-set-flush-timeout <integer>;
fstrm-set-input-queue-size <integer>;
fstrm-set-output-notify-threshold <integer>;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size <integer>;
fstrm-set-reopen-interval <duration>;
geoip-directory ( <quoted_string> | none );
heartbeat-interval <integer>;
hostname ( <quoted_string> | none );
http-listener-clients <integer>;
http-port <integer>;
http-streams-per-connection <integer>;
https-port <integer>;
interface-interval <duration>;
ipv4only-contact <string>;
ipv4only-enable <boolean>;
ipv4only-server <string>;
ixfr-from-differences ( primary | master | secondary | slave |
<boolean> );
key-directory <quoted_string>;
lame-ttl <duration>;
listen-on [ port <integer> ] [ dscp
<integer> ] [ tls <string> ] [ http
<string> ] {
<address_match_element>; ... }; // may occur multiple times
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] [ tls <string> ] [ http
<string> ] {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>;
lock-file ( <quoted_string> | none );
managed-keys-directory <quoted_string>;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <boolean>;
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <duration>;
max-clients-per-query <integer>;
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-rsa-exponent-size <integer>;
max-stale-ttl <duration>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
max-zone-ttl ( unlimited | <duration> );
memstatistics <boolean>;
memstatistics-file <quoted_string>;
message-compression <boolean>;
min-cache-ttl <duration>;
min-ncache-ttl <duration>;
min-refresh-time <integer>;
min-retry-time <integer>;
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-rate <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>;
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>;
random-device ( <quoted_string> | none );
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
exempt-clients { <address_match_element>; ... };
ipv4-prefix-length <integer>;
ipv6-prefix-length <integer>;
log-only <boolean>;
max-table-size <integer>;
min-table-size <integer>;
nodata-per-second <integer>;
nxdomains-per-second <integer>;
qps-scale <integer>;
referrals-per-second <integer>;
responses-per-second <integer>;
slip <integer>;
window <integer>;
};
recursing-file <quoted_string>;
recursion <boolean>;
recursive-clients <integer>;
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
require-server-cookie <boolean>;
reserved-sockets <integer>; // deprecated
resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>;
resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <string> [ add-soa <boolean> ] [ log
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
<duration> ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
reuseport <boolean>;
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
servfail-ttl <duration>;
session-keyalg <string>;
session-keyfile ( <quoted_string> | none );
session-keyname <string>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
stacksize ( default | unlimited | <sizeval> );
stale-answer-client-timeout ( disabled | off | <integer> );
stale-answer-enable <boolean>;
stale-answer-ttl <duration>;
stale-cache-enable <boolean>;
stale-refresh-time <duration>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
tcp-clients <integer>;
tcp-idle-timeout <integer>;
tcp-initial-timeout <integer>;
tcp-keepalive-timeout <integer>;
tcp-listen-queue <integer>;
tcp-receive-buffer <integer>;
tcp-send-buffer <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
tls-port <integer>;
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
udp-receive-buffer <integer>;
udp-send-buffer <integer>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
v6-bias <integer>;
validate-except { <string>; ... };
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
parental-agents <string> [ port <integer> ] [
dscp <integer> ] { ( <remote-servers> |
<ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... }; // may occur multiple times
plugin ( query ) <string> [ { <unspecified-text>
} ]; // may occur multiple times
primaries <string> [ port <integer> ] [ dscp
<integer> ] { ( <remote-servers> |
<ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... }; // may occur multiple times
server <netprefix> {
bogus <boolean>;
edns <boolean>;
edns-udp-size <integer>;
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
padding <integer>;
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
send-cookie <boolean>;
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers <integer>;
}; // may occur multiple times
statistics-channels {
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] [
allow { <address_match_element>; ...
} ]; // may occur multiple times
}; // may occur multiple times
tls <string> {
ca-file <quoted_string>;
cert-file <quoted_string>;
ciphers <string>;
dhparam-file <quoted_string>;
key-file <quoted_string>;
prefer-server-ciphers <boolean>;
protocols { <string>; ... };
remote-hostname <quoted_string>;
session-tickets <boolean>;
}; // may occur multiple times
trust-anchors { <string> ( static-key |
initial-key | static-ds | initial-ds )
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
trusted-keys { <string> <integer>
<integer> <integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
view <string> [ <class> ] {
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] {
<address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls
<string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
attach-cache <string>;
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
catalog-zones { zone <string> [ default-primaries [ port <integer>
] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... } ] [ zone-directory
<quoted_string> ] [ in-memory <boolean> ] [ min-update-interval
<duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
clients-per-query <integer>;
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
disable-algorithms <string> { <string>;
... }; // may occur multiple times
disable-ds-digests <string> { <string>;
... }; // may occur multiple times
disable-empty-zone <string>; // may occur multiple times
dlz <string> {
database <string>;
search <boolean>;
}; // may occur multiple times
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
dnskey-sig-validity <integer>;
dnsrps-enable <boolean>;
dnsrps-options { <unspecified-text> };
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-must-be-secure <string> <boolean>; // may occur multiple times
dnssec-policy <string>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dyndb <string> <quoted_string> {
<unspecified-text> }; // may occur multiple times
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
ipv4only-contact <string>;
ipv4only-enable <boolean>;
ipv4only-server <string>;
ixfr-from-differences ( primary | master | secondary | slave |
<boolean> );
key <string> {
algorithm <string>;
secret <string>;
}; // may occur multiple times
key-directory <quoted_string>;
lame-ttl <duration>;
lmdb-mapsize <sizeval>;
managed-keys { <string> (
static-key | initial-key
| static-ds | initial-ds
) <integer> <integer>
<integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
masterfile-format ( raw | text );
masterfile-style ( full | relative );
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
match-recursive-only <boolean>;
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <duration>;
max-clients-per-query <integer>;
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-stale-ttl <duration>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
max-zone-ttl ( unlimited | <duration> );
message-compression <boolean>;
min-cache-ttl <duration>;
min-ncache-ttl <duration>;
min-refresh-time <integer>;
min-retry-time <integer>;
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>;
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
plugin ( query ) <string> [ {
<unspecified-text> } ]; // may occur multiple times
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
exempt-clients { <address_match_element>; ... };
ipv4-prefix-length <integer>;
ipv6-prefix-length <integer>;
log-only <boolean>;
max-table-size <integer>;
min-table-size <integer>;
nodata-per-second <integer>;
nxdomains-per-second <integer>;
qps-scale <integer>;
referrals-per-second <integer>;
responses-per-second <integer>;
slip <integer>;
window <integer>;
};
recursion <boolean>;
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
require-server-cookie <boolean>;
resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>;
resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <string> [ add-soa <boolean> ] [ log
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
<duration> ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
send-cookie <boolean>;
serial-update-method ( date | increment | unixtime );
server <netprefix> {
bogus <boolean>;
edns <boolean>;
edns-udp-size <integer>;
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ] [ dscp <integer> ];
padding <integer>;
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port
( <integer> | * ) ] ) | ( [ [ address ] (
<ipv4_address> | * ) ] port ( <integer> | * ) ) ) [
dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [
port ( <integer> | * ) ] ) | ( [ [ address ] (
<ipv6_address> | * ) ] port ( <integer> | * ) ) ) [
dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
send-cookie <boolean>;
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
transfers <integer>;
}; // may occur multiple times
servfail-ttl <duration>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
stale-answer-client-timeout ( disabled | off | <integer> );
stale-answer-enable <boolean>;
stale-answer-ttl <duration>;
stale-cache-enable <boolean>;
stale-refresh-time <duration>;
synth-from-dnssec <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
trust-anchor-telemetry <boolean>; // experimental
trust-anchors { <string> ( static-key |
initial-key | static-ds | initial-ds
) <integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
trusted-keys { <string>
<integer> <integer>
<integer>
<quoted_string>; ... }; // may occur multiple times, deprecated
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
v6-bias <integer>;
validate-except { <string>; ... };
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics ( full | terse | none | <boolean> );
}; // may occur multiple times

327
doc/misc/options.grammar.rst
View File

@@ -1,327 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
options {
allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] {
<address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { (
<remote-servers> | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls
<string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ] [ dscp <integer> ];
answer-cookie <boolean>;
attach-cache <string>;
auth-nxdomain <boolean>;
auto-dnssec ( allow | maintain | off );
automatic-interface-scan <boolean>;
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
catalog-zones { zone <string> [ default-primaries [ port <integer>
] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... } ] [ zone-directory
<quoted_string> ] [ in-memory <boolean> ] [ min-update-interval
<duration> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
clients-per-query <integer>;
cookie-algorithm ( aes | siphash24 );
cookie-secret <string>;
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
deny-answer-addresses { <address_match_element>; ... } [
except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
directory <quoted_string>;
disable-algorithms <string> { <string>;
... };
disable-ds-digests <string> { <string>;
... };
disable-empty-zone <string>;
dns64 <netprefix> {
break-dnssec <boolean>;
clients { <address_match_element>; ... };
exclude { <address_match_element>; ... };
mapped { <address_match_element>; ... };
recursive-only <boolean>;
suffix <ipv6_address>;
};
dns64-contact <string>;
dns64-server <string>;
dnskey-sig-validity <integer>;
dnsrps-enable <boolean>;
dnsrps-options { <unspecified-text> };
dnssec-accept-expired <boolean>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-must-be-secure <string> <boolean>;
dnssec-policy <string>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap-identity ( <quoted_string> | none | hostname );
dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited |
<size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix (
increment | timestamp ) ];
dnstap-version ( <quoted_string> | none );
dscp <integer>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dump-file <quoted_string>;
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
fstrm-set-buffer-hint <integer>;
fstrm-set-flush-timeout <integer>;
fstrm-set-input-queue-size <integer>;
fstrm-set-output-notify-threshold <integer>;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size <integer>;
fstrm-set-reopen-interval <duration>;
geoip-directory ( <quoted_string> | none );
heartbeat-interval <integer>;
hostname ( <quoted_string> | none );
http-listener-clients <integer>;
http-port <integer>;
http-streams-per-connection <integer>;
https-port <integer>;
interface-interval <duration>;
ipv4only-contact <string>;
ipv4only-enable <boolean>;
ipv4only-server <string>;
ixfr-from-differences ( primary | master | secondary | slave |
<boolean> );
key-directory <quoted_string>;
lame-ttl <duration>;
listen-on [ port <integer> ] [ dscp
<integer> ] [ tls <string> ] [ http
<string> ] {
<address_match_element>; ... };
listen-on-v6 [ port <integer> ] [ dscp
<integer> ] [ tls <string> ] [ http
<string> ] {
<address_match_element>; ... };
lmdb-mapsize <sizeval>;
lock-file ( <quoted_string> | none );
managed-keys-directory <quoted_string>;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <boolean>;
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
max-cache-ttl <duration>;
max-clients-per-query <integer>;
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-ncache-ttl <duration>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-rsa-exponent-size <integer>;
max-stale-ttl <duration>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
max-zone-ttl ( unlimited | <duration> );
memstatistics <boolean>;
memstatistics-file <quoted_string>;
message-compression <boolean>;
min-cache-ttl <duration>;
min-ncache-ttl <duration>;
min-refresh-time <integer>;
min-retry-time <integer>;
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-rate <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
notify-to-soa <boolean>;
nta-lifetime <duration>;
nta-recheck <duration>;
nxdomain-redirect <string>;
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>;
random-device ( <quoted_string> | none );
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
exempt-clients { <address_match_element>; ... };
ipv4-prefix-length <integer>;
ipv6-prefix-length <integer>;
log-only <boolean>;
max-table-size <integer>;
min-table-size <integer>;
nodata-per-second <integer>;
nxdomains-per-second <integer>;
qps-scale <integer>;
referrals-per-second <integer>;
responses-per-second <integer>;
slip <integer>;
window <integer>;
};
recursing-file <quoted_string>;
recursion <boolean>;
recursive-clients <integer>;
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
require-server-cookie <boolean>;
reserved-sockets <integer>; // deprecated
resolver-nonbackoff-tries <integer>;
resolver-query-timeout <integer>;
resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <string> [ add-soa <boolean> ] [ log
<boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval
<duration> ] [ policy ( cname | disabled | drop | given | no-op
| nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [
min-update-interval <duration> ] [ min-ns-dots <integer> ] [
nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean>
] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ]
[ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
reuseport <boolean>;
root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
servfail-ttl <duration>;
session-keyalg <string>;
session-keyfile ( <quoted_string> | none );
session-keyname <string>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
stacksize ( default | unlimited | <sizeval> );
stale-answer-client-timeout ( disabled | off | <integer> );
stale-answer-enable <boolean>;
stale-answer-ttl <duration>;
stale-cache-enable <boolean>;
stale-refresh-time <duration>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
tcp-clients <integer>;
tcp-idle-timeout <integer>;
tcp-initial-timeout <integer>;
tcp-keepalive-timeout <integer>;
tcp-listen-queue <integer>;
tcp-receive-buffer <integer>;
tcp-send-buffer <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
tls-port <integer>;
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
udp-receive-buffer <integer>;
udp-send-buffer <integer>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
v6-bias <integer>;
validate-except { <string>; ... };
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

18
doc/misc/parental-agents.grammar.rst
View File

@@ -1,18 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
parental-agents <string> [ port <integer> ] [
dscp <integer> ] { ( <remote-servers> |
<ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... };

194
doc/misc/parsegrammar.py Normal file
View File

@@ -0,0 +1,194 @@
############################################################################
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
############################################################################
"""
Read ISC config grammar description produced by "cfg_test --grammar",
transform it into JSON, and print it to stdout.
Beware: This parser is pretty dumb and heavily depends on cfg_test output
format. See parse_mapbody() for more details.
Maps are recursively parsed into sub-dicts, all other elements (lists etc.)
are left intact and returned as one string.
Output example from named.conf grammar showing three variants follow.
Keys "_flags" and "_id" are present only if non-empty. Key "_grammar" denotes
end node, key "_mapbody" denotes a nested map.
{
"acl": {
"_flags": [
"may occur multiple times"
],
"_grammar": "<string> { <address_match_element>; ... }"
},
"http": {
"_flags": [
"may occur multiple times"
],
"_id": "<string>",
"_mapbody": {
"endpoints": {
"_grammar": "{ <quoted_string>; ... }"
},
"streams-per-connection": {
"_grammar": "<integer>"
}
}
},
"options": {
"_mapbody": {
"rate-limit": {
"_mapbody": {
"all-per-second": {
"_grammar": "<integer>"
}
}
}
}
}
}
"""
import fileinput
import json
import re
FLAGS = [
"may occur multiple times",
"obsolete",
"deprecated",
"experimental",
"test only",
]
KEY_REGEX = re.compile("[a-zA-Z0-9-]+")
def split_comments(line):
"""Split line on comment boundary and strip right-side whitespace.
Supports only #, //, and /* comments which end at the end of line.
It does NOT handle:
- quoted strings
- /* comments which do not end at line boundary
- multiple /* comments on a single line
"""
assert '"' not in line, 'lines with " are not supported'
data_end_idx = len(line)
for delimiter in ["#", "//", "/*"]:
try:
data_end_idx = min(line.index(delimiter), data_end_idx)
except ValueError:
continue
if delimiter == "/*":
# sanity checks
if not line.rstrip().endswith("*/"):
raise NotImplementedError(
"unsupported /* comment, does not end at the end of line", line
)
if "/*" in line[data_end_idx + 1 :]:
raise NotImplementedError(
"unsupported line with multiple /* comments", line
)
noncomment = line[:data_end_idx]
comment = line[data_end_idx:]
return noncomment, comment
def parse_line(filein):
"""Consume single line from input, return non-comment and comment."""
for line in filein:
line, comment = split_comments(line)
line = line.strip()
comment = comment.strip()
if not line:
continue
yield line, comment
def parse_flags(comments):
"""Extract known flags from comments. Must match exact strings used by cfg_test."""
out = []
for flag in FLAGS:
if flag in comments:
out.append(flag)
return out
def parse_mapbody(filein):
"""Parse body of a "map" in ISC config format.
Input lines can be only:
- whitespace & comments only -> ignore
- <keyword> <anything>; -> store <anything> as "_grammar" for this keyword
- <keyword> <anything> { -> parse sub-map and store (optional) <anything> as "_id",
producing nested dict under "_mapbody"
Also store known strings found at the end of line in "_flags".
Returns:
- tuple (map dict, map comment) when }; line is reached
- map dict when we run out of lines without the closing };
"""
thismap = {}
for line, comment in parse_line(filein):
flags = parse_flags(comment)
if line == "};": # end of a nested map
return thismap, flags
# first word - a map key name
# beware: some statements do not have parameters, e.g. "null;"
key = line.split()[0].rstrip(";")
# map key sanity check
if not KEY_REGEX.fullmatch(key):
raise NotImplementedError("suspicious keyword detected", line)
# omit keyword from the grammar
grammar = line[len(key) :].strip()
# also skip final ; or {
grammar = grammar[:-1].strip()
thismap[key] = {}
if line.endswith("{"):
# nested map, recurse, but keep "extra identifiers" if any
try:
subkeys, flags = parse_mapbody(filein)
except ValueError:
raise ValueError("unfinished nested map, missing }; detected") from None
if flags:
thismap[key]["_flags"] = flags
if grammar:
# for lines which look like "view <name> {" store "<name>"
thismap[key]["_id"] = grammar
thismap[key]["_mapbody"] = subkeys
else:
assert line.endswith(";")
if flags:
thismap[key]["_flags"] = flags
thismap[key]["_grammar"] = grammar
# Ran out of lines: can happen only on the end of the top-level map-body!
# Intentionally do not return second parameter to cause ValueError
# if we reach this spot with a missing }; in a nested map.
assert len(thismap)
return thismap
def main():
"""Read stdin or filename provided on command line"""
with fileinput.input() as filein:
grammar = parse_mapbody(filein)
print(json.dumps(grammar, indent=4))
if __name__ == "__main__":
main()

18
doc/misc/primaries.grammar.rst
View File

@@ -1,18 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
primaries <string> [ port <integer> ] [ dscp
<integer> ] { ( <remote-servers> |
<ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ) [ key
<string> ] [ tls <string> ]; ... };

1
doc/misc/primary.zoneopt
View File

@@ -46,6 +46,7 @@ zone <string> [ <class> ] {
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>; notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];

74
doc/misc/primary.zoneopt.rst
View File

@@ -1,74 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type primary;
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-policy <string>;
dnssec-secure-to-insecure <boolean>;
dnssec-update-mode ( maintain | no-resign );
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
inline-signing <boolean>;
ixfr-from-differences <boolean>;
journal <quoted_string>;
key-directory <quoted_string>;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-out <integer>;
max-zone-ttl ( unlimited | <duration> );
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
serial-update-method ( date | increment | unixtime );
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... };
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

26
doc/misc/redirect.zoneopt.rst
View File

@@ -1,26 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type redirect;
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
dlz <string>;
file <quoted_string>;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
max-records <integer>;
max-zone-ttl ( unlimited | <duration> );
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
zone-statistics ( full | terse | none | <boolean> );
};

21
doc/misc/rndc.grammar Normal file
View File

@@ -0,0 +1,21 @@
key <string> {
algorithm <string>;
secret <string>;
}; // may occur multiple times
options {
default-key <string>;
default-port <integer>;
default-server <string>;
default-source-address ( <ipv4_address> | * );
default-source-address-v6 ( <ipv6_address> | * );
};
server <string> {
addresses { ( <quoted_string> [ port <integer> ] [ dscp <integer> ] | <ipv4_address> [ port <integer> ] [ dscp <integer> ] | <ipv6_address> [ port <integer> ] [ dscp <integer> ] ); ... };
key <string>;
port <integer>;
source-address ( <ipv4_address> | * );
source-address-v6 ( <ipv6_address> | * );
}; // may occur multiple times

81
doc/misc/rst-grammars.pl
View File

@@ -1,81 +0,0 @@
#!/usr/bin/perl
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
use warnings;
use strict;
if (@ARGV < 2) {
print STDERR <<'END';
usage:
perl docbook-options.pl options_file section > section.grammar.xml
END
exit 1;
}
my $FILE = shift;
my $SECTION = shift;
open (FH, "<", $FILE) or die "Can't open $FILE";
print <<END;
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
END
# skip preamble
my $preamble = 0;
while (<FH>) {
if (m{^\s*$}) {
last if $preamble > 0;
} else {
$preamble++;
}
}
my $display = 0;
while (<FH>) {
if (m{^$SECTION\b}) {
$display = 1
}
if (m{// not.*implemented} || m{// obsolete} ||
m{// ancient} || m{// test.*only})
{
next;
}
s{ // not configured}{};
s{ // non-operational}{};
s{ // may occur multiple times}{};
s{[[]}{[}g;
s{[]]}{]}g;
s{ }{\t}g;
if (m{^\s*$} && $display) {
last;
}
if ($display) {
print " " . $_;
}
}

156
doc/misc/rst-options.pl
View File

@@ -1,156 +0,0 @@
#!/usr/bin/perl
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
use warnings;
use strict;
if (@ARGV < 1) {
print STDERR <<'END';
usage:
perl rst-options.pl options_file >named.conf.rst
END
exit 1;
}
my $FILE = shift;
open (FH, "<", $FILE) or die "Can't open $FILE";
print <<END;
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
END
print <<END;
.. highlight: console
.. iscman:: named.conf
named.conf - configuration file for **named**
---------------------------------------------
Synopsis
~~~~~~~~
:program:`named.conf`
Description
~~~~~~~~~~~
:file:`named.conf` is the configuration file for :iscman:`named`.
Statements are enclosed in braces and terminated with a semi-colon.
Clauses in the statements are also semi-colon terminated. The usual
comment styles are supported:
C style: /\\* \\*/
C++ style: // to end of line
Unix style: # to end of line
END
# skip preamble
my $preamble = 0;
while (<FH>) {
if (m{^\s*$}) {
last if $preamble > 0;
} else {
$preamble++;
}
}
my $UNDERLINE;
my $blank = 0;
while (<FH>) {
if (m{// not.*implemented} || m{// obsolete} ||
m{// ancient} || m{// test.*only})
{
next;
}
s{ // not configured}{};
s{ // non-operational}{};
s{ (// )*may occur multiple times}{};
s{<([a-z0-9_-]+)>}{$1}g;
s{ // deprecated,*}{// deprecated};
s{[[]}{[}g;
s{[]]}{]}g;
s{ }{\t}g;
if (m{^([a-z0-9-]+) }) {
my $HEADING = uc $1;
$UNDERLINE = $HEADING;
$UNDERLINE =~ s/./^/g;
print $HEADING . "\n";
print $UNDERLINE . "\n\n";
if ($HEADING eq "TRUSTED-KEYS") {
print "Deprecated - see DNSSEC-KEYS.\n\n";
}
if ($HEADING eq "MANAGED-KEYS") {
print "See DNSSEC-KEYS.\n\n" ;
}
print "::\n\n";
}
if (m{^\s*$}) {
if (!$blank) {
print "\n";
$blank = 1;
}
next;
} else {
$blank = 0;
}
print " " . $_;
}
print "ZONE\n";
$UNDERLINE = "ZONE";
$UNDERLINE =~ s/./^/g;
print $UNDERLINE . "\n\n";
print "Any of these zone statements can also be set inside the view statement.\n\n";
print <<END;
.. include:: ../../doc/misc/primary.zoneopt.rst
.. include:: ../../doc/misc/secondary.zoneopt.rst
.. include:: ../../doc/misc/mirror.zoneopt.rst
.. include:: ../../doc/misc/forward.zoneopt.rst
.. include:: ../../doc/misc/hint.zoneopt.rst
.. include:: ../../doc/misc/redirect.zoneopt.rst
.. include:: ../../doc/misc/static-stub.zoneopt.rst
.. include:: ../../doc/misc/stub.zoneopt.rst
.. include:: ../../doc/misc/delegation-only.zoneopt.rst
.. include:: ../../doc/misc/in-view.zoneopt.rst
Files
~~~~~
|named_conf|
See Also
~~~~~~~~
:iscman:`named(8) <named>`, :iscman:`named-checkconf(8) <named-checkconf>`, :iscman:`rndc(8) <rndc>`, :iscman:`rndc-confgen(8) <rndc-confgen>`, :iscman:`tsig-keygen(8) <tsig-keygen>`, BIND 9 Administrator Reference Manual.
END

59
doc/misc/rst-zoneopt.pl
View File

@@ -1,59 +0,0 @@
#!/usr/bin/perl
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
use warnings;
use strict;
if (@ARGV < 1) {
print STDERR <<'END';
usage:
perl rst-zoneopt.pl zoneopt_file
END
exit 1;
}
my $FILE = shift;
open (FH, "<", $FILE) or die "Can't open $FILE";
print <<END;
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
END
while (<FH>) {
if (m{// not.*implemented} || m{// obsolete} ||
m{// ancient} || m{// test.*only})
{
next;
}
s{ // not configured}{};
s{ // may occur multiple times}{};
s{[[]}{[}g;
s{[]]}{]}g;
s{ }{\t}g;
print " " . $_;
}

1
doc/misc/secondary.zoneopt
View File

@@ -44,6 +44,7 @@ zone <string> [ <class> ] {
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>; notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ]; parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];

77
doc/misc/secondary.zoneopt.rst
View File

@@ -1,77 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type secondary;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
auto-dnssec ( allow | maintain | off );
check-names ( fail | warn | ignore );
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-policy <string>;
dnssec-update-mode ( maintain | no-resign );
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
inline-signing <boolean>;
ixfr-from-differences <boolean>;
journal <quoted_string>;
key-directory <quoted_string>;
masterfile-format ( raw | text );
masterfile-style ( full | relative );
max-ixfr-ratio ( unlimited | <percentage> );
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify ( explicit | master-only | primary-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
parental-agents [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
parental-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
parental-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
request-expire <boolean>;
request-ixfr <boolean>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

45
doc/misc/server.grammar.rst
View File

@@ -1,45 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
server <netprefix> {
bogus <boolean>;
edns <boolean>;
edns-udp-size <integer>;
edns-version <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ]
[ dscp <integer> ];
padding <integer>;
provide-ixfr <boolean>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
request-expire <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
send-cookie <boolean>;
tcp-keepalive <boolean>;
tcp-only <boolean>;
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
transfers <integer>;
};

24
doc/misc/static-stub.zoneopt.rst
View File

@@ -1,24 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type static-stub;
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
max-records <integer>;
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
server-names { <string>; ... };
zone-statistics ( full | terse | none | <boolean> );
};

19
doc/misc/statistics-channels.grammar.rst
View File

@@ -1,19 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
statistics-channels {
inet ( <ipv4_address> | <ipv6_address> |
* ) [ port ( <integer> | * ) ] [
allow { <address_match_element>; ...
} ];
};

40
doc/misc/stub.zoneopt.rst
View File

@@ -1,40 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
zone <string> [ <class> ] {
type stub;
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
check-names ( fail | warn | ignore );
database <string>;
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
masterfile-format ( raw | text );
masterfile-style ( full | relative );
max-records <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-time-in <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
primaries [ port <integer> ] [ dscp <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ] [ dscp <integer> ];
use-alt-transfer-source <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};

24
doc/misc/tls.grammar.rst
View File

@@ -1,24 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
tls <string> {
ca-file <quoted_string>;
cert-file <quoted_string>;
ciphers <string>;
dhparam-file <quoted_string>;
key-file <quoted_string>;
prefer-server-ciphers <boolean>;
protocols { <string>; ... };
remote-hostname <quoted_string>;
session-tickets <boolean>;
};

17
doc/misc/trust-anchors.grammar.rst
View File

@@ -1,17 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
trust-anchors { <string> ( static-key |
initial-key | static-ds | initial-ds )
<integer> <integer> <integer>
<quoted_string>; ... };

16
doc/misc/trusted-keys.grammar.rst
View File

@@ -1,16 +0,0 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
::
trusted-keys { <string> <integer>
<integer> <integer>
<quoted_string>; ... };, deprecated