From 9a7c2b370e7df11beefe709a47efb79ce8e11a31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 30 Sep 2022 13:57:17 +0200 Subject: [PATCH] Deduplicate link anchors in the ARM Some statement names like "allow-query" had manually defined link anchor _allow-query and also implicit anchor created by .. namedconf:statement:: syntax. This causes warnings if a ambiguous reference is made using :any:`allow-query` syntax. Remove (hopefully all) manually defined anchors which pointed to identical place as the implicit anchor. This allows :any: to work. In rare cases where manual anchor points to descriptive text separated from statement definition the reference was disamguated by replacing :any:`notify` with :ref:`notify` (for manual anchor) vs. :namedconf:ref:`notify` (for statement definition). Please note that `options` statement is a trap: It is ambiguous even without manual anchor because rndc.conf has its own `options`. Use :namedconf:ref:`options` vs. :rndcconf:ref:`options` to select appropriate target. --- doc/arm/config-auth.inc.rst | 20 +++++----- doc/arm/config-intro.inc.rst | 4 +- doc/arm/config-resolve.inc.rst | 18 ++++----- doc/arm/dnssec.inc.rst | 3 +- doc/arm/reference.rst | 70 +++++++--------------------------- doc/arm/requirements.inc.rst | 2 +- 6 files changed, 37 insertions(+), 80 deletions(-) diff --git a/doc/arm/config-auth.inc.rst b/doc/arm/config-auth.inc.rst index ee6a9fed81..b054fb0904 100644 --- a/doc/arm/config-auth.inc.rst +++ b/doc/arm/config-auth.inc.rst @@ -77,11 +77,11 @@ The numbers in parentheses in the following text refer to the numbered items in propagation can therefore take extended periods. 4. The optional NOTIFY (:rfc:`1996`) feature (2) is automatically configured; - use the :ref:`notify ` statement to turn off the feature. + use the :namedconf:ref:`notify` statement to turn off the feature. Whenever the primary loads or reloads a zone, it sends a NOTIFY message to the configured secondary (or secondaries) and may optionally be configured to send the NOTIFY message to other hosts using the - :ref:`also-notify` statement. The NOTIFY message simply + :any:`also-notify` statement. The NOTIFY message simply indicates to the secondary that the primary has loaded or reloaded the zone. On receipt of the NOTIFY message, the secondary respons to indicate it has received the NOTIFY and immediately reads the SOA RR from the primary (as described in section 2 a. above). If the zone file has @@ -166,10 +166,10 @@ the :iscman:`named.conf` file has been modified as shown: The added statements and blocks are commented in the above file. -The :any:`zone` block, and :ref:`allow-query`, +The :any:`zone` block, and :any:`allow-query`, :any:`allow-query-cache`, -:ref:`allow-transfer`, :ref:`file`, -:ref:`notify`, :ref:`recursion`, and :any:`type` +:any:`allow-transfer`, :any:`file`, +:namedconf:ref:`notify`, :any:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. .. _sample_secondary: @@ -248,11 +248,11 @@ The :ref:`named.conf` file has been modified as shown: The statements and blocks added are all commented in the above file. -The :any:`zone` block, and :ref:`allow-query`, +The :any:`zone` block, and :any:`allow-query`, :any:`allow-query-cache`, -:ref:`allow-transfer`, :ref:`file`, -:ref:`notify`, :ref:`primaries`, -:ref:`recursion`, and :any:`type` statements are described in +:any:`allow-transfer`, :any:`file`, +:namedconf:ref:`primaries`, +:any:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. If NOTIFY is not being used, no changes are required in this @@ -264,5 +264,5 @@ message. can get more complicated. A secondary zone can also be a primary to other secondaries: :iscman:`named`, by default, sends NOTIFY messages for every zone it loads. Specifying :ref:`notify primary-only;` in the - :ref:`zone` block for the secondary causes :iscman:`named` to + :any:`zone` block for the secondary causes :iscman:`named` to only send NOTIFY messages for primary zones that it loads. diff --git a/doc/arm/config-intro.inc.rst b/doc/arm/config-intro.inc.rst index 919d55137c..7efea14026 100644 --- a/doc/arm/config-intro.inc.rst +++ b/doc/arm/config-intro.inc.rst @@ -78,9 +78,9 @@ as required by the user. }; }; -The :ref:`logging` and :ref:`options` blocks +The :any:`logging` and :namedconf:ref:`options` blocks and :ref:`category`, :any:`channel`, -:ref:`directory`, :ref:`file`, and :ref:`severity` +:any:`directory`, :any:`file`, and :any:`severity` statements are all described further in the appropriate sections of this ARM. .. _base_zone_file: diff --git a/doc/arm/config-resolve.inc.rst b/doc/arm/config-resolve.inc.rst index 4467201389..d299622f84 100644 --- a/doc/arm/config-resolve.inc.rst +++ b/doc/arm/config-resolve.inc.rst @@ -143,7 +143,7 @@ responses for all users. Private IP addresses may be defined using standard :ref:`reverse-mapping techniques` or using the -:ref:`empty-zones-enable` statement. By +:any:`empty-zones-enable` statement. By default this statement is set to ``empty-zones-enable yes;`` and thus automatically prevents unnecessary DNS traffic by sending an NXDOMAIN error response (indicating the name does not exist) to any request. However, some applications may require a @@ -263,8 +263,8 @@ It is therefore a **closed** resolver and cannot be used in wider network attack }; The :any:`zone` and :any:`acl` blocks, and the -:ref:`allow-query`, :ref:`empty-zones-enable`, -:ref:`file`, :ref:`notify`, :ref:`recursion`, and +:any:`allow-query`, :any:`empty-zones-enable`, +:any:`file`, :namedconf:ref:`notify`, :any:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. @@ -381,9 +381,9 @@ provided`. }; The :any:`zone` and :any:`acl` blocks, and the -:ref:`allow-query`, :ref:`empty-zones-enable`, -:ref:`file`, :ref:`forward`, :ref:`forwarders`, -:ref:`notify`, :ref:`recursion`, and :any:`type` +:any:`allow-query`, :any:`empty-zones-enable`, +:any:`file`, :any:`forward`, :any:`forwarders`, +:namedconf:ref:`notify`, :any:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. As a reminder, the configuration of this forwarding resolver does **not** @@ -508,9 +508,9 @@ those IPs from which it will accept recursive queries. The :any:`zone` and :any:`acl` blocks, and the -:ref:`allow-query`, :ref:`empty-zones-enable`, -:ref:`file`, :ref:`forward`, :ref:`forwarders`, -:ref:`notify`, :ref:`recursion`, and :any:`type` +:any:`allow-query`, :any:`empty-zones-enable`, +:any:`file`, :any:`forward`, :any:`forwarders`, +:namedconf:ref:`notify`, :any:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. As a reminder, the configuration of this resolver does **not** access the DNS diff --git a/doc/arm/dnssec.inc.rst b/doc/arm/dnssec.inc.rst index 762e6aa585..5f432a9fc9 100644 --- a/doc/arm/dnssec.inc.rst +++ b/doc/arm/dnssec.inc.rst @@ -461,8 +461,7 @@ DNSSEC Validation ~~~~~~~~~~~~~~~~~ The BIND resolver validates answers from authoritative servers by default. This -behavior is controlled by the configuration statement :ref:`dnssec-validation -`. +behavior is controlled by the configuration statement :namedconf:ref:`dnssec-validation`. By default a trust anchor for the DNS root zone is used. This trust anchor is provided as part of BIND and is kept up-to-date using diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index ac876e3ca2..cf31b624ad 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -402,8 +402,6 @@ The following blocks are supported: :any:`parental-agents` Defines a named list of servers for inclusion in primary and secondary zones' :any:`parental-agents` lists. -.. _primaries: - :any:`primaries` Defines a named list of servers for inclusion in stub and secondary zones' :any:`primaries` or :any:`also-notify` lists. (Note: this is a synonym for the original keyword ``masters``, which can still be used, but is no longer the preferred terminology.) @@ -431,8 +429,6 @@ The following blocks are supported: :any:`view` Defines a view. -.. _zone_clause: - :any:`zone` Defines a zone. @@ -724,8 +720,6 @@ by the channel (the default is ``info``), and whether to include a version of :any:`syslog`, which only uses two arguments to the ``openlog()`` function, this clause is silently ignored. -.. _severity: - .. namedconf:statement:: severity :tags: logging :short: Defines the priority level of log messages. @@ -1085,8 +1079,6 @@ where ``tls-configuration-name`` refers to a previously defined This is the grammar of the ``options`` statement in the :iscman:`named.conf` file: -.. _options: - ``options`` Block Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -1095,8 +1087,6 @@ This statement may appear only once in a configuration file. If there is no ``options`` statement, an options block with each option set to its default is used. -.. _attach-cache: - .. namedconf:statement:: attach-cache :tags: view :short: Allows multiple views to share a single cache database. @@ -1158,8 +1148,6 @@ default is used. administrator's responsibility to ensure that configuration differences in different views do not cause disruption with a shared cache. -.. _directory: - .. namedconf:statement:: directory :tags: server :short: Sets the server's working directory. @@ -1656,8 +1644,6 @@ default is used. is to prefer A records when responding to queries that arrived via IPv4 and AAAA when responding to queries that arrived via IPv6. -.. _root-delegation-only: - .. namedconf:statement:: root-delegation-only :tags: query :short: Turns on enforcement of delegation-only in top-level domains (TLDs) and root zones with an optional exclude list. @@ -2236,8 +2222,6 @@ Boolean Options unnecessary records are added to the authority or additional sections. The default is ``no``. -.. _notify_st: - .. namedconf:statement:: notify :tags: transfer :short: Controls whether ``NOTIFY`` messages are sent on zone changes. @@ -2270,8 +2254,6 @@ Boolean Options ultimate primary should be set to still send NOTIFY messages to all the name servers listed in the NS RRset. -.. _recursion: - .. namedconf:statement:: recursion :tags: query :short: Defines whether recursion and caching are allowed. @@ -2642,8 +2624,6 @@ Boolean Options The DNSSEC records are written to the zone's filename set in :any:`file`, unless :any:`inline-signing` is enabled. -.. _dnssec-validation-option: - .. namedconf:statement:: dnssec-validation :tags: dnssec :short: Enables DNSSEC validation in :iscman:`named`. @@ -2921,8 +2901,6 @@ access to the Internet, but wish to look up exterior names anyway. Forwarding occurs only on those queries for which the server is not authoritative and does not have the answer in its cache. -.. _forward: - .. namedconf:statement:: forward :tags: query :short: Allows or disallows fallback to recursion if forwarding has failed; it is always used in conjunction with the :any:`forwarders` statement. @@ -2933,8 +2911,6 @@ authoritative and does not have the answer in its cache. server then looks for the answer itself. If ``only`` is specified, the server only queries the forwarders. -.. _forwarders: - .. namedconf:statement:: forwarders :tags: query :short: Defines one or more hosts to which queries are forwarded. @@ -3125,10 +3101,6 @@ for details on how to specify IP address lists. and inherited by zones, this can lead to some zones unintentionally forwarding updates. -.. _allow-transfer-access: - -.. _allow-transfer: - .. namedconf:statement:: allow-transfer :tags: transfer :short: Defines an :any:`address_match_list` of hosts that are allowed to transfer the zone information from this server. @@ -3448,8 +3420,6 @@ BIND has mechanisms in place to facilitate zone transfers and set limits on the amount of load that transfers place on the system. The following options apply to zone transfers. -.. _also-notify: - .. namedconf:statement:: also-notify :tags: transfer :short: Defines one or more hosts that are sent ``NOTIFY`` messages when zone changes occur. @@ -3918,8 +3888,6 @@ system. This option is deprecated and no longer has any effect. -.. _max-cache-size: - .. namedconf:statement:: max-cache-size :tags: server :short: Sets the maximum amount of memory to use for an individual cache database and its associated metadata. @@ -3929,7 +3897,7 @@ system. physical memory. By default, each view has its own separate cache, which means the total amount of memory required for cache data is the sum of the cache database sizes for all views (unless the - :ref:`attach-cache ` option is used). + :any:`attach-cache` option is used). When the amount of data in a cache database reaches the configured limit, :iscman:`named` starts purging non-expired records (following an @@ -4930,16 +4898,12 @@ away from the infrastructure servers. This specifies the contact name that appears in the returned SOA record for empty zones. If none is specified, "." is used. -.. _empty-zones-enable: - .. namedconf:statement:: empty-zones-enable :tags: server, zone :short: Enables or disables all empty zones. This enables or disables all empty zones. By default, they are enabled. -.. _disable-empty-zone: - .. namedconf:statement:: disable-empty-zone :tags: server, zone :short: Disables individual empty zones. @@ -6897,7 +6861,7 @@ Zone Types methods may be added in the future. To make mirror zone contents persist between :iscman:`named` restarts, use - the :ref:`file ` option. + the :any:`file` option. Mirroring a zone other than root requires an explicit list of primary servers to be provided using the :any:`primaries` option (see @@ -6915,7 +6879,7 @@ Zone Types explicit;``. Outgoing transfers of mirror zones are disabled by default but may be - enabled using :ref:`allow-transfer `. + enabled using :any:`allow-transfer`. .. note:: Use of this zone type with any zone other than the root should be @@ -7048,7 +7012,7 @@ Zone Types :any:`delegation-only` has no effect on answers received from forwarders. - See caveats in :ref:`root-delegation-only `. + See caveats in :any:`root-delegation-only`. .. namedconf:statement:: in-view :tags: view, zone @@ -7087,8 +7051,6 @@ Zone Options :any:`allow-notify` See the description of :any:`allow-notify` in :ref:`access_control`. -.. _allow-query: - :any:`allow-query` See the description of :any:`allow-query` in :ref:`access_control`. @@ -7147,10 +7109,10 @@ Zone Options See the description of :any:`update-check-ksk` in :ref:`boolean_options`. :any:`dnssec-loadkeys-interval` - See the description of :any:`dnssec-loadkeys-interval` in :ref:`options`. + See the description of :any:`dnssec-loadkeys-interval` in :namedconf:ref:`options`. :any:`dnssec-update-mode` - See the description of :any:`dnssec-update-mode` in :ref:`options`. + See the description of :any:`dnssec-update-mode` in :namedconf:ref:`options`. :any:`dnssec-dnskey-kskonly` See the description of :any:`dnssec-dnskey-kskonly` in :ref:`boolean_options`. @@ -7187,11 +7149,7 @@ Zone Options ``yes``, then the zone is treated as if it is also a delegation-only type zone. - See caveats in :ref:`root-delegation-only `. - -.. _file-option: - -.. _file: + See caveats in :any:`root-delegation-only`. .. namedconf:statement:: file :tags: zone @@ -7223,7 +7181,7 @@ Zone Options :any:`primary ` and :any:`secondary ` zones. :any:`max-ixfr-ratio` - See the description of :any:`max-ixfr-ratio` in :ref:`options`. + See the description of :any:`max-ixfr-ratio` in :namedconf:ref:`options`. :any:`max-journal-size` See the description of :any:`max-journal-size` in :ref:`server_resource_limits`. @@ -7253,7 +7211,7 @@ Zone Options See the description of :any:`notify-to-soa` in :ref:`boolean_options`. :any:`zone-statistics` - See the description of :any:`zone-statistics` in :ref:`options`. + See the description of :any:`zone-statistics` in :namedconf:ref:`options`. .. namedconf:statement:: server-addresses :tags: query, zone @@ -7354,13 +7312,13 @@ Zone Options are not available at the zone level.) :any:`key-directory` - See the description of :any:`key-directory` in :ref:`options`. + See the description of :any:`key-directory` in :namedconf:ref:`options`. :any:`auto-dnssec` - See the description of :any:`auto-dnssec` in :ref:`options`. + See the description of :any:`auto-dnssec` in :namedconf:ref:`options`. :any:`serial-update-method` - See the description of :any:`serial-update-method` in :ref:`options`. + See the description of :any:`serial-update-method` in :namedconf:ref:`options`. .. namedconf:statement:: inline-signing :tags: dnssec, zone @@ -7380,7 +7338,7 @@ Zone Options See the description of :any:`masterfile-format` in :ref:`tuning`. :any:`max-zone-ttl` - See the description of :any:`max-zone-ttl` in :ref:`options`. + See the description of :any:`max-zone-ttl` in :namedconf:ref:`options`. The use of this option in :any:`zone` blocks is deprecated and will be rendered nonoperational in a future release. @@ -7842,7 +7800,7 @@ Socket I/O Statistics A subset of Name Server Statistics is collected and shown per zone for which the server has the authority, when :any:`zone-statistics` is set to ``full`` (or ``yes``), for backward compatibility. See the description of -:any:`zone-statistics` in :ref:`options` for further details. +:any:`zone-statistics` in :namedconf:ref:`options` for further details. These statistics counters are shown with their zone and view names. The view name is omitted when the server is not configured with explicit diff --git a/doc/arm/requirements.inc.rst b/doc/arm/requirements.inc.rst index dcb080ec33..f15bd5782b 100644 --- a/doc/arm/requirements.inc.rst +++ b/doc/arm/requirements.inc.rst @@ -45,7 +45,7 @@ Memory Requirements ------------------- Server memory must be sufficient to hold both the cache and the -zones loaded from disk. The :ref:`max-cache-size` option can +zones loaded from disk. The :any:`max-cache-size` option can limit the amount of memory used by the cache, at the expense of reducing cache hit rates and causing more DNS traffic. It is still good practice to have enough memory to load all zone and cache data into memory;