diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 442c4ab61f..8587f7283c 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -861,6 +861,7 @@ view string [ class ] {
max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
+ mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
@@ -966,6 +967,7 @@ zone string [ class ] {
max-zone-ttl ( unlimited | ttlval );
min-refresh-time integer;
min-retry-time integer;
+ mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 9aa63163e9..c8eec62d4e 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -12455,6 +12455,46 @@ example.com. NS ns2.example.net.
+
+ mirror
+
+
+ If set to yes, causes the
+ zone to become a mirror zone. A mirror zone is a
+ slave zone whose every
+ version is subject to DNSSEC validation before being
+ used. In order for zone validation to succeed, its
+ KSK must be configured as a trust anchor. Answers
+ coming from a mirror zone look almost exactly like
+ answers from a regular slave
+ zone, with the notable exception of the AA bit not
+ being set. The default is no.
+ This option is meant to be used for deploying an RFC
+ 7706-style local copy of the root zone, e.g. using a
+ configuration like this:
+
+zone "." {
+ type slave;
+ mirror yes;
+ file "root.mirror";
+ masters {
+ 192.228.79.201; # b.root-servers.net
+ 192.33.4.12; # c.root-servers.net
+ 192.5.5.241; # f.root-servers.net
+ 192.112.36.4; # g.root-servers.net
+ 193.0.14.129; # k.root-servers.net
+ 192.0.47.132; # xfr.cjr.dns.icann.org
+ 192.0.32.132; # xfr.lax.dns.icann.org
+ 2001:500:84::b; # b.root-servers.net
+ 2001:500:2f::f; # f.root-servers.net
+ 2001:7fd::1; # k.root-servers.net
+ 2620:0:2830:202::132; # xfr.cjr.dns.icann.org
+ 2620:0:2d0:202::132; # xfr.lax.dns.icann.org
+ };
+};
+
+
+
multi-master
diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml
index 4624fbfa9d..ef3f33ce9b 100644
--- a/doc/arm/options.grammar.xml
+++ b/doc/arm/options.grammar.xml
@@ -181,6 +181,7 @@
min-retry-time integer;
minimal-any boolean;
minimal-responses ( no-auth | no-auth-recursive | boolean );
+ mirror boolean;
multi-master boolean;
new-zones-directory quoted_string;
no-case-compress { address_match_element; ... };
diff --git a/doc/arm/slave.zoneopt.xml b/doc/arm/slave.zoneopt.xml
index 63c0a4acf1..0c4ee36a70 100644
--- a/doc/arm/slave.zoneopt.xml
+++ b/doc/arm/slave.zoneopt.xml
@@ -50,6 +50,7 @@
max-transfer-time-out integer;
min-refresh-time integer;
min-retry-time integer;
+ mirror boolean;
multi-master boolean;
notify ( explicit | master-only | boolean );
notify-delay integer;
diff --git a/doc/misc/options b/doc/misc/options
index 294f8b84ef..72a852b2ff 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -784,6 +784,7 @@ view [ ] {
max-zone-ttl ( unlimited | );
min-refresh-time ;
min-retry-time ;
+ mirror ;
multi-master ;
notify ( explicit | master-only | );
notify-delay ;
@@ -890,6 +891,7 @@ zone [ ] {
max-zone-ttl ( unlimited | );
min-refresh-time ;
min-retry-time ;
+ mirror ;
multi-master ;
notify ( explicit | master-only | );
notify-delay ;
diff --git a/doc/misc/slave.zoneopt b/doc/misc/slave.zoneopt
index 248823a88b..42c87f4678 100644
--- a/doc/misc/slave.zoneopt
+++ b/doc/misc/slave.zoneopt
@@ -37,6 +37,7 @@ zone [ ] {
max-transfer-time-out ;
min-refresh-time ;
min-retry-time ;
+ mirror ;
multi-master ;
notify ( explicit | master-only | );
notify-delay ;