diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 7f11110daf..442c4ab61f 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -13,7 +13,7 @@ - 2018-01-22 + 2018-05-29 ISC @@ -205,7 +205,7 @@ options { integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ - in-memory boolean ] [ min-update-interval integer ]; ... }; + in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); @@ -244,6 +244,7 @@ options { }; dns64-contact string; dns64-server string; + dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; @@ -292,14 +293,13 @@ options { fstrm-set-output-notify-threshold integer; fstrm-set-output-queue-model ( mpsc | spsc ); fstrm-set-output-queue-size integer; - fstrm-set-reopen-interval integer; + fstrm-set-reopen-interval ttlval; geoip-directory ( quoted_string | none ); - geoip-use-ecs boolean; glue-cache boolean; heartbeat-interval integer; hostname ( quoted_string | none ); inline-signing boolean; - interface-interval integer; + interface-interval ttlval; ixfr-from-differences ( primary | master | secondary | slave | boolean ); keep-response-order { address_match_element; ... }; @@ -318,10 +318,10 @@ options { masterfile-style ( full | relative ); match-mapped-addresses boolean; max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl integer; + max-cache-ttl ttlval; max-clients-per-query integer; max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl integer; + max-ncache-ttl ttlval; max-records integer; max-recursion-depth integer; max-recursion-queries integer; @@ -362,6 +362,7 @@ options { preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; + qname-minimization ( strict | relaxed | disabled ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; @@ -401,18 +402,19 @@ options { response-padding { address_match_element; ... } block-size integer; response-policy { zone quoted_string [ log boolean ] [ - max-policy-ttl integer ] [ min-update-interval integer ] [ + max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [ - max-policy-ttl integer ] [ min-update-interval integer ] [ + max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { quoted_string; ... } ]; + root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots-file quoted_string; @@ -557,7 +559,7 @@ view string [ class ] { integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ - in-memory boolean ] [ min-update-interval integer ]; ... }; + in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); @@ -595,6 +597,7 @@ view string [ class ] { }; dns64-contact string; dns64-server string; + dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; @@ -648,10 +651,10 @@ view string [ class ] { match-destinations { address_match_element; ... }; match-recursive-only boolean; max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl integer; + max-cache-ttl ttlval; max-clients-per-query integer; max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl integer; + max-ncache-ttl ttlval; max-records integer; max-recursion-depth integer; max-recursion-queries integer; @@ -686,6 +689,7 @@ view string [ class ] { preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; + qname-minimization ( strict | relaxed | disabled ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; @@ -720,18 +724,19 @@ view string [ class ] { response-padding { address_match_element; ... } block-size integer; response-policy { zone quoted_string [ log boolean ] [ - max-policy-ttl integer ] [ min-update-interval integer ] [ + max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [ - max-policy-ttl integer ] [ min-update-interval integer ] [ + max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { quoted_string; ... } ]; + root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; send-cookie boolean; @@ -824,6 +829,7 @@ view string [ class ] { dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; + dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-secure-to-insecure boolean; @@ -930,6 +936,7 @@ zone string [ class ] { delegation-only boolean; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; + dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-secure-to-insecure boolean; diff --git a/bin/named/server.c b/bin/named/server.c index bfdc2af9b7..ab14623afa 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -3690,7 +3690,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, isc_dscp_t dscp4 = -1, dscp6 = -1; dns_dyndbctx_t *dctx = NULL; unsigned int resolver_param; - const char * qminmode = NULL; + const char *qminmode = NULL; REQUIRE(DNS_VIEW_VALID(view)); diff --git a/doc/arm/master.zoneopt.xml b/doc/arm/master.zoneopt.xml index f68ace8b98..e1261b4e9a 100644 --- a/doc/arm/master.zoneopt.xml +++ b/doc/arm/master.zoneopt.xml @@ -33,6 +33,7 @@ database string; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; + dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-secure-to-insecure boolean; diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index f2d8ab3057..abc681dd28 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -101,11 +101,11 @@ - Support for qname minimization was added and enabled by default in - relaxed mode - in which BIND will fall back to - normal resolution should the remote server return something - unexpected during query minimization process. This default setting - might change to strict in the future. + Support for QNAME minimization was added and enabled by default + in relaxed mode, in which BIND will fall back + to normal resolution if the remote server returns something + unexpected during the query minimization process. This default + setting might change to strict in the future. diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml index 09dbab854c..4624fbfa9d 100644 --- a/doc/arm/options.grammar.xml +++ b/doc/arm/options.grammar.xml @@ -44,7 +44,7 @@ integer ] [ dscp integer ] { ( masters | ipv4_address [ port integer ] | ipv6_address [ port integer ] ) [ key string ]; ... } ] [ zone-directory quoted_string ] [ - in-memory boolean ] [ min-update-interval integer ]; ... }; + in-memory boolean ] [ min-update-interval ttlval ]; ... }; check-dup-records ( fail | warn | ignore ); check-integrity boolean; check-mx ( fail | warn | ignore ); @@ -83,6 +83,7 @@ }; dns64-contact string; dns64-server string; + dnskey-sig-validity integer; dnsrps-enable boolean; dnsrps-options { unspecified-text }; dnssec-accept-expired boolean; @@ -131,14 +132,13 @@ fstrm-set-output-notify-threshold integer; fstrm-set-output-queue-model ( mpsc | spsc ); fstrm-set-output-queue-size integer; - fstrm-set-reopen-interval integer; + fstrm-set-reopen-interval ttlval; geoip-directory ( quoted_string | none ); - geoip-use-ecs boolean; glue-cache boolean; heartbeat-interval integer; hostname ( quoted_string | none ); inline-signing boolean; - interface-interval integer; + interface-interval ttlval; ixfr-from-differences ( primary | master | secondary | slave | boolean ); keep-response-order { address_match_element; ... }; @@ -157,10 +157,10 @@ masterfile-style ( full | relative ); match-mapped-addresses boolean; max-cache-size ( default | unlimited | sizeval | percentage ); - max-cache-ttl integer; + max-cache-ttl ttlval; max-clients-per-query integer; max-journal-size ( default | unlimited | sizeval ); - max-ncache-ttl integer; + max-ncache-ttl ttlval; max-records integer; max-recursion-depth integer; max-recursion-queries integer; @@ -201,6 +201,7 @@ preferred-glue string; prefetch integer [ integer ]; provide-ixfr boolean; + qname-minimization ( strict | relaxed | disabled ); query-source ( ( [ address ] ( ipv4_address | * ) [ port ( integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ] port ( integer | * ) ) ) [ dscp integer ]; @@ -240,18 +241,19 @@ response-padding { address_match_element; ... } block-size integer; response-policy { zone quoted_string [ log boolean ] [ - max-policy-ttl integer ] [ min-update-interval integer ] [ + max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ]; ... } [ break-dnssec boolean ] [ - max-policy-ttl integer ] [ min-update-interval integer ] [ + max-policy-ttl ttlval ] [ min-update-interval ttlval ] [ min-ns-dots integer ] [ nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ] [ recursive-only boolean ] [ nsip-enable boolean ] [ nsdname-enable boolean ] [ dnsrps-enable boolean ] [ dnsrps-options { unspecified-text } ]; root-delegation-only [ exclude { quoted_string; ... } ]; + root-key-sentinel boolean; rrset-order { [ class string ] [ type string ] [ name quoted_string ] string string; ... }; secroots-file quoted_string; diff --git a/doc/arm/slave.zoneopt.xml b/doc/arm/slave.zoneopt.xml index 32e494a317..63c0a4acf1 100644 --- a/doc/arm/slave.zoneopt.xml +++ b/doc/arm/slave.zoneopt.xml @@ -26,6 +26,7 @@ database string; dialup ( notify | notify-passive | passive | refresh | boolean ); dlz string; + dnskey-sig-validity integer; dnssec-dnskey-kskonly boolean; dnssec-loadkeys-interval integer; dnssec-update-mode ( maintain | no-resign ); diff --git a/doc/misc/options b/doc/misc/options index 60ddaea3b2..f1e3d1023f 100644 --- a/doc/misc/options +++ b/doc/misc/options @@ -185,7 +185,7 @@ options { fstrm-set-output-queue-size ; // not configured fstrm-set-reopen-interval ; // not configured geoip-directory ( | none ); // not configured - geoip-use-ecs ; // not configured + geoip-use-ecs ; // obsolete glue-cache ; has-old-clients ; // obsolete heartbeat-interval ; @@ -205,7 +205,7 @@ options { listen-on-v6 [ port ] [ dscp ] { ; ... }; // may occur multiple times - lmdb-mapsize ; // non-operational + lmdb-mapsize ; lock-file ( | none ); maintain-ixfr-base ; // obsolete managed-keys-directory ; @@ -264,7 +264,7 @@ options { preferred-glue ; prefetch [ ]; provide-ixfr ; - qname-minimization ( strict | relaxed | disabled ); + qname-minimization ( strict | relaxed | disabled ); query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; @@ -544,7 +544,7 @@ view [ ] { }; // may occur multiple times key-directory ; lame-ttl ; - lmdb-mapsize ; // non-operational + lmdb-mapsize ; maintain-ixfr-base ; // obsolete managed-keys { @@ -598,6 +598,7 @@ view [ ] { preferred-glue ; prefetch [ ]; provide-ixfr ; + qname-minimization ( strict | relaxed | disabled ); query-source ( ( [ address ] ( | * ) [ port ( | * ) ] ) | ( [ [ address ] ( | * ) ] port ( | * ) ) ) [ dscp ]; diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index e1f70148b8..55fd1eeccc 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -9406,7 +9406,7 @@ rctx_badserver(respctx_t *rctx, isc_result_t result) { DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO, "disabling qname minimization for '%s'" " due to bad server", fctx->info); - fctx->qmin_labels = DNS_MAX_LABELS + 1; + fctx->qmin_labels = DNS_MAX_LABELS + 1; result = rctx_answer_minimized(rctx); } else if (!NOCOOKIE(query->addrinfo) && (fctx->rmessage->rcode == dns_rcode_formerr ||