mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

regen master

Browse Source
This commit is contained in:
Tinderbox User 2016-07-23 01:08:43 +00:00
parent 3e6b0b4931
commit e31a24d05b
4 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
doc/arm/Bv9ARM.ch06.html
View File

@ -3985,6 +3985,34 @@ options {
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>trust-anchor-telemetry</strong></span></span></dt>
<dd>
<p>
Causes <span class="command"><strong>named</strong></span> to send specially-formed
queries once per day to domains for which trust anchors
have been configured via <span class="command"><strong>trusted-keys</strong></span>,
<span class="command"><strong>managed-keys</strong></span>,
<span class="command"><strong>dnssec-validation auto</strong></span>, or
<span class="command"><strong>dnssec-lookaside auto</strong></span>.
</p>
<p>
The query name used for these queries has the
form "_ta-xxxx(-xxxx)(...)".&lt;domain&gt;, where
each "xxxx" is a group of four hexadecimal digits
representing the key ID of a trusted DNSSEC key.
The key IDs for each domain are sorted smallest
to largest prior to encoding. The query type is NULL.
</p>
<p>
By monitoring these queries, zone operators will
be able to see which resolvers have been updated to
trust a new key; this may help them decide when it
is safe to remove an old one.
</p>
<p>
The default is <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>use-id-pool</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete</em></span>.

11
doc/arm/Bv9ARM.ch09.html
View File

@ -570,6 +570,17 @@
name rather than returning all of the matching RRsets.
Thanks to Tony Finch for the contribution. [RT #41615]
</p></li>
<li class="listitem"><p>
<span class="command"><strong>named</strong></span> now provides feedback to the
owners of zones which have trust anchors configured
(<span class="command"><strong>trusted-keys</strong></span>,
<span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
by sending a daily query which encodes the keyids of the
configured trust anchors for the zone. This is controlled
by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
to yes.
</p></li>
</ul></div>
</div>
<div class="section">

11
doc/arm/notes.html
View File

@ -531,6 +531,17 @@
name rather than returning all of the matching RRsets.
Thanks to Tony Finch for the contribution. [RT #41615]
</p></li>
<li class="listitem"><p>
<span class="command"><strong>named</strong></span> now provides feedback to the
owners of zones which have trust anchors configured
(<span class="command"><strong>trusted-keys</strong></span>,
<span class="command"><strong>managed-keys</strong></span>, <span class="command"><strong>dnssec-validation
auto;</strong></span> and <span class="command"><strong>dnssec-lookaside auto;</strong></span>)
by sending a daily query which encodes the keyids of the
configured trust anchors for the zone. This is controlled
by <span class="command"><strong>trust-anchor-telemetry</strong></span> and defaults
to yes.
</p></li>
</ul></div>
</div>
<div class="section">

2
doc/misc/options
View File

@ -322,6 +322,7 @@ options {
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
trust-anchor-telemetry <boolean>;
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
@ -608,6 +609,7 @@ view <string> [ <class> ] {
dscp <integer> ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
trust-anchor-telemetry <boolean>;
trusted-keys { <string> <integer> <integer> <integer>
<quoted_string>; ... };
try-tcp-refresh <boolean>;