diff options
Diffstat (limited to 'contrib/bind9/bin/named/named.conf.docbook')
-rw-r--r-- | contrib/bind9/bin/named/named.conf.docbook | 68 |
1 files changed, 61 insertions, 7 deletions
diff --git a/contrib/bind9/bin/named/named.conf.docbook b/contrib/bind9/bin/named/named.conf.docbook index d98e289..962eaaa 100644 --- a/contrib/bind9/bin/named/named.conf.docbook +++ b/contrib/bind9/bin/named/named.conf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.39 2008-09-24 02:46:21 marka Exp $ --> +<!-- $Id: named.conf.docbook,v 1.49.14.1 2011-02-03 05:50:05 marka Exp $ --> <refentry> <refentryinfo> <date>Aug 13, 2004</date> @@ -41,6 +41,9 @@ <year>2006</year> <year>2007</year> <year>2008</year> + <year>2009</year> + <year>2010</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -132,6 +135,15 @@ trusted-keys { </refsect1> <refsect1> + <title>MANAGED-KEYS</title> + <literallayout> +managed-keys { + <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... +}; +</literallayout> + </refsect1> + + <refsect1> <title>CONTROLS</title> <literallayout> controls { @@ -214,6 +226,7 @@ options { tcp-listen-queue <replaceable>integer</replaceable>; tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>; tkey-gssapi-credential <replaceable>quoted_string</replaceable>; + tkey-gssapi-keytab <replaceable>quoted_string</replaceable>; tkey-domain <replaceable>quoted_string</replaceable>; transfers-per-ns <replaceable>integer</replaceable>; transfers-in <replaceable>integer</replaceable>; @@ -242,6 +255,7 @@ options { queryport-pool-ports <replaceable>integer</replaceable>; queryport-pool-updateinterval <replaceable>integer</replaceable>; cleaning-interval <replaceable>integer</replaceable>; + resolver-query-timeout <replaceable>integer</replaceable>; min-roots <replaceable>integer</replaceable>; // not implemented lame-ttl <replaceable>integer</replaceable>; max-ncache-ttl <replaceable>integer</replaceable>; @@ -272,9 +286,21 @@ options { dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>; + dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; + dns64-server <replaceable>string</replaceable>; + dns64-contact <replaceable>string</replaceable>; + dns64 <replaceable>prefix</replaceable> { + clients { <replacable>acl</replacable>; }; + exclude { <replacable>acl</replacable>; }; + mapped { <replacable>acl</replacable>; }; + break-dnssec <replaceable>boolean</replaceable>; + recursive-only <replaceable>boolean</replaceable>; + suffix <replaceable>ipv6_address</replaceable>; + }; + empty-server <replaceable>string</replaceable>; empty-contact <replaceable>string</replaceable>; empty-zones-enable <replaceable>boolean</replaceable>; @@ -291,6 +317,7 @@ options { allow-update { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; update-check-ksk <replaceable>boolean</replaceable>; + dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; masterfile-format ( text | raw ); notify <replaceable>notifytype</replaceable>; @@ -337,9 +364,18 @@ options { zone-statistics <replaceable>boolean</replaceable>; key-directory <replaceable>quoted_string</replaceable>; + managed-keys-directory <replaceable>quoted_string</replaceable>; + auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>; try-tcp-refresh <replaceable>boolean</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; + dnssec-secure-to-insecure <replaceable>boolean</replaceable>; + deny-answer-addresses { + <replaceable>address_match_list</replaceable> + } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; + deny-answer-aliases { + <replaceable>namelist</replaceable> + } <optional> except-from { <replaceable>namelist</replaceable> } </optional>; nsec3-test-zone <replaceable>boolean</replaceable>; // testing only @@ -381,7 +417,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> }; trusted-keys { - <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ... + <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; + <optional>...</optional> }; allow-recursion { <replaceable>address_match_element</replaceable>; ... }; @@ -406,6 +443,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> queryport-pool-ports <replaceable>integer</replaceable>; queryport-pool-updateinterval <replaceable>integer</replaceable>; cleaning-interval <replaceable>integer</replaceable>; + resolver-query-timeout <replaceable>integer</replaceable>; min-roots <replaceable>integer</replaceable>; // not implemented lame-ttl <replaceable>integer</replaceable>; max-ncache-ttl <replaceable>integer</replaceable>; @@ -439,6 +477,17 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; + dns64-server <replaceable>string</replaceable>; + dns64-contact <replaceable>string</replaceable>; + dns64 <replaceable>prefix</replaceable> { + clients { <replacable>acl</replacable>; }; + exclude { <replacable>acl</replacable>; }; + mapped { <replacable>acl</replacable>; }; + break-dnssec <replaceable>boolean</replaceable>; + recursive-only <replaceable>boolean</replaceable>; + suffix <replaceable>ipv6_address</replaceable>; + }; + empty-server <replaceable>string</replaceable>; empty-contact <replaceable>string</replaceable>; empty-zones-enable <replaceable>boolean</replaceable>; @@ -455,6 +504,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> allow-update { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; update-check-ksk <replaceable>boolean</replaceable>; + dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; masterfile-format ( text | raw ); notify <replaceable>notifytype</replaceable>; @@ -499,6 +549,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> key-directory <replaceable>quoted_string</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; + dnssec-secure-to-insecure <replaceable>boolean</replaceable>; allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete fetch-glue <replaceable>boolean</replaceable>; // obsolete @@ -533,20 +584,23 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> ixfr-from-differences <replaceable>boolean</replaceable>; journal <replaceable>quoted_string</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; + dnssec-secure-to-insecure <replaceable>boolean</replaceable>; allow-query { <replaceable>address_match_element</replaceable>; ... }; allow-query-on { <replaceable>address_match_element</replaceable>; ... }; allow-transfer { <replaceable>address_match_element</replaceable>; ... }; allow-update { <replaceable>address_match_element</replaceable>; ... }; allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... }; - update-policy { + update-policy <replaceable>local</replaceable> | <replaceable> { ( grant | deny ) <replaceable>string</replaceable> ( name | subdomain | wildcard | self | selfsub | selfwild | krb5-self | ms-self | krb5-subdomain | ms-subdomain | - tcp-self | 6to4-self ) <replaceable>string</replaceable> - <replaceable>rrtypelist</replaceable>; ... - }; + tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable> + <replaceable>rrtypelist</replaceable>; + <optional>...</optional> + }</replaceable>; update-check-ksk <replaceable>boolean</replaceable>; + dnssec-dnskey-kskonly <replaceable>boolean</replaceable>; masterfile-format ( text | raw ); notify <replaceable>notifytype</replaceable>; |