summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/doc/misc/options
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/doc/misc/options')
-rw-r--r--contrib/bind9/doc/misc/options104
1 files changed, 92 insertions, 12 deletions
diff --git a/contrib/bind9/doc/misc/options b/contrib/bind9/doc/misc/options
index a6b2dcd..673abf7 100644
--- a/contrib/bind9/doc/misc/options
+++ b/contrib/bind9/doc/misc/options
@@ -44,6 +44,9 @@ lwres {
view <string> <optional_class>;
};
+managed-keys { <string> <string> <integer> <integer> <integer>
+ <quoted_string>; ... };
+
masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
@@ -52,6 +55,7 @@ options {
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
+ allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
@@ -68,11 +72,14 @@ options {
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
+ attach-cache <string>;
auth-nxdomain <boolean>; // default changed
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
+ bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
cache-file <quoted_string>;
+ check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
@@ -85,15 +92,31 @@ options {
coresize <size>;
datasize <size>;
deallocate-on-exit <boolean>; // obsolete
+ deny-answer-addresses { <address_match_element>; ... } [
+ except-from { <quoted_string>; ... } ];
+ deny-answer-aliases { <quoted_string>; ... } [ except-from {
+ <quoted_string>; ... } ];
dialup <dialuptype>;
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
+ dns64 <netprefix> {
+ break-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive-only <boolean>;
+ suffix <ipv6_address>;
+ };
+ dns64-contact <string>;
+ dns64-server <string>;
dnssec-accept-expired <boolean>;
+ dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
- dnssec-validation <boolean>;
+ dnssec-secure-to-insecure <boolean>;
+ dnssec-validation ( yes | no | auto );
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ); ... };
@@ -105,6 +128,8 @@ options {
fake-iquery <boolean>; // obsolete
fetch-glue <boolean>; // obsolete
files <size>;
+ filter-aaaa { <address_match_element>; ... }; // not configured
+ filter-aaaa-on-v4 <v4_aaaa>; // not configured
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
@@ -121,6 +146,7 @@ options {
listen-on [ port <integer> ] { <address_match_element>; ... };
listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
maintain-ixfr-base <boolean>; // obsolete
+ managed-keys-directory <quoted_string>;
masterfile-format ( text | raw );
match-mapped-addresses <boolean>;
max-acache-size <size_no_default>;
@@ -168,13 +194,22 @@ options {
request-ixfr <boolean>;
request-nsid <boolean>;
reserved-sockets <integer>;
+ resolver-query-timeout <integer>;
+ response-policy {
+ zone <string> [ policy ( given | no-op | nxdomain | nodata
+ | cname <domain> ) ];
+ };
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
+ secroots-file <quoted_string>;
serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none | hostname );
+ session-keyalg <string>;
+ session-keyfile ( <quoted_string> | none );
+ session-keyname <string>;
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
@@ -189,6 +224,7 @@ options {
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
+ tkey-gssapi-keytab <quoted_string>;
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
@@ -242,6 +278,7 @@ view <string> <optional_class> {
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
+ allow-new-zones <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
@@ -258,8 +295,10 @@ view <string> <optional_class> {
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
+ attach-cache <string>;
auth-nxdomain <boolean>; // default changed
cache-file <quoted_string>;
+ check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
@@ -270,17 +309,33 @@ view <string> <optional_class> {
cleaning-interval <integer>;
clients-per-query <integer>;
database <string>;
+ deny-answer-addresses { <address_match_element>; ... } [
+ except-from { <quoted_string>; ... } ];
+ deny-answer-aliases { <quoted_string>; ... } [ except-from {
+ <quoted_string>; ... } ];
dialup <dialuptype>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
dlz <string> {
database <string>;
};
+ dns64 <netprefix> {
+ break-dnssec <boolean>;
+ clients { <address_match_element>; ... };
+ exclude { <address_match_element>; ... };
+ mapped { <address_match_element>; ... };
+ recursive-only <boolean>;
+ suffix <ipv6_address>;
+ };
+ dns64-contact <string>;
+ dns64-server <string>;
dnssec-accept-expired <boolean>;
+ dnssec-dnskey-kskonly <boolean>;
dnssec-enable <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
- dnssec-validation <boolean>;
+ dnssec-secure-to-insecure <boolean>;
+ dnssec-validation ( yes | no | auto );
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ); ... };
@@ -289,6 +344,8 @@ view <string> <optional_class> {
empty-server <string>;
empty-zones-enable <boolean>;
fetch-glue <boolean>; // obsolete
+ filter-aaaa { <address_match_element>; ... }; // not configured
+ filter-aaaa-on-v4 <v4_aaaa>; // not configured
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
@@ -300,6 +357,8 @@ view <string> <optional_class> {
key-directory <quoted_string>;
lame-ttl <integer>;
maintain-ixfr-base <boolean>; // obsolete
+ managed-keys { <string> <string> <integer> <integer> <integer>
+ <quoted_string>; ... };
masterfile-format ( text | raw );
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
@@ -338,6 +397,11 @@ view <string> <optional_class> {
recursion <boolean>;
request-ixfr <boolean>;
request-nsid <boolean>;
+ resolver-query-timeout <integer>;
+ response-policy {
+ zone <string> [ policy ( given | no-op | nxdomain | nodata
+ | cname <domain> ) ];
+ };
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
@@ -395,6 +459,8 @@ view <string> <optional_class> {
<integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
+ auto-dnssec ( allow | maintain | create | off );
+ check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
@@ -405,6 +471,8 @@ view <string> <optional_class> {
database <string>;
delegation-only <boolean>;
dialup <dialuptype>;
+ dnssec-dnskey-kskonly <boolean>;
+ dnssec-secure-to-insecure <boolean>;
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> |
@@ -440,6 +508,9 @@ view <string> <optional_class> {
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer> <integer>
<quoted_string>; // obsolete
+ server-addresses { ( <ipv4_address> | <ipv6_address> ) [
+ port <integer> ]; ... };
+ server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
@@ -449,13 +520,14 @@ view <string> <optional_class> {
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
try-tcp-refresh <boolean>;
- type ( master | slave | stub | hint | forward |
- delegation-only );
+ type ( master | slave | stub | static-stub | hint | forward
+ | delegation-only );
update-check-ksk <boolean>;
- update-policy { ( grant | deny ) <string> ( name |
- subdomain | wildcard | self | selfsub | selfwild |
+ update-policy ( local | { ( grant | deny ) <string> ( name
+ | subdomain | wildcard | self | selfsub | selfwild |
krb5-self | ms-self | krb5-subdomain | ms-subdomain |
- tcp-self | 6to4-self ) <string> <rrtypelist>; ... };
+ tcp-self | 6to4-self | zonesub | external ) [ <string>
+ ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics <boolean>;
@@ -475,6 +547,8 @@ zone <string> <optional_class> {
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
+ auto-dnssec ( allow | maintain | create | off );
+ check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
@@ -485,6 +559,8 @@ zone <string> <optional_class> {
database <string>;
delegation-only <boolean>;
dialup <dialuptype>;
+ dnssec-dnskey-kskonly <boolean>;
+ dnssec-secure-to-insecure <boolean>;
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
@@ -517,6 +593,9 @@ zone <string> <optional_class> {
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
+ server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
+ <integer> ]; ... };
+ server-names { <quoted_string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
@@ -524,12 +603,13 @@ zone <string> <optional_class> {
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
try-tcp-refresh <boolean>;
- type ( master | slave | stub | hint | forward | delegation-only );
+ type ( master | slave | stub | static-stub | hint | forward |
+ delegation-only );
update-check-ksk <boolean>;
- update-policy { ( grant | deny ) <string> ( name | subdomain |
- wildcard | self | selfsub | selfwild | krb5-self | ms-self |
- krb5-subdomain | ms-subdomain | tcp-self | 6to4-self ) <string>
- <rrtypelist>; ... };
+ update-policy ( local | { ( grant | deny ) <string> ( name |
+ subdomain | wildcard | self | selfsub | selfwild | krb5-self |
+ ms-self | krb5-subdomain | ms-subdomain | tcp-self | 6to4-self
+ | zonesub | external ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics <boolean>;
OpenPOWER on IntegriCloud