Updating to 9.14
Mark Andrews
marka at isc.org
Wed May 15 23:52:21 UTC 2019
> On 16 May 2019, at 5:11 am, @lbutlr <kremels at kreme.com> wrote:
>
> Currently running latest release of Bind 9.12, which is now EOLed and want to move to 9.14. I was looking on google for
>
> update "bind9.12" "bind 9.14"
>
> But did not find anything of use. I did find the 9.14 announcement, but there isn't a link there to release notes. I know there has been at least one significant change in the named.conf file.
>
> <https://www.isc.org/blogs/bind-9-14-released/>
>
> Other than the “allow-update” and “allow-update-forwarding” issue which does not affect me, what other configuration issues am I going to hit?
Below are all the changes between 9.12 and 9.14. Most of these are cosmetic,
new/extended features. doc/misc/options is automatically generated from the
parser so it reflects what reality. It’s also a good way to find the option
name when you forget it.
filter-aaaa is now a plugin module.
diff --git a/doc/misc/options b/doc/misc/options
index 0544b388f1..c692ed2ec9 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -93,13 +93,14 @@ options {
[ dscp <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
- in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+ in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
- check-names ( master | slave | response
- ) ( fail | warn | ignore ); // may occur multiple times
+ check-names ( primary | master |
+ secondary | slave | response ) (
+ fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
@@ -110,11 +111,11 @@ options {
cookie-secret <string>; // may occur multiple times
coresize ( default | unlimited | <sizeval> );
datasize ( default | unlimited | <sizeval> );
- deallocate-on-exit <boolean>; // obsolete
+ deallocate-on-exit <boolean>; // ancient
deny-answer-addresses { <address_match_element>; ... } [
- except-from { <quoted_string>; ... } ];
- deny-answer-aliases { <quoted_string>; ... } [ except-from {
- <quoted_string>; ... } ];
+ except-from { <string>; ... } ];
+ deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
+ } ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
directory <quoted_string>;
disable-algorithms <string> { <string>;
@@ -132,6 +133,7 @@ options {
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
+ dnskey-sig-validity <integer>;
dnsrps-enable <boolean>; // not configured
dnsrps-options { <unspecified-text> }; // not configured
dnssec-accept-expired <boolean>;
@@ -145,7 +147,8 @@ options {
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
- resolver ) [ ( query | response ) ]; ... }; // not configured
+ resolver | update ) [ ( query | response ) ];
+ ... }; // not configured
dnstap-identity ( <quoted_string> | none |
hostname ); // not configured
dnstap-output ( file | unix ) <quoted_string> [
@@ -163,15 +166,15 @@ options {
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
- fake-iquery <boolean>; // obsolete
- fetch-glue <boolean>; // obsolete
+ fake-iquery <boolean>; // ancient
+ fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
files ( default | unlimited | <sizeval> );
- filter-aaaa { <address_match_element>; ... };
- filter-aaaa-on-v4 ( break-dnssec | <boolean> );
- filter-aaaa-on-v6 ( break-dnssec | <boolean> );
+ filter-aaaa { <address_match_element>; ... }; // obsolete
+ filter-aaaa-on-v4 <boolean>; // obsolete
+ filter-aaaa-on-v6 <boolean>; // obsolete
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
@@ -182,18 +185,19 @@ options {
fstrm-set-output-notify-threshold <integer>; // not configured
fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-size <integer>; // not configured
- fstrm-set-reopen-interval <integer>; // not configured
+ fstrm-set-reopen-interval <ttlval>; // not configured
geoip-directory ( <quoted_string> | none ); // not configured
- geoip-use-ecs <boolean>; // not configured
+ geoip-use-ecs <boolean>; // obsolete
glue-cache <boolean>;
- has-old-clients <boolean>; // obsolete
+ has-old-clients <boolean>; // ancient
heartbeat-interval <integer>;
- host-statistics <boolean>; // not implemented
- host-statistics-max <integer>; // not implemented
+ host-statistics <boolean>; // ancient
+ host-statistics-max <integer>; // ancient
hostname ( <quoted_string> | none );
inline-signing <boolean>;
- interface-interval <integer>;
- ixfr-from-differences ( master | slave | <boolean> );
+ interface-interval <ttlval>;
+ ixfr-from-differences ( primary | master | secondary | slave |
+ <boolean> );
keep-response-order { <address_match_element>; ... };
key-directory <quoted_string>;
lame-ttl <ttlval>;
@@ -205,18 +209,18 @@ options {
<address_match_element>; ... }; // may occur multiple times
lmdb-mapsize <sizeval>; // non-operational
lock-file ( <quoted_string> | none );
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
managed-keys-directory <quoted_string>;
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
match-mapped-addresses <boolean>;
max-acache-size ( unlimited | <sizeval> ); // obsolete
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <integer>;
+ max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
- max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <integer>;
+ max-ncache-ttl <ttlval>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
@@ -233,14 +237,16 @@ options {
memstatistics <boolean>;
memstatistics-file <quoted_string>;
message-compression <boolean>;
+ min-cache-ttl <ttlval>;
+ min-ncache-ttl <ttlval>;
min-refresh-time <integer>;
min-retry-time <integer>;
- min-roots <integer>; // not implemented
+ min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
- multiple-cnames <boolean>; // obsolete
- named-xfer <quoted_string>; // obsolete
+ multiple-cnames <boolean>; // ancient
+ named-xfer <quoted_string>; // ancient
new-zones-directory <quoted_string>;
no-case-compress { <address_match_element>; ... };
nocookie-udp-size <integer>;
@@ -262,6 +268,7 @@ options {
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
+ qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
@@ -303,26 +310,26 @@ options {
resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
- response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl
- <integer> ] [ min-update-interval <integer> ] [ policy ( cname
- | disabled | drop | given | no-op | nodata | nxdomain |
- passthru | tcp-only <quoted_string> ) ] [ recursive-only
- <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable
- <boolean> ]; ... } [ break-dnssec <boolean> ] [ max-policy-ttl
- <integer> ] [ min-update-interval <integer> ] [ min-ns-dots
- <integer> ] [ nsip-wait-recurse <boolean> ] [
- qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [
- nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
- dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
- } ];
- rfc2308-type1 <boolean>; // not yet implemented
- root-delegation-only [ exclude { <quoted_string>; ... } ];
+ response-policy { zone <string> [ add-soa <boolean> ] [ log
+ <boolean> ] [ max-policy-ttl <ttlval> ] [ min-update-interval
+ <ttlval> ] [ policy ( cname | disabled | drop | given | no-op |
+ nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
+ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
+ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
+ break-dnssec <boolean> ] [ max-policy-ttl <ttlval> ] [
+ min-update-interval <ttlval> ] [ min-ns-dots <integer> ] [
+ nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
+ [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
+ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
+ dnsrps-options { <unspecified-text> } ];
+ rfc2308-type1 <boolean>; // ancient
+ root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
secroots-file <quoted_string>;
send-cookie <boolean>;
- serial-queries <integer>; // obsolete
+ serial-queries <integer>; // ancient
serial-query-rate <integer>;
serial-update-method ( date | increment | unixtime );
server-id ( <quoted_string> | none | hostname );
@@ -341,7 +348,7 @@ options {
stale-answer-ttl <ttlval>;
startup-notify-rate <integer>;
statistics-file <quoted_string>;
- statistics-interval <integer>; // not yet implemented
+ statistics-interval <integer>; // ancient
suppress-initial-notify <boolean>; // not yet implemented
synth-from-dnssec <boolean>;
tcp-advertised-timeout <integer>;
@@ -354,7 +361,7 @@ options {
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
tkey-gssapi-keytab <quoted_string>;
- topology { <address_match_element>; ... }; // not implemented
+ topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-message-size <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@@ -364,23 +371,27 @@ options {
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
- treat-cr-as-space <boolean>; // obsolete
+ treat-cr-as-space <boolean>; // ancient
trust-anchor-telemetry <boolean>; // experimental
try-tcp-refresh <boolean>;
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
- use-id-pool <boolean>; // obsolete
+ use-id-pool <boolean>; // ancient
use-ixfr <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
v6-bias <integer>;
+ validate-except { <string>; ... };
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics ( full | terse | none | <boolean> );
};
+plugin ( query ) <string> [ { <unspecified-text>
+ } ]; // may occur multiple times
+
server <netprefix> {
bogus <boolean>;
edns <boolean>;
@@ -458,13 +469,14 @@ view <string> [ <class> ] {
[ dscp <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
- in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+ in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
- check-names ( master | slave | response
- ) ( fail | warn | ignore ); // may occur multiple times
+ check-names ( primary | master |
+ secondary | slave | response ) (
+ fail | warn | ignore ); // may occur multiple times
check-sibling <boolean>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
@@ -472,9 +484,9 @@ view <string> [ <class> ] {
cleaning-interval <integer>;
clients-per-query <integer>;
deny-answer-addresses { <address_match_element>; ... } [
- except-from { <quoted_string>; ... } ];
- deny-answer-aliases { <quoted_string>; ... } [ except-from {
- <quoted_string>; ... } ];
+ except-from { <string>; ... } ];
+ deny-answer-aliases { <string>; ... } [ except-from { <string>; ...
+ } ];
dialup ( notify | notify-passive | passive | refresh | <boolean> );
disable-algorithms <string> { <string>;
... }; // may occur multiple times
@@ -495,6 +507,7 @@ view <string> [ <class> ] {
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
+ dnskey-sig-validity <integer>;
dnsrps-enable <boolean>; // not configured
dnsrps-options { <unspecified-text> }; // not configured
dnssec-accept-expired <boolean>;
@@ -508,7 +521,8 @@ view <string> [ <class> ] {
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
- resolver ) [ ( query | response ) ]; ... }; // not configured
+ resolver | update ) [ ( query | response ) ];
+ ... }; // not configured
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
@@ -519,19 +533,20 @@ view <string> [ <class> ] {
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
- fetch-glue <boolean>; // obsolete
+ fetch-glue <boolean>; // ancient
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
fetches-per-server <integer> [ ( drop | fail ) ];
fetches-per-zone <integer> [ ( drop | fail ) ];
- filter-aaaa { <address_match_element>; ... };
- filter-aaaa-on-v4 ( break-dnssec | <boolean> );
- filter-aaaa-on-v6 ( break-dnssec | <boolean> );
+ filter-aaaa { <address_match_element>; ... }; // obsolete
+ filter-aaaa-on-v4 <boolean>; // obsolete
+ filter-aaaa-on-v6 <boolean>; // obsolete
forward ( first | only );
forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
glue-cache <boolean>;
inline-signing <boolean>;
- ixfr-from-differences ( master | slave | <boolean> );
+ ixfr-from-differences ( primary | master | secondary | slave |
+ <boolean> );
key <string> {
algorithm <string>;
secret <string>;
@@ -539,7 +554,7 @@ view <string> [ <class> ] {
key-directory <quoted_string>;
lame-ttl <ttlval>;
lmdb-mapsize <sizeval>; // non-operational
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
managed-keys { <string> <string>
<integer> <integer> <integer>
<quoted_string>; ... }; // may occur multiple times
@@ -550,11 +565,11 @@ view <string> [ <class> ] {
match-recursive-only <boolean>;
max-acache-size ( unlimited | <sizeval> ); // obsolete
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <integer>;
+ max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
- max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <integer>;
+ max-ncache-ttl <ttlval>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
@@ -568,9 +583,11 @@ view <string> [ <class> ] {
max-udp-size <integer>;
max-zone-ttl ( unlimited | <ttlval> );
message-compression <boolean>;
+ min-cache-ttl <ttlval>;
+ min-ncache-ttl <ttlval>;
min-refresh-time <integer>;
min-retry-time <integer>;
- min-roots <integer>; // not implemented
+ min-roots <integer>; // ancient
minimal-any <boolean>;
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
multi-master <boolean>;
@@ -589,9 +606,12 @@ view <string> [ <class> ] {
nta-lifetime <ttlval>;
nta-recheck <ttlval>;
nxdomain-redirect <string>;
+ plugin ( query ) <string> [ {
+ <unspecified-text> } ]; // may occur multiple times
preferred-glue <string>;
prefetch <integer> [ <integer> ];
provide-ixfr <boolean>;
+ qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port (
<integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ]
port ( <integer> | * ) ) ) [ dscp <integer> ];
@@ -628,20 +648,20 @@ view <string> [ <class> ] {
resolver-retry-interval <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
- response-policy { zone <string> [ log <boolean> ] [ max-policy-ttl
- <integer> ] [ min-update-interval <integer> ] [ policy ( cname
- | disabled | drop | given | no-op | nodata | nxdomain |
- passthru | tcp-only <quoted_string> ) ] [ recursive-only
- <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable
- <boolean> ]; ... } [ break-dnssec <boolean> ] [ max-policy-ttl
- <integer> ] [ min-update-interval <integer> ] [ min-ns-dots
- <integer> ] [ nsip-wait-recurse <boolean> ] [
- qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [
- nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
- dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
- } ];
- rfc2308-type1 <boolean>; // not yet implemented
- root-delegation-only [ exclude { <quoted_string>; ... } ];
+ response-policy { zone <string> [ add-soa <boolean> ] [ log
+ <boolean> ] [ max-policy-ttl <ttlval> ] [ min-update-interval
+ <ttlval> ] [ policy ( cname | disabled | drop | given | no-op |
+ nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [
+ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
+ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [
+ break-dnssec <boolean> ] [ max-policy-ttl <ttlval> ] [
+ min-update-interval <ttlval> ] [ min-ns-dots <integer> ] [
+ nsip-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ]
+ [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [
+ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [
+ dnsrps-options { <unspecified-text> } ];
+ rfc2308-type1 <boolean>; // ancient
+ root-delegation-only [ exclude { <string>; ... } ];
root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
@@ -693,7 +713,7 @@ view <string> [ <class> ] {
stale-answer-ttl <ttlval>;
suppress-initial-notify <boolean>; // not yet implemented
synth-from-dnssec <boolean>;
- topology { <address_match_element>; ... }; // not implemented
+ topology { <address_match_element>; ... }; // ancient
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
dscp <integer> ];
@@ -708,6 +728,7 @@ view <string> [ <class> ] {
use-alt-transfer-source <boolean>;
use-queryport-pool <boolean>; // obsolete
v6-bias <integer>;
+ validate-except { <string>; ... };
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone <string> [ <class> ] {
@@ -740,6 +761,7 @@ view <string> [ <class> ] {
dialup ( notify | notify-passive | passive | refresh |
<boolean> );
dlz <string>;
+ dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
@@ -751,19 +773,19 @@ view <string> [ <class> ] {
dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
- ixfr-base <quoted_string>; // obsolete
+ ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
- ixfr-tmp-file <quoted_string>; // obsolete
+ ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
| <ipv4_address> [ port <integer> ] | <ipv6_address> [
port <integer> ] ) [ key <string> ]; ... };
max-ixfr-log-size ( default | unlimited |
- <sizeval> ); // obsolete
+ <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
@@ -784,15 +806,13 @@ view <string> [ <class> ] {
| * ) ] [ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
- pubkey <integer>
- <integer>
- <integer>
- <quoted_string>; // obsolete, may occur multiple times
+ pubkey <integer> <integer> <integer>
+ <quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
- server-names { <quoted_string>; ... };
+ server-names { <string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
@@ -802,8 +822,9 @@ view <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ] [ dscp <integer> ];
try-tcp-refresh <boolean>;
- type ( delegation-only | forward | hint | master | redirect
- | slave | static-stub | stub );
+ type ( primary | master | secondary | slave | mirror |
+ delegation-only | forward | hint | redirect |
+ static-stub | stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> (
6to4-self | external | krb5-self | krb5-selfsub |
@@ -845,6 +866,7 @@ zone <string> [ <class> ] {
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
+ dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
@@ -855,18 +877,18 @@ zone <string> [ <class> ] {
| <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
in-view <string>;
inline-signing <boolean>;
- ixfr-base <quoted_string>; // obsolete
+ ixfr-base <quoted_string>; // ancient
ixfr-from-differences <boolean>;
- ixfr-tmp-file <quoted_string>; // obsolete
+ ixfr-tmp-file <quoted_string>; // ancient
journal <quoted_string>;
key-directory <quoted_string>;
- maintain-ixfr-base <boolean>; // obsolete
+ maintain-ixfr-base <boolean>; // ancient
masterfile-format ( map | raw | text );
masterfile-style ( full | relative );
masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
<ipv4_address> [ port <integer> ] | <ipv6_address> [ port
<integer> ] ) [ key <string> ]; ... };
- max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
+ max-ixfr-log-size ( default | unlimited | <sizeval> ); // ancient
max-journal-size ( default | unlimited | <sizeval> );
max-records <integer>;
max-refresh-time <integer>;
@@ -887,13 +909,12 @@ zone <string> [ <class> ] {
[ dscp <integer> ];
notify-to-soa <boolean>;
nsec3-test-zone <boolean>; // test only
- pubkey <integer> <integer>
- <integer> <quoted_string>; // obsolete, may occur multiple times
+ pubkey <integer> <integer> <integer> <quoted_string>; // ancient
request-expire <boolean>;
request-ixfr <boolean>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
- server-names { <quoted_string>; ... };
+ server-names { <string>; ... };
sig-signing-nodes <integer>;
sig-signing-signatures <integer>;
sig-signing-type <integer>;
@@ -903,8 +924,9 @@ zone <string> [ <class> ] {
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * )
] [ dscp <integer> ];
try-tcp-refresh <boolean>;
- type ( delegation-only | forward | hint | master | redirect | slave
- | static-stub | stub );
+ type ( primary | master | secondary | slave | mirror |
+ delegation-only | forward | hint | redirect | static-stub |
+ stub );
update-check-ksk <boolean>;
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self |
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
[beetle:~/git/bind9] marka% git diff v9_12 v9_14 doc/misc/options
>
> I am still OpenSSL 1.0.2r, do I need to move to OpenSSL 1.1.1? I mean, I am probably going to do that anyway, RSN, but this would be an excuse to do it now.
You don’t need to upgrade OpenSSL at this time.
> --
> Forgive your enemies, but remember their names.
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list