Specifies the algorithm to use for the TSIG key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, - hmac-sha384 and hmac-sha512. The default is hmac-md5. + hmac-sha384 and hmac-sha512. The default is hmac-md5 or + if MD5 was disabled hmac-sha256.
keysize
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index d4fb191cf2..5f3f5dbbc5 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -261,7 +261,9 @@ hmac\-sha384, or
hmac\-sha512\&. If
\fIhmac\fR
is not specified, the default is
-hmac\-md5\&.
+hmac\-md5
+or if MD5 was disabled
+hmac\-sha256\&.
.sp
NOTE: You should use the
\fB\-k\fR
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 18512804e4..cc2d1b8f2c 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -237,7 +237,8 @@
hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, or
hmac-sha512. If hmac
- is not specified, the default is hmac-md5.
+ is not specified, the default is hmac-md5
+ or if MD5 was disabled hmac-sha256.
NOTE: You should use the -k option and
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 4f70632088..f631e07c3a 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -216,8 +216,19 @@ options {
coresize \fIsize\fR;
datasize \fIsize\fR;
directory \fIquoted_string\fR;
+ dnstap { \fImessage_type\fR; \&.\&.\&. };
+ dnstap\-output ( file | unix ) \fIpath_name\fR;
+ dnstap\-identity ( \fIstring\fR | hostname | none );
+ dnstap\-version ( \fIstring\fR | none );
dump\-file \fIquoted_string\fR;
files \fIsize\fR;
+ fstrm\-set\-buffer\-hint \fInumber\fR;
+ fstrm\-set\-flush\-timeout \fInumber\fR;
+ fstrm\-set\-input\-queue\-size \fInumber\fR;
+ fstrm\-set\-output\-notify\-threshold \fInumber\fR;
+ fstrm\-set\-output\-queue\-model ( \fImpsc\fR | \fIspsc\fR ) ;
+ fstrm\-set\-output\-queue\-size \fInumber\fR;
+ fstrm\-set\-reopen\-interval \fInumber\fR;
heartbeat\-interval \fIinteger\fR;
host\-statistics \fIboolean\fR; // not implemented
host\-statistics\-max \fInumber\fR; // not implemented
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index da8309a19a..1c5bc08e28 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -159,8 +159,19 @@ options
coresize size;
datasize size;
directory quoted_string;
+ dnstap { message_type; ... };
+ dnstap-output ( file | unix ) path_name;
+ dnstap-identity ( string | hostname | none );
+ dnstap-version ( string | none );
dump-file quoted_string;
files size;
+ fstrm-set-buffer-hint number;
+ fstrm-set-flush-timeout number;
+ fstrm-set-input-queue-size number;
+ fstrm-set-output-notify-threshold number;
+ fstrm-set-output-queue-model ( mpsc | spsc ) ;
+ fstrm-set-output-queue-size number;
+ fstrm-set-reopen-interval number;
heartbeat-interval integer;
host-statistics boolean; // not implemented
host-statistics-max number; // not implemented
diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
index c216daa635..06e001e9ff 100644
--- a/bin/nsupdate/nsupdate.1
+++ b/bin/nsupdate/nsupdate.1
@@ -209,7 +209,9 @@ hmac\-sha384, or
hmac\-sha512\&. If
\fIhmac\fR
is not specified, the default is
-hmac\-md5\&.
+hmac\-md5
+or if MD5 was disabled
+hmac\-sha256\&.
.sp
NOTE: Use of the
\fB\-y\fR
@@ -284,7 +286,9 @@ Specifies that all updates are to be TSIG\-signed using the
pair\&. If
\fIhmac\fR
is specified, then it sets the signing algorithm in use; the default is
-hmac\-md5\&. The
+hmac\-md5
+or if MD5 was disabled
+hmac\-sha256\&. The
\fBkey\fR
command overrides any key specified on the command line via
\fB\-y\fR
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index a9445e90fe..0d63402aa5 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -201,7 +201,8 @@
hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, or
hmac-sha512. If hmac
- is not specified, the default is hmac-md5.
+ is not specified, the default is hmac-md5
+ or if MD5 was disabled hmac-sha256.
NOTE: Use of the -y option is discouraged because the
@@ -326,7 +327,8 @@
keyname secret pair.
If hmac is specified, then it sets the
signing algorithm in use; the default is
- hmac-md5. The key
+ hmac-md5 or if MD5 was disabled
+ hmac-sha256. The key
command overrides any key specified on the command line via
-y or -k.
Make the PKCS#11 libisc initialization verbose.
file | unix ) path_name; ]
[ dnstap-identity ( string | hostname | none ); ]
[ dnstap-version ( string | none ); ]
+ [ fstrm-set-buffer-hint number ; ]
+ [ fstrm-set-flush-timeout number ; ]
+ [ fstrm-set-input-queue-size number ; ]
+ [ fstrm-set-output-notify-threshold number ; ]
+ [ fstrm-set-output-queue-model ( mpsc |
+ spsc ) ; ]
+ [ fstrm-set-output-queue-size number ; ]
+ [ fstrm-set-reopen-interval number ; ]
[ geoip-directory path_name; ]
[ key-directory path_name; ]
[ managed-keys-directory path_name; ]
@@ -2732,6 +2740,67 @@ badresp:1,adberr:0,findfail:0,valfail:0]
For more information on dnstap, see
http://dnstap.info.
+
+ The fstrm library has a number of tunables that are exposed
+ in named.conf, and can be modified
+ if necessary to improve performance or prevent loss of data.
+ These are:
+
mpsc
+ (multiple producer, single consumer); the other
+ option is spsc (single producer,
+ single consumer).
+ IOV_MAX,
+ and the default is 64.
+ + Note that all of the above minimum, maximum, and default + values are set by the libfstrm library, + and may be subject to change in future versions of the + library. See the libfstrm documentation + for more information. +
hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, or
hmac-sha512. If hmac
- is not specified, the default is hmac-md5.
+ is not specified, the default is hmac-md5
+ or if MD5 was disabled hmac-sha256.
NOTE: You should use the -k option and
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index e600992841..5871697042 100644
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -177,8 +177,19 @@ options
coresize size;
datasize size;
directory quoted_string;
+ dnstap { message_type; ... };
+ dnstap-output ( file | unix ) path_name;
+ dnstap-identity ( string | hostname | none );
+ dnstap-version ( string | none );
dump-file quoted_string;
files size;
+ fstrm-set-buffer-hint number;
+ fstrm-set-flush-timeout number;
+ fstrm-set-input-queue-size number;
+ fstrm-set-output-notify-threshold number;
+ fstrm-set-output-queue-model ( mpsc | spsc ) ;
+ fstrm-set-output-queue-size number;
+ fstrm-set-reopen-interval number;
heartbeat-interval integer;
host-statistics boolean; // not implemented
host-statistics-max number; // not implemented
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 1fa8c2af9d..f27389b075 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -219,7 +219,8 @@
hmac-sha1, hmac-sha224,
hmac-sha256, hmac-sha384, or
hmac-sha512. If hmac
- is not specified, the default is hmac-md5.
+ is not specified, the default is hmac-md5
+ or if MD5 was disabled hmac-sha256.
NOTE: Use of the -y option is discouraged because the
@@ -344,7 +345,8 @@
keyname secret pair.
If hmac is specified, then it sets the
signing algorithm in use; the default is
- hmac-md5. The key
+ hmac-md5 or if MD5 was disabled
+ hmac-sha256. The key
command overrides any key specified on the command line via
-y or -k.
pkcs11-tokens [-m ]module
pkcs11-tokens [-m ] [module-v]
+ Make the PKCS#11 libisc initialization verbose. +
Specifies the algorithm to use for the TSIG key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, - hmac-sha384 and hmac-sha512. The default is hmac-md5. + hmac-sha384 and hmac-sha512. The default is hmac-md5 or + if MD5 was disabled hmac-sha256.
keysize
diff --git a/doc/misc/options b/doc/misc/options
index e4922a3e7e..99fb00934a 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -168,6 +168,13 @@ options {
forward ( first | only );
forwarders [ port