boolean;quoted_string | none );address_match_element; ... };address_match_element; ... };address_match_element; ... };address_match_element; ... }; // not implementedboolean; // default changedixfrdiff;address_match_element; ... };address_match_element; ... };address_match_element; ... };address_match_element; ... };address_match_element; ... };address_match_element; ... };address_match_element; ... };
view string optional_class {
match-clients { address_match_element; ... };
@@ -341,6 +344,7 @@ view
};
allow-recursion { address_match_element; ... };
+ allow-recursion-on { address_match_element; ... };
sortlist { address_match_element; ... };
topology { address_match_element; ... }; // not implemented
auth-nxdomain boolean; // default changed
@@ -403,7 +407,9 @@ view
ixfr-from-differences ixfrdiff;
allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
allow-query-cache { address_match_element; ... };
+ allow-query-cache-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
@@ -459,7 +465,7 @@ view
zone string optional_class {
type ( master | slave | stub | hint |
@@ -485,6 +491,7 @@ zone
zero-no-soa-ttl boolean;
allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
@@ -544,12 +551,12 @@ zone
named(8), rndc(8), BIND 9 Administrator Reference Manual. diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 4cbbbdc951..8bcf19ae83 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -48,52 +48,52 @@The BIND 9 comment syntax allows for comments to appear @@ -526,7 +530,7 @@
/* This is a BIND comment as in C */@@ -541,7 +545,7 @@
Comments may appear anywhere that white space may appear in a BIND configuration file. @@ -775,7 +779,7 @@
acl acl-name { address_match_list }; @@ -858,7 +862,7 @@controls { [ inet ( ip_addr | * ) [ port ip_port ] allow {address_match_list} keys {key_list}; ] @@ -980,12 +984,12 @@includefilename;The include statement inserts the @@ -1000,7 +1004,7 @@
keykey_id{ algorithmstring; secretstring; @@ -1009,7 +1013,7 @@The key statement defines a shared secret key for use with TSIG (see the section called “TSIG”) @@ -1056,7 +1060,7 @@
logging { [ channelchannel_name{ ( filepath name@@ -1080,7 +1084,7 @@The logging statement configures a @@ -1114,7 +1118,7 @@
All log output goes to one or more channels; you can make as many of them as you want. @@ -1636,7 +1640,7 @@ category notify { null; };
This is the grammar of the lwres statement in the
named.conffile: @@ -1651,7 +1655,7 @@ category notify { null; };The lwres statement configures the name @@ -1702,14 +1706,14 @@ category notify { null; };
mastersname[portip_port] { (masters_list|ip_addr[portip_port] [keykey] ) ; [...] };masters lists allow for a common set of masters to be easily used by @@ -1718,7 +1722,7 @@ category notify { null; };
This is the grammar of the options statement in the
named.conffile: @@ -1776,9 +1780,12 @@ category notify { null; }; [ check-siblingyes_or_no; ] [ allow-notify {address_match_list}; ] [ allow-query {address_match_list}; ] + [ allow-query-on {address_match_list}; ] [ allow-query-cache {address_match_list}; ] + [ allow-query-cache-on {address_match_list}; ] [ allow-transfer {address_match_list}; ] [ allow-recursion {address_match_list}; ] + [ allow-recursion-on {address_match_list}; ] [ allow-update {address_match_list}; ] [ allow-update-forwarding {address_match_list}; ] [ update-check-kskyes_or_no; ] @@ -2799,7 +2806,7 @@ options {The forwarding facility can be used to create a large site-wide cache on a few servers, reducing traffic over links to external @@ -2843,7 +2850,7 @@ options {
Dual-stack servers are used as servers of last resort to work around @@ -2908,21 +2915,48 @@ options {
-
+ Specifies which local addresses can accept ordinary + DNS questions. This makes it possible, for instance, + to allow queries on internal-facing interfaces but + disallow them on external-facing ones, without + necessarily knowing the internal network's addresses. +
++ allow-query-on may + also be specified in the zone + statement, in which case it overrides the + options allow-query-on statement. +
++ If not specified, the default is to allow queries + on all addresses. +
++ allow-query-cache is + used to specify access to the cache. +
+Specifies which hosts are allowed to get answers from the cache. The default is the builtin acls localnets and localhost. -
-- The way to set query access to the cache is now - via allow-query-cache. - This differs from earlier versions which used - allow-query. -
-+ Specifies which local addresses can give answers + from the cache. If not specified, the default is + to allow cache queries on any address. + localnets and + localhost. +
Specifies which hosts are allowed to make recursive @@ -2934,6 +2968,12 @@ options { host does not prevent the host from retrieving data that is already in the server's cache.
+ Specifies which local addresses can accept recursive + queries. If not specified, the default is to allow + recursive queries on all addresses. +
Specifies which hosts are allowed to @@ -3003,7 +3043,7 @@ options {
The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes @@ -3387,7 +3427,7 @@ query-source-v6 address * port *;
avoid-v4-udp-ports and avoid-v6-udp-ports specify a list of IPv4 and IPv6 UDP ports that will not be used as system @@ -3401,7 +3441,7 @@ query-source-v6 address * port *;
The server's usage of many system resources can be limited. Scaled values are allowed when specifying resource limits. For @@ -3460,7 +3500,7 @@ query-source-v6 address * port *;
The following options set limits on the server's resource consumption that are enforced internally by the @@ -3538,7 +3578,7 @@ query-source-v6 address * port *;
@@ -4588,7 +4628,7 @@ query-source-v6 address * port *;
trusted-keys {
string number number number string ;
[ string number number number string ; [...]]
@@ -4597,7 +4637,7 @@ query-source-v6 address * port *;
The trusted-keys statement defines
@@ -4640,7 +4680,7 @@ query-source-v6 address * port *;
The view statement is a powerful
feature
@@ -4763,6 +4803,7 @@ view "external" {
zone zone_name [class] {
type master;
[ allow-query { address_match_list }; ]
+ [ allow-query-on { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update { address_match_list }; ]
[ update-policy { update_policy_rule [...] }; ]
@@ -4802,6 +4843,7 @@ zone zone_name [ allow-notify { address_match_list }; ]
[ allow-query { address_match_list }; ]
+ [ allow-query-on { address_match_list }; ]
[ allow-transfer { address_match_list }; ]
[ allow-update-forwarding { address_match_list }; ]
[ update-check-ksk yes_or_no; ]
@@ -4852,6 +4894,7 @@ zone zone_name [zone_name [class] {
type stub;
[ allow-query { address_match_list }; ]
+ [ allow-query-on { address_match_list }; ]
[ check-names (warn|fail|ignore) ; ]
[ dialup dialup_option ; ]
[ delegation-only yes_or_no ; ]
@@ -4892,10 +4935,10 @@ zone zone_name [
zone_name [
The zone's name may optionally be followed by a class. If
a class is not specified, class IN (for Internet),
@@ -5126,7 +5169,7 @@ zone zone_name [
- allow-notify
@@ -5138,6 +5181,11 @@ zone zone_name [allow-query in the section called “Access Control”.
- allow-query-on
+
+ See the description of
+ allow-query-on in the section called “Access Control”.
+
- allow-transfer
See the description of allow-transfer
@@ -5611,7 +5659,7 @@ zone zone_name [
@@ -5624,7 +5672,7 @@ zone zone_name [
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -6275,7 +6323,7 @@ zone zone_name [
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -6478,7 +6526,7 @@ zone zone_name [
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -6736,7 +6784,7 @@ zone zone_name [
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the in-addr.arpa domain
@@ -6797,7 +6845,7 @@ zone zone_name [
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -6812,7 +6860,7 @@ zone zone_name [
Syntax: $ORIGIN
domain-name
@@ -6840,7 +6888,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
Syntax: $INCLUDE
filename
@@ -6876,7 +6924,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
Syntax: $TTL
default-ttl
@@ -6895,7 +6943,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
Syntax: $GENERATE
range
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index f18825c781..b39fb79e88 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -46,10 +46,10 @@
Table of Contents
@@ -60,7 +60,8 @@
Access Control Lists (ACLs), are address match lists that
you can set up and nickname for future use in allow-notify,
- allow-query, allow-recursion,
+ allow-query, allow-query-on,
+ allow-recursion, allow-recursion-on,
blackhole, allow-transfer,
etc.
@@ -118,7 +119,7 @@ zone "example.com" {
On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -142,7 +143,7 @@ zone "example.com" {
In order for a chroot environment
to
@@ -170,7 +171,7 @@ zone "example.com" {
Prior to running the named daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 5e5a9f66b4..3c79bbdf8d 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -45,18 +45,18 @@
Table of Contents
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
Zone serial numbers are just numbers-they aren't date
related. A lot of people set them to a number that represents a
@@ -95,7 +95,7 @@
The Internet Systems Consortium
(ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index b59cfbd11f..a0f8bf0d8f 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -45,21 +45,21 @@
Table of Contents
Standards
-[RFC974] Mail Routing and the Domain System. January 1986.
+[RFC974] Mail Routing and the Domain System. January 1986.
@@ -254,42 +254,42 @@
Proposed Standards
-[RFC1995] Incremental Zone Transfer in DNS. August 1996.
+[RFC1995] Incremental Zone Transfer in DNS. August 1996.
-[RFC1996] A Mechanism for Prompt Notification of Zone Changes. August 1996.
+[RFC1996] A Mechanism for Prompt Notification of Zone Changes. August 1996.
-[RFC2136] Dynamic Updates in the Domain Name System. April 1997.
+[RFC2136] Dynamic Updates in the Domain Name System. April 1997.
-[RFC2671] Extension Mechanisms for DNS (EDNS0). August 1997.
+[RFC2671] Extension Mechanisms for DNS (EDNS0). August 1997.
-[RFC2672] Non-Terminal DNS Name Redirection. August 1999.
+[RFC2672] Non-Terminal DNS Name Redirection. August 1999.
-[RFC2845] Secret Key Transaction Authentication for DNS (TSIG). May 2000.
+[RFC2845] Secret Key Transaction Authentication for DNS (TSIG). May 2000.
-[RFC2930] Secret Key Establishment for DNS (TKEY RR). September 2000.
+[RFC2930] Secret Key Establishment for DNS (TKEY RR). September 2000.
-[RFC2931] DNS Request and Transaction Signatures (SIG(0)s). September 2000.
+[RFC2931] DNS Request and Transaction Signatures (SIG(0)s). September 2000.
-[RFC3007] Secure Domain Name System (DNS) Dynamic Update. November 2000.
+[RFC3007] Secure Domain Name System (DNS) Dynamic Update. November 2000.
-[RFC3645] Generic Security Service Algorithm for Secret
+[RFC3645] Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG). October 2003.
@@ -298,19 +298,19 @@
DNS Security Proposed Standards
-[RFC3225] Indicating Resolver Support of DNSSEC. December 2001.
+[RFC3225] Indicating Resolver Support of DNSSEC. December 2001.
-[RFC3833] Threat Analysis of the Domain Name System (DNS). August 2004.
+[RFC3833] Threat Analysis of the Domain Name System (DNS). August 2004.
-[RFC4033] DNS Security Introduction and Requirements. March 2005.
+[RFC4033] DNS Security Introduction and Requirements. March 2005.
-[RFC4044] Resource Records for the DNS Security Extensions. March 2005.
+[RFC4044] Resource Records for the DNS Security Extensions. March 2005.
-[RFC4035] Protocol Modifications for the DNS
+[RFC4035] Protocol Modifications for the DNS
Security Extensions. March 2005.
@@ -318,146 +318,146 @@
Other Important RFCs About DNS
Implementation
-[RFC1535] A Security Problem and Proposed Correction With Widely
+[RFC1535] A Security Problem and Proposed Correction With Widely
Deployed DNS Software.. October 1993.
-[RFC1536] Common DNS Implementation
+[RFC1536] Common DNS Implementation
Errors and Suggested Fixes. October 1993.
-[RFC4074] Common Misbehaviour Against DNS
+[RFC4074] Common Misbehaviour Against DNS
Queries for IPv6 Addresses. May 2005.
Resource Record Types
-[RFC1706] DNS NSAP Resource Records. October 1994.
+[RFC1706] DNS NSAP Resource Records. October 1994.
-[RFC2168] Resolution of Uniform Resource Identifiers using
+[RFC2168] Resolution of Uniform Resource Identifiers using
the Domain Name System. June 1997.
-[RFC1876] A Means for Expressing Location Information in the
+[RFC1876] A Means for Expressing Location Information in the
Domain
Name System. January 1996.
-[RFC2052] A DNS RR for Specifying the
+[RFC2052] A DNS RR for Specifying the
Location of
Services.. October 1996.
-[RFC2163] Using the Internet DNS to
+[RFC2163] Using the Internet DNS to
Distribute MIXER
Conformant Global Address Mapping. January 1998.
-[RFC2230] Key Exchange Delegation Record for the DNS. October 1997.
+[RFC2230] Key Exchange Delegation Record for the DNS. October 1997.
-[RFC2536] DSA KEYs and SIGs in the Domain Name System (DNS). March 1999.
+[RFC2536] DSA KEYs and SIGs in the Domain Name System (DNS). March 1999.
-[RFC2537] RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999.
+[RFC2537] RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999.
-[RFC2538] Storing Certificates in the Domain Name System (DNS). March 1999.
+[RFC2538] Storing Certificates in the Domain Name System (DNS). March 1999.
-[RFC2539] Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999.
+[RFC2539] Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999.
-[RFC2540] Detached Domain Name System (DNS) Information. March 1999.
+[RFC2540] Detached Domain Name System (DNS) Information. March 1999.
-[RFC2782] A DNS RR for specifying the location of services (DNS SRV). February 2000.
+[RFC2782] A DNS RR for specifying the location of services (DNS SRV). February 2000.
-[RFC2915] The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000.
+[RFC2915] The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000.
-[RFC3110] RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001.
+[RFC3110] RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001.
-[RFC3123] A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001.
+[RFC3123] A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001.
DNS and the Internet
-[RFC1101] DNS Encoding of Network Names
+[RFC1101] DNS Encoding of Network Names
and Other Types. April 1989.
-[RFC1123] Requirements for Internet Hosts - Application and
+[RFC1123] Requirements for Internet Hosts - Application and
Support. October 1989.
-[RFC1591] Domain Name System Structure and Delegation. March 1994.
+[RFC1591] Domain Name System Structure and Delegation. March 1994.
-[RFC2317] Classless IN-ADDR.ARPA Delegation. March 1998.
+[RFC2317] Classless IN-ADDR.ARPA Delegation. March 1998.
DNS Operations
-[RFC1033] Domain administrators operations guide.. November 1987.
+[RFC1033] Domain administrators operations guide.. November 1987.
-[RFC1912] Common DNS Operational and
+[RFC1912] Common DNS Operational and
Configuration Errors. February 1996.
Internationalized Domain Names
-[RFC2825] A Tangled Web: Issues of I18N, Domain Names,
+[RFC2825] A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols. May 2000.
-[RFC3490] Internationalizing Domain Names in Applications (IDNA). March 2003.
+[RFC3490] Internationalizing Domain Names in Applications (IDNA). March 2003.
@@ -473,50 +473,50 @@
-[RFC1464] Using the Domain Name System To Store Arbitrary String
+[RFC1464] Using the Domain Name System To Store Arbitrary String
Attributes. May 1993.
-[RFC1713] Tools for DNS Debugging. November 1994.
+[RFC1713] Tools for DNS Debugging. November 1994.
-[RFC2240] A Legal Basis for Domain Name Allocation. November 1997.
+[RFC2240] A Legal Basis for Domain Name Allocation. November 1997.
-[RFC2345] Domain Names and Company Name Retrieval. May 1998.
+[RFC2345] Domain Names and Company Name Retrieval. May 1998.
-[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
+[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
-[RFC3071] Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001.
+[RFC3071] Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001.
-[RFC3258] Distributing Authoritative Name Servers via
+[RFC3258] Distributing Authoritative Name Servers via
Shared Unicast Addresses. April 2002.
-[RFC3901] DNS IPv6 Transport Operational Guidelines. September 2004.
+[RFC3901] DNS IPv6 Transport Operational Guidelines. September 2004.
-[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
+[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
@@ -530,39 +530,39 @@
-[RFC2065] Domain Name System Security Extensions. January 1997.
+[RFC2065] Domain Name System Security Extensions. January 1997.
-[RFC2137] Secure Domain Name System Dynamic Update. April 1997.
+[RFC2137] Secure Domain Name System Dynamic Update. April 1997.
-[RFC2535] Domain Name System Security Extensions. March 1999.
+[RFC2535] Domain Name System Security Extensions. March 1999.
-[RFC3008] Domain Name System Security (DNSSEC)
+[RFC3008] Domain Name System Security (DNSSEC)
Signing Authority. November 2000.
-[RFC3090] DNS Security Extension Clarification on Zone Status. March 2001.
+[RFC3090] DNS Security Extension Clarification on Zone Status. March 2001.
-[RFC3445] Limiting the Scope of the KEY Resource Record (RR). December 2002.
+[RFC3445] Limiting the Scope of the KEY Resource Record (RR). December 2002.
-[RFC3655] Redefinition of DNS Authenticated Data (AD) bit. November 2003.
+[RFC3655] Redefinition of DNS Authenticated Data (AD) bit. November 2003.
-[RFC3658] Delegation Signer (DS) Resource Record (RR). December 2003.
+[RFC3658] Delegation Signer (DS) Resource Record (RR). December 2003.
-[RFC3755] Legacy Resolver Compatibility for Delegation Signer (DS). May 2004.
+[RFC3755] Legacy Resolver Compatibility for Delegation Signer (DS). May 2004.
-[RFC3757] Domain Name System KEY (DNSKEY) Resource Record
+[RFC3757] Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag. April 2004.
-[RFC3845] DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004.
+[RFC3845] DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004.
@@ -583,14 +583,14 @@
-DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
+DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index b4bb7d6107..9300472ba8 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -126,83 +126,83 @@
Configuration File Elements
Configuration File Grammar
-- acl Statement Grammar
+- acl Statement Grammar
- acl Statement Definition and
Usage
-- controls Statement Grammar
+- controls Statement Grammar
- controls Statement Definition and
Usage
-- include Statement Grammar
-- include Statement Definition and
+
- include Statement Grammar
+- include Statement Definition and
Usage
-- key Statement Grammar
-- key Statement Definition and Usage
-- logging Statement Grammar
-- logging Statement Definition and
+
- key Statement Grammar
+- key Statement Definition and Usage
+- logging Statement Grammar
+- logging Statement Definition and
Usage
-- lwres Statement Grammar
-- lwres Statement Definition and Usage
-- masters Statement Grammar
-- masters Statement Definition and
+
- lwres Statement Grammar
+- lwres Statement Definition and Usage
+- masters Statement Grammar
+- masters Statement Definition and
Usage
-- options Statement Grammar
+- options Statement Grammar
- options Statement Definition and
Usage
- server Statement Grammar
- server Statement Definition and
Usage
-- trusted-keys Statement Grammar
-- trusted-keys Statement Definition
+
- trusted-keys Statement Grammar
+- trusted-keys Statement Definition
and Usage
- view Statement Grammar
-- view Statement Definition and Usage
+- view Statement Definition and Usage
- zone
Statement Grammar
-- zone Statement Definition and Usage
+- zone Statement Definition and Usage
Zone File
+Zone File
- Types of Resource Records and When to Use Them
-- Discussion of MX Records
+- Discussion of MX Records
- Setting TTLs
-- Inverse Mapping in IPv4
-- Other Zone File Directives
-- BIND Master File Extension: the $GENERATE Directive
+- Inverse Mapping in IPv4
+- Other Zone File Directives
+- BIND Master File Extension: the $GENERATE Directive
- Additional File Formats
7. BIND 9 Security Considerations
8. Troubleshooting
A. Appendices
I. Manual pages
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 04de2055d7..b6f22da7cf 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -52,7 +52,7 @@
dig [global-queryopt...] [query...]
-DESCRIPTION
+DESCRIPTION
dig
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -98,7 +98,7 @@
-OPTIONS
+OPTIONS
The -b option sets the source IP address of the query
to address. This must be a valid
@@ -244,7 +244,7 @@
-QUERY OPTIONS
+QUERY OPTIONS
dig
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -563,7 +563,7 @@
-MULTIPLE QUERIES
+MULTIPLE QUERIES
The BIND 9 implementation of dig
supports
@@ -609,7 +609,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-IDN SUPPORT
+IDN SUPPORT
If dig has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -623,14 +623,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-SEE ALSO
+SEE ALSO
host(1),
named(8),
dnssec-keygen(8),
@@ -638,7 +638,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-BUGS
+BUGS
There are probably too many query options.
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 000fdc6e4b..f5bfe318fe 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
dnssec-keygen {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}
-DESCRIPTION
+DESCRIPTION
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC <TBA\>. It can also generate keys for use with
@@ -58,7 +58,7 @@
-EXAMPLE
+EXAMPLE
To generate a 768-bit DSA key for the domain
example.com, the following command would be
@@ -233,7 +233,7 @@
-SEE ALSO
+SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
RFC 2535,
@@ -242,7 +242,7 @@
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 6277b7e47a..16382ffd1b 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
dnssec-signzone [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]
-DESCRIPTION
+DESCRIPTION
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
-EXAMPLE
+EXAMPLE
The following command signs the example.com
zone with the DSA key generated in the dnssec-keygen
@@ -283,14 +283,14 @@
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index abf2b3c2a3..163535ffeb 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]
-DESCRIPTION
+DESCRIPTION
host
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
-IDN SUPPORT
+IDN SUPPORT
If host has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -216,12 +216,12 @@
-SEE ALSO
+SEE ALSO
dig(1),
named(8).
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index a1fab043d3..07dcd747c0 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,14 +50,14 @@
named-checkconf [-v] [-j] [-t directory] {filename} [-z]
-DESCRIPTION
+DESCRIPTION
named-checkconf
checks the syntax, but not the semantics, of a named
configuration file.
-RETURN VALUES
+RETURN VALUES
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index bf7be869a0..d209a37c43 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -51,7 +51,7 @@
named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}
-DESCRIPTION
+DESCRIPTION
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
-RETURN VALUES
+RETURN VALUES
named-checkzone
returns an exit status of 1 if
errors were detected and 0 otherwise.
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 26b34709c0..b5221b05f2 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]
-DESCRIPTION
+DESCRIPTION
named
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
-SIGNALS
+SIGNALS
In routine operation, signals should not be used to control
the nameserver; rndc should be used
@@ -219,7 +219,7 @@
-CONFIGURATION
+CONFIGURATION
The named configuration file is too complex
to describe in detail here. A complete description is provided
@@ -228,7 +228,7 @@
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 8002848c81..f6e1f6ac79 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -48,7 +48,7 @@
rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
-DESCRIPTION
+DESCRIPTION
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -64,7 +64,7 @@
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 4d5f1bdaed..187e55a7cb 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
rndc.conf
-DESCRIPTION
+DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
-NAME SERVER CONFIGURATION
+NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index c55fa0a6d0..08eecad1ca 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}
-DESCRIPTION
+DESCRIPTION
rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -79,7 +79,7 @@
-OPTIONS
+OPTIONS
- -b
source-address
@@ -152,7 +152,7 @@
-LIMITATIONS
+LIMITATIONS
rndc
does not yet support all the commands of
the BIND 8 ndc utility.
@@ -166,7 +166,7 @@
diff --git a/doc/misc/options b/doc/misc/options
index 2c6e73df82..776ede32e4 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -53,7 +53,9 @@ options {
stats-server ;
stats-server-v6 ;
allow-query-cache { ; ... };
+ allow-query-cache-on { ; ... };
allow-recursion { ; ... };
+ allow-recursion-on { ; ... };
allow-v6-synthesis { ; ... }; // obsolete
sortlist { ; ... };
topology { ; ... }; // not implemented
@@ -107,6 +109,7 @@ options {
queryport-pool-ports ;
queryport-pool-updateinterval ;
allow-query { ; ... };
+ allow-query-on { ; ... };
allow-transfer { ; ... };
allow-update { ; ... };
allow-update-forwarding { ; ... };
@@ -207,6 +210,7 @@ view {
check-names ( fail | warn | ignore );
ixfr-from-differences ;
allow-query { ; ... };
+ allow-query-on { ; ... };
allow-transfer { ; ... };
allow-update { ; ... };
allow-update-forwarding { ; ... };
@@ -286,7 +290,9 @@ view {
trusted-keys {
; ... };
allow-query-cache { ; ... };
+ allow-query-cache-on { ; ... };
allow-recursion { ; ... };
+ allow-recursion-on { ; ... };
allow-v6-synthesis { ; ... }; // obsolete
sortlist { ; ... };
topology { ; ... }; // not implemented
@@ -340,6 +346,7 @@ view {
queryport-pool-ports ;
queryport-pool-updateinterval ;
allow-query { ; ... };
+ allow-query-on { ; ... };
allow-transfer { ; ... };
allow-update { ; ... };
allow-update-forwarding { ; ... };
@@ -418,6 +425,7 @@ zone {
check-names ( fail | warn | ignore );
ixfr-from-differences ;
allow-query { ; ... };
+ allow-query-on { ; ... };
allow-transfer { ; ... };
allow-update { ; ... };
allow-update-forwarding { ; ... };