From ca58c1ea25aa192f53d4a7e28676a64e91693526 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 5 Dec 2016 00:43:10 -0800 Subject: [PATCH] [master] fixed ARM grammars 4526. [doc] Corrected errors and improved formatting of grammar defintiions in the ARM. [RT #43739] --- CHANGES | 3 + doc/arm/Bv9ARM-book.xml | 1189 ++++++++++++++++++++------------------- 2 files changed, 603 insertions(+), 589 deletions(-) diff --git a/CHANGES b/CHANGES index 73a5a28c82..4f6ed03786 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4526. [doc] Corrected errors and improved formatting of + grammar defintiions in the ARM. [RT #43739] + 4525. [doc] Fixed outdated documentation on managed-keys. [RT #43810] diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index f9d6b6f17b..0ef5a3580a 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -2949,10 +2949,10 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
Syntax -address_match_list = address_match_list_element ; - address_match_list_element; ... -address_match_list_element = ! (ip_address /length | - key key_id | acl_name | { address_match_list } ) +address_match_list = address_match_list_element ; ... + +address_match_list_element = [ ! ] ( ip_address | ip_prefix | + key key_id | acl_name | { address_match_list } )
@@ -3331,9 +3331,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>acl</command> Statement Grammar -acl acl-name { - address_match_list -}; +acl acl-name { + address_match_list +};
@@ -3414,17 +3414,15 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>controls</command> Statement Grammar -controls { - [ inet ( ip_addr | * ) [ port ip_port ] - allow { address_match_list } - [ keys { key_list } ] - [ read-only yes_or_no ] ; ] - [ inet ...; ] - [ unix path perm number owner number group number - [ keys { key_list } ] - [ read-only yes_or_no ] ; ] - [ unix ...; ] -}; +controls { + [ inet ( ip_addr | * ) [ port ip_port ] allow { address_match_list } + [ keys { key_list } ] + [ read-only yes_or_no ] ; ] + [ unix path perm number owner number group number + [ keys { key_list } ] + [ read-only yes_or_no ] ; ] + [ ...; ] +};
@@ -3561,7 +3559,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>include</command> Statement Grammar - include filename; + include filename;
<command>include</command> Statement Definition and Usage @@ -3579,10 +3577,10 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>key</command> Statement Grammar -key key_id { - algorithm algorithm_id; - secret secret_string; -}; +key key_id { + algorithm algorithm_id; + secret secret_string; +};
@@ -3635,26 +3633,26 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>logging</command> Statement Grammar -logging { - [ channel channel_name { - ( file path_name - [ versions ( number | unlimited ) ] - [ size size_spec ] - | syslog syslog_facility - | stderr - | null ); - [ severity ( | | | | - | [ level ] | ); ] - [ print-category or ; ] - [ print-severity or ; ] - [ print-time ( | | | | ) ; - [ buffered or ; ] - }; ] - [ category category_name { - channel_name ; [ channel_name ; ... ] - }; ] - ... -}; +logging { + [ channel channel_name { + ( ( file path_name + [ versions ( number | ) ] + [ size size_spec ] ) + | syslog syslog_facility + | stderr + | null ) ; + [ severity ( | | | | + | [ level ] | ) ; ] + [ print-category yes_or_no ; ] + [ print-severity yes_or_no ; ] + [ print-time ( | | | | ) ; + [ buffered yes_or_no ; ] + }; ] + [ category category_name { + channel_name ; ... + }; ] + ... +};
@@ -4288,15 +4286,17 @@ badresp:1,adberr:0,findfail:0,valfail:0] statement in the named.conf file: -lwres { - listen-on { ip_addr port ip_port dscp ip_dscp ; - ip_addr port ip_port dscp ip_dscp ; ... }; - view view_name; - search { domain_name ; domain_name ; ... }; - ndots number; - lwres-tasks number; - lwres-clients number; -}; +lwres { + [ listen-on { + ( ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ) + ... + }; ] + [ view view_name; ] + [ search { domain_name ; ... }; ] + [ ndots number; ] + [ lwres-tasks number; ] + [ lwres-clients number; ] +}; @@ -4382,8 +4382,11 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<command>masters</command> Statement Grammar -masters name port ip_port dscp ip_dscp { ( masters_list | - ip_addr port ip_port key key ) ; ... }; +masters name [ port ip_port ] [ dscp ip_dscp ] { + ( masters_list ; ) | + ( ip_addr [ port ip_port ] [ key key ] ; ) + ... +};
@@ -4405,305 +4408,300 @@ badresp:1,adberr:0,findfail:0,valfail:0] statement in the named.conf file: -options { - attach-cache cache_name; - version version_string; - hostname hostname_string; - server-id server_id_string; - directory path_name; - dnstap { message_type; ... }; - dnstap-output ( file | unix ) path_name; - dnstap-identity ( string | hostname | none ); - dnstap-version ( string | none ); - fstrm-set-buffer-hint number ; - fstrm-set-flush-timeout number ; - fstrm-set-input-queue-size number ; - fstrm-set-output-notify-threshold number ; - fstrm-set-output-queue-model ( mpsc | - spsc ) ; - fstrm-set-output-queue-size number ; - fstrm-set-reopen-interval number ; - geoip-directory path_name; - key-directory path_name; - managed-keys-directory path_name; - named-xfer path_name; - tkey-gssapi-keytab path_name; - tkey-gssapi-credential principal; - tkey-domain domainname; - tkey-dhkey key_name key_tag; - cache-file path_name; - dump-file path_name; - bindkeys-file path_name; - lock-file path_name; - secroots-file path_name; - session-keyfile path_name; - session-keyname key_name; - session-keyalg algorithm_id; - memstatistics yes_or_no; - memstatistics-file path_name; - pid-file path_name; - recursing-file path_name; - statistics-file path_name; - zone-statistics full | terse | none; - auth-nxdomain yes_or_no; - nxdomain-redirect string; - deallocate-on-exit yes_or_no; - dialup dialup_option; - fake-iquery yes_or_no; - fetch-glue yes_or_no; - flush-zones-on-shutdown yes_or_no; - has-old-clients yes_or_no; - host-statistics yes_or_no; - host-statistics-max number; - minimal-any yes_or_no; - minimal-responses (yes_or_no | no-auth | no-auth-recursive); - multiple-cnames yes_or_no; - notify yes_or_no | explicit | master-only; - recursion yes_or_no; - send-cookie yes_or_no; - require-server-cookie yes_or_no; - cookie-algorithm algorithm_id; - cookie-secret secret_string; - nocookie-udp-size number ; - request-nsid yes_or_no; - rfc2308-type1 yes_or_no; - use-id-pool yes_or_no; - maintain-ixfr-base yes_or_no; - ixfr-from-differences (yes_or_no | master | slave); - auto-dnssec allow|maintain|off; - dnssec-enable yes_or_no; - dnssec-validation (yes_or_no | auto); - dnssec-lookaside ( auto | - no | - domain trust-anchor domain ); - dnssec-must-be-secure domain yes_or_no; - dnssec-accept-expired yes_or_no; - forward ( only | first ); - forwarders { ip_addr port ip_port dscp ip_dscp ; ... }; - dual-stack-servers port ip_port dscp ip_dscp { - ( domain_name port ip_port dscp ip_dscp | - ip_addr port ip_port dscp ip_dscp) ; - ... }; - check-names ( master | slave | response ) - ( warn | fail | ignore ); - check-dup-records ( warn | fail | ignore ); - check-mx ( warn | fail | ignore ); - check-wildcard yes_or_no; - check-integrity yes_or_no; - check-mx-cname ( warn | fail | ignore ); - check-srv-cname ( warn | fail | ignore ); - check-sibling yes_or_no; - check-spf ( warn | ignore ); - allow-new-zones { yes_or_no }; - allow-notify { address_match_list }; - allow-query { address_match_list }; - allow-query-on { address_match_list }; - allow-query-cache { address_match_list }; - allow-query-cache-on { address_match_list }; - allow-transfer { address_match_list }; - allow-recursion { address_match_list }; - allow-recursion-on { address_match_list }; - allow-update { address_match_list }; - allow-update-forwarding { address_match_list }; - automatic-interface-scan { yes_or_no }; - geoip-use-ecs yes_or_no; - update-check-ksk yes_or_no; - dnssec-update-mode ( maintain | no-resign ); - dnssec-dnskey-kskonly yes_or_no; - dnssec-loadkeys-interval number; - dnssec-secure-to-insecure yes_or_no ; - try-tcp-refresh yes_or_no; - allow-v6-synthesis { address_match_list }; - blackhole { address_match_list }; - keep-response-order { address_match_list }; - no-case-compress { address_match_list }; - message-compression yes_or_no ; - use-v4-udp-ports { port_list }; - avoid-v4-udp-ports { port_list }; - use-v6-udp-ports { port_list }; - avoid-v6-udp-ports { port_list }; - listen-on port ip_port dscp ip_dscp { address_match_list }; - listen-on-v6 port ip_port dscp ip_dscp -{ address_match_list }; - query-source ( ( ip4_addr | * ) - port ( ip_port | * ) - dscp ip_dscp | - address ( ip4_addr | * ) - port ( ip_port | * ) ) - dscp ip_dscp ; - query-source-v6 ( ( ip6_addr | * ) - port ( ip_port | * ) - dscp ip_dscp | - address ( ip6_addr | * ) - port ( ip_port | * ) ) - dscp ip_dscp ; - use-queryport-pool yes_or_no; - queryport-pool-ports number; - queryport-pool-updateinterval number; - max-records number; - max-transfer-time-in number; - max-transfer-time-out number; - max-transfer-idle-in number; - max-transfer-idle-out number; - reserved-sockets number; - recursive-clients number; - tcp-clients number; - clients-per-query number ; - max-clients-per-query number ; - fetches-per-server number (drop | fail); - fetch-quota-params number fixedpoint fixedpoint fixedpoint ; - fetches-per-zone number (drop | fail); - notify-rate number; - startup-notify-rate number; - serial-query-rate number; - serial-queries number; - tcp-listen-queue number; - transfer-format ( one-answer | many-answers ); - transfer-message-size number; - transfers-in number; - transfers-out number; - transfers-per-ns number; - transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - transfer-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - alt-transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - alt-transfer-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - use-alt-transfer-source yes_or_no; - notify-delay seconds ; - notify-source (ip4_addr | *) port ip_port dscp ip_dscp ; - notify-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - notify-to-soa yes_or_no ; - also-notify port ip_port dscp ip_dscp { ( masters | ip_addr - port ip_port ) key keyname ; ... }; - max-ixfr-log-size number; - max-journal-size size_spec; - coresize size_spec ; - datasize size_spec ; - files size_spec ; - stacksize size_spec ; - cleaning-interval number; - heartbeat-interval number; - interface-interval number; - statistics-interval number; - topology { address_match_list }; - sortlist { address_match_list }; - rrset-order { order_spec ; order_spec ; ... }; - lame-ttl number; - max-ncache-ttl number; - max-cache-ttl number; - max-zone-ttl ( unlimited | number ; - serial-update-method increment|unixtime|date; - servfail-ttl number; - sig-validity-interval number number ; - sig-signing-nodes number ; - sig-signing-signatures number ; - sig-signing-type number ; - min-roots number; - use-ixfr yes_or_no ; - provide-ixfr yes_or_no; - request-ixfr yes_or_no; - request-expire yes_or_no; - treat-cr-as-space yes_or_no ; - min-refresh-time number ; - max-refresh-time number ; - min-retry-time number ; - max-retry-time number ; - nta-lifetime duration ; - nta-recheck duration ; - port ip_port; - dscp ip_dscp ; - additional-from-auth yes_or_no ; - additional-from-cache yes_or_no ; - random-device path_name ; - max-cache-size size_or_percent ; - match-mapped-addresses yes_or_no; - filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); - filter-aaaa-on-v6 ( yes_or_no | break-dnssec ); - filter-aaaa { address_match_list }; - dns64 ipv6-prefix { - clients { address_match_list }; - mapped { address_match_list }; - exclude { address_match_list }; - suffix IPv6-address; - recursive-only yes_or_no; - break-dnssec yes_or_no; - }; ; - dns64-server name - dns64-contact name - preferred-glue ( A | AAAA | NONE ); - edns-udp-size number; - max-udp-size number; - max-rsa-exponent-size number; - root-delegation-only exclude { namelist } ; - querylog yes_or_no ; - disable-algorithms domain { algorithm; - algorithm; }; - disable-ds-digests domain { digest_type; - digest_type; }; - acache-enable yes_or_no ; - acache-cleaning-interval number; - max-acache-size size_spec ; - max-recursion-depth number ; - max-recursion-queries number ; - masterfile-format - (text|raw|map) ; - masterfile-style - (relative|full) ; - empty-server name ; - empty-contact name ; - empty-zones-enable yes_or_no ; - disable-empty-zone zone_name ; - zero-no-soa-ttl yes_or_no ; - zero-no-soa-ttl-cache yes_or_no ; - resolver-query-timeout number ; - deny-answer-addresses { address_match_list } except-from { namelist } ; - deny-answer-aliases { namelist } except-from { namelist } ; - prefetch number number ; - - rate-limit { - responses-per-second number ; - referrals-per-second number ; - nodata-per-second number ; - nxdomains-per-second number ; - errors-per-second number ; - all-per-second number ; - window number ; - log-only yes_or_no ; - qps-scale number ; - ipv4-prefix-length number ; - ipv6-prefix-length number ; - slip number ; - exempt-clients { address_match_list } ; - max-table-size number ; - min-table-size number ; - } ; - response-policy { - zone zone_name - policy (given | disabled | passthru | drop | - tcp-only | nxdomain | nodata | cname domain) - recursive-only yes_or_no - log yes_or_no - max-policy-ttl number - ; ... - } recursive-only yes_or_no - max-policy-ttl number - break-dnssec yes_or_no - min-ns-dots number - nsip-wait-recurse yes_or_no - qname-wait-recurse yes_or_no - automatic-interface-scan yes_or_no - ; - catalog-zones { - zone quoted_string - default-masters - port ip_port - dscp ip_dscp - { ( masters_list | ip_addr port ip_port key key ) ; ... } - in-memory yes_or_no - min-update-interval interval - ; ... }; - ; - v6-bias number ; -}; +options { + [ attach-cache cache_name ; ] + [ version version_string ; ] + [ hostname hostname_string ; ] + [ server-id server_id_string ; ] + [ directory path_name ; ] + [ dnstap { message_type ; ... } ; ] + [ dnstap-output ( | ) path_name ; ] + [ dnstap-identity ( string | | ) ; ] + [ dnstap-version ( string | ) ; ] + [ fstrm-set-buffer-hint number ; ] + [ fstrm-set-flush-timeout number ; ] + [ fstrm-set-input-queue-size number ; ] + [ fstrm-set-output-notify-threshold number ; ] + [ fstrm-set-output-queue-model ( | ) ; ] + [ fstrm-set-output-queue-size number ; ] + [ fstrm-set-reopen-interval number ; ] + [ geoip-directory path_name ; ] + [ key-directory path_name ; ] + [ managed-keys-directory path_name ; ] + [ named-xfer path_name ; ] + [ tkey-gssapi-keytab path_name ; ] + [ tkey-gssapi-credential principal ; ] + [ tkey-domain domain_name ; ] + [ tkey-dhkey key_name key_tag ; ] + [ cache-file path_name ; ] + [ dump-file path_name ; ] + [ bindkeys-file path_name ; ] + [ lock-file path_name ; ] + [ secroots-file path_name ; ] + [ session-keyfile path_name ; ] + [ session-keyname key_name ; ] + [ session-keyalg algorithm_id ; ] + [ memstatistics yes_or_no ; ] + [ memstatistics-file path_name ; ] + [ pid-file path_name ; ] + [ recursing-file path_name ; ] + [ statistics-file path_name ; ] + [ zone-statistics ( | | ) ; ] + [ auth-nxdomain yes_or_no ; ] + [ nxdomain-redirect string ; ] + [ deallocate-on-exit yes_or_no ; ] + [ dialup dialup_option ; ] + [ fake-iquery yes_or_no ; ] + [ fetch-glue yes_or_no ; ] + [ flush-zones-on-shutdown yes_or_no ; ] + [ has-old-clients yes_or_no ; ] + [ host-statistics yes_or_no ; ] + [ host-statistics-max number ; ] + [ minimal-any yes_or_no ; ] + [ minimal-responses ( yes_or_no | | ) ; ] + [ multiple-cnames yes_or_no ; ] + [ notify ( yes_or_no | | ) ; ] + [ recursion yes_or_no ; ] + [ send-cookie yes_or_no ; ] + [ require-server-cookie yes_or_no ; ] + [ cookie-algorithm algorithm_id ; ] + [ cookie-secret secret_string ; ] + [ nocookie-udp-size number ; ] + [ request-nsid yes_or_no ; ] + [ rfc2308-type1 yes_or_no ; ] + [ use-id-pool yes_or_no ; ] + [ maintain-ixfr-base yes_or_no ; ] + [ ixfr-from-differences ( yes_or_no | | ) ; ] + [ auto-dnssec ( | | ) ; ] + [ dnssec-enable yes_or_no ; ] + [ dnssec-validation ( yes_or_no | ) ; ] + [ dnssec-lookaside ( | | domain trust-anchor domain ) ; ] + [ dnssec-must-be-secure domain yes_or_no ; ] + [ dnssec-accept-expired yes_or_no ; ] + [ forward ( | ) ; ] + [ forwarders { + ( ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ) + ... + } ; ] + [ dual-stack-servers [ port ip_port ] [ dscp ip_dscp ] { + ( ( domain_name | ip_addr ) [ port ip_port ] [ dscp ip_dscp ] ; ) + ... + } ; ] + [ check-names ( | | ) + ( | | ) ; ] + [ check-dup-records ( | | ) ; ] + [ check-mx ( | | ) ; ] + [ check-wildcard yes_or_no ; ] + [ check-integrity yes_or_no ; ] + [ check-mx-cname ( | | ) ; ] + [ check-srv-cname ( | | ) ; ] + [ check-sibling yes_or_no ; ] + [ check-spf ( | ) ; ] + [ allow-new-zones yes_or_no ; ] + [ allow-notify { address_match_list } ; ] + [ allow-query { address_match_list } ; ] + [ allow-query-on { address_match_list } ; ] + [ allow-query-cache { address_match_list } ; ] + [ allow-query-cache-on { address_match_list } ; ] + [ allow-transfer { address_match_list } ; ] + [ allow-recursion { address_match_list } ; ] + [ allow-recursion-on { address_match_list } ; ] + [ allow-update { address_match_list } ] + [ allow-update-forwarding { address_match_list } ; ] + [ automatic-interface-scan yes_or_no ; ] + [ geoip-use-ecs yes_or_no ; ] + [ update-check-ksk yes_or_no ; ] + [ dnssec-update-mode ( | ) ; ] + [ dnssec-dnskey-kskonly yes_or_no ; ] + [ dnssec-loadkeys-interval number ; ] + [ dnssec-secure-to-insecure yes_or_no ; ] + [ try-tcp-refresh yes_or_no ; ] + [ allow-v6-synthesis { address_match_list } ; ] + [ blackhole { address_match_list } ; ] + [ keep-response-order { address_match_list } ; ] + [ no-case-compress { address_match_list } ; ] + [ message-compression yes_or_no ; ] + [ use-v4-udp-ports { port_list } ; ] + [ avoid-v4-udp-ports { port_list } ; ] + [ use-v6-udp-ports { port_list } ; ] + [ avoid-v6-udp-ports { port_list } ; ] + [ listen-on [ port ip_port ] [ dscp ip_dscp ] { address_match_list } ; ] + [ listen-on-v6 [ port ip_port ] [ dscp ip_dscp ] { address_match_list } ; ] + [ query-source ( [ address ] ( ip4_addr | ) ) + [ port ( ip_port | ) ] [ dscp ip_dscp ] ] ; + [ query-source-v6 ( [ address ] ( ip6_addr | ) ) + [ port ( ip_port | ) ] [ dscp ip_dscp ] ] ; + [ use-queryport-pool yes_or_no ; ] + [ queryport-pool-ports number ; ] + [ queryport-pool-updateinterval number ; ] + [ max-records number ; ] + [ max-transfer-time-in number ; ] + [ max-transfer-time-out number ; ] + [ max-transfer-idle-in number ; ] + [ max-transfer-idle-out number ; ] + [ reserved-sockets number ; ] + [ recursive-clients number ; ] + [ tcp-clients number ; ] + [ clients-per-query number ; ] + [ max-clients-per-query number ; ] + [ fetches-per-server number [ ( | ) ] ; ] + [ fetches-per-zone number [ ( | ) ] ; ] + [ fetch-quota-params number fixedpoint fixedpoint fixedpoint ; ] + [ notify-rate number ; ] + [ startup-notify-rate number ; ] + [ serial-query-rate number ; ] + [ serial-queries number ; ] + [ tcp-listen-queue number ; ] + [ transfer-format ( | ) ; ] + [ transfer-message-size number ; ] + [ transfers-in number ; ] + [ transfers-out number ; ] + [ transfers-per-ns number ; ] + [ transfer-source ( ip4_addr | ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ transfer-source-v6 ( ip6_addr | ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ alt-transfer-source ( ip4_addr | ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ alt-transfer-source-v6 ( ip6_addr | ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ use-alt-transfer-source yes_or_no ; ] + [ notify-delay seconds ; ] + [ notify-source ( ip4_addr | ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ notify-source-v6 ( ip6_addr | ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ notify-to-soa yes_or_no ; ] + [ also-notify [ port ip_port] [ dscp ip_dscp] { + ( masters | ip_addr [ port ip_port ] ) [ key key_name ] ; + ... + } ; ] + [ max-ixfr-log-size number ; ] + [ max-journal-size size_spec ; ] + [ coresize size_spec ; ] + [ datasize size_spec ; ] + [ files size_spec ; ] + [ stacksize size_spec ; ] + [ cleaning-interval number ; ] + [ heartbeat-interval number ; ] + [ interface-interval number ; ] + [ statistics-interval number ; ] + [ topology { address_match_list } ; ] + [ sortlist { address_match_list } ; ] + [ rrset-order { order_spec ; ... } ; ] + [ lame-ttl number ; ] + [ max-ncache-ttl number ; ] + [ max-cache-ttl number ; ] + [ max-zone-ttl ( | number ) ; ] + [ serial-update-method ( | | ) ; ] + [ servfail-ttl number ; ] + [ sig-validity-interval number [number] ; ] + [ sig-signing-nodes number ; ] + [ sig-signing-signatures number ; ] + [ sig-signing-type number ; ] + [ min-roots number ; ] + [ use-ixfr yes_or_no ; ] + [ provide-ixfr yes_or_no ; ] + [ request-ixfr yes_or_no ; ] + [ request-expire yes_or_no ; ] + [ treat-cr-as-space yes_or_no ; ] + [ min-refresh-time number ; ] + [ max-refresh-time number ; ] + [ min-retry-time number ; ] + [ max-retry-time number ; ] + [ nta-lifetime duration ; ] + [ nta-recheck duration ; ] + [ port ip_port ; ] + [ dscp ip_dscp ; ] + [ additional-from-auth yes_or_no ; ] + [ additional-from-cache yes_or_no ; ] + [ random-device path_name ; ] + [ max-cache-size size_or_percent ; ] + [ match-mapped-addresses yes_or_no ; ] + [ filter-aaaa-on-v4 ( yes_or_no | ) ; ] + [ filter-aaaa-on-v6 ( yes_or_no | ) ; ] + [ filter-aaaa { address_match_list } ; ] + [ dns64 ipv6-prefix { + [ clients { address_match_list } ; ] + [ mapped { address_match_list } ; ] + [ exclude { address_match_list } ; ] + [ suffix ip6-address ; ] + [ recursive-only yes_or_no ; ] + [ break-dnssec yes_or_no ; ] + } ; ] + [ dns64-server name ] + [ dns64-contact name ] + [ preferred-glue ( | | ); ] + [ edns-udp-size number ; ] + [ max-udp-size number ; ] + [ max-rsa-exponent-size number ; ] + [ root-delegation-only [ exclude { namelist } ] ; ] + [ querylog yes_or_no ; ] + [ disable-algorithms domain { algorithm ; ... } ; ] + [ disable-ds-digests domain { digest_type ; ... } ; ] + [ acache-enable yes_or_no ; ] + [ acache-cleaning-interval number ; ] + [ max-acache-size size_spec ; ] + [ max-recursion-depth number ; ] + [ max-recursion-queries number ; ] + [ masterfile-format ( | | ) ; ] + [ masterfile-style ( | ) ; ] + [ empty-server name ; ] + [ empty-contact name ; ] + [ empty-zones-enable yes_or_no ; ] + [ disable-empty-zone zone_name ; ] + [ zero-no-soa-ttl yes_or_no ; ] + [ zero-no-soa-ttl-cache yes_or_no ; ] + [ resolver-query-timeout number ; ] + [ deny-answer-addresses { address_match_list } + [ except-from { namelist } ] ; ] + [ deny-answer-aliases { namelist } + [ except-from { namelist } ] ; ] + [ prefetch number [ number ] ; ] + [ rate-limit { + [ responses-per-second number ; ] + [ referrals-per-second number ; ] + [ nodata-per-second number ; ] + [ nxdomains-per-second number ; ] + [ errors-per-second number ; ] + [ all-per-second number ; ] + [ window number ; ] + [ log-only yes_or_no ; ] + [ qps-scale number ; ] + [ ipv4-prefix-length number ; ] + [ ipv6-prefix-length number ; ] + [ slip number ; ] + [ exempt-clients { address_match_list } ; ] + [ max-table-size number ; ] + [ min-table-size number ; ] + } ; ] + [ response-policy { + zone zone_name + [ policy ( given | disabled | passthru | drop | + tcp-only | nxdomain | nodata | cname domain ) ] + [ recursive-only yes_or_no ] + [ log yes_or_no ] + [ max-policy-ttl number ] ; + ... + } [ recursive-only yes_or_no ] + [ max-policy-ttl number ] + [ break-dnssec yes_or_no ] + [ min-ns-dots number ] + [ nsip-wait-recurse yes_or_no ] + [ qname-wait-recurse yes_or_no ] ; ] + [ catalog-zones { + zone quoted_string + [ [ port ip_port ] [ dscp ip_dscp ] { + ( masters_list | ip_addr [port ip_port] [ key key_name] ) ; + ... + } ] + [ zone-directory path_name ] + [ in-memory yes_or_no ] + [ min-update-interval interval ] ; + ... + } ; ] + [ v6-bias number ; ] +} ; ] @@ -5172,7 +5170,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] able to load the public and private keys from files in the working directory. In - most cases, the keyname should be the server's host name. + most cases, the key_name should be the server's host name. @@ -10900,33 +10898,37 @@ example.com CNAME rpz-tcp-only.
<command>server</command> Statement Grammar -server ip_addr[/prefixlen] { - bogus yes_or_no ; - provide-ixfr yes_or_no ; - request-ixfr yes_or_no ; - request-expire yes_or_no ; - request-nsid yes_or_no ; - send-cookie yes_or_no ; - edns yes_or_no ; - edns-udp-size number ; - edns-version number ; - max-udp-size number ; - tcp-only yes_or_no ; - transfers number ; - transfer-format ( one-answer | many-answers ) ; ] - keys { key_id }; - transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - transfer-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - notify-source (ip4_addr | *) port ip_port dscp ip_dscp ; - notify-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - query-source address ( ip_addr | * ) - port ( ip_port | * ) dscp ip_dscp ; - query-source-v6 address ( ip_addr | * ) - port ( ip_port | * ) dscp ip_dscp ; - use-queryport-pool yes_or_no; - queryport-pool-ports number; - queryport-pool-updateinterval number; -}; +server ( ip_addr | ip_prefix ) { + [ bogus yes_or_no ; ] + [ provide-ixfr yes_or_no ; ] + [ request-ixfr yes_or_no ; ] + [ request-expire yes_or_no ; ] + [ request-nsid yes_or_no ; ] + [ send-cookie yes_or_no ; ] + [ edns yes_or_no ; ] + [ edns-udp-size number ; ] + [ edns-version number ; ] + [ max-udp-size number ; ] + [ tcp-only yes_or_no ; ] + [ transfers number ; ] + [ transfer-format ( one-answer | many-answers ) ; ] + [ keys { key_id } ; ] + [ transfer-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ transfer-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ notify-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ notify-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ query-source ( [ address ] ( ip_addr | * ) ) + [ port ( ip_port | * ) ] [ dscp ip_dscp ] ; ] + [ query-source-v6 ( [ address ] ( ip_addr | * ) ) + [ port ( ip_port | * ) ] [ dscp ip_dscp ] ; ] + [ use-queryport-pool yes_or_no ; ] + [ queryport-pool-ports number ; ] + [ queryport-pool-updateinterval number ; ] +} ;
@@ -11177,11 +11179,11 @@ example.com CNAME rpz-tcp-only.
<command>statistics-channels</command> Statement Grammar -statistics-channels { - [ inet ( ip_addr | * ) [ port ip_port ] - [ allow { address_match_list } ]; ] - [ inet ...; ] -}; +statistics-channels { + [ inet ( ip_addr | * ) [ port ip_port ] + [ allow { address_match_list } ] ; ] + ... +};
@@ -11307,10 +11309,10 @@ example.com CNAME rpz-tcp-only.
<command>trusted-keys</command> Statement Grammar -trusted-keys { - string number number number string ; - string number number number string ; ... -}; +trusted-keys { + ( domain_name flags protocol algorithm key_data ; ) + ... +} ;
@@ -11360,10 +11362,10 @@ example.com CNAME rpz-tcp-only.
<command>managed-keys</command> Statement Grammar -managed-keys { - name initial-key flags protocol algorithm key-data ; - name initial-key flags protocol algorithm key-data ; ... -}; +managed-keys { + ( domain_name initial_key flags protocol algorithm key_data ; ) + ... +} ;
@@ -11493,14 +11495,13 @@ example.com CNAME rpz-tcp-only.
<command>view</command> Statement Grammar -view view_name - class { - match-clients { address_match_list }; - match-destinations { address_match_list }; - match-recursive-only yes_or_no ; - view_option; ... - zone_statement; ... -}; +view view_name [ class ] { + match-clients { address_match_list } ; + match-destinations { address_match_list } ; + match-recursive-only yes_or_no ; + [ view_option ; ... ] + [ zone_statement ; ... ] +} ;
@@ -11634,201 +11635,211 @@ view "external" {
<command>zone</command> Statement Grammar -zone zone_name class { - type master; - allow-query { address_match_list }; - allow-query-on { address_match_list }; - allow-transfer { address_match_list }; - allow-update { address_match_list }; - update-check-ksk yes_or_no; - dnssec-dnskey-kskonly yes_or_no; - dnssec-loadkeys-interval number; - update-policy local | { update_policy_rule ... }; - also-notify port ip_port dscp ip_dscp { ( masters_list | ip_addr - port ip_port - key key ) ; ... }; - check-names (warn|fail|ignore) ; - check-mx (warn|fail|ignore) ; - check-wildcard yes_or_no; - check-spf ( warn | ignore ); - check-integrity yes_or_no ; - dialup dialup_option ; - file string ; - masterfile-format (text|raw|map) ; - journal string ; - max-journal-size size_spec; - forward (only|first) ; - forwarders { ip_addr port ip_port dscp ip_dscp ; ... }; - ixfr-base string ; - ixfr-from-differences yes_or_no; - ixfr-tmp-file string ; - maintain-ixfr-base yes_or_no ; - max-ixfr-log-size number ; - max-transfer-idle-out number ; - max-transfer-time-out number ; - notify yes_or_no | explicit | master-only ; - notify-delay seconds ; - notify-to-soa yes_or_no; - pubkey number number number string ; - notify-source (ip4_addr | *) port ip_port dscp ip_dscp ; - notify-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - zone-statistics full | terse | none; - sig-validity-interval number number ; - sig-signing-nodes number ; - sig-signing-signatures number ; - sig-signing-type number ; - database string ; - min-refresh-time number ; - max-refresh-time number ; - min-retry-time number ; - max-retry-time number ; - key-directory path_name; - auto-dnssec allow|maintain|off; - inline-signing yes_or_no; - zero-no-soa-ttl yes_or_no ; - serial-update-method increment|unixtime|date; - max-zone-ttl number ; -}; +zone zone_name [ class ] { + type master ; + [ allow-query { address_match_list } ; ] + [ allow-query-on { address_match_list } ; ] + [ allow-transfer { address_match_list } ; ] + [ allow-update { address_match_list } ; ] + [ update-check-ksk yes_or_no ; ] + [ dnssec-dnskey-kskonly yes_or_no ; ] + [ dnssec-loadkeys-interval number ; ] + [ update-policy | { update_policy_rule ; ... } ; ] + [ also-notify [ port ip_port ] [ dscp ip_dscp ] { + ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ; + ... + } ; ] + [ check-names ( | | ) ; ] + [ check-mx ( | | ) ; ] + [ check-wildcard yes_or_no ; ] + [ check-spf ( | ); ] + [ check-integrity yes_or_no ; ] + [ dialup dialup_option ; ] + [ file string ; ] + [ masterfile-format ( | | ) ; ] + [ journal string ; ] + [ max-journal-size size_spec ; ] + [ forward ( | ) ; ] + [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... ] } ; ] + [ ixfr-base string ; ] + [ ixfr-from-differences yes_or_no ; ] + [ ixfr-tmp-file string ; ] + [ maintain-ixfr-base yes_or_no ; ] + [ max-ixfr-log-size number ; ] + [ max-transfer-idle-out number ; ] + [ max-transfer-time-out number ; ] + [ notify yes_or_no | | ; ] + [ notify-delay seconds ; ] + [ notify-to-soa yes_or_no ; ] + [ pubkey number number number string ; ] + [ notify-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ notify-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ zone-statistics ( | | ) ; ] + [ sig-validity-interval number [ number ] ; ] + [ sig-signing-nodes number ; ] + [ sig-signing-signatures number ; ] + [ sig-signing-type number ; ] + [ database string ; ] + [ min-refresh-time number ; ] + [ max-refresh-time number ; ] + [ min-retry-time number ; ] + [ max-retry-time number ; ] + [ key-directory path_name ; ] + [ auto-dnssec ( | | ) ; ] + [ inline-signing yes_or_no ; ] + [ zero-no-soa-ttl yes_or_no ; ] + [ serial-update-method ( | | ) ; ] + [ max-zone-ttl number ; ] +} ; -zone zone_name class { - type slave; - allow-notify { address_match_list }; - allow-query { address_match_list }; - allow-query-on { address_match_list }; - allow-transfer { address_match_list }; - allow-update-forwarding { address_match_list }; - dnssec-update-mode ( maintain | no-resign ); - update-check-ksk yes_or_no; - dnssec-dnskey-kskonly yes_or_no; - dnssec-loadkeys-interval number; - dnssec-secure-to-insecure yes_or_no ; - try-tcp-refresh yes_or_no; - also-notify port ip_port dscp ip_dscp { ( masters_list | ip_addr - port ip_port - key key ) ; ... }; - check-names (warn|fail|ignore) ; - dialup dialup_option ; - file string ; - masterfile-format (text|raw|map) ; - journal string ; - max-journal-size size_spec; - forward (only|first) ; - forwarders { ip_addr port ip_port dscp ip_dscp ; ... }; - ixfr-base string ; - ixfr-from-differences yes_or_no; - ixfr-tmp-file string ; - request-ixfr yes_or_no ; - maintain-ixfr-base yes_or_no ; - masters port ip_port dscp ip_dscp { ( masters_list | ip_addr - port ip_port - dscp ip_dscp - key key ) ; ... }; - max-ixfr-log-size number ; - max-transfer-idle-in number ; - max-transfer-idle-out number ; - max-transfer-time-in number ; - max-transfer-time-out number ; - notify yes_or_no | explicit | master-only ; - notify-delay seconds ; - notify-to-soa yes_or_no; - pubkey number number number string ; - transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - transfer-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - alt-transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - alt-transfer-source-v6 (ip6_addr | *) - port ip_port - dscp ip_dscp ; - use-alt-transfer-source yes_or_no; - notify-source (ip4_addr | *) port ip_port dscp ip_dscp ; - notify-source-v6 (ip6_addr | *) port ip_port dscp ip_dscp ; - zone-statistics full | terse | none; - sig-validity-interval number number ; - sig-signing-nodes number ; - sig-signing-signatures number ; - sig-signing-type number ; - database string ; - min-refresh-time number ; - max-refresh-time number ; - min-retry-time number ; - max-retry-time number ; - key-directory path_name; - auto-dnssec allow|maintain|off; - inline-signing yes_or_no; - multi-master yes_or_no ; - zero-no-soa-ttl yes_or_no ; -}; +zone zone_name [ class ] { + type slave ; + [ allow-notify { address_match_list } ; ] + [ allow-query { address_match_list } ; ] + [ allow-query-on { address_match_list } ; ] + [ allow-transfer { address_match_list } ; ] + [ allow-update-forwarding { address_match_list } ; ] + [ dnssec-update-mode ( | ); ] + [ update-check-ksk yes_or_no ; ] + [ dnssec-dnskey-kskonly yes_or_no ; ] + [ dnssec-loadkeys-interval number ; ] + [ dnssec-secure-to-insecure yes_or_no ; ] + [ try-tcp-refresh yes_or_no ; ] + [ also-notify [ port ip_port ] [ dscp ip_dscp ] { + ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ; + ... + } ; ] + [ check-names ( | | ) ; ] + [ dialup dialup_option ; ] + [ file string ; ] + [ masterfile-format ( | | ) ; ] + [ journal string ; ] + [ max-journal-size size_spec ; ] + [ forward ( | ) ; ] + [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... } ; ] + [ ixfr-base string ; ] + [ ixfr-from-differences yes_or_no ; ] + [ ixfr-tmp-file string ; ] + [ request-ixfr yes_or_no ; ] + [ maintain-ixfr-base yes_or_no ; ] + [ masters [ port ip_port ] [ dscp ip_dscp ] { + ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ; + ... + } ; ] + [ max-ixfr-log-size number ; ] + [ max-transfer-idle-in number ; ] + [ max-transfer-idle-out number ; ] + [ max-transfer-time-in number ; ] + [ max-transfer-time-out number ; ] + [ notify ( yes_or_no | | ) ; ] + [ notify-delay seconds ; ] + [ notify-to-soa yes_or_no ; ] + [ pubkey number number number string ; ] + [ transfer-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ transfer-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ alt-transfer-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ alt-transfer-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ use-alt-transfer-source yes_or_no ; ] + [ notify-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ notify-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ zone-statistics ( | | ) ; ] + [ sig-validity-interval number [ number ] ; ] + [ sig-signing-nodes number ; ] + [ sig-signing-signatures number ; ] + [ sig-signing-type number ; ] + [ database string ; ] + [ min-refresh-time number ; ] + [ max-refresh-time number ; ] + [ min-retry-time number ; ] + [ max-retry-time number ; ] + [ key-directory path_name ; ] + [ auto-dnssec ( | | ) ; ] + [ inline-signing yes_or_no ; ] + [ multi-master yes_or_no ; ] + [ zero-no-soa-ttl yes_or_no ; ] +} ; -zone zone_name class { - type hint; - file string ; - delegation-only yes_or_no ; - check-names (warn|fail|ignore) ; // Not Implemented. -}; +zone zone_name [ class ] { + type hint; + file string ; + [ delegation-only yes_or_no ; ] + [ check-names ( | | ) ; ] // Not Implemented. +} ; -zone zone_name class { - type stub; - allow-query { address_match_list }; - allow-query-on { address_match_list }; - check-names (warn|fail|ignore) ; - dialup dialup_option ; - delegation-only yes_or_no ; - file string ; - masterfile-format (text|raw|map) ; - forward (only|first) ; - forwarders { ip_addr port ip_port dscp ip_dscp ; ... }; - masters port ip_port dscp ip_dscp { ( masters_list | ip_addr - port ip_port - dscp ip_dscp - key key ) ; ... }; - max-transfer-idle-in number ; - max-transfer-time-in number ; - pubkey number number number string ; - transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - transfer-source-v6 (ip6_addr | *) - port ip_port dscp ip_dscp ; - alt-transfer-source (ip4_addr | *) port ip_port dscp ip_dscp ; - alt-transfer-source-v6 (ip6_addr | *) - port ip_port dscp ip_dscp ; - use-alt-transfer-source yes_or_no; - zone-statistics full | terse | none; - database string ; - min-refresh-time number ; - max-refresh-time number ; - min-retry-time number ; - max-retry-time number ; - multi-master yes_or_no ; -}; +zone zone_name [ class ] { + type stub; + [ allow-query { address_match_list } ; ] + [ allow-query-on { address_match_list } ; ] + [ check-names ( | | ) ; ] + [ dialup dialup_option ; ] + [ delegation-only yes_or_no ; ] + [ file string ; ] + [ masterfile-format ( | | ) ; ] + [ forward ( | ) ; ] + [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... ] } ; ] + [ masters [ port ip_port ] [ dscp ip_dscp ] { + ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ; + ... + } ; ] + [ max-transfer-idle-in number ; ] + [ max-transfer-time-in number ; ] + [ pubkey number number number string ; ] + [ transfer-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ transfer-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ alt-transfer-source ( ip4_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ alt-transfer-source-v6 ( ip6_addr | * ) + [ port ip_port ] [ dscp ip_dscp ] ; ] + [ use-alt-transfer-source yes_or_no ; ] + [ zone-statistics ( | | ) ; ] + [ database string ; ] + [ min-refresh-time number ; ] + [ max-refresh-time number ; ] + [ min-retry-time number ; ] + [ max-retry-time number ; ] + [ multi-master yes_or_no ; ] +} ; -zone zone_name class { - type static-stub; - allow-query { address_match_list }; - server-addresses { ip_addr ; ... }; - server-names { namelist }; - zone-statistics full | terse | none; -}; +zone zone_name [ class ] { + type static-stub; + [ allow-query { address_match_list } ; ] + [ server-addresses { [ ip_addr ; ... } ; ] + [ server-names { [ namelist ] } ; ] + [ zone-statistics ( | | ) ; ] +} ; -zone zone_name class { - type forward; - forward (only|first) ; - forwarders { ip_addr port ip_port dscp ip_dscp ; ... }; - delegation-only yes_or_no ; -}; +zone zone_name [ class ] { + type forward; + [ forward ( | ) ; ] + [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... } ; ] + [ delegation-only yes_or_no ; ] +} ; -zone "." class { - type redirect; - file string ; - masterfile-format (text|raw|map) ; - allow-query { address_match_list }; - max-zone-ttl number ; -}; +zone "." [ class ] { + type redirect; + file string ; + [ masterfile-format ( | | ) ; ] + [ allow-query { address_match_list } ; ] + [ max-zone-ttl number ; ] +} ; -zone zone_name class { - type delegation-only; -}; +zone zone_name [ class ] { + type delegation-only; +} ; -zone zone_name class { - in-view string ; -}; +zone zone_name [ class ] { + [ in-view string ; ] +} ;