2558 Commits

Author SHA1 Message Date
Michał Kępień
814d9f7bc8 Prepare release notes for BIND 9.16.32 2022-08-04 23:59:36 +02:00
Evan Hunt
1ed5eb38e4 clarify "max-zone-ttl" documentation
The "max-zone-ttl" option should now be configured as part of
dnssec-policy. Use of this option in zone/view/options will be ignored
in any zone that also has dnssec-policy configured.
2022-07-22 15:24:29 -07:00
Michal Nowak
a0e7b05aba Merge tag 'v9_16_31' into v9_16
BIND 9.16.31
2022-07-21 14:37:36 +02:00
Michal Nowak
0043999f54 Add Alpine Linux 3.16
(cherry picked from commit 0d0ab3db10)
2022-07-12 13:59:30 +02:00
Michał Kępień
59da803e86 Prepare release notes for BIND 9.16.31 2022-07-11 06:32:55 +02:00
Petr Špaček
75854c5e6b Rewrite DNSSEC Validation subchapter in the ARM
Mostly deduplicating and linking information across the ARM.
Generally people should not touch it unless they what they are doing, so
let's try to discourage them a bit.

(cherry picked from commit bffa3063f0)
2022-07-07 11:07:32 +02:00
Petr Špaček
c9e52437ca Resynchronize DNSSEC chapter with the main branch
This is essentially a backport of !6296.

Replace DNSSEC chapter with version from the main branch, commit
901b6425d2.

There were structural changes to the ARM in the main branch, and
replacing the whole file with a new version is an order of magniture
easier than attempting to cherry-pick individual changes which should, in
the end, produce the same file under a different name.

File names in the main branch and v9_16 are now in sync (for the DNSSEC
chapter).

Fixes: #3320
2022-07-07 10:34:06 +02:00
Evan Hunt
4897f3ccc0 Improve $GENERATE documentation
Clarify the documentation of $GENERATE modifiers and add an example.

(cherry picked from commit 13fb2faf7a)
2022-07-06 11:35:16 +10:00
Petr Špaček
561f2a3930 Declare Debian 9 (Stretch) community-maintained
(cherry picked from commit 4ce1f25210)
2022-06-28 17:59:21 +02:00
Matthijs Mekking
68105e66cf Add some clarifications wrt dynamic zones
These were suggested by GitLab user @elmaimbo.

(cherry picked from commit fb517eb52a)
2022-06-27 11:56:59 +02:00
Michal Nowak
009c7871ec Add Ubuntu 22.04 LTS (Jammy Jellyfish)
(cherry picked from commit 4c2af3bdfa)
2022-06-22 12:04:13 +02:00
Matthijs Mekking
e1f0acc3e7 Document where updates and DNSSEC records are stored
Make clear that inline-signing stores DNSSEC records in a signed
version of the zone, using the zone's filename plus ".signed" extension.

Tell that dynamic zones store updates in the zone's filename.

DNSSEC records for dynamic zones also go in the zone's filename, unless
inline-signing is enabled.

Then, dnssec-policy assumes inline-signing, but only if the zone is
not dynamic.

(cherry picked from commit 8860f6b4ff)
2022-06-20 16:50:42 +02:00
Petr Špaček
3eae58207a Update NSEC3 guidance to match draft-ietf-dnsop-nsec3-guidance-10
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-nsec3-guidance-10
is on it's way to become RFC, so let's update our recommendations in the
docs to be in line with it.

The default values for dnssec-policy and dnssec-signzone were adapted to
match v9_16 branch.

(cherry picked from commit 2ee3f4e6c8)
2022-06-15 18:10:50 +02:00
Michał Kępień
68fadd52c1 Merge tag 'v9_16_30' into v9_16
BIND 9.16.30
2022-06-15 16:02:06 +02:00
Tom Krizek
b3c7bd1c04 Auto-format Python files with black
This patch is strictly the result of:
$ black $(git ls-files '*.py' '*.py.in')

There have been no manual changes.
2022-06-08 13:34:19 +02:00
Michał Kępień
501ac73a7c Prepare release notes for BIND 9.16.30 2022-06-02 20:57:12 +02:00
Petr Špaček
cc1599e454 ARM style change: render literals in black color
After enormous amount of bikesheding about colors we decided to override
ReadTheDocs default style for literals (``literal`` in the RST markup).

Justification:
- The default RTD "light red literal on white background" is hard to
  read.  https://webaim.org/resources/contrastchecker/ reports that text
  colored as rgb(231, 76, 60) on white background has insufficient
  contrast.
- The ARM has enormous amount of literals all over the place and thus
  one sentence can contain several black/red/black color changes. This
  is distracting. As a consequence, the ARM looks like a Geronimo
  Stilton book.

What we experimented with as replacements for red:
- Green - way too distracting
- Blue - too similar to "usual clickable link"
- Violet - too Geronimo Stilton style
- Brown - better but still distracting

After all the bikesheding we settled on black, i.e. the same as all
"normal" text. I.e. the color is now the same and literals are denoted
by monospaced font and a box around the literal. This has best contrast
and is way less distracting than it used to be.

This lead to a new problem: Internal references to "term definitions"
defined using directives like .. option:: were rendered almost the same
as literals:
- References: monospaced + box + bold + clickable
- Literals: monospaced + box To distinguish these two we added black
  dotted underline to clickable references.

I hereby declare the bikeshed painted.

(cherry picked from commit 833af31e7b)
2022-06-02 17:24:41 +02:00
Petr Špaček
dafacea24c Allow wrapping for ARM table content
RTD style default never wraps <th> and <td> elements and that just does
not work for real sentences or any other long lines.

We can reconsider styling some tables separately, but at the moment we
do not have use for tables with long but unwrappable lines so it's
easier to allow wrapping globally.

(cherry picked from commit a5dd98ac1b)
2022-06-02 17:24:39 +02:00
Michal Nowak
db5f8ebb6f Merge tag 'v9_16_29' into v9_16
BIND 9.16.29
2022-05-19 13:14:59 +02:00
Matthijs Mekking
24913fc696 Remove confusing parental-source line
Remove the line "This address must appear in the secondary server’s
parental-agents zone clause". This line is a copy paste error from
notify-source.

Rewrap.

(cherry picked from commit 313f606692)
2022-05-11 15:01:35 +00:00
Petr Špaček
0366ff94ee Remove ARM notes about Solaris 2.5.1
It was released in May 1996 and hopefully is not used to run BIND
anymore.

(cherry picked from commit 4388656f60)
2022-05-11 12:54:01 +02:00
Michal Nowak
e4f535334e Prepare release notes for BIND 9.16.29 2022-05-06 17:06:36 +02:00
Petr Špaček
cf44faf6ae Pin Sphinx related package versions to match ReadTheDocs and our CI
This seems to be most appropriate way to ensure consistency between
release tarballs and public presentation on ReadTheDocs.

Previous attempt with removing docutils constraint, which relied on pip
depedency solver to pick the same packages as in CI was flawed. RTD
installs a bit different set of packages so it was inherently
unreliable.

As a result RTD pulled in sphinx-rtd-theme==0.4.3 while CI
had 1.0.0, and this inconsistency caused Table of Contents in Release
Notes to render incorrectly. Previous solution was to downgrade
docutils to < 0.17, but I think we should rather pin exact versions.

For the long history of messing with versions read also
isc-projects/bind9@2a8eda0084
isc-projects/images@d4435b97be
isc-projects/bind9@6a2daddf5b

(cherry picked from commit 6088ba3837)
2022-04-27 14:35:52 +02:00
Petr Špaček
a5c06c0080 Fix mismatch between docutils version in CI and ReadTheDocs
Currently our CI images we use to build docs (which subsequently get
into release tarballs) are using docutils 0.17.1, which is latest version
which fulfills Sphinx 4.5.0 requirement for docutils < 0.18.

The old requirement for docutils < 0.17 was causing discrepancy between
the way we build release artifacts and the docs on ReadTheDocs.org which
uses doc/arm/requirements.txt from our repo.

Remove the limit for RDT with hope that it will pull latest permissible
version of docutils.

For the long history of messing with docutils version read also
isc-projects/images@d4435b97be
isc-projects/bind9@6a2daddf5b

(cherry picked from commit 2a8eda0084)
2022-04-26 15:48:46 +02:00
Petr Špaček
02f5e9c505 Support Sphinx 1.6.7 again
Older versions do not have "override" parameter in add_role_to_domain()
function signature. Luckily the override is _not_ required when
overidding the built-in standard domain roles for the first time, so we
just drop the paramter.

Tested with Sphinx 1.6.7 (does not have override) and Sphinx 4.5.0
(does have override).

Fixes: #3294
Related: !6086
2022-04-25 13:31:55 +02:00
Michał Kępień
d17d794722 Merge tag 'v9_16_28' into v9_16
BIND 9.16.28
2022-04-21 09:47:04 +02:00
Michał Kępień
6810a0c055 Prepare release notes for BIND 9.16.28 2022-04-11 17:05:07 +02:00
Petr Špaček
148f6f20e7 Ignore :option: references in rst files to to simplify doc backports
Override Sphinx built-in :option: to act and render as `` literal.
This avoids problems with undefined :option:`target`s when merging
doc backports.
2022-04-07 15:46:55 +02:00
Petr Špaček
c9a512247d Introduce new Sphinx role iscman for ISC manual pages
The new directive and role "iscman" allow to tag & reference man pages in
our source tree. Essentially it is just namespacing for ISC man pages,
but it comes with couple benefits.

Differences from .. _man_program label we formerly used:
- Does not expand :ref:`man_program` into full text of the page header.
- Generates index entry with category "manual page".
- Rendering style is closer to ubiquitous to the one produced
  by ``named`` syntax.

Differences from Sphinx built-in :manpage: role:
- Supports all builders with support for cross-references.
- Generates internal links (unlike :manpage: which generates external
  URLs).
- Checks that target exists withing our source tree.

(cherry-picked from commit 7e7a946d44)
2022-04-07 15:46:52 +02:00
Ondřej Surý
a7f893e836 Rename the configuration option to load balance sockets to reuseport
After some back and forth, it was decidede to match the configuration
option with unbound ("so-reuseport"), PowerDNS ("reuseport") and/or
nginx ("reuseport").

(cherry picked from commit 7e71c4d0cc)
2022-04-06 17:51:12 +02:00
Ondřej Surý
8993ebc01a Add option to configure load balance sockets
Previously, the option to enable kernel load balancing of the sockets
was always enabled when supported by the operating system (SO_REUSEPORT
on Linux and SO_REUSEPORT_LB on FreeBSD).

It was reported that in scenarios where the networking threads are also
responsible for processing long-running tasks (like RPZ processing, CATZ
processing or large zone transfers), this could lead to intermitten
brownouts for some clients, because the thread assigned by the operating
system might be busy.  In such scenarious, the overall performance would
be better served by threads competing over the sockets because the idle
threads can pick up the incoming traffic.

Add new configuration option (`load-balance-sockets`) to allow enabling
or disabling the load balancing of the sockets.

(cherry picked from commit 85c6e797aa)
2022-04-05 01:21:50 +02:00
Michał Kępień
e82ffa9b03 Set up release notes for BIND 9.16.28 2022-03-17 00:19:11 +01:00
Michał Kępień
3849ad19fb Prepare release notes for BIND 9.16.27 2022-03-17 00:19:11 +01:00
Suzanne Goldlust
da3369179f Fix Tools for Use With the Name Server Daemon in the ARM
Remove outdated command references from ARM section
3.3.1. Tools for Use With the Name Server Daemon
and replace them with links to man pages.

Fixes: #2799
(cherry picked from commit 2d2d87a615)
2022-03-10 21:58:36 +01:00
Tony Finch
b8a3359d76 In the ARM appendix, sort man page sections alphabetically
(cherry picked from commit 315b3c3a1a)
2022-03-10 21:58:36 +01:00
Petr Špaček
9242f53e3d Split out named-compilezone and named-checkzone man pages
Both utilities were included as one man page, but this caused a problem:
Sphinx directive .. include was used twice on the same file, which
prevented us from using labels (or anything with unique identifier) in
the man pages. This effectivelly prevented linking to them.

Splitting man pages allows us to solve the linking problems and also
clearly make text easier to follow because it does not mention two tools
at the same time.

This change causes duplication of text, but given the frequecy of changes
to these tools I think it is acceptable. I've considered deduplication
using smaller .rst snippets which get included into both man pages,
but it would require more sed scripting to handle defaults etc. and
I think it would be way too complex solution for this problem.

Related: #2799
(cherry picked from commit 9992f7808c)
2022-03-10 21:58:35 +01:00
Petr Špaček
e46322c583 Split out ddns-confgen and tsig-keygen man pages
Both utilities were included as one man page, but this caused a problem:
Sphinx directive .. include was used twice on the same file, which
prevented us from using labels (or anything with unique identifier) in
the man pages. This effectivelly prevented linking to them.

Splitting man pages allows us to solve the linking problems and also
clearly make text easier to follow because it does not mention two tools
at the same time.

This change causes duplication of text, but given the frequecy of changes
to these tools I think it is acceptable.

Related: #2799
(cherry picked from commit 2e42414522)
2022-03-10 21:56:15 +01:00
Mark Andrews
287df673dc correctly exclude logging-categories.rst
(cherry picked from commit 0069a689a6)
2022-02-25 01:20:54 +11:00
Petr Špaček
bcd07e71d6 Prepare release notes for BIND 9.16.27 2022-02-18 10:07:48 +01:00
Petr Špaček
69989b1320 Prepare release notes for BIND 9.16.26 2022-02-18 10:03:20 +01:00
Matthijs Mekking
483beec0fd Update documentation wrt key algorithms
Add a note to the DNSSEC guide and to the ARM reference that A ZSK/KSK
pair used for signing your zone should have the same algorithm.

This commit also updates the 'dnssec-policy/keys' example to use the
slightly more modern 'rsasha256' algorithm.

(cherry picked from commit 7365400610)
2022-02-16 10:25:30 +01:00
Petr Špaček
a2ebd90f30 Reorder list of supported RFCs in more user-oriented manner
For users it's not really important if a RFC is Internet Standard,
Proposed Standard, or Experimental. RFCs are now regrouped by
"Protocol", Best Current Practice, and "catch all" category FYI.

(cherry picked from commit 7fd61f9403)
2022-02-14 12:23:31 +01:00
Petr Špaček
636ea2d5bc Replace obsolete RFC2845 reference with RFC8945 (TSIG)
(cherry picked from commit 4dbad65bfd)
2022-02-14 12:21:27 +01:00
Petr Špaček
f0d5e029bd Remove special chapter about IPv6 address formats from ARM
In 2022, IPv6 is not anything unusual, and it was really odd
to have it in a separate section next to a huge list of RFCs.

Fixes: #1918
(cherry picked from commit 2774b497a6)
2022-02-14 12:21:15 +01:00
Petr Špaček
519660c84a Replace obsolete RFC6944 reference with RFC8624 (DNSSEC algorithm status)
(cherry picked from commit 3c83a9d503)
2022-02-14 12:21:15 +01:00
Petr Špaček
717d218935 Replace obsolete RFC4408 reference with RFC7208 (SPF)
(cherry picked from commit f8cb0ac141)
2022-02-14 12:21:13 +01:00
Petr Špaček
bc41ef8687 Replace obsolete RFC2915 reference with RFC3403 (NAPTR)
(cherry picked from commit 16dec1ff58)
2022-02-14 12:20:41 +01:00
Petr Špaček
09f562eb0d Add link to RFC8749 (DLV is historic)
(cherry picked from commit f7225db822)
2022-02-14 12:20:39 +01:00
Petr Špaček
eef6134587 Add newer version of IDNA RFC to docs
(cherry picked from commit 09d6cf89df)
2022-02-14 12:20:14 +01:00
Petr Špaček
d16197fe62 Remove obsolete RFCs from documentation
There is little point of listing all of the obsolete RFCs. I think it is
more likely confuse people than to do anything useful.

(cherry picked from commit 9437ea08e1)
2022-02-14 12:20:14 +01:00