update to 9.7.1-P2

[tridge/bind9.git] / bin / named / named.conf.5

diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 039c7954dfd80572bf9cf9622635c11d7a045fec..b31bcbb1d31c7fbebd6731f97db9cb6bdfe47b15 100644 (file)
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,6 +1,6 @@
-.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.conf.5,v 1.36 2008/09/25 04:45:04 tbox Exp $
+.\" $Id: named.conf.5,v 1.41.4.1 2010/05/15 02:41:59 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -102,6 +102,15 @@ trusted\-keys {
 };
 .fi
 .RE
+.SH "MANAGED\-KEYS"
+.sp
+.RS 4
+.nf
+managed\-keys {
+       \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... 
+};
+.fi
+.RE
 .SH "CONTROLS"
 .sp
 .RS 4
@@ -244,6 +253,7 @@ options {
        dnssec\-enable \fIboolean\fR;
        dnssec\-validation \fIboolean\fR;
        dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+       dnssec\-lookaside ( \fIauto\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
        dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
        dnssec\-accept\-expired \fIboolean\fR;
        empty\-server \fIstring\fR;
@@ -260,6 +270,7 @@ options {
        allow\-update { \fIaddress_match_element\fR; ... };
        allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
        update\-check\-ksk \fIboolean\fR;
+       dnssec\-dnskey\-kskonly \fIboolean\fR;
        masterfile\-format ( text | raw );
        notify \fInotifytype\fR;
        notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
@@ -299,9 +310,18 @@ options {
        use\-alt\-transfer\-source \fIboolean\fR;
        zone\-statistics \fIboolean\fR;
        key\-directory \fIquoted_string\fR;
+       managed\-keys\-directory \fIquoted_string\fR;
+       auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBcreate\fR|\fBoff\fR;
        try\-tcp\-refresh \fIboolean\fR;
        zero\-no\-soa\-ttl \fIboolean\fR;
        zero\-no\-soa\-ttl\-cache \fIboolean\fR;
+       dnssec\-secure\-to\-insecure \fIboolean\fR;
+       deny\-answer\-addresses {
+               \fIaddress_match_list\fR
+       } [ except\-from { \fInamelist\fR } ];
+       deny\-answer\-aliases {
+               \fInamelist\fR
+       } [ except\-from { \fInamelist\fR } ];
        nsec3\-test\-zone \fIboolean\fR;  // testing only
        allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
        deallocate\-on\-exit \fIboolean\fR; // obsolete
@@ -337,7 +357,8 @@ view \fIstring\fR \fIoptional_class\fR {
                ...
        };
        trusted\-keys {
-               \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
+               \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
+               [...]
        };
        allow\-recursion { \fIaddress_match_element\fR; ... };
        allow\-recursion\-on { \fIaddress_match_element\fR; ... };
@@ -407,6 +428,7 @@ view \fIstring\fR \fIoptional_class\fR {
        allow\-update { \fIaddress_match_element\fR; ... };
        allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
        update\-check\-ksk \fIboolean\fR;
+       dnssec\-dnskey\-kskonly \fIboolean\fR;
        masterfile\-format ( text | raw );
        notify \fInotifytype\fR;
        notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
@@ -445,6 +467,7 @@ view \fIstring\fR \fIoptional_class\fR {
        key\-directory \fIquoted_string\fR;
        zero\-no\-soa\-ttl \fIboolean\fR;
        zero\-no\-soa\-ttl\-cache \fIboolean\fR;
+       dnssec\-secure\-to\-insecure \fIboolean\fR;
        allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
        fetch\-glue \fIboolean\fR; // obsolete
        maintain\-ixfr\-base \fIboolean\fR; // obsolete
@@ -476,19 +499,22 @@ zone \fIstring\fR \fIoptional_class\fR {
        ixfr\-from\-differences \fIboolean\fR;
        journal \fIquoted_string\fR;
        zero\-no\-soa\-ttl \fIboolean\fR;
+       dnssec\-secure\-to\-insecure \fIboolean\fR;
        allow\-query { \fIaddress_match_element\fR; ... };
        allow\-query\-on { \fIaddress_match_element\fR; ... };
        allow\-transfer { \fIaddress_match_element\fR; ... };
        allow\-update { \fIaddress_match_element\fR; ... };
        allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
-       update\-policy {
-               ( grant | deny ) \fIstring\fR
+       update\-policy \fIlocal\fR | \fI {
+               ( grant | deny ) \fR\fI\fIstring\fR\fR\fI
                ( name | subdomain | wildcard | self | selfsub | selfwild |
                   krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
-                 tcp\-self | 6to4\-self ) \fIstring\fR
-               \fIrrtypelist\fR; ...
-       };
+                 tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
+               \fR\fI\fIrrtypelist\fR\fR\fI;
+               \fR\fI[...]\fR\fI
+       }\fR;
        update\-check\-ksk \fIboolean\fR;
+       dnssec\-dnskey\-kskonly \fIboolean\fR;
        masterfile\-format ( text | raw );
        notify \fInotifytype\fR;
        notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
@@ -544,5 +570,5 @@ zone \fIstring\fR \fIoptional_class\fR {
 \fBrndc\fR(8),
 BIND 9 Administrator Reference Manual.
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
 .br