-.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
.\"
-.\" Permission to use, copy, modify, and distribute this software for any
+.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.36 2008/09/25 04:45:04 tbox Exp $
+.\" $Id: named.conf.5,v 1.41.4.1 2010/05/15 02:41:59 tbox Exp $
.\"
.hy 0
.ad l
};
.fi
.RE
+.SH "MANAGED\-KEYS"
+.sp
+.RS 4
+.nf
+managed\-keys {
+ \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
+};
+.fi
+.RE
.SH "CONTROLS"
.sp
.RS 4
dnssec\-enable \fIboolean\fR;
dnssec\-validation \fIboolean\fR;
dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+ dnssec\-lookaside ( \fIauto\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
dnssec\-accept\-expired \fIboolean\fR;
empty\-server \fIstring\fR;
allow\-update { \fIaddress_match_element\fR; ... };
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
update\-check\-ksk \fIboolean\fR;
+ dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
use\-alt\-transfer\-source \fIboolean\fR;
zone\-statistics \fIboolean\fR;
key\-directory \fIquoted_string\fR;
+ managed\-keys\-directory \fIquoted_string\fR;
+ auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBcreate\fR|\fBoff\fR;
try\-tcp\-refresh \fIboolean\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
+ deny\-answer\-addresses {
+ \fIaddress_match_list\fR
+ } [ except\-from { \fInamelist\fR } ];
+ deny\-answer\-aliases {
+ \fInamelist\fR
+ } [ except\-from { \fInamelist\fR } ];
nsec3\-test\-zone \fIboolean\fR; // testing only
allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
deallocate\-on\-exit \fIboolean\fR; // obsolete
...
};
trusted\-keys {
- \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
+ \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
+ [...]
};
allow\-recursion { \fIaddress_match_element\fR; ... };
allow\-recursion\-on { \fIaddress_match_element\fR; ... };
allow\-update { \fIaddress_match_element\fR; ... };
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
update\-check\-ksk \fIboolean\fR;
+ dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
key\-directory \fIquoted_string\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
fetch\-glue \fIboolean\fR; // obsolete
maintain\-ixfr\-base \fIboolean\fR; // obsolete
ixfr\-from\-differences \fIboolean\fR;
journal \fIquoted_string\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
+ dnssec\-secure\-to\-insecure \fIboolean\fR;
allow\-query { \fIaddress_match_element\fR; ... };
allow\-query\-on { \fIaddress_match_element\fR; ... };
allow\-transfer { \fIaddress_match_element\fR; ... };
allow\-update { \fIaddress_match_element\fR; ... };
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
- update\-policy {
- ( grant | deny ) \fIstring\fR
+ update\-policy \fIlocal\fR | \fI {
+ ( grant | deny ) \fR\fI\fIstring\fR\fR\fI
( name | subdomain | wildcard | self | selfsub | selfwild |
krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
- tcp\-self | 6to4\-self ) \fIstring\fR
- \fIrrtypelist\fR; ...
- };
+ tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
+ \fR\fI\fIrrtypelist\fR\fR\fI;
+ \fR\fI[...]\fR\fI
+ }\fR;
update\-check\-ksk \fIboolean\fR;
+ dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
.br