update to 9.7.1-P2

[tridge/bind9.git] / bin / named / named.conf.docbook
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook

index a4a8044d04639481b7a6bfc67c4be1428b757df3..630dbcc2331b1b4c9e020666c24819bc633f9e92 100644 (file)
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -2,7 +2,7 @@
                 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
                [<!ENTITY mdash "&#8212;">]>
  <!--
- - Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
   -
   - Permission to use, copy, modify, and/or distribute this software for any
   - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
   - PERFORMANCE OF THIS SOFTWARE.
  -->
  
-<!-- $Id: named.conf.docbook,v 1.39 2008/09/24 02:46:21 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.44.4.2 2010/05/14 23:49:18 tbox Exp $ -->
  <refentry>
    <refentryinfo>
      <date>Aug 13, 2004</date>
@@ -41,6 +41,8 @@
        <year>2006</year>
        <year>2007</year>
        <year>2008</year>
+      <year>2009</year>
+      <year>2010</year>
        <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
      </copyright>
    </docinfo>
@@ -131,6 +133,15 @@ trusted-keys {
  </literallayout>
    </refsect1>
  
+  <refsect1>
+    <title>MANAGED-KEYS</title>
+    <literallayout>
+managed-keys {
+       <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 
+};
+</literallayout>
+  </refsect1>
+
    <refsect1>
      <title>CONTROLS</title>
      <literallayout>
@@ -272,6 +283,7 @@ options {
         dnssec-enable <replaceable>boolean</replaceable>;
         dnssec-validation <replaceable>boolean</replaceable>;
         dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>;
+       dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> );
         dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>;
         dnssec-accept-expired <replaceable>boolean</replaceable>;
  
@@ -291,6 +303,7 @@ options {
         allow-update { <replaceable>address_match_element</replaceable>; ... };
         allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
         update-check-ksk <replaceable>boolean</replaceable>;
+       dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
  
         masterfile-format ( text | raw );
         notify <replaceable>notifytype</replaceable>;
@@ -337,9 +350,18 @@ options {
  
         zone-statistics <replaceable>boolean</replaceable>;
         key-directory <replaceable>quoted_string</replaceable>;
+       managed-keys-directory <replaceable>quoted_string</replaceable>;
+       auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>;
         try-tcp-refresh <replaceable>boolean</replaceable>;
         zero-no-soa-ttl <replaceable>boolean</replaceable>;
         zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+       dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
+       deny-answer-addresses {
+               <replaceable>address_match_list</replaceable>
+       } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
+       deny-answer-aliases {
+               <replaceable>namelist</replaceable>
+       } <optional> except-from { <replaceable>namelist</replaceable> } </optional>;
  
         nsec3-test-zone <replaceable>boolean</replaceable>;  // testing only
  
@@ -381,7 +403,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
         };
  
         trusted-keys {
-               <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ...
+               <replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>;
+               <optional>...</optional>
         };
  
         allow-recursion { <replaceable>address_match_element</replaceable>; ... };
@@ -455,6 +478,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
         allow-update { <replaceable>address_match_element</replaceable>; ... };
         allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
         update-check-ksk <replaceable>boolean</replaceable>;
+       dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
  
         masterfile-format ( text | raw );
         notify <replaceable>notifytype</replaceable>;
@@ -499,6 +523,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
         key-directory <replaceable>quoted_string</replaceable>;
         zero-no-soa-ttl <replaceable>boolean</replaceable>;
         zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
+       dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
  
         allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
         fetch-glue <replaceable>boolean</replaceable>; // obsolete
@@ -533,20 +558,23 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
         ixfr-from-differences <replaceable>boolean</replaceable>;
         journal <replaceable>quoted_string</replaceable>;
         zero-no-soa-ttl <replaceable>boolean</replaceable>;
+       dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
  
         allow-query { <replaceable>address_match_element</replaceable>; ... };
         allow-query-on { <replaceable>address_match_element</replaceable>; ... };
         allow-transfer { <replaceable>address_match_element</replaceable>; ... };
         allow-update { <replaceable>address_match_element</replaceable>; ... };
         allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
-       update-policy {
+       update-policy <replaceable>local</replaceable> | <replaceable> {
                 ( grant | deny ) <replaceable>string</replaceable>
                 ( name | subdomain | wildcard | self | selfsub | selfwild |
                    krb5-self | ms-self | krb5-subdomain | ms-subdomain |
-                 tcp-self | 6to4-self ) <replaceable>string</replaceable>
-               <replaceable>rrtypelist</replaceable>; ...
-       };
+                 tcp-self | zonesub | 6to4-self ) <replaceable>string</replaceable>
+               <replaceable>rrtypelist</replaceable>;
+               <optional>...</optional>
+       }</replaceable>;
         update-check-ksk <replaceable>boolean</replaceable>;
+       dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
  
         masterfile-format ( text | raw );
         notify <replaceable>notifytype</replaceable>;