daniel/ansible-bind9-role
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Releases Wiki Activity

docs: Add BIND9 version comparison and migration guidance

Browse Source 
- Generate BIND_VERSION_DIFFERENCES.md with detailed grammar comparison
- Document 44 breaking changes between BIND9 9.18.44 and 9.20.18
- Document 35 new options and 22 modified options in BIND9 9.20
- Document 3 newly deprecated options
- Add version compatibility section to CONFIGURATION_GRAMMAR.md
- Update CHANGELOG.md with version differences details
- Include migration guide for upgrading from 9.18 to 9.20

Closes #11
This commit is contained in:
Daniel Akulenok
2026-02-07 23:43:51 +01:00
parent 9df24a4a30
commit db379be31f
4 changed files with 895 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@@ -14,10 +14,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Grammar fetcher for upstream BIND9 sources (`scripts/fetch_bind_grammar.py`)
- Automated version difference tracking
- Operating system support matrix
- BIND9 Version Differences documentation (`docs/BIND_VERSION_DIFFERENCES.md`) covering:
- 44 breaking changes between BIND9 9.18.44 and 9.20.18
- 35 new options in BIND9 9.20
- 22 modified options requiring configuration updates
- 3 newly deprecated options
### Changed
- Established formal release management process
- Defined backporting policy for security, bugs, and features
- Clarified version compatibility in CONFIGURATION_GRAMMAR.md
### Planned
- BIND9 9.20+ support in separate `9.20` branch

11
CONFIGURATION_GRAMMAR.md
View File

@@ -39,6 +39,17 @@ The BIND9 role uses YAML to replicate the official ISC BIND9 configuration forma
- `max-cache-ttl``max_cache_ttl`
- `dnssec-policy``dnssec_policy`
### Version Compatibility
This role and its configuration grammar are based on **BIND9 9.18.x (LTS)**.
For information about upgrading to BIND9 9.20 or later, see [BIND9 Version Differences](docs/BIND_VERSION_DIFFERENCES.md) which documents:
- **Breaking changes** between versions
- **New features** available in newer versions
- **Migration guidance** for configuration updates
⚠️ **Important:** BIND9 9.20 introduces significant breaking changes. Please review the version differences document before upgrading configurations.
## Configuration Structure
All configuration is defined through four precedence-based variables that are merged:

552
docs/BIND_VERSION_DIFFERENCES.md Normal file
View File

@@ -0,0 +1,552 @@
# BIND9 Version Differences: v9.18.44 vs v9.20.18
This document compares BIND9 configuration grammar between v9.18.44 and v9.20.18.
Generated automatically by `scripts/compare_bind_versions.py`.
## Summary
- **New Options**: 35
- **Removed Options**: 44 ⚠️
- **Modified Options**: 22
- **Newly Deprecated**: 3
## ⚠️ Breaking Changes
The following options were removed in v9.20.18 and will cause configuration errors:
### options
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `auto-dnssec`
- `coresize`
- `datasize`
- `dscp`
- `files`
- `glue-cache`
- `heartbeat-interval`
- `keep-response-order`
- `lock-file`
- `maxz-zone-ttl`
- `parent-registration-delay`
- `parental-agents`
- `primaries`
- `random-device`
- `recurse-ing-file`
- `reserved-sockets`
- `resolver-nonbackoff-tries`
- `resolver-retry-interval`
- `reuse`
- `root-delegation-only`
- `stacksize`
- `suppress-initial-notify`
- `tkey-dhkey`
- `tkey-gssapi-credential`
- `use-alt-transfer-source`
### forward.zoneopt
- `delegation-only`
### hint.zoneopt
- `delegation-only`
### mirror.zoneopt
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `use-alt-transfer-source`
### primary.zoneopt
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `auto-dnssec`
- `update-check-ksk`
### secondary.zoneopt
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `auto-dnssec`
- `use-alt-transfer-source`
### stub.zoneopt
- `delegation-only`
- `use-alt-transfer-source`
### delegation-only.zoneopt
- `type`
- `zone`
## ✨ New Features
The following options were added in v9.20.18:
### options
- `allow-proxy`
- `allow-proxy-on`
- `cdnskey`
- `cds-digest-types`
- `check-svcb`
- `cipher-suites`
- `dnsrps-library`
- `inline-signing`
- `key-store`
- `manual-mode`
- `max-validation-failures-per-fetch`
- `max-validations-per-fetch`
- `min-transfer-rate-in`
- `notify-defer`
- `offline-ksk`
- `pkcs11-uri`
- `recursing-file`
- `remote-servers`
- `require-cookie`
- `resolver-use-dns64`
- `responselog`
- `reuseport`
- `sig0-checks-quota`
- `sig0-checks-quota-exempt`
- `sig0-key-checks-limit`
- `sig0-message-checks-limit`
### mirror.zoneopt
- `min-transfer-rate-in`
- `notify-defer`
### primary.zoneopt
- `check-svcb`
- `checkds`
- `notify-defer`
### secondary.zoneopt
- `checkds`
- `min-transfer-rate-in`
- `notify-defer`
### stub.zoneopt
- `min-transfer-rate-in`
## 🔧 Modified Options
The following options have syntax changes in v9.20.18:
### options
#### `listen-on`
**v9.18.44**:
```
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
**v9.20.18**:
```
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
#### `response-policy`
**v9.18.44**:
```
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]
```
**v9.20.18**:
```
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]
```
#### `cookie-algorithm`
**v9.18.44**:
```
( aes | siphash24 )
```
**v9.20.18**:
```
( siphash24 )
```
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
#### `listen-on-v6`
**v9.18.44**:
```
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
**v9.20.18**:
```
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `catalog-zones`
**v9.18.44**:
```
{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### forward.zoneopt
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
### mirror.zoneopt
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### primary.zoneopt
#### `update-policy`
**v9.18.44**:
```
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>
```
**v9.20.18**:
```
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>
```
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `parental-agents`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
### redirect.zoneopt
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### secondary.zoneopt
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `parental-agents`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### static-stub.zoneopt
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
### stub.zoneopt
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
## 📋 Newly Deprecated Options
The following options were marked as deprecated in v9.20.18:
### options
- `sortlist`
### primary.zoneopt
- `max-zone-ttl`
### redirect.zoneopt
- `max-zone-ttl`
## Detailed File-by-File Comparison
### options
- v9.18.44: 334 options
- v9.20.18: 333 options
- Added: 26
- Removed: 27
- Modified: 7
### forward.zoneopt
- v9.18.44: 5 options
- v9.20.18: 4 options
- Added: 0
- Removed: 1
- Modified: 1
### hint.zoneopt
- v9.18.44: 5 options
- v9.20.18: 4 options
- Added: 0
- Removed: 1
- Modified: 0
### in-view.zoneopt
- v9.18.44: 2 options
- v9.20.18: 2 options
- Added: 0
- Removed: 0
- Modified: 0
### mirror.zoneopt
- v9.18.44: 44 options
- v9.20.18: 43 options
- Added: 2
- Removed: 3
- Modified: 2
### primary.zoneopt
- v9.18.44: 63 options
- v9.20.18: 62 options
- Added: 3
- Removed: 4
- Modified: 4
### redirect.zoneopt
- v9.18.44: 14 options
- v9.20.18: 14 options
- Added: 0
- Removed: 0
- Modified: 1
### secondary.zoneopt
- v9.18.44: 66 options
- v9.20.18: 65 options
- Added: 3
- Removed: 4
- Modified: 4
### static-stub.zoneopt
- v9.18.44: 12 options
- v9.20.18: 12 options
- Added: 0
- Removed: 0
- Modified: 1
### stub.zoneopt
- v9.18.44: 28 options
- v9.20.18: 27 options
- Added: 1
- Removed: 2
- Modified: 2
### delegation-only.zoneopt
- v9.18.44: 2 options
- v9.20.18: 0 options
- Added: 0
- Removed: 2
- Modified: 0
### rndc.grammar
- v9.18.44: 14 options
- v9.20.18: 14 options
- Added: 0
- Removed: 0
- Modified: 0
## Migration Guide
### Migrating from v9.18.44 to v9.20.18
1. **Remove unsupported options** from your configuration
- Review the Breaking Changes section above
- Check if there are replacement options
2. **Plan for deprecated options**
- These options still work but may be removed in future versions
- Start planning migration to recommended alternatives
3. **Test your configuration**
- Use `named-checkconf` to validate syntax
- Test in a development environment before production

326
docs/bind_version_comparison.json Normal file
View File

@@ -0,0 +1,326 @@
{
"options": {
"file": "options",
"added": [
"allow-proxy",
"allow-proxy-on",
"cdnskey",
"cds-digest-types",
"check-svcb",
"cipher-suites",
"dnsrps-library",
"inline-signing",
"key-store",
"manual-mode",
"max-validation-failures-per-fetch",
"max-validations-per-fetch",
"min-transfer-rate-in",
"notify-defer",
"offline-ksk",
"pkcs11-uri",
"recursing-file",
"remote-servers",
"require-cookie",
"resolver-use-dns64",
"responselog",
"reuseport",
"sig0-checks-quota",
"sig0-checks-quota-exempt",
"sig0-key-checks-limit",
"sig0-message-checks-limit"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"auto-dnssec",
"coresize",
"datasize",
"dscp",
"files",
"glue-cache",
"heartbeat-interval",
"keep-response-order",
"lock-file",
"maxz-zone-ttl",
"parent-registration-delay",
"parental-agents",
"primaries",
"random-device",
"recurse-ing-file",
"reserved-sockets",
"resolver-nonbackoff-tries",
"resolver-retry-interval",
"reuse",
"root-delegation-only",
"stacksize",
"suppress-initial-notify",
"tkey-dhkey",
"tkey-gssapi-credential",
"use-alt-transfer-source"
],
"modified": [
{
"option": "listen-on",
"old_definition": "[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>",
"new_definition": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>"
},
{
"option": "response-policy",
"old_definition": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]",
"new_definition": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]"
},
{
"option": "cookie-algorithm",
"old_definition": "( aes | siphash24 )",
"new_definition": "( siphash24 )"
},
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
},
{
"option": "listen-on-v6",
"old_definition": "[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>",
"new_definition": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>"
},
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "catalog-zones",
"old_definition": "{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [
"sortlist"
],
"options1_count": 334,
"options2_count": 333
},
"forward.zoneopt": {
"file": "forward.zoneopt",
"added": [],
"removed": [
"delegation-only"
],
"modified": [
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 5,
"options2_count": 4
},
"hint.zoneopt": {
"file": "hint.zoneopt",
"added": [],
"removed": [
"delegation-only"
],
"modified": [],
"deprecated_new": [],
"options1_count": 5,
"options2_count": 4
},
"in-view.zoneopt": {
"file": "in-view.zoneopt",
"added": [],
"removed": [],
"modified": [],
"deprecated_new": [],
"options1_count": 2,
"options2_count": 2
},
"mirror.zoneopt": {
"file": "mirror.zoneopt",
"added": [
"min-transfer-rate-in",
"notify-defer"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"use-alt-transfer-source"
],
"modified": [
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 44,
"options2_count": 43
},
"primary.zoneopt": {
"file": "primary.zoneopt",
"added": [
"check-svcb",
"checkds",
"notify-defer"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"auto-dnssec",
"update-check-ksk"
],
"modified": [
{
"option": "update-policy",
"old_definition": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>",
"new_definition": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>"
},
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "parental-agents",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
}
],
"deprecated_new": [
"max-zone-ttl"
],
"options1_count": 63,
"options2_count": 62
},
"redirect.zoneopt": {
"file": "redirect.zoneopt",
"added": [],
"removed": [],
"modified": [
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [
"max-zone-ttl"
],
"options1_count": 14,
"options2_count": 14
},
"secondary.zoneopt": {
"file": "secondary.zoneopt",
"added": [
"checkds",
"min-transfer-rate-in",
"notify-defer"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"auto-dnssec",
"use-alt-transfer-source"
],
"modified": [
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "parental-agents",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
},
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 66,
"options2_count": 65
},
"static-stub.zoneopt": {
"file": "static-stub.zoneopt",
"added": [],
"removed": [],
"modified": [
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 12,
"options2_count": 12
},
"stub.zoneopt": {
"file": "stub.zoneopt",
"added": [
"min-transfer-rate-in"
],
"removed": [
"delegation-only",
"use-alt-transfer-source"
],
"modified": [
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
},
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 28,
"options2_count": 27
},
"delegation-only.zoneopt": {
"file": "delegation-only.zoneopt",
"added": [],
"removed": [
"type",
"zone"
],
"modified": [],
"deprecated_new": [],
"options1_count": 2,
"options2_count": 0
},
"rndc.grammar": {
"file": "rndc.grammar",
"added": [],
"removed": [],
"modified": [],
"deprecated_new": [],
"options1_count": 14,
"options2_count": 14
}
}