daniel/ansible-bind9-role
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Releases Wiki Activity

Compare commits

base: daniel:9.18
Branches Tags
daniel:main daniel:test/verify-ci-fix daniel:fix/molecule-default-test daniel:feature/bind9-20-support daniel:9.18 daniel:origin/main daniel:feature/forwarders-port-tls-support
daniel:bind-9.20 daniel:bind-9.18
...
compare: daniel:0eff38f202f61956466cf09d3306e2d6184e2ed4
Branches Tags
daniel:main daniel:test/verify-ci-fix daniel:fix/molecule-default-test daniel:feature/bind9-20-support daniel:9.18 daniel:origin/main daniel:feature/forwarders-port-tls-support
daniel:bind-9.20 daniel:bind-9.18

10 Commits
9.18 ... 0eff38f202

Author SHA1 Message Date
Daniel Akulenok
0eff38f202 docs: Add detailed project workflow steps to AGENTS.md
All checks were successful
Test / Lint (push) Successful in 13s
Details
Test / Test (push) Has been skipped
Details
2026-02-07 23:54:25 +01:00
Daniel Akulenok
14a8ff61cf docs: Make AGENTS.md instructions concise and precise
All checks were successful
Test / Lint (push) Successful in 14s
Details
Test / Test (push) Has been skipped
Details
2026-02-07 23:48:14 +01:00
Daniel Akulenok
1c635e5c55 docs: Add comprehensive BIND9 9.18 to 9.20 migration guide
All checks were successful
Test / Lint (push) Successful in 14s
Details
Test / Test (push) Has been skipped
Details 
- Create step-by-step migration guide with pre-planning checklist
- Document all 44 breaking changes with explanations
- Provide before/after configuration examples
- Include Ansible role-specific changes and branch selection
- Add DNSSEC policy migration guidance
- Include testing recommendations and validation checklist
- Provide rollback procedures for safe migration
- Link to technical version differences documentation

Closes #6
 2026-02-07 23:46:18 +01:00
Daniel Akulenok
db379be31f docs: Add BIND9 version comparison and migration guidance 
- Generate BIND_VERSION_DIFFERENCES.md with detailed grammar comparison
- Document 44 breaking changes between BIND9 9.18.44 and 9.20.18
- Document 35 new options and 22 modified options in BIND9 9.20
- Document 3 newly deprecated options
- Add version compatibility section to CONFIGURATION_GRAMMAR.md
- Update CHANGELOG.md with version differences details
- Include migration guide for upgrading from 9.18 to 9.20

Closes #11
 2026-02-07 23:43:51 +01:00
Daniel Akulenok
9df24a4a30 docs: Add repository actions guidelines for Gitea interaction
All checks were successful
Test / Lint (push) Successful in 14s
Details
Test / Test (push) Has been skipped
Details
2026-02-07 23:40:16 +01:00
Daniel Akulenok
9622514d84 Merge branch 'main' of ssh://git.valid.dk:2222/daniel/ansible-bind9-role
All checks were successful
Test / Lint (push) Successful in 13s
Details
Test / Test (push) Has been skipped
Details
2026-02-07 23:36:56 +01:00
Daniel Akulenok
1ee8ac1e0b Merge pull request 'docs: Add BIND9 grammar files for v9.18.44 and v9.20.18' (#13) from 9.18 into main
All checks were successful
Test / Lint (push) Successful in 13s
Details
Test / Test (push) Has been skipped
Details 
Reviewed-on: #13
 2026-02-07 22:33:14 +00:00
Daniel Akulenok
3221070075 docs: Update README with version compatibility matrix 
- Add version support table to README
- Link to VERSION_SUPPORT.md for detailed policies
- Add minimum requirements documentation
- Update license to GPL-3.0-or-later
- Add links to key documentation and contributing info
 2026-02-07 22:52:41 +01:00
Daniel Akulenok
dc4113088e feat: Add grammar fetch and comparison tooling 
- Add fetch_bind_grammar.py for MCP-based grammar file retrieval
- Add compare_bind_versions.py for version differences analysis
- Add process_mcp_result.py for handling base64-encoded MCP output
- Create upstream directory structure with fetching instructions
- Document grammar file locations and structure
 2026-02-07 22:52:35 +01:00
Daniel Akulenok
149692bcc4 docs: Add version support policy and changelog 
- Establish formal version maintenance strategy
- Define BIND9 9.18 (LTS) and 9.20+ support tiers
- Document branching strategy (main for 9.18, 9.20 for next major)
- Define backporting policies for security, bugs, features
- Create release management and CI/CD framework
- Add OS platform compatibility matrix
 2026-02-07 22:52:20 +01:00
6 changed files with 1412 additions and 0 deletions
Expand all files Collapse all files

38
AGENTS.md
View File

@@ -4,3 +4,41 @@
Ensure that all practices and instructions described by
https://raw.githubusercontent.com/ansible/ansible-creator/refs/heads/main/docs/agents.md
are followed.
## Repository Actions
**Use gitea-mcp tools for all repository interactions.** Do not use `curl`, `git`, or direct API calls.
### When to Use gitea-mcp
- Fetching issues, PRs, branches, tags, releases
- Reading files, directories, or commits from repo
- Creating issues, PRs, comments, tags, or releases
- Editing issues or PRs
### Wrong vs Right
`curl http://git.valid.dk/api/v1/repos/daniel/ansible-bind9-role/issues/6`
`mcp_gitea-mcp_list_repo_issues(owner, repo, page, pageSize)`
### Local Workspace
Terminal commands are fine for:
- Compiling, testing, building
- Git operations on local files (commit, push)
- Using `read_file`, `grep_search`, `semantic_search`
## General project workflow
1. Check for open tickets
2. Choose next logical ticket to work on
3. Create branch for ticket
4. Create plan for ticket
5. Execute plan
6. Create appropriate commits to repository
7. Submit PR to repository
8. Review the PR critically
9. Check if further work is needed to resolve the issues found
10. Loop 8-9 until complete
11. Ask me to review the PR and merge it
12. Close the ticket

6
CHANGELOG.md
View File

@@ -14,10 +14,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Grammar fetcher for upstream BIND9 sources (`scripts/fetch_bind_grammar.py`)
- Automated version difference tracking
- Operating system support matrix
- BIND9 Version Differences documentation (`docs/BIND_VERSION_DIFFERENCES.md`) covering:
- 44 breaking changes between BIND9 9.18.44 and 9.20.18
- 35 new options in BIND9 9.20
- 22 modified options requiring configuration updates
- 3 newly deprecated options
### Changed
- Established formal release management process
- Defined backporting policy for security, bugs, and features
- Clarified version compatibility in CONFIGURATION_GRAMMAR.md
### Planned
- BIND9 9.20+ support in separate `9.20` branch

11
CONFIGURATION_GRAMMAR.md
View File

@@ -39,6 +39,17 @@ The BIND9 role uses YAML to replicate the official ISC BIND9 configuration forma
- `max-cache-ttl``max_cache_ttl`
- `dnssec-policy``dnssec_policy`
### Version Compatibility
This role and its configuration grammar are based on **BIND9 9.18.x (LTS)**.
For information about upgrading to BIND9 9.20 or later, see [BIND9 Version Differences](docs/BIND_VERSION_DIFFERENCES.md) which documents:
- **Breaking changes** between versions
- **New features** available in newer versions
- **Migration guidance** for configuration updates
⚠️ **Important:** BIND9 9.20 introduces significant breaking changes. Please review the version differences document before upgrading configurations.
## Configuration Structure
All configuration is defined through four precedence-based variables that are merged:

479
docs/BIND9_MIGRATION_GUIDE.md Normal file
View File

@@ -0,0 +1,479 @@
# BIND9 9.18 to 9.20 Migration Guide
## Overview
This guide provides step-by-step instructions for migrating BIND9 configurations from version 9.18.x (LTS) to version 9.20.x.
**Important:** BIND9 9.20 introduces 44 breaking changes. Before upgrading, carefully review this guide and test in a development environment.
For detailed technical differences between versions, see [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md).
## Table of Contents
1. [Pre-Migration Planning](#pre-migration-planning)
2. [Breaking Changes Summary](#breaking-changes-summary)
3. [Migration Steps](#migration-steps)
4. [Configuration Examples](#configuration-examples)
5. [Role-Specific Changes](#role-specific-changes)
6. [Testing Recommendations](#testing-recommendations)
7. [Rollback Procedure](#rollback-procedure)
## Pre-Migration Planning
### Check Your Configuration
Before upgrading, identify which BIND9 options your configuration uses:
```bash
# Check for options that will be removed
named-checkconf -p /etc/bind/named.conf | \
grep -E "alt-transfer-source|auto-dnssec|coresize|datasize|glue-cache"
```
### Create Backups
```bash
# Backup all BIND configuration
cp -r /etc/bind /data/backup/bind.9.18.backup
# Backup BIND data
cp -r /var/lib/bind /data/backup/bind.9.18.data
cp -r /var/cache/bind /data/backup/bind.9.18.cache
```
### Review Version Support
This Ansible role is designed for BIND9 9.18.x. When upgrading to 9.20:
- The main branch will continue supporting 9.18.x
- A separate `9.20` branch will provide 9.20-specific templates and configurations
- Use the appropriate branch for your target BIND9 version
## Breaking Changes Summary
The following options are **removed** in BIND9 9.20 and will cause `named` to fail if present:
### Global Options (9.20 Breaking Changes)
- `alt-transfer-source` - Use TLS-based transfers instead
- `alt-transfer-source-v6` - Use TLS-based transfers instead
- `auto-dnssec` - DNSSEC management is automatic in 9.20
- `coresize` - System resource limits; use OS-level controls
- `datasize` - System resource limits; use OS-level controls
- `dscp` - Use TLS configuration instead
- `files` - System resource limits; use OS-level controls
- `glue-cache` - Always enabled in 9.20
- `heartbeat-interval` - Zone transfer changes
- `keep-response-order` - Always enabled in 9.20
- `lock-file` - Use system lock controls
- `maxz-zone-ttl` - Use `max-zone-ttl` instead (per-zone option)
- `parent-registration-delay` - Zone-delegation monitoring removed
- `parental-agents` - Use `primaries` statement with DNSSEC
- `primaries` - Replaced with enhanced syntax (see below)
- `random-device` - System entropy handling improved
- `recurse-ing-file` - Renamed to `recursing-file`
- `reserved-sockets` - Automatic in 9.20
- `resolver-nonbackoff-tries` - Resolver behavior changed
- `resolver-retry-interval` - Resolver behavior changed
- `reuse` - Always enabled in 9.20
- `root-delegation-only` - Removed; not needed in 9.20
- `stacksize` - System resource limits; use OS-level controls
- `suppress-initial-notify` - NOTIFY behavior changed
- `tkey-dhkey` - Use modern TLS/DNSSEC instead
- `tkey-gssapi-credential` - Use TSIG + TLS instead
### Zone-Type Specific Breaking Changes
#### All Zone Types
- `delegation-only` - Removed; use zone type constraints instead
- `alt-transfer-source[v6]` - Use TLS configuration
- `auto-dnssec` - DNSSEC management changes
- `use-alt-transfer-source` - Use TLS configuration
## Migration Steps
### Step 1: Identify Configuration Changes
Review your current `bind9_*_config` variables for any deprecated options:
```yaml
# Search your inventory and host_vars for these patterns
bind9_default_config:
- name: named.conf.options
options:
# These options must be removed or replaced:
# - alt_transfer_source
# - auto_dnssec
# - glue_cache
# ... etc
```
### Step 2: Update Ansible Variables
Replace deprecated options in your Ansible configuration:
```yaml
# BEFORE (BIND9 9.18)
bind9_default_config:
- name: named.conf.options
options:
alt_transfer_source: 10.0.1.1
glue_cache: yes
keep_response_order: yes
# AFTER (BIND9 9.20)
bind9_default_config:
- name: named.conf.options
options:
# alt_transfer_source removed - use TLS
# glue_cache removed - always enabled
# keep_response_order removed - always enabled
# Instead configure TLS for transfers
http:
preference: https
```
### Step 3: Update Primaries Configuration
The `primaries` statement syntax has changed:
```yaml
# BEFORE (BIND9 9.18)
bind9_host_config:
- name: named.conf.view
view:
- name: internal
zone:
- name: example.com
type: secondary
primaries:
- 192.0.2.1
- 192.0.2.2
# AFTER (BIND9 9.20)
bind9_host_config:
- name: named.conf.view
view:
- name: internal
zone:
- name: example.com
type: secondary
primaries:
- address: 192.0.2.1
- address: 192.0.2.2
# Optional: TLS configuration
# tls: cert-name
# source: 10.0.1.1
# source_v6: "2001:db8::1"
```
### Step 4: Validate Configuration
Before deploying to production:
```bash
# Validate syntax
named-checkconf /etc/bind/named.conf
# Check for deprecated options
grep -r "alt-transfer-source\|auto-dnssec\|glue-cache" /etc/bind/
```
### Step 5: Test Zone Operations
```bash
# Test zone transfers
dig @ns1.example.com example.com AXFR
# Test DNSSEC validation
dig @ns1.example.com example.com +dnssec
# Check BIND logs
journalctl -u bind9 -f
```
## Configuration Examples
### Example 1: Simple Secondary Zone Migration
**BIND9 9.18 Configuration:**
```yaml
bind9_default_config:
- name: named.conf.view
view:
- name: "default"
recursion: yes
zone:
- name: "example.com"
type: "secondary"
file: "/var/lib/bind/example.com.zone"
primaries:
- 192.0.2.1
- 192.0.2.2
alt_transfer_source: 10.0.1.1
alt_transfer_source_v6: "2001:db8::1"
allow_transfer:
- 10.0.2.0/24
```
**BIND9 9.20 Configuration:**
```yaml
bind9_default_config:
- name: named.conf.view
view:
- name: "default"
recursion: yes
zone:
- name: "example.com"
type: "secondary"
file: "/var/lib/bind/example.com.zone"
primaries:
- address: 192.0.2.1
- address: 192.0.2.2
# alt_transfer_source removed - use TLS
# Configuration now uses single source per address:
allow_transfer:
- 10.0.2.0/24
```
### Example 2: DNSSEC Configuration Migration
**BIND9 9.18 Configuration:**
```yaml
bind9_default_config:
- name: named.conf.options
options:
dnssec_policy: default
- name: named.conf.zone
zone:
- name: "example.com"
type: "primary"
file: "/var/lib/bind/example.com.zone"
auto_dnssec: maintain
inline_signing: yes
```
**BIND9 9.20 Configuration:**
```yaml
bind9_default_config:
- name: named.conf.options
options:
dnssec_policy: default
- name: named.conf.zone
zone:
- name: "example.com"
type: "primary"
file: "/var/lib/bind/example.com.zone"
# auto_dnssec removed - DNSSEC management is automatic
dnssec_policy: default # Explicitly set policy
inline_signing: yes # Still supported
```
## Role-Specific Changes
### Branch Selection
When using this Ansible role with BIND9 9.20, you have two options:
#### Option 1: Use Main Branch (Recommended for 9.18)
```bash
# Use main branch for BIND9 9.18
ansible-galaxy install daniel.ansible-bind9-role
```
#### Option 2: Use 9.20 Branch (When Available)
```bash
# Clone the 9.20 branch for BIND9 9.20 support
git clone --branch 9.20 https://git.valid.dk/daniel/ansible-bind9-role.git
```
### Template Variables
No Ansible variable names change between versions. However, the **values** for some variables may need adjustment:
```yaml
# Variable names stay the same (kebab-case → snake_case)
# Example: "alt-transfer-source" → "alt_transfer_source"
# Simply remove deprecated variables - they will be ignored
bind9_default_config:
- name: named.conf.options
options:
# Remove these:
# alt_transfer_source: ...
# auto_dnssec: ...
# glue_cache: ...
# These still work:
dnssec_validation: yes
recursion: yes
allow_query:
- any
```
### DNSSEC Policy Changes
BIND9 9.20 improves DNSSEC handling:
```yaml
# Both versions support dnssec_policy
bind9_default_config:
- name: named.conf.dnssec-policy
dnssec_policy:
- name: default
keys:
- lifetime: 3600
algorithm: ecdsap256sha256
role:
- ksk
- zsk
nsec3param:
iterations: 0
optout: no
salt_length: 32
```
## Testing Recommendations
### Test Environment Setup
Create a test playbook to validate migration:
```yaml
---
- hosts: test_servers
vars:
bind9_version: "9.20" # Document version being tested
tasks:
- name: Apply BIND9 9.20 configuration
include_role:
name: ansible-bind9-role
- name: Validate configuration
command: named-checkconf /etc/bind/named.conf
register: config_check
failed_when: config_check.rc != 0
- name: Test zone transfers
command: >
dig @localhost example.com AXFR
register: zone_transfer
- name: Test DNSSEC validation
command: >
dig @localhost example.com +dnssec
register: dnssec_test
- name: Check BIND status
systemd:
name: bind9
state: started
register: bind_status
```
### Validation Checklist
- [ ] Configuration syntax valid (`named-checkconf`)
- [ ] BIND9 service starts without errors
- [ ] All zones load successfully
- [ ] Zone transfers complete successfully
- [ ] Queries resolve correctly
- [ ] DNSSEC validation works
- [ ] Secondary zones receive updates
- [ ] No errors in BIND logs
- [ ] Performance is acceptable
## Rollback Procedure
If issues occur after migration:
### Immediate Rollback
```bash
# Stop BIND9
systemctl stop bind9
# Restore configuration backup
rm -rf /etc/bind
cp -r /data/backup/bind.9.18.backup /etc/bind
# Restore zone files
rm -rf /var/lib/bind
cp -r /data/backup/bind.9.18.data /var/lib/bind
cp -r /data/backup/bind.9.18.cache /var/cache/bind
# Restore BIND9 package
apt-get install --reinstall bind9=1:9.18.44-1+0~20240101.3+debian~bullseye+1+sury+1
# Start BIND9
systemctl start bind9
# Verify
systemctl status bind9
dig @localhost example.com
```
### Using Ansible Rollback
```yaml
---
- hosts: bind_servers
tasks:
- name: Restore BIND9 9.18 package
apt:
name: bind9=1:9.18.44-1+0~20240101.3+debian~bullseye+1+sury+1
state: present
- name: Restore configuration from backup
synchronize:
src: /data/backup/bind.9.18.backup/
dest: /etc/bind/
delete: yes
mode: push
- name: Restart BIND9
systemd:
name: bind9
state: restarted
daemon_reload: yes
```
## Additional Resources
- [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md) - Technical comparison
- [ISC BIND9 Release Notes](https://www.isc.org/bind/) - Official documentation
- [BIND9 9.20 Features](https://bind.readthedocs.io/en/latest/) - Feature details
- [Role Configuration Reference](CONFIGURATION_GRAMMAR.md) - Ansible role documentation
## Getting Help
For issues during migration:
1. Check [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md) for specific option changes
2. Review BIND9 logs: `journalctl -u bind9 -n 100`
3. Validate configuration: `named-checkconf /etc/bind/named.conf`
4. Test in development environment first
5. Document any custom options that need special handling
## Version Support Timeline
- **BIND9 9.18.x (LTS)**: Supported until September 2026
- This Ansible role's current focus
- Main branch targets 9.18.x configurations
- **BIND9 9.20.x**: Available now
- Future branch (`9.20`) being prepared
- Plan migration during non-critical periods
- **BIND9 9.22.x**: Coming in 2026
- Further breaking changes expected
- Will require additional migration steps
Plan upgrades within your maintenance windows and test thoroughly before production deployment.

552
docs/BIND_VERSION_DIFFERENCES.md Normal file
View File

@@ -0,0 +1,552 @@
# BIND9 Version Differences: v9.18.44 vs v9.20.18
This document compares BIND9 configuration grammar between v9.18.44 and v9.20.18.
Generated automatically by `scripts/compare_bind_versions.py`.
## Summary
- **New Options**: 35
- **Removed Options**: 44 ⚠️
- **Modified Options**: 22
- **Newly Deprecated**: 3
## ⚠️ Breaking Changes
The following options were removed in v9.20.18 and will cause configuration errors:
### options
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `auto-dnssec`
- `coresize`
- `datasize`
- `dscp`
- `files`
- `glue-cache`
- `heartbeat-interval`
- `keep-response-order`
- `lock-file`
- `maxz-zone-ttl`
- `parent-registration-delay`
- `parental-agents`
- `primaries`
- `random-device`
- `recurse-ing-file`
- `reserved-sockets`
- `resolver-nonbackoff-tries`
- `resolver-retry-interval`
- `reuse`
- `root-delegation-only`
- `stacksize`
- `suppress-initial-notify`
- `tkey-dhkey`
- `tkey-gssapi-credential`
- `use-alt-transfer-source`
### forward.zoneopt
- `delegation-only`
### hint.zoneopt
- `delegation-only`
### mirror.zoneopt
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `use-alt-transfer-source`
### primary.zoneopt
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `auto-dnssec`
- `update-check-ksk`
### secondary.zoneopt
- `alt-transfer-source`
- `alt-transfer-source-v6`
- `auto-dnssec`
- `use-alt-transfer-source`
### stub.zoneopt
- `delegation-only`
- `use-alt-transfer-source`
### delegation-only.zoneopt
- `type`
- `zone`
## ✨ New Features
The following options were added in v9.20.18:
### options
- `allow-proxy`
- `allow-proxy-on`
- `cdnskey`
- `cds-digest-types`
- `check-svcb`
- `cipher-suites`
- `dnsrps-library`
- `inline-signing`
- `key-store`
- `manual-mode`
- `max-validation-failures-per-fetch`
- `max-validations-per-fetch`
- `min-transfer-rate-in`
- `notify-defer`
- `offline-ksk`
- `pkcs11-uri`
- `recursing-file`
- `remote-servers`
- `require-cookie`
- `resolver-use-dns64`
- `responselog`
- `reuseport`
- `sig0-checks-quota`
- `sig0-checks-quota-exempt`
- `sig0-key-checks-limit`
- `sig0-message-checks-limit`
### mirror.zoneopt
- `min-transfer-rate-in`
- `notify-defer`
### primary.zoneopt
- `check-svcb`
- `checkds`
- `notify-defer`
### secondary.zoneopt
- `checkds`
- `min-transfer-rate-in`
- `notify-defer`
### stub.zoneopt
- `min-transfer-rate-in`
## 🔧 Modified Options
The following options have syntax changes in v9.20.18:
### options
#### `listen-on`
**v9.18.44**:
```
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
**v9.20.18**:
```
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
#### `response-policy`
**v9.18.44**:
```
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]
```
**v9.20.18**:
```
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]
```
#### `cookie-algorithm`
**v9.18.44**:
```
( aes | siphash24 )
```
**v9.20.18**:
```
( siphash24 )
```
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
#### `listen-on-v6`
**v9.18.44**:
```
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
**v9.20.18**:
```
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
```
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `catalog-zones`
**v9.18.44**:
```
{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### forward.zoneopt
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
### mirror.zoneopt
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### primary.zoneopt
#### `update-policy`
**v9.18.44**:
```
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>
```
**v9.20.18**:
```
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>
```
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `parental-agents`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
### redirect.zoneopt
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### secondary.zoneopt
#### `also-notify`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `parental-agents`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
### static-stub.zoneopt
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
### stub.zoneopt
#### `forwarders`
**v9.18.44**:
```
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
```
**v9.20.18**:
```
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
```
#### `primaries`
**v9.18.44**:
```
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
**v9.20.18**:
```
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
```
## 📋 Newly Deprecated Options
The following options were marked as deprecated in v9.20.18:
### options
- `sortlist`
### primary.zoneopt
- `max-zone-ttl`
### redirect.zoneopt
- `max-zone-ttl`
## Detailed File-by-File Comparison
### options
- v9.18.44: 334 options
- v9.20.18: 333 options
- Added: 26
- Removed: 27
- Modified: 7
### forward.zoneopt
- v9.18.44: 5 options
- v9.20.18: 4 options
- Added: 0
- Removed: 1
- Modified: 1
### hint.zoneopt
- v9.18.44: 5 options
- v9.20.18: 4 options
- Added: 0
- Removed: 1
- Modified: 0
### in-view.zoneopt
- v9.18.44: 2 options
- v9.20.18: 2 options
- Added: 0
- Removed: 0
- Modified: 0
### mirror.zoneopt
- v9.18.44: 44 options
- v9.20.18: 43 options
- Added: 2
- Removed: 3
- Modified: 2
### primary.zoneopt
- v9.18.44: 63 options
- v9.20.18: 62 options
- Added: 3
- Removed: 4
- Modified: 4
### redirect.zoneopt
- v9.18.44: 14 options
- v9.20.18: 14 options
- Added: 0
- Removed: 0
- Modified: 1
### secondary.zoneopt
- v9.18.44: 66 options
- v9.20.18: 65 options
- Added: 3
- Removed: 4
- Modified: 4
### static-stub.zoneopt
- v9.18.44: 12 options
- v9.20.18: 12 options
- Added: 0
- Removed: 0
- Modified: 1
### stub.zoneopt
- v9.18.44: 28 options
- v9.20.18: 27 options
- Added: 1
- Removed: 2
- Modified: 2
### delegation-only.zoneopt
- v9.18.44: 2 options
- v9.20.18: 0 options
- Added: 0
- Removed: 2
- Modified: 0
### rndc.grammar
- v9.18.44: 14 options
- v9.20.18: 14 options
- Added: 0
- Removed: 0
- Modified: 0
## Migration Guide
### Migrating from v9.18.44 to v9.20.18
1. **Remove unsupported options** from your configuration
- Review the Breaking Changes section above
- Check if there are replacement options
2. **Plan for deprecated options**
- These options still work but may be removed in future versions
- Start planning migration to recommended alternatives
3. **Test your configuration**
- Use `named-checkconf` to validate syntax
- Test in a development environment before production

326
docs/bind_version_comparison.json Normal file
View File

@@ -0,0 +1,326 @@
{
"options": {
"file": "options",
"added": [
"allow-proxy",
"allow-proxy-on",
"cdnskey",
"cds-digest-types",
"check-svcb",
"cipher-suites",
"dnsrps-library",
"inline-signing",
"key-store",
"manual-mode",
"max-validation-failures-per-fetch",
"max-validations-per-fetch",
"min-transfer-rate-in",
"notify-defer",
"offline-ksk",
"pkcs11-uri",
"recursing-file",
"remote-servers",
"require-cookie",
"resolver-use-dns64",
"responselog",
"reuseport",
"sig0-checks-quota",
"sig0-checks-quota-exempt",
"sig0-key-checks-limit",
"sig0-message-checks-limit"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"auto-dnssec",
"coresize",
"datasize",
"dscp",
"files",
"glue-cache",
"heartbeat-interval",
"keep-response-order",
"lock-file",
"maxz-zone-ttl",
"parent-registration-delay",
"parental-agents",
"primaries",
"random-device",
"recurse-ing-file",
"reserved-sockets",
"resolver-nonbackoff-tries",
"resolver-retry-interval",
"reuse",
"root-delegation-only",
"stacksize",
"suppress-initial-notify",
"tkey-dhkey",
"tkey-gssapi-credential",
"use-alt-transfer-source"
],
"modified": [
{
"option": "listen-on",
"old_definition": "[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>",
"new_definition": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>"
},
{
"option": "response-policy",
"old_definition": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]",
"new_definition": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]"
},
{
"option": "cookie-algorithm",
"old_definition": "( aes | siphash24 )",
"new_definition": "( siphash24 )"
},
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
},
{
"option": "listen-on-v6",
"old_definition": "[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>",
"new_definition": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>"
},
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "catalog-zones",
"old_definition": "{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [
"sortlist"
],
"options1_count": 334,
"options2_count": 333
},
"forward.zoneopt": {
"file": "forward.zoneopt",
"added": [],
"removed": [
"delegation-only"
],
"modified": [
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 5,
"options2_count": 4
},
"hint.zoneopt": {
"file": "hint.zoneopt",
"added": [],
"removed": [
"delegation-only"
],
"modified": [],
"deprecated_new": [],
"options1_count": 5,
"options2_count": 4
},
"in-view.zoneopt": {
"file": "in-view.zoneopt",
"added": [],
"removed": [],
"modified": [],
"deprecated_new": [],
"options1_count": 2,
"options2_count": 2
},
"mirror.zoneopt": {
"file": "mirror.zoneopt",
"added": [
"min-transfer-rate-in",
"notify-defer"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"use-alt-transfer-source"
],
"modified": [
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 44,
"options2_count": 43
},
"primary.zoneopt": {
"file": "primary.zoneopt",
"added": [
"check-svcb",
"checkds",
"notify-defer"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"auto-dnssec",
"update-check-ksk"
],
"modified": [
{
"option": "update-policy",
"old_definition": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>",
"new_definition": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>"
},
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "parental-agents",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
}
],
"deprecated_new": [
"max-zone-ttl"
],
"options1_count": 63,
"options2_count": 62
},
"redirect.zoneopt": {
"file": "redirect.zoneopt",
"added": [],
"removed": [],
"modified": [
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [
"max-zone-ttl"
],
"options1_count": 14,
"options2_count": 14
},
"secondary.zoneopt": {
"file": "secondary.zoneopt",
"added": [
"checkds",
"min-transfer-rate-in",
"notify-defer"
],
"removed": [
"alt-transfer-source",
"alt-transfer-source-v6",
"auto-dnssec",
"use-alt-transfer-source"
],
"modified": [
{
"option": "also-notify",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "parental-agents",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
},
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
},
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 66,
"options2_count": 65
},
"static-stub.zoneopt": {
"file": "static-stub.zoneopt",
"added": [],
"removed": [],
"modified": [
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 12,
"options2_count": 12
},
"stub.zoneopt": {
"file": "stub.zoneopt",
"added": [
"min-transfer-rate-in"
],
"removed": [
"delegation-only",
"use-alt-transfer-source"
],
"modified": [
{
"option": "forwarders",
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
},
{
"option": "primaries",
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
}
],
"deprecated_new": [],
"options1_count": 28,
"options2_count": 27
},
"delegation-only.zoneopt": {
"file": "delegation-only.zoneopt",
"added": [],
"removed": [
"type",
"zone"
],
"modified": [],
"deprecated_new": [],
"options1_count": 2,
"options2_count": 0
},
"rndc.grammar": {
"file": "rndc.grammar",
"added": [],
"removed": [],
"modified": [],
"deprecated_new": [],
"options1_count": 14,
"options2_count": 14
}
}