Compare commits
34 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 957efdf7c7 | |||
| cd3a35e7a9 | |||
| 77212eef9b | |||
| 79ac474a85 | |||
| abd150f581 | |||
| cb20db00af | |||
| 07f84b7c96 | |||
| a4f06d3daf | |||
| 282e7601b4 | |||
| f15d33b619 | |||
| a298665e93 | |||
| 528caeddeb | |||
| 0eff38f202 | |||
| 14a8ff61cf | |||
| 1c635e5c55 | |||
| db379be31f | |||
| 9df24a4a30 | |||
| 9622514d84 | |||
| 1ee8ac1e0b | |||
| 4151c9a8c3 | |||
| 6191eaa53a | |||
| 5875c7c1d0 | |||
| 4c6a3061bd | |||
| ef45f4ef0b | |||
| 3221070075 | |||
| dc4113088e | |||
| 149692bcc4 | |||
| 0271be7752 | |||
| 907735c294 | |||
| cdcc4cbbda | |||
| 30918dc9f7 | |||
| 7388e4eaaf | |||
| f6eee76e05 | |||
| 0fede04e19 |
@@ -0,0 +1,43 @@
|
|||||||
|
# BIND9 9.18 LTS Support Branch
|
||||||
|
|
||||||
|
Branch: 9.18
|
||||||
|
Purpose: Long-term support for BIND9 9.18.x (ISC LTS release)
|
||||||
|
Status: Active
|
||||||
|
Support Level: Full
|
||||||
|
|
||||||
|
## Version Information
|
||||||
|
|
||||||
|
- **BIND9 Version**: 9.18.x (LTS)
|
||||||
|
- **Supported Until**: Aligned with ISC BIND9 9.18 LTS support timeline
|
||||||
|
- **Branch Base**: BIND9 9.18.44 (as of February 2026)
|
||||||
|
|
||||||
|
## Supported Platforms
|
||||||
|
|
||||||
|
- Debian 11 (Bullseye)
|
||||||
|
- Debian 12 (Bookworm)
|
||||||
|
- Debian 13 (Trixie)
|
||||||
|
- Ubuntu 20.04 LTS
|
||||||
|
- Ubuntu 22.04 LTS
|
||||||
|
- Ubuntu 24.04 LTS
|
||||||
|
|
||||||
|
## Policies
|
||||||
|
|
||||||
|
### Backporting
|
||||||
|
- ✅ Security fixes: Always backported
|
||||||
|
- ✅ Bug fixes: Backported if compatible
|
||||||
|
- ❌ New features: Case-by-case (no breaking changes)
|
||||||
|
- ❌ Breaking changes: Never
|
||||||
|
|
||||||
|
### Release Numbering
|
||||||
|
Uses MAJOR.MINOR.PATCH (e.g., v1.2.3)
|
||||||
|
|
||||||
|
## Key Documentation
|
||||||
|
|
||||||
|
- [Version Support Policy](docs/VERSION_SUPPORT.md)
|
||||||
|
- [Configuration Grammar](CONFIGURATION_GRAMMAR.md)
|
||||||
|
- [Changelog](CHANGELOG.md)
|
||||||
|
- [README](README.md)
|
||||||
|
|
||||||
|
## Next Major Version
|
||||||
|
|
||||||
|
For BIND9 9.20+ support, see the `main` branch which will eventually have version-specific releases.
|
||||||
@@ -54,8 +54,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
pip install --no-cache-dir \
|
pip install --no-cache-dir \
|
||||||
ansible \
|
ansible \
|
||||||
molecule[podman] \
|
molecule \
|
||||||
podman-compose \
|
molecule-podman \
|
||||||
pyyaml \
|
pyyaml \
|
||||||
jinja2
|
jinja2
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
name: molecule-role-testing
|
||||||
|
description: Run Molecule scenarios to test the bind9 role using the repository's Molecule configuration.
|
||||||
|
---
|
||||||
|
|
||||||
|
Use this skill when asked to test or validate the role with Molecule.
|
||||||
|
|
||||||
|
## Scope
|
||||||
|
- Repository root: /home/alive/Code/ansible-bind9-role
|
||||||
|
- Scenarios: molecule/default and molecule/bind9-20
|
||||||
|
- Driver: podman
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
1. Ensure Podman is available and the current user can run it.
|
||||||
|
2. Ensure Molecule and Ansible are installed in the active Python environment.
|
||||||
|
|
||||||
|
## Default scenario (BIND 9.18 LTS)
|
||||||
|
1. From the repository root, run:
|
||||||
|
- molecule test
|
||||||
|
2. If a faster check is requested, run:
|
||||||
|
- molecule converge
|
||||||
|
|
||||||
|
## BIND 9.20+ scenario
|
||||||
|
1. From the repository root, run:
|
||||||
|
- molecule test -s bind9-20
|
||||||
|
2. If a faster check is requested, run:
|
||||||
|
- molecule converge -s bind9-20
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
- The scenarios use systemd-enabled containers and require privileged Podman.
|
||||||
|
- If a scenario fails, capture the error summary and relevant logs before making changes.
|
||||||
@@ -4,3 +4,41 @@
|
|||||||
Ensure that all practices and instructions described by
|
Ensure that all practices and instructions described by
|
||||||
https://raw.githubusercontent.com/ansible/ansible-creator/refs/heads/main/docs/agents.md
|
https://raw.githubusercontent.com/ansible/ansible-creator/refs/heads/main/docs/agents.md
|
||||||
are followed.
|
are followed.
|
||||||
|
|
||||||
|
## Repository Actions
|
||||||
|
|
||||||
|
**Use gitea-mcp tools for all repository interactions.** Do not use `curl`, `git`, or direct API calls.
|
||||||
|
|
||||||
|
### When to Use gitea-mcp
|
||||||
|
|
||||||
|
- Fetching issues, PRs, branches, tags, releases
|
||||||
|
- Reading files, directories, or commits from repo
|
||||||
|
- Creating issues, PRs, comments, tags, or releases
|
||||||
|
- Editing issues or PRs
|
||||||
|
|
||||||
|
### Wrong vs Right
|
||||||
|
|
||||||
|
❌ `curl http://git.valid.dk/api/v1/repos/daniel/ansible-bind9-role/issues/6`
|
||||||
|
|
||||||
|
✅ `mcp_gitea-mcp_list_repo_issues(owner, repo, page, pageSize)`
|
||||||
|
|
||||||
|
### Local Workspace
|
||||||
|
|
||||||
|
Terminal commands are fine for:
|
||||||
|
- Compiling, testing, building
|
||||||
|
- Git operations on local files (commit, push)
|
||||||
|
- Using `read_file`, `grep_search`, `semantic_search`
|
||||||
|
|
||||||
|
## General project workflow
|
||||||
|
1. Check for open tickets
|
||||||
|
2. Choose next logical ticket to work on
|
||||||
|
3. Create branch for ticket
|
||||||
|
4. Create plan for ticket
|
||||||
|
5. Execute plan
|
||||||
|
6. Create appropriate commits to repository
|
||||||
|
7. Submit PR to repository
|
||||||
|
8. Review the PR critically
|
||||||
|
9. Check if further work is needed to resolve the issues found
|
||||||
|
10. Loop 8-9 until complete
|
||||||
|
11. Ask me to review the PR and merge it
|
||||||
|
12. Close the ticket
|
||||||
+120
@@ -0,0 +1,120 @@
|
|||||||
|
# Changelog
|
||||||
|
|
||||||
|
All notable changes to the ansible-bind9-role will be documented in this file.
|
||||||
|
|
||||||
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
||||||
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Added
|
||||||
|
- Version support policy documentation in `docs/VERSION_SUPPORT.md`
|
||||||
|
- Branching strategy for supporting multiple BIND9 versions
|
||||||
|
- Grammar comparison tooling (`scripts/compare_bind_versions.py`)
|
||||||
|
- Grammar fetcher for upstream BIND9 sources (`scripts/fetch_bind_grammar.py`)
|
||||||
|
- Automated version difference tracking
|
||||||
|
- Operating system support matrix
|
||||||
|
- BIND9 Version Differences documentation (`docs/BIND_VERSION_DIFFERENCES.md`) covering:
|
||||||
|
- 44 breaking changes between BIND9 9.18.44 and 9.20.18
|
||||||
|
- 35 new options in BIND9 9.20
|
||||||
|
- 22 modified options requiring configuration updates
|
||||||
|
- 3 newly deprecated options
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- Established formal release management process
|
||||||
|
- Defined backporting policy for security, bugs, and features
|
||||||
|
- Clarified version compatibility in CONFIGURATION_GRAMMAR.md
|
||||||
|
|
||||||
|
### Planned
|
||||||
|
- BIND9 9.20+ support in separate `9.20` branch
|
||||||
|
- Multi-platform molecule test matrix
|
||||||
|
- Automated BIND9 version detection in tasks
|
||||||
|
- Version-specific template conditional logic
|
||||||
|
- Enhanced CI/CD pipeline with version matrix testing
|
||||||
|
|
||||||
|
## [1.0.0] - TBD
|
||||||
|
|
||||||
|
### Initial Release
|
||||||
|
- Full support for BIND9 9.18.x (LTS)
|
||||||
|
- Configuration grammar based on BIND9 9.18.44
|
||||||
|
- Comprehensive template system for all BIND9 statement types:
|
||||||
|
- `acl`
|
||||||
|
- `controls`
|
||||||
|
- `dlz`
|
||||||
|
- `dnssec-policy`
|
||||||
|
- `dyndb`
|
||||||
|
- `http`
|
||||||
|
- `key`
|
||||||
|
- `logging`
|
||||||
|
- `options`
|
||||||
|
- `parental-agents`
|
||||||
|
- `primaries` (masters)
|
||||||
|
- `server`
|
||||||
|
- `statistics-channels`
|
||||||
|
- `tls`
|
||||||
|
- `trust-anchors`
|
||||||
|
- `view`
|
||||||
|
- `zone` (all types: primary, secondary, forward, hint, stub, static-stub, mirror, redirect, in-view, delegation-only)
|
||||||
|
- Support for Debian 11, 12, 13
|
||||||
|
- Support for Ubuntu 20.04, 22.04, 24.04
|
||||||
|
- Molecule testing framework
|
||||||
|
- Configuration validation with `named-checkconf`
|
||||||
|
- Automatic configuration backup and rollback on errors
|
||||||
|
- Detailed configuration grammar documentation
|
||||||
|
- GPL-3.0-or-later license
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Version History (Pre-Changelog)
|
||||||
|
|
||||||
|
Prior to this changelog, the role was developed without formal version tracking.
|
||||||
|
This changelog starts with the establishment of the version support policy.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Versioning Schema
|
||||||
|
|
||||||
|
- **MAJOR**: Incompatible changes to role variables or behavior
|
||||||
|
- **MINOR**: New features in a backwards compatible manner
|
||||||
|
- **PATCH**: Backwards compatible bug fixes
|
||||||
|
|
||||||
|
### Branch-Specific Versioning
|
||||||
|
|
||||||
|
- `main` branch: `vX.Y.Z` (BIND9 9.18 LTS)
|
||||||
|
- `9.20` branch: `v9.20.X[-suffix]` (BIND9 9.20+)
|
||||||
|
- Suffixes: `-alpha`, `-beta`, `-rc` for pre-releases
|
||||||
|
|
||||||
|
## Release Types
|
||||||
|
|
||||||
|
### Security Releases
|
||||||
|
Critical security fixes are released as patch versions and backported to all supported branches.
|
||||||
|
|
||||||
|
### Feature Releases
|
||||||
|
New features are added in minor version increments. Breaking changes require major version increments.
|
||||||
|
|
||||||
|
### Bug Fix Releases
|
||||||
|
Bug fixes are released as patch versions when they accumulate or for critical issues.
|
||||||
|
|
||||||
|
## Upgrade Notes
|
||||||
|
|
||||||
|
### From Pre-Versioned to v1.0.0
|
||||||
|
The first official release establishes baseline compatibility. Users of pre-release versions should:
|
||||||
|
1. Review all role variables for any changes
|
||||||
|
2. Test in non-production environment
|
||||||
|
3. Review generated configuration with `named-checkconf`
|
||||||
|
4. Check `docs/VERSION_SUPPORT.md` for supported platforms
|
||||||
|
|
||||||
|
### Future Upgrades
|
||||||
|
Check individual version sections above for specific upgrade notes and breaking changes.
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
See `docs/VERSION_SUPPORT.md` for contribution guidelines and release processes.
|
||||||
|
|
||||||
|
## Links
|
||||||
|
|
||||||
|
- [Version Support Policy](docs/VERSION_SUPPORT.md)
|
||||||
|
- [Configuration Grammar](CONFIGURATION_GRAMMAR.md)
|
||||||
|
- [Issue Tracker](https://git.valid.dk/daniel/ansible-bind9-role/issues)
|
||||||
|
- [Repository](https://git.valid.dk/daniel/ansible-bind9-role)
|
||||||
|
|
||||||
@@ -39,6 +39,17 @@ The BIND9 role uses YAML to replicate the official ISC BIND9 configuration forma
|
|||||||
- `max-cache-ttl` → `max_cache_ttl`
|
- `max-cache-ttl` → `max_cache_ttl`
|
||||||
- `dnssec-policy` → `dnssec_policy`
|
- `dnssec-policy` → `dnssec_policy`
|
||||||
|
|
||||||
|
### Version Compatibility
|
||||||
|
|
||||||
|
This role and its configuration grammar are based on **BIND9 9.18.x (LTS)**.
|
||||||
|
|
||||||
|
For information about upgrading to BIND9 9.20 or later, see [BIND9 Version Differences](docs/BIND_VERSION_DIFFERENCES.md) which documents:
|
||||||
|
- **Breaking changes** between versions
|
||||||
|
- **New features** available in newer versions
|
||||||
|
- **Migration guidance** for configuration updates
|
||||||
|
|
||||||
|
⚠️ **Important:** BIND9 9.20 introduces significant breaking changes. Please review the version differences document before upgrading configurations.
|
||||||
|
|
||||||
## Configuration Structure
|
## Configuration Structure
|
||||||
|
|
||||||
All configuration is defined through four precedence-based variables that are merged:
|
All configuration is defined through four precedence-based variables that are merged:
|
||||||
@@ -541,6 +552,19 @@ options:
|
|||||||
# Logging
|
# Logging
|
||||||
querylog: <bool>
|
querylog: <bool>
|
||||||
|
|
||||||
|
# DNSTAP - DNS traffic capture
|
||||||
|
dnstap: # List of message types to capture
|
||||||
|
- type: <auth|client|forwarder|resolver> # Message type (required)
|
||||||
|
log: <query|response> # Optional: specific direction
|
||||||
|
dnstap_output: # Output destination (required if dnstap is set)
|
||||||
|
output_type: <file|unix> # Output type: file or unix socket (required)
|
||||||
|
output_file: <path> # File path or socket path (required)
|
||||||
|
size: <size> # Optional: Max file size before rotation
|
||||||
|
versions: <integer> # Optional: Number of versions to keep
|
||||||
|
suffix: <increment|timestamp> # Optional: Rotation suffix type
|
||||||
|
dnstap_identity: <string> # Optional: Identity string (defaults to hostname)
|
||||||
|
dnstap_version: <string> # Optional: Version string (defaults to BIND version)
|
||||||
|
|
||||||
# Zone management
|
# Zone management
|
||||||
check_names: <master|slave|response> <warn|fail|ignore>
|
check_names: <master|slave|response> <warn|fail|ignore>
|
||||||
check_dup_records: <warn|fail|ignore>
|
check_dup_records: <warn|fail|ignore>
|
||||||
|
|||||||
@@ -1,7 +1,20 @@
|
|||||||
bind9
|
bind9
|
||||||
=====
|
=====
|
||||||
|
|
||||||
A feature-complete ansible role for installing and configuring bind9. The purpose of this role is to fully template out the entire official bind9 configuration file format.
|
A feature-complete ansible role for installing and configuring bind9. The purpose of this role is to fully template out the entire official bind9 configuration file format.
|
||||||
|
|
||||||
|
## Version Compatibility
|
||||||
|
|
||||||
|
| BIND9 Version | Role Branch | Status | Supported Platforms |
|
||||||
|
|---------------|-------------|--------|---------------------|
|
||||||
|
| 9.18.x (LTS) | `main` | ✅ Supported | Debian 11-13, Ubuntu 20.04-24.04 |
|
||||||
|
| 9.20.x+ | `9.20` | 🚧 Planned | Debian 12-13, Ubuntu 22.04-24.04 |
|
||||||
|
|
||||||
|
For detailed version support policy, branching strategy, and migration guidance, see [docs/VERSION_SUPPORT.md](docs/VERSION_SUPPORT.md).
|
||||||
|
|
||||||
|
**Minimum Requirements:**
|
||||||
|
- Ansible: 2.13+
|
||||||
|
- Python: 3.8+
|
||||||
|
|
||||||
What the role does:
|
What the role does:
|
||||||
- Fully configures named.conf
|
- Fully configures named.conf
|
||||||
@@ -195,10 +208,30 @@ Simple sample config of a recursive BIND server that allows your localnetwork to
|
|||||||
allow-recursion:
|
allow-recursion:
|
||||||
- mylan
|
- mylan
|
||||||
|
|
||||||
|
## Documentation
|
||||||
|
|
||||||
|
- **[Configuration Grammar Reference](CONFIGURATION_GRAMMAR.md)**: Comprehensive guide to all BIND9 configuration options
|
||||||
|
- **[Version Support Policy](docs/VERSION_SUPPORT.md)**: Supported versions, branching strategy, and release management
|
||||||
|
- **[Changelog](CHANGELOG.md)**: Version history and upgrade notes
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
|
||||||
|
Contributions are welcome! Please see [docs/VERSION_SUPPORT.md](docs/VERSION_SUPPORT.md) for:
|
||||||
|
- Branching strategy
|
||||||
|
- Testing requirements
|
||||||
|
- Backporting policies
|
||||||
|
- Release procedures
|
||||||
|
|
||||||
|
## Links
|
||||||
|
|
||||||
|
- **Repository**: https://git.valid.dk/daniel/ansible-bind9-role
|
||||||
|
- **Issues**: https://git.valid.dk/daniel/ansible-bind9-role/issues
|
||||||
|
- **BIND9 Documentation**: https://bind9.readthedocs.io/
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
-------
|
||||||
|
|
||||||
BSD
|
GPL-3.0-or-later
|
||||||
|
|
||||||
Author Information
|
Author Information
|
||||||
------------------
|
------------------
|
||||||
|
|||||||
@@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "forward"
|
||||||
|
},
|
||||||
|
"forward": {
|
||||||
|
"_grammar": "( first | only )"
|
||||||
|
},
|
||||||
|
"forwarders": {
|
||||||
|
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "hint"
|
||||||
|
},
|
||||||
|
"check-names": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"in-view": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,171 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "mirror"
|
||||||
|
},
|
||||||
|
"allow-notify": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-transfer": {
|
||||||
|
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-update-forwarding": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"also-notify": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"check-names": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"database": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"ixfr-from-differences": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"journal": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"masterfile-format": {
|
||||||
|
"_grammar": "( raw | text )"
|
||||||
|
},
|
||||||
|
"masterfile-style": {
|
||||||
|
"_grammar": "( full | relative )"
|
||||||
|
},
|
||||||
|
"max-ixfr-ratio": {
|
||||||
|
"_grammar": "( unlimited | <percentage> )"
|
||||||
|
},
|
||||||
|
"max-journal-size": {
|
||||||
|
"_grammar": "( default | unlimited | <sizeval> )"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-out": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-out": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-transfer-rate-in": {
|
||||||
|
"_grammar": "<integer> <integer>"
|
||||||
|
},
|
||||||
|
"multi-master": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"notify": {
|
||||||
|
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
|
||||||
|
},
|
||||||
|
"notify-cfg": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_id": "<string>",
|
||||||
|
"_mapbody": {
|
||||||
|
"notify": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"notify-defer": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-delay": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notify-defer": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-delay": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"plugin": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
|
||||||
|
},
|
||||||
|
"primaries": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"provide-zoneversion": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"request-expire": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"request-ixfr": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"request-ixfr-max-diffs": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"transfer-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"transfer-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"try-tcp-refresh": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"zero-no-soa-ttl": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,258 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "primary"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-transfer": {
|
||||||
|
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-update": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"also-notify": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"check-dup-records": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"check-integrity": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"check-mx": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"check-mx-cname": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"check-names": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"check-sibling": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"check-spf": {
|
||||||
|
"_grammar": "( warn | ignore )"
|
||||||
|
},
|
||||||
|
"check-srv-cname": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"check-svcb": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"check-wildcard": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"checkds": {
|
||||||
|
"_grammar": "( explicit | <boolean> )"
|
||||||
|
},
|
||||||
|
"database": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"dlz": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"dnskey-sig-validity": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"dnssec-dnskey-kskonly": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"dnssec-loadkeys-interval": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"dnssec-policy": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"dnssec-secure-to-insecure": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"dnssec-update-mode": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "( maintain | no-resign )"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"forward": {
|
||||||
|
"_grammar": "( first | only )"
|
||||||
|
},
|
||||||
|
"forwarders": {
|
||||||
|
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"initial-file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"inline-signing": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"ixfr-from-differences": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"journal": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"key-directory": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"log-report-channel": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"masterfile-format": {
|
||||||
|
"_grammar": "( raw | text )"
|
||||||
|
},
|
||||||
|
"masterfile-style": {
|
||||||
|
"_grammar": "( full | relative )"
|
||||||
|
},
|
||||||
|
"max-ixfr-ratio": {
|
||||||
|
"_grammar": "( unlimited | <percentage> )"
|
||||||
|
},
|
||||||
|
"max-journal-size": {
|
||||||
|
"_grammar": "( default | unlimited | <sizeval> )"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-out": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-out": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-zone-ttl": {
|
||||||
|
"_flags": [
|
||||||
|
"deprecated"
|
||||||
|
],
|
||||||
|
"_grammar": "( unlimited | <duration> )"
|
||||||
|
},
|
||||||
|
"notify": {
|
||||||
|
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
|
||||||
|
},
|
||||||
|
"notify-cfg": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_id": "<string>",
|
||||||
|
"_mapbody": {
|
||||||
|
"notify": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"notify-defer": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-delay": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notify-defer": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-delay": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-to-soa": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"nsec3-test-zone": {
|
||||||
|
"_flags": [
|
||||||
|
"test only"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"parental-agents": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"parental-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"parental-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"plugin": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
|
||||||
|
},
|
||||||
|
"provide-zoneversion": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"send-report-channel": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"serial-update-method": {
|
||||||
|
"_grammar": "( date | increment | unixtime )"
|
||||||
|
},
|
||||||
|
"sig-signing-nodes": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"sig-signing-signatures": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"sig-signing-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"sig-validity-interval": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<integer> [ <integer> ]"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"update-check-ksk": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"update-policy": {
|
||||||
|
"_grammar": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtypelist>; ... } )"
|
||||||
|
},
|
||||||
|
"zero-no-soa-ttl": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,58 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "redirect"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"dlz": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"masterfile-format": {
|
||||||
|
"_grammar": "( raw | text )"
|
||||||
|
},
|
||||||
|
"masterfile-style": {
|
||||||
|
"_grammar": "( full | relative )"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-zone-ttl": {
|
||||||
|
"_flags": [
|
||||||
|
"deprecated"
|
||||||
|
],
|
||||||
|
"_grammar": "( unlimited | <duration> )"
|
||||||
|
},
|
||||||
|
"plugin": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
|
||||||
|
},
|
||||||
|
"primaries": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,258 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "secondary"
|
||||||
|
},
|
||||||
|
"allow-notify": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-transfer": {
|
||||||
|
"_grammar": "[ port <integer> ] [ transport <string> ] { <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-update-forwarding": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"also-notify": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"check-names": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"checkds": {
|
||||||
|
"_grammar": "( explicit | <boolean> )"
|
||||||
|
},
|
||||||
|
"database": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"dlz": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"dnskey-sig-validity": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"dnssec-dnskey-kskonly": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"dnssec-loadkeys-interval": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"dnssec-policy": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"dnssec-update-mode": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "( maintain | no-resign )"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"forward": {
|
||||||
|
"_grammar": "( first | only )"
|
||||||
|
},
|
||||||
|
"forwarders": {
|
||||||
|
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"inline-signing": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"ixfr-from-differences": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"journal": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"key-directory": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"log-report-channel": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"masterfile-format": {
|
||||||
|
"_grammar": "( raw | text )"
|
||||||
|
},
|
||||||
|
"masterfile-style": {
|
||||||
|
"_grammar": "( full | relative )"
|
||||||
|
},
|
||||||
|
"max-ixfr-ratio": {
|
||||||
|
"_grammar": "( unlimited | <percentage> )"
|
||||||
|
},
|
||||||
|
"max-journal-size": {
|
||||||
|
"_grammar": "( default | unlimited | <sizeval> )"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-out": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-out": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-transfer-rate-in": {
|
||||||
|
"_grammar": "<integer> <integer>"
|
||||||
|
},
|
||||||
|
"multi-master": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"notify": {
|
||||||
|
"_grammar": "( explicit | master-only | primary-only | <boolean> )"
|
||||||
|
},
|
||||||
|
"notify-cfg": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_id": "<string>",
|
||||||
|
"_mapbody": {
|
||||||
|
"notify": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"notify-defer": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-delay": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notify-defer": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-delay": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"notify-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"notify-to-soa": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"nsec3-test-zone": {
|
||||||
|
"_flags": [
|
||||||
|
"test only"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"parental-agents": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"parental-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"parental-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"plugin": {
|
||||||
|
"_flags": [
|
||||||
|
"may occur multiple times"
|
||||||
|
],
|
||||||
|
"_grammar": "( query ) <string> [ { <unspecified-text> } ]"
|
||||||
|
},
|
||||||
|
"primaries": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"provide-zoneversion": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"request-expire": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"request-ixfr": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"request-ixfr-max-diffs": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"send-report-channel": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"sig-signing-nodes": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"sig-signing-signatures": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"sig-signing-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"sig-validity-interval": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<integer> [ <integer> ]"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"transfer-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"transfer-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"try-tcp-refresh": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"update-check-ksk": {
|
||||||
|
"_flags": [
|
||||||
|
"obsolete"
|
||||||
|
],
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"zero-no-soa-ttl": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,43 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "static-stub"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"forward": {
|
||||||
|
"_grammar": "( first | only )"
|
||||||
|
},
|
||||||
|
"forwarders": {
|
||||||
|
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"server-addresses": {
|
||||||
|
"_grammar": "{ ( <ipv4_address> | <ipv6_address> ); ... }"
|
||||||
|
},
|
||||||
|
"server-names": {
|
||||||
|
"_grammar": "{ <string>; ... }"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,85 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "stub"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"check-names": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"database": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"forward": {
|
||||||
|
"_grammar": "( first | only )"
|
||||||
|
},
|
||||||
|
"forwarders": {
|
||||||
|
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"masterfile-format": {
|
||||||
|
"_grammar": "( raw | text )"
|
||||||
|
},
|
||||||
|
"masterfile-style": {
|
||||||
|
"_grammar": "( full | relative )"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-transfer-rate-in": {
|
||||||
|
"_grammar": "<integer> <integer>"
|
||||||
|
},
|
||||||
|
"multi-master": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"primaries": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"transfer-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"transfer-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,54 @@
|
|||||||
|
# BIND9 Grammar Files - Upstream Source
|
||||||
|
|
||||||
|
This directory contains upstream BIND9 grammar files from the official BIND9 mirror for version comparison and validation.
|
||||||
|
|
||||||
|
## Files to Fetch
|
||||||
|
|
||||||
|
When grammar files are needed, fetch from:
|
||||||
|
- **Repository**: https://git.valid.dk/Mirrors/bind9
|
||||||
|
- **9.18 Tag**: v9.18.44
|
||||||
|
- **9.20 Tag**: v9.20.18
|
||||||
|
|
||||||
|
### Required Grammar Files (from doc/misc/)
|
||||||
|
|
||||||
|
- options
|
||||||
|
- forward.zoneopt
|
||||||
|
- hint.zoneopt
|
||||||
|
- in-view.zoneopt
|
||||||
|
- mirror.zoneopt
|
||||||
|
- primary.zoneopt
|
||||||
|
- redirect.zoneopt
|
||||||
|
- secondary.zoneopt
|
||||||
|
- static-stub.zoneopt
|
||||||
|
- stub.zoneopt
|
||||||
|
- delegation-only.zoneopt
|
||||||
|
- rndc.grammar
|
||||||
|
- parsegrammar.py
|
||||||
|
- checkgrammar.py
|
||||||
|
|
||||||
|
## Directory Structure
|
||||||
|
|
||||||
|
```
|
||||||
|
upstream/
|
||||||
|
├── v9.18.44/
|
||||||
|
│ ├── grammar/ (Grammar files)
|
||||||
|
│ └── metadata.json (Fetch metadata)
|
||||||
|
└── v9.20.18/
|
||||||
|
├── grammar/ (Grammar files)
|
||||||
|
└── metadata.json (Fetch metadata)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Fetching
|
||||||
|
|
||||||
|
Option 1: Using git fetch
|
||||||
|
```bash
|
||||||
|
git clone --depth 1 --branch v9.18.44 https://git.valid.dk/Mirrors/bind9.git /tmp/bind9-9.18
|
||||||
|
cp /tmp/bind9-9.18/doc/misc/* bind9-grammar/upstream/v9.18.44/grammar/
|
||||||
|
```
|
||||||
|
|
||||||
|
Option 2: Using Gitea MCP tools (see scripts/fetch_bind_grammar.py)
|
||||||
|
|
||||||
|
## Scripts
|
||||||
|
|
||||||
|
- `scripts/fetch_bind_grammar.py` - MCP-based fetcher template
|
||||||
|
- `scripts/compare_bind_versions.py` - Grammar comparison tool
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type delegation-only;
|
||||||
|
};
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type forward;
|
||||||
|
delegation-only <boolean>; // deprecated
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
};
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type hint;
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
delegation-only <boolean>; // deprecated
|
||||||
|
file <quoted_string>;
|
||||||
|
};
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
in-view <string>;
|
||||||
|
};
|
||||||
@@ -0,0 +1,45 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type mirror;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
|
||||||
|
alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
database <string>;
|
||||||
|
file <quoted_string>;
|
||||||
|
ixfr-from-differences <boolean>;
|
||||||
|
journal <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
multi-master <boolean>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
use-alt-transfer-source <boolean>; // deprecated
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,604 @@
|
|||||||
|
acl <string> { <address_match_element>; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
controls {
|
||||||
|
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
|
||||||
|
unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
dlz <string> {
|
||||||
|
database <string>;
|
||||||
|
search <boolean>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
dnssec-policy <string> {
|
||||||
|
dnskey-ttl <duration>;
|
||||||
|
keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime <duration_or_unlimited> algorithm <string> [ <integer> ]; ... };
|
||||||
|
max-zone-ttl <duration>;
|
||||||
|
nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
|
||||||
|
parent-ds-ttl <duration>;
|
||||||
|
parent-propagation-delay <duration>;
|
||||||
|
parent-registration-delay <duration>; // obsolete
|
||||||
|
publish-safety <duration>;
|
||||||
|
purge-keys <duration>;
|
||||||
|
retire-safety <duration>;
|
||||||
|
signatures-jitter <duration>;
|
||||||
|
signatures-refresh <duration>;
|
||||||
|
signatures-validity <duration>;
|
||||||
|
signatures-validity-dnskey <duration>;
|
||||||
|
zone-propagation-delay <duration>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
|
||||||
|
|
||||||
|
http <string> {
|
||||||
|
endpoints { <quoted_string>; ... };
|
||||||
|
listener-clients <integer>;
|
||||||
|
streams-per-connection <integer>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
key <string> {
|
||||||
|
algorithm <string>;
|
||||||
|
secret <string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
logging {
|
||||||
|
category <string> { <string>; ... }; // may occur multiple times
|
||||||
|
channel <string> {
|
||||||
|
buffered <boolean>;
|
||||||
|
file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
|
||||||
|
null;
|
||||||
|
print-category <boolean>;
|
||||||
|
print-severity <boolean>;
|
||||||
|
print-time ( iso8601 | iso8601-utc | local | <boolean> );
|
||||||
|
severity <log_severity>;
|
||||||
|
stderr;
|
||||||
|
syslog [ <syslog_facility> ];
|
||||||
|
}; // may occur multiple times
|
||||||
|
};
|
||||||
|
|
||||||
|
managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
||||||
|
|
||||||
|
options {
|
||||||
|
allow-new-zones <boolean>;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-cache { <address_match_element>; ... };
|
||||||
|
allow-query-cache-on { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-recursion { <address_match_element>; ... };
|
||||||
|
allow-recursion-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
|
||||||
|
alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
|
||||||
|
answer-cookie <boolean>;
|
||||||
|
attach-cache <string>;
|
||||||
|
auth-nxdomain <boolean>;
|
||||||
|
auto-dnssec ( allow | maintain | off ) ; // deprecated
|
||||||
|
automatic-interface-scan <boolean>;
|
||||||
|
avoid-v4-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
avoid-v6-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
bindkeys-file <quoted_string>;
|
||||||
|
blackhole { <address_match_element>; ... };
|
||||||
|
catalog-zones { zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
|
||||||
|
check-dup-records ( fail | warn | ignore );
|
||||||
|
check-integrity <boolean>;
|
||||||
|
check-mx ( fail | warn | ignore );
|
||||||
|
check-mx-cname ( fail | warn | ignore );
|
||||||
|
check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
|
||||||
|
check-sibling <boolean>;
|
||||||
|
check-spf ( warn | ignore );
|
||||||
|
check-srv-cname ( fail | warn | ignore );
|
||||||
|
check-wildcard <boolean>;
|
||||||
|
clients-per-query <integer>;
|
||||||
|
cookie-algorithm ( aes | siphash24 );
|
||||||
|
cookie-secret <string>; // may occur multiple times
|
||||||
|
coresize ( default | unlimited | <sizeval> ); // deprecated
|
||||||
|
datasize ( default | unlimited | <sizeval> ); // deprecated
|
||||||
|
deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
|
||||||
|
deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
directory <quoted_string>;
|
||||||
|
disable-algorithms <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-ds-digests <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-empty-zone <string>; // may occur multiple times
|
||||||
|
dns64 <netprefix> {
|
||||||
|
break-dnssec <boolean>;
|
||||||
|
clients { <address_match_element>; ... };
|
||||||
|
exclude { <address_match_element>; ... };
|
||||||
|
mapped { <address_match_element>; ... };
|
||||||
|
recursive-only <boolean>;
|
||||||
|
suffix <ipv6_address>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
dns64-contact <string>;
|
||||||
|
dns64-server <string>;
|
||||||
|
dnskey-sig-validity <integer>;
|
||||||
|
dnsrps-enable <boolean>; // not configured
|
||||||
|
dnsrps-options { <unspecified-text> }; // not configured
|
||||||
|
dnssec-accept-expired <boolean>;
|
||||||
|
dnssec-dnskey-kskonly <boolean>;
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-secure-to-insecure <boolean>;
|
||||||
|
dnssec-update-mode ( maintain | no-resign );
|
||||||
|
dnssec-validation ( yes | no | auto );
|
||||||
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
|
||||||
|
dnstap-identity ( <quoted_string> | none | hostname ); // not configured
|
||||||
|
dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
|
||||||
|
dnstap-version ( <quoted_string> | none ); // not configured
|
||||||
|
dscp <integer>; // obsolete
|
||||||
|
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
||||||
|
dump-file <quoted_string>;
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
empty-contact <string>;
|
||||||
|
empty-server <string>;
|
||||||
|
empty-zones-enable <boolean>;
|
||||||
|
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
||||||
|
fetches-per-server <integer> [ ( drop | fail ) ];
|
||||||
|
fetches-per-zone <integer> [ ( drop | fail ) ];
|
||||||
|
files ( default | unlimited | <sizeval> ); // deprecated
|
||||||
|
flush-zones-on-shutdown <boolean>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
fstrm-set-buffer-hint <integer>; // not configured
|
||||||
|
fstrm-set-flush-timeout <integer>; // not configured
|
||||||
|
fstrm-set-input-queue-size <integer>; // not configured
|
||||||
|
fstrm-set-output-notify-threshold <integer>; // not configured
|
||||||
|
fstrm-set-output-queue-model ( mpscs | spscs ); // not configured
|
||||||
|
fstrm-set-output-queue-size <integer>; // not configured
|
||||||
|
fstrm-set-reopen-interval <duration>; // not configured
|
||||||
|
geoip-directory ( <quoted_string> | none );
|
||||||
|
glue-cache <boolean>; // deprecated
|
||||||
|
heartbeat-interval <integer>; // deprecated
|
||||||
|
hostname ( <quoted_string> | none );
|
||||||
|
http-listener-clients <integer>;
|
||||||
|
http-port <integer>;
|
||||||
|
http-streams-per-connection <integer>;
|
||||||
|
https-port <integer>;
|
||||||
|
interface-interval <duration>;
|
||||||
|
ipv4only-contact <string>;
|
||||||
|
ipv4only-enable <boolean>;
|
||||||
|
ipv4only-server <string>;
|
||||||
|
ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
|
||||||
|
keep-response-order { <address_match_element>; ... };
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
lame-ttl <duration>;
|
||||||
|
listen-on [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
|
||||||
|
listen-on-v6 [ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
|
||||||
|
lmdb-mapsize <sizeval>;
|
||||||
|
lock-file ( <quoted_string> | none );
|
||||||
|
managed-keys-directory <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
match-mapped-addresses <boolean>;
|
||||||
|
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
|
||||||
|
max-cache-ttl <duration>;
|
||||||
|
max-clients-per-query <integer>;
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-ncache-ttl <duration>;
|
||||||
|
max-query-count <integer>;
|
||||||
|
max-query-restarts <integer>;
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-recursion-depth <integer>;
|
||||||
|
max-recursion-queries <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-rsa-exponent-size <integer>;
|
||||||
|
max-stale-ttl <duration>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
maxz-zone-ttl ( unlimited | <duration> );
|
||||||
|
memstatistics <boolean>;
|
||||||
|
memstatistics-file <quoted_string>;
|
||||||
|
message-compression <boolean>;
|
||||||
|
min-cache-ttl <duration>;
|
||||||
|
min-ncache-ttl <duration>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
minimal-any <boolean>;
|
||||||
|
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
|
||||||
|
multi-master <boolean>;
|
||||||
|
new-zones-directory <quoted_string>;
|
||||||
|
no-case-compress { <address_match_element>; ... };
|
||||||
|
nocookie-udp-size <integer>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-rate <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
nta-lifetime <duration>;
|
||||||
|
nta-recheck <duration>;
|
||||||
|
nxdomain-redirect <string>;
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
pid-file ( <quoted_string> | none );
|
||||||
|
port <integer>;
|
||||||
|
preferred-glue <string>;
|
||||||
|
prefetch <integer> [ <integer> ];
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
qname-minimization ( strict | relaxed | disabled | off );
|
||||||
|
query-source [ address ] ( <ipv4_address> | * );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * );
|
||||||
|
querylog <boolean>;
|
||||||
|
random-device ( <quoted_string> | none ); // obsolete
|
||||||
|
rate-limit {
|
||||||
|
all-per-second <integer>;
|
||||||
|
errors-per-second <integer>;
|
||||||
|
exempt-clients { <address_match_element>; ... };
|
||||||
|
ipv4-prefix-length <integer>;
|
||||||
|
ipv6-prefix-length <integer>;
|
||||||
|
log-only <boolean>;
|
||||||
|
max-table-size <integer>;
|
||||||
|
min-table-size <integer>;
|
||||||
|
nodata-per-second <integer>;
|
||||||
|
nxdomains-per-second <integer>;
|
||||||
|
qps-scale <integer>;
|
||||||
|
referrals-per-second <integer>;
|
||||||
|
responses-per-second <integer>;
|
||||||
|
slip <integer>;
|
||||||
|
window <integer>;
|
||||||
|
};
|
||||||
|
recurse-ing-file <quoted_string>;
|
||||||
|
recursion <boolean>;
|
||||||
|
recursive-clients <integer>;
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
require-server-cookie <boolean>;
|
||||||
|
reserved-sockets <integer>; // deprecated
|
||||||
|
resolver-nonbackoff-tries <integer>; // deprecated
|
||||||
|
resolver-query-timeout <integer>;
|
||||||
|
resolver-retry-interval <integer>; // deprecated
|
||||||
|
response-padding { <address_match_element>; ... } block-size <integer>;
|
||||||
|
response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
|
||||||
|
reuse port <boolean>;
|
||||||
|
root-delegation-only [ exclude { <string>; ... } ]; // deprecated
|
||||||
|
root-key-sentinel <boolean>;
|
||||||
|
rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
|
||||||
|
secroots-file <quoted_string>;
|
||||||
|
send-cookie <boolean>;
|
||||||
|
serial-query-rate <integer>;
|
||||||
|
serial-update-method ( date | increment | unixtime );
|
||||||
|
server-id ( <quoted_string> | none | hostname );
|
||||||
|
servfail-ttl <duration>;
|
||||||
|
session-keyalg <string>;
|
||||||
|
session-keyfile ( <quoted_string> | none );
|
||||||
|
session-keyname <string>;
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ];
|
||||||
|
sortlist { <address_match_element>; ... };
|
||||||
|
stacksize ( default | unlimited | <sizeval> ); // deprecated
|
||||||
|
stale-answer-client-timeout ( disabled | off | <integer> );
|
||||||
|
stale-answer-enable <boolean>;
|
||||||
|
stale-answer-ttl <duration>;
|
||||||
|
stale-cache-enable <boolean>;
|
||||||
|
stale-refresh-time <duration>;
|
||||||
|
startup-notify-rate <integer>;
|
||||||
|
statistics-file <quoted_string>;
|
||||||
|
suppress-initial-notify <boolean>; // obsolete
|
||||||
|
synth-from-dnssec <boolean>;
|
||||||
|
tcp-advertised-timeout <integer>;
|
||||||
|
tcp-clients <integer>;
|
||||||
|
tcp-idle-timeout <integer>;
|
||||||
|
tcp-initial-timeout <integer>;
|
||||||
|
tcp-keepalive-timeout <integer>;
|
||||||
|
tcp-listen-queue <integer>;
|
||||||
|
tcp-receive-buffer <integer>;
|
||||||
|
tcp-send-buffer <integer>;
|
||||||
|
tkey-dhkey <quoted_string> <integer>; // deprecated
|
||||||
|
tkey-domain <quoted_string>; // deprecated
|
||||||
|
tkey-gssapi-credential <quoted_string>; // deprecated
|
||||||
|
tkey-gssapi-keytab <quoted_string>;
|
||||||
|
tls-port <integer>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-message-size <integer>;
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
transfers-in <integer>;
|
||||||
|
transfers-out <integer>;
|
||||||
|
transfers-per-ns <integer>;
|
||||||
|
trust-anchor-telemetry <boolean>;
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
udp-receive-buffer <integer>;
|
||||||
|
udp-send-buffer <integer>;
|
||||||
|
update-check-ksk <boolean>;
|
||||||
|
update-quota <integer>;
|
||||||
|
use-alt-transfer-source <boolean>; // deprecated
|
||||||
|
use-v4-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
use-v6-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
v6-bias <integer>;
|
||||||
|
validate-except { <string>; ... };
|
||||||
|
version ( <quoted_string> | none );
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zero-no-soa-ttl-cache <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
|
|
||||||
|
parental-agents <string> [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
|
||||||
|
|
||||||
|
primaries <string> [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
server <netprefix> {
|
||||||
|
bogus <boolean>;
|
||||||
|
edns <boolean>;
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
edns-version <integer>;
|
||||||
|
keys <server_key>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
padding <integer>;
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
query-source [ address ] ( <ipv4_address> | * );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * );
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
send-cookie <boolean>;
|
||||||
|
tcp-keepalive <boolean>;
|
||||||
|
tcp-only <boolean>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
transfers <integer>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
statistics-channels {
|
||||||
|
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
tls <string> {
|
||||||
|
ca-file <quoted_string>;
|
||||||
|
cert-file <quoted_string>;
|
||||||
|
ciphers <string>;
|
||||||
|
dhparam-file <quoted_string>;
|
||||||
|
key-file <quoted_string>;
|
||||||
|
prefer-server-ciphers <boolean>;
|
||||||
|
protocols { <string>; ... };
|
||||||
|
remote-hostname <quoted_string>;
|
||||||
|
session-tickets <boolean>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
||||||
|
|
||||||
|
view <string> [ <class> ] {
|
||||||
|
allow-new-zones <boolean>;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-cache { <address_match_element>; ... };
|
||||||
|
allow-query-cache-on { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-recursion { <address_match_element>; ... };
|
||||||
|
allow-recursion-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
|
||||||
|
alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
|
||||||
|
attach-cache <string>;
|
||||||
|
auth-nxdomain <boolean>;
|
||||||
|
auto-dnssec ( allow | maintain | off ) ; // deprecated
|
||||||
|
catalog-zones { zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
|
||||||
|
check-dup-records ( fail | warn | ignore );
|
||||||
|
check-integrity <boolean>;
|
||||||
|
check-mx ( fail | warn | ignore );
|
||||||
|
check-mx-cname ( fail | warn | ignore );
|
||||||
|
check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
|
||||||
|
check-sibling <boolean>;
|
||||||
|
check-spf ( warn | ignore );
|
||||||
|
check-srv-cname ( fail | warn | ignore );
|
||||||
|
check-wildcard <boolean>;
|
||||||
|
clients-per-query <integer>;
|
||||||
|
deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
|
||||||
|
deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
disable-algorithms <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-ds-digests <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-empty-zone <string>; // may occur multiple times
|
||||||
|
dlz <string> {
|
||||||
|
database <string>;
|
||||||
|
search <boolean>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
dns64 <netprefix> {
|
||||||
|
break-dnssec <boolean>;
|
||||||
|
clients { <address_match_element>; ... };
|
||||||
|
exclude { <address_match_element>; ... };
|
||||||
|
mapped { <address_match_element>; ... };
|
||||||
|
recursive-only <boolean>;
|
||||||
|
suffix <ipv6_address>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
dns64-contact <string>;
|
||||||
|
dns64-server <string>;
|
||||||
|
dnskey-sig-validity <integer>;
|
||||||
|
dnsrps-enable <boolean>; // not configured
|
||||||
|
dnsrps-options { <unspecified-text> }; // not configured
|
||||||
|
dnssec-accept-expired <boolean>;
|
||||||
|
dnssec-dnskey-kskonly <boolean>;
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-secure-to-insecure <boolean>;
|
||||||
|
dnssec-update-mode ( maintain | no-resign );
|
||||||
|
dnssec-validation ( yes | no | auto );
|
||||||
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
|
||||||
|
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
||||||
|
dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
empty-contact <string>;
|
||||||
|
empty-server <string>;
|
||||||
|
empty-zones-enable <boolean>;
|
||||||
|
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
||||||
|
fetches-per-server <integer> [ ( drop | fail ) ];
|
||||||
|
fetches-per-zone <integer> [ ( drop | fail ) ];
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
glue-cache <boolean>; // deprecated
|
||||||
|
ipv4only-contact <string>;
|
||||||
|
ipv4only-enable <boolean>;
|
||||||
|
ipv4only-server <string>;
|
||||||
|
ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
|
||||||
|
key <string> {
|
||||||
|
algorithm <string>;
|
||||||
|
secret <string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
lame-ttl <duration>;
|
||||||
|
lmdb-mapsize <sizeval>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
match-clients { <address_match_element>; ... };
|
||||||
|
match-destinations { <address_match_element>; ... };
|
||||||
|
match-recursive-only <boolean>;
|
||||||
|
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
|
||||||
|
max-cache-ttl <duration>;
|
||||||
|
max-clients-per-query <integer>;
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-ncache-ttl <duration>;
|
||||||
|
max-query-count <integer>;
|
||||||
|
max-query-restarts <integer>;
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-recursion-depth <integer>;
|
||||||
|
max-recursion-queries <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-stale-ttl <duration>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
maxz-zone-ttl ( unlimited | <duration> );
|
||||||
|
message-compression <boolean>;
|
||||||
|
min-cache-ttl <duration>;
|
||||||
|
min-ncache-ttl <duration>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
minimal-any <boolean>;
|
||||||
|
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
|
||||||
|
multi-master <boolean>;
|
||||||
|
new-zones-directory <quoted_string>;
|
||||||
|
no-case-compress { <address_match_element>; ... };
|
||||||
|
nocookie-udp-size <integer>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
nta-lifetime <duration>;
|
||||||
|
nta-recheck <duration>;
|
||||||
|
nxdomain-redirect <string>;
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
|
||||||
|
preferred-glue <string>;
|
||||||
|
prefetch <integer> [ <integer> ];
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
qname-minimization ( strict | relaxed | disabled | off );
|
||||||
|
query-source [ address ] ( <ipv4_address> | * );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * );
|
||||||
|
rate-limit {
|
||||||
|
all-per-second <integer>;
|
||||||
|
errors-per-second <integer>;
|
||||||
|
exempt-clients { <address_match_element>; ... };
|
||||||
|
ipv4-prefix-length <integer>;
|
||||||
|
ipv6-prefix-length <integer>;
|
||||||
|
log-only <boolean>;
|
||||||
|
max-table-size <integer>;
|
||||||
|
min-table-size <integer>;
|
||||||
|
nodata-per-second <integer>;
|
||||||
|
nxdomains-per-second <integer>;
|
||||||
|
qps-scale <integer>;
|
||||||
|
referrals-per-second <integer>;
|
||||||
|
responses-per-second <integer>;
|
||||||
|
slip <integer>;
|
||||||
|
window <integer>;
|
||||||
|
};
|
||||||
|
recursion <boolean>;
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
require-server-cookie <boolean>;
|
||||||
|
resolver-nonbackoff-tries <integer>; // deprecated
|
||||||
|
resolver-query-timeout <integer>;
|
||||||
|
resolver-retry-interval <integer>; // deprecated
|
||||||
|
response-padding { <address_match_element>; ... } block-size <integer>;
|
||||||
|
response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
|
||||||
|
root-delegation-only [ exclude { <string>; ... } ]; // deprecated
|
||||||
|
root-key-sentinel <boolean>;
|
||||||
|
rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
|
||||||
|
send-cookie <boolean>;
|
||||||
|
serial-update-method ( date | increment | unixtime );
|
||||||
|
server <netprefix> {
|
||||||
|
bogus <boolean>;
|
||||||
|
edns <boolean>;
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
edns-version <integer>;
|
||||||
|
keys <server_key>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
padding <integer>;
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
query-source [ address ] ( <ipv4_address> | * );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * );
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
send-cookie <boolean>;
|
||||||
|
tcp-keepalive <boolean>;
|
||||||
|
tcp-only <boolean>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
transfers <integer>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
servfail-ttl <duration>;
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ];
|
||||||
|
sortlist { <address_match_element>; ... };
|
||||||
|
stale-answer-client-timeout ( disabled | off | <integer> );
|
||||||
|
stale-answer-enable <boolean>;
|
||||||
|
stale-answer-ttl <duration>;
|
||||||
|
stale-cache-enable <boolean>;
|
||||||
|
stale-refresh-time <duration>;
|
||||||
|
suppress-initial-notify <boolean>; // obsolete
|
||||||
|
synth-from-dnssec <boolean>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
trust-anchor-telemetry <boolean>;
|
||||||
|
trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
|
||||||
|
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
update-check-ksk <boolean>;
|
||||||
|
use-alt-transfer-source <boolean>; // deprecated
|
||||||
|
v6-bias <integer>;
|
||||||
|
validate-except { <string>; ... };
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zero-no-soa-ttl-cache <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
}; // may occur multiple times
|
||||||
@@ -0,0 +1,64 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type primary;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
|
||||||
|
alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
|
||||||
|
auto-dnssec ( allow | maintain | off ) ; // deprecated
|
||||||
|
check-dup-records ( fail | warn | ignore );
|
||||||
|
check-integrity <boolean>;
|
||||||
|
check-mx ( fail | warn | ignore );
|
||||||
|
check-mx-cname ( fail | warn | ignore );
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
check-sibling <boolean>;
|
||||||
|
check-spf ( warn | ignore );
|
||||||
|
check-srv-cname ( fail | warn | ignore );
|
||||||
|
check-wildcard <boolean>;
|
||||||
|
database <string>;
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
dlz <string>;
|
||||||
|
dnskey-sig-validity <integer>;
|
||||||
|
dnssec-dnskey-kskonly <boolean>;
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-secure-to-insecure <boolean>;
|
||||||
|
dnssec-update-mode ( maintain | no-resign );
|
||||||
|
file <quoted_string>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
inline-signing <boolean>;
|
||||||
|
ixfr-from-differences <boolean>;
|
||||||
|
journal <quoted_string>;
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-zone-ttl ( unlimited | <duration> );
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
parental-agents [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
serial-update-method ( date | increment | unixtime );
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ];
|
||||||
|
update-check-ksk <boolean>;
|
||||||
|
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>; ... } );
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type redirect;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
dlz <string>;
|
||||||
|
file <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-zone-ttl ( unlimited | <duration> );
|
||||||
|
primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
key <string> {
|
||||||
|
algorithm <string>;
|
||||||
|
secret <string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
options {
|
||||||
|
default-key <string>;
|
||||||
|
default-port <integer>;
|
||||||
|
default-server <string>;
|
||||||
|
default-source-address ( <ipv4_address> | * );
|
||||||
|
default-source-address-v6 ( <ipv6_address> | * );
|
||||||
|
};
|
||||||
|
|
||||||
|
server <string> {
|
||||||
|
addresses { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
||||||
|
key <string>;
|
||||||
|
port <integer>;
|
||||||
|
source-address ( <ipv4_address> | * );
|
||||||
|
source-address-v6 ( <ipv6_address> | * );
|
||||||
|
}; // may occur multiple times
|
||||||
@@ -0,0 +1,67 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type secondary;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
alt-transfer-source ( <ipv4_address> | * ) ; // deprecated
|
||||||
|
alt-transfer-source-v6 ( <ipv6_address> | * ) ; // deprecated
|
||||||
|
auto-dnssec ( allow | maintain | off ) ; // deprecated
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
database <string>;
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
dlz <string>;
|
||||||
|
dnskey-sig-validity <integer>;
|
||||||
|
dnssec-dnskey-kskonly <boolean>;
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-update-mode ( maintain | no-resign );
|
||||||
|
file <quoted_string>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
inline-signing <boolean>;
|
||||||
|
ixfr-from-differences <boolean>;
|
||||||
|
journal <quoted_string>;
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
multi-master <boolean>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
parental-agents [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ];
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
update-check-ksk <boolean>;
|
||||||
|
use-alt-transfer-source <boolean>; // deprecated
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type static-stub;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
|
||||||
|
server-names { <string>; ... };
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type stub;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
database <string>;
|
||||||
|
delegation-only <boolean>; // deprecated
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
file <quoted_string>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]; ... };
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
multi-master <boolean>;
|
||||||
|
primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
use-alt-transfer-source <boolean>; // deprecated
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type forward;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
};
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type hint;
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
file <quoted_string>;
|
||||||
|
};
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
in-view <string>;
|
||||||
|
};
|
||||||
@@ -0,0 +1,44 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type mirror;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
database <string>;
|
||||||
|
file <quoted_string>;
|
||||||
|
ixfr-from-differences <boolean>;
|
||||||
|
journal <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
min-transfer-rate-in <integer> <integer>;
|
||||||
|
multi-master <boolean>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-defer <integer>;
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,605 @@
|
|||||||
|
acl <string> { <address_match_element>; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
controls {
|
||||||
|
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
|
||||||
|
unix <quoted_string> perm <integer> owner <integer> group <integer> [ keys { <string>; ... } ] [ read-only <boolean> ]; // may occur multiple times
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
dlz <string> {
|
||||||
|
database <string>;
|
||||||
|
search <boolean>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
dnssec-policy <string> {
|
||||||
|
cdnskey <boolean>;
|
||||||
|
cds-digest-types { <string>; ... };
|
||||||
|
dnskey-ttl <duration>;
|
||||||
|
inline-signing <boolean>;
|
||||||
|
keys { ( csk | ksk | zsk ) [ key-directory | key-store <string> ] lifetime <duration_or_unlimited> algorithm <string> [ tag-range <integer> <integer> ] [ <integer> ]; ... };
|
||||||
|
manual-mode <boolean>;
|
||||||
|
max-zone-ttl <duration>;
|
||||||
|
nsec3param [ iterations <integer> ] [ optout <boolean> ] [ salt-length <integer> ];
|
||||||
|
offline-ksk <boolean>;
|
||||||
|
parent-ds-ttl <duration>;
|
||||||
|
parent-propagation-delay <duration>;
|
||||||
|
publish-safety <duration>;
|
||||||
|
purge-keys <duration>;
|
||||||
|
retire-safety <duration>;
|
||||||
|
signatures-jitter <duration>;
|
||||||
|
signatures-refresh <duration>;
|
||||||
|
signatures-validity <duration>;
|
||||||
|
signatures-validity-dnskey <duration>;
|
||||||
|
zone-propagation-delay <duration>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
|
||||||
|
|
||||||
|
http <string> {
|
||||||
|
endpoints { <quoted_string>; ... };
|
||||||
|
listener-clients <integer>;
|
||||||
|
streams-per-connection <integer>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
key <string> {
|
||||||
|
algorithm <string>;
|
||||||
|
secret <string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
key-store <string> {
|
||||||
|
directory <string>;
|
||||||
|
pkcs11-uri <quoted_string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
logging {
|
||||||
|
category <string> { <string>; ... }; // may occur multiple times
|
||||||
|
channel <string> {
|
||||||
|
buffered <boolean>;
|
||||||
|
file <quoted_string> [ versions ( unlimited | <integer> ) ] [ size <size> ] [ suffix ( increment | timestamp ) ];
|
||||||
|
null;
|
||||||
|
print-category <boolean>;
|
||||||
|
print-severity <boolean>;
|
||||||
|
print-time ( iso8601 | iso8601-utc | local | <boolean> );
|
||||||
|
severity <log_severity>;
|
||||||
|
stderr;
|
||||||
|
syslog [ <syslog_facility> ];
|
||||||
|
}; // may occur multiple times
|
||||||
|
};
|
||||||
|
|
||||||
|
managed-keys { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
||||||
|
|
||||||
|
options {
|
||||||
|
allow-new-zones <boolean>;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-proxy { <address_match_element>; ... }; // experimental
|
||||||
|
allow-proxy-on { <address_match_element>; ... }; // experimental
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-cache { <address_match_element>; ... };
|
||||||
|
allow-query-cache-on { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-recursion { <address_match_element>; ... };
|
||||||
|
allow-recursion-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
answer-cookie <boolean>;
|
||||||
|
attach-cache <string>;
|
||||||
|
auth-nxdomain <boolean>;
|
||||||
|
automatic-interface-scan <boolean>;
|
||||||
|
avoid-v4-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
avoid-v6-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
bindkeys-file <quoted_string>; // test only
|
||||||
|
blackhole { <address_match_element>; ... };
|
||||||
|
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
|
||||||
|
check-dup-records ( fail | warn | ignore );
|
||||||
|
check-integrity <boolean>;
|
||||||
|
check-mx ( fail | warn | ignore );
|
||||||
|
check-mx-cname ( fail | warn | ignore );
|
||||||
|
check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
|
||||||
|
check-sibling <boolean>;
|
||||||
|
check-spf ( warn | ignore );
|
||||||
|
check-srv-cname ( fail | warn | ignore );
|
||||||
|
check-svcb <boolean>;
|
||||||
|
check-wildcard <boolean>;
|
||||||
|
clients-per-query <integer>;
|
||||||
|
cookie-algorithm ( siphash24 );
|
||||||
|
cookie-secret <string>; // may occur multiple times
|
||||||
|
deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
|
||||||
|
deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
directory <quoted_string>;
|
||||||
|
disable-algorithms <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-ds-digests <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-empty-zone <string>; // may occur multiple times
|
||||||
|
dns64 <netprefix> {
|
||||||
|
break-dnssec <boolean>;
|
||||||
|
clients { <address_match_element>; ... };
|
||||||
|
exclude { <address_match_element>; ... };
|
||||||
|
mapped { <address_match_element>; ... };
|
||||||
|
recursive-only <boolean>;
|
||||||
|
suffix <ipv6_address>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
dns64-contact <string>;
|
||||||
|
dns64-server <string>;
|
||||||
|
dnskey-sig-validity <integer>; // obsolete
|
||||||
|
dnsrps-enable <boolean>; // not configured
|
||||||
|
dnsrps-library <quoted_string>; // not configured
|
||||||
|
dnsrps-options { <unspecified-text> }; // not configured
|
||||||
|
dnssec-accept-expired <boolean>;
|
||||||
|
dnssec-dnskey-kskonly <boolean>; // obsolete
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-secure-to-insecure <boolean>; // obsolete
|
||||||
|
dnssec-update-mode ( maintain | no-resign ) ; // obsolete
|
||||||
|
dnssec-validation ( yes | no | auto );
|
||||||
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
|
||||||
|
dnstap-identity ( <quoted_string> | none | hostname ); // not configured
|
||||||
|
dnstap-output ( file | unix ) <quoted_string> [ size ( unlimited | <size> ) ] [ versions ( unlimited | <integer> ) ] [ suffix ( increment | timestamp ) ]; // not configured
|
||||||
|
dnstap-version ( <quoted_string> | none ); // not configured
|
||||||
|
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
||||||
|
dump-file <quoted_string>;
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
empty-contact <string>;
|
||||||
|
empty-server <string>;
|
||||||
|
empty-zones-enable <boolean>;
|
||||||
|
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
||||||
|
fetches-per-server <integer> [ ( drop | fail ) ];
|
||||||
|
fetches-per-zone <integer> [ ( drop | fail ) ];
|
||||||
|
flush-zones-on-shutdown <boolean>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
fstrm-set-buffer-hint <integer>; // not configured
|
||||||
|
fstrm-set-flush-timeout <integer>; // not configured
|
||||||
|
fstrm-set-input-queue-size <integer>; // not configured
|
||||||
|
fstrm-set-output-notify-threshold <integer>; // not configured
|
||||||
|
fstrm-set-output-queue-model ( mpscs | spscs ); // not configured
|
||||||
|
fstrm-set-output-queue-size <integer>; // not configured
|
||||||
|
fstrm-set-reopen-interval <duration>; // not configured
|
||||||
|
geoip-directory ( <quoted_string> | none );
|
||||||
|
hostname ( <quoted_string> | none );
|
||||||
|
http-listener-clients <integer>;
|
||||||
|
http-port <integer>;
|
||||||
|
http-streams-per-connection <integer>;
|
||||||
|
https-port <integer>;
|
||||||
|
interface-interval <duration>;
|
||||||
|
ipv4only-contact <string>;
|
||||||
|
ipv4only-enable <boolean>;
|
||||||
|
ipv4only-server <string>;
|
||||||
|
ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
lame-ttl <duration>;
|
||||||
|
listen-on [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
|
||||||
|
listen-on-v6 [ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>; ... }; // may occur multiple times
|
||||||
|
lmdb-mapsize <sizeval>;
|
||||||
|
managed-keys-directory <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
match-mapped-addresses <boolean>;
|
||||||
|
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
|
||||||
|
max-cache-ttl <duration>;
|
||||||
|
max-clients-per-query <integer>;
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-ncache-ttl <duration>;
|
||||||
|
max-query-count <integer>;
|
||||||
|
max-query-restarts <integer>;
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-recursion-depth <integer>;
|
||||||
|
max-recursion-queries <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-rsa-exponent-size <integer>;
|
||||||
|
max-stale-ttl <duration>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
max-validation-failures-per-fetch <integer>; // experimental
|
||||||
|
max-validations-per-fetch <integer>; // experimental
|
||||||
|
memstatistics <boolean>;
|
||||||
|
memstatistics-file <quoted_string>;
|
||||||
|
message-compression <boolean>;
|
||||||
|
min-cache-ttl <duration>;
|
||||||
|
min-ncache-ttl <duration>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
min-transfer-rate-in <integer> <integer>;
|
||||||
|
minimal-any <boolean>;
|
||||||
|
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
|
||||||
|
multi-master <boolean>;
|
||||||
|
new-zones-directory <quoted_string>;
|
||||||
|
no-case-compress { <address_match_element>; ... };
|
||||||
|
nocookie-udp-size <integer>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-defer <integer>;
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-rate <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
nta-lifetime <duration>;
|
||||||
|
nta-recheck <duration>;
|
||||||
|
nxdomain-redirect <string>;
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
pid-file ( <quoted_string> | none );
|
||||||
|
port <integer>;
|
||||||
|
preferred-glue <string>;
|
||||||
|
prefetch <integer> [ <integer> ];
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
qname-minimization ( strict | relaxed | disabled | off );
|
||||||
|
query-source [ address ] ( <ipv4_address> | * | none );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * | none );
|
||||||
|
querylog <boolean>;
|
||||||
|
rate-limit {
|
||||||
|
all-per-second <integer>;
|
||||||
|
errors-per-second <integer>;
|
||||||
|
exempt-clients { <address_match_element>; ... };
|
||||||
|
ipv4-prefix-length <integer>;
|
||||||
|
ipv6-prefix-length <integer>;
|
||||||
|
log-only <boolean>;
|
||||||
|
max-table-size <integer>;
|
||||||
|
min-table-size <integer>;
|
||||||
|
nodata-per-second <integer>;
|
||||||
|
nxdomains-per-second <integer>;
|
||||||
|
qps-scale <integer>;
|
||||||
|
referrals-per-second <integer>;
|
||||||
|
responses-per-second <integer>;
|
||||||
|
slip <integer>;
|
||||||
|
window <integer>;
|
||||||
|
};
|
||||||
|
recursing-file <quoted_string>;
|
||||||
|
recursion <boolean>;
|
||||||
|
recursive-clients <integer>;
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
require-server-cookie <boolean>;
|
||||||
|
resolver-query-timeout <integer>;
|
||||||
|
resolver-use-dns64 <boolean>;
|
||||||
|
response-padding { <address_match_element>; ... } block-size <integer>;
|
||||||
|
response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ servfail-until-ready <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
|
||||||
|
responselog <boolean>;
|
||||||
|
reuseport <boolean>;
|
||||||
|
root-key-sentinel <boolean>;
|
||||||
|
rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
|
||||||
|
secroots-file <quoted_string>;
|
||||||
|
send-cookie <boolean>;
|
||||||
|
serial-query-rate <integer>;
|
||||||
|
serial-update-method ( date | increment | unixtime );
|
||||||
|
server-id ( <quoted_string> | none | hostname );
|
||||||
|
servfail-ttl <duration>;
|
||||||
|
session-keyalg <string>;
|
||||||
|
session-keyfile ( <quoted_string> | none );
|
||||||
|
session-keyname <string>;
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||||
|
sig0-checks-quota <integer>; // experimental
|
||||||
|
sig0-checks-quota-exempt { <address_match_element>; ... }; // experimental
|
||||||
|
sig0-key-checks-limit <integer>;
|
||||||
|
sig0-message-checks-limit <integer>;
|
||||||
|
sortlist { <address_match_element>; ... }; // deprecated
|
||||||
|
stale-answer-client-timeout ( disabled | off | <integer> );
|
||||||
|
stale-answer-enable <boolean>;
|
||||||
|
stale-answer-ttl <duration>;
|
||||||
|
stale-cache-enable <boolean>;
|
||||||
|
stale-refresh-time <duration>;
|
||||||
|
startup-notify-rate <integer>;
|
||||||
|
statistics-file <quoted_string>;
|
||||||
|
synth-from-dnssec <boolean>;
|
||||||
|
tcp-advertised-timeout <integer>;
|
||||||
|
tcp-clients <integer>;
|
||||||
|
tcp-idle-timeout <integer>;
|
||||||
|
tcp-initial-timeout <integer>;
|
||||||
|
tcp-keepalive-timeout <integer>;
|
||||||
|
tcp-listen-queue <integer>;
|
||||||
|
tcp-receive-buffer <integer>;
|
||||||
|
tcp-send-buffer <integer>;
|
||||||
|
tkey-domain <quoted_string>; // obsolete
|
||||||
|
tkey-gssapi-keytab <quoted_string>;
|
||||||
|
tls-port <integer>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-message-size <integer>;
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
transfers-in <integer>;
|
||||||
|
transfers-out <integer>;
|
||||||
|
transfers-per-ns <integer>;
|
||||||
|
trust-anchor-telemetry <boolean>;
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
udp-receive-buffer <integer>;
|
||||||
|
udp-send-buffer <integer>;
|
||||||
|
update-check-ksk <boolean>; // obsolete
|
||||||
|
update-quota <integer>;
|
||||||
|
use-v4-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
use-v6-udp-ports { <portrange>; ... }; // deprecated
|
||||||
|
v6-bias <integer>;
|
||||||
|
validate-except { <string>; ... };
|
||||||
|
version ( <quoted_string> | none );
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zero-no-soa-ttl-cache <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
|
|
||||||
|
plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
|
||||||
|
|
||||||
|
remote-servers <string> [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
server <netprefix> {
|
||||||
|
bogus <boolean>;
|
||||||
|
edns <boolean>;
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
edns-version <integer>;
|
||||||
|
keys <server_key>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
padding <integer>;
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
query-source [ address ] ( <ipv4_address> | * );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * );
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
require-cookie <boolean>;
|
||||||
|
send-cookie <boolean>;
|
||||||
|
tcp-keepalive <boolean>;
|
||||||
|
tcp-only <boolean>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
transfers <integer>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
statistics-channels {
|
||||||
|
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | * ) ] [ allow { <address_match_element>; ... } ]; // may occur multiple times
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
tls <string> {
|
||||||
|
ca-file <quoted_string>;
|
||||||
|
cert-file <quoted_string>;
|
||||||
|
cipher-suites <string>;
|
||||||
|
ciphers <string>;
|
||||||
|
dhparam-file <quoted_string>;
|
||||||
|
key-file <quoted_string>;
|
||||||
|
prefer-server-ciphers <boolean>;
|
||||||
|
protocols { <string>; ... };
|
||||||
|
remote-hostname <quoted_string>;
|
||||||
|
session-tickets <boolean>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
|
||||||
|
|
||||||
|
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
||||||
|
|
||||||
|
view <string> [ <class> ] {
|
||||||
|
allow-new-zones <boolean>;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-proxy { <address_match_element>; ... }; // experimental
|
||||||
|
allow-proxy-on { <address_match_element>; ... }; // experimental
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-cache { <address_match_element>; ... };
|
||||||
|
allow-query-cache-on { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-recursion { <address_match_element>; ... };
|
||||||
|
allow-recursion-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
attach-cache <string>;
|
||||||
|
auth-nxdomain <boolean>;
|
||||||
|
catalog-zones { zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... } ] [ zone-directory <quoted_string> ] [ in-memory <boolean> ] [ min-update-interval <duration> ]; ... };
|
||||||
|
check-dup-records ( fail | warn | ignore );
|
||||||
|
check-integrity <boolean>;
|
||||||
|
check-mx ( fail | warn | ignore );
|
||||||
|
check-mx-cname ( fail | warn | ignore );
|
||||||
|
check-names ( primary | master | secondary | slave | response ) ( fail | warn | ignore ); // may occur multiple times
|
||||||
|
check-sibling <boolean>;
|
||||||
|
check-spf ( warn | ignore );
|
||||||
|
check-srv-cname ( fail | warn | ignore );
|
||||||
|
check-svcb <boolean>;
|
||||||
|
check-wildcard <boolean>;
|
||||||
|
clients-per-query <integer>;
|
||||||
|
deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
|
||||||
|
deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
disable-algorithms <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-ds-digests <string> { <string>; ... }; // may occur multiple times
|
||||||
|
disable-empty-zone <string>; // may occur multiple times
|
||||||
|
dlz <string> {
|
||||||
|
database <string>;
|
||||||
|
search <boolean>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
dns64 <netprefix> {
|
||||||
|
break-dnssec <boolean>;
|
||||||
|
clients { <address_match_element>; ... };
|
||||||
|
exclude { <address_match_element>; ... };
|
||||||
|
mapped { <address_match_element>; ... };
|
||||||
|
recursive-only <boolean>;
|
||||||
|
suffix <ipv6_address>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
dns64-contact <string>;
|
||||||
|
dns64-server <string>;
|
||||||
|
dnskey-sig-validity <integer>; // obsolete
|
||||||
|
dnsrps-enable <boolean>; // not configured
|
||||||
|
dnsrps-options { <unspecified-text> }; // not configured
|
||||||
|
dnssec-accept-expired <boolean>;
|
||||||
|
dnssec-dnskey-kskonly <boolean>; // obsolete
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-must-be-secure <string> <boolean>; // may occur multiple times, deprecated
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-secure-to-insecure <boolean>; // obsolete
|
||||||
|
dnssec-update-mode ( maintain | no-resign ) ; // obsolete
|
||||||
|
dnssec-validation ( yes | no | auto );
|
||||||
|
dnstap { ( all | auth | client | forwarder | resolver | update ) [ ( query | response ) ]; ... }; // not configured
|
||||||
|
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
||||||
|
dyndb <string> <quoted_string> { <unspecified-text> }; // may occur multiple times
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
empty-contact <string>;
|
||||||
|
empty-server <string>;
|
||||||
|
empty-zones-enable <boolean>;
|
||||||
|
fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
|
||||||
|
fetches-per-server <integer> [ ( drop | fail ) ];
|
||||||
|
fetches-per-zone <integer> [ ( drop | fail ) ];
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
ipv4only-contact <string>;
|
||||||
|
ipv4only-enable <boolean>;
|
||||||
|
ipv4only-server <string>;
|
||||||
|
ixfr-from-differences ( primary | master | secondary | slave | <boolean> );
|
||||||
|
key <string> {
|
||||||
|
algorithm <string>;
|
||||||
|
secret <string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
lame-ttl <duration>;
|
||||||
|
lmdb-mapsize <sizeval>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
match-clients { <address_match_element>; ... };
|
||||||
|
match-destinations { <address_match_element>; ... };
|
||||||
|
match-recursive-only <boolean>;
|
||||||
|
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
|
||||||
|
max-cache-ttl <duration>;
|
||||||
|
max-clients-per-query <integer>;
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-ncache-ttl <duration>;
|
||||||
|
max-query-count <integer>;
|
||||||
|
max-query-restarts <integer>;
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-recursion-depth <integer>;
|
||||||
|
max-recursion-queries <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-stale-ttl <duration>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
max-validation-failures-per-fetch <integer>; // experimental
|
||||||
|
max-validations-per-fetch <integer>; // experimental
|
||||||
|
message-compression <boolean>;
|
||||||
|
min-cache-ttl <duration>;
|
||||||
|
min-ncache-ttl <duration>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
min-transfer-rate-in <integer> <integer>;
|
||||||
|
minimal-any <boolean>;
|
||||||
|
minimal-responses ( no-auth | no-auth-recursive | <boolean> );
|
||||||
|
multi-master <boolean>;
|
||||||
|
new-zones-directory <quoted_string>;
|
||||||
|
no-case-compress { <address_match_element>; ... };
|
||||||
|
nocookie-udp-size <integer>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-defer <integer>;
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
nta-lifetime <duration>;
|
||||||
|
nta-recheck <duration>;
|
||||||
|
nxdomain-redirect <string>;
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
plugin ( query ) <string> [ { <unspecified-text> } ]; // may occur multiple times
|
||||||
|
preferred-glue <string>;
|
||||||
|
prefetch <integer> [ <integer> ];
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
qname-minimization ( strict | relaxed | disabled | off );
|
||||||
|
query-source [ address ] ( <ipv4_address> | * | none );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * | none );
|
||||||
|
rate-limit {
|
||||||
|
all-per-second <integer>;
|
||||||
|
errors-per-second <integer>;
|
||||||
|
exempt-clients { <address_match_element>; ... };
|
||||||
|
ipv4-prefix-length <integer>;
|
||||||
|
ipv6-prefix-length <integer>;
|
||||||
|
log-only <boolean>;
|
||||||
|
max-table-size <integer>;
|
||||||
|
min-table-size <integer>;
|
||||||
|
nodata-per-second <integer>;
|
||||||
|
nxdomains-per-second <integer>;
|
||||||
|
qps-scale <integer>;
|
||||||
|
referrals-per-second <integer>;
|
||||||
|
responses-per-second <integer>;
|
||||||
|
slip <integer>;
|
||||||
|
window <integer>;
|
||||||
|
};
|
||||||
|
recursion <boolean>;
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
require-server-cookie <boolean>;
|
||||||
|
resolver-query-timeout <integer>;
|
||||||
|
resolver-use-dns64 <boolean>;
|
||||||
|
response-padding { <address_match_element>; ... } block-size <integer>;
|
||||||
|
response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ servfail-until-ready <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
|
||||||
|
root-key-sentinel <boolean>;
|
||||||
|
rrset-order { [ class <string> ] [ type <string> ] [ name <quoted_string> ] <string> <string>; ... };
|
||||||
|
send-cookie <boolean>;
|
||||||
|
serial-update-method ( date | increment | unixtime );
|
||||||
|
server <netprefix> {
|
||||||
|
bogus <boolean>;
|
||||||
|
edns <boolean>;
|
||||||
|
edns-udp-size <integer>;
|
||||||
|
edns-version <integer>;
|
||||||
|
keys <server_key>;
|
||||||
|
max-udp-size <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
padding <integer>;
|
||||||
|
provide-ixfr <boolean>;
|
||||||
|
query-source [ address ] ( <ipv4_address> | * );
|
||||||
|
query-source-v6 [ address ] ( <ipv6_address> | * );
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
request-nsid <boolean>;
|
||||||
|
require-cookie <boolean>;
|
||||||
|
send-cookie <boolean>;
|
||||||
|
tcp-keepalive <boolean>;
|
||||||
|
tcp-only <boolean>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
transfers <integer>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
servfail-ttl <duration>;
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||||
|
sig0-key-checks-limit <integer>;
|
||||||
|
sig0-message-checks-limit <integer>;
|
||||||
|
sortlist { <address_match_element>; ... }; // deprecated
|
||||||
|
stale-answer-client-timeout ( disabled | off | <integer> );
|
||||||
|
stale-answer-enable <boolean>;
|
||||||
|
stale-answer-ttl <duration>;
|
||||||
|
stale-cache-enable <boolean>;
|
||||||
|
stale-refresh-time <duration>;
|
||||||
|
synth-from-dnssec <boolean>;
|
||||||
|
transfer-format ( many-answers | one-answer );
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
trust-anchor-telemetry <boolean>;
|
||||||
|
trust-anchors { <string> ( static-key | initial-key | static-ds | initial-ds ) <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times
|
||||||
|
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... }; // may occur multiple times, deprecated
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
v6-bias <integer>;
|
||||||
|
validate-except { <string>; ... };
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zero-no-soa-ttl-cache <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
}; // may occur multiple times
|
||||||
@@ -0,0 +1,63 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type primary;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
check-dup-records ( fail | warn | ignore );
|
||||||
|
check-integrity <boolean>;
|
||||||
|
check-mx ( fail | warn | ignore );
|
||||||
|
check-mx-cname ( fail | warn | ignore );
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
check-sibling <boolean>;
|
||||||
|
check-spf ( warn | ignore );
|
||||||
|
check-srv-cname ( fail | warn | ignore );
|
||||||
|
check-svcb <boolean>;
|
||||||
|
check-wildcard <boolean>;
|
||||||
|
checkds ( explicit | <boolean> );
|
||||||
|
database <string>;
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
dlz <string>;
|
||||||
|
dnskey-sig-validity <integer>; // obsolete
|
||||||
|
dnssec-dnskey-kskonly <boolean>; // obsolete
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-secure-to-insecure <boolean>; // obsolete
|
||||||
|
dnssec-update-mode ( maintain | no-resign ) ; // obsolete
|
||||||
|
file <quoted_string>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
inline-signing <boolean>;
|
||||||
|
ixfr-from-differences <boolean>;
|
||||||
|
journal <quoted_string>;
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-zone-ttl ( unlimited | <duration> ); // deprecated
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-defer <integer>;
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
serial-update-method ( date | increment | unixtime );
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||||
|
update-policy ( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>; ... } );
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type redirect;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
dlz <string>;
|
||||||
|
file <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
max-zone-ttl ( unlimited | <duration> ); // deprecated
|
||||||
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
key <string> {
|
||||||
|
algorithm <string>;
|
||||||
|
secret <string>;
|
||||||
|
}; // may occur multiple times
|
||||||
|
|
||||||
|
options {
|
||||||
|
default-key <string>;
|
||||||
|
default-port <integer>;
|
||||||
|
default-server <string>;
|
||||||
|
default-source-address ( <ipv4_address> | * );
|
||||||
|
default-source-address-v6 ( <ipv6_address> | * );
|
||||||
|
};
|
||||||
|
|
||||||
|
server <string> {
|
||||||
|
addresses { ( <quoted_string> [ port <integer> ] | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ); ... };
|
||||||
|
key <string>;
|
||||||
|
port <integer>;
|
||||||
|
source-address ( <ipv4_address> | * );
|
||||||
|
source-address-v6 ( <ipv6_address> | * );
|
||||||
|
}; // may occur multiple times
|
||||||
@@ -0,0 +1,66 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type secondary;
|
||||||
|
allow-notify { <address_match_element>; ... };
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
allow-transfer [ port <integer> ] [ transport <string> ] { <address_match_element>; ... };
|
||||||
|
allow-update-forwarding { <address_match_element>; ... };
|
||||||
|
also-notify [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
checkds ( explicit | <boolean> );
|
||||||
|
database <string>;
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
dlz <string>;
|
||||||
|
dnskey-sig-validity <integer>; // obsolete
|
||||||
|
dnssec-dnskey-kskonly <boolean>; // obsolete
|
||||||
|
dnssec-loadkeys-interval <integer>;
|
||||||
|
dnssec-policy <string>;
|
||||||
|
dnssec-update-mode ( maintain | no-resign ) ; // obsolete
|
||||||
|
file <quoted_string>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
inline-signing <boolean>;
|
||||||
|
ixfr-from-differences <boolean>;
|
||||||
|
journal <quoted_string>;
|
||||||
|
key-directory <quoted_string>;
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-ixfr-ratio ( unlimited | <percentage> );
|
||||||
|
max-journal-size ( default | unlimited | <sizeval> );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-idle-out <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-transfer-time-out <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
min-transfer-rate-in <integer> <integer>;
|
||||||
|
multi-master <boolean>;
|
||||||
|
notify ( explicit | master-only | primary-only | <boolean> );
|
||||||
|
notify-defer <integer>;
|
||||||
|
notify-delay <integer>;
|
||||||
|
notify-source ( <ipv4_address> | * ) ;
|
||||||
|
notify-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
notify-to-soa <boolean>;
|
||||||
|
nsec3-test-zone <boolean>; // test only
|
||||||
|
parental-agents [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
parental-source ( <ipv4_address> | * ) ;
|
||||||
|
parental-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
request-expire <boolean>;
|
||||||
|
request-ixfr <boolean>;
|
||||||
|
sig-signing-nodes <integer>;
|
||||||
|
sig-signing-signatures <integer>;
|
||||||
|
sig-signing-type <integer>;
|
||||||
|
sig-validity-interval <integer> [ <integer> ]; // obsolete
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
try-tcp-refresh <boolean>;
|
||||||
|
update-check-ksk <boolean>; // obsolete
|
||||||
|
zero-no-soa-ttl <boolean>;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type static-stub;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
|
||||||
|
server-names { <string>; ... };
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,28 @@
|
|||||||
|
zone <string> [ <class> ] {
|
||||||
|
type stub;
|
||||||
|
allow-query { <address_match_element>; ... };
|
||||||
|
allow-query-on { <address_match_element>; ... };
|
||||||
|
check-names ( fail | warn | ignore );
|
||||||
|
database <string>;
|
||||||
|
dialup ( notify | notify-passive | passive | refresh | <boolean> ); // deprecated
|
||||||
|
file <quoted_string>;
|
||||||
|
forward ( first | only );
|
||||||
|
forwarders [ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... };
|
||||||
|
masterfile-format ( raw | text );
|
||||||
|
masterfile-style ( full | relative );
|
||||||
|
max-records <integer>;
|
||||||
|
max-records-per-type <integer>;
|
||||||
|
max-refresh-time <integer>;
|
||||||
|
max-retry-time <integer>;
|
||||||
|
max-transfer-idle-in <integer>;
|
||||||
|
max-transfer-time-in <integer>;
|
||||||
|
max-types-per-name <integer>;
|
||||||
|
min-refresh-time <integer>;
|
||||||
|
min-retry-time <integer>;
|
||||||
|
min-transfer-rate-in <integer> <integer>;
|
||||||
|
multi-master <boolean>;
|
||||||
|
primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
|
||||||
|
transfer-source ( <ipv4_address> | * ) ;
|
||||||
|
transfer-source-v6 ( <ipv6_address> | * ) ;
|
||||||
|
zone-statistics ( full | terse | none | <boolean> );
|
||||||
|
};
|
||||||
@@ -0,0 +1,85 @@
|
|||||||
|
{
|
||||||
|
"zone": {
|
||||||
|
"_id": "<string> [ <class> ]",
|
||||||
|
"_mapbody": {
|
||||||
|
"type": {
|
||||||
|
"_grammar": "stub"
|
||||||
|
},
|
||||||
|
"allow-query": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"allow-query-on": {
|
||||||
|
"_grammar": "{ <address_match_element>; ... }"
|
||||||
|
},
|
||||||
|
"check-names": {
|
||||||
|
"_grammar": "( fail | warn | ignore )"
|
||||||
|
},
|
||||||
|
"database": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"file": {
|
||||||
|
"_grammar": "<quoted_string>"
|
||||||
|
},
|
||||||
|
"forward": {
|
||||||
|
"_grammar": "( first | only )"
|
||||||
|
},
|
||||||
|
"forwarders": {
|
||||||
|
"_grammar": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"masterfile-format": {
|
||||||
|
"_grammar": "( raw | text )"
|
||||||
|
},
|
||||||
|
"masterfile-style": {
|
||||||
|
"_grammar": "( full | relative )"
|
||||||
|
},
|
||||||
|
"max-records": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-records-per-type": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-idle-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-transfer-time-in": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"max-types-per-name": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-refresh-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-retry-time": {
|
||||||
|
"_grammar": "<integer>"
|
||||||
|
},
|
||||||
|
"min-transfer-rate-in": {
|
||||||
|
"_grammar": "<integer> <integer>"
|
||||||
|
},
|
||||||
|
"multi-master": {
|
||||||
|
"_grammar": "<boolean>"
|
||||||
|
},
|
||||||
|
"primaries": {
|
||||||
|
"_grammar": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... }"
|
||||||
|
},
|
||||||
|
"template": {
|
||||||
|
"_grammar": "<string>"
|
||||||
|
},
|
||||||
|
"transfer-source": {
|
||||||
|
"_grammar": "( <ipv4_address> | * )"
|
||||||
|
},
|
||||||
|
"transfer-source-v6": {
|
||||||
|
"_grammar": "( <ipv6_address> | * )"
|
||||||
|
},
|
||||||
|
"zone-statistics": {
|
||||||
|
"_grammar": "( full | terse | none | <boolean> )"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
+8
-8
@@ -16,7 +16,6 @@ bind9_config_indent: 4
|
|||||||
bind9_group_config: []
|
bind9_group_config: []
|
||||||
bind9_site_config: []
|
bind9_site_config: []
|
||||||
bind9_host_config: []
|
bind9_host_config: []
|
||||||
|
|
||||||
bind9_default_config:
|
bind9_default_config:
|
||||||
- name: named.conf
|
- name: named.conf
|
||||||
backup: false
|
backup: false
|
||||||
@@ -28,10 +27,11 @@ bind9_default_config:
|
|||||||
options:
|
options:
|
||||||
directory: "{{ bind9_working_directory }}"
|
directory: "{{ bind9_working_directory }}"
|
||||||
|
|
||||||
bind9_config: "{{ [bind9_default_config,
|
bind9_config: >-
|
||||||
bind9_group_config,
|
{{
|
||||||
bind9_site_config,
|
[bind9_default_config,
|
||||||
bind9_host_config] |
|
bind9_group_config,
|
||||||
community.general.lists_mergeby('name',
|
bind9_site_config,
|
||||||
recursive=true,
|
bind9_host_config] |
|
||||||
list_merge='append_rp') }}"
|
community.general.lists_mergeby('name', recursive=true, list_merge='append_rp')
|
||||||
|
}}
|
||||||
|
|||||||
@@ -0,0 +1,233 @@
|
|||||||
|
# BIND9 9.20 Support Implementation Guide
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This document describes the ansible-bind9-role strategy for BIND9 9.20+ support through a dedicated version branch.
|
||||||
|
|
||||||
|
The current implementation uses branch-level compatibility boundaries instead of runtime version detection. The main branch targets BIND9 9.18.x LTS, while the 9.20 branch targets BIND9 9.20+ feature releases.
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
|
||||||
|
### Branch-Based Support Strategy
|
||||||
|
|
||||||
|
The role uses branch-only support boundaries:
|
||||||
|
|
||||||
|
1. `main` branch: BIND9 9.18.x LTS support for production-stable deployments.
|
||||||
|
2. `9.20` branch: BIND9 9.20+ feature-release support with version-specific templates, grammar data, tests, and documentation.
|
||||||
|
|
||||||
|
The role does not currently detect BIND9 versions at runtime and does not use runtime version conditionals in templates. Each branch is expected to be tested against the BIND9 series it supports.
|
||||||
|
|
||||||
|
This approach is preferred because:
|
||||||
|
|
||||||
|
- compatibility boundaries are clear for users and maintainers;
|
||||||
|
- templates avoid cross-version conditional complexity;
|
||||||
|
- each branch can evolve with the grammar and package behavior of its target BIND9 series;
|
||||||
|
- generated configuration does not silently change based on the installed package version.
|
||||||
|
|
||||||
|
### Branch Structure
|
||||||
|
|
||||||
|
```
|
||||||
|
main # BIND9 9.18.x LTS support
|
||||||
|
│
|
||||||
|
└─ 9.20 # BIND9 9.20+ feature-release support
|
||||||
|
└─ feature/* # Short-lived feature branches targeting 9.20
|
||||||
|
```
|
||||||
|
|
||||||
|
## Implementation Details
|
||||||
|
|
||||||
|
### 1. Task Flow
|
||||||
|
|
||||||
|
1. Install the configured BIND9 packages from `bind9_packages`.
|
||||||
|
2. Ensure backup and logging directories exist when enabled or configured.
|
||||||
|
3. Render configured BIND9 files through `named.conf.generator.j2`.
|
||||||
|
4. Validate the generated configuration with `named-checkconf -z`.
|
||||||
|
5. Restore backed-up configuration files if validation fails.
|
||||||
|
6. Start and enable the `named` service.
|
||||||
|
|
||||||
|
There is no runtime `bind9_version` fact in this flow.
|
||||||
|
|
||||||
|
### 2. Meta/Argument Specs Updates
|
||||||
|
|
||||||
|
The `meta/argument_specs.yml` file documents the public role inputs for the current branch. It must not document runtime-only variables that the role does not set or consume.
|
||||||
|
|
||||||
|
### 3. Molecule Testing
|
||||||
|
|
||||||
|
Two molecule scenarios are now available:
|
||||||
|
|
||||||
|
#### Default Scenario (BIND9 9.18.x)
|
||||||
|
- **Location**: `molecule/default/`
|
||||||
|
- **Platform**: Debian 13 (Trixie) with BIND9 9.18.x
|
||||||
|
- **Purpose**: Validate production-stable configurations
|
||||||
|
|
||||||
|
#### BIND9 9.20 Scenario
|
||||||
|
- **Location**: `molecule/bind9-20/`
|
||||||
|
- **Platform**: Ubuntu 24.04 LTS with BIND9 9.20+
|
||||||
|
- **Purpose**: Validate newer configurations and breaking changes
|
||||||
|
- **Tests**: Forward zones, TLS, DNSTAP, modern DNSSEC
|
||||||
|
|
||||||
|
### 4. Template Version Compatibility
|
||||||
|
|
||||||
|
Templates in each version branch should be audited for the BIND9 series targeted by that branch. The primary template files include:
|
||||||
|
|
||||||
|
- `named.conf.options.j2` - Global options block
|
||||||
|
- `named.conf.zone.j2` - Zone definitions
|
||||||
|
- `named.conf.primaries.j2` - Primary/secondary definitions
|
||||||
|
- `named.conf.tls.j2` - TLS configurations (9.20 focus)
|
||||||
|
- `named.conf.dnssec-policy.j2` - DNSSEC policies
|
||||||
|
|
||||||
|
### 5. Deprecated Options Handling
|
||||||
|
|
||||||
|
BIND9 9.20 removes 44 options from 9.18. The 9.20 branch should handle this through:
|
||||||
|
|
||||||
|
1. **Documentation**: Each deprecated option is documented in BIND9_MIGRATION_GUIDE.md
|
||||||
|
2. **Branch-specific templates**: Templates on the 9.20 branch omit removed options
|
||||||
|
3. **Migration Path**: BIND9_MIGRATION_GUIDE.md provides alternatives for each removed option
|
||||||
|
|
||||||
|
## Critical BIND9 9.20 Changes
|
||||||
|
|
||||||
|
### Automatically Enabled Options
|
||||||
|
|
||||||
|
These cannot and should not be configured (always enabled in 9.20):
|
||||||
|
|
||||||
|
- `glue-cache` - Glue records are always cached
|
||||||
|
- `keep-response-order` - Response ordering is always enabled
|
||||||
|
- `reuse` - TCP socket reuse is always enabled
|
||||||
|
|
||||||
|
### Removed Global Options
|
||||||
|
|
||||||
|
Key removed options requiring configuration changes:
|
||||||
|
|
||||||
|
| 9.18 Option | 9.20 Replacement |
|
||||||
|
|---|---|
|
||||||
|
| `alt-transfer-source` | Use TLS in `primaries` statement |
|
||||||
|
| `alt-transfer-source-v6` | Use TLS in `primaries` statement |
|
||||||
|
| `auto-dnssec` | Automatic (DNSSEC always managed) |
|
||||||
|
| `dsc` | Use TLS configuration instead |
|
||||||
|
| `gssapi-credential` | Use TSIG + TLS instead |
|
||||||
|
| `heartbeat-interval` | Zone transfer monitoring improved |
|
||||||
|
| `lock-file` | OS-level locking used |
|
||||||
|
| `max-zone-ttl` | Use per-zone option instead |
|
||||||
|
| `parental-agents` | Use enhanced `primaries` statement |
|
||||||
|
| `parental-registration-delay` | Zone monitoring improved |
|
||||||
|
| `root-delegation-only` | Zone constraints |
|
||||||
|
| `suppress-initial-notify` | NOTIFY behavior changed |
|
||||||
|
| `tkeydhkey` | Use modern TLS/DNSSEC |
|
||||||
|
| `tkeygsapi-credential` | Use TSIG + TLS |
|
||||||
|
|
||||||
|
### New 9.20 Features
|
||||||
|
|
||||||
|
- **Native TLS/DoT Support**: Zone transfers over TLS
|
||||||
|
- **Automatic DNSSEC Management**: DNSSEC is handled automatically
|
||||||
|
- **Enhanced HTTP/HTTPS Server**: Built-in HTTP API
|
||||||
|
- **Better Resolver Behavior**: Improved retry and fallback logic
|
||||||
|
- **Query Monitoring**: Advanced query tracking and statistics
|
||||||
|
|
||||||
|
## Configuration Changes for 9.20
|
||||||
|
|
||||||
|
### Before (BIND9 9.18.x)
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
alt_transfer_source: 10.0.1.1
|
||||||
|
glue_cache: yes
|
||||||
|
parental_agents:
|
||||||
|
- 192.0.2.1
|
||||||
|
- 192.0.2.2
|
||||||
|
```
|
||||||
|
|
||||||
|
### After (BIND9 9.20+)
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
# Removed: alt_transfer_source, glue_cache, parental_agents
|
||||||
|
# Instead use TLS and enhanced primaries statement
|
||||||
|
- name: named.conf.zone
|
||||||
|
zones:
|
||||||
|
- name: example.com
|
||||||
|
type: secondary
|
||||||
|
primaries:
|
||||||
|
- address: 192.0.2.1
|
||||||
|
tls: zone-transfer-tls # New 9.20 approach
|
||||||
|
- address: 192.0.2.2
|
||||||
|
tls: zone-transfer-tls
|
||||||
|
```
|
||||||
|
|
||||||
|
## Testing the Implementation
|
||||||
|
|
||||||
|
### Running Molecule Tests
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Test both scenarios
|
||||||
|
molecule test
|
||||||
|
|
||||||
|
# Test only 9.18 scenario
|
||||||
|
molecule test -s default
|
||||||
|
|
||||||
|
# Test only 9.20 scenario
|
||||||
|
molecule test -s bind9-20
|
||||||
|
|
||||||
|
# Interactive testing
|
||||||
|
molecule create -s bind9-20
|
||||||
|
molecule converge -s bind9-20
|
||||||
|
molecule verify -s bind9-20
|
||||||
|
```
|
||||||
|
|
||||||
|
### Manual Validation
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Check BIND9 version
|
||||||
|
named -v
|
||||||
|
|
||||||
|
# Validate configuration syntax
|
||||||
|
named-checkconf /etc/bind/named.conf
|
||||||
|
|
||||||
|
# Check logs for version-related messages
|
||||||
|
journalctl -u named -n 50 -e
|
||||||
|
tail -f /var/log/named/default.log
|
||||||
|
```
|
||||||
|
|
||||||
|
## Migration Path
|
||||||
|
|
||||||
|
Users upgrading from 9.18 to 9.20 should:
|
||||||
|
|
||||||
|
1. **Review Configuration**: Check `BIND9_MIGRATION_GUIDE.md` for breaking changes
|
||||||
|
2. **Update Playbooks**: Remove deprecated variables/options
|
||||||
|
3. **Test in Staging**: Use `molecule test -s bind9-20` to validate
|
||||||
|
4. **Gradual Migration**: Test on non-critical servers first
|
||||||
|
5. **Monitor Logs**: Watch for deprecation or error messages
|
||||||
|
|
||||||
|
## Future Enhancements
|
||||||
|
|
||||||
|
- [ ] Automated configuration migration tool
|
||||||
|
- [ ] Deprecation warnings in role output
|
||||||
|
- [ ] Runtime version detection if branch-per-version maintenance becomes insufficient
|
||||||
|
- [ ] Template conditionals only if a future design intentionally supports multiple BIND9 series from one branch
|
||||||
|
- [ ] 9.21+ preparation when available
|
||||||
|
- [ ] Performance tuning for 9.20 features
|
||||||
|
- [ ] DNS-over-HTTPS (DoH) support
|
||||||
|
- [ ] Clustering/high-availability examples
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
- [ISC BIND9 Website](https://www.isc.org/bind/)
|
||||||
|
- [BIND9 9.20 Release Notes](https://www.isc.org/download/news/)
|
||||||
|
- [BIND9 Documentation](https://bind9.readthedocs.io/)
|
||||||
|
- [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md)
|
||||||
|
- [BIND9 Migration Guide](BIND9_MIGRATION_GUIDE.md)
|
||||||
|
- [VERSION_SUPPORT.md](VERSION_SUPPORT.md)
|
||||||
|
|
||||||
|
## Support
|
||||||
|
|
||||||
|
For issues or questions about BIND9 9.20 support:
|
||||||
|
|
||||||
|
1. Check existing [Issues](https://git.valid.dk/daniel/ansible-bind9-role/issues)
|
||||||
|
2. Review [Discussions](https://git.valid.dk/daniel/ansible-bind9-role/discussions)
|
||||||
|
3. Create a new issue with:
|
||||||
|
- BIND9 version (`named -v`)
|
||||||
|
- Playbook configuration
|
||||||
|
- Error messages from logs
|
||||||
|
- Steps to reproduce
|
||||||
@@ -0,0 +1,478 @@
|
|||||||
|
# BIND9 9.18 to 9.20 Migration Guide
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This guide provides step-by-step instructions for migrating BIND9 configurations from version 9.18.x (LTS) to version 9.20.x.
|
||||||
|
|
||||||
|
**Important:** BIND9 9.20 introduces 44 breaking changes. Before upgrading, carefully review this guide and test in a development environment.
|
||||||
|
|
||||||
|
For detailed technical differences between versions, see [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md).
|
||||||
|
|
||||||
|
## Table of Contents
|
||||||
|
|
||||||
|
1. [Pre-Migration Planning](#pre-migration-planning)
|
||||||
|
2. [Breaking Changes Summary](#breaking-changes-summary)
|
||||||
|
3. [Migration Steps](#migration-steps)
|
||||||
|
4. [Configuration Examples](#configuration-examples)
|
||||||
|
5. [Role-Specific Changes](#role-specific-changes)
|
||||||
|
6. [Testing Recommendations](#testing-recommendations)
|
||||||
|
7. [Rollback Procedure](#rollback-procedure)
|
||||||
|
|
||||||
|
## Pre-Migration Planning
|
||||||
|
|
||||||
|
### Check Your Configuration
|
||||||
|
|
||||||
|
Before upgrading, identify which BIND9 options your configuration uses:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Check for options that will be removed
|
||||||
|
named-checkconf -p /etc/bind/named.conf | \
|
||||||
|
grep -E "alt-transfer-source|auto-dnssec|coresize|datasize|glue-cache"
|
||||||
|
```
|
||||||
|
|
||||||
|
### Create Backups
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Backup all BIND configuration
|
||||||
|
cp -r /etc/bind /data/backup/bind.9.18.backup
|
||||||
|
|
||||||
|
# Backup BIND data
|
||||||
|
cp -r /var/lib/bind /data/backup/bind.9.18.data
|
||||||
|
cp -r /var/cache/bind /data/backup/bind.9.18.cache
|
||||||
|
```
|
||||||
|
|
||||||
|
### Review Version Support
|
||||||
|
|
||||||
|
This Ansible role is designed for BIND9 9.18.x. When upgrading to 9.20:
|
||||||
|
|
||||||
|
- The main branch will continue supporting 9.18.x
|
||||||
|
- A separate `9.20` branch will provide 9.20-specific templates and configurations
|
||||||
|
- Use the appropriate branch for your target BIND9 version
|
||||||
|
|
||||||
|
## Breaking Changes Summary
|
||||||
|
|
||||||
|
The following options are **removed** in BIND9 9.20 and will cause `named` to fail if present:
|
||||||
|
|
||||||
|
### Global Options (9.20 Breaking Changes)
|
||||||
|
|
||||||
|
- `alt-transfer-source` - Use TLS-based transfers instead
|
||||||
|
- `alt-transfer-source-v6` - Use TLS-based transfers instead
|
||||||
|
- `auto-dnssec` - DNSSEC management is automatic in 9.20
|
||||||
|
- `coresize` - System resource limits; use OS-level controls
|
||||||
|
- `datasize` - System resource limits; use OS-level controls
|
||||||
|
- `dscp` - Use TLS configuration instead
|
||||||
|
- `files` - System resource limits; use OS-level controls
|
||||||
|
- `glue-cache` - Always enabled in 9.20
|
||||||
|
- `heartbeat-interval` - Zone transfer changes
|
||||||
|
- `keep-response-order` - Always enabled in 9.20
|
||||||
|
- `lock-file` - Use system lock controls
|
||||||
|
- `maxz-zone-ttl` - Use `max-zone-ttl` instead (per-zone option)
|
||||||
|
- `parent-registration-delay` - Zone-delegation monitoring removed
|
||||||
|
- `parental-agents` - Use `primaries` statement with DNSSEC
|
||||||
|
- `primaries` - Replaced with enhanced syntax (see below)
|
||||||
|
- `random-device` - System entropy handling improved
|
||||||
|
- `recurse-ing-file` - Renamed to `recursing-file`
|
||||||
|
- `reserved-sockets` - Automatic in 9.20
|
||||||
|
- `resolver-nonbackoff-tries` - Resolver behavior changed
|
||||||
|
- `resolver-retry-interval` - Resolver behavior changed
|
||||||
|
- `reuse` - Always enabled in 9.20
|
||||||
|
- `root-delegation-only` - Removed; not needed in 9.20
|
||||||
|
- `stacksize` - System resource limits; use OS-level controls
|
||||||
|
- `suppress-initial-notify` - NOTIFY behavior changed
|
||||||
|
- `tkey-dhkey` - Use modern TLS/DNSSEC instead
|
||||||
|
- `tkey-gssapi-credential` - Use TSIG + TLS instead
|
||||||
|
|
||||||
|
### Zone-Type Specific Breaking Changes
|
||||||
|
|
||||||
|
#### All Zone Types
|
||||||
|
- `delegation-only` - Removed; use zone type constraints instead
|
||||||
|
- `alt-transfer-source[v6]` - Use TLS configuration
|
||||||
|
- `auto-dnssec` - DNSSEC management changes
|
||||||
|
- `use-alt-transfer-source` - Use TLS configuration
|
||||||
|
|
||||||
|
## Migration Steps
|
||||||
|
|
||||||
|
### Step 1: Identify Configuration Changes
|
||||||
|
|
||||||
|
Review your current `bind9_*_config` variables for any deprecated options:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Search your inventory and host_vars for these patterns
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
# These options must be removed or replaced:
|
||||||
|
# - alt_transfer_source
|
||||||
|
# - auto_dnssec
|
||||||
|
# - glue_cache
|
||||||
|
# ... etc
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 2: Update Ansible Variables
|
||||||
|
|
||||||
|
Replace deprecated options in your Ansible configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# BEFORE (BIND9 9.18)
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
alt_transfer_source: 10.0.1.1
|
||||||
|
glue_cache: yes
|
||||||
|
keep_response_order: yes
|
||||||
|
|
||||||
|
# AFTER (BIND9 9.20)
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
# alt_transfer_source removed - use TLS
|
||||||
|
# glue_cache removed - always enabled
|
||||||
|
# keep_response_order removed - always enabled
|
||||||
|
# Instead configure TLS for transfers
|
||||||
|
http:
|
||||||
|
preference: https
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 3: Update Primaries Configuration
|
||||||
|
|
||||||
|
The `primaries` statement syntax has changed:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# BEFORE (BIND9 9.18)
|
||||||
|
bind9_host_config:
|
||||||
|
- name: named.conf.view
|
||||||
|
view:
|
||||||
|
- name: internal
|
||||||
|
zone:
|
||||||
|
- name: example.com
|
||||||
|
type: secondary
|
||||||
|
primaries:
|
||||||
|
- 192.0.2.1
|
||||||
|
- 192.0.2.2
|
||||||
|
|
||||||
|
# AFTER (BIND9 9.20)
|
||||||
|
bind9_host_config:
|
||||||
|
- name: named.conf.view
|
||||||
|
view:
|
||||||
|
- name: internal
|
||||||
|
zone:
|
||||||
|
- name: example.com
|
||||||
|
type: secondary
|
||||||
|
primaries:
|
||||||
|
- address: 192.0.2.1
|
||||||
|
- address: 192.0.2.2
|
||||||
|
# Optional: TLS configuration
|
||||||
|
# tls: cert-name
|
||||||
|
# source: 10.0.1.1
|
||||||
|
# source_v6: "2001:db8::1"
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 4: Validate Configuration
|
||||||
|
|
||||||
|
Before deploying to production:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Validate syntax
|
||||||
|
named-checkconf /etc/bind/named.conf
|
||||||
|
|
||||||
|
# Check for deprecated options
|
||||||
|
grep -r "alt-transfer-source\|auto-dnssec\|glue-cache" /etc/bind/
|
||||||
|
```
|
||||||
|
|
||||||
|
### Step 5: Test Zone Operations
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Test zone transfers
|
||||||
|
dig @ns1.example.com example.com AXFR
|
||||||
|
|
||||||
|
# Test DNSSEC validation
|
||||||
|
dig @ns1.example.com example.com +dnssec
|
||||||
|
|
||||||
|
# Check BIND logs
|
||||||
|
journalctl -u bind9 -f
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration Examples
|
||||||
|
|
||||||
|
### Example 1: Simple Secondary Zone Migration
|
||||||
|
|
||||||
|
**BIND9 9.18 Configuration:**
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.view
|
||||||
|
view:
|
||||||
|
- name: "default"
|
||||||
|
recursion: yes
|
||||||
|
zone:
|
||||||
|
- name: "example.com"
|
||||||
|
type: "secondary"
|
||||||
|
file: "/var/lib/bind/example.com.zone"
|
||||||
|
primaries:
|
||||||
|
- 192.0.2.1
|
||||||
|
- 192.0.2.2
|
||||||
|
alt_transfer_source: 10.0.1.1
|
||||||
|
alt_transfer_source_v6: "2001:db8::1"
|
||||||
|
allow_transfer:
|
||||||
|
- 10.0.2.0/24
|
||||||
|
```
|
||||||
|
|
||||||
|
**BIND9 9.20 Configuration:**
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.view
|
||||||
|
view:
|
||||||
|
- name: "default"
|
||||||
|
recursion: yes
|
||||||
|
zone:
|
||||||
|
- name: "example.com"
|
||||||
|
type: "secondary"
|
||||||
|
file: "/var/lib/bind/example.com.zone"
|
||||||
|
primaries:
|
||||||
|
- address: 192.0.2.1
|
||||||
|
- address: 192.0.2.2
|
||||||
|
# alt_transfer_source removed - use TLS
|
||||||
|
# Configuration now uses single source per address:
|
||||||
|
allow_transfer:
|
||||||
|
- 10.0.2.0/24
|
||||||
|
```
|
||||||
|
|
||||||
|
### Example 2: DNSSEC Configuration Migration
|
||||||
|
|
||||||
|
**BIND9 9.18 Configuration:**
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
dnssec_policy: default
|
||||||
|
- name: named.conf.zone
|
||||||
|
zone:
|
||||||
|
- name: "example.com"
|
||||||
|
type: "primary"
|
||||||
|
file: "/var/lib/bind/example.com.zone"
|
||||||
|
auto_dnssec: maintain
|
||||||
|
inline_signing: yes
|
||||||
|
```
|
||||||
|
|
||||||
|
**BIND9 9.20 Configuration:**
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
dnssec_policy: default
|
||||||
|
- name: named.conf.zone
|
||||||
|
zone:
|
||||||
|
- name: "example.com"
|
||||||
|
type: "primary"
|
||||||
|
file: "/var/lib/bind/example.com.zone"
|
||||||
|
# auto_dnssec removed - DNSSEC management is automatic
|
||||||
|
dnssec_policy: default # Explicitly set policy
|
||||||
|
inline_signing: yes # Still supported
|
||||||
|
```
|
||||||
|
|
||||||
|
## Role-Specific Changes
|
||||||
|
|
||||||
|
### Branch Selection
|
||||||
|
|
||||||
|
When using this Ansible role with BIND9 9.20, you have two options:
|
||||||
|
|
||||||
|
#### Option 1: Use Main Branch (Recommended for 9.18)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Use main branch for BIND9 9.18
|
||||||
|
ansible-galaxy install daniel.ansible-bind9-role
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Option 2: Use 9.20 Branch (When Available)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Clone the 9.20 branch for BIND9 9.20 support
|
||||||
|
git clone --branch 9.20 https://git.valid.dk/daniel/ansible-bind9-role.git
|
||||||
|
```
|
||||||
|
|
||||||
|
### Template Variables
|
||||||
|
|
||||||
|
No Ansible variable names change between versions. However, the **values** for some variables may need adjustment:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Variable names stay the same (kebab-case → snake_case)
|
||||||
|
# Example: "alt-transfer-source" → "alt_transfer_source"
|
||||||
|
# Simply remove deprecated variables - they will be ignored
|
||||||
|
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
# Remove these:
|
||||||
|
# alt_transfer_source: ...
|
||||||
|
# auto_dnssec: ...
|
||||||
|
# glue_cache: ...
|
||||||
|
|
||||||
|
# These still work:
|
||||||
|
dnssec_validation: yes
|
||||||
|
recursion: yes
|
||||||
|
allow_query:
|
||||||
|
- any
|
||||||
|
```
|
||||||
|
|
||||||
|
### DNSSEC Policy Changes
|
||||||
|
|
||||||
|
BIND9 9.20 improves DNSSEC handling:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Both versions support dnssec_policy
|
||||||
|
bind9_default_config:
|
||||||
|
- name: named.conf.dnssec-policy
|
||||||
|
dnssec_policy:
|
||||||
|
- name: default
|
||||||
|
keys:
|
||||||
|
- lifetime: 3600
|
||||||
|
algorithm: ecdsap256sha256
|
||||||
|
role:
|
||||||
|
- ksk
|
||||||
|
- zsk
|
||||||
|
nsec3param:
|
||||||
|
iterations: 0
|
||||||
|
optout: no
|
||||||
|
salt_length: 32
|
||||||
|
```
|
||||||
|
|
||||||
|
## Testing Recommendations
|
||||||
|
|
||||||
|
### Test Environment Setup
|
||||||
|
|
||||||
|
Create a test playbook to validate migration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
# Test playbook for BIND9 9.20 migration
|
||||||
|
- hosts: test_servers
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Apply BIND9 9.20 configuration
|
||||||
|
include_role:
|
||||||
|
name: ansible-bind9-role
|
||||||
|
|
||||||
|
- name: Validate configuration
|
||||||
|
command: named-checkconf /etc/bind/named.conf
|
||||||
|
register: config_check
|
||||||
|
failed_when: config_check.rc != 0
|
||||||
|
|
||||||
|
- name: Test zone transfers
|
||||||
|
command: >
|
||||||
|
dig @localhost example.com AXFR
|
||||||
|
register: zone_transfer
|
||||||
|
|
||||||
|
- name: Test DNSSEC validation
|
||||||
|
command: >
|
||||||
|
dig @localhost example.com +dnssec
|
||||||
|
register: dnssec_test
|
||||||
|
|
||||||
|
- name: Check BIND status
|
||||||
|
systemd:
|
||||||
|
name: bind9
|
||||||
|
state: started
|
||||||
|
register: bind_status
|
||||||
|
```
|
||||||
|
|
||||||
|
### Validation Checklist
|
||||||
|
|
||||||
|
- [ ] Configuration syntax valid (`named-checkconf`)
|
||||||
|
- [ ] BIND9 service starts without errors
|
||||||
|
- [ ] All zones load successfully
|
||||||
|
- [ ] Zone transfers complete successfully
|
||||||
|
- [ ] Queries resolve correctly
|
||||||
|
- [ ] DNSSEC validation works
|
||||||
|
- [ ] Secondary zones receive updates
|
||||||
|
- [ ] No errors in BIND logs
|
||||||
|
- [ ] Performance is acceptable
|
||||||
|
|
||||||
|
## Rollback Procedure
|
||||||
|
|
||||||
|
If issues occur after migration:
|
||||||
|
|
||||||
|
### Immediate Rollback
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Stop BIND9
|
||||||
|
systemctl stop bind9
|
||||||
|
|
||||||
|
# Restore configuration backup
|
||||||
|
rm -rf /etc/bind
|
||||||
|
cp -r /data/backup/bind.9.18.backup /etc/bind
|
||||||
|
|
||||||
|
# Restore zone files
|
||||||
|
rm -rf /var/lib/bind
|
||||||
|
cp -r /data/backup/bind.9.18.data /var/lib/bind
|
||||||
|
cp -r /data/backup/bind.9.18.cache /var/cache/bind
|
||||||
|
|
||||||
|
# Restore BIND9 package
|
||||||
|
apt-get install --reinstall bind9=1:9.18.44-1+0~20240101.3+debian~bullseye+1+sury+1
|
||||||
|
|
||||||
|
# Start BIND9
|
||||||
|
systemctl start bind9
|
||||||
|
|
||||||
|
# Verify
|
||||||
|
systemctl status bind9
|
||||||
|
dig @localhost example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
### Using Ansible Rollback
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
- hosts: bind_servers
|
||||||
|
tasks:
|
||||||
|
- name: Restore BIND9 9.18 package
|
||||||
|
apt:
|
||||||
|
name: bind9=1:9.18.44-1+0~20240101.3+debian~bullseye+1+sury+1
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Restore configuration from backup
|
||||||
|
synchronize:
|
||||||
|
src: /data/backup/bind.9.18.backup/
|
||||||
|
dest: /etc/bind/
|
||||||
|
delete: yes
|
||||||
|
mode: push
|
||||||
|
|
||||||
|
- name: Restart BIND9
|
||||||
|
systemd:
|
||||||
|
name: bind9
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
```
|
||||||
|
|
||||||
|
## Additional Resources
|
||||||
|
|
||||||
|
- [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md) - Technical comparison
|
||||||
|
- [ISC BIND9 Release Notes](https://www.isc.org/bind/) - Official documentation
|
||||||
|
- [BIND9 9.20 Features](https://bind.readthedocs.io/en/latest/) - Feature details
|
||||||
|
- [Role Configuration Reference](CONFIGURATION_GRAMMAR.md) - Ansible role documentation
|
||||||
|
|
||||||
|
## Getting Help
|
||||||
|
|
||||||
|
For issues during migration:
|
||||||
|
|
||||||
|
1. Check [BIND9 Version Differences](BIND_VERSION_DIFFERENCES.md) for specific option changes
|
||||||
|
2. Review BIND9 logs: `journalctl -u bind9 -n 100`
|
||||||
|
3. Validate configuration: `named-checkconf /etc/bind/named.conf`
|
||||||
|
4. Test in development environment first
|
||||||
|
5. Document any custom options that need special handling
|
||||||
|
|
||||||
|
## Version Support Timeline
|
||||||
|
|
||||||
|
- **BIND9 9.18.x (LTS)**: Supported until September 2026
|
||||||
|
- This Ansible role's current focus
|
||||||
|
- Main branch targets 9.18.x configurations
|
||||||
|
|
||||||
|
- **BIND9 9.20.x**: Available now
|
||||||
|
- Future branch (`9.20`) being prepared
|
||||||
|
- Plan migration during non-critical periods
|
||||||
|
|
||||||
|
- **BIND9 9.22.x**: Coming in 2026
|
||||||
|
- Further breaking changes expected
|
||||||
|
- Will require additional migration steps
|
||||||
|
|
||||||
|
Plan upgrades within your maintenance windows and test thoroughly before production deployment.
|
||||||
@@ -0,0 +1,552 @@
|
|||||||
|
# BIND9 Version Differences: v9.18.44 vs v9.20.18
|
||||||
|
|
||||||
|
This document compares BIND9 configuration grammar between v9.18.44 and v9.20.18.
|
||||||
|
|
||||||
|
Generated automatically by `scripts/compare_bind_versions.py`.
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
- **New Options**: 35
|
||||||
|
- **Removed Options**: 44 ⚠️
|
||||||
|
- **Modified Options**: 22
|
||||||
|
- **Newly Deprecated**: 3
|
||||||
|
|
||||||
|
## ⚠️ Breaking Changes
|
||||||
|
|
||||||
|
The following options were removed in v9.20.18 and will cause configuration errors:
|
||||||
|
|
||||||
|
### options
|
||||||
|
|
||||||
|
- `alt-transfer-source`
|
||||||
|
- `alt-transfer-source-v6`
|
||||||
|
- `auto-dnssec`
|
||||||
|
- `coresize`
|
||||||
|
- `datasize`
|
||||||
|
- `dscp`
|
||||||
|
- `files`
|
||||||
|
- `glue-cache`
|
||||||
|
- `heartbeat-interval`
|
||||||
|
- `keep-response-order`
|
||||||
|
- `lock-file`
|
||||||
|
- `maxz-zone-ttl`
|
||||||
|
- `parent-registration-delay`
|
||||||
|
- `parental-agents`
|
||||||
|
- `primaries`
|
||||||
|
- `random-device`
|
||||||
|
- `recurse-ing-file`
|
||||||
|
- `reserved-sockets`
|
||||||
|
- `resolver-nonbackoff-tries`
|
||||||
|
- `resolver-retry-interval`
|
||||||
|
- `reuse`
|
||||||
|
- `root-delegation-only`
|
||||||
|
- `stacksize`
|
||||||
|
- `suppress-initial-notify`
|
||||||
|
- `tkey-dhkey`
|
||||||
|
- `tkey-gssapi-credential`
|
||||||
|
- `use-alt-transfer-source`
|
||||||
|
|
||||||
|
### forward.zoneopt
|
||||||
|
|
||||||
|
- `delegation-only`
|
||||||
|
|
||||||
|
### hint.zoneopt
|
||||||
|
|
||||||
|
- `delegation-only`
|
||||||
|
|
||||||
|
### mirror.zoneopt
|
||||||
|
|
||||||
|
- `alt-transfer-source`
|
||||||
|
- `alt-transfer-source-v6`
|
||||||
|
- `use-alt-transfer-source`
|
||||||
|
|
||||||
|
### primary.zoneopt
|
||||||
|
|
||||||
|
- `alt-transfer-source`
|
||||||
|
- `alt-transfer-source-v6`
|
||||||
|
- `auto-dnssec`
|
||||||
|
- `update-check-ksk`
|
||||||
|
|
||||||
|
### secondary.zoneopt
|
||||||
|
|
||||||
|
- `alt-transfer-source`
|
||||||
|
- `alt-transfer-source-v6`
|
||||||
|
- `auto-dnssec`
|
||||||
|
- `use-alt-transfer-source`
|
||||||
|
|
||||||
|
### stub.zoneopt
|
||||||
|
|
||||||
|
- `delegation-only`
|
||||||
|
- `use-alt-transfer-source`
|
||||||
|
|
||||||
|
### delegation-only.zoneopt
|
||||||
|
|
||||||
|
- `type`
|
||||||
|
- `zone`
|
||||||
|
|
||||||
|
## ✨ New Features
|
||||||
|
|
||||||
|
The following options were added in v9.20.18:
|
||||||
|
|
||||||
|
### options
|
||||||
|
|
||||||
|
- `allow-proxy`
|
||||||
|
- `allow-proxy-on`
|
||||||
|
- `cdnskey`
|
||||||
|
- `cds-digest-types`
|
||||||
|
- `check-svcb`
|
||||||
|
- `cipher-suites`
|
||||||
|
- `dnsrps-library`
|
||||||
|
- `inline-signing`
|
||||||
|
- `key-store`
|
||||||
|
- `manual-mode`
|
||||||
|
- `max-validation-failures-per-fetch`
|
||||||
|
- `max-validations-per-fetch`
|
||||||
|
- `min-transfer-rate-in`
|
||||||
|
- `notify-defer`
|
||||||
|
- `offline-ksk`
|
||||||
|
- `pkcs11-uri`
|
||||||
|
- `recursing-file`
|
||||||
|
- `remote-servers`
|
||||||
|
- `require-cookie`
|
||||||
|
- `resolver-use-dns64`
|
||||||
|
- `responselog`
|
||||||
|
- `reuseport`
|
||||||
|
- `sig0-checks-quota`
|
||||||
|
- `sig0-checks-quota-exempt`
|
||||||
|
- `sig0-key-checks-limit`
|
||||||
|
- `sig0-message-checks-limit`
|
||||||
|
|
||||||
|
### mirror.zoneopt
|
||||||
|
|
||||||
|
- `min-transfer-rate-in`
|
||||||
|
- `notify-defer`
|
||||||
|
|
||||||
|
### primary.zoneopt
|
||||||
|
|
||||||
|
- `check-svcb`
|
||||||
|
- `checkds`
|
||||||
|
- `notify-defer`
|
||||||
|
|
||||||
|
### secondary.zoneopt
|
||||||
|
|
||||||
|
- `checkds`
|
||||||
|
- `min-transfer-rate-in`
|
||||||
|
- `notify-defer`
|
||||||
|
|
||||||
|
### stub.zoneopt
|
||||||
|
|
||||||
|
- `min-transfer-rate-in`
|
||||||
|
|
||||||
|
## 🔧 Modified Options
|
||||||
|
|
||||||
|
The following options have syntax changes in v9.20.18:
|
||||||
|
|
||||||
|
### options
|
||||||
|
|
||||||
|
#### `listen-on`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `response-policy`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `cookie-algorithm`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
( aes | siphash24 )
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
( siphash24 )
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `forwarders`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `listen-on-v6`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `also-notify`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `catalog-zones`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### forward.zoneopt
|
||||||
|
|
||||||
|
#### `forwarders`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### mirror.zoneopt
|
||||||
|
|
||||||
|
#### `also-notify`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `primaries`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### primary.zoneopt
|
||||||
|
|
||||||
|
#### `update-policy`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `also-notify`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `parental-agents`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `forwarders`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### redirect.zoneopt
|
||||||
|
|
||||||
|
#### `primaries`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### secondary.zoneopt
|
||||||
|
|
||||||
|
#### `also-notify`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `parental-agents`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `forwarders`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `primaries`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### static-stub.zoneopt
|
||||||
|
|
||||||
|
#### `forwarders`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
### stub.zoneopt
|
||||||
|
|
||||||
|
#### `forwarders`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
#### `primaries`
|
||||||
|
|
||||||
|
**v9.18.44**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
**v9.20.18**:
|
||||||
|
```
|
||||||
|
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
|
||||||
|
```
|
||||||
|
|
||||||
|
## 📋 Newly Deprecated Options
|
||||||
|
|
||||||
|
The following options were marked as deprecated in v9.20.18:
|
||||||
|
|
||||||
|
### options
|
||||||
|
|
||||||
|
- `sortlist`
|
||||||
|
|
||||||
|
### primary.zoneopt
|
||||||
|
|
||||||
|
- `max-zone-ttl`
|
||||||
|
|
||||||
|
### redirect.zoneopt
|
||||||
|
|
||||||
|
- `max-zone-ttl`
|
||||||
|
|
||||||
|
## Detailed File-by-File Comparison
|
||||||
|
|
||||||
|
### options
|
||||||
|
|
||||||
|
- v9.18.44: 334 options
|
||||||
|
- v9.20.18: 333 options
|
||||||
|
- Added: 26
|
||||||
|
- Removed: 27
|
||||||
|
- Modified: 7
|
||||||
|
|
||||||
|
### forward.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 5 options
|
||||||
|
- v9.20.18: 4 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 1
|
||||||
|
- Modified: 1
|
||||||
|
|
||||||
|
### hint.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 5 options
|
||||||
|
- v9.20.18: 4 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 1
|
||||||
|
- Modified: 0
|
||||||
|
|
||||||
|
### in-view.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 2 options
|
||||||
|
- v9.20.18: 2 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 0
|
||||||
|
- Modified: 0
|
||||||
|
|
||||||
|
### mirror.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 44 options
|
||||||
|
- v9.20.18: 43 options
|
||||||
|
- Added: 2
|
||||||
|
- Removed: 3
|
||||||
|
- Modified: 2
|
||||||
|
|
||||||
|
### primary.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 63 options
|
||||||
|
- v9.20.18: 62 options
|
||||||
|
- Added: 3
|
||||||
|
- Removed: 4
|
||||||
|
- Modified: 4
|
||||||
|
|
||||||
|
### redirect.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 14 options
|
||||||
|
- v9.20.18: 14 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 0
|
||||||
|
- Modified: 1
|
||||||
|
|
||||||
|
### secondary.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 66 options
|
||||||
|
- v9.20.18: 65 options
|
||||||
|
- Added: 3
|
||||||
|
- Removed: 4
|
||||||
|
- Modified: 4
|
||||||
|
|
||||||
|
### static-stub.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 12 options
|
||||||
|
- v9.20.18: 12 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 0
|
||||||
|
- Modified: 1
|
||||||
|
|
||||||
|
### stub.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 28 options
|
||||||
|
- v9.20.18: 27 options
|
||||||
|
- Added: 1
|
||||||
|
- Removed: 2
|
||||||
|
- Modified: 2
|
||||||
|
|
||||||
|
### delegation-only.zoneopt
|
||||||
|
|
||||||
|
- v9.18.44: 2 options
|
||||||
|
- v9.20.18: 0 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 2
|
||||||
|
- Modified: 0
|
||||||
|
|
||||||
|
### rndc.grammar
|
||||||
|
|
||||||
|
- v9.18.44: 14 options
|
||||||
|
- v9.20.18: 14 options
|
||||||
|
- Added: 0
|
||||||
|
- Removed: 0
|
||||||
|
- Modified: 0
|
||||||
|
|
||||||
|
## Migration Guide
|
||||||
|
|
||||||
|
### Migrating from v9.18.44 to v9.20.18
|
||||||
|
|
||||||
|
1. **Remove unsupported options** from your configuration
|
||||||
|
- Review the Breaking Changes section above
|
||||||
|
- Check if there are replacement options
|
||||||
|
|
||||||
|
2. **Plan for deprecated options**
|
||||||
|
- These options still work but may be removed in future versions
|
||||||
|
- Start planning migration to recommended alternatives
|
||||||
|
|
||||||
|
3. **Test your configuration**
|
||||||
|
- Use `named-checkconf` to validate syntax
|
||||||
|
- Test in a development environment before production
|
||||||
@@ -0,0 +1,353 @@
|
|||||||
|
# BIND9 Version Support Policy
|
||||||
|
|
||||||
|
**Document Version**: 1.0
|
||||||
|
**Last Updated**: 2026-02-07
|
||||||
|
**Role Version**: Current development
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This document defines the version maintenance strategy for the ansible-bind9-role, including supported BIND9 versions, OS platforms, branching strategy, and release management policies.
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
### BIND9 Versions
|
||||||
|
|
||||||
|
| BIND9 Version | Branch | Status | Support Level | EOL Date |
|
||||||
|
|---------------|--------|--------|---------------|----------|
|
||||||
|
| 9.18.x (LTS) | `main` | ✅ Active | Full support | TBD (following ISC LTS timeline) |
|
||||||
|
| 9.20.x+ | `9.20` | 🚧 In Development | Planned | N/A |
|
||||||
|
|
||||||
|
#### Version Selection Rationale
|
||||||
|
|
||||||
|
- **BIND9 9.18**: Long Term Support (LTS) release from ISC
|
||||||
|
- Maintained by ISC with extended support timeline
|
||||||
|
- Stable feature set suitable for production environments
|
||||||
|
- Current focus of this role
|
||||||
|
|
||||||
|
- **BIND9 9.20+**: Feature release series
|
||||||
|
- Introduces significant configuration changes
|
||||||
|
- New features and modernization
|
||||||
|
- May have shorter support windows per release
|
||||||
|
- Will be supported in separate branch to prevent breaking changes
|
||||||
|
|
||||||
|
### Operating System Support Matrix
|
||||||
|
|
||||||
|
| OS Distribution | Versions | BIND9 9.18 | BIND9 9.20+ | Notes |
|
||||||
|
|----------------|----------|------------|-------------|-------|
|
||||||
|
| Debian | 11 (Bullseye) | ✅ Supported | 🔍 Testing | Current stable |
|
||||||
|
| Debian | 12 (Bookworm) | ✅ Supported | ✅ Supported | Current testing focus |
|
||||||
|
| Debian | 13 (Trixie) | ✅ Supported | ✅ Supported | Future stable |
|
||||||
|
| Ubuntu | 20.04 LTS | ✅ Supported | 🔍 Testing | LTS until 2025 |
|
||||||
|
| Ubuntu | 22.04 LTS | ✅ Supported | ✅ Supported | LTS until 2027 |
|
||||||
|
| Ubuntu | 24.04 LTS | ✅ Supported | ✅ Supported | LTS until 2029 |
|
||||||
|
|
||||||
|
**Legend**:
|
||||||
|
- ✅ Supported: Fully tested and supported
|
||||||
|
- 🔍 Testing: In testing, use with caution
|
||||||
|
- ⚠️ Limited: Basic support only
|
||||||
|
- ❌ Unsupported: Not supported
|
||||||
|
|
||||||
|
### Minimum Requirements
|
||||||
|
|
||||||
|
- **Ansible**: 2.13 or later
|
||||||
|
- **Python**: 3.8 or later (on controller and managed nodes)
|
||||||
|
- **BIND9 Packages**: Must be available in distribution repositories or custom sources
|
||||||
|
|
||||||
|
## Branching Strategy
|
||||||
|
|
||||||
|
### Branch Structure
|
||||||
|
|
||||||
|
```
|
||||||
|
main # BIND9 9.18 LTS (stable)
|
||||||
|
├── 9.20 # BIND9 9.20+ development
|
||||||
|
├── docs # Documentation updates (merged to both)
|
||||||
|
└── feature/* # Feature branches (target appropriate base)
|
||||||
|
```
|
||||||
|
|
||||||
|
### Branch Policies
|
||||||
|
|
||||||
|
#### `main` Branch
|
||||||
|
- **Purpose**: Production-ready code for BIND9 9.18 LTS
|
||||||
|
- **Stability**: Stable, tested releases only
|
||||||
|
- **Breaking Changes**: Not allowed
|
||||||
|
- **Version Tagging**: `v1.x.x`, `v2.x.x`, etc.
|
||||||
|
|
||||||
|
#### `9.20` Branch
|
||||||
|
- **Purpose**: Development for BIND9 9.20+ support
|
||||||
|
- **Stability**: Development/testing phase
|
||||||
|
- **Breaking Changes**: Allowed (vs 9.18 configurations)
|
||||||
|
- **Version Tagging**: `v9.20.x-betaX`, `v9.20.x-rcX`, `v9.20.x`
|
||||||
|
|
||||||
|
#### Feature Branches
|
||||||
|
- **Naming**: `feature/description` or `fix/issue-number`
|
||||||
|
- **Target**: Merge to appropriate base (`main` for 9.18, `9.20` for 9.20+)
|
||||||
|
- **Lifecycle**: Delete after merge
|
||||||
|
|
||||||
|
### Backporting Policy
|
||||||
|
|
||||||
|
#### Security Fixes
|
||||||
|
- **Policy**: MUST be backported to all supported branches
|
||||||
|
- **Timeline**: Within 48 hours of fix
|
||||||
|
- **Priority**: Critical
|
||||||
|
|
||||||
|
#### Bug Fixes
|
||||||
|
- **Policy**: SHOULD be backported if:
|
||||||
|
- Affects both versions
|
||||||
|
- Low risk of introducing regressions
|
||||||
|
- Reasonable effort required
|
||||||
|
- **Timeline**: Within 1 week
|
||||||
|
- **Priority**: High
|
||||||
|
|
||||||
|
#### New Features
|
||||||
|
- **Policy**: Case-by-case evaluation
|
||||||
|
- **Criteria**:
|
||||||
|
- Feature is compatible with both BIND9 versions
|
||||||
|
- Does not introduce breaking changes
|
||||||
|
- Provides significant value
|
||||||
|
- Low implementation complexity
|
||||||
|
- **Timeline**: Best effort
|
||||||
|
- **Priority**: Medium
|
||||||
|
|
||||||
|
#### Breaking Changes
|
||||||
|
- **Policy**: NEVER backported
|
||||||
|
- **Implementation**: Only in version-specific branches
|
||||||
|
|
||||||
|
## Release Management
|
||||||
|
|
||||||
|
### Version Numbering
|
||||||
|
|
||||||
|
Following [Semantic Versioning 2.0.0](https://semver.org/):
|
||||||
|
|
||||||
|
```
|
||||||
|
MAJOR.MINOR.PATCH
|
||||||
|
|
||||||
|
MAJOR: Incompatible API changes (role variable structure changes)
|
||||||
|
MINOR: New functionality in a backwards compatible manner
|
||||||
|
PATCH: Backwards compatible bug fixes
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Examples
|
||||||
|
|
||||||
|
- `v1.2.3`: Patch release for BIND9 9.18
|
||||||
|
- `v2.0.0`: Major release with breaking role variable changes
|
||||||
|
- `v9.20.0-beta1`: Beta release for BIND9 9.20 support
|
||||||
|
- `v9.20.0`: First stable release for BIND9 9.20
|
||||||
|
|
||||||
|
### Release Cadence
|
||||||
|
|
||||||
|
- **Patch Releases**: As needed for bug fixes and security updates
|
||||||
|
- **Minor Releases**: Quarterly (or when significant features accumulate)
|
||||||
|
- **Major Releases**: Annually (or when breaking changes are necessary)
|
||||||
|
|
||||||
|
### Pre-release Testing
|
||||||
|
|
||||||
|
All releases must pass:
|
||||||
|
1. **Molecule tests** across all supported platforms
|
||||||
|
2. **named-checkconf** validation for all example configurations
|
||||||
|
3. **Manual testing** on at least 2 different distributions
|
||||||
|
4. **Documentation review** and update
|
||||||
|
|
||||||
|
### Release Checklist
|
||||||
|
|
||||||
|
- [ ] Update `CHANGELOG.md` with all changes
|
||||||
|
- [ ] Update version in `meta/main.yml`
|
||||||
|
- [ ] Run full molecule test suite
|
||||||
|
- [ ] Update `README.md` if needed
|
||||||
|
- [ ] Create annotated git tag
|
||||||
|
- [ ] Push tag to trigger CI/CD
|
||||||
|
- [ ] Create GitHub/Gitea release with notes
|
||||||
|
- [ ] Announce on project channels
|
||||||
|
|
||||||
|
## Testing Strategy
|
||||||
|
|
||||||
|
### Test Matrix
|
||||||
|
|
||||||
|
#### Molecule Scenarios
|
||||||
|
|
||||||
|
| Scenario | Distribution | BIND9 Version | Purpose |
|
||||||
|
|----------|--------------|---------------|---------|
|
||||||
|
| default | Debian 13 | 9.18 | Primary development testing |
|
||||||
|
| ubuntu2204 | Ubuntu 22.04 | 9.18 | LTS testing |
|
||||||
|
| ubuntu2404 | Ubuntu 24.04 | 9.18/9.20 | Future-proofing |
|
||||||
|
| debian12 | Debian 12 | 9.18 | Stable release testing |
|
||||||
|
|
||||||
|
#### Test Coverage
|
||||||
|
|
||||||
|
- **Syntax validation**: All templates pass `named-checkconf`
|
||||||
|
- **Service management**: Start, stop, reload, restart operations
|
||||||
|
- **Configuration types**: All zone types and statement blocks
|
||||||
|
- **Edge cases**: Empty configurations, complex nested structures
|
||||||
|
- **Upgrade scenarios**: Migration from previous role versions
|
||||||
|
|
||||||
|
### Continuous Integration
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# .github/workflows/test.yml (example structure)
|
||||||
|
on: [push, pull_request]
|
||||||
|
jobs:
|
||||||
|
molecule:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
distro: [debian12, debian13, ubuntu2204, ubuntu2404]
|
||||||
|
bind_version: ['9.18', '9.20']
|
||||||
|
exclude:
|
||||||
|
# Don't test 9.20 on older distributions
|
||||||
|
- distro: ubuntu2004
|
||||||
|
bind_version: '9.20'
|
||||||
|
```
|
||||||
|
|
||||||
|
## Grammar Tracking and Validation
|
||||||
|
|
||||||
|
### Automated Grammar Comparison
|
||||||
|
|
||||||
|
The role maintains upstream BIND9 grammar files to:
|
||||||
|
1. Detect configuration syntax changes between versions
|
||||||
|
2. Identify deprecated and removed options
|
||||||
|
3. Document breaking changes for users
|
||||||
|
|
||||||
|
#### Grammar Repository Structure
|
||||||
|
|
||||||
|
```
|
||||||
|
bind9-grammar/
|
||||||
|
├── upstream/
|
||||||
|
│ ├── v9.18.44/ # Latest 9.18 LTS grammar
|
||||||
|
│ │ ├── grammar/
|
||||||
|
│ │ │ ├── options
|
||||||
|
│ │ │ ├── *.zoneopt
|
||||||
|
│ │ │ └── parsegrammar.py
|
||||||
|
│ │ └── metadata.json
|
||||||
|
│ └── v9.20.18/ # Latest 9.20 grammar
|
||||||
|
│ ├── grammar/
|
||||||
|
│ └── metadata.json
|
||||||
|
├── 9.18/ # Current 9.18 JSON schemas
|
||||||
|
│ └── *.json
|
||||||
|
└── 9.20/ # Future 9.20 JSON schemas
|
||||||
|
└── *.json
|
||||||
|
```
|
||||||
|
|
||||||
|
### Validation Tools
|
||||||
|
|
||||||
|
#### `scripts/fetch_bind_grammar.py`
|
||||||
|
- Fetches grammar files from Gitea mirror (`Mirrors/bind9`)
|
||||||
|
- Supports version tags (e.g., `v9.18.44`, `v9.20.18`)
|
||||||
|
- Stores upstream grammar for comparison
|
||||||
|
|
||||||
|
#### `scripts/compare_bind_versions.py`
|
||||||
|
- Compares grammar files between versions
|
||||||
|
- Generates `docs/BIND_VERSION_DIFFERENCES.md`
|
||||||
|
- Identifies:
|
||||||
|
- Breaking changes (removed options)
|
||||||
|
- New features (added options)
|
||||||
|
- Modified syntax
|
||||||
|
- Deprecation notices
|
||||||
|
|
||||||
|
### Grammar Update Workflow
|
||||||
|
|
||||||
|
1. **Monitor**: Watch Gitea mirror for new BIND9 releases
|
||||||
|
2. **Fetch**: Run `fetch_bind_grammar.py` for new version
|
||||||
|
3. **Compare**: Run `compare_bind_versions.py` to identify changes
|
||||||
|
4. **Review**: Analyze breaking changes and impact
|
||||||
|
5. **Update**: Modify templates and variables as needed
|
||||||
|
6. **Test**: Run molecule tests with new version
|
||||||
|
7. **Document**: Update `BIND_VERSION_DIFFERENCES.md` and `CHANGELOG.md`
|
||||||
|
|
||||||
|
## Deprecation Policy
|
||||||
|
|
||||||
|
### Deprecation Process
|
||||||
|
|
||||||
|
1. **Announcement**: Document deprecation in `CHANGELOG.md` and `README.md`
|
||||||
|
2. **Warning Period**: Minimum 2 minor releases before removal
|
||||||
|
3. **Alternative**: Provide migration path or alternative approach
|
||||||
|
4. **Removal**: Only in major version releases
|
||||||
|
|
||||||
|
### Current Deprecations
|
||||||
|
|
||||||
|
*None at this time*
|
||||||
|
|
||||||
|
### Planned Deprecations
|
||||||
|
|
||||||
|
*To be determined based on BIND9 9.20 analysis*
|
||||||
|
|
||||||
|
## Version-Specific Features
|
||||||
|
|
||||||
|
### Branch-Level Version Targeting
|
||||||
|
|
||||||
|
The role currently uses branch-level version targeting instead of runtime version detection:
|
||||||
|
|
||||||
|
- `main` targets BIND9 9.18.x LTS.
|
||||||
|
- `9.20` targets BIND9 9.20+ feature releases.
|
||||||
|
|
||||||
|
Each branch carries the templates, grammar data, documentation, and tests appropriate for its supported BIND9 series. This keeps generated configuration predictable and avoids mixing incompatible BIND9 grammar rules in one template path.
|
||||||
|
|
||||||
|
### Runtime Detection
|
||||||
|
|
||||||
|
Runtime version detection is not part of the current implementation. The role does not set `bind9_version_full`, `bind9_version_major`, `bind9_version_minor`, or `bind9_version`, and templates do not branch on those values.
|
||||||
|
|
||||||
|
Runtime detection may be reconsidered in the future if maintaining separate version branches becomes more expensive than supporting multiple BIND9 series from one branch. That future design would require dedicated tasks, public metadata, template changes, and Molecule coverage before being documented as supported behavior.
|
||||||
|
|
||||||
|
## Migration Guidance
|
||||||
|
|
||||||
|
### Migrating from BIND9 9.18 to 9.20
|
||||||
|
|
||||||
|
When BIND9 9.20 support is released:
|
||||||
|
|
||||||
|
1. **Review**: Read `docs/BIND_VERSION_DIFFERENCES.md`
|
||||||
|
2. **Test**: Use `9.20` branch in test environment
|
||||||
|
3. **Update**: Modify playbook variables for deprecated/removed options
|
||||||
|
4. **Validate**: Run `named-checkconf` against generated configuration
|
||||||
|
5. **Deploy**: Upgrade BIND9 package and deploy new configuration
|
||||||
|
6. **Monitor**: Check logs for warnings or errors
|
||||||
|
|
||||||
|
### Migrating Between Role Versions
|
||||||
|
|
||||||
|
See `CHANGELOG.md` for version-specific migration notes.
|
||||||
|
|
||||||
|
## Support and Contribution
|
||||||
|
|
||||||
|
### Getting Help
|
||||||
|
|
||||||
|
- **Issues**: Report bugs and request features on Gitea
|
||||||
|
- **Documentation**: Refer to `README.md` and `CONFIGURATION_GRAMMAR.md`
|
||||||
|
- **Examples**: Check `tests/` directory for working configurations
|
||||||
|
|
||||||
|
### Contributing
|
||||||
|
|
||||||
|
- **Bug Fixes**: Target `main` branch (or `9.20` if version-specific)
|
||||||
|
- **Features**: Discuss in issue before implementation
|
||||||
|
- **Testing**: Ensure molecule tests pass
|
||||||
|
- **Documentation**: Update relevant documentation files
|
||||||
|
|
||||||
|
### Governance
|
||||||
|
|
||||||
|
- **Maintainer**: Primary maintainer approves all merges
|
||||||
|
- **Review**: All changes require review before merge
|
||||||
|
- **Testing**: CI/CD must pass before merge
|
||||||
|
|
||||||
|
## Future Considerations
|
||||||
|
|
||||||
|
### BIND9 9.21+ and Beyond
|
||||||
|
|
||||||
|
- Monitor ISC release announcements
|
||||||
|
- Evaluate need for additional branches
|
||||||
|
- Consider dropping support for EOL'd distributions
|
||||||
|
- Reassess branching strategy if maintenance burden increases
|
||||||
|
|
||||||
|
### Automation Improvements
|
||||||
|
|
||||||
|
- Automated grammar fetching in CI
|
||||||
|
- Automated breaking change detection
|
||||||
|
- Version compatibility testing matrix
|
||||||
|
- Documentation generation from grammar files
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
- [ISC BIND9 Documentation](https://bind9.readthedocs.io/)
|
||||||
|
- [ISC BIND9 Release Schedule](https://www.isc.org/bind/)
|
||||||
|
- [Semantic Versioning](https://semver.org/)
|
||||||
|
- [Ansible Best Practices](https://docs.ansible.com/ansible/latest/tips_tricks/ansible_tips_tricks.html)
|
||||||
|
|
||||||
|
## Changelog
|
||||||
|
|
||||||
|
| Date | Version | Changes |
|
||||||
|
|------|---------|---------|
|
||||||
|
| 2026-02-07 | 1.0 | Initial version support policy |
|
||||||
@@ -0,0 +1,326 @@
|
|||||||
|
{
|
||||||
|
"options": {
|
||||||
|
"file": "options",
|
||||||
|
"added": [
|
||||||
|
"allow-proxy",
|
||||||
|
"allow-proxy-on",
|
||||||
|
"cdnskey",
|
||||||
|
"cds-digest-types",
|
||||||
|
"check-svcb",
|
||||||
|
"cipher-suites",
|
||||||
|
"dnsrps-library",
|
||||||
|
"inline-signing",
|
||||||
|
"key-store",
|
||||||
|
"manual-mode",
|
||||||
|
"max-validation-failures-per-fetch",
|
||||||
|
"max-validations-per-fetch",
|
||||||
|
"min-transfer-rate-in",
|
||||||
|
"notify-defer",
|
||||||
|
"offline-ksk",
|
||||||
|
"pkcs11-uri",
|
||||||
|
"recursing-file",
|
||||||
|
"remote-servers",
|
||||||
|
"require-cookie",
|
||||||
|
"resolver-use-dns64",
|
||||||
|
"responselog",
|
||||||
|
"reuseport",
|
||||||
|
"sig0-checks-quota",
|
||||||
|
"sig0-checks-quota-exempt",
|
||||||
|
"sig0-key-checks-limit",
|
||||||
|
"sig0-message-checks-limit"
|
||||||
|
],
|
||||||
|
"removed": [
|
||||||
|
"alt-transfer-source",
|
||||||
|
"alt-transfer-source-v6",
|
||||||
|
"auto-dnssec",
|
||||||
|
"coresize",
|
||||||
|
"datasize",
|
||||||
|
"dscp",
|
||||||
|
"files",
|
||||||
|
"glue-cache",
|
||||||
|
"heartbeat-interval",
|
||||||
|
"keep-response-order",
|
||||||
|
"lock-file",
|
||||||
|
"maxz-zone-ttl",
|
||||||
|
"parent-registration-delay",
|
||||||
|
"parental-agents",
|
||||||
|
"primaries",
|
||||||
|
"random-device",
|
||||||
|
"recurse-ing-file",
|
||||||
|
"reserved-sockets",
|
||||||
|
"resolver-nonbackoff-tries",
|
||||||
|
"resolver-retry-interval",
|
||||||
|
"reuse",
|
||||||
|
"root-delegation-only",
|
||||||
|
"stacksize",
|
||||||
|
"suppress-initial-notify",
|
||||||
|
"tkey-dhkey",
|
||||||
|
"tkey-gssapi-credential",
|
||||||
|
"use-alt-transfer-source"
|
||||||
|
],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "listen-on",
|
||||||
|
"old_definition": "[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>",
|
||||||
|
"new_definition": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "response-policy",
|
||||||
|
"old_definition": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]",
|
||||||
|
"new_definition": "{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "cookie-algorithm",
|
||||||
|
"old_definition": "( aes | siphash24 )",
|
||||||
|
"new_definition": "( siphash24 )"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "forwarders",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "listen-on-v6",
|
||||||
|
"old_definition": "[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>",
|
||||||
|
"new_definition": "[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "also-notify",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "catalog-zones",
|
||||||
|
"old_definition": "{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [
|
||||||
|
"sortlist"
|
||||||
|
],
|
||||||
|
"options1_count": 334,
|
||||||
|
"options2_count": 333
|
||||||
|
},
|
||||||
|
"forward.zoneopt": {
|
||||||
|
"file": "forward.zoneopt",
|
||||||
|
"added": [],
|
||||||
|
"removed": [
|
||||||
|
"delegation-only"
|
||||||
|
],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "forwarders",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 5,
|
||||||
|
"options2_count": 4
|
||||||
|
},
|
||||||
|
"hint.zoneopt": {
|
||||||
|
"file": "hint.zoneopt",
|
||||||
|
"added": [],
|
||||||
|
"removed": [
|
||||||
|
"delegation-only"
|
||||||
|
],
|
||||||
|
"modified": [],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 5,
|
||||||
|
"options2_count": 4
|
||||||
|
},
|
||||||
|
"in-view.zoneopt": {
|
||||||
|
"file": "in-view.zoneopt",
|
||||||
|
"added": [],
|
||||||
|
"removed": [],
|
||||||
|
"modified": [],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 2,
|
||||||
|
"options2_count": 2
|
||||||
|
},
|
||||||
|
"mirror.zoneopt": {
|
||||||
|
"file": "mirror.zoneopt",
|
||||||
|
"added": [
|
||||||
|
"min-transfer-rate-in",
|
||||||
|
"notify-defer"
|
||||||
|
],
|
||||||
|
"removed": [
|
||||||
|
"alt-transfer-source",
|
||||||
|
"alt-transfer-source-v6",
|
||||||
|
"use-alt-transfer-source"
|
||||||
|
],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "also-notify",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "primaries",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 44,
|
||||||
|
"options2_count": 43
|
||||||
|
},
|
||||||
|
"primary.zoneopt": {
|
||||||
|
"file": "primary.zoneopt",
|
||||||
|
"added": [
|
||||||
|
"check-svcb",
|
||||||
|
"checkds",
|
||||||
|
"notify-defer"
|
||||||
|
],
|
||||||
|
"removed": [
|
||||||
|
"alt-transfer-source",
|
||||||
|
"alt-transfer-source-v6",
|
||||||
|
"auto-dnssec",
|
||||||
|
"update-check-ksk"
|
||||||
|
],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "update-policy",
|
||||||
|
"old_definition": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>",
|
||||||
|
"new_definition": "( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "also-notify",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "parental-agents",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "forwarders",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [
|
||||||
|
"max-zone-ttl"
|
||||||
|
],
|
||||||
|
"options1_count": 63,
|
||||||
|
"options2_count": 62
|
||||||
|
},
|
||||||
|
"redirect.zoneopt": {
|
||||||
|
"file": "redirect.zoneopt",
|
||||||
|
"added": [],
|
||||||
|
"removed": [],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "primaries",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [
|
||||||
|
"max-zone-ttl"
|
||||||
|
],
|
||||||
|
"options1_count": 14,
|
||||||
|
"options2_count": 14
|
||||||
|
},
|
||||||
|
"secondary.zoneopt": {
|
||||||
|
"file": "secondary.zoneopt",
|
||||||
|
"added": [
|
||||||
|
"checkds",
|
||||||
|
"min-transfer-rate-in",
|
||||||
|
"notify-defer"
|
||||||
|
],
|
||||||
|
"removed": [
|
||||||
|
"alt-transfer-source",
|
||||||
|
"alt-transfer-source-v6",
|
||||||
|
"auto-dnssec",
|
||||||
|
"use-alt-transfer-source"
|
||||||
|
],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "also-notify",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "parental-agents",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "forwarders",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "primaries",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 66,
|
||||||
|
"options2_count": 65
|
||||||
|
},
|
||||||
|
"static-stub.zoneopt": {
|
||||||
|
"file": "static-stub.zoneopt",
|
||||||
|
"added": [],
|
||||||
|
"removed": [],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "forwarders",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 12,
|
||||||
|
"options2_count": 12
|
||||||
|
},
|
||||||
|
"stub.zoneopt": {
|
||||||
|
"file": "stub.zoneopt",
|
||||||
|
"added": [
|
||||||
|
"min-transfer-rate-in"
|
||||||
|
],
|
||||||
|
"removed": [
|
||||||
|
"delegation-only",
|
||||||
|
"use-alt-transfer-source"
|
||||||
|
],
|
||||||
|
"modified": [
|
||||||
|
{
|
||||||
|
"option": "forwarders",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "primaries",
|
||||||
|
"old_definition": "[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]",
|
||||||
|
"new_definition": "[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 28,
|
||||||
|
"options2_count": 27
|
||||||
|
},
|
||||||
|
"delegation-only.zoneopt": {
|
||||||
|
"file": "delegation-only.zoneopt",
|
||||||
|
"added": [],
|
||||||
|
"removed": [
|
||||||
|
"type",
|
||||||
|
"zone"
|
||||||
|
],
|
||||||
|
"modified": [],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 2,
|
||||||
|
"options2_count": 0
|
||||||
|
},
|
||||||
|
"rndc.grammar": {
|
||||||
|
"file": "rndc.grammar",
|
||||||
|
"added": [],
|
||||||
|
"removed": [],
|
||||||
|
"modified": [],
|
||||||
|
"deprecated_new": [],
|
||||||
|
"options1_count": 14,
|
||||||
|
"options2_count": 14
|
||||||
|
}
|
||||||
|
}
|
||||||
+2
-4
@@ -16,10 +16,8 @@
|
|||||||
- "{{ bind9_cfgdir }}"
|
- "{{ bind9_cfgdir }}"
|
||||||
- "{{ bind9_working_directory }}"
|
- "{{ bind9_working_directory }}"
|
||||||
- "{{ bind9_libdir }}"
|
- "{{ bind9_libdir }}"
|
||||||
dest: "{{
|
dest: "{{ bind9_backup_dir + '/bind9-config-' + ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
|
||||||
bind9_backup_dir + '/bind9-config-' +
|
|
||||||
ansible_facts.date_time.iso8601_basic_short + '.tar.gz' }}"
|
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0640'
|
mode: "0640"
|
||||||
when: bind9_backup_config is defined and bind9_backup_config
|
when: bind9_backup_config is defined and bind9_backup_config
|
||||||
|
|||||||
@@ -2,13 +2,15 @@
|
|||||||
argument_specs:
|
argument_specs:
|
||||||
main:
|
main:
|
||||||
short_description: The main entry point for the bind9 role.
|
short_description: The main entry point for the bind9 role.
|
||||||
|
description:
|
||||||
|
- Configures BIND9 DNS server on Debian-based systems.
|
||||||
|
- "Supported BIND9 versions are branch-specific: main targets 9.18.x (LTS), and the 9.20 branch targets 9.20+ feature releases."
|
||||||
options:
|
options:
|
||||||
bind9_config:
|
bind9_config:
|
||||||
type: list
|
type: list
|
||||||
elements: dict
|
elements: dict
|
||||||
description:
|
description:
|
||||||
- A list of configuration dictionaries that are merged to
|
- A list of configuration dictionaries that are merged to produce the final configuration.
|
||||||
produce the final configuration.
|
|
||||||
- Each element must have a 'name' key (filename).
|
- Each element must have a 'name' key (filename).
|
||||||
bind9_default_config:
|
bind9_default_config:
|
||||||
type: list
|
type: list
|
||||||
|
|||||||
@@ -0,0 +1,108 @@
|
|||||||
|
# BIND9 9.20 Molecule Scenario
|
||||||
|
|
||||||
|
This Molecule scenario validates the ansible-bind9-role with BIND9 9.20 and later feature releases.
|
||||||
|
|
||||||
|
## Purpose
|
||||||
|
|
||||||
|
- Tests role compatibility with BIND9 9.20+ which includes 44 breaking changes from 9.18.x
|
||||||
|
- Validates version-specific templates and configurations
|
||||||
|
- Ensures configuration syntax is correct for newer BIND9 versions
|
||||||
|
- Documents 9.20-specific configuration patterns
|
||||||
|
|
||||||
|
## Platform
|
||||||
|
|
||||||
|
- **Base Image**: Ubuntu 24.04 LTS (docker.io/library/ubuntu:24.04)
|
||||||
|
- **BIND9 Version**: 9.20.x or later (as available in Ubuntu 24.04 repositories)
|
||||||
|
|
||||||
|
## Notable BIND9 9.20 Changes
|
||||||
|
|
||||||
|
Key breaking changes in this scenario:
|
||||||
|
|
||||||
|
1. **Automatic Options**: The following options are automatically enabled in 9.20 and should not be configured:
|
||||||
|
- `glue-cache` - Always enabled
|
||||||
|
- `keep-response-order` - Always enabled
|
||||||
|
- `reuse` - Always enabled
|
||||||
|
- `recursion-enabled` - Always enabled
|
||||||
|
|
||||||
|
2. **Removed Options**: These options are no longer supported in 9.20:
|
||||||
|
- `alt-transfer-source` - Use TLS instead
|
||||||
|
- `alt-transfer-source-v6` - Use TLS instead
|
||||||
|
- `auto-dnssec` - DNSSEC management is automatic
|
||||||
|
- `dsc` - Use TLS configuration instead
|
||||||
|
- `gssapi-credential` - Use TSIG + TLS instead
|
||||||
|
- `heartbeat-interval` - Zone transfer monitoring changed
|
||||||
|
- `lock-file` - OS-level locking is used
|
||||||
|
- `root-delegation-only` - Use zone constraints instead
|
||||||
|
|
||||||
|
3. **Enhanced Features**:
|
||||||
|
- Improved TLS/DoT support for zone transfers
|
||||||
|
- Native DNSSEC management
|
||||||
|
- Better resolver behavior and retry logic
|
||||||
|
- Native HTTP/HTTPS server capabilities
|
||||||
|
|
||||||
|
## Configuration Features Tested
|
||||||
|
|
||||||
|
- **DNS Forwarding**: Forward zones with TLS-based forwarders (DoT)
|
||||||
|
- **Query Logging**: Detailed query and response logging
|
||||||
|
- **DNSTAP**: DNS packet capture for forensics
|
||||||
|
- **TLS Configuration**: Modern TLS configurations for zone transfers
|
||||||
|
- **Recursion**: Proper recursion configuration with ACLs
|
||||||
|
- **DNSSEC Validation**: Modern DNSSEC validation approach
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
|
||||||
|
To run this scenario:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# Test with this specific scenario
|
||||||
|
cd /path/to/ansible-bind9-role
|
||||||
|
molecule test -s bind9-20
|
||||||
|
|
||||||
|
# Or specific steps
|
||||||
|
molecule create -s bind9-20
|
||||||
|
molecule converge -s bind9-20
|
||||||
|
molecule verify -s bind9-20
|
||||||
|
molecule destroy -s bind9-20
|
||||||
|
```
|
||||||
|
|
||||||
|
## Expected Results
|
||||||
|
|
||||||
|
- BIND9 service starts successfully
|
||||||
|
- Configuration files are generated without errors
|
||||||
|
- DNS forwarding works correctly
|
||||||
|
- Named-checkconf validates the configuration
|
||||||
|
- All log channels are operational
|
||||||
|
- TLS connections are established for forwarders
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
### BIND9 Package Not Available
|
||||||
|
|
||||||
|
If BIND9 9.20 is not available in Ubuntu 24.04 repositories, you may need to:
|
||||||
|
|
||||||
|
1. Build from source using the upstream ISC BIND9 repository
|
||||||
|
2. Use a different base image with more recent BIND9 packages
|
||||||
|
3. Add a custom APT repository with backported packages
|
||||||
|
|
||||||
|
### Configuration Syntax Errors
|
||||||
|
|
||||||
|
Review `/etc/bind/named.conf` using:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
named-checkconf /etc/bind/named.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
Check logs at `/var/log/named/default.log` for specific error messages.
|
||||||
|
|
||||||
|
## Future Updates
|
||||||
|
|
||||||
|
- [ ] Add support for BIND9 9.20 DNS-over-HTTPS (DoH)
|
||||||
|
- [ ] Test with BIND9 9.22+ when released
|
||||||
|
- [ ] Validate performance improvements
|
||||||
|
- [ ] Test clustering/replication features
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
- [BIND9 Documentation](https://bind9.readthedocs.io/)
|
||||||
|
- [BIND9 9.20 Release Notes](https://www.isc.org/bind/)
|
||||||
|
- [DNS-over-TLS (DoT) RFC 7858](https://tools.ietf.org/html/rfc7858)
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
collections:
|
||||||
|
- ansible.posix
|
||||||
|
- community.general
|
||||||
@@ -0,0 +1,122 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: Create log directory for BIND
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /var/log/named
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
|
||||||
|
- name: Include bind9 role
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: ../../../ansible-bind9-role # noqa: role-name[path]
|
||||||
|
vars:
|
||||||
|
bind9_backup_config: false
|
||||||
|
# BIND9 9.20+ configuration with version-specific options
|
||||||
|
bind9_host_config:
|
||||||
|
- name: named.conf.options
|
||||||
|
options:
|
||||||
|
directory: "{{ bind9_working_directory }}"
|
||||||
|
recursion: true
|
||||||
|
allow_query:
|
||||||
|
- any
|
||||||
|
allow_recursion:
|
||||||
|
- 10.0.0.0/8
|
||||||
|
- 192.168.0.0/16
|
||||||
|
- 172.16.0.0/12
|
||||||
|
- localhost
|
||||||
|
- localnets
|
||||||
|
forwarders:
|
||||||
|
- address: 91.239.100.100
|
||||||
|
tls: censurfridns-anycast
|
||||||
|
- address: 89.233.43.71
|
||||||
|
tls: censurfridns-unicast
|
||||||
|
forward: first
|
||||||
|
dnssec_validation: auto
|
||||||
|
dnstap:
|
||||||
|
- type: auth
|
||||||
|
- type: resolver
|
||||||
|
log: query
|
||||||
|
- type: client
|
||||||
|
log: response
|
||||||
|
dnstap_output:
|
||||||
|
output_type: file
|
||||||
|
output_file: /var/log/named/dnstap.log
|
||||||
|
size: 20m
|
||||||
|
versions: 3
|
||||||
|
suffix: increment
|
||||||
|
dnstap_identity: dns-server-01
|
||||||
|
dnstap_version: 9.20
|
||||||
|
# Note: BIND9 9.20 automatically enables glue-cache, keep-response-order, reuse
|
||||||
|
# These options are removed in 9.20 and should not be configured
|
||||||
|
# Removed options (9.18 compatibility note):
|
||||||
|
# - alt_transfer_source (use TLS instead)
|
||||||
|
# - auto_dnssec (automatic in 9.20)
|
||||||
|
# - glue_cache (always enabled in 9.20)
|
||||||
|
logging:
|
||||||
|
channels:
|
||||||
|
- name: default_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/default.log
|
||||||
|
severity: info
|
||||||
|
print_time: true
|
||||||
|
print_severity: true
|
||||||
|
print_category: true
|
||||||
|
- name: security_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/security.log
|
||||||
|
severity: dynamic
|
||||||
|
print_time: true
|
||||||
|
print_severity: true
|
||||||
|
print_category: true
|
||||||
|
- name: query_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/queries.log
|
||||||
|
versions: 5
|
||||||
|
size: 10m
|
||||||
|
severity: info
|
||||||
|
print_time: true
|
||||||
|
- name: dnssec_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/dnssec.log
|
||||||
|
severity: debug
|
||||||
|
print_time: true
|
||||||
|
print_severity: true
|
||||||
|
- name: rate_limit_log
|
||||||
|
syslog: daemon
|
||||||
|
severity: warning
|
||||||
|
categories:
|
||||||
|
- name: default
|
||||||
|
channels:
|
||||||
|
- default_log
|
||||||
|
- name: general
|
||||||
|
channels:
|
||||||
|
- default_log
|
||||||
|
- name: security
|
||||||
|
channels:
|
||||||
|
- security_log
|
||||||
|
- name: queries
|
||||||
|
channels:
|
||||||
|
- query_log
|
||||||
|
- name: dnssec
|
||||||
|
channels:
|
||||||
|
- dnssec_log
|
||||||
|
- name: rate-limit
|
||||||
|
channels:
|
||||||
|
- rate_limit_log
|
||||||
|
- name: named.conf.local
|
||||||
|
tls:
|
||||||
|
- name: censurfridns-anycast
|
||||||
|
remote_hostname: anycast.uncensoreddns.org
|
||||||
|
- name: censurfridns-unicast
|
||||||
|
remote_hostname: unicast.uncensoreddns.org
|
||||||
|
zones:
|
||||||
|
- name: example.internal
|
||||||
|
type: forward
|
||||||
|
forward: only
|
||||||
|
forwarders:
|
||||||
|
- 10.0.0.53
|
||||||
|
- 10.0.0.54
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
# Molecule scenario for BIND9 9.20+ support validation
|
||||||
|
# This scenario tests the role with BIND9 9.20 and later feature releases
|
||||||
|
# Note: May require ubuntu:24.04 or Debian 13 (Trixie) for 9.20 package availability
|
||||||
|
|
||||||
|
driver:
|
||||||
|
name: podman
|
||||||
|
platforms:
|
||||||
|
- name: ubuntu-2404-bind920
|
||||||
|
image: docker.io/library/ubuntu:24.04
|
||||||
|
command: /lib/systemd/systemd
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
cgroupns_mode: host
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
ALLOW_BROKEN_CONDITIONALS: true
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: Prepare
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: Update package cache
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install DNS query tools (dnsutils)
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- dnsutils
|
||||||
|
- bind9-doc
|
||||||
|
state: present
|
||||||
@@ -0,0 +1,120 @@
|
|||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: Check that BIND9 is installed
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: bind9
|
||||||
|
state: present
|
||||||
|
check_mode: true
|
||||||
|
register: __bind9_package_check
|
||||||
|
failed_when: __bind9_package_check is changed
|
||||||
|
|
||||||
|
- name: Check that BIND9 service is running
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: named
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
check_mode: true
|
||||||
|
register: __bind9_service_check
|
||||||
|
failed_when: __bind9_service_check is changed
|
||||||
|
|
||||||
|
- name: Check that BIND9 version is 9.20 or later
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: named -v
|
||||||
|
register: __bind9_version_check
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Display BIND9 version
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "BIND9 version: {{ __bind9_version_check.stdout }}"
|
||||||
|
|
||||||
|
- name: Check that named.conf.options exists
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/bind/named.conf.options
|
||||||
|
register: __options_file
|
||||||
|
failed_when: not __options_file.stat.exists
|
||||||
|
|
||||||
|
- name: Check that named.conf.local exists
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/bind/named.conf.local
|
||||||
|
register: __local_file
|
||||||
|
failed_when: not __local_file.stat.exists
|
||||||
|
|
||||||
|
- name: Read named.conf.options content
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
path: /etc/bind/named.conf.options
|
||||||
|
register: __options_content
|
||||||
|
|
||||||
|
- name: Verify forwarders are configured in options
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "'forwarders' in __options_decoded"
|
||||||
|
- "'91.239.100.100' in __options_decoded"
|
||||||
|
- "'forward first' in __options_decoded"
|
||||||
|
fail_msg: Forwarders not properly configured in named.conf.options
|
||||||
|
vars:
|
||||||
|
__options_decoded: "{{ __options_content.content | b64decode }}"
|
||||||
|
|
||||||
|
- name: Read named.conf.local content
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
path: /etc/bind/named.conf.local
|
||||||
|
register: __local_content
|
||||||
|
|
||||||
|
- name: Verify forward zone is configured
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "'zone \"example.internal\"' in __local_decoded"
|
||||||
|
- "'type forward' in __local_decoded"
|
||||||
|
- "'forward only' in __local_decoded"
|
||||||
|
fail_msg: Forward zone not properly configured in named.conf.local
|
||||||
|
vars:
|
||||||
|
__local_decoded: "{{ __local_content.content | b64decode }}"
|
||||||
|
|
||||||
|
- name: Test DNS resolution using localhost
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: dig @localhost google.com +short
|
||||||
|
register: __dns_query
|
||||||
|
changed_when: false
|
||||||
|
failed_when: __dns_query.rc != 0
|
||||||
|
|
||||||
|
- name: Verify DNS query returned results
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- __dns_query.stdout_lines | length > 0
|
||||||
|
fail_msg: DNS forwarding is not working
|
||||||
|
|
||||||
|
- name: Validate configuration syntax with named-checkconf
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: named-checkconf /etc/bind/named.conf
|
||||||
|
register: __named_checkconf
|
||||||
|
changed_when: false
|
||||||
|
failed_when: __named_checkconf.rc != 0
|
||||||
|
|
||||||
|
- name: Check BIND logs for errors
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: tail -30 /var/log/named/default.log
|
||||||
|
register: __bind_logs
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Display BIND logs
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "BIND logs:\n{{ __bind_logs.stdout }}"
|
||||||
|
|
||||||
|
- name: Verify no critical errors in logs
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
set -o pipefail
|
||||||
|
if grep -i "error" /var/log/named/default.log | grep -v "error reporting" > /dev/null; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
register: __error_check
|
||||||
|
|
||||||
|
- name: Assert no critical errors found
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- __error_check.rc == 0
|
||||||
|
fail_msg: Found critical errors in BIND logs
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: Converge
|
- name: Converge
|
||||||
hosts: all
|
hosts: all
|
||||||
tasks:
|
roles:
|
||||||
- name: Include bind9 role
|
- ansible-bind9-role
|
||||||
ansible.builtin.include_role:
|
|
||||||
name: ../../../ansible-bind9-role # noqa: role-name[path]
|
|
||||||
vars:
|
vars:
|
||||||
|
bind9_log_dir: /var/log/named
|
||||||
|
bind9_backup_config: false
|
||||||
bind9_host_config:
|
bind9_host_config:
|
||||||
- name: named.conf.options
|
- name: named.conf.options
|
||||||
options:
|
options:
|
||||||
@@ -26,6 +26,71 @@
|
|||||||
tls: censurfridns-unicast
|
tls: censurfridns-unicast
|
||||||
forward: first
|
forward: first
|
||||||
dnssec_validation: auto
|
dnssec_validation: auto
|
||||||
|
dnstap:
|
||||||
|
- type: auth
|
||||||
|
- type: resolver
|
||||||
|
log: query
|
||||||
|
- type: client
|
||||||
|
log: response
|
||||||
|
dnstap_output:
|
||||||
|
output_type: file
|
||||||
|
output_file: /var/log/named/dnstap.log
|
||||||
|
size: 20m
|
||||||
|
versions: 3
|
||||||
|
suffix: increment
|
||||||
|
dnstap_identity: dns-server-01
|
||||||
|
dnstap_version: 9.18
|
||||||
|
logging:
|
||||||
|
channels:
|
||||||
|
- name: default_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/default.log
|
||||||
|
severity: info
|
||||||
|
print_time: true
|
||||||
|
print_severity: true
|
||||||
|
print_category: true
|
||||||
|
- name: security_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/security.log
|
||||||
|
severity: dynamic
|
||||||
|
print_time: true
|
||||||
|
print_severity: true
|
||||||
|
print_category: true
|
||||||
|
- name: query_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/queries.log
|
||||||
|
versions: 5
|
||||||
|
size: 10m
|
||||||
|
severity: info
|
||||||
|
print_time: true
|
||||||
|
- name: dnssec_log
|
||||||
|
file:
|
||||||
|
name: /var/log/named/dnssec.log
|
||||||
|
severity: debug
|
||||||
|
print_time: true
|
||||||
|
print_severity: true
|
||||||
|
- name: rate_limit_log
|
||||||
|
syslog: daemon
|
||||||
|
severity: warning
|
||||||
|
categories:
|
||||||
|
- name: default
|
||||||
|
channels:
|
||||||
|
- default_log
|
||||||
|
- name: general
|
||||||
|
channels:
|
||||||
|
- default_log
|
||||||
|
- name: security
|
||||||
|
channels:
|
||||||
|
- security_log
|
||||||
|
- name: queries
|
||||||
|
channels:
|
||||||
|
- query_log
|
||||||
|
- name: dnssec
|
||||||
|
channels:
|
||||||
|
- dnssec_log
|
||||||
|
- name: rate-limit
|
||||||
|
channels:
|
||||||
|
- rate_limit_log
|
||||||
- name: named.conf.local
|
- name: named.conf.local
|
||||||
tls:
|
tls:
|
||||||
- name: censurfridns-anycast
|
- name: censurfridns-anycast
|
||||||
@@ -39,3 +104,14 @@
|
|||||||
forwarders:
|
forwarders:
|
||||||
- 10.0.0.53
|
- 10.0.0.53
|
||||||
- 10.0.0.54
|
- 10.0.0.54
|
||||||
|
|
||||||
|
- name: Post-converge
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: Create log directory for BIND
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /var/log/named
|
||||||
|
state: directory
|
||||||
|
mode: '0750'
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
|||||||
@@ -11,6 +11,8 @@ platforms:
|
|||||||
cgroupns_mode: host
|
cgroupns_mode: host
|
||||||
provisioner:
|
provisioner:
|
||||||
name: ansible
|
name: ansible
|
||||||
|
env:
|
||||||
|
ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/..
|
||||||
config_options:
|
config_options:
|
||||||
defaults:
|
defaults:
|
||||||
ALLOW_BROKEN_CONDITIONALS: true
|
ALLOW_BROKEN_CONDITIONALS: true
|
||||||
|
|||||||
@@ -41,7 +41,8 @@
|
|||||||
ansible.builtin.assert:
|
ansible.builtin.assert:
|
||||||
that:
|
that:
|
||||||
- "'forwarders' in __options_decoded"
|
- "'forwarders' in __options_decoded"
|
||||||
- "'8.8.8.8' in __options_decoded"
|
- "'91.239.100.100' in __options_decoded"
|
||||||
|
- "'89.233.43.71' in __options_decoded"
|
||||||
- "'forward first' in __options_decoded"
|
- "'forward first' in __options_decoded"
|
||||||
fail_msg: Forwarders not properly configured in named.conf.options
|
fail_msg: Forwarders not properly configured in named.conf.options
|
||||||
vars:
|
vars:
|
||||||
|
|||||||
@@ -0,0 +1,390 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""
|
||||||
|
Compare BIND9 grammar files between versions to identify breaking changes.
|
||||||
|
|
||||||
|
This script compares grammar files from two BIND9 versions and generates
|
||||||
|
a comprehensive report of:
|
||||||
|
- Removed options (breaking changes)
|
||||||
|
- Added options (new features)
|
||||||
|
- Modified option syntax
|
||||||
|
- Deprecated options
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
python scripts/compare_bind_versions.py \\
|
||||||
|
--version1-dir bind9-grammar/upstream/v9.18.44 \\
|
||||||
|
--version2-dir bind9-grammar/upstream/v9.20.18 \\
|
||||||
|
--output docs/BIND_VERSION_DIFFERENCES.md
|
||||||
|
"""
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import json
|
||||||
|
import sys
|
||||||
|
from pathlib import Path
|
||||||
|
from typing import Dict, List, Set, Tuple
|
||||||
|
import re
|
||||||
|
|
||||||
|
|
||||||
|
class GrammarComparator:
|
||||||
|
"""Compare BIND9 grammar files between versions."""
|
||||||
|
|
||||||
|
def __init__(self, version1_dir: Path, version2_dir: Path):
|
||||||
|
"""
|
||||||
|
Initialize comparator with two version directories.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
version1_dir: Path to first version's grammar files
|
||||||
|
version2_dir: Path to second version's grammar files
|
||||||
|
"""
|
||||||
|
self.version1_dir = version1_dir
|
||||||
|
self.version2_dir = version2_dir
|
||||||
|
self.version1_name = version1_dir.name
|
||||||
|
self.version2_name = version2_dir.name
|
||||||
|
|
||||||
|
def load_grammar_file(self, file_path: Path) -> Dict:
|
||||||
|
"""Load and parse a grammar file."""
|
||||||
|
try:
|
||||||
|
with open(file_path, 'r', encoding='utf-8') as f:
|
||||||
|
content = f.read()
|
||||||
|
|
||||||
|
# Parse grammar file into structured data
|
||||||
|
options = self._parse_grammar(content)
|
||||||
|
return options
|
||||||
|
except FileNotFoundError:
|
||||||
|
return {}
|
||||||
|
|
||||||
|
def _parse_grammar(self, content: str) -> Dict[str, str]:
|
||||||
|
"""
|
||||||
|
Parse grammar content into a dictionary of options.
|
||||||
|
|
||||||
|
This is a simplified parser that extracts top-level keywords
|
||||||
|
and their definitions.
|
||||||
|
"""
|
||||||
|
options = {}
|
||||||
|
lines = content.split('\n')
|
||||||
|
|
||||||
|
for line in lines:
|
||||||
|
line = line.strip()
|
||||||
|
if not line or line.startswith('#') or line.startswith('//'):
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Extract keyword and its definition
|
||||||
|
# Pattern: keyword <definition>; or keyword <definition> { ... };
|
||||||
|
match = re.match(r'^([a-z0-9-]+)\s+(.+?)(?:;|$)', line)
|
||||||
|
if match:
|
||||||
|
keyword = match.group(1)
|
||||||
|
definition = match.group(2).strip()
|
||||||
|
|
||||||
|
# Extract flags from comments
|
||||||
|
flags = []
|
||||||
|
if '// may occur multiple times' in line:
|
||||||
|
flags.append('may occur multiple times')
|
||||||
|
if '// deprecated' in line:
|
||||||
|
flags.append('deprecated')
|
||||||
|
if '// obsolete' in line:
|
||||||
|
flags.append('obsolete')
|
||||||
|
if '// not configured' in line:
|
||||||
|
flags.append('not configured')
|
||||||
|
if '// test only' in line:
|
||||||
|
flags.append('test only')
|
||||||
|
if '// experimental' in line:
|
||||||
|
flags.append('experimental')
|
||||||
|
|
||||||
|
options[keyword] = {
|
||||||
|
'definition': definition,
|
||||||
|
'flags': flags,
|
||||||
|
'raw_line': line
|
||||||
|
}
|
||||||
|
|
||||||
|
return options
|
||||||
|
|
||||||
|
def compare_files(self, filename: str) -> Dict:
|
||||||
|
"""
|
||||||
|
Compare a specific grammar file between two versions.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
Dict with added, removed, modified, and deprecated options
|
||||||
|
"""
|
||||||
|
file1 = self.version1_dir / 'grammar' / filename
|
||||||
|
file2 = self.version2_dir / 'grammar' / filename
|
||||||
|
|
||||||
|
options1 = self.load_grammar_file(file1)
|
||||||
|
options2 = self.load_grammar_file(file2)
|
||||||
|
|
||||||
|
keys1 = set(options1.keys())
|
||||||
|
keys2 = set(options2.keys())
|
||||||
|
|
||||||
|
# Identify changes
|
||||||
|
added = keys2 - keys1
|
||||||
|
removed = keys1 - keys2
|
||||||
|
common = keys1 & keys2
|
||||||
|
|
||||||
|
modified = []
|
||||||
|
deprecated_new = []
|
||||||
|
|
||||||
|
for key in common:
|
||||||
|
opt1 = options1[key]
|
||||||
|
opt2 = options2[key]
|
||||||
|
|
||||||
|
# Check if definition changed
|
||||||
|
if opt1['definition'] != opt2['definition']:
|
||||||
|
modified.append({
|
||||||
|
'option': key,
|
||||||
|
'old_definition': opt1['definition'],
|
||||||
|
'new_definition': opt2['definition']
|
||||||
|
})
|
||||||
|
|
||||||
|
# Check if newly deprecated
|
||||||
|
if 'deprecated' not in opt1['flags'] and 'deprecated' in opt2['flags']:
|
||||||
|
deprecated_new.append(key)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'file': filename,
|
||||||
|
'added': sorted(added),
|
||||||
|
'removed': sorted(removed),
|
||||||
|
'modified': modified,
|
||||||
|
'deprecated_new': deprecated_new,
|
||||||
|
'options1_count': len(options1),
|
||||||
|
'options2_count': len(options2)
|
||||||
|
}
|
||||||
|
|
||||||
|
def compare_all(self) -> Dict:
|
||||||
|
"""Compare all grammar files between versions."""
|
||||||
|
# List of grammar files to compare
|
||||||
|
grammar_files = [
|
||||||
|
'options',
|
||||||
|
'forward.zoneopt',
|
||||||
|
'hint.zoneopt',
|
||||||
|
'in-view.zoneopt',
|
||||||
|
'mirror.zoneopt',
|
||||||
|
'primary.zoneopt',
|
||||||
|
'redirect.zoneopt',
|
||||||
|
'secondary.zoneopt',
|
||||||
|
'static-stub.zoneopt',
|
||||||
|
'stub.zoneopt',
|
||||||
|
'delegation-only.zoneopt',
|
||||||
|
'rndc.grammar',
|
||||||
|
]
|
||||||
|
|
||||||
|
results = {}
|
||||||
|
for filename in grammar_files:
|
||||||
|
result = self.compare_files(filename)
|
||||||
|
results[filename] = result
|
||||||
|
|
||||||
|
return results
|
||||||
|
|
||||||
|
def generate_markdown_report(self, results: Dict) -> str:
|
||||||
|
"""Generate a Markdown report from comparison results."""
|
||||||
|
lines = []
|
||||||
|
lines.append(f"# BIND9 Version Differences: {self.version1_name} vs {self.version2_name}")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"This document compares BIND9 configuration grammar between {self.version1_name} and {self.version2_name}.")
|
||||||
|
lines.append("")
|
||||||
|
lines.append("Generated automatically by `scripts/compare_bind_versions.py`.")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# Summary
|
||||||
|
lines.append("## Summary")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
total_added = sum(len(r['added']) for r in results.values())
|
||||||
|
total_removed = sum(len(r['removed']) for r in results.values())
|
||||||
|
total_modified = sum(len(r['modified']) for r in results.values())
|
||||||
|
total_deprecated = sum(len(r['deprecated_new']) for r in results.values())
|
||||||
|
|
||||||
|
lines.append(f"- **New Options**: {total_added}")
|
||||||
|
lines.append(f"- **Removed Options**: {total_removed} ⚠️")
|
||||||
|
lines.append(f"- **Modified Options**: {total_modified}")
|
||||||
|
lines.append(f"- **Newly Deprecated**: {total_deprecated}")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# Breaking Changes
|
||||||
|
if total_removed > 0:
|
||||||
|
lines.append("## ⚠️ Breaking Changes")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"The following options were removed in {self.version2_name} and will cause configuration errors:")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
for filename, result in results.items():
|
||||||
|
if result['removed']:
|
||||||
|
lines.append(f"### {filename}")
|
||||||
|
lines.append("")
|
||||||
|
for option in result['removed']:
|
||||||
|
lines.append(f"- `{option}`")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# New Features
|
||||||
|
if total_added > 0:
|
||||||
|
lines.append("## ✨ New Features")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"The following options were added in {self.version2_name}:")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
for filename, result in results.items():
|
||||||
|
if result['added']:
|
||||||
|
lines.append(f"### {filename}")
|
||||||
|
lines.append("")
|
||||||
|
for option in result['added']:
|
||||||
|
lines.append(f"- `{option}`")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# Modified Options
|
||||||
|
if total_modified > 0:
|
||||||
|
lines.append("## 🔧 Modified Options")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"The following options have syntax changes in {self.version2_name}:")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
for filename, result in results.items():
|
||||||
|
if result['modified']:
|
||||||
|
lines.append(f"### {filename}")
|
||||||
|
lines.append("")
|
||||||
|
for mod in result['modified']:
|
||||||
|
lines.append(f"#### `{mod['option']}`")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"**{self.version1_name}**:")
|
||||||
|
lines.append(f"```")
|
||||||
|
lines.append(f"{mod['old_definition']}")
|
||||||
|
lines.append(f"```")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"**{self.version2_name}**:")
|
||||||
|
lines.append(f"```")
|
||||||
|
lines.append(f"{mod['new_definition']}")
|
||||||
|
lines.append(f"```")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# Deprecated Options
|
||||||
|
if total_deprecated > 0:
|
||||||
|
lines.append("## 📋 Newly Deprecated Options")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"The following options were marked as deprecated in {self.version2_name}:")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
for filename, result in results.items():
|
||||||
|
if result['deprecated_new']:
|
||||||
|
lines.append(f"### {filename}")
|
||||||
|
lines.append("")
|
||||||
|
for option in result['deprecated_new']:
|
||||||
|
lines.append(f"- `{option}`")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# File-by-File Comparison
|
||||||
|
lines.append("## Detailed File-by-File Comparison")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
for filename, result in results.items():
|
||||||
|
lines.append(f"### {filename}")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"- {self.version1_name}: {result['options1_count']} options")
|
||||||
|
lines.append(f"- {self.version2_name}: {result['options2_count']} options")
|
||||||
|
lines.append(f"- Added: {len(result['added'])}")
|
||||||
|
lines.append(f"- Removed: {len(result['removed'])}")
|
||||||
|
lines.append(f"- Modified: {len(result['modified'])}")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
# Migration Guide
|
||||||
|
if total_removed > 0 or total_deprecated > 0:
|
||||||
|
lines.append("## Migration Guide")
|
||||||
|
lines.append("")
|
||||||
|
lines.append(f"### Migrating from {self.version1_name} to {self.version2_name}")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
if total_removed > 0:
|
||||||
|
lines.append("1. **Remove unsupported options** from your configuration")
|
||||||
|
lines.append(" - Review the Breaking Changes section above")
|
||||||
|
lines.append(" - Check if there are replacement options")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
if total_deprecated > 0:
|
||||||
|
lines.append("2. **Plan for deprecated options**")
|
||||||
|
lines.append(" - These options still work but may be removed in future versions")
|
||||||
|
lines.append(" - Start planning migration to recommended alternatives")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
lines.append("3. **Test your configuration**")
|
||||||
|
lines.append(" - Use `named-checkconf` to validate syntax")
|
||||||
|
lines.append(" - Test in a development environment before production")
|
||||||
|
lines.append("")
|
||||||
|
|
||||||
|
return '\n'.join(lines)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
"""Main entry point."""
|
||||||
|
parser = argparse.ArgumentParser(
|
||||||
|
description="Compare BIND9 grammar files between versions"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--version1-dir",
|
||||||
|
type=Path,
|
||||||
|
required=True,
|
||||||
|
help="Directory containing first version's grammar files"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--version2-dir",
|
||||||
|
type=Path,
|
||||||
|
required=True,
|
||||||
|
help="Directory containing second version's grammar files"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--output",
|
||||||
|
type=Path,
|
||||||
|
default=Path("docs/BIND_VERSION_DIFFERENCES.md"),
|
||||||
|
help="Output file for Markdown report"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--json",
|
||||||
|
type=Path,
|
||||||
|
help="Also output raw comparison as JSON"
|
||||||
|
)
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
# Validate directories
|
||||||
|
if not args.version1_dir.exists():
|
||||||
|
print(f"Error: {args.version1_dir} does not exist", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if not args.version2_dir.exists():
|
||||||
|
print(f"Error: {args.version2_dir} does not exist", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# Perform comparison
|
||||||
|
print(f"Comparing BIND9 versions:")
|
||||||
|
print(f" Version 1: {args.version1_dir.name}")
|
||||||
|
print(f" Version 2: {args.version2_dir.name}")
|
||||||
|
|
||||||
|
comparator = GrammarComparator(args.version1_dir, args.version2_dir)
|
||||||
|
results = comparator.compare_all()
|
||||||
|
|
||||||
|
# Generate and save Markdown report
|
||||||
|
report = comparator.generate_markdown_report(results)
|
||||||
|
|
||||||
|
args.output.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
with open(args.output, 'w', encoding='utf-8') as f:
|
||||||
|
f.write(report)
|
||||||
|
|
||||||
|
print(f"✓ Markdown report saved to: {args.output}")
|
||||||
|
|
||||||
|
# Save JSON if requested
|
||||||
|
if args.json:
|
||||||
|
args.json.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
with open(args.json, 'w', encoding='utf-8') as f:
|
||||||
|
json.dump(results, f, indent=2)
|
||||||
|
print(f"✓ JSON comparison saved to: {args.json}")
|
||||||
|
|
||||||
|
# Print summary
|
||||||
|
total_added = sum(len(r['added']) for r in results.values())
|
||||||
|
total_removed = sum(len(r['removed']) for r in results.values())
|
||||||
|
total_modified = sum(len(r['modified']) for r in results.values())
|
||||||
|
|
||||||
|
print(f"\nComparison Summary:")
|
||||||
|
print(f" Added options: {total_added}")
|
||||||
|
print(f" Removed options: {total_removed}")
|
||||||
|
print(f" Modified options: {total_modified}")
|
||||||
|
|
||||||
|
if total_removed > 0:
|
||||||
|
print(f"\n⚠️ Warning: {total_removed} breaking changes detected!")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
@@ -0,0 +1,179 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""
|
||||||
|
Fetch BIND9 grammar files from Gitea mirror repository for version comparison.
|
||||||
|
|
||||||
|
This script uses the Gitea MCP tools to fetch grammar files from the official
|
||||||
|
BIND9 mirror at git.valid.dk/Mirrors/bind9 for specified version tags.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
from pathlib import Path
|
||||||
|
from typing import Dict, List
|
||||||
|
|
||||||
|
|
||||||
|
# Grammar files to fetch from doc/misc/
|
||||||
|
GRAMMAR_FILES = [
|
||||||
|
"options",
|
||||||
|
"forward.zoneopt",
|
||||||
|
"hint.zoneopt",
|
||||||
|
"in-view.zoneopt",
|
||||||
|
"mirror.zoneopt",
|
||||||
|
"primary.zoneopt",
|
||||||
|
"redirect.zoneopt",
|
||||||
|
"secondary.zoneopt",
|
||||||
|
"static-stub.zoneopt",
|
||||||
|
"stub.zoneopt",
|
||||||
|
"delegation-only.zoneopt",
|
||||||
|
"rndc.grammar",
|
||||||
|
]
|
||||||
|
|
||||||
|
# Support files
|
||||||
|
SUPPORT_FILES = [
|
||||||
|
"parsegrammar.py",
|
||||||
|
"checkgrammar.py",
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def fetch_file_content(owner: str, repo: str, ref: str, file_path: str) -> str:
|
||||||
|
"""
|
||||||
|
Fetch file content from Gitea repository.
|
||||||
|
|
||||||
|
This would use mcp_gitea-mcp_get_file_content in the actual MCP environment.
|
||||||
|
For standalone usage, returns placeholder.
|
||||||
|
"""
|
||||||
|
# In MCP environment, this would call:
|
||||||
|
# mcp_gitea-mcp_get_file_content(owner=owner, repo=repo, ref=ref, filePath=file_path)
|
||||||
|
print(f"Would fetch: {owner}/{repo}@{ref}:{file_path}")
|
||||||
|
return ""
|
||||||
|
|
||||||
|
|
||||||
|
def save_grammar_file(content: str, version: str, filename: str, output_dir: Path):
|
||||||
|
"""Save fetched grammar file to local directory."""
|
||||||
|
version_dir = output_dir / version / "grammar"
|
||||||
|
version_dir.mkdir(parents=True, exist_ok=True)
|
||||||
|
|
||||||
|
file_path = version_dir / filename
|
||||||
|
with open(file_path, 'w', encoding='utf-8') as f:
|
||||||
|
f.write(content)
|
||||||
|
|
||||||
|
print(f"Saved: {file_path}")
|
||||||
|
|
||||||
|
|
||||||
|
def fetch_version_grammars(owner: str, repo: str, tag: str, output_dir: Path):
|
||||||
|
"""Fetch all grammar files for a specific version tag."""
|
||||||
|
print(f"\n=== Fetching grammar files for {tag} ===")
|
||||||
|
|
||||||
|
# Create metadata
|
||||||
|
metadata = {
|
||||||
|
"version": tag,
|
||||||
|
"repository": f"{owner}/{repo}",
|
||||||
|
"files": [],
|
||||||
|
}
|
||||||
|
|
||||||
|
# Fetch grammar files
|
||||||
|
for grammar_file in GRAMMAR_FILES:
|
||||||
|
try:
|
||||||
|
file_path = f"doc/misc/{grammar_file}"
|
||||||
|
content = fetch_file_content(owner, repo, tag, file_path)
|
||||||
|
|
||||||
|
if content:
|
||||||
|
save_grammar_file(content, tag, grammar_file, output_dir)
|
||||||
|
metadata["files"].append({
|
||||||
|
"name": grammar_file,
|
||||||
|
"path": file_path,
|
||||||
|
"type": "grammar"
|
||||||
|
})
|
||||||
|
except Exception as e:
|
||||||
|
print(f"Warning: Could not fetch {grammar_file}: {e}")
|
||||||
|
|
||||||
|
# Fetch support files
|
||||||
|
for support_file in SUPPORT_FILES:
|
||||||
|
try:
|
||||||
|
file_path = f"doc/misc/{support_file}"
|
||||||
|
content = fetch_file_content(owner, repo, tag, file_path)
|
||||||
|
|
||||||
|
if content:
|
||||||
|
save_grammar_file(content, tag, support_file, output_dir)
|
||||||
|
metadata["files"].append({
|
||||||
|
"name": support_file,
|
||||||
|
"path": file_path,
|
||||||
|
"type": "support"
|
||||||
|
})
|
||||||
|
except Exception as e:
|
||||||
|
print(f"Warning: Could not fetch {support_file}: {e}")
|
||||||
|
|
||||||
|
# Save metadata
|
||||||
|
metadata_file = output_dir / tag / "metadata.json"
|
||||||
|
with open(metadata_file, 'w', encoding='utf-8') as f:
|
||||||
|
json.dump(metadata, f, indent=2)
|
||||||
|
|
||||||
|
print(f"Metadata saved: {metadata_file}")
|
||||||
|
return metadata
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
"""Main entry point."""
|
||||||
|
parser = argparse.ArgumentParser(
|
||||||
|
description="Fetch BIND9 grammar files from Gitea mirror"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--owner",
|
||||||
|
default="Mirrors",
|
||||||
|
help="Repository owner (default: Mirrors)"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--repo",
|
||||||
|
default="bind9",
|
||||||
|
help="Repository name (default: bind9)"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--tags",
|
||||||
|
nargs="+",
|
||||||
|
default=["v9.18.44", "v9.20.18"],
|
||||||
|
help="Version tags to fetch (default: v9.18.44 v9.20.18)"
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--output-dir",
|
||||||
|
type=Path,
|
||||||
|
default=Path("bind9-grammar/upstream"),
|
||||||
|
help="Output directory for grammar files"
|
||||||
|
)
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
print("BIND9 Grammar Fetcher")
|
||||||
|
print("=" * 60)
|
||||||
|
print(f"Repository: {args.owner}/{args.repo}")
|
||||||
|
print(f"Tags: {', '.join(args.tags)}")
|
||||||
|
print(f"Output: {args.output_dir}")
|
||||||
|
|
||||||
|
# Fetch grammars for each version
|
||||||
|
results = {}
|
||||||
|
for tag in args.tags:
|
||||||
|
try:
|
||||||
|
metadata = fetch_version_grammars(
|
||||||
|
args.owner,
|
||||||
|
args.repo,
|
||||||
|
tag,
|
||||||
|
args.output_dir
|
||||||
|
)
|
||||||
|
results[tag] = metadata
|
||||||
|
except Exception as e:
|
||||||
|
print(f"Error fetching {tag}: {e}")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
# Save overall summary
|
||||||
|
summary_file = args.output_dir / "fetch_summary.json"
|
||||||
|
with open(summary_file, 'w', encoding='utf-8') as f:
|
||||||
|
json.dump(results, f, indent=2)
|
||||||
|
|
||||||
|
print(f"\n=== Fetch complete ===")
|
||||||
|
print(f"Summary: {summary_file}")
|
||||||
|
print(f"Fetched {len(results)} versions")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
@@ -0,0 +1,163 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""
|
||||||
|
Fetch BIND9 grammar files using Gitea MCP integration.
|
||||||
|
|
||||||
|
This script demonstrates how to use mcp_gitea-mcp tools to fetch grammar files.
|
||||||
|
Since we can't directly call MCP tools from Python, this serves as documentation
|
||||||
|
for the manual fetching process that should be done through the MCP interface.
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
The actual fetching should be done through MCP tool calls:
|
||||||
|
|
||||||
|
1. List available tags:
|
||||||
|
mcp_gitea-mcp_list_tags(owner="Mirrors", repo="bind9")
|
||||||
|
|
||||||
|
2. Get directory listing:
|
||||||
|
mcp_gitea-mcp_get_dir_content(owner="Mirrors", repo="bind9",
|
||||||
|
ref="v9.18.44", filePath="doc/misc")
|
||||||
|
|
||||||
|
3. Fetch each grammar file:
|
||||||
|
mcp_gitea-mcp_get_file_content(owner="Mirrors", repo="bind9",
|
||||||
|
ref="v9.18.44",
|
||||||
|
filePath="doc/misc/options")
|
||||||
|
"""
|
||||||
|
|
||||||
|
import json
|
||||||
|
from pathlib import Path
|
||||||
|
from typing import Dict, List
|
||||||
|
|
||||||
|
# Target versions
|
||||||
|
VERSIONS = {
|
||||||
|
"9.18": "v9.18.44",
|
||||||
|
"9.20": "v9.20.18",
|
||||||
|
}
|
||||||
|
|
||||||
|
# Grammar files to fetch
|
||||||
|
GRAMMAR_FILES = [
|
||||||
|
"options",
|
||||||
|
"forward.zoneopt",
|
||||||
|
"hint.zoneopt",
|
||||||
|
"in-view.zoneopt",
|
||||||
|
"mirror.zoneopt",
|
||||||
|
"primary.zoneopt",
|
||||||
|
"redirect.zoneopt",
|
||||||
|
"secondary.zoneopt",
|
||||||
|
"static-stub.zoneopt",
|
||||||
|
"stub.zoneopt",
|
||||||
|
"delegation-only.zoneopt",
|
||||||
|
"rndc.grammar",
|
||||||
|
]
|
||||||
|
|
||||||
|
SUPPORT_FILES = [
|
||||||
|
"parsegrammar.py",
|
||||||
|
"checkgrammar.py",
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def generate_fetch_commands() -> List[Dict]:
|
||||||
|
"""Generate MCP tool call commands for fetching grammar files."""
|
||||||
|
commands = []
|
||||||
|
|
||||||
|
for version_name, tag in VERSIONS.items():
|
||||||
|
# List directory command
|
||||||
|
commands.append({
|
||||||
|
"tool": "mcp_gitea-mcp_get_dir_content",
|
||||||
|
"params": {
|
||||||
|
"owner": "Mirrors",
|
||||||
|
"repo": "bind9",
|
||||||
|
"ref": tag,
|
||||||
|
"filePath": "doc/misc"
|
||||||
|
},
|
||||||
|
"description": f"List grammar files for {version_name} ({tag})"
|
||||||
|
})
|
||||||
|
|
||||||
|
# File fetch commands
|
||||||
|
for grammar_file in GRAMMAR_FILES + SUPPORT_FILES:
|
||||||
|
commands.append({
|
||||||
|
"tool": "mcp_gitea-mcp_get_file_content",
|
||||||
|
"params": {
|
||||||
|
"owner": "Mirrors",
|
||||||
|
"repo": "bind9",
|
||||||
|
"ref": tag,
|
||||||
|
"filePath": f"doc/misc/{grammar_file}"
|
||||||
|
},
|
||||||
|
"save_to": f"bind9-grammar/upstream/{tag}/grammar/{grammar_file}",
|
||||||
|
"description": f"Fetch {grammar_file} for {version_name}"
|
||||||
|
})
|
||||||
|
|
||||||
|
return commands
|
||||||
|
|
||||||
|
|
||||||
|
def save_file_structure() -> Dict:
|
||||||
|
"""Generate expected file structure after fetching."""
|
||||||
|
structure = {
|
||||||
|
"bind9-grammar": {
|
||||||
|
"upstream": {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for version_name, tag in VERSIONS.items():
|
||||||
|
structure["bind9-grammar"]["upstream"][tag] = {
|
||||||
|
"grammar": {
|
||||||
|
"files": GRAMMAR_FILES + SUPPORT_FILES
|
||||||
|
},
|
||||||
|
"metadata.json": {
|
||||||
|
"version": tag,
|
||||||
|
"version_name": version_name,
|
||||||
|
"repository": "Mirrors/bind9",
|
||||||
|
"fetched_files": len(GRAMMAR_FILES) + len(SUPPORT_FILES)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return structure
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
"""Generate instructions and commands for grammar fetching."""
|
||||||
|
print("=" * 70)
|
||||||
|
print("BIND9 Grammar Fetcher - MCP Integration Guide")
|
||||||
|
print("=" * 70)
|
||||||
|
|
||||||
|
print("\nTarget Versions:")
|
||||||
|
for version_name, tag in VERSIONS.items():
|
||||||
|
print(f" - BIND {version_name}: {tag}")
|
||||||
|
|
||||||
|
print(f"\nFiles to fetch per version: {len(GRAMMAR_FILES)} grammar files + {len(SUPPORT_FILES)} support files")
|
||||||
|
|
||||||
|
print("\n" + "=" * 70)
|
||||||
|
print("MCP TOOL CALL SEQUENCE")
|
||||||
|
print("=" * 70)
|
||||||
|
|
||||||
|
commands = generate_fetch_commands()
|
||||||
|
|
||||||
|
for i, cmd in enumerate(commands, 1):
|
||||||
|
print(f"\n[{i}/{len(commands)}] {cmd['description']}")
|
||||||
|
print(f"Tool: {cmd['tool']}")
|
||||||
|
print(f"Parameters:")
|
||||||
|
for key, value in cmd['params'].items():
|
||||||
|
print(f" - {key}: {value}")
|
||||||
|
if 'save_to' in cmd:
|
||||||
|
print(f"Save to: {cmd['save_to']}")
|
||||||
|
|
||||||
|
print("\n" + "=" * 70)
|
||||||
|
print("EXPECTED FILE STRUCTURE")
|
||||||
|
print("=" * 70)
|
||||||
|
|
||||||
|
structure = save_file_structure()
|
||||||
|
print(json.dumps(structure, indent=2))
|
||||||
|
|
||||||
|
# Save command list
|
||||||
|
output_dir = Path("bind9-grammar/upstream")
|
||||||
|
output_dir.mkdir(parents=True, exist_ok=True)
|
||||||
|
|
||||||
|
commands_file = output_dir / "fetch_commands.json"
|
||||||
|
with open(commands_file, 'w') as f:
|
||||||
|
json.dump(commands, f, indent=2)
|
||||||
|
|
||||||
|
print(f"\nCommand list saved to: {commands_file}")
|
||||||
|
print("\nNote: These commands should be executed through the MCP interface,")
|
||||||
|
print(" not directly from this Python script.")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
@@ -0,0 +1,78 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""
|
||||||
|
Fetch BIND9 grammar files using Gitea MCP tools.
|
||||||
|
This script must be run from an environment where MCP tools are available.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import base64
|
||||||
|
import json
|
||||||
|
import sys
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
# Files to fetch
|
||||||
|
GRAMMAR_FILES = [
|
||||||
|
"options",
|
||||||
|
"forward.zoneopt",
|
||||||
|
"hint.zoneopt",
|
||||||
|
"in-view.zoneopt",
|
||||||
|
"mirror.zoneopt",
|
||||||
|
"primary.zoneopt",
|
||||||
|
"redirect.zoneopt",
|
||||||
|
"secondary.zoneopt",
|
||||||
|
"static-stub.zoneopt",
|
||||||
|
"stub.zoneopt",
|
||||||
|
"delegation-only.zoneopt",
|
||||||
|
"rndc.grammar",
|
||||||
|
"parsegrammar.py",
|
||||||
|
"checkgrammar.py",
|
||||||
|
]
|
||||||
|
|
||||||
|
def save_file_from_mcp_result(result_json: dict, output_path: Path) -> bool:
|
||||||
|
"""Save a file from MCP tool result JSON."""
|
||||||
|
try:
|
||||||
|
if 'Result' in result_json and 'content' in result_json['Result']:
|
||||||
|
content_b64 = result_json['Result']['content']
|
||||||
|
content = base64.b64decode(content_b64).decode('utf-8')
|
||||||
|
|
||||||
|
output_path.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
with open(output_path, 'w', encoding='utf-8') as f:
|
||||||
|
f.write(content)
|
||||||
|
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
except Exception as e:
|
||||||
|
print(f"Error saving {output_path}: {e}", file=sys.stderr)
|
||||||
|
return False
|
||||||
|
|
||||||
|
def main():
|
||||||
|
"""Process stdin JSON from MCP tool calls."""
|
||||||
|
print("Reading MCP tool results from stdin...")
|
||||||
|
|
||||||
|
# Read all input
|
||||||
|
input_data = sys.stdin.read()
|
||||||
|
|
||||||
|
try:
|
||||||
|
result = json.loads(input_data)
|
||||||
|
|
||||||
|
# Determine output path from result metadata
|
||||||
|
if 'Result' in result and 'name' in result['Result']:
|
||||||
|
filename = result['Result']['name']
|
||||||
|
# Output path will be provided as command line argument
|
||||||
|
if len(sys.argv) > 1:
|
||||||
|
output_path = Path(sys.argv[1])
|
||||||
|
if save_file_from_mcp_result(result, output_path):
|
||||||
|
print(f"✓ Saved: {output_path}")
|
||||||
|
sys.exit(0)
|
||||||
|
else:
|
||||||
|
print(f"✗ Failed to save: {output_path}", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
print("✗ Could not determine output path", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
except json.JSONDecodeError as e:
|
||||||
|
print(f"✗ Invalid JSON input: {e}", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
@@ -0,0 +1,37 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""Helper script to save base64-encoded grammar file from MCP tool output."""
|
||||||
|
|
||||||
|
import base64
|
||||||
|
import json
|
||||||
|
import sys
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
def main():
|
||||||
|
if len(sys.argv) != 3:
|
||||||
|
print("Usage: save_grammar_file.py <json_file> <output_path>")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
json_file = Path(sys.argv[1])
|
||||||
|
output_path = Path(sys.argv[2])
|
||||||
|
|
||||||
|
# Read JSON from MCP tool output
|
||||||
|
with open(json_file, 'r') as f:
|
||||||
|
data = json.load(f)
|
||||||
|
|
||||||
|
# Extract and decode base64 content
|
||||||
|
if 'Result' in data and 'content' in data['Result']:
|
||||||
|
content_b64 = data['Result']['content']
|
||||||
|
content = base64.b64decode(content_b64).decode('utf-8')
|
||||||
|
|
||||||
|
# Save to output path
|
||||||
|
output_path.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
with open(output_path, 'w', encoding='utf-8') as f:
|
||||||
|
f.write(content)
|
||||||
|
|
||||||
|
print(f"✓ Saved: {output_path}")
|
||||||
|
else:
|
||||||
|
print(f"✗ Error: No content found in JSON", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
+20
-6
@@ -15,9 +15,20 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0750'
|
mode: "0750"
|
||||||
when: bind9_backup_config is defined and bind9_backup_config | bool
|
when: bind9_backup_config is defined and bind9_backup_config | bool
|
||||||
|
|
||||||
|
- name: Ensure logging directory exists if defined
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ bind9_log_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: bind
|
||||||
|
group: bind
|
||||||
|
mode: "0750"
|
||||||
|
when:
|
||||||
|
- bind9_log_dir is defined
|
||||||
|
- bind9_log_dir is not none
|
||||||
|
|
||||||
- name: Deploy and Validate Configuration
|
- name: Deploy and Validate Configuration
|
||||||
tags:
|
tags:
|
||||||
- bind9
|
- bind9
|
||||||
@@ -33,8 +44,10 @@
|
|||||||
remote_src: true
|
remote_src: true
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: '0640'
|
mode: "0640"
|
||||||
failed_when: false # It's okay if the file doesn't exist yet
|
when: bind9_backup_config | bool
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false # It's okay if the file doesn't exist yet
|
||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
@@ -45,11 +58,11 @@
|
|||||||
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
|
dest: "{{ bind9_cfgdir }}/{{ item.name }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: '0640'
|
mode: "0640"
|
||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
register: _template_result
|
register: bind9_template_result
|
||||||
|
|
||||||
- name: Validate configuration using named-checkconf
|
- name: Validate configuration using named-checkconf
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
@@ -64,7 +77,7 @@
|
|||||||
remote_src: true
|
remote_src: true
|
||||||
owner: root
|
owner: root
|
||||||
group: bind
|
group: bind
|
||||||
mode: '0640'
|
mode: "0640"
|
||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
@@ -84,6 +97,7 @@
|
|||||||
loop: "{{ bind9_config }}"
|
loop: "{{ bind9_config }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
|
changed_when: false
|
||||||
when: bind9_backup_config | bool is false
|
when: bind9_backup_config | bool is false
|
||||||
|
|
||||||
- name: Ensure the named service is started
|
- name: Ensure the named service is started
|
||||||
|
|||||||
Reference in New Issue
Block a user