# BIND9 Version Differences: v9.18.44 vs v9.20.18 This document compares BIND9 configuration grammar between v9.18.44 and v9.20.18. Generated automatically by `scripts/compare_bind_versions.py`. ## Summary - **New Options**: 35 - **Removed Options**: 44 ⚠️ - **Modified Options**: 22 - **Newly Deprecated**: 3 ## ⚠️ Breaking Changes The following options were removed in v9.20.18 and will cause configuration errors: ### options - `alt-transfer-source` - `alt-transfer-source-v6` - `auto-dnssec` - `coresize` - `datasize` - `dscp` - `files` - `glue-cache` - `heartbeat-interval` - `keep-response-order` - `lock-file` - `maxz-zone-ttl` - `parent-registration-delay` - `parental-agents` - `primaries` - `random-device` - `recurse-ing-file` - `reserved-sockets` - `resolver-nonbackoff-tries` - `resolver-retry-interval` - `reuse` - `root-delegation-only` - `stacksize` - `suppress-initial-notify` - `tkey-dhkey` - `tkey-gssapi-credential` - `use-alt-transfer-source` ### forward.zoneopt - `delegation-only` ### hint.zoneopt - `delegation-only` ### mirror.zoneopt - `alt-transfer-source` - `alt-transfer-source-v6` - `use-alt-transfer-source` ### primary.zoneopt - `alt-transfer-source` - `alt-transfer-source-v6` - `auto-dnssec` - `update-check-ksk` ### secondary.zoneopt - `alt-transfer-source` - `alt-transfer-source-v6` - `auto-dnssec` - `use-alt-transfer-source` ### stub.zoneopt - `delegation-only` - `use-alt-transfer-source` ### delegation-only.zoneopt - `type` - `zone` ## ✨ New Features The following options were added in v9.20.18: ### options - `allow-proxy` - `allow-proxy-on` - `cdnskey` - `cds-digest-types` - `check-svcb` - `cipher-suites` - `dnsrps-library` - `inline-signing` - `key-store` - `manual-mode` - `max-validation-failures-per-fetch` - `max-validations-per-fetch` - `min-transfer-rate-in` - `notify-defer` - `offline-ksk` - `pkcs11-uri` - `recursing-file` - `remote-servers` - `require-cookie` - `resolver-use-dns64` - `responselog` - `reuseport` - `sig0-checks-quota` - `sig0-checks-quota-exempt` - `sig0-key-checks-limit` - `sig0-message-checks-limit` ### mirror.zoneopt - `min-transfer-rate-in` - `notify-defer` ### primary.zoneopt - `check-svcb` - `checkds` - `notify-defer` ### secondary.zoneopt - `checkds` - `min-transfer-rate-in` - `notify-defer` ### stub.zoneopt - `min-transfer-rate-in` ## 🔧 Modified Options The following options have syntax changes in v9.20.18: ### options #### `listen-on` **v9.18.44**: ``` [ port ] [ tls ] [ http ] { ``` **v9.20.18**: ``` [ port ] [ proxy ] [ tls ] [ http ] { ``` #### `response-policy` **v9.18.44**: ``` { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] ``` **v9.20.18**: ``` { zone [ add-soa ] [ log ] [ max-policy-ttl ] [ min-update-interval ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only ) ] [ recursive-only ] [ nsip-enable ] [ nsdname-enable ] [ ede ] ``` #### `cookie-algorithm` **v9.18.44**: ``` ( aes | siphash24 ) ``` **v9.20.18**: ``` ( siphash24 ) ``` #### `forwarders` **v9.18.44**: ``` [ port ] { ( | ) [ port ] ``` **v9.20.18**: ``` [ port ] [ tls ] { ( | ) [ port ] [ tls ] ``` #### `listen-on-v6` **v9.18.44**: ``` [ port ] [ tls ] [ http ] { ``` **v9.20.18**: ``` [ port ] [ proxy ] [ tls ] [ http ] { ``` #### `also-notify` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` #### `catalog-zones` **v9.18.44**: ``` { zone [ default-primaries [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` { zone [ default-primaries [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` ### forward.zoneopt #### `forwarders` **v9.18.44**: ``` [ port ] { ( | ) [ port ] ``` **v9.20.18**: ``` [ port ] [ tls ] { ( | ) [ port ] [ tls ] ``` ### mirror.zoneopt #### `also-notify` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` #### `primaries` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` ### primary.zoneopt #### `update-policy` **v9.18.44**: ``` ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ ] ``` **v9.20.18**: ``` ( local | { ( deny | grant ) ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ ] ``` #### `also-notify` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` #### `parental-agents` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` #### `forwarders` **v9.18.44**: ``` [ port ] { ( | ) [ port ] ``` **v9.20.18**: ``` [ port ] [ tls ] { ( | ) [ port ] [ tls ] ``` ### redirect.zoneopt #### `primaries` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` ### secondary.zoneopt #### `also-notify` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` #### `parental-agents` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` #### `forwarders` **v9.18.44**: ``` [ port ] { ( | ) [ port ] ``` **v9.20.18**: ``` [ port ] [ tls ] { ( | ) [ port ] [ tls ] ``` #### `primaries` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` ### static-stub.zoneopt #### `forwarders` **v9.18.44**: ``` [ port ] { ( | ) [ port ] ``` **v9.20.18**: ``` [ port ] [ tls ] { ( | ) [ port ] [ tls ] ``` ### stub.zoneopt #### `forwarders` **v9.18.44**: ``` [ port ] { ( | ) [ port ] ``` **v9.20.18**: ``` [ port ] [ tls ] { ( | ) [ port ] [ tls ] ``` #### `primaries` **v9.18.44**: ``` [ port ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` **v9.20.18**: ``` [ port ] [ source ( | * ) ] [ source-v6 ( | * ) ] { ( | [ port ] | [ port ] ) [ key ] [ tls ] ``` ## 📋 Newly Deprecated Options The following options were marked as deprecated in v9.20.18: ### options - `sortlist` ### primary.zoneopt - `max-zone-ttl` ### redirect.zoneopt - `max-zone-ttl` ## Detailed File-by-File Comparison ### options - v9.18.44: 334 options - v9.20.18: 333 options - Added: 26 - Removed: 27 - Modified: 7 ### forward.zoneopt - v9.18.44: 5 options - v9.20.18: 4 options - Added: 0 - Removed: 1 - Modified: 1 ### hint.zoneopt - v9.18.44: 5 options - v9.20.18: 4 options - Added: 0 - Removed: 1 - Modified: 0 ### in-view.zoneopt - v9.18.44: 2 options - v9.20.18: 2 options - Added: 0 - Removed: 0 - Modified: 0 ### mirror.zoneopt - v9.18.44: 44 options - v9.20.18: 43 options - Added: 2 - Removed: 3 - Modified: 2 ### primary.zoneopt - v9.18.44: 63 options - v9.20.18: 62 options - Added: 3 - Removed: 4 - Modified: 4 ### redirect.zoneopt - v9.18.44: 14 options - v9.20.18: 14 options - Added: 0 - Removed: 0 - Modified: 1 ### secondary.zoneopt - v9.18.44: 66 options - v9.20.18: 65 options - Added: 3 - Removed: 4 - Modified: 4 ### static-stub.zoneopt - v9.18.44: 12 options - v9.20.18: 12 options - Added: 0 - Removed: 0 - Modified: 1 ### stub.zoneopt - v9.18.44: 28 options - v9.20.18: 27 options - Added: 1 - Removed: 2 - Modified: 2 ### delegation-only.zoneopt - v9.18.44: 2 options - v9.20.18: 0 options - Added: 0 - Removed: 2 - Modified: 0 ### rndc.grammar - v9.18.44: 14 options - v9.20.18: 14 options - Added: 0 - Removed: 0 - Modified: 0 ## Migration Guide ### Migrating from v9.18.44 to v9.20.18 1. **Remove unsupported options** from your configuration - Review the Breaking Changes section above - Check if there are replacement options 2. **Plan for deprecated options** - These options still work but may be removed in future versions - Start planning migration to recommended alternatives 3. **Test your configuration** - Use `named-checkconf` to validate syntax - Test in a development environment before production