db379be31f
- Generate BIND_VERSION_DIFFERENCES.md with detailed grammar comparison - Document 44 breaking changes between BIND9 9.18.44 and 9.20.18 - Document 35 new options and 22 modified options in BIND9 9.20 - Document 3 newly deprecated options - Add version compatibility section to CONFIGURATION_GRAMMAR.md - Update CHANGELOG.md with version differences details - Include migration guide for upgrading from 9.18 to 9.20 Closes #11
13 KiB
13 KiB
BIND9 Version Differences: v9.18.44 vs v9.20.18
This document compares BIND9 configuration grammar between v9.18.44 and v9.20.18.
Generated automatically by scripts/compare_bind_versions.py.
Summary
- New Options: 35
- Removed Options: 44 ⚠️
- Modified Options: 22
- Newly Deprecated: 3
⚠️ Breaking Changes
The following options were removed in v9.20.18 and will cause configuration errors:
options
alt-transfer-sourcealt-transfer-source-v6auto-dnsseccoresizedatasizedscpfilesglue-cacheheartbeat-intervalkeep-response-orderlock-filemaxz-zone-ttlparent-registration-delayparental-agentsprimariesrandom-devicerecurse-ing-filereserved-socketsresolver-nonbackoff-triesresolver-retry-intervalreuseroot-delegation-onlystacksizesuppress-initial-notifytkey-dhkeytkey-gssapi-credentialuse-alt-transfer-source
forward.zoneopt
delegation-only
hint.zoneopt
delegation-only
mirror.zoneopt
alt-transfer-sourcealt-transfer-source-v6use-alt-transfer-source
primary.zoneopt
alt-transfer-sourcealt-transfer-source-v6auto-dnssecupdate-check-ksk
secondary.zoneopt
alt-transfer-sourcealt-transfer-source-v6auto-dnssecuse-alt-transfer-source
stub.zoneopt
delegation-onlyuse-alt-transfer-source
delegation-only.zoneopt
typezone
✨ New Features
The following options were added in v9.20.18:
options
allow-proxyallow-proxy-oncdnskeycds-digest-typescheck-svcbcipher-suitesdnsrps-libraryinline-signingkey-storemanual-modemax-validation-failures-per-fetchmax-validations-per-fetchmin-transfer-rate-innotify-deferoffline-kskpkcs11-urirecursing-fileremote-serversrequire-cookieresolver-use-dns64responselogreuseportsig0-checks-quotasig0-checks-quota-exemptsig0-key-checks-limitsig0-message-checks-limit
mirror.zoneopt
min-transfer-rate-innotify-defer
primary.zoneopt
check-svcbcheckdsnotify-defer
secondary.zoneopt
checkdsmin-transfer-rate-innotify-defer
stub.zoneopt
min-transfer-rate-in
🔧 Modified Options
The following options have syntax changes in v9.20.18:
options
listen-on
v9.18.44:
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
v9.20.18:
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
response-policy
v9.18.44:
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ]
v9.20.18:
{ zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]
cookie-algorithm
v9.18.44:
( aes | siphash24 )
v9.20.18:
( siphash24 )
forwarders
v9.18.44:
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
v9.20.18:
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
listen-on-v6
v9.18.44:
[ port <integer> ] [ tls <string> ] [ http <string> ] { <address_match_element>
v9.20.18:
[ port <integer> ] [ proxy <string> ] [ tls <string> ] [ http <string> ] { <address_match_element>
also-notify
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
catalog-zones
v9.18.44:
{ zone <string> [ default-primaries [ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
{ zone <string> [ default-primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
forward.zoneopt
forwarders
v9.18.44:
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
v9.20.18:
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
mirror.zoneopt
also-notify
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
primaries
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
primary.zoneopt
update-policy
v9.18.44:
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesubject ) [ <string> ] <rrtype list>
v9.20.18:
( local | { ( deny | grant ) <string> ( 6to4-self | external | krb5-self | krb5-selfsub | krb5-subdomain | krb5-subdomain-self-rhs | ms-self | ms-selfsub | ms-subdomain | ms-subdomain-self-rhs | name | self | selfsub | selfwild | subdomain | tcp-self | wildcard | zonesub ) [ <string> ] <rrtype list>
also-notify
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
parental-agents
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
forwarders
v9.18.44:
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
v9.20.18:
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
redirect.zoneopt
primaries
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
secondary.zoneopt
also-notify
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
parental-agents
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
forwarders
v9.18.44:
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
v9.20.18:
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
primaries
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
static-stub.zoneopt
forwarders
v9.18.44:
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
v9.20.18:
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
stub.zoneopt
forwarders
v9.18.44:
[ port <integer> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ]
v9.20.18:
[ port <integer> ] [ tls <string> ] { ( <ipv4_address> | <ipv6_address> ) [ port <integer> ] [ tls <string> ]
primaries
v9.18.44:
[ port <integer> ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
v9.20.18:
[ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <server-list> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]
📋 Newly Deprecated Options
The following options were marked as deprecated in v9.20.18:
options
sortlist
primary.zoneopt
max-zone-ttl
redirect.zoneopt
max-zone-ttl
Detailed File-by-File Comparison
options
- v9.18.44: 334 options
- v9.20.18: 333 options
- Added: 26
- Removed: 27
- Modified: 7
forward.zoneopt
- v9.18.44: 5 options
- v9.20.18: 4 options
- Added: 0
- Removed: 1
- Modified: 1
hint.zoneopt
- v9.18.44: 5 options
- v9.20.18: 4 options
- Added: 0
- Removed: 1
- Modified: 0
in-view.zoneopt
- v9.18.44: 2 options
- v9.20.18: 2 options
- Added: 0
- Removed: 0
- Modified: 0
mirror.zoneopt
- v9.18.44: 44 options
- v9.20.18: 43 options
- Added: 2
- Removed: 3
- Modified: 2
primary.zoneopt
- v9.18.44: 63 options
- v9.20.18: 62 options
- Added: 3
- Removed: 4
- Modified: 4
redirect.zoneopt
- v9.18.44: 14 options
- v9.20.18: 14 options
- Added: 0
- Removed: 0
- Modified: 1
secondary.zoneopt
- v9.18.44: 66 options
- v9.20.18: 65 options
- Added: 3
- Removed: 4
- Modified: 4
static-stub.zoneopt
- v9.18.44: 12 options
- v9.20.18: 12 options
- Added: 0
- Removed: 0
- Modified: 1
stub.zoneopt
- v9.18.44: 28 options
- v9.20.18: 27 options
- Added: 1
- Removed: 2
- Modified: 2
delegation-only.zoneopt
- v9.18.44: 2 options
- v9.20.18: 0 options
- Added: 0
- Removed: 2
- Modified: 0
rndc.grammar
- v9.18.44: 14 options
- v9.20.18: 14 options
- Added: 0
- Removed: 0
- Modified: 0
Migration Guide
Migrating from v9.18.44 to v9.20.18
-
Remove unsupported options from your configuration
- Review the Breaking Changes section above
- Check if there are replacement options
-
Plan for deprecated options
- These options still work but may be removed in future versions
- Start planning migration to recommended alternatives
-
Test your configuration
- Use
named-checkconfto validate syntax - Test in a development environment before production
- Use