prep 9.13.5
authorTinderbox User <tbox@isc.org>
Fri, 7 Dec 2018 03:11:45 +0000 (03:11 +0000)
committerTinderbox User <tbox@isc.org>
Fri, 7 Dec 2018 03:41:19 +0000 (03:41 +0000)
76 files changed:
CHANGES
README
README.md
bin/check/named-checkconf.8
bin/check/named-checkconf.html
bin/dnssec/dnssec-keygen.8
bin/dnssec/dnssec-keygen.html
bin/dnssec/dnssec-signzone.8
bin/dnssec/dnssec-signzone.html
bin/plugins/filter-aaaa.8
bin/plugins/filter-aaaa.c
bin/plugins/filter-aaaa.html
configure
doc/arm/Bv9ARM.ch01.html
doc/arm/Bv9ARM.ch02.html
doc/arm/Bv9ARM.ch03.html
doc/arm/Bv9ARM.ch04.html
doc/arm/Bv9ARM.ch05.html
doc/arm/Bv9ARM.ch06.html
doc/arm/Bv9ARM.ch07.html
doc/arm/Bv9ARM.ch08.html
doc/arm/Bv9ARM.ch09.html
doc/arm/Bv9ARM.ch10.html
doc/arm/Bv9ARM.ch11.html
doc/arm/Bv9ARM.ch12.html
doc/arm/Bv9ARM.html
doc/arm/Bv9ARM.pdf
doc/arm/man.arpaname.html
doc/arm/man.ddns-confgen.html
doc/arm/man.delv.html
doc/arm/man.dig.html
doc/arm/man.dnssec-cds.html
doc/arm/man.dnssec-checkds.html
doc/arm/man.dnssec-coverage.html
doc/arm/man.dnssec-dsfromkey.html
doc/arm/man.dnssec-importkey.html
doc/arm/man.dnssec-keyfromlabel.html
doc/arm/man.dnssec-keygen.html
doc/arm/man.dnssec-keymgr.html
doc/arm/man.dnssec-revoke.html
doc/arm/man.dnssec-settime.html
doc/arm/man.dnssec-signzone.html
doc/arm/man.dnssec-verify.html
doc/arm/man.dnstap-read.html
doc/arm/man.filter-aaaa.html
doc/arm/man.host.html
doc/arm/man.mdig.html
doc/arm/man.named-checkconf.html
doc/arm/man.named-checkzone.html
doc/arm/man.named-journalprint.html
doc/arm/man.named-nzd2nzf.html
doc/arm/man.named-rrchecker.html
doc/arm/man.named.conf.html
doc/arm/man.named.html
doc/arm/man.nsec3hash.html
doc/arm/man.nslookup.html
doc/arm/man.nsupdate.html
doc/arm/man.pkcs11-destroy.html
doc/arm/man.pkcs11-keygen.html
doc/arm/man.pkcs11-list.html
doc/arm/man.pkcs11-tokens.html
doc/arm/man.rndc-confgen.html
doc/arm/man.rndc.conf.html
doc/arm/man.rndc.html
doc/arm/notes.html
doc/arm/notes.pdf
doc/arm/notes.txt
doc/misc/options
lib/bind9/api
lib/dns/api
lib/irs/api
lib/isc/api
lib/isccfg/parser.c
lib/isccfg/win32/libisccfg.def
lib/ns/api
version

diff --git a/CHANGES b/CHANGES
index 909168b..eecf1e2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+       --- 9.13.5 released ---
+
 5108.  [bug]           Named could fail to determine bottom of zone when
                        removing out of date keys leading to invalid NSEC
                        and NSEC3 records being added to the zone. [GL #771]
diff --git a/README b/README
index a9b2039..bbb0672 100644 (file)
--- a/README
+++ b/README
@@ -104,6 +104,10 @@ BIND 9.13 features
 BIND 9.13 is the newest development branch of BIND 9. It includes a number
 of changes from BIND 9.12 and earlier releases. New features include:
 
+  * A new "plugin" mechanism has been added to allow query functionality
+    to be extended using dynamically loadable libraries. The "filter-aaaa"
+    feature has been removed from named and is now implemented as a
+    plugin.
   * Socket and task code has been refactored to improve performance.
   * QNAME minimization, as described in RFC 7816, is now supported.
   * "Root key sentinel" support, enabling validating resolvers to indicate
index 90bfb00..6d3ff07 100644 (file)
--- a/README.md
+++ b/README.md
@@ -122,6 +122,9 @@ BIND 9.13 is the newest development branch of BIND 9. It includes a
 number of changes from BIND 9.12 and earlier releases.  New features
 include:
 
+* A new "plugin" mechanism has been added to allow query functionality
+  to be extended using dynamically loadable libraries. The "filter-aaaa"
+  feature has been removed from named and is now implemented as a plugin.
 * Socket and task code has been refactored to improve performance.
 * QNAME minimization, as described in RFC 7816, is now supported.
 * "Root key sentinel" support, enabling validating resolvers to indicate
index 3645488..b98356a 100644 (file)
@@ -39,7 +39,7 @@
 named-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP \w'\fBnamed\-checkconf\fR\ 'u
-\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
+\fBnamed\-checkconf\fR [\fB\-chjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkconf\fR
@@ -79,6 +79,13 @@ When loading a zonefile read the journal if it exists\&.
 List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
 .RE
 .PP
+\-c
+.RS 4
+Check "core" configuration only\&. This suppresses the loading of plugin modules, and causes all parameters to
+\fBplugin\fR
+statements to be ignored\&.
+.RE
+.PP
 \-p
 .RS 4
 Print out the
index 8862b74..fea7e1d 100644 (file)
@@ -33,7 +33,7 @@
 <h2>Synopsis</h2>
     <div class="cmdsynopsis"><p>
       <code class="command">named-checkconf</code> 
-       [<code class="option">-hjlvz</code>]
+       [<code class="option">-chjlvz</code>]
        [<code class="option">-p</code>
         [<code class="option">-x</code>
       ]]
             (e.g. master or slave).
           </p>
         </dd>
+<dt><span class="term">-c</span></dt>
+<dd>
+          <p>
+           Check "core" configuration only. This suppresses the loading
+           of plugin modules, and causes all parameters to
+           <span class="command"><strong>plugin</strong></span> statements to be ignored.
+          </p>
+        </dd>
 <dt><span class="term">-p</span></dt>
 <dd>
           <p>
index c0885df..e951411 100644 (file)
@@ -327,21 +327,21 @@ and
 files are generated for symmetric cryptography algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&.
 .SH "EXAMPLE"
 .PP
-To generate a 768\-bit DSA key for the domain
+To generate an ECDSAP256SHA256 key for the domain
 \fBexample\&.com\fR, the following command would be issued:
 .PP
-\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example\&.com\fR
+\fBdnssec\-keygen \-a ECDSAP256SHA256 \-n ZONE example\&.com\fR
 .PP
 The command would print a string of the form:
 .PP
-\fBKexample\&.com\&.+003+26160\fR
+\fBKexample\&.com\&.+013+26160\fR
 .PP
 In this example,
 \fBdnssec\-keygen\fR
 creates the files
-Kexample\&.com\&.+003+26160\&.key
+Kexample\&.com\&.+013+26160\&.key
 and
-Kexample\&.com\&.+003+26160\&.private\&.
+Kexample\&.com\&.+013+26160\&.private\&.
 .SH "SEE ALSO"
 .PP
 \fBdnssec-signzone\fR(8),
index d817ce7..04c138d 100644 (file)
 <a name="id-1.11"></a><h2>EXAMPLE</h2>
 
     <p>
-      To generate a 768-bit DSA key for the domain
+      To generate an ECDSAP256SHA256 key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
       issued:
     </p>
-    <p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
+    <p><strong class="userinput"><code>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</code></strong>
     </p>
     <p>
       The command would print a string of the form:
     </p>
-    <p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
+    <p><strong class="userinput"><code>Kexample.com.+013+26160</code></strong>
     </p>
     <p>
       In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates
-      the files <code class="filename">Kexample.com.+003+26160.key</code>
+      the files <code class="filename">Kexample.com.+013+26160.key</code>
       and
-      <code class="filename">Kexample.com.+003+26160.private</code>.
+      <code class="filename">Kexample.com.+013+26160.private</code>.
     </p>
   </div>
 
index 4808cbe..3321269 100644 (file)
@@ -415,9 +415,9 @@ Specify which keys should be used to sign the zone\&. If no keys are specified,
 .PP
 The following command signs the
 \fBexample\&.com\fR
-zone with the DSA key generated by
+zone with the ECDSAP256SHA256 key generated by key generated by
 \fBdnssec\-keygen\fR
-(Kexample\&.com\&.+003+17247)\&. Because the
+(Kexample\&.com\&.+013+17247)\&. Because the
 \fB\-S\fR
 option is not being used, the zone\*(Aqs keys must be in the master file (db\&.example\&.com)\&. This invocation looks for
 dsset
@@ -428,7 +428,7 @@ files, in the current directory, so that DS records can be imported from them (\
 .\}
 .nf
 % dnssec\-signzone \-g \-o example\&.com db\&.example\&.com \e
-Kexample\&.com\&.+003+17247
+Kexample\&.com\&.+013+17247
 db\&.example\&.com\&.signed
 %
 .fi
index 988a7a5..d9c8b36 100644 (file)
 
     <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
-      zone with the DSA key generated by <span class="command"><strong>dnssec-keygen</strong></span>
-      (Kexample.com.+003+17247).  Because the <span class="command"><strong>-S</strong></span> option
-      is not being used, the zone's keys must be in the master file
+      zone with the ECDSAP256SHA256 key generated by key generated by
+      <span class="command"><strong>dnssec-keygen</strong></span> (Kexample.com.+013+17247).
+      Because the <span class="command"><strong>-S</strong></span> option is not being used,
+      the zone's keys must be in the master file
       (<code class="filename">db.example.com</code>).  This invocation looks
       for <code class="filename">dsset</code> files, in the current directory,
       so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>).
     </p>
 <pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
+Kexample.com.+013+17247
 db.example.com.signed
 %</pre>
     <p>
index f920490..982ad89 100644 (file)
@@ -9,7 +9,7 @@
 '\" t
 .\"     Title: filter-aaaa.so
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2018-08-13
 .\"    Manual: BIND9
 .\"    Source: ISC
 .SH "NAME"
 filter-aaaa.so \- filter AAAA in DNS responses when A is present
 .SH "SYNOPSIS"
-.HP 28
-\fBhook query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR];
+.HP \w'\fBplugin\ query\ "filter\-aaaa\&.so"\fR\ 'u
+\fBplugin query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR];
 .SH "DESCRIPTION"
 .PP
 \fBfilter\-aaaa\&.so\fR
-is a query hook module for
+is a query plugin module for
 \fBnamed\fR, enabling
 \fBnamed\fR
 to omit some IPv6 addresses when responding to clients\&.
@@ -59,13 +59,13 @@ and
 options\&. These options are now deprecated in
 named\&.conf, but can be passed as parameters to the
 \fBfilter\-aaaa\&.so\fR
-hook module, for example:
+plugin, for example:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
-hook query "/usr/local/lib/filter\-aaaa\&.so" {
+plugin query "/usr/local/lib/filter\-aaaa\&.so" {
         filter\-aaaa\-on\-v4 yes;
         filter\-aaaa\-on\-v6 yes;
         filter\-aaaa { 192\&.0\&.2\&.1; 2001:db8:2::1; };
index 131f412..2bb020a 100644 (file)
@@ -460,7 +460,7 @@ plugin_destroy(void **instp) {
 }
 
 /*
- * Returns hook module API version for compatibility checks.
+ * Returns plugin API version for compatibility checks.
  */
 int
 plugin_version(void) {
index e505f4e..322a273 100644 (file)
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>filter-aaaa.so</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.filter-aaaa"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">filter-aaaa.so</span> &#8212; filter AAAA in DNS responses when A is present</p>
+<p>
+    <span class="application">filter-aaaa.so</span>
+     &#8212; filter AAAA in DNS responses when A is present
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">hook query "filter-aaaa.so"</code>  [<em class="replaceable"><code>{ parameters }</code></em>];
+    <div class="cmdsynopsis"><p>
+      <code class="command">plugin query "filter-aaaa.so"</code> 
+       [<em class="replaceable"><code>{ parameters }</code></em>];
     </p></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p>
-      <span class="command"><strong>filter-aaaa.so</strong></span> is a query hook module for
+    <p>
+      <span class="command"><strong>filter-aaaa.so</strong></span> is a query plugin module for
       <span class="command"><strong>named</strong></span>, enabling <span class="command"><strong>named</strong></span>
       to omit some IPv6 addresses when responding to clients.
     </p>
-<p>
+    <p>
       Until BIND 9.12, this feature was implemented natively in
       <span class="command"><strong>named</strong></span> and enabled with the
       <span class="command"><strong>filter-aaaa</strong></span> ACL and the
       <span class="command"><strong>filter-aaaa-on-v6</strong></span> options. These options are
       now deprecated in <code class="filename">named.conf</code>, but can be
       passed as parameters to the <span class="command"><strong>filter-aaaa.so</strong></span>
-      hook module, for example:
+      plugin, for example:
     </p>
-<pre class="programlisting">
-hook query "/usr/local/lib/filter-aaaa.so" {
+    <pre class="programlisting">
+plugin query "/usr/local/lib/filter-aaaa.so" {
         filter-aaaa-on-v4 yes;
         filter-aaaa-on-v6 yes;
         filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
 };
 </pre>
-<p>
+    <p>
       This module is intended to aid transition from IPv4 to IPv6 by
       withholding IPv6 addresses from DNS clients which are not connected
       to the IPv6 Internet, when the name being looked up has an IPv4
       address available.  Use of this module is not recommended unless
       absolutely necessary.
     </p>
-<p>
+    <p>
       Note: This mechanism can erroneously cause other servers not to
       give AAAA records to their clients.  If a recursing server with
       both IPv6 and IPv4 network connections queries an authoritative
       server using this mechanism via IPv4, it will be denied AAAA
       records even if its client is using IPv6.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt>
-<dd><p>
+<dd>
+         <p>
            Specifies a list of client addresses for which AAAA
            filtering is to be applied.  The default is
            <strong class="userinput"><code>any</code></strong>.
-         </p></dd>
+         </p>
+       </dd>
 <dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
 <dd>
-<p>
+         <p>
            If set to <strong class="userinput"><code>yes</code></strong>, the DNS client is
            at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
            and if the response does not include DNSSEC signatures,
@@ -81,35 +97,39 @@ hook query "/usr/local/lib/filter-aaaa.so" {
            This filtering applies to all responses and not only
            authoritative responses.
          </p>
-<p>
+         <p>
            If set to <strong class="userinput"><code>break-dnssec</code></strong>,
            then AAAA records are deleted even when DNSSEC is
            enabled.  As suggested by the name, this causes the
            response to fail to verify, because the DNSSEC protocol is
            designed to detect deletions.
          </p>
-<p>
+         <p>
            This mechanism can erroneously cause other servers not to
            give AAAA records to their clients.  A recursing server with
            both IPv6 and IPv4 network connections that queries an
            authoritative server using this mechanism via IPv4 will be
            denied AAAA records even if its client is using IPv6.
          </p>
-</dd>
+       </dd>
 <dt><span class="term"><span class="command"><strong>filter-aaaa-on-v6</strong></span></span></dt>
-<dd><p>
+<dd>
+         <p>
            Identical to <span class="command"><strong>filter-aaaa-on-v4</strong></span>,
            except it filters AAAA responses to queries from IPv6
            clients instead of IPv4 clients.  To filter all
            responses, set both options to <strong class="userinput"><code>yes</code></strong>.
-         </p></dd>
+         </p>
+       </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>SEE ALSO</h2>
-<p>
+    <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>
index 14e3fb9..22680bc 100755 (executable)
--- a/configure
+++ b/configure
@@ -842,7 +842,6 @@ infodir
 docdir
 oldincludedir
 includedir
-runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -1002,7 +1001,6 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1255,15 +1253,6 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
-  -runstatedir | --runstatedir | --runstatedi | --runstated \
-  | --runstate | --runstat | --runsta | --runst | --runs \
-  | --run | --ru | --r)
-    ac_prev=runstatedir ;;
-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-  | --run=* | --ru=* | --r=*)
-    runstatedir=$ac_optarg ;;
-
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1401,7 +1390,7 @@ fi
 for ac_var in  exec_prefix prefix bindir sbindir libexecdir datarootdir \
                datadir sysconfdir sharedstatedir localstatedir includedir \
                oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-               libdir localedir mandir runstatedir
+               libdir localedir mandir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1554,7 +1543,6 @@ Fine tuning of the installation directories:
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
index 2051a95..9902ed7 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 50532bf..b8ef337 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 203c215..75bede3 100644 (file)
 <dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
 </dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#module-info">Plugins</a></span></dt>
+<dd><dl>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#id-1.4.6.5">Configuring Plugins</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#id-1.4.6.6">Developing Plugins</a></span></dt>
+</dl></dd>
 </dl>
 </div>
 
@@ -741,6 +746,105 @@ controls {
         </div>
       </div>
     </div>
+
+    <div class="section">
+<div class="titlepage"><div><div><h2 class="title" style="clear: both">
+<a name="module-info"></a>Plugins</h2></div></div></div>
+
+  <p>
+    Plugins are a mechanism to extend the functionality of
+    <span class="command"><strong>named</strong></span> using dynamically loadable libraries.
+    By using plugins, core server functionality can be kept simple
+    for the majority of users; more complex code implementing optional
+    features need only be installed by users that need those features.
+  </p>
+  <p>
+    The plugin interface is a work in progress, and is expected to evolve
+    as more plugins are added. Currently, only "query plugins" are supported;
+    these modify the name server query logic. Other plugin types may be added
+    in the future.
+  </p>
+  <p>
+    The only plugin currently included in BIND is
+    <code class="filename">filter-aaaa.so</code>, which replaces the
+    <span class="command"><strong>filter-aaaa</strong></span> feature that previously existed natively
+    as part of <span class="command"><strong>named</strong></span>.
+    The code for this feature has been removed from <span class="command"><strong>named</strong></span>,
+    and can no longer be configured using standard
+    <code class="filename">named.conf</code> syntax, but linking in the
+    <code class="filename">filter-aaaa.so</code> plugin provides identical
+    functionality.
+  </p>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.4.6.5"></a>Configuring Plugins</h3></div></div></div>
+    <p>
+      A plugin is configured with the <span class="command"><strong>plugin</strong></span>
+      statement in <code class="filename">named.conf</code>:
+    </p>
+    <pre class="screen">
+    plugin query "library.so" {
+        <em class="replaceable"><code>parameters</code></em>
+    };
+    </pre>
+    <p>
+      In this example, file <code class="filename">library.so</code> is the plugin
+      library.  <code class="literal">query</code> indicates that this is a query
+      plugin.
+    </p>
+<p>
+    </p>
+<p>
+      Multiple <span class="command"><strong>plugin</strong></span> statements can be specified, to load
+      different plugins or multiple instances of the same plugin.
+    </p>
+    <p>
+      <em class="replaceable"><code>parameters</code></em> are passed as an opaque
+      string to the plugin's initialization routine. Configuration
+      syntax will differ depending on the module.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.4.6.6"></a>Developing Plugins</h3></div></div></div>
+    <p>
+      Each plugin implements four functions:
+      </p>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+<span class="command"><strong>plugin_register</strong></span> to allocate memory,
+        configure a plugin instance, and attach to hook points within
+        <span class="command"><strong>named</strong></span>,</li>
+<li class="listitem">
+<span class="command"><strong>plugin_destroy</strong></span> to tear down the plugin
+        instance and free memory,</li>
+<li class="listitem">
+<span class="command"><strong>plugin_version</strong></span> to check that the plugin
+        is compatible with the current version of the plugin API,</li>
+<li class="listitem">
+<span class="command"><strong>plugin_check</strong></span> to test syntactic
+        correctness of the plugin parameters.</li>
+</ul></div>
+<p>
+    </p>
+    <p>
+      At various locations within the <span class="command"><strong>named</strong></span> source code,
+      there are "hook points" at which a plugin may register itself.
+      When a hook point is reached while <span class="command"><strong>named</strong></span> is
+      running, it is checked to see whether any plugins have registered
+      themselves there; if so, the associated "hook action" is called -
+      this is a function within the plugin library. Hook actions may
+      examine the runtime state and make changes - for example, modifying
+      the answers to be sent back to a client or forcing a query to be
+      aborted. More details can be found in the file
+      <code class="filename">lib/ns/include/ns/hooks.h</code>.
+    </p>
+  </div>
+
+</div>
+
   </div>
 <div class="navfooter">
 <hr>
@@ -759,6 +863,6 @@ controls {
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index f55fbf6..5a3e7ef 100644 (file)
@@ -2868,6 +2868,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 1239387..582f928 100644 (file)
@@ -4626,63 +4626,6 @@ options {
                   internally.  The use of this option is discouraged.
                 </p>
               </dd>
-<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
-<dd>
-                <p>
-                  This option is intended to help the
-                  transition from IPv4 to IPv6 by not giving IPv6 addresses
-                  to DNS clients unless they have connections to the IPv6
-                  Internet.  This is not recommended unless absolutely
-                  necessary.  The default is <strong class="userinput"><code>no</code></strong>.
-                  The <span class="command"><strong>filter-aaaa-on-v4</strong></span> option
-                  may also be specified in <span class="command"><strong>view</strong></span> statements
-                  to override the global <span class="command"><strong>filter-aaaa-on-v4</strong></span>
-                  option.
-                </p>
-                <p>
-                  If <strong class="userinput"><code>yes</code></strong>,
-                  the DNS client is at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
-                  and if the response does not include DNSSEC signatures,
-                  then all AAAA records are deleted from the response.
-                  This filtering applies to all responses and not only
-                  authoritative responses.
-                </p>
-                <p>
-                  If <strong class="userinput"><code>break-dnssec</code></strong>,
-                  then AAAA records are deleted even when DNSSEC is enabled.
-                  As suggested by the name, this makes the response not verify,
-                  because the DNSSEC protocol is designed detect deletions.
-                </p>
-                <p>
-                  This mechanism can erroneously cause other servers to
-                  not give AAAA records to their clients.
-                  A recursing server with both IPv6 and IPv4 network connections
-                  that queries an authoritative server using this mechanism
-                  via IPv4 will be denied AAAA records even if its client is
-                  using IPv6.
-                </p>
-                <p>
-                  This mechanism is applied to authoritative as well as
-                  non-authoritative records.
-                  A client using IPv4 that is not allowed recursion can
-                  erroneously be given AAAA records because the server is not
-                  allowed to check for A records.
-                </p>
-                <p>
-                  Some AAAA records are given to IPv4 clients in glue records.
-                  IPv4 clients that are servers can then erroneously
-                  answer requests for AAAA records received via IPv4.
-                </p>
-              </dd>
-<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v6</strong></span></span></dt>
-<dd>
-                <p>
-                  Identical to <span class="command"><strong>filter-aaaa-on-v4</strong></span>,
-                  except it filters AAAA responses to queries from IPv6
-                  clients instead of IPv4 clients.  To filter all
-                  responses, set both options to <strong class="userinput"><code>yes</code></strong>.
-                </p>
-              </dd>
 <dt><span class="term"><span class="command"><strong>ixfr-from-differences</strong></span></span></dt>
 <dd>
                 <p>
@@ -5430,15 +5373,6 @@ options {
                   is <strong class="userinput"><code>none</code></strong>.
                 </p>
               </dd>
-<dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt>
-<dd>
-                <p>
-                  Specifies a list of addresses to which
-                  <span class="command"><strong>filter-aaaa-on-v4</strong></span>
-                  and <span class="command"><strong>filter-aaaa-on-v6</strong></span>
-                  apply.  The default is <strong class="userinput"><code>any</code></strong>.
-                </p>
-              </dd>
 <dt><span class="term"><span class="command"><strong>keep-response-order</strong></span></span></dt>
 <dd>
                 <p>
@@ -15044,6 +14978,6 @@ HOST-127.EXAMPLE. MX 0 .
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 27ef70f..26f9cc7 100644 (file)
@@ -361,6 +361,6 @@ allow-query { !{ !10/8; any; }; key example; };
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index e064d11..1f7c73e 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 21d9fd1..54ebc37 100644 (file)
@@ -36,7 +36,7 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.5</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
@@ -55,7 +55,7 @@
 </div>
       <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.4</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.5</h2></div></div></div>
   
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
          in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
        </p>
       </li>
+<li class="listitem">
+       <p>
+         Code change #4964, intended to prevent double signatures
+         when deleting an inactive zone DNSKEY in some situations,
+         introduced a new problem during zone processing in which
+         some delegation glue RRsets are incorrectly identified
+         as needing RRSIGs, which are then created for them using
+         the current active ZSK for the zone. In some, but not all
+         cases, the newly-signed RRsets are added to the zone's
+         NSEC/NSEC3 chain, but incompletely -- this can result in
+         a broken chain, affecting validation of proof of nonexistence
+         for records in the zone. [GL #771]
+       </p>
+      </li>
 </ul></div>
   </div>
 
          as described in RFC 7706. [GL #33]
        </p>
       </li>
+<li class="listitem">
+       <p>
+         A new <span class="command"><strong>plugin</strong></span> mechanism has been added to allow
+         extension of query processing functionality through the use of
+         external libraries. The new <code class="filename">filter-aaaa.so</code>
+         plugin replaces the <span class="command"><strong>filter-aaaa</strong></span> feature that
+         was formerly implemented as a native part of BIND.
+       </p>
+       <p>
+         The plugin API is a work in progress and is likely to evolve
+         as further plugins are implemented. [GL #15]
+       </p>
+      </li>
 <li class="listitem">
        <p>
          BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
          the operating system, and it cannot be built without threads.
        </p>
       </li>
+<li class="listitem">
+       <p>
+         The <span class="command"><strong>filter-aaaa</strong></span>,
+         <span class="command"><strong>filter-aaaa-on-v4</strong></span>, and
+         <span class="command"><strong>filter-aaaa-on-v6</strong></span> options have been removed
+         from <span class="command"><strong>named</strong></span>, and can no longer be
+         configured using native <code class="filename">named.conf</code> syntax.
+         However, loading the new <code class="filename">filter-aaaa.so</code>
+         plugin and setting its parameters provides identical
+         functionality.
+       </p>
+      </li>
 <li class="listitem">
        <p>
          <span class="command"><strong>named</strong></span> can no longer use the EDNS CLIENT-SUBNET
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index ce4b5dc..42fe054 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index ba4396e..4ad6f7e 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index e070183..742c991 100644 (file)
@@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 414512b..1ba5d98 100644 (file)
@@ -91,6 +91,9 @@
 <span class="refentrytitle"><a href="man.dnstap-read.html"><span class="application">dnstap-read</span></a></span><span class="refpurpose"> &#8212; print dnstap data in human-readable form</span>
 </dt>
 <dt>
+<span class="refentrytitle"><a href="man.filter-aaaa.html"><span class="application">filter-aaaa.so</span></a></span><span class="refpurpose"> &#8212; filter AAAA in DNS responses when A is present</span>
+</dt>
+<dt>
 <span class="refentrytitle"><a href="man.host.html">host</a></span><span class="refpurpose"> &#8212; DNS lookup utility</span>
 </dt>
 <dt>
       
       
       
+      
       
       
     </div>
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index d7f49eb..770323f 100644 (file)
@@ -32,7 +32,7 @@
 <div>
 <div><h1 class="title">
 <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.13.4</p></div>
+<div><p class="releaseinfo">BIND Version 9.13.5</p></div>
 <div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
 </div>
 <hr>
 <dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
 </dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#module-info">Plugins</a></span></dt>
+<dd><dl>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#id-1.4.6.5">Configuring Plugins</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#id-1.4.6.6">Developing Plugins</a></span></dt>
+</dl></dd>
 </dl></dd>
 <dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
 <dd><dl>
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
 <dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.5</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
 <span class="refentrytitle"><a href="man.dnstap-read.html"><span class="application">dnstap-read</span></a></span><span class="refpurpose"> &#8212; print dnstap data in human-readable form</span>
 </dt>
 <dt>
+<span class="refentrytitle"><a href="man.filter-aaaa.html"><span class="application">filter-aaaa.so</span></a></span><span class="refpurpose"> &#8212; filter AAAA in DNS responses when A is present</span>
+</dt>
+<dt>
 <span class="refentrytitle"><a href="man.host.html">host</a></span><span class="refpurpose"> &#8212; DNS lookup utility</span>
 </dt>
 <dt>
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index e509567..df5d860 100644 (file)
Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ
index ce34bb1..fb88b20 100644 (file)
@@ -90,6 +90,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 50a1638..32ca7c0 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 659749e..e3ac09f 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 5d64a52..952954c 100644 (file)
@@ -1151,6 +1151,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 198685e..59a205e 100644 (file)
@@ -376,6 +376,6 @@ nsupdate -l
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index b210715..46d3612 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 4fc3f4a..2963840 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 70c06f8..148cc6b 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 59282e7..4f1f557 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 592a303..4654e76 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 1c42a1a..c6839da 100644 (file)
 <a name="id-1.13.12.11"></a><h2>EXAMPLE</h2>
 
     <p>
-      To generate a 768-bit DSA key for the domain
+      To generate an ECDSAP256SHA256 key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
       issued:
     </p>
-    <p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
+    <p><strong class="userinput"><code>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</code></strong>
     </p>
     <p>
       The command would print a string of the form:
     </p>
-    <p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
+    <p><strong class="userinput"><code>Kexample.com.+013+26160</code></strong>
     </p>
     <p>
       In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates
-      the files <code class="filename">Kexample.com.+003+26160.key</code>
+      the files <code class="filename">Kexample.com.+013+26160.key</code>
       and
-      <code class="filename">Kexample.com.+003+26160.private</code>.
+      <code class="filename">Kexample.com.+013+26160.private</code>.
     </p>
   </div>
 
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 7500a69..0ce8046 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 4a88177..a11173b 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index a5bcb5e..d800dc9 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 044311a..906ae79 100644 (file)
 
     <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
-      zone with the DSA key generated by <span class="command"><strong>dnssec-keygen</strong></span>
-      (Kexample.com.+003+17247).  Because the <span class="command"><strong>-S</strong></span> option
-      is not being used, the zone's keys must be in the master file
+      zone with the ECDSAP256SHA256 key generated by key generated by
+      <span class="command"><strong>dnssec-keygen</strong></span> (Kexample.com.+013+17247).
+      Because the <span class="command"><strong>-S</strong></span> option is not being used,
+      the zone's keys must be in the master file
       (<code class="filename">db.example.com</code>).  This invocation looks
       for <code class="filename">dsset</code> files, in the current directory,
       so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>).
     </p>
 <pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
+Kexample.com.+013+17247
 db.example.com.signed
 %</pre>
     <p>
@@ -700,6 +701,6 @@ db.example.com.signed
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 84265e2..a3895ad 100644 (file)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index e1ec0a0..bfbe322 100644 (file)
@@ -14,7 +14,7 @@
 <link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
 <link rel="up" href="Bv9ARM.ch12.html" title="Manual pages">
 <link rel="prev" href="man.dnssec-verify.html" title="dnssec-verify">
-<link rel="next" href="man.host.html" title="host">
+<link rel="next" href="man.filter-aaaa.html" title="filter-aaaa.so">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
 <div class="navheader">
@@ -24,7 +24,7 @@
 <td width="20%" align="left">
 <a accesskey="p" href="man.dnssec-verify.html">Prev</a> </td>
 <th width="60%" align="center">Manual pages</th>
-<td width="20%" align="right"> <a accesskey="n" href="man.host.html">Next</a>
+<td width="20%" align="right"> <a accesskey="n" href="man.filter-aaaa.html">Next</a>
 </td>
 </tr>
 </table>
 <td width="40%" align="left">
 <a accesskey="p" href="man.dnssec-verify.html">Prev</a> </td>
 <td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch12.html">Up</a></td>
-<td width="40%" align="right"> <a accesskey="n" href="man.host.html">Next</a>
+<td width="40%" align="right"> <a accesskey="n" href="man.filter-aaaa.html">Next</a>
 </td>
 </tr>
 <tr>
 <td width="40%" align="left" valign="top">
 <span class="application">dnssec-verify</span> </td>
 <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> host</td>
+<td width="40%" align="right" valign="top"> <span class="application">filter-aaaa.so</span>
+</td>
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index ad4c62b..69f9fb4 100644 (file)
@@ -10,7 +10,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>filter-aaaa.so</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 <link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
 <link rel="up" href="Bv9ARM.ch12.html" title="Manual pages">
 <link rel="prev" href="man.dnstap-read.html" title="dnstap-read">
 </div>
 <div class="refentry">
 <a name="man.filter-aaaa"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">filter-aaaa.so</span> &#8212; filter AAAA in DNS responses when A is present</p>
+<p>
+    <span class="application">filter-aaaa.so</span>
+     &#8212; filter AAAA in DNS responses when A is present
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">hook query "filter-aaaa.so"</code>  [<em class="replaceable"><code>{ parameters }</code></em>];
+    <div class="cmdsynopsis"><p>
+      <code class="command">plugin query "filter-aaaa.so"</code> 
+       [<em class="replaceable"><code>{ parameters }</code></em>];
     </p></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.13.19.7"></a><h2>DESCRIPTION</h2>
-<p>
-      <span class="command"><strong>filter-aaaa.so</strong></span> is a query hook module for
+    <p>
+      <span class="command"><strong>filter-aaaa.so</strong></span> is a query plugin module for
       <span class="command"><strong>named</strong></span>, enabling <span class="command"><strong>named</strong></span>
       to omit some IPv6 addresses when responding to clients.
     </p>
-<p>
-      Until BIND 9.12, this feature was impleented natively in
+    <p>
+      Until BIND 9.12, this feature was implemented natively in
       <span class="command"><strong>named</strong></span> and enabled with the
       <span class="command"><strong>filter-aaaa</strong></span> ACL and the
       <span class="command"><strong>filter-aaaa-on-v4</strong></span> and
       <span class="command"><strong>filter-aaaa-on-v6</strong></span> options. These options are
       now deprecated in <code class="filename">named.conf</code>, but can be
       passed as parameters to the <span class="command"><strong>filter-aaaa.so</strong></span>
-      hook module, for example:
+      plugin, for example:
     </p>
-<pre class="programlisting">
-hook query "/usr/local/lib/filter-aaaa.so" {
+    <pre class="programlisting">
+plugin query "/usr/local/lib/filter-aaaa.so" {
         filter-aaaa-on-v4 yes;
         filter-aaaa-on-v6 yes;
         filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
 };
 </pre>
-<p>
+    <p>
       This module is intended to aid transition from IPv4 to IPv6 by
       withholding IPv6 addresses from DNS clients which are not connected
       to the IPv6 Internet, when the name being looked up has an IPv4
       address available.  Use of this module is not recommended unless
       absolutely necessary.
     </p>
-<p>
+    <p>
       Note: This mechanism can erroneously cause other servers not to
       give AAAA records to their clients.  If a recursing server with
       both IPv6 and IPv4 network connections queries an authoritative
       server using this mechanism via IPv4, it will be denied AAAA
       records even if its client is using IPv6.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.13.19.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt>
-<dd><p>
+<dd>
+         <p>
            Specifies a list of client addresses for which AAAA
            filtering is to be applied.  The default is
            <strong class="userinput"><code>any</code></strong>.
-         </p></dd>
+         </p>
+       </dd>
 <dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
 <dd>
-<p>
+         <p>
            If set to <strong class="userinput"><code>yes</code></strong>, the DNS client is
            at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
            and if the response does not include DNSSEC signatures,
@@ -99,36 +115,40 @@ hook query "/usr/local/lib/filter-aaaa.so" {
            This filtering applies to all responses and not only
            authoritative responses.
          </p>
-<p>
+         <p>
            If set to <strong class="userinput"><code>break-dnssec</code></strong>,
            then AAAA records are deleted even when DNSSEC is
            enabled.  As suggested by the name, this causes the
            response to fail to verify, because the DNSSEC protocol is
            designed to detect deletions.
          </p>
-<p>
+         <p>
            This mechanism can erroneously cause other servers not to
            give AAAA records to their clients.  A recursing server with
            both IPv6 and IPv4 network connections that queries an
            authoritative server using this mechanism via IPv4 will be
            denied AAAA records even if its client is using IPv6.
          </p>
-</dd>
+       </dd>
 <dt><span class="term"><span class="command"><strong>filter-aaaa-on-v6</strong></span></span></dt>
-<dd><p>
+<dd>
+         <p>
            Identical to <span class="command"><strong>filter-aaaa-on-v4</strong></span>,
            except it filters AAAA responses to queries from IPv6
            clients instead of IPv4 clients.  To filter all
            responses, set both options to <strong class="userinput"><code>yes</code></strong>.
-         </p></dd>
+         </p>
+       </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.13.19.9"></a><h2>SEE ALSO</h2>
-<p>
+    <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div>
 <div class="navfooter">
 <hr>
@@ -148,6 +168,6 @@ hook query "/usr/local/lib/filter-aaaa.so" {
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.2 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 275a406..c36c0ea 100644 (file)
@@ -13,7 +13,7 @@
 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 <link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
 <link rel="up" href="Bv9ARM.ch12.html" title="Manual pages">
-<link rel="prev" href="man.dnstap-read.html" title="dnstap-read">
+<link rel="prev" href="man.filter-aaaa.html" title="filter-aaaa.so">
 <link rel="next" href="man.mdig.html" title="mdig">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -22,7 +22,7 @@
 <tr><th colspan="3" align="center">host</th></tr>
 <tr>
 <td width="20%" align="left">
-<a accesskey="p" href="man.dnstap-read.html">Prev</a> </td>
+<a accesskey="p" href="man.filter-aaaa.html">Prev</a> </td>
 <th width="60%" align="center">Manual pages</th>
 <td width="20%" align="right"> <a accesskey="n" href="man.mdig.html">Next</a>
 </td>
@@ -70,7 +70,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.19.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.20.7"></a><h2>DESCRIPTION</h2>
 
 
     <p><span class="command"><strong>host</strong></span>
@@ -97,7 +97,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.19.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.20.8"></a><h2>OPTIONS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-4</span></dt>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.19.9"></a><h2>IDN SUPPORT</h2>
+<a name="id-1.13.20.9"></a><h2>IDN SUPPORT</h2>
 
     <p>
       If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
   </div>
 
   <div class="refsection">
-<a name="id-1.13.19.10"></a><h2>FILES</h2>
+<a name="id-1.13.20.10"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/resolv.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.19.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.20.11"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)
 <table width="100%" summary="Navigation footer">
 <tr>
 <td width="40%" align="left">
-<a accesskey="p" href="man.dnstap-read.html">Prev</a> </td>
+<a accesskey="p" href="man.filter-aaaa.html">Prev</a> </td>
 <td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch12.html">Up</a></td>
 <td width="40%" align="right"> <a accesskey="n" href="man.mdig.html">Next</a>
 </td>
 </tr>
 <tr>
 <td width="40%" align="left" valign="top">
-<span class="application">dnstap-read</span> </td>
+<span class="application">filter-aaaa.so</span> </td>
 <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
 <td width="40%" align="right" valign="top"> <span class="application">mdig</span>
 </td>
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 8f10e56..55b63e6 100644 (file)
@@ -84,7 +84,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.21.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>mdig</strong></span>
       is a multiple/pipelined query version of <span class="command"><strong>dig</strong></span>:
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.8"></a><h2>ANYWHERE OPTIONS</h2>
+<a name="id-1.13.21.8"></a><h2>ANYWHERE OPTIONS</h2>
 
 
     <p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.9"></a><h2>GLOBAL OPTIONS</h2>
+<a name="id-1.13.21.9"></a><h2>GLOBAL OPTIONS</h2>
 
 
     <p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.10"></a><h2>LOCAL OPTIONS</h2>
+<a name="id-1.13.21.10"></a><h2>LOCAL OPTIONS</h2>
 
 
     <p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.21.11"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 03bc81d..522233a 100644 (file)
@@ -51,7 +51,7 @@
 <h2>Synopsis</h2>
     <div class="cmdsynopsis"><p>
       <code class="command">named-checkconf</code> 
-       [<code class="option">-hjlvz</code>]
+       [<code class="option">-chjlvz</code>]
        [<code class="option">-p</code>
         [<code class="option">-x</code>
       ]]
@@ -61,7 +61,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.22.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a
@@ -83,7 +83,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.22.8"></a><h2>OPTIONS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-h</span></dt>
             (e.g. master or slave).
           </p>
         </dd>
+<dt><span class="term">-c</span></dt>
+<dd>
+          <p>
+           Check "core" configuration only. This suppresses the loading
+           of plugin modules, and causes all parameters to
+           <span class="command"><strong>plugin</strong></span> statements to be ignored.
+          </p>
+        </dd>
 <dt><span class="term">-p</span></dt>
 <dd>
           <p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.9"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.22.9"></a><h2>RETURN VALUES</h2>
 
     <p><span class="command"><strong>named-checkconf</strong></span>
       returns an exit status of 1 if
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.22.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">named</span>(8)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 2df53bf..9643563 100644 (file)
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.23.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.23.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.9"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.23.9"></a><h2>RETURN VALUES</h2>
 
     <p><span class="command"><strong>named-checkzone</strong></span>
       returns an exit status of 1 if
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.23.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">named</span>(8)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 24f427c..80efbe7 100644 (file)
@@ -56,7 +56,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.23.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.24.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>named-journalprint</strong></span>
@@ -84,7 +84,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.23.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.24.8"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index ac198d6..b29f945 100644 (file)
@@ -57,7 +57,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.24.6"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.25.6"></a><h2>DESCRIPTION</h2>
     
     <p>
       <span class="command"><strong>named-nzd2nzf</strong></span> converts an NZD database to NZF
@@ -71,7 +71,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.24.7"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.25.7"></a><h2>ARGUMENTS</h2>
     
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">filename</span></dt>
@@ -85,7 +85,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.24.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.25.8"></a><h2>SEE ALSO</h2>
     
     <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>
@@ -93,7 +93,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.24.9"></a><h2>AUTHOR</h2>
+<a name="id-1.13.25.9"></a><h2>AUTHOR</h2>
     
     <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 0bc1f2a..6722ae0 100644 (file)
@@ -60,7 +60,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.25.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.26.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named-rrchecker</strong></span>
      read a individual DNS resource record from standard input and checks if it
@@ -90,7 +90,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.25.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.26.8"></a><h2>SEE ALSO</h2>
 
     <p>
       <em class="citetitle">RFC 1034</em>,
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index e8d126d..9a91abd 100644 (file)
@@ -55,7 +55,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.27.7"></a><h2>DESCRIPTION</h2>
 
     <p><code class="filename">named.conf</code> is the configuration file
       for
@@ -76,7 +76,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.8"></a><h2>ACL</h2>
+<a name="id-1.13.27.8"></a><h2>ACL</h2>
 
     <div class="literallayout"><p><br>
 acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -84,7 +84,7 @@ acl
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.9"></a><h2>CONTROLS</h2>
+<a name="id-1.13.27.9"></a><h2>CONTROLS</h2>
 
     <div class="literallayout"><p><br>
 controls {<br>
@@ -102,7 +102,7 @@ controls
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.10"></a><h2>DLZ</h2>
+<a name="id-1.13.27.10"></a><h2>DLZ</h2>
 
     <div class="literallayout"><p><br>
 dlz <em class="replaceable"><code>string</code></em> {<br>
@@ -113,7 +113,7 @@ dlz
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.11"></a><h2>DYNDB</h2>
+<a name="id-1.13.27.11"></a><h2>DYNDB</h2>
 
     <div class="literallayout"><p><br>
 dyndb <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>quoted_string</code></em> {<br>
@@ -122,7 +122,7 @@ dyndb
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.12"></a><h2>KEY</h2>
+<a name="id-1.13.27.12"></a><h2>KEY</h2>
 
     <div class="literallayout"><p><br>
 key <em class="replaceable"><code>string</code></em> {<br>
@@ -133,7 +133,7 @@ key
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.13"></a><h2>LOGGING</h2>
+<a name="id-1.13.27.13"></a><h2>LOGGING</h2>
 
     <div class="literallayout"><p><br>
 logging {<br>
@@ -156,7 +156,7 @@ logging
 
 
   <div class="refsection">
-<a name="id-1.13.26.14"></a><h2>MANAGED-KEYS</h2>
+<a name="id-1.13.27.14"></a><h2>MANAGED-KEYS</h2>
 
     <div class="literallayout"><p><br>
 managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
@@ -165,7 +165,7 @@ managed-keys
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.15"></a><h2>MASTERS</h2>
+<a name="id-1.13.27.15"></a><h2>MASTERS</h2>
 
     <div class="literallayout"><p><br>
 masters <em class="replaceable"><code>string</code></em> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp<br>
@@ -176,7 +176,7 @@ masters
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.16"></a><h2>OPTIONS</h2>
+<a name="id-1.13.27.16"></a><h2>OPTIONS</h2>
 
     <div class="literallayout"><p><br>
 options {<br>
@@ -480,7 +480,7 @@ options
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.17"></a><h2>SERVER</h2>
+<a name="id-1.13.27.17"></a><h2>SERVER</h2>
 
     <div class="literallayout"><p><br>
 server <em class="replaceable"><code>netprefix</code></em> {<br>
@@ -519,7 +519,7 @@ server
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.18"></a><h2>STATISTICS-CHANNELS</h2>
+<a name="id-1.13.27.18"></a><h2>STATISTICS-CHANNELS</h2>
 
     <div class="literallayout"><p><br>
 statistics-channels {<br>
@@ -532,7 +532,7 @@ statistics-channels
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.19"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.13.27.19"></a><h2>TRUSTED-KEYS</h2>
 
     <div class="literallayout"><p><br>
 trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
@@ -541,7 +541,7 @@ trusted-keys
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.20"></a><h2>VIEW</h2>
+<a name="id-1.13.27.20"></a><h2>VIEW</h2>
 
     <div class="literallayout"><p><br>
 view <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@@ -918,7 +918,7 @@ view
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.21"></a><h2>ZONE</h2>
+<a name="id-1.13.27.21"></a><h2>ZONE</h2>
 
     <div class="literallayout"><p><br>
 zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@@ -1019,14 +1019,14 @@ zone
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.22"></a><h2>FILES</h2>
+<a name="id-1.13.27.22"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/named.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.23"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.27.23"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
        <span class="refentrytitle">ddns-confgen</span>(8)
@@ -1067,6 +1067,6 @@ zone
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index fd19446..fce0b24 100644 (file)
@@ -79,7 +79,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.28.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named</strong></span>
       is a Domain Name System (DNS) server,
@@ -96,7 +96,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.28.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.9"></a><h2>SIGNALS</h2>
+<a name="id-1.13.28.9"></a><h2>SIGNALS</h2>
 
     <p>
       In routine operation, signals should not be used to control
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.10"></a><h2>CONFIGURATION</h2>
+<a name="id-1.13.28.10"></a><h2>CONFIGURATION</h2>
 
     <p>
       The <span class="command"><strong>named</strong></span> configuration file is too complex
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.11"></a><h2>FILES</h2>
+<a name="id-1.13.28.11"></a><h2>FILES</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.28.12"></a><h2>SEE ALSO</h2>
 
     <p><em class="citetitle">RFC 1033</em>,
       <em class="citetitle">RFC 1034</em>,
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 4ce78ed..6b6c407 100644 (file)
@@ -67,7 +67,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.29.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>nsec3hash</strong></span> generates an NSEC3 hash based on
@@ -87,7 +87,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.29.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">salt</span></dt>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.29.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 7ce0d96..8199452 100644 (file)
@@ -58,7 +58,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.30.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span class="command"><strong>Nslookup</strong></span>
@@ -72,7 +72,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.30.8"></a><h2>ARGUMENTS</h2>
 
     <p>
       Interactive mode is entered in the following cases:
@@ -121,7 +121,7 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.9"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id-1.13.30.9"></a><h2>INTERACTIVE COMMANDS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
@@ -372,7 +372,7 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.10"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.30.10"></a><h2>RETURN VALUES</h2>
     <p>
       <span class="command"><strong>nslookup</strong></span> returns with an exit status of 1
       if any query failed, and 0 otherwise.
@@ -380,7 +380,7 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.11"></a><h2>IDN SUPPORT</h2>
+<a name="id-1.13.30.11"></a><h2>IDN SUPPORT</h2>
 
     <p>
       If <span class="command"><strong>nslookup</strong></span> has been built with IDN (internationalized
@@ -397,14 +397,14 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.12"></a><h2>FILES</h2>
+<a name="id-1.13.30.12"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/resolv.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.13"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.30.13"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)
@@ -437,6 +437,6 @@ nslookup -query=hinfo  -timeout=10
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index a9a245d..d890699 100644 (file)
@@ -77,7 +77,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.31.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>nsupdate</strong></span>
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.31.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.9"></a><h2>INPUT FORMAT</h2>
+<a name="id-1.13.31.9"></a><h2>INPUT FORMAT</h2>
 
     <p><span class="command"><strong>nsupdate</strong></span>
       reads input from
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.10"></a><h2>EXAMPLES</h2>
+<a name="id-1.13.31.10"></a><h2>EXAMPLES</h2>
 
     <p>
       The examples below show how
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.11"></a><h2>FILES</h2>
+<a name="id-1.13.31.11"></a><h2>FILES</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.31.12"></a><h2>SEE ALSO</h2>
 
     <p>
       <em class="citetitle">RFC 2136</em>,
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.13"></a><h2>BUGS</h2>
+<a name="id-1.13.31.13"></a><h2>BUGS</h2>
 
     <p>
       The TSIG key is redundantly stored in two separate files.
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index fe849a5..ebc9ab7 100644 (file)
@@ -63,7 +63,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.32.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-destroy</strong></span> destroys keys stored in a
@@ -78,7 +78,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.32.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.32.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index cd7a495..51d900f 100644 (file)
@@ -66,7 +66,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.32.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.33.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
@@ -76,7 +76,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.32.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.33.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.32.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.33.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 925bf08..b994ccc 100644 (file)
@@ -61,7 +61,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.33.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.34.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-list</strong></span>
@@ -75,7 +75,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.33.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.34.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-P</span></dt>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.33.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.34.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index ca68ff3..a81fce6 100644 (file)
@@ -57,7 +57,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.34.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.35.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-tokens</strong></span>
@@ -67,7 +67,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.34.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.35.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
@@ -88,7 +88,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.34.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.35.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index d31a23c..3eed9b8 100644 (file)
@@ -65,7 +65,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.36.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>rndc-confgen</strong></span>
       generates configuration files
@@ -84,7 +84,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.36.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.9"></a><h2>EXAMPLES</h2>
+<a name="id-1.13.36.9"></a><h2>EXAMPLES</h2>
 
     <p>
       To allow <span class="command"><strong>rndc</strong></span> to be used with
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.36.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">rndc</span>(8)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 43b399f..3dbc501 100644 (file)
@@ -55,7 +55,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.37.7"></a><h2>DESCRIPTION</h2>
 
     <p><code class="filename">rndc.conf</code> is the configuration file
       for <span class="command"><strong>rndc</strong></span>, the BIND 9 name server control
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.8"></a><h2>EXAMPLE</h2>
+<a name="id-1.13.37.8"></a><h2>EXAMPLE</h2>
 
 
     <pre class="programlisting">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.9"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id-1.13.37.9"></a><h2>NAME SERVER CONFIGURATION</h2>
 
     <p>
       The name server must be configured to accept rndc connections and
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.37.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">rndc</span>(8)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 10bcd13..51dede1 100644 (file)
@@ -67,7 +67,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.38.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>rndc</strong></span>
       controls the operation of a name
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.38.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.9"></a><h2>COMMANDS</h2>
+<a name="id-1.13.38.9"></a><h2>COMMANDS</h2>
 
     <p>
       A list of commands supported by <span class="command"><strong>rndc</strong></span> can
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.10"></a><h2>LIMITATIONS</h2>
+<a name="id-1.13.38.10"></a><h2>LIMITATIONS</h2>
 
     <p>
       There is currently no way to provide the shared secret for a
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.38.11"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
        <span class="refentrytitle">rndc.conf</span>(5)
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.4 (Development Release)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
 </body>
 </html>
index 7ec783a..1ccfce8 100644 (file)
@@ -15,7 +15,7 @@
 
   <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.13.4</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.13.5</h2></div></div></div>
   
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
          in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
        </p>
       </li>
+<li class="listitem">
+       <p>
+         Code change #4964, intended to prevent double signatures
+         when deleting an inactive zone DNSKEY in some situations,
+         introduced a new problem during zone processing in which
+         some delegation glue RRsets are incorrectly identified
+         as needing RRSIGs, which are then created for them using
+         the current active ZSK for the zone. In some, but not all
+         cases, the newly-signed RRsets are added to the zone's
+         NSEC/NSEC3 chain, but incompletely -- this can result in
+         a broken chain, affecting validation of proof of nonexistence
+         for records in the zone. [GL #771]
+       </p>
+      </li>
 </ul></div>
   </div>
 
          as described in RFC 7706. [GL #33]
        </p>
       </li>
+<li class="listitem">
+       <p>
+         A new <span class="command"><strong>plugin</strong></span> mechanism has been added to allow
+         extension of query processing functionality through the use of
+         external libraries. The new <code class="filename">filter-aaaa.so</code>
+         plugin replaces the <span class="command"><strong>filter-aaaa</strong></span> feature that
+         was formerly implemented as a native part of BIND.
+       </p>
+       <p>
+         The plugin API is a work in progress and is likely to evolve
+         as further plugins are implemented. [GL #15]
+       </p>
+      </li>
 <li class="listitem">
        <p>
          BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
          the operating system, and it cannot be built without threads.
        </p>
       </li>
+<li class="listitem">
+       <p>
+         The <span class="command"><strong>filter-aaaa</strong></span>,
+         <span class="command"><strong>filter-aaaa-on-v4</strong></span>, and
+         <span class="command"><strong>filter-aaaa-on-v6</strong></span> options have been removed
+         from <span class="command"><strong>named</strong></span>, and can no longer be
+         configured using native <code class="filename">named.conf</code> syntax.
+         However, loading the new <code class="filename">filter-aaaa.so</code>
+         plugin and setting its parameters provides identical
+         functionality.
+       </p>
+      </li>
 <li class="listitem">
        <p>
          <span class="command"><strong>named</strong></span> can no longer use the EDNS CLIENT-SUBNET
index 66580c6..b042e7a 100644 (file)
Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ
index f09441c..5f64542 100644 (file)
@@ -1,4 +1,4 @@
-Release Notes for BIND Version 9.13.4
+Release Notes for BIND Version 9.13.5
 
 Introduction
 
@@ -79,6 +79,16 @@ Security Fixes
     deny-answer-aliases was in use. This flaw is disclosed in
     CVE-2018-5740. [GL #387]
 
+  * Code change #4964, intended to prevent double signatures when deleting
+    an inactive zone DNSKEY in some situations, introduced a new problem
+    during zone processing in which some delegation glue RRsets are
+    incorrectly identified as needing RRSIGs, which are then created for
+    them using the current active ZSK for the zone. In some, but not all
+    cases, the newly-signed RRsets are added to the zone's NSEC/NSEC3
+    chain, but incompletely -- this can result in a broken chain,
+    affecting validation of proof of nonexistence for records in the zone.
+    [GL #771]
+
 New Features
 
   * Task manager and socket code have been substantially modified. The
@@ -95,6 +105,14 @@ New Features
     facilitate deployment of a local copy of the root zone, as described
     in RFC 7706. [GL #33]
 
+  * A new plugin mechanism has been added to allow extension of query
+    processing functionality through the use of external libraries. The
+    new filter-aaaa.so plugin replaces the filter-aaaa feature that was
+    formerly implemented as a native part of BIND.
+
+    The plugin API is a work in progress and is likely to evolve as
+    further plugins are implemented. [GL #15]
+
   * BIND now can be compiled against the libidn2 library to add IDNA2008
     support. Previously, BIND supported IDNA2003 using the (now obsolete
     and unsupported) idnkit-1 library.
@@ -179,6 +197,11 @@ Removed Features
     requires threading support (either POSIX or Windows) from the
     operating system, and it cannot be built without threads.
 
+  * The filter-aaaa, filter-aaaa-on-v4, and filter-aaaa-on-v6 options have
+    been removed from named, and can no longer be configured using native
+    named.conf syntax. However, loading the new filter-aaaa.so plugin and
+    setting its parameters provides identical functionality.
+
   * named can no longer use the EDNS CLIENT-SUBNET option for view
     selection. In its existing form, the authoritative ECS feature was not
     fully RFC-compliant, and could not realistically have been deployed in
index 1b54aed..53c1e7e 100644 (file)
@@ -24,9 +24,6 @@ dlz <string> {
 dyndb <string> <quoted_string> {
     <unspecified-text> }; // may occur multiple times
 
-hook ( query ) <string> [ { <unspecified-text> }
-    ]; // may occur multiple times
-
 key <string> {
         algorithm <string>;
         secret <string>;
@@ -391,6 +388,9 @@ options {
         zone-statistics ( full | terse | none | <boolean> );
 };
 
+plugin ( query ) <string> [ { <unspecified-text>
+    } ]; // may occur multiple times
+
 server <netprefix> {
         bogus <boolean>;
         edns <boolean>;
@@ -543,8 +543,6 @@ view <string> [ <class> ] {
         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
         glue-cache <boolean>;
-        hook ( query ) <string> [ {
-            <unspecified-text> } ]; // may occur multiple times
         inline-signing <boolean>;
         ixfr-from-differences ( primary | master | secondary | slave |
             <boolean> );
@@ -607,6 +605,8 @@ view <string> [ <class> ] {
         nta-lifetime <ttlval>;
         nta-recheck <ttlval>;
         nxdomain-redirect <string>;
+        plugin ( query ) <string> [ {
+            <unspecified-text> } ]; // may occur multiple times
         preferred-glue <string>;
         prefetch <integer> [ <integer> ];
         provide-ixfr <boolean>;
index f76669b..18e8a01 100644 (file)
@@ -9,6 +9,6 @@
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
 # 9.13: 1300-1399
-LIBINTERFACE = 1301
-LIBREVISION = 1
+LIBINTERFACE = 1302
+LIBREVISION = 0
 LIBAGE = 0
index 9e9718c..b4dd10e 100644 (file)
@@ -9,6 +9,6 @@
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
 # 9.13: 1300-1399
-LIBINTERFACE = 1304
+LIBINTERFACE = 1305
 LIBREVISION = 0
 LIBAGE = 0
index f76669b..597c1af 100644 (file)
@@ -10,5 +10,5 @@
 # 9.12: 1200-1299
 # 9.13: 1300-1399
 LIBINTERFACE = 1301
-LIBREVISION = 1
+LIBREVISION = 2
 LIBAGE = 0
index 9e9718c..b4dd10e 100644 (file)
@@ -9,6 +9,6 @@
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
 # 9.13: 1300-1399
-LIBINTERFACE = 1304
+LIBINTERFACE = 1305
 LIBREVISION = 0
 LIBAGE = 0
index 431a492..c78a7ee 100644 (file)
@@ -1567,7 +1567,7 @@ doc_optional_btext(cfg_printer_t *pctx, const cfg_type_t *type) {
        cfg_print_cstr(pctx, "[ { <unspecified-text> } ]");
 }
 
-cfg_type_t cfg_type_optional_bracketed_text = {
+LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_optional_bracketed_text = {
        "optional_btext", parse_optional_btext, print_optional_btext,
        doc_optional_btext, NULL, NULL
 };
index 2cd86cd..45b039b 100644 (file)
@@ -154,6 +154,7 @@ cfg_ungettoken
 ;cfg_type_netaddr6
 ;cfg_type_netaddr6wild
 ;cfg_type_netprefix
+;cfg_type_optional_bracketed_text
 ;cfg_type_percentage
 ;cfg_type_qstring
 ;cfg_type_rndcconf
index ba136ce..f0f6ebd 100644 (file)
@@ -9,6 +9,6 @@
 # 9.11: 160-169
 # 9.12: 1200-1299
 # 9.13: 1300-1399
-LIBINTERFACE = 1303
-LIBREVISION = 1
+LIBINTERFACE = 1304
+LIBREVISION = 0
 LIBAGE = 0
diff --git a/version b/version
index 41503d2..41a64ec 100644 (file)
--- a/version
+++ b/version
@@ -5,7 +5,7 @@ PRODUCT=BIND
 DESCRIPTION="(Development Release)"
 MAJORVER=9
 MINORVER=13
-PATCHVER=4
+PATCHVER=5
 RELEASETYPE=
 RELEASEVER=
 EXTENSIONS=