diff options
Diffstat (limited to 'doc/arm/Bv9ARM-book.xml')
| -rw-r--r-- | doc/arm/Bv9ARM-book.xml | 43 |
1 files changed, 40 insertions, 3 deletions
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 37a0dbec..7e827c4e 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- File: $Id: Bv9ARM-book.xml,v 1.450.4.7 2010/05/14 04:49:40 marka Exp $ --> +<!-- File: $Id: Bv9ARM-book.xml,v 1.450.4.10 2010/07/09 05:14:07 each Exp $ --> <book xmlns:xi="http://www.w3.org/2001/XInclude"> <title>BIND 9 Administrator Reference Manual</title> @@ -1306,6 +1306,19 @@ zone "eng.example.com" { </varlistentry> <varlistentry> + <term><userinput>secroots + <optional><replaceable>view ...</replaceable></optional></userinput></term> + <listitem> + <para> + Dump the server's security roots to the secroots + file for the specified views. If no view is + specified, security roots for all + views are dumped. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><userinput>stop <optional>-p</optional></userinput></term> <listitem> <para> @@ -5017,6 +5030,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] <optional> max-cache-size <replaceable>size_spec</replaceable> ; </optional> <optional> match-mapped-addresses <replaceable>yes_or_no</replaceable>; </optional> <optional> filter-aaaa-on-v4 ( <replaceable>yes_or_no</replaceable> | <replaceable>break-dnssec</replaceable> ); </optional> + <optional> filter-aaaa { <replaceable>address_match_list</replaceable> }; </optional> <optional> preferred-glue ( <replaceable>A</replaceable> | <replaceable>AAAA</replaceable> | <replaceable>NONE</replaceable> ); </optional> <optional> edns-udp-size <replaceable>number</replaceable>; </optional> <optional> max-udp-size <replaceable>number</replaceable>; </optional> @@ -5229,7 +5243,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] the server can acquire through the default system key file, normally <filename>/etc/krb5.keytab</filename>. Normally this principal is of the form - "<userinput>dns/</userinput><varname>server.domain</varname>". + "<userinput>DNS/</userinput><varname>server.domain</varname>". To use GSS-TSIG, <command>tkey-domain</command> must also be set. </para> @@ -5365,6 +5379,18 @@ badresp:1,adberr:0,findfail:0,valfail:0] </varlistentry> <varlistentry> + <term><command>secroots-file</command></term> + <listitem> + <para> + The pathname of the file the server dumps + security roots to when instructed to do so with + <command>rndc secroots</command>. + If not specified, the default is <filename>named.secroots</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><command>session-keyfile</command></term> <listitem> <para> @@ -6281,7 +6307,7 @@ options { </para> <para> If <userinput>yes</userinput>, - the DNS client is at an IPv4 address, + the DNS client is at an IPv4 address, in <command>filter-aaaa</command>, and if the response does not include DNSSEC signatures, then all AAAA records are deleted from the response. This filtering applies to all responses and not only @@ -6974,6 +7000,17 @@ options { </listitem> </varlistentry> + <varlistentry> + <term><command>filter-aaaa</command></term> + <listitem> + <para> + Specifies a list of addresses to which + <command>filter-aaaa-on-v4</command> + is applies. The default is <userinput>any</userinput>. + </para> + </listitem> + </varlistentry> + </variablelist> </sect3> |