BIND 9.3.2 Release Notes (5900-2140, December 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

file to be synchronized into the master, and the journal file to be removed. All dynamic update

attempts are refused if the zone is frozen.

• thaw zone [class [view]]

This command enables you to update a frozen dynamic zone. This command causes the server

to reload the zone from the disk and re-enables dynamic updates after the load is complete.

For more information on these commands, see rndc(1). A sample rndc.conf file is distributed

with this release of BIND in the /usr/examples/bind directory. This file can be generated

automatically using the rndc-confgen utility, which is also distributed with BIND 9.3.2.

New option in the zone statement

The delegation-only option is added to the zone statement. You can use this option to enforce

the delegation-only status of infrastructure zones (for example, COM, NET, and ORG). Any answer

that a name server receives without an explicit or implicit delegation in the authority section is

treated as NXDOMAIN, which indicates that a host name is not found. The NXDOMAIN response is

the type of response sent by the name server.

New command-line options

Table 5 lists the new command-line options for the various binaries and tools in BIND 9.3.2.

Table 5 New Command-Line Options

DescriptionOptionsBinaries/Tools

Sets the specified flag in the flag field of the KEY or DNSKEY record.

The only recognized flag is Signed Key (KSK) DNSKEY.

-f flagdnssec-keygen

Generates KEY records, instead of the DNSKEY records-kdnssec-keygen

Generates DS records for child zones from the keyset files. Existing

DS records are removed from the signed db files.

-gdnssec-signzone

Treats the specified key as a key signing key and ignores any key

flags. This option can be specified multiple times.

-k keydnssec-signzone

Generates a DNSSEC lookaside validation (DLV) set in addition to

the key (DNSKEY) and DS sets. The domain is appended to the name

of the records.

-l domaindnssec-signzone

Performs a check load on the master zone files in the

/etc/named.conf file

-znamed-checkconf

Reads the journal while loading a zone file-jnamed-checkconf

Reads the journal while loading a zone file-jnamed-checkzone

Performs check-name checks with the specified failure mode. The

values for the failure modes are fail, warn, and ignore. The

default value is warn.

-k modenamed-checkzone

Specifies if name server (NS) records must be checked to verify

whether they are addresses. The values for this option are fail,

warn, and ignore. The default value is warn.

-n modenamed-checkzone

Writes the zone output to the directory-o filenamenamed-checkzone

Specifies the directory under which the named-checkzone

command is chrooted. The $INCLUDE directives in the configuration

-t directorynamed-checkzone

file are also processed as if they are run by a similarly chrooted

named.

Specifies named to change to directory so that relative filenames

in the master file $INCLUDE directives are functional. This option is

similar to the directory clause in the /etc/named.conf file.

-w directorynamed-checkzone

10 BIND 9.3.2 Release Notes