Commit graph

2597 commits

Author SHA1 Message Date
Michał Kępień
cc59e6fd3f Set up release notes for BIND 9.18.2 2022-03-16 23:18:18 +01:00
Michał Kępień
2841d81160 Prepare release notes for BIND 9.18.1 2022-03-16 23:18:18 +01:00
Petr Špaček
4daef4a2a7
Fix dig option hyperlinks in the TSIG section of hte ARM
While backporting !5934 I noticed a copy&paste mistake in TSIG
chapter of the ARM.

The incorrect reference was introduced by "Add hyperlinks from
program options to definition in man pages" commit but it is not
worth creating separate MR for that when the backport is not merged
yet.
2022-03-14 11:28:02 +01:00
Petr Špaček
07044325eb
Hyperlink program names to their manual pages
Use the new role :iscman: to replace all occurences or ``binary``
with :iscman:`binary`, creating a hyperlink to the manual page.

Generated using:
    find bin -name *.rst | xargs fgrep --files-with-matches '.. iscman' | xargs -I{} -n1 basename {} .rst > /tmp/progs
    for PROG in $(cat /tmp/progs); do find -name '*.rst' | xargs sed -i -e "s/\`\`$PROG\`\`/:iscman:\`$PROG\`/g"; done

Additional hand-edits were done mainly around filter-aaaa and
filter-a which are program names and and option names at the
same time. Couple more edits was neede to fix .rst syntax broken by
automatic replacement.

(cherry picked from commit 53a5776025)
2022-03-14 11:01:31 +01:00
Petr Špaček
d13066ca5b
Introduce new Sphinx role iscman for ISC manual pages
The new directive and role "iscman" allow to tag & reference man pages in
our source tree. Essentially it is just namespacing for ISC man pages,
but it comes with couple benefits.

Differences from .. _man_program label we formerly used:
- Does not expand :ref:`man_program` into full text of the page header.
- Generates index entry with category "manual page".
- Rendering style is closer to ubiquitous to the one produced
  by ``named`` syntax.

Differences from Sphinx built-in :manpage: role:
- Supports all builders with support for cross-references.
- Generates internal links (unlike :manpage: which generates external
  URLs).
- Checks that target exists withing our source tree.

(cherry picked from commit 7e7a946d44)
2022-03-14 10:57:29 +01:00
Petr Špaček
8066485ea3
Add hyperlinks from program options to definition in man pages
Side-effect of hyperlinking is that typos in program and option names
are now detected by Sphinx.

Candidate -options were detected using:
    find -name *.rst | xargs grep '``-[^`]'
and then modified from ``-o`` to :option:`-o` using regex
    s/``\(-[^`]\+\)``/:option:`\1`/
+ manual modifications where necessary.

Non-hyphenated options were detected by looking at context around
program names:
    find bin -name *.rst | xargs -I{} -n1 basename {} .rst | sort -u
and grepping for program name with trailing whitespace.

Stand-alone program names like ``named`` are not hyperlinked in this
commit.

(cherry picked from commit a85df3ff9c)
2022-03-14 10:57:23 +01:00
Suzanne Goldlust
3554ec4615
Fix Tools for Use With the Name Server Daemon in the ARM
Remove outdated command references from ARM section
3.3.1. Tools for Use With the Name Server Daemon
and replace them with links to man pages.

Fixes: #2799
(cherry picked from commit 2d2d87a615)
2022-03-10 20:18:52 +01:00
Tony Finch
85a8e8f21a
In the ARM appendix, sort man page sections alphabetically
(cherry picked from commit 315b3c3a1a)
2022-03-10 20:18:52 +01:00
Petr Špaček
158092f9b7
Split out named-compilezone and named-checkzone man pages
Both utilities were included as one man page, but this caused a problem:
Sphinx directive .. include was used twice on the same file, which
prevented us from using labels (or anything with unique identifier) in
the man pages. This effectivelly prevented linking to them.

Splitting man pages allows us to solve the linking problems and also
clearly make text easier to follow because it does not mention two tools
at the same time.

This change causes duplication of text, but given the frequecy of changes
to these tools I think it is acceptable. I've considered deduplication
using smaller .rst snippets which get included into both man pages,
but it would require more sed scripting to handle defaults etc. and
I think it would be way too complex solution for this problem.

Related: #2799
(cherry picked from commit 9992f7808c)
2022-03-10 20:18:52 +01:00
Petr Špaček
bab233d766
Split out ddns-confgen and tsig-keygen man pages
Both utilities were included as one man page, but this caused a problem:
Sphinx directive .. include was used twice on the same file, which
prevented us from using labels (or anything with unique identifier) in
the man pages. This effectivelly prevented linking to them.

Splitting man pages allows us to solve the linking problems and also
clearly make text easier to follow because it does not mention two tools
at the same time.

This change causes duplication of text, but given the frequecy of changes
to these tools I think it is acceptable.

Related: #2799
(cherry picked from commit 2e42414522)
2022-03-10 20:18:52 +01:00
Evan Hunt
7b604df69d remove old zone type documentation
we now document zone type as either "primary" or "secondary",
omitting the old terms (though they are still accepted).

(cherry picked from commit 0bde07261b)
2022-02-25 16:51:44 -08:00
Mark Andrews
76a16e319c correctly exclude logging-categories.rst
(cherry picked from commit 0069a689a6)
2022-02-25 01:20:45 +11:00
Matthijs Mekking
3060ffb7d0 Update documentation wrt key algorithms
Add a note to the DNSSEC guide and to the ARM reference that A ZSK/KSK
pair used for signing your zone should have the same algorithm.

This commit also updates the 'dnssec-policy/keys' example to use the
slightly more modern 'rsasha256' algorithm.

(cherry picked from commit 7365400610)
2022-02-16 10:22:40 +01:00
Artem Boldariev
02aa76a2ad
Mention DoT/DoH related RFCs in the ARM
Mention RFC 7858 (DoT), 8484 (DoH), and 8945 (XoT).

(cherry picked from commit 8058d64dda)
2022-02-14 12:11:24 +01:00
Petr Špaček
5f10218e6f
Reorder list of supported RFCs in more user-oriented manner
For users it's not really important if a RFC is Internet Standard,
Proposed Standard, or Experimental. RFCs are now regrouped by
"Protocol", Best Current Practice, and "catch all" category FYI.

(cherry picked from commit 7fd61f9403)
2022-02-14 12:11:24 +01:00
Petr Špaček
0aacacbb38
Replace obsolete RFC2845 reference with RFC8945 (TSIG)
(cherry picked from commit 4dbad65bfd)
2022-02-14 12:11:23 +01:00
Petr Špaček
8582c49ea5
Remove special chapter about IPv6 address formats from ARM
In 2022, IPv6 is not anything unusual, and it was really odd
to have it in a separate section next to a huge list of RFCs.

Fixes: #1918
(cherry picked from commit 2774b497a6)
2022-02-14 12:11:23 +01:00
Petr Špaček
6191cf8abf
Replace obsolete RFC6944 reference with RFC8624 (DNSSEC algorithm status)
(cherry picked from commit 3c83a9d503)
2022-02-14 12:11:23 +01:00
Petr Špaček
d01ff38e58
Replace obsolete RFC4408 reference with RFC7208 (SPF)
(cherry picked from commit f8cb0ac141)
2022-02-14 12:11:23 +01:00
Petr Špaček
d5c4c2d4b5
Replace obsolete RFC2915 reference with RFC3403 (NAPTR)
(cherry picked from commit 16dec1ff58)
2022-02-14 12:11:23 +01:00
Petr Špaček
69271cae55
Add link to RFC8749 (DLV is historic)
(cherry picked from commit f7225db822)
2022-02-14 12:11:23 +01:00
Petr Špaček
7c07656dc4
Add newer version of IDNA RFC to docs
(cherry picked from commit 09d6cf89df)
2022-02-14 12:11:23 +01:00
Petr Špaček
4141a7dfd7
Remove obsolete RFCs from documentation
There is little point of listing all of the obsolete RFCs. I think it is
more likely confuse people than to do anything useful.

(cherry picked from commit 9437ea08e1)
2022-02-14 12:11:23 +01:00
Petr Špaček
7a7c90e72e
Replace obsolete RFC6488 reference with RFC8659 (CAA)
(cherry picked from commit 2b5b777c07)
2022-02-14 12:11:23 +01:00
Petr Špaček
3cafc168b8
Remove obsolete book reference from ARM
(cherry picked from commit b686b5c161)
2022-02-14 12:11:23 +01:00
Petr Špaček
6d56ef50ba
Use Sphinx footnotes for DNS Reference Information
It limits risk of errors while doing updates, which are next in the
pipeline.

(cherry picked from commit f713984886)
2022-02-14 12:11:18 +01:00
Ondřej Surý
3f78c60539 Use compile-time paths in the manual pages
Replace the hard-coded paths for various BIND 9 files (configuration,
pid, etc.) in the man pages and ARM with compile-time values using the
sphinx-build replace system.

This is more complicated, because the restructured text specification
doesn't allow |substitions| inside ``code-blocks``, so for each specific
file we had to create own substition which is sub-optimal, but it is
only way how to do this without adding Sphinx extension.

(cherry picked from commit b42681c4e9)
2022-02-10 17:08:24 +01:00
Ondřej Surý
faafbfa98f
Clarify effect of "directory" configuration option
The "directory" configuration options affects the configuration listed
after the directive but not before which may affect ``include``
directive with relative file paths.

(cherry picked from commit 00ba6967b1)
2022-02-02 12:29:30 +01:00
Petr Špaček
724a051820
Add missing parental-agents grammar generation
Formerly parental-agents grammar was an exception and it did not
auto-generate itself from source code. From now on it is generated using
the same mechanism as other grammars.

For consistency with rest of the system, I've also renamed the grammar
file and the link anchors from "parentals" to "parental-agents".

Technically this is fixup for commit
0311705d4b.

Related: !5234
(cherry picked from commit 34a3b35b08)
2022-02-01 18:25:08 +01:00
Ondřej Surý
6b681e7019 Fix typo in qname-wait-recurse
In the RPZ documentation, there's a mistake where it states that the
default behavior will be disabled by setting `qname-wait-recurse yes;`
while in fact it's opposite `qname-wait-recurse no;`.

This affects only the RST documentation.

(cherry picked from commit 1e711dcccb)
2022-01-27 12:55:40 +01:00
Matthijs Mekking
79d14cacd3 Update pkcs11 documentation on openssl_conf
The user should make sure there are no other 'openssl_conf = ...' lines
in the file.

(cherry picked from commit a90f4c4ffa)
2022-01-27 12:23:22 +01:00
Matthijs Mekking
4895b10884 Create keys with pkcs11-tool --id
The keyfromlabel system ECDSA tests sometimes fail. When this happens
the ZSK and KSK key id values differ by 1, which is an indication that
the same key is used for both DNSKEY records.

When the private key is retrieved with 'ENGINE_load_private_key()', the
public key is already set. But sometimes that key differs from the key
which was retrieved with 'ENGINE_load_public_key()'.

The libp11 source code uses id to find the key and without IDs all the
keys are "equal", so it is returning the first key in the array of the
enumerated keys instead of the matching key. In our test we didn't use
'--id', just '--label'. With this change, the system test should no
longer fail intermittently.

Note this is only an issue for ECDSA keys, not RSA keys.

(cherry picked from commit 0af8bbd49b)
2022-01-27 12:23:22 +01:00
Petr Špaček
4b0ac74137 Create release notes for 9.18.0
We started with compilation of _all_ 9.17.z notes into one file:
$ ls *.17*.rst | sort -V | xargs cat > notes-9.18.0.rst

Then removed removed duplicate extra copyright headers:
$ grep -v '^\.\. [^_]' notes-9.18.0.rst  > notes-9.18.0.rst.copy
$ grep -v '^\.\.$' notes-9.18.0.rst.copy > notes-9.18.0.rst
$ vim notes-9.17.0.rst notes-9.18.0.rst

Next step was to find notes referencing the changes which were
backported to 9.16.25 and remove these. Duplicites were checked
by diffing corresponding texts in 9.16 and 9.17, and it revealed that
some backports were either partial, or code was backported but the
release note was lost in 9.16 branch. In that case we did not
re-introduce the relnote and considered it also duplicate.

Most notable cases of "missing in 9.16 relnote but in fact fixed"
were notes for CVE-2020-8616 and CVE-2020-8617.
These were accidentally omitted from 9.16 release docs, and we are going
to fix it in separate MR !5722.

Further removals include:
- Security issue #2787: The bug was introduced & fixed in 9.17.z,
  so there is no need to tell about it to people upgrading to 9.18.0.
- Bugfix !3135: Backported but with unclear reference in relnotes.
- Bugfix !3137: Backported but with unclear reference in relnotes.
- Bugfix #2460: Introduced & fixed in 9.17.z.
- Bugfix #2504: The bug was introduced & fixed in 9.17.z.
- Bugfix #2562: Introduced & fixed in 9.17.z.
- Bugfix #2917: Introduced & fixed in 9.17.z
- Bugfix #3040: Introduced & fixed in 9.17.z.
- Bugfix #3062: Introduced & fixed in 9.17.z.
- Change #4: Introduced & "finished" in 9.17.z.
- Change #1610: Introduced & reverted in 9.17.z.
- Change #1958: No user visible impact.
- Change #2016: No user visible impact.
- Change #2022: No user visible impact.
- Change #2264: Affects a feature introduced only to 9.17 branch.
- Change #2401: No user visible impact.
- Known issue about libuv: Got fixed later in the cycle.
- Known issue about port clash: It is now config error.

Then tweaking started to clarify meaning of various notes to people
upgrading from 9.16.

While doing so, bugfix #2927 was omited because the change just makes
9.18 SERVFAIL faster than 9.16, so even though it is technically bugfix
it is so minor that it is not worth bragging about in release notes.

TLS/DoT/DoH features were summarized from many independent
notes into one giant note per feature.

All notes were rearranged according to their "perceived priority".
2022-01-24 09:27:55 +01:00
Petr Špaček
caa2be37b4 Update boilerplate text in Release Notes
It's taken from 9.16 branch, with dates updated and reference to CHANGES
file removed. Note on Version Numbering was was already removed in !3517.
2022-01-24 09:27:55 +01:00
Petr Špaček
f8850e1188 Fix incorrect RFC footnote about A6 RR type in RFC4033
A6 type is not mentioned anywhere in RFC4033.
2022-01-24 09:27:55 +01:00
Petr Špaček
7eb0428d1f Remove RFCs not implemented in BIND from list in the ARM
This commit partially removes extra RFCs which are not listed in
file doc/misc/rfc-compliance.

Most of the removed RFCs are either outright obsolete, irrelevant,
or not implemented. Rationale:
- 974 - obsolete
- 1033 - ops info, hardly followed today
- 1464 - ops info
- 1591 - policy
- 1537 - obsolete
- 1713 - obsolete
- 1794 - notimp
- 2010 - ops info
- 2052 - obsolete
- 2065 - obsolete
- 2137 - obsolete
- 2168 - obsolete
- 2240 - obsolete
- 2345 - not dns
- 2352 - not dns
- 2540 - notimp
- 2825 - notimp, info, obsolete
- 2826 - notimp
- 2929 - obsolete
- 3071 - policy
- 3090 - obsolete
- 3258 - notimp
- 6594 - iana, SSHFP
- 7216 - not dns
- 8482 - notimp
- 8490 - notimp

Probably most notable RFCs removed are:
- 8482 for special ANY handling
- 8490 for Stateful Operations
As far as I can tell BIND does not implement those.
2022-01-24 09:27:55 +01:00
Petr Špaček
164272ae77 Reword RFC section in the ARM
Add couple links and caveant for uninitiated readers.
2022-01-24 09:27:55 +01:00
Petr Špaček
6908b46011 Add RFCs listed in doc/misc/rfc-compliance to doc/arm/general.rst
There were three RFCs listed in list of "RFCs we implement" but missing
in the ARM.

Command to compare lists in the two documents:

    diff <(grep -o '^  RFC[0-9]\+' doc/misc/rfc-compliance | sed -e 's/[^0-9]//g' | sort -n) <(grep  '^:rfc:`' doc/arm/general.rst | sed -e 's/^.*`\([0-9]*\)`.*$/\1/' | sort -n)
2022-01-24 09:27:55 +01:00
Petr Špaček
0841a12742 Rework doc/arm/build.rst
- Revise the list of required libraries.
  - Apply miscellaneous tweaks to style, formatting, and ordering.
2022-01-24 09:27:55 +01:00
Petr Špaček
e8a29b0b7f Deduplicate text between Building BIND 9 / Supported Platforms in the ARM
Supported Platforms section is now really only about platforms and not
libraries. Libraries were moved to the Building BIND section.

We now have section for required libraries, and second with optional
features.  Wordy explanations were taken verbatim from the original
README.md.
2022-01-24 09:27:55 +01:00
Petr Špaček
a8a1fbf421 Convert "Building BIND" section from README.md to reStructuredText
Converted using pandoc 2.14.2-9 on Arch Linux:

    $ pandoc --shift-heading-level-by=-1 -f markdown -t rst README.md > doc/arm/build.rst

Plus hand-edit to remove sections other than Building BIND 9, remove
misindentation in section headers, and add a standard copyright header.
2022-01-24 09:27:55 +01:00
Petr Špaček
2e7a13515f Link to ISC KB for most up-to-date platform support statuses 2022-01-24 09:27:55 +01:00
Petr Špaček
626affbbc2 Replace all occurences of PLATFORMS file with reference to the ARM
The conf.py exclude_patterns now includes platforms.rst to avoid
problems with redefining labels:
https://github.com/sphinx-doc/sphinx/issues/1668#issuecomment-71376208
2022-01-24 09:27:55 +01:00
Petr Špaček
d5b82c9877 Replace duplicate Supported Operating Systems in the ARM by PLATFORMS.rst 2022-01-24 09:27:55 +01:00
Petr Špaček
7dc14372f2 Document that tls statement is subject to change 2022-01-24 09:27:55 +01:00
Petr Špaček
6d279ad49a Clarify XoT usage and warn about the unauthenticated mode 2022-01-24 09:27:55 +01:00
Michał Kępień
18db2269bf Fix spelling of "DNS over HTTPS" & "DNS over TLS"
The terms "DNS over HTTPS" and "DNS over TLS" should be hyphenated when
they are used as adjectives and non-hyphenated otherwise.  Ensure all
occurrences of these terms in the source tree follow the above rule.
(CHANGES and release notes are intentionally left intact.)

Tweak a related ARM snippet, fixing a typo in the process.
2022-01-20 15:40:37 +01:00
Michał Kępień
2559a9d2bd Prepare release notes for BIND 9.17.23 2022-01-20 11:20:03 +01:00
Michał Kępień
cb97395a8f Prepare release notes for BIND 9.17.22 2022-01-20 11:19:58 +01:00
Dan Theisen
acf1d502d6 docs: Update ARM to reflect changes to acceptable cookie-secret values 2022-01-17 11:48:25 +01:00