--- /srv/reproducible-results/rbuild-debian/r-b-build.SCy7PSmY/b1/bind9_9.19.24-185-g392e7199df2-1_amd64.changes
+++ /srv/reproducible-results/rbuild-debian/r-b-build.SCy7PSmY/b2/bind9_9.19.24-185-g392e7199df2-1_amd64.changes
├── Files
│ @@ -1,13 +1,13 @@
│
│ e9b99e865c0b257b63f6020382510016 666556 debug optional bind9-dbgsym_9.19.24-185-g392e7199df2-1_amd64.deb
│ 47fb0490cf0d7b41fafc0db970736c00 552252 devel optional bind9-dev_9.19.24-185-g392e7199df2-1_amd64.deb
│ 5147e4881302cd930adfc1c8d2444997 430504 debug optional bind9-dnsutils-dbgsym_9.19.24-185-g392e7199df2-1_amd64.deb
│ 6114eec7dc851b65bb20634072c8a179 427104 net standard bind9-dnsutils_9.19.24-185-g392e7199df2-1_amd64.deb
│ - 9ba5ee94421568ad5895fab77750c266 3496968 doc optional bind9-doc_9.19.24-185-g392e7199df2-1_all.deb
│ + 33f063eef619e55af25305aafaad3e28 3496944 doc optional bind9-doc_9.19.24-185-g392e7199df2-1_all.deb
│ 3cdaab25c9df5c0aad696b869f834fb9 105476 debug optional bind9-host-dbgsym_9.19.24-185-g392e7199df2-1_amd64.deb
│ 4ffbd8ee21011079e48d974c7e2bba10 317840 net standard bind9-host_9.19.24-185-g392e7199df2-1_amd64.deb
│ 151c38c362b37b76fe31f6d01aa40a4e 4038924 debug optional bind9-libs-dbgsym_9.19.24-185-g392e7199df2-1_amd64.deb
│ b80247560b965c8310d5ba7f5cf456f5 1465068 libs standard bind9-libs_9.19.24-185-g392e7199df2-1_amd64.deb
│ 06877671140369e57d9c4745071ad614 481652 debug optional bind9-utils-dbgsym_9.19.24-185-g392e7199df2-1_amd64.deb
│ 15a801324134bf246c8be6aa39bd554f 443700 net optional bind9-utils_9.19.24-185-g392e7199df2-1_amd64.deb
│ abfd0e4f6d0ff50c4f7a853ca9d0538b 509300 net optional bind9_9.19.24-185-g392e7199df2-1_amd64.deb
├── bind9-doc_9.19.24-185-g392e7199df2-1_all.deb
│ ├── file list
│ │ @@ -1,3 +1,3 @@
│ │ -rw-r--r-- 0 0 0 4 2024-06-20 13:11:56.000000 debian-binary
│ │ -rw-r--r-- 0 0 0 2012 2024-06-20 13:11:56.000000 control.tar.xz
│ │ --rw-r--r-- 0 0 0 3494764 2024-06-20 13:11:56.000000 data.tar.xz
│ │ +-rw-r--r-- 0 0 0 3494740 2024-06-20 13:11:56.000000 data.tar.xz
│ ├── control.tar.xz
│ │ ├── control.tar
│ │ │ ├── ./md5sums
│ │ │ │ ├── ./md5sums
│ │ │ │ │┄ Files differ
│ ├── data.tar.xz
│ │ ├── data.tar
│ │ │ ├── ./usr/share/doc/bind9-doc/arm/reference.html
│ │ │ │ @@ -762,15 +762,15 @@
│ │ │ │ key-directory
.
The following options can be specified in a key-store
statement:
Grammar: pkcs11-uri <quoted_string>;
Blocks: key-store
│ │ │ │ -Tags: pkcs11, dnssec
│ │ │ │ +Tags: dnssec, pkcs11
│ │ │ │The uri
is a string that specifies a PKCS#11 URI Scheme (defined in
│ │ │ │ RFC 7512). When set, named
will try to create keys inside the
│ │ │ │ corresponding PKCS#11 token. This requires BIND to be built with OpenSSL 3,
│ │ │ │ and have a PKCS#11 provider configured.
Grammar: zone-statistics ( full | terse | none | <boolean> );
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
│ │ │ │ -Tags: logging, zone
│ │ │ │ +Tags: zone, logging
│ │ │ │Controls the level of statistics gathered for all zones.
│ │ │ │ │ │ │ │If full
, the server collects statistical data on all zones,
│ │ │ │ unless specifically turned off on a per-zone basis by specifying
│ │ │ │ zone-statistics terse
or zone-statistics none
in the zone
│ │ │ │ statement. The statistical data includes, for example, DNSSEC signing
│ │ │ │ operations and the number of authoritative answers per query type. The
│ │ │ │ @@ -3637,15 +3637,15 @@
│ │ │ │
Grammar: check-dup-records ( fail | warn | ignore );
Blocks: options, view, zone (primary)
│ │ │ │ -Tags: query, dnssec
│ │ │ │ +Tags: dnssec, query
│ │ │ │Checks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
│ │ │ │ │ │ │ │This checks primary zones for records that are treated as different by
│ │ │ │ DNSSEC but are semantically equal in plain DNS. The default is to
│ │ │ │ warn
. Other possible values are fail
and ignore
.
Grammar: zero-no-soa-ttl <boolean>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: server, query, zone
│ │ │ │ +Tags: zone, query, server
│ │ │ │Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │ │ │ │ │If yes
, when returning authoritative negative responses to SOA queries, set
│ │ │ │ the TTL of the SOA record returned in the authority section to zero.
│ │ │ │ The default is yes
.
Grammar: zero-no-soa-ttl-cache <boolean>;
Blocks: options, view
│ │ │ │ -Tags: server, query, zone
│ │ │ │ +Tags: zone, query, server
│ │ │ │Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │ │ │ │ │If yes
, when caching a negative response to an SOA query set the TTL to zero.
│ │ │ │ The default is no
.
Grammar: notify-rate <integer>;
Blocks: options
│ │ │ │ -Tags: transfer, zone
│ │ │ │ +Tags: zone, transfer
│ │ │ │Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │ │ │ │ │This specifies the rate at which NOTIFY requests are sent during normal zone │ │ │ │ maintenance operations. (NOTIFY requests due to initial zone loading │ │ │ │ are subject to a separate rate limit; see below.) The default is 20 │ │ │ │ per second. The lowest possible rate is one per second; when set to │ │ │ │ zero, it is silently raised to one.
│ │ │ │Grammar: startup-notify-rate <integer>;
Blocks: options
│ │ │ │ -Tags: transfer, zone
│ │ │ │ +Tags: zone, transfer
│ │ │ │Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │ │ │ │ │This is the rate at which NOTIFY requests are sent when the name server │ │ │ │ is first starting up, or when zones have been newly added to the │ │ │ │ name server. The default is 20 per second. The lowest possible rate is │ │ │ │ one per second; when set to zero, it is silently raised to one.
│ │ │ │Grammar: max-records <integer>;
Blocks: options, view, zone (mirror, primary, redirect, secondary, static-stub, stub)
│ │ │ │ -Tags: server, zone
│ │ │ │ +Tags: zone, server
│ │ │ │Sets the maximum number of records permitted in a zone.
│ │ │ │ │ │ │ │This sets the maximum number of records permitted in a zone. The default is │ │ │ │ zero, which means the maximum is unlimited.
│ │ │ │Warning
│ │ │ │This option is deprecated and will be removed in a future version of BIND.
│ │ │ │Grammar: sortlist { <address_match_element>; ... }; // deprecated
Blocks: options, view
│ │ │ │ -Tags: query, deprecated
│ │ │ │ +Tags: deprecated, query
│ │ │ │Controls the ordering of RRs returned to the client, based on the client’s IP address.
│ │ │ │ │ │ │ │This option is deprecated and will be removed in a future release.
│ │ │ │The sortlist
statement (see below) takes an address_match_list and
│ │ │ │ interprets it in a special way. Each top-level statement in the sortlist
│ │ │ │ must itself be an explicit address_match_list with one or two elements. The
│ │ │ │ first element (which may be an IP address, an IP prefix, an ACL name, or a nested
│ │ │ │ @@ -5895,15 +5895,15 @@
│ │ │ │
Grammar: masterfile-format ( raw | text );
Blocks: options, view, zone (mirror, primary, redirect, secondary, stub)
│ │ │ │ -Tags: server, zone
│ │ │ │ +Tags: zone, server
│ │ │ │Specifies the file format of zone files.
│ │ │ │ │ │ │ │This specifies the file format of zone files (see Additional File Formats
│ │ │ │ for details). The default value is text
, which is the standard
│ │ │ │ textual representation, except for secondary zones, in which the default
│ │ │ │ value is raw
. Files in formats other than text
are typically
│ │ │ │ expected to be generated by the named-compilezone
tool, or dumped by
│ │ │ │ @@ -5971,15 +5971,15 @@
│ │ │ │
Grammar: notify-delay <integer>;
Blocks: options, view, zone (mirror, primary, secondary)
│ │ │ │ -Tags: transfer, zone
│ │ │ │ +Tags: zone, transfer
│ │ │ │Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │ │ │ │ │This sets the delay, in seconds, between sending sets of NOTIFY messages │ │ │ │ for a zone. Whenever a NOTIFY message is sent for a zone, a timer will │ │ │ │ be set for this duration. If the zone is updated again before the timer │ │ │ │ expires, the NOTIFY for that update will be postponed. The default is 5 │ │ │ │ seconds.
│ │ │ │ @@ -5988,15 +5988,15 @@ │ │ │ │Grammar: max-rsa-exponent-size <integer>;
Blocks: options
│ │ │ │ -Tags: query, dnssec
│ │ │ │ +Tags: dnssec, query
│ │ │ │Sets the maximum RSA exponent size (in bits) when validating.
│ │ │ │ │ │ │ │This sets the maximum RSA exponent size, in bits, that is accepted when │ │ │ │ validating. Valid values are 35 to 4096 bits. The default, zero, is │ │ │ │ also accepted and is equivalent to 4096.
│ │ │ │Grammar: response-policy { zone <string> [ add-soa <boolean> ] [ log <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ policy ( cname | disabled | drop | given | no-op | nodata | nxdomain | passthru | tcp-only <quoted_string> ) ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ ede <string> ]; ... } [ add-soa <boolean> ] [ break-dnssec <boolean> ] [ max-policy-ttl <duration> ] [ min-update-interval <duration> ] [ min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [ nsdname-wait-recurse <boolean> ] [ qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [ nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [ dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text> } ];
Blocks: options, view
│ │ │ │ -Tags: security, query, zone, server
│ │ │ │ +Tags: zone, query, security, server
│ │ │ │Specifies response policy zones for the view or among global options.
│ │ │ │ │ │ │ │Response policy zones are named in the response-policy
option for
│ │ │ │ the view, or among the global options if there is no response-policy
│ │ │ │ option for the view. Response policy zones are ordinary DNS zones
│ │ │ │ containing RRsets that can be queried normally if allowed. It is usually
│ │ │ │ best to restrict those queries with something like
│ │ │ │ @@ -7126,15 +7126,15 @@
│ │ │ │
Grammar: log-only <boolean>;
Blocks: options.rate-limit, view.rate-limit
│ │ │ │ -Tags: query, logging
│ │ │ │ +Tags: logging, query
│ │ │ │Tests rate-limiting parameters without actually dropping any requests.
│ │ │ │ │ │ │ │Use log-only yes
to test rate-limiting parameters without actually
│ │ │ │ dropping any requests.
Responses dropped by rate limits are included in the RateDropped
and
│ │ │ │ @@ -9751,15 +9751,15 @@
│ │ │ │
│ │ │ │
│ │ │ │
Grammar: server-addresses { ( <ipv4_address> | <ipv6_address> ); ... };
Blocks: zone (static-stub)
│ │ │ │ -Tags: query, zone
│ │ │ │ +Tags: zone, query
│ │ │ │Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
│ │ │ │ │ │ │ │This option is only meaningful for static-stub zones. This is a list of IP addresses │ │ │ │ to which queries should be sent in recursive resolution for the zone. │ │ │ │ A non-empty list for this option internally configures the apex │ │ │ │ NS RR with associated glue A or AAAA RRs.
│ │ │ │For example, if “example.com” is configured as a static-stub zone │ │ │ │ @@ -10318,15 +10318,15 @@ │ │ │ │
Defines a stream of data that can be independently logged.
│ │ │ │logging
Checks primary zones for records that are treated as different by DNSSEC but are semantically equal in plain DNS.
│ │ │ │query, dnssec
dnssec, query
Performs post-load zone integrity checks on primary zones.
│ │ │ │zone
Sets a maximum size for the memory map of the new-zone database in LMDB database format.
│ │ │ │server
Tests rate-limiting parameters without actually dropping any requests.
│ │ │ │query, logging
logging, query
Configures logging options for the name server.
│ │ │ │logging
Specifies an access control list (ACL) of IPv4 addresses that are to be mapped to the corresponding A RRset in dns64
.
query
Specifies the file format of zone files.
│ │ │ │server, zone
zone, server
Specifies the format of zone files during a dump, when the masterfile-format
is text
.
server
Specifies the maximum retention time (in seconds) for storage of negative answers in the server's cache.
│ │ │ │server
Sets the maximum number of records permitted in a zone.
│ │ │ │server, zone
zone, server
Sets the maximum number of levels of recursion permitted at any one time while servicing a recursive query.
│ │ │ │server
Limits the zone refresh retry interval to no less often than the specified value, in seconds.
│ │ │ │transfer
Sets the maximum RSA exponent size (in bits) when validating.
│ │ │ │query, dnssec
dnssec, query
Specifies the maximum time that the server retains records past their normal expiry, to return them as stale records.
│ │ │ │server
Controls whether NOTIFY
messages are sent on zone changes.
transfer
Sets the delay (in seconds) between sending sets of NOTIFY messages for a zone.
│ │ │ │transfer, zone
zone, transfer
Specifies the rate at which NOTIFY requests are sent during normal zone maintenance operations.
│ │ │ │transfer, zone
zone, transfer
Defines the IPv4 address (and optional port) to be used for outgoing NOTIFY
messages.
transfer
Specifies the pathname of the file where the server writes its process ID.
│ │ │ │server
pkcs11, dnssec
dnssec, pkcs11
Configures plugins in named.conf
.
server
Adds an EDNS Padding option to encrypted messages, to reduce the chance of guessing the contents based on size.
│ │ │ │query
Specifies response policy zones for the view or among global options.
│ │ │ │security, query, zone, server
zone, query, security, server
Limits the number of non-empty responses for a valid domain name and record type.
│ │ │ │query
Defines characteristics to be associated with a remote name server.
│ │ │ │server
Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone.
│ │ │ │query, zone
zone, query
Specifies the ID of the server to return in response to a ID.SERVER
query.
server
Sets the number of "slipped" responses to minimize the use of forged source addresses for an attack.
│ │ │ │query
Controls the ordering of RRs returned to the client, based on the client's IP address.
│ │ │ │query, deprecated
deprecated, query
Defines the amount of time (in milliseconds) that named
waits before attempting to answer a query with a stale RRset from cache.
query, server
Sets the time window for the return of "stale" cached answers before the next attempt to contact, if the name servers for a given zone are not responding.
│ │ │ │query, server
Specifies the rate at which NOTIFY requests are sent when the name server is first starting, or when new zones have been added.
│ │ │ │transfer, zone
zone, transfer
Specifies the communication channels to be used by system administrators to access statistics information on the name server.
│ │ │ │logging
Specifies the length of time during which responses are tracked.
│ │ │ │query
Specifies whether to set the time to live (TTL) of the SOA record to zero, when returning authoritative negative responses to SOA queries.
│ │ │ │server, query, zone
zone, query, server
Sets the time to live (TTL) to zero when caching a negative response to an SOA query.
│ │ │ │server, query, zone
zone, query, server
Specifies the zone in a BIND 9 configuration.
│ │ │ │zone
Sets the propagation delay from the time a zone is first updated to when the new version of the zone is served by all secondary servers.
│ │ │ │dnssec, zone
Controls the level of statistics gathered for all zones.
│ │ │ │logging, zone
zone, logging
These tables group the various statements permissible in named.conf
by
│ │ │ │ ├── html2text {}
│ │ │ │ │ @@ -515,15 +515,15 @@
│ │ │ │ │ The key-store statement defines how DNSSEC keys should be stored.
│ │ │ │ │ There is one built-in key store named key-directory. Configuring keys to use
│ │ │ │ │ key-store "key-directory" is identical to using key-directory.
│ │ │ │ │ The following options can be specified in a _k_e_y_-_s_t_o_r_e statement:
│ │ │ │ │ pkcs11-uri_
│ │ │ │ │ GGrraammmmaarr:: pkcs11-uri