From 56a78b52117fceacbf4282cd41826ca9fb72dd07 Mon Sep 17 00:00:00 2001
From: Doug Barton
In this document, we use the following general typographic
conventions:
@@ -243,7 +243,7 @@
The purpose of this document is to explain the installation
and upkeep of the BIND software
@@ -253,7 +253,7 @@
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@@ -273,7 +273,7 @@
The data stored in the DNS is identified by domain names that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -319,7 +319,7 @@
To properly operate a name server, it is important to understand
the difference between a zone
@@ -372,7 +372,7 @@
Each zone is served by at least
one authoritative name server,
@@ -389,7 +389,7 @@
The authoritative server where the master copy of the zone
data is maintained is called the
@@ -409,7 +409,7 @@
The other authoritative servers, the slave
servers (also known as secondary servers)
@@ -425,7 +425,7 @@
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@@ -460,7 +460,7 @@
The resolver libraries provided by most operating systems are
stub resolvers, meaning that they are not
@@ -487,7 +487,7 @@
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@@ -514,7 +514,7 @@
The BIND name server can
simultaneously act as
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch02.html b/contrib/bind9/doc/arm/Bv9ARM.ch02.html
index 60985405acbd..9d859d69752a 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.ch02.html
+++ b/contrib/bind9/doc/arm/Bv9ARM.ch02.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
Table of Contents
DNS hardware requirements have
traditionally been quite modest.
@@ -73,7 +73,7 @@
CPU requirements for BIND 9 range from
i486-class machines
@@ -84,7 +84,7 @@
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The max-cache-size
@@ -107,7 +107,7 @@
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -124,7 +124,7 @@
ISC BIND 9 compiles and runs on a large
number
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch03.html b/contrib/bind9/doc/arm/Bv9ARM.ch03.html
index 4c2f9f397077..351927dbcdd0 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.ch03.html
+++ b/contrib/bind9/doc/arm/Bv9ARM.ch03.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
This sample configuration is for an authoritative-only server
that is the master server for "
A primitive form of load balancing can be achieved in
the DNS by using multiple A records for
@@ -280,10 +280,10 @@ zone "eng.example.com" {
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@@ -741,7 +741,7 @@ controls {
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch04.html b/contrib/bind9/doc/arm/Bv9ARM.ch04.html
index a316b1f58102..d7be205900f0 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.ch04.html
+++ b/contrib/bind9/doc/arm/Bv9ARM.ch04.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -479,7 +479,7 @@ nameserver 172.16.72.4
A shared secret is generated to be shared between host1 and host2.
An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -487,7 +487,7 @@ nameserver 172.16.72.4
The following command will generate a 128-bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
@@ -512,7 +512,7 @@ nameserver 172.16.72.4
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -527,7 +527,7 @@ nameserver 172.16.72.4
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@@ -535,7 +535,7 @@ nameserver 172.16.72.4
Imagine host1 and host 2
are
@@ -564,7 +564,7 @@ key host1-host2. {
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the
BIND allows IP addresses and ranges
to be specified in ACL
@@ -624,7 +624,7 @@ allow-update { key host1-host2. ;};
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@@ -650,7 +650,7 @@ allow-update { key host1-host2. ;};
TKEY
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@@ -686,7 +686,7 @@ allow-update { key host1-host2. ;};
BIND 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC2931.
@@ -747,7 +747,7 @@ allow-update { key host1-host2. ;};
The dnssec-keygen program is used to
generate keys.
@@ -798,7 +798,7 @@ allow-update { key host1-host2. ;};
The dnssec-signzone program is used
to
@@ -842,7 +842,7 @@ allow-update { key host1-host2. ;};
To enable named to respond appropriately
to DNS requests from DNSSEC aware clients,
@@ -930,7 +930,7 @@ options {
BIND 9 fully supports all currently
defined forms of IPv6
@@ -969,7 +969,7 @@ options {
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -988,7 +988,7 @@ host 3600 IN AAAA 2001:db8::1
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch05.html b/contrib/bind9/doc/arm/Bv9ARM.ch05.html
index 7d06e91f483c..458d93378fa4 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.ch05.html
+++ b/contrib/bind9/doc/arm/Bv9ARM.ch05.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
Table of Contents
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch06.html b/contrib/bind9/doc/arm/Bv9ARM.ch06.html
index cb17489f95e9..69c4855f4374 100644
--- a/contrib/bind9/doc/arm/Bv9ARM.ch06.html
+++ b/contrib/bind9/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -515,7 +515,7 @@
The BIND 9 comment syntax allows for
comments to appear
@@ -525,7 +525,7 @@
Comments may appear anywhere that white space may appear in
a BIND configuration file.
@@ -774,7 +774,7 @@
The include statement inserts the
@@ -999,7 +999,7 @@
The key statement defines a shared
secret key for use with TSIG (see the section called “TSIG”)
@@ -1055,7 +1055,7 @@
The logging statement configures a
@@ -1113,7 +1113,7 @@
All log output goes to one or more channels;
you can make as many of them as you want.
@@ -1632,7 +1632,7 @@ category notify { null; };
This is the grammar of the lwres
statement in the
The lwres statement configures the
name
@@ -1698,14 +1698,14 @@ category notify { null; };
masters
lists allow for a common set of masters to be easily used by
@@ -1714,7 +1714,7 @@ category notify { null; };
This is the grammar of the options
statement in the
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -2815,7 +2815,7 @@ options {
Dual-stack servers are used as servers of last resort to work
around
@@ -2881,30 +2881,25 @@ options {
+
Specifies which hosts are allowed to get answers
- from the cache. The default is the builtin acls
- localnets and
- localhost.
-
- The way to set query access to the cache is now
- via allow-query-cache.
- This differs from earlier versions which used
- allow-query.
-
@@ -116,7 +116,7 @@
@@ -68,7 +68,7 @@
Sample Configurations
example.com
"
@@ -137,7 +137,7 @@ zone "eng.example.com" {
-
named.conf
file
@@ -596,7 +596,7 @@ server 10.1.2.3 {
-
address_match_list
= address_match_list_element ;
[ address_match_list_element; ... ]
address_match_list_element
= [ ! ] (ip_address [/length] |
@@ -437,7 +437,7 @@
/* This is a BIND comment as in C */
@@ -540,7 +540,7 @@
acl acl-name {
address_match_list
};
@@ -857,7 +857,7 @@
controls {
[ inet ( ip_addr | * ) [ port ip_port ] allow {
address_match_list
}
keys { key_list
}; ]
@@ -979,12 +979,12 @@
include
filename
;key
key_id
{
algorithm string
;
secret string
;
@@ -1008,7 +1008,7 @@
logging {
[ channel
channel_name
{
( file path name
@@ -1079,7 +1079,7 @@
named.conf
file:
@@ -1647,7 +1647,7 @@ category notify { null; };
masters
name
[port ip_port
] { ( masters_list
| ip_addr
[port ip_port
] [key key
] ) ; [...] };
named.conf
file:
@@ -2771,7 +2771,7 @@ options {
Specifies which hosts are allowed to make recursive - queries through this server. If not specified, - the default is to allow recursive queries from - the builtin acls localnets and - localhost. - Note that disallowing recursive queries for a - host does not prevent the host from retrieving - data that is already in the server's cache. + queries through this server. If + allow-recursion is not set + then allow-query-cache is + used if set, otherwise allow-query + is used if set, otherwise the default + (localnets; + localhost;) is used.
@@ -2975,7 +2970,7 @@ options {
The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes @@ -3055,7 +3050,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
If the server doesn't know the answer to a question, it will query other name servers. query-source specifies @@ -3335,7 +3330,7 @@ query-source-v6 address * port *;
avoid-v4-udp-ports and avoid-v6-udp-ports specify a list of IPv4 and IPv6 UDP ports that will not be used as system @@ -3349,7 +3344,7 @@ query-source-v6 address * port *;
The server's usage of many system resources can be limited. Scaled values are allowed when specifying resource limits. For @@ -3408,7 +3403,7 @@ query-source-v6 address * port *;
The following options set limits on the server's resource consumption that are enforced internally by the @@ -3486,7 +3481,7 @@ query-source-v6 address * port *;
@@ -4533,7 +4528,7 @@ query-source-v6 address * port *;
trusted-keys {string
number
number
number
string
; [string
number
number
number
string
; [...]] @@ -4542,7 +4537,7 @@ query-source-v6 address * port *;The trusted-keys statement defines @@ -4585,7 +4580,7 @@ query-source-v6 address * port *;
The view statement is a powerful feature @@ -4836,10 +4831,10 @@ zone
zone_name
[
@@ -5048,7 +5043,7 @@ zone zone_name
[The zone's name may optionally be followed by a class. If a class is not specified, class
IN
(forInternet
), @@ -5070,7 +5065,7 @@ zonezone_name
[@@ -5566,7 +5561,7 @@ zonezone_name
[A domain name identifies a node. Each node has a set of resource information, which may be empty. The set of resource @@ -6217,7 +6212,7 @@ zone
zone_name
[RRs are represented in binary form in the packets of the DNS protocol, and are usually represented in highly encoded form @@ -6420,7 +6415,7 @@ zone
zone_name
[As described above, domain servers store information as a series of resource records, each of which contains a particular @@ -6678,7 +6673,7 @@ zone
zone_name
[Reverse name resolution (that is, translation from IP address to name) is achieved by means of the in-addr.arpa domain @@ -6739,7 +6734,7 @@ zone
zone_name
[The Master File Format was initially defined in RFC 1035 and has subsequently been extended. While the Master File Format @@ -6754,7 +6749,7 @@ zone
zone_name
[Syntax: $ORIGIN
domain-name
@@ -6782,7 +6777,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.Syntax: $INCLUDE
filename
@@ -6818,7 +6813,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.Syntax: $TTL
default-ttl
@@ -6837,7 +6832,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.Syntax: $GENERATE
@@ -46,10 +46,10 @@range
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch07.html b/contrib/bind9/doc/arm/Bv9ARM.ch07.html index 7286dc9178e1..c12d56de3318 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch07.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch07.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +Table of Contents
@@ -118,7 +118,7 @@ zone "example.com" {On UNIX servers, it is possible to run BIND in a chrooted environment @@ -142,7 +142,7 @@ zone "example.com" {
In order for a chroot environment to @@ -170,7 +170,7 @@ zone "example.com" {
Prior to running the named daemon, use diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch08.html b/contrib/bind9/doc/arm/Bv9ARM.ch08.html index c2a48271fbe0..61c5f3172638 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch08.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch08.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -45,18 +45,18 @@Table of Contents
The best solution to solving installation and configuration issues is to take preventative measures by setting @@ -68,7 +68,7 @@
Zone serial numbers are just numbers-they aren't date related. A lot of people set them to a number that represents a @@ -95,7 +95,7 @@
The Internet Systems Consortium (ISC) offers a wide range diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch09.html b/contrib/bind9/doc/arm/Bv9ARM.ch09.html index e8bbea852b52..3617b75ed5ba 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch09.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch09.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -45,21 +45,21 @@Table of Contents
@@ -254,42 +254,42 @@Standards
-[RFC974] Mail Routing and the Domain System. January 1986.
+[RFC974] Mail Routing and the Domain System. January 1986.
Proposed Standards
-[RFC1995] Incremental Zone Transfer in DNS. August 1996.
+[RFC1995] Incremental Zone Transfer in DNS. August 1996.
-[RFC1996] A Mechanism for Prompt Notification of Zone Changes. August 1996.
+[RFC1996] A Mechanism for Prompt Notification of Zone Changes. August 1996.
-[RFC2136] Dynamic Updates in the Domain Name System. April 1997.
+[RFC2136] Dynamic Updates in the Domain Name System. April 1997.
-[RFC2671] Extension Mechanisms for DNS (EDNS0). August 1997.
+[RFC2671] Extension Mechanisms for DNS (EDNS0). August 1997.
-[RFC2672] Non-Terminal DNS Name Redirection. August 1999.
+[RFC2672] Non-Terminal DNS Name Redirection. August 1999.
-[RFC2845] Secret Key Transaction Authentication for DNS (TSIG). May 2000.
+[RFC2845] Secret Key Transaction Authentication for DNS (TSIG). May 2000.
-[RFC2930] Secret Key Establishment for DNS (TKEY RR). September 2000.
+[RFC2930] Secret Key Establishment for DNS (TKEY RR). September 2000.
-[RFC2931] DNS Request and Transaction Signatures (SIG(0)s). September 2000.
+[RFC2931] DNS Request and Transaction Signatures (SIG(0)s). September 2000.
-[RFC3007] Secure Domain Name System (DNS) Dynamic Update. November 2000.
+[RFC3007] Secure Domain Name System (DNS) Dynamic Update. November 2000.
-@@ -298,19 +298,19 @@[RFC3645] Generic Security Service Algorithm for Secret +
[RFC3645] Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG). October 2003.
DNS Security Proposed Standards
-[RFC3225] Indicating Resolver Support of DNSSEC. December 2001.
+[RFC3225] Indicating Resolver Support of DNSSEC. December 2001.
-[RFC3833] Threat Analysis of the Domain Name System (DNS). August 2004.
+[RFC3833] Threat Analysis of the Domain Name System (DNS). August 2004.
-[RFC4033] DNS Security Introduction and Requirements. March 2005.
+[RFC4033] DNS Security Introduction and Requirements. March 2005.
-[RFC4044] Resource Records for the DNS Security Extensions. March 2005.
+[RFC4044] Resource Records for the DNS Security Extensions. March 2005.
-@@ -318,146 +318,146 @@[RFC4035] Protocol Modifications for the DNS +
[RFC4035] Protocol Modifications for the DNS Security Extensions. March 2005.
Other Important RFCs About DNS Implementation
-[RFC1535] A Security Problem and Proposed Correction With Widely +
[RFC1535] A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993.
-[RFC1536] Common DNS Implementation +
[RFC1536] Common DNS Implementation Errors and Suggested Fixes. October 1993.
-[RFC4074] Common Misbehaviour Against DNS +
[RFC4074] Common Misbehaviour Against DNS Queries for IPv6 Addresses. May 2005.
Resource Record Types
-[RFC1706] DNS NSAP Resource Records. October 1994.
+[RFC1706] DNS NSAP Resource Records. October 1994.
-[RFC2168] Resolution of Uniform Resource Identifiers using +
[RFC2168] Resolution of Uniform Resource Identifiers using the Domain Name System. June 1997.
-[RFC1876] A Means for Expressing Location Information in the +
[RFC1876] A Means for Expressing Location Information in the Domain Name System. January 1996.
-[RFC2052] A DNS RR for Specifying the +
[RFC2052] A DNS RR for Specifying the Location of Services.. October 1996.
-[RFC2163] Using the Internet DNS to +
[RFC2163] Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping. January 1998.
-[RFC2230] Key Exchange Delegation Record for the DNS. October 1997.
+[RFC2230] Key Exchange Delegation Record for the DNS. October 1997.
-[RFC2536] DSA KEYs and SIGs in the Domain Name System (DNS). March 1999.
+[RFC2536] DSA KEYs and SIGs in the Domain Name System (DNS). March 1999.
-[RFC2537] RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999.
+[RFC2537] RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999.
-[RFC2538] Storing Certificates in the Domain Name System (DNS). March 1999.
+[RFC2538] Storing Certificates in the Domain Name System (DNS). March 1999.
-[RFC2539] Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999.
+[RFC2539] Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999.
-[RFC2540] Detached Domain Name System (DNS) Information. March 1999.
+[RFC2540] Detached Domain Name System (DNS) Information. March 1999.
-[RFC2782] A DNS RR for specifying the location of services (DNS SRV). February 2000.
+[RFC2782] A DNS RR for specifying the location of services (DNS SRV). February 2000.
-[RFC2915] The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000.
+[RFC2915] The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000.
-[RFC3110] RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001.
+[RFC3110] RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001.
-[RFC3123] A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001.
+[RFC3123] A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001.
DNS and the Internet
-[RFC1101] DNS Encoding of Network Names +
[RFC1101] DNS Encoding of Network Names and Other Types. April 1989.
-[RFC1123] Requirements for Internet Hosts - Application and +
[RFC1123] Requirements for Internet Hosts - Application and Support. October 1989.
-[RFC1591] Domain Name System Structure and Delegation. March 1994.
+[RFC1591] Domain Name System Structure and Delegation. March 1994.
-[RFC2317] Classless IN-ADDR.ARPA Delegation. March 1998.
+[RFC2317] Classless IN-ADDR.ARPA Delegation. March 1998.
DNS Operations
-[RFC1033] Domain administrators operations guide.. November 1987.
+[RFC1033] Domain administrators operations guide.. November 1987.
-[RFC1912] Common DNS Operational and +
[RFC1912] Common DNS Operational and Configuration Errors. February 1996.
Internationalized Domain Names
-[RFC2825] A Tangled Web: Issues of I18N, Domain Names, +
[RFC2825] A Tangled Web: Issues of I18N, Domain Names, and the Other Internet protocols. May 2000.
-@@ -473,50 +473,50 @@[RFC3490] Internationalizing Domain Names in Applications (IDNA). March 2003.
+[RFC3490] Internationalizing Domain Names in Applications (IDNA). March 2003.
-[RFC1464] Using the Domain Name System To Store Arbitrary String +
[RFC1464] Using the Domain Name System To Store Arbitrary String Attributes. May 1993.
-[RFC1713] Tools for DNS Debugging. November 1994.
+[RFC1713] Tools for DNS Debugging. November 1994.
-[RFC2240] A Legal Basis for Domain Name Allocation. November 1997.
+[RFC2240] A Legal Basis for Domain Name Allocation. November 1997.
-[RFC2345] Domain Names and Company Name Retrieval. May 1998.
+[RFC2345] Domain Names and Company Name Retrieval. May 1998.
-[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
+[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
-[RFC3071] Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001.
+[RFC3071] Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001.
-[RFC3258] Distributing Authoritative Name Servers via +
[RFC3258] Distributing Authoritative Name Servers via Shared Unicast Addresses. April 2002.
-[RFC3901] DNS IPv6 Transport Operational Guidelines. September 2004.
+[RFC3901] DNS IPv6 Transport Operational Guidelines. September 2004.
-@@ -530,39 +530,39 @@[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
+[RFC2352] A Convention For Using Legal Names as Domain Names. May 1998.
-[RFC2065] Domain Name System Security Extensions. January 1997.
+[RFC2065] Domain Name System Security Extensions. January 1997.
-[RFC2137] Secure Domain Name System Dynamic Update. April 1997.
+[RFC2137] Secure Domain Name System Dynamic Update. April 1997.
-[RFC2535] Domain Name System Security Extensions. March 1999.
+[RFC2535] Domain Name System Security Extensions. March 1999.
-[RFC3008] Domain Name System Security (DNSSEC) +
[RFC3008] Domain Name System Security (DNSSEC) Signing Authority. November 2000.
-[RFC3090] DNS Security Extension Clarification on Zone Status. March 2001.
+[RFC3090] DNS Security Extension Clarification on Zone Status. March 2001.
-[RFC3445] Limiting the Scope of the KEY Resource Record (RR). December 2002.
+[RFC3445] Limiting the Scope of the KEY Resource Record (RR). December 2002.
-[RFC3655] Redefinition of DNS Authenticated Data (AD) bit. November 2003.
+[RFC3655] Redefinition of DNS Authenticated Data (AD) bit. November 2003.
-[RFC3658] Delegation Signer (DS) Resource Record (RR). December 2003.
+[RFC3658] Delegation Signer (DS) Resource Record (RR). December 2003.
-[RFC3755] Legacy Resolver Compatibility for Delegation Signer (DS). May 2004.
+[RFC3755] Legacy Resolver Compatibility for Delegation Signer (DS). May 2004.
-[RFC3757] Domain Name System KEY (DNSKEY) Resource Record +
[RFC3757] Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag. April 2004.
-@@ -583,14 +583,14 @@[RFC3845] DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004.
+[RFC3845] DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004.
-diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch10.html b/contrib/bind9/doc/arm/Bv9ARM.ch10.html index 03cce5aae1f4..4889fac1fd91 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch10.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch10.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + diff --git a/contrib/bind9/doc/arm/Bv9ARM.html b/contrib/bind9/doc/arm/Bv9ARM.html index bf70423cc110..9e7d7ad3b404 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.html +++ b/contrib/bind9/doc/arm/Bv9ARM.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -40,7 +40,7 @@DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
+DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
@@ -53,37 +53,37 @@Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2000-2003 Internet Software Consortium.
2. BIND Resource Requirements 3. Name Server Configuration 4. Advanced DNS Features @@ -92,33 +92,33 @@Dynamic Update Incremental Zone Transfers (IXFR) -Split DNS +Split DNS TSIG - -
- Generate Shared Keys for Each Pair of Hosts
-- Copying the Shared Secret to Both Machines
-- Informing the Servers of the Key's Existence
-- Instructing the Server to Use the Key
-- TSIG Key Based Access Control
-- Errors
+- Generate Shared Keys for Each Pair of Hosts
+- Copying the Shared Secret to Both Machines
+- Informing the Servers of the Key's Existence
+- Instructing the Server to Use the Key
+- TSIG Key Based Access Control
+- Errors
TKEY -SIG(0) +TKEY +SIG(0) DNSSEC - IPv6 Support in BIND 9 +IPv6 Support in BIND 9 5. The BIND 9 Lightweight Resolver 6. BIND 9 Configuration Reference @@ -126,83 +126,83 @@Configuration File Elements Configuration File Grammar - -
- acl Statement Grammar
+- acl Statement Grammar
- acl Statement Definition and Usage
-- controls Statement Grammar
+- controls Statement Grammar
- controls Statement Definition and Usage
-- include Statement Grammar
-- include Statement Definition and +
- include Statement Grammar
+- include Statement Definition and Usage
-- key Statement Grammar
-- key Statement Definition and Usage
-- logging Statement Grammar
-- logging Statement Definition and +
- key Statement Grammar
+- key Statement Definition and Usage
+- logging Statement Grammar
+- logging Statement Definition and Usage
-- lwres Statement Grammar
-- lwres Statement Definition and Usage
-- masters Statement Grammar
-- masters Statement Definition and +
- lwres Statement Grammar
+- lwres Statement Definition and Usage
+- masters Statement Grammar
+- masters Statement Definition and Usage
-- options Statement Grammar
+- options Statement Grammar
- options Statement Definition and Usage
- server Statement Grammar
- server Statement Definition and Usage
-- trusted-keys Statement Grammar
-- trusted-keys Statement Definition +
- trusted-keys Statement Grammar
+- trusted-keys Statement Definition and Usage
- view Statement Grammar
-- view Statement Definition and Usage
+- view Statement Definition and Usage
- zone Statement Grammar
-- zone Statement Definition and Usage
+- zone Statement Definition and Usage
Zone File +Zone File
- Types of Resource Records and When to Use Them
-- Discussion of MX Records
+- Discussion of MX Records
- Setting TTLs
-- Inverse Mapping in IPv4
-- Other Zone File Directives
-- BIND Master File Extension: the $GENERATE Directive
+- Inverse Mapping in IPv4
+- Other Zone File Directives
+- BIND Master File Extension: the $GENERATE Directive
- Additional File Formats
7. BIND 9 Security Considerations 8. Troubleshooting A. Appendices I. Manual pages diff --git a/contrib/bind9/doc/arm/Bv9ARM.pdf b/contrib/bind9/doc/arm/Bv9ARM.pdf index ea25edd92368..d66c247e529c 100755 --- a/contrib/bind9/doc/arm/Bv9ARM.pdf +++ b/contrib/bind9/doc/arm/Bv9ARM.pdf @@ -4640,27 +4640,25 @@ endobj /ProcSet [ /PDF /Text ] >> endobj 1221 0 obj << -/Length 3314 +/Length 3193 /Filter /FlateDecode >> stream -xÚ¥]oã¸ñ=¿Âou€µNüѧ½Ýì6‡^îšMŠ»{Pl%V–²– -úß;Ã!%êÃ΢‡ 5‡Ãù–Ù"…?¶ÈT’ -+ÆÊD¥L-Ö»‹tñsŸ/˜ÇY¤UŒõãÝÅŸ„YØÄj®w,I³Œ-î6¿-?üíý¯wW·—+®Ò¥N.WJ§Ë¯o>ÄÒãÃ/7Ÿ®?ÿóöý¥‘Ë»ë_n|{õéêöêæÃÕåŠeŠÁzî)œXðéúïW4ú|ûþçŸßß^þq÷ÓÅÕ]w–ø¼,xo¿ý‘.6pìŸ.ÒDØL-^à%M˜µ|±»J$J - ÕÅ—‹t£Y·tN~Jd‰Ê¸™ sT6ѦP€ŸšýK¾¿dÙrSÖp8®–뼦A^µ î?ÕÔ¿§)<º%ņ MÀ§ÇSáfW›f——~ê>oËöŒE -d«æ¥Ûí¡ÙÓà°õ›