[master] README and relnote fixes

2025-08-22 10:10:06 +00:00 · 2017-10-17 13:47:33 -07:00 · 2017-10-17 13:47:33 -07:00 · 30419509dd
commit 30419509dd
parent 2361003a88
5 changed files with 107 additions and 79 deletions
--- a/49
+++ b/49
@ -56,12 +56,12 @@ General bug reports can be sent to bind9-bugs@isc.org.
 Feature requests can be sent to bind-suggest@isc.org.
-Please note that, while ISC's ticketing system is not currently publicly
+Please note that, while tickets submitted to ISC's ticketing system are
-readable, this may change in the future. Please do not include information
+not initially publicly readable by default, they can be made publicly
-in bug reports that you consider to be confidential. For example, when
+acessible afterward. Please do not include information in bug reports that
-sending the contents of your configuration file, it is advisable to
+you consider to be confidential. In particular, when sending the contents
-obscure key secrets; this can be done automatically by using
+of your configuration file, it is advisable to obscure key secrets: this
-named-checkconf -px.
+can be done automatically by using named-checkconf -px.
 Professional support and training for BIND are available from ISC at
 https://www.isc.org/support.
@ -75,8 +75,9 @@ mailman/listinfo/bind-workers.
 Contributing to BIND
-A public git repository for BIND is maintained at http://www.isc.org/git/,
+ISC maintains a public git repository for BIND; details can be found at
-and also on Github at https://github.com/isc-projects.
+http://www.isc.org/git/, and also on Github at https://github.com/
 isc-projects.
 Information for BIND contributors can be found in the following files: -
 General information: doc/dev/contrib.md - BIND 9 code style: doc/dev/
@ -103,10 +104,8 @@ include:
  * Cached, validated NSEC and other records can now be used to synthesize
    NXDOMAIN responses.
  * The DNS Response Policy Service API (DNSRPS) is now supported.
-  * Setting max-journal-size default now limits the size of journal files
+  * Setting 'max-journal-size default' now limits the size of journal
-    to twice the size of the zone.
+    files to twice the size of the zone.
  * The query handling code has been substantially refactored for improved
    readability, maintainability and testability .
  * dnstap-read -x prints a hex dump of the wire format of each logged DNS
    message.
  * dnstap output files can now be configured to roll automatically when
@ -115,7 +114,7 @@ include:
    ISO 8601 (UTC) formats.
  * Logging channels and dnstap output files can now be configured to use
    a timestamp as the suffix when rolling to a new file.
-  * named-checkconf -l lists zones found in named.conf.
+  * 'named-checkconf -l' lists zones found in named.conf.
  * Added support for the EDNS Padding and Keepalive options.
  * 'new-zones-directory' option sets the location where the configuration
    data for zones added by rndc addzone is stored
@ -189,10 +188,11 @@ smaller systems.
 For the server to support DNSSEC, you need to build it with crypto
 support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
 installed. If the OpenSSL library is installed in a nonstandard location,
-specify the prefix using "--with-openssl=/prefix" on the configure command
+specify the prefix using "--with-openssl=<PREFIX>" on the configure
-line. To use a PKCS#11 hardware service module for cryptographic
+command line. To use a PKCS#11 hardware service module for cryptographic
 operations, specify the path to the PKCS#11 provider library using
-"--with-pkcs11=/prefix", and configure BIND with "--enable-native-pkcs11".
+"--with-pkcs11=<PREFIX>", and configure BIND with
 "--enable-native-pkcs11".
 To support the HTTP statistics channel, the server must be linked with at
 least one of the following: libxml2 http://xmlsoft.org or json-c https://
@ -212,13 +212,16 @@ libGeoIP. This is not turned on by default; BIND must be configured with
 "--with-geoip". If the library is installed in a nonstandard location, use
 specify the prefix using "--with-geoip=/prefix".
-For DNSTAP packet logging, you must have libfstrm https://github.com/
+For DNSTAP packet logging, you must have installed libfstrm https://
-farsightsec/fstrm and libprotobuf-c https://developers.google.com/
+github.com/farsightsec/fstrm and libprotobuf-c https://
-protocol-buffers, and BIND must be configured with "--enable-dnstap".
+developers.google.com/protocol-buffers, and BIND must be configured with
 "--enable-dnstap".
-Python requires the 'argparse' and 'ply' modules to be available.
+Portions of BIND that are written in Python, including dnssec-keymgr,
-'argparse' is a standard module as of Python 2.7 and Python 3.2. 'ply' is
+dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-available from https://pypi.python.org/pypi/ply.
+'argparse' and 'ply' modules to be available. 'argparse' is a standard
 module as of Python 2.7 and Python 3.2. 'ply' is available from https://
 pypi.python.org/pypi/ply.
 On some platforms it is necessary to explicitly request large file support
 to handle files bigger than 2GB. This can be done by using
@ -250,7 +253,7 @@ Automated testing
 A system test suite can be run with make test. The system tests require
 you to configure a set of virtual IP addresses on your system (this allows
 multiple servers to run locally and communicate with one another). These
-IP addresses can be configured by by running the script bin/tests/system/
+IP addresses can be configured by running the command bin/tests/system/
 ifconfig.sh up as root.
 Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
--- a/README.md
+++ b/README.md
@ -66,12 +66,12 @@ General bug reports can be sent to
 Feature requests can be sent to
 [bind-suggest@isc.org](mailto:bind-suggest@isc.org).
-Please note that, while ISC's ticketing system is not currently publicly
+Please note that, while tickets submitted to ISC's ticketing system
-readable, this may change in the future.  Please do not include information
+are not initially publicly readable by default, they can be made publicly
-in bug reports that you consider to be confidential. For example, when
+acessible afterward.  Please do not include information in bug reports that
-sending the contents of your configuration file, it is advisable to obscure
+you consider to be confidential. In particular, when sending the contents of
-key secrets; this can be done automatically by using `named-checkconf
+your configuration file, it is advisable to obscure key secrets: this can
-px`.
+be done automatically by using `named-checkconf -px`.
 Professional support and training for BIND are available from
 ISC at [https://www.isc.org/support](https://www.isc.org/support).
@ -85,8 +85,8 @@ may also want to join the __BIND Workers__ mailing list, at
 ### <a name="contrib"/> Contributing to BIND
-A public git repository for BIND is maintained at
+ISC maintains a public git repository for BIND; details can be found
-[http://www.isc.org/git/](http://www.isc.org/git/), and also on Github
+at [http://www.isc.org/git/](http://www.isc.org/git/), and also on Github
 at [https://github.com/isc-projects](https://github.com/isc-projects).
 Information for BIND contributors can be found in the following files:
@ -116,10 +116,8 @@ include:
 * Cached, validated NSEC and other records can now be used to synthesize
  NXDOMAIN responses.
 * The DNS Response Policy Service API (DNSRPS) is now supported.
-* Setting `max-journal-size default` now limits the size of journal files
+* Setting `'max-journal-size default'` now limits the size of journal files
  to twice the size of the zone.
 * The query handling code has been substantially refactored for improved
  readability, maintainability and testability .
 * `dnstap-read -x` prints a hex dump of the wire format of each logged
  DNS message.
 * `dnstap` output files can now be configured to roll automatically when
@ -128,7 +126,7 @@ include:
  8601 (UTC) formats.
 * Logging channels and `dnstap` output files can now be configured to use a
  timestamp as the suffix when rolling to a new file.
-* `named-checkconf -l` lists zones found in `named.conf`.
+* `'named-checkconf -l'` lists zones found in `named.conf`.
 * Added support for the EDNS Padding and Keepalive options.
 * 'new-zones-directory' option sets the location where the configuration
  data for zones added by rndc addzone is stored
@ -195,9 +193,9 @@ performance on smaller systems.
 For the server to support DNSSEC, you need to build it with crypto support.
 To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
 OpenSSL library is installed in a nonstandard location, specify the prefix
-using "--with-openssl=/prefix" on the configure command line. To use a
+using "--with-openssl=&lt;PREFIX&gt;" on the configure command line. To use a
 PKCS#11 hardware service module for cryptographic operations, specify the
-path to the PKCS#11 provider library using "--with-pkcs11=/prefix", and
+path to the PKCS#11 provider library using "--with-pkcs11=&lt;PREFIX&gt;", and
 configure BIND with "--enable-native-pkcs11".
 To support the HTTP statistics channel, the server must be linked with at
@ -220,13 +218,15 @@ libGeoIP. This is not turned on by default; BIND must be configured with
 "--with-geoip". If the library is installed in a nonstandard location, use
 specify the prefix using "--with-geoip=/prefix".
-For DNSTAP packet logging, you must have libfstrm
+For DNSTAP packet logging, you must have installed libfstrm
 [https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
 and libprotobuf-c
 [https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
 and BIND must be configured with "--enable-dnstap".
-Python requires the 'argparse' and 'ply' modules to be available.
+Portions of BIND that are written in Python, including
 `dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
 system tests, require the 'argparse' and 'ply' modules to be available.
 'argparse' is a standard module as of Python 2.7 and Python 3.2.
 'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
@ -260,7 +260,7 @@ localstatedir defaults to `$prefix/var`.
 A system test suite can be run with `make test`.  The system tests require
 you to configure a set of virtual IP addresses on your system (this allows
 multiple servers to run locally and communicate with one another).  These
-IP addresses can be configured by by running the script
+IP addresses can be configured by running the command
 `bin/tests/system/ifconfig.sh up` as root.
 Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@ -646,6 +646,26 @@
                </para>
 	      </listitem>
            </varlistentry>
 	    <varlistentry>
              <listitem>
                <para>
                  If key's sync publication date is set and in the past,
 		  synchronization records (type CDS and/or CDNSKEY) are
 		  created.
                </para>
 	      </listitem>
            </varlistentry>
 	    <varlistentry>
              <listitem>
                <para>
                  If key's sync deletion date is set and in the past,
 		  synchronization records (type CDS and/or CDNSKEY) are
 		  removed.
                </para>
 	      </listitem>
            </varlistentry>
 	 </variablelist>
        </listitem>
      </varlistentry>
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@ -3815,17 +3815,17 @@ notrace</command>. All debugging messages in the server have a debug
 	    <command>print-time</command> can be set to
 	    <userinput>yes</userinput>, <userinput>no</userinput>,
 	    or a time format specifier, which may be one of
-	    <option>local</option>, <option>iso8601</option> or
+	    <userinput>local</userinput>, <userinput>iso8601</userinput> or
-	    <option>iso8601-utc</option>.  If set to
+	    <userinput>iso8601-utc</userinput>.  If set to
 	    <userinput>no</userinput>, then the date and time will
 	    not be logged.  If set to <userinput>yes</userinput>
-	    or <option>local</option>, the date and time are logged
+	    or <userinput>local</userinput>, the date and time are logged
 	    in a human readable format, using the local time zone.
-	    If set to <option>iso8601</option> the local time is
+	    If set to <userinput>iso8601</userinput> the local time is
 	    logged in ISO8601 format.  If set to
-	    <option>iso8601-utc</option>, then the date and time
+	    <userinput>iso8601-utc</userinput>, then the date and time
 	    are logged in ISO8601 format, with time zone set to
-	    UTC. The default is <option>local</option>.
+	    UTC. The default is <userinput>local</userinput>.
 	  </para>
 	  <para>
 	    <command>print-time</command> may
@ -4987,7 +4987,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 	      <para>
 		Specifies the directory in which to store the configuration
 		parameters for zones added via <command>rndc addzone</command>.
-		By default, this is the working directory.
+		By default, this is the working directory. If set to a relative
 		path, it will be relative to the working directory.
 	      </para>
 	    </listitem>
 	  </varlistentry>
@ -5710,12 +5711,14 @@ options {
 	    <listitem>
 	      <para>
 		Specifies the TTL to be returned on stale answers.
-		The default is 1 second. The minimal allowed is
+		The default is 1 second. The minimum allowed is
 		also 1 second; a value of 0 will be updated silently
-		to 1 second.  For stale answers to be returned
+		to 1 second.  For stale answers to be returned,
 		they must be enabled (either in the configuration file
 		using <command>stale-answer-enable</command> or via
 		<command>rndc</command>), and
 		<option>max-stale-ttl</option> must be set to a
-		non zero value and they must not have been disabled
+		nonzero value.
 		by <command>rndc</command>.
 	      </para>
 	    </listitem>
 	  </varlistentry>
@ -6448,17 +6451,21 @@ options {
 	    </varlistentry>
 	    <varlistentry>
-	      <term><command>serve-stale-enable</command></term>
+	      <term><command>stale-answer-enable</command></term>
 	      <listitem>
 		<para>
 		  Enable the returning of stale answers when the
 		  nameservers for the zone are not answering.  This
-		  is off by default but can be enabled/disabled via
+		  is off by default, but can be enabled/disabled via
-		  <command>rndc server-stale on</command> and
+		  <command>rndc serve-stale on</command> and
-		  <command>rndc server-stale off</command> which
+		  <command>rndc serve-stale off</command>, which
-		  override the named.conf setting.  <command>rndc
+		  override the <filename>named.conf</filename>
-		  server-stale reset</command> will restore control
+		  setting.  <command>rndc serve-stale reset</command>
-		  via named.conf.
+		  restores the setting to the one specified in
 		  <filename>named.conf</filename>.  Note that
 		  reloading or reconfiguring <command>named</command>
 		  will not re-enable serving of stale records if they
 		  have been disabled via <command>rndc</command>.
 		</para>
 	      </listitem>
 	    </varlistentry>
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@ -50,10 +50,11 @@
      anything other than the changes you made to our software.
    </para>
    <para>
-      This requirement will not affect anyone who is using BIND
+      This requirement will not affect anyone who is using BIND, with
-      without redistributing it, nor anyone redistributing it without
+      or without modifications, without redistributing it, nor anyone
-      changes, therefore this change will be without consequence
+      redistributing it without changes. Therefore, this change will be
-      for most individuals and organizations who are using BIND.
+      without consequence for most individuals and organizations who are
      using BIND.
    </para>
    <para>
      Those unsure whether or not the license change affects their
@ -65,10 +66,10 @@
    </para>
  </section>
-  <section xml:id="win_support"><info><title>Windows XP No Longer Supported</title></info>
+  <section xml:id="win_support"><info><title>Legacy Windows No Longer Supported</title></info>
    <para>
-      As of BIND 9.11.2, Windows XP is no longer a supported platform for
+      As of BIND 9.11.2, Windows XP and Windows 2003 are no longer supported
-      BIND, and Windows XP binaries are no longer available for download
+      platforms for BIND; "XP" binaries are no longer available for download
      from ISC.
    </para>
  </section>
@ -294,13 +295,14 @@
 	  zone's validated CDS or CDNSKEY records. It can produce a
 	  <filename>dsset</filename> file suitable for input to
 	  <command>dnssec-signzone</command>, or a series of
-	  <command>nsupdate</command> to update the parent zone via dynamic
+	  <command>nsupdate</command> commands to update the parent zone
-	  DNS. Thanks to Tony Finch for the contribution.  [RT #46090]
+	  via dynamic DNS. Thanks to Tony Finch for the contribution.
 	  [RT #46090]
 	</para>
      </listitem>
      <listitem>
 	<para>
-	  <command>nsupdate</command> and <command>rndc</command> now accepts
+	  <command>nsupdate</command> and <command>rndc</command> now accept
 	  command line options <command>-4</command> and <command>-6</command>
 	  which force using only IPv4 or only IPv6, respectively. [RT #45632]
 	</para>
@ -481,13 +483,18 @@
 	  these algorithms must be supported in OpenSSL;
 	  currently they are only available in the development branch
 	  of OpenSSL at
-	  <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://github.com/openssl/openssl">https://github.com/openssl/openssl</link>.
+	  <link xmlns:xlink="http://www.w3.org/1999/xlink"
 	    xlink:href="https://github.com/openssl/openssl">
 	    https://github.com/openssl/openssl</link>.
 	  [RT #44696]
 	</para>
      </listitem>
      <listitem>
 	<para>
-	  EDNS KEY TAG options are verified and printed.
+	  When parsing DNS messages, EDNS KEY TAG options are checked
 	  for correctness. When printing messages (for example, in
 	  <command>dig</command>), EDNS KEY TAG options are printed
 	  in readable format.
 	</para>
      </listitem>
    </itemizedlist>
@ -624,15 +631,6 @@
 	  are now fully rolled back in the event of failure. [RT #45841]
 	</para>
      </listitem>
      <listitem>
 	<para>
 	  Fixed a bug that was introduced in an earlier development
 	  release which caused multi-packet AXFR and IXFR messages to fail
 	  validation if not all packets contained TSIG records; this
 	  caused interoperability problems with some other DNS
 	  implementations. [RT #45509]
 	</para>
      </listitem>
      <listitem>
 	<para>
 	  Multiple <command>cookie-secret</command> clauses are now