mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 14:35:26 +00:00
cleanup trailing white space in SGML like files
This commit is contained in:
106
FAQ.xml
106
FAQ.xml
@@ -17,7 +17,7 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<article xmlns="http://docbook.org/ns/docbook" version="5.0" class="faq">
|
||||
|
||||
|
||||
<info>
|
||||
<copyright>
|
||||
<year>2004</year>
|
||||
@@ -40,9 +40,9 @@
|
||||
</copyright>
|
||||
</info>
|
||||
<qandaset defaultlabel="qanda">
|
||||
|
||||
<qandadiv><title>Compilation and Installation Questions</title>
|
||||
|
||||
|
||||
<qandadiv><title>Compilation and Installation Questions</title>
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -58,7 +58,7 @@
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -67,7 +67,7 @@
|
||||
</question>
|
||||
<answer>
|
||||
<para>
|
||||
Short Answer: No.
|
||||
Short Answer: No.
|
||||
</para>
|
||||
<para>
|
||||
Long Answer: There really isn't a default configuration which fits
|
||||
@@ -90,9 +90,9 @@
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
</qandadiv> <!-- Compilation and Installation Questions -->
|
||||
|
||||
|
||||
<qandadiv><title>Configuration and Setup Questions</title>
|
||||
|
||||
<qandaentry>
|
||||
@@ -122,7 +122,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
|
||||
</informalexample>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<!-- configuration -->
|
||||
<question>
|
||||
@@ -248,7 +248,7 @@ view "chaos" chaos {
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -263,7 +263,7 @@ view "chaos" chaos {
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -356,7 +356,7 @@ Slave 10.0.1.2:
|
||||
</informalexample>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -389,7 +389,7 @@ named-checkzone example.com tmp</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -413,7 +413,7 @@ named-checkzone example.com tmp</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -508,7 +508,7 @@ Master 10.0.1.1:
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -548,7 +548,7 @@ Master 10.0.1.1:
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -600,7 +600,7 @@ zone "example.net" {
|
||||
</informalexample>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -691,9 +691,9 @@ server ::/0 { bogus yes; };
|
||||
</programlisting>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
</qandadiv> <!-- Configuration and Setup Questions -->
|
||||
|
||||
|
||||
<qandadiv><title>Operations Questions</title>
|
||||
|
||||
<qandaentry>
|
||||
@@ -765,7 +765,7 @@ server ::/0 { bogus yes; };
|
||||
</qandadiv> <!-- Operations Questions -->
|
||||
|
||||
<qandadiv><title>General Questions</title>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -810,7 +810,7 @@ server ::/0 { bogus yes; };
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -845,7 +845,7 @@ server ::/0 { bogus yes; };
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -863,7 +863,7 @@ server ::/0 { bogus yes; };
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -879,7 +879,7 @@ server ::/0 { bogus yes; };
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -906,7 +906,7 @@ serial-query-rate 5; // default 20</programlisting>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry>
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
I don't get RRSIG's returned when I use "dig +dnssec".
|
||||
@@ -918,7 +918,7 @@ serial-query-rate 5; // default 20</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1002,7 +1002,7 @@ empty:
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1079,7 +1079,7 @@ empty:
|
||||
</qandaentry>
|
||||
|
||||
</qandadiv> <!-- General Questions -->
|
||||
|
||||
|
||||
<qandadiv><title>Operating-System Specific Questions</title>
|
||||
|
||||
<qandadiv><title>HPUX</title>
|
||||
@@ -1109,9 +1109,9 @@ configure: error: need either working unistd.h or sys/select.h</programlisting>
|
||||
</qandadiv> <!-- HPUX -->
|
||||
|
||||
<qandadiv><title>Linux</title>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<question>
|
||||
<para>
|
||||
Why do I get the following errors:
|
||||
<programlisting>general: errno2result.c:109: unexpected error:
|
||||
@@ -1174,7 +1174,7 @@ echo "1" > proc/sys/net/core/xfrm_larval_drop</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1193,7 +1193,7 @@ echo "1" > proc/sys/net/core/xfrm_larval_drop</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1214,7 +1214,7 @@ modprobe capability</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1274,7 +1274,7 @@ $ROOTDIR/var/tmp
|
||||
able to write or create files except in the directories
|
||||
above, with SELinux in Enforcing mode.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
So, to allow named to update slave or DDNS zone files,
|
||||
it is best to locate them in $ROOTDIR/var/named/slaves,
|
||||
@@ -1285,7 +1285,7 @@ zone "slave.zone." IN {
|
||||
type slave;
|
||||
file "slaves/slave.zone.db";
|
||||
...
|
||||
};
|
||||
};
|
||||
zone "ddns.zone." IN {
|
||||
type master;
|
||||
allow-updates {...};
|
||||
@@ -1318,13 +1318,13 @@ options {
|
||||
system-config-securitylevel GUI, using the 'setsebool'
|
||||
command, or in /etc/selinux/targeted/booleans.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
You can disable SELinux protection for named entirely by
|
||||
setting the 'named_disable_trans=1' SELinux tunable boolean
|
||||
parameter.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
The SELinux named policy defines these SELinux contexts for named:
|
||||
<informalexample>
|
||||
@@ -1335,7 +1335,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
|
||||
</programlisting>
|
||||
</informalexample>
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
If you want to retain use of the SELinux policy for named,
|
||||
and put named files in different locations, you can do
|
||||
@@ -1353,7 +1353,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
|
||||
</programlisting>
|
||||
</informalexample>
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
To create a custom modifiable named data location, e.g.
|
||||
'/var/log/named' for a log file, do:
|
||||
@@ -1363,7 +1363,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
|
||||
</programlisting>
|
||||
</informalexample>
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
To create a custom zone file location, e.g. /root/zones/, do:
|
||||
<informalexample>
|
||||
@@ -1372,7 +1372,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
|
||||
</programlisting>
|
||||
</informalexample>
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
See these man-pages for more information : selinux(8),
|
||||
named_selinux(8), chcon(1), setsebool(8)
|
||||
@@ -1433,11 +1433,11 @@ proc /var/named/proc proc defaults 0 0</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
</qandadiv> <!-- Linux -->
|
||||
|
||||
|
||||
<qandadiv><title>Windows</title>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1458,7 +1458,7 @@ proc /var/named/proc proc defaults 0 0</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1484,11 +1484,11 @@ options {
|
||||
</informalexample>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
</qandadiv> <!-- Windows -->
|
||||
|
||||
|
||||
<qandadiv><title>FreeBSD</title>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1513,11 +1513,11 @@ rand_irqs="3 14 15"</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
</qandadiv> <!-- FreeBSD -->
|
||||
|
||||
|
||||
<qandadiv><title>Solaris</title>
|
||||
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>
|
||||
@@ -1535,7 +1535,7 @@ rand_irqs="3 14 15"</programlisting>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
||||
</qandadiv> <!-- Solaris -->
|
||||
|
||||
<qandadiv><title>Apple Mac OS X</title>
|
||||
@@ -1601,7 +1601,7 @@ key "rndc-key" {
|
||||
</qandaentry>
|
||||
|
||||
</qandadiv> <!-- Apple Mac OS X -->
|
||||
|
||||
|
||||
</qandadiv> <!-- Operating-System Specific Questions -->
|
||||
|
||||
</qandaset>
|
||||
|
@@ -71,7 +71,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>named-checkconf</command>
|
||||
checks the syntax, but not the semantics, of a
|
||||
<command>named</command> configuration file. The file is parsed
|
||||
@@ -92,7 +92,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -184,7 +184,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para><command>named-checkconf</command>
|
||||
returns an exit status of 1 if
|
||||
errors were detected and 0 otherwise.
|
||||
@@ -192,7 +192,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -122,7 +122,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>named-checkzone</command>
|
||||
checks the syntax and integrity of a zone file. It performs the
|
||||
same checks as <command>named</command> does when loading a
|
||||
@@ -143,7 +143,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -387,7 +387,7 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Check for records that are treated as different by DNSSEC but
|
||||
are semantically equal in plain DNS.
|
||||
are semantically equal in plain DNS.
|
||||
Possible modes are <command>"fail"</command>,
|
||||
<command>"warn"</command> (default) and
|
||||
<command>"ignore"</command>.
|
||||
@@ -511,7 +511,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para><command>named-checkzone</command>
|
||||
returns an exit status of 1 if
|
||||
errors were detected and 0 otherwise.
|
||||
@@ -519,12 +519,12 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
<citerefentry>
|
||||
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
|
||||
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
<citetitle>RFC 1035</citetitle>,
|
||||
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
|
||||
|
@@ -67,7 +67,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>tsig-keygen</command> and <command>ddns-confgen</command>
|
||||
are invocation methods for a utility that generates keys for use
|
||||
@@ -99,7 +99,7 @@
|
||||
local DDNS key for use with <command>nsupdate -l</command>:
|
||||
it does this when a zone is configured with
|
||||
<command>update-policy local;</command>.
|
||||
<command>ddns-confgen</command> is only needed when a
|
||||
<command>ddns-confgen</command> is only needed when a
|
||||
more elaborate configuration is required: for instance,
|
||||
if <command>nsupdate</command> is to be used from a remote
|
||||
system.
|
||||
@@ -107,7 +107,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -215,7 +215,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -72,7 +72,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>rndc-confgen</command>
|
||||
generates configuration files
|
||||
for <command>rndc</command>. It can be used as a
|
||||
@@ -90,7 +90,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -259,7 +259,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>EXAMPLES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
To allow <command>rndc</command> to be used with
|
||||
no manual configuration, run
|
||||
@@ -277,7 +277,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -85,7 +85,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>delv</command>
|
||||
(Domain Entity Lookup & Validation) is a tool for sending
|
||||
DNS queries and validating the results, using the same internal
|
||||
@@ -129,7 +129,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SIMPLE USAGE</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
A typical invocation of <command>delv</command> looks like:
|
||||
@@ -196,7 +196,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
@@ -398,7 +398,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>QUERY OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para><command>delv</command>
|
||||
provides a number of query options which affect the way results are
|
||||
@@ -585,7 +585,7 @@
|
||||
<listitem>
|
||||
<para>
|
||||
Set or clear the display options
|
||||
<option>+[no]comments</option>,
|
||||
<option>+[no]comments</option>,
|
||||
<option>+[no]rrcomments</option>, and
|
||||
<option>+[no]trust</option> as a group.
|
||||
</para>
|
||||
@@ -668,13 +668,13 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para><filename>/etc/bind.keys</filename></para>
|
||||
<para><filename>/etc/resolv.conf</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -98,7 +98,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dig</command>
|
||||
(domain information groper) is a flexible tool
|
||||
for interrogating DNS name servers. It performs DNS lookups and
|
||||
@@ -144,7 +144,7 @@
|
||||
<para>
|
||||
The IN and CH class names overlap with the IN and CH top level
|
||||
domain names. Either use the <option>-t</option> and
|
||||
<option>-c</option> options to specify the type and class,
|
||||
<option>-c</option> options to specify the type and class,
|
||||
use the <option>-q</option> the specify the domain name, or
|
||||
use "IN." and "CH." when looking up these top level domains.
|
||||
</para>
|
||||
@@ -152,7 +152,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SIMPLE USAGE</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
A typical invocation of <command>dig</command> looks like:
|
||||
@@ -218,7 +218,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -421,7 +421,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>QUERY OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para><command>dig</command>
|
||||
provides a number of query options which affect
|
||||
@@ -1160,7 +1160,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>MULTIPLE QUERIES</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
The BIND 9 implementation of <command>dig </command>
|
||||
@@ -1209,7 +1209,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>IDN SUPPORT</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
If <command>dig</command> has been built with IDN (internationalized
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
@@ -1218,13 +1218,13 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
reply from the server.
|
||||
If you'd like to turn off the IDN support for some reason, defines
|
||||
the <envar>IDN_DISABLE</envar> environment variable.
|
||||
The IDN support is disabled if the variable is set when
|
||||
The IDN support is disabled if the variable is set when
|
||||
<command>dig</command> runs.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para><filename>/etc/resolv.conf</filename>
|
||||
</para>
|
||||
<para><filename>${HOME}/.digrc</filename>
|
||||
@@ -1232,7 +1232,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>,
|
||||
@@ -1247,7 +1247,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>BUGS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
There are probably too many query options.
|
||||
</para>
|
||||
|
@@ -77,7 +77,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><command>host</command>
|
||||
is a simple utility for performing DNS lookups.
|
||||
@@ -240,7 +240,7 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The <option>-s</option> option tells <command>host</command>
|
||||
The <option>-s</option> option tells <command>host</command>
|
||||
<emphasis>not</emphasis> to send the query to the next nameserver
|
||||
if any server responds with a SERVFAIL response, which is the
|
||||
reverse of normal stub resolver behavior.
|
||||
@@ -260,10 +260,10 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>IDN SUPPORT</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
If <command>host</command> has been built with IDN (internationalized
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
<command>host</command> appropriately converts character encoding of
|
||||
domain name before sending a request to DNS server or displaying a
|
||||
reply from the server.
|
||||
|
@@ -87,7 +87,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>Nslookup</command>
|
||||
is a program to query Internet domain name servers. <command>Nslookup</command>
|
||||
has two modes: interactive and non-interactive. Interactive mode allows
|
||||
@@ -100,7 +100,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Interactive mode is entered in the following cases:
|
||||
<orderedlist numeration="loweralpha" inheritnum="ignore" continuation="restarts">
|
||||
@@ -144,7 +144,7 @@ nslookup -query=hinfo -timeout=10
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>INTERACTIVE COMMANDS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><constant>host</constant> <optional>server</optional></term>
|
||||
@@ -480,13 +480,13 @@ nslookup -query=hinfo -timeout=10
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para><filename>/etc/resolv.conf</filename>
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -84,7 +84,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-dsfromkey</command>
|
||||
outputs the Delegation Signer (DS) resource record (RR), as defined in
|
||||
RFC 3658 and RFC 4509, for the given key(s).
|
||||
@@ -92,7 +92,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -183,7 +183,7 @@
|
||||
<para>
|
||||
Include ZSKs when generating DS records. Without this option,
|
||||
only keys which have the KSK flag set will be converted to DS
|
||||
records and printed. Useful only in zone file mode.
|
||||
records and printed. Useful only in zone file mode.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -252,7 +252,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>EXAMPLE</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
To build the SHA-256 DS RR from the
|
||||
<userinput>Kexample.com.+003+26160</userinput>
|
||||
@@ -268,7 +268,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The keyfile can be designed by the key identification
|
||||
<filename>Knnnn.+aaa+iiiii</filename> or the full file name
|
||||
@@ -283,14 +283,14 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>CAVEAT</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
A keyfile error can give a "file not found" even if the file exists.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -71,7 +71,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-importkey</command>
|
||||
reads a public DNSKEY record and generates a pair of
|
||||
.key/.private files. The DNSKEY record may be read from an
|
||||
@@ -92,7 +92,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -110,7 +110,7 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-K <replaceable class="parameter">directory</replaceable></term>
|
||||
<listitem>
|
||||
@@ -142,7 +142,7 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-v <replaceable class="parameter">level</replaceable></term>
|
||||
<listitem>
|
||||
@@ -165,7 +165,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>TIMING OPTIONS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@@ -205,7 +205,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
A keyfile can be designed by the key identification
|
||||
<filename>Knnnn.+aaa+iiiii</filename> or the full file name
|
||||
@@ -215,7 +215,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -79,7 +79,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-keyfromlabel</command>
|
||||
generates a key pair of files that referencing a key object stored
|
||||
in a cryptographic hardware service module (HSM). The private key
|
||||
@@ -96,7 +96,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -364,7 +364,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>TIMING OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
@@ -450,7 +450,7 @@
|
||||
</para>
|
||||
<para>
|
||||
If the key is being created as an explicit successor to another
|
||||
key, then the default prepublication interval is 30 days;
|
||||
key, then the default prepublication interval is 30 days;
|
||||
otherwise it is zero.
|
||||
</para>
|
||||
<para>
|
||||
@@ -467,7 +467,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>GENERATED KEY FILES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
When <command>dnssec-keyfromlabel</command> completes
|
||||
successfully,
|
||||
@@ -491,7 +491,7 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para><command>dnssec-keyfromlabel</command>
|
||||
<para><command>dnssec-keyfromlabel</command>
|
||||
creates two files, with names based
|
||||
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
|
||||
contains the public key, and
|
||||
@@ -513,7 +513,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -96,7 +96,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-keygen</command>
|
||||
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
|
||||
and RFC 4034. It can also generate keys for use with
|
||||
@@ -111,7 +111,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -441,7 +441,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>TIMING OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
@@ -529,7 +529,7 @@
|
||||
</para>
|
||||
<para>
|
||||
If the key is being created as an explicit successor to another
|
||||
key, then the default prepublication interval is 30 days;
|
||||
key, then the default prepublication interval is 30 days;
|
||||
otherwise it is zero.
|
||||
</para>
|
||||
<para>
|
||||
@@ -547,7 +547,7 @@
|
||||
|
||||
|
||||
<refsection><info><title>GENERATED KEYS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
When <command>dnssec-keygen</command> completes
|
||||
successfully,
|
||||
@@ -572,7 +572,7 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para><command>dnssec-keygen</command>
|
||||
<para><command>dnssec-keygen</command>
|
||||
creates two files, with names based
|
||||
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
|
||||
contains the public key, and
|
||||
@@ -600,7 +600,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>EXAMPLE</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
To generate a 768-bit DSA key for the domain
|
||||
<userinput>example.com</userinput>, the following command would be
|
||||
@@ -622,7 +622,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -60,7 +60,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-revoke</command>
|
||||
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
|
||||
in RFC 5011, and creates a new pair of key files containing the
|
||||
@@ -69,7 +69,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -80,7 +80,7 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-K <replaceable class="parameter">directory</replaceable></term>
|
||||
<listitem>
|
||||
@@ -159,7 +159,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -66,7 +66,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-settime</command>
|
||||
reads a DNSSEC private key file and sets the key timing metadata
|
||||
as specified by the <option>-P</option>, <option>-A</option>,
|
||||
@@ -93,7 +93,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -105,13 +105,13 @@
|
||||
fail when attempting to update a legacy key. With this option,
|
||||
the key will be recreated in the new format, but with the
|
||||
original key data retained. The key's creation date will be
|
||||
set to the present time. If no other values are specified,
|
||||
then the key's publication and activation dates will also
|
||||
set to the present time. If no other values are specified,
|
||||
then the key's publication and activation dates will also
|
||||
be set to the present time.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-K <replaceable class="parameter">directory</replaceable></term>
|
||||
<listitem>
|
||||
@@ -145,7 +145,7 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry>
|
||||
<term>-V</term>
|
||||
<listitem>
|
||||
@@ -184,7 +184,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>TIMING OPTIONS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@@ -281,7 +281,7 @@
|
||||
</para>
|
||||
<para>
|
||||
If the key is being set to be an explicit successor to another
|
||||
key, then the default prepublication interval is 30 days;
|
||||
key, then the default prepublication interval is 30 days;
|
||||
otherwise it is zero.
|
||||
</para>
|
||||
<para>
|
||||
@@ -297,7 +297,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>PRINTING OPTIONS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>dnssec-settime</command> can also be used to print the
|
||||
timing metadata associated with a key.
|
||||
@@ -335,7 +335,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -107,7 +107,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-signzone</command>
|
||||
signs a zone. It generates
|
||||
NSEC and RRSIG records and produces a signed version of the
|
||||
@@ -119,7 +119,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -174,7 +174,7 @@
|
||||
(<option>-S</option>) is used, DNSKEY records are also
|
||||
included. The resulting file can be included in the original
|
||||
zone file with <command>$INCLUDE</command>. This option
|
||||
cannot be combined with <option>-O raw</option>,
|
||||
cannot be combined with <option>-O raw</option>,
|
||||
<option>-O map</option>, or serial number updating.
|
||||
</para>
|
||||
</listitem>
|
||||
@@ -551,7 +551,7 @@
|
||||
<para>
|
||||
Normally, when a previously-signed zone is passed as input
|
||||
to the signer, and a DNSKEY record has been removed and
|
||||
replaced with a new one, signatures from the old key
|
||||
replaced with a new one, signatures from the old key
|
||||
that are still within their validity period are retained.
|
||||
This allows the zone to continue to validate with cached
|
||||
copies of the old DNSKEY RRset. The <option>-Q</option>
|
||||
@@ -632,7 +632,7 @@
|
||||
<para>
|
||||
If the key's activation date is set and in the past, the
|
||||
key is published (regardless of publication date) and
|
||||
used to sign the zone.
|
||||
used to sign the zone.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -800,7 +800,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>EXAMPLE</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The following command signs the <userinput>example.com</userinput>
|
||||
zone with the DSA key generated by <command>dnssec-keygen</command>
|
||||
@@ -831,7 +831,7 @@ db.example.com.signed
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -60,7 +60,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-verify</command>
|
||||
verifies that a zone is fully signed for each algorithm found
|
||||
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
|
||||
@@ -69,7 +69,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -192,7 +192,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -49,7 +49,7 @@
|
||||
|
||||
function loadGraphs(){
|
||||
var g;
|
||||
|
||||
|
||||
while(g = graphs.shift()){
|
||||
// alert("going for: " + g.target);
|
||||
if(g.data.length > 1){
|
||||
@@ -59,7 +59,7 @@
|
||||
}
|
||||
|
||||
<xsl:if test="server/counters[@type="qtype"]/counter">
|
||||
// Server Incoming Query Types
|
||||
// Server Incoming Query Types
|
||||
graphs.push({
|
||||
'title' : "Server Incoming Query Types",
|
||||
'target': 'chart_incoming_qtypes',
|
||||
@@ -67,7 +67,7 @@
|
||||
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type="qtype"]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
|
||||
});
|
||||
</xsl:if>
|
||||
|
||||
|
||||
<xsl:if test="server/counters[@type="opcode"]/counter">
|
||||
// Server Incoming Requests by opcode
|
||||
graphs.push({
|
||||
|
@@ -77,7 +77,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><command>lwresd</command>
|
||||
is the daemon providing name lookup
|
||||
@@ -87,7 +87,7 @@
|
||||
resolver protocol rather than the DNS protocol.
|
||||
</para>
|
||||
|
||||
<para><command>lwresd</command>
|
||||
<para><command>lwresd</command>
|
||||
listens for resolver queries on a
|
||||
UDP port on the IPv4 loopback interface, 127.0.0.1. This
|
||||
means that <command>lwresd</command> can only be used by
|
||||
@@ -115,7 +115,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
|
||||
@@ -217,7 +217,7 @@
|
||||
<replaceable class="parameter">trace</replaceable>,
|
||||
<replaceable class="parameter">record</replaceable>,
|
||||
<replaceable class="parameter">size</replaceable>, and
|
||||
<replaceable class="parameter">mctx</replaceable>.
|
||||
<replaceable class="parameter">mctx</replaceable>.
|
||||
These correspond to the ISC_MEM_DEBUGXXXX flags described in
|
||||
<filename><isc/mem.h></filename>.
|
||||
</para>
|
||||
@@ -324,7 +324,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
|
||||
@@ -351,7 +351,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -60,7 +60,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><filename>named.conf</filename> is the configuration file
|
||||
for
|
||||
<command>named</command>. Statements are enclosed
|
||||
@@ -80,7 +80,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ACL</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
|
||||
|
||||
@@ -88,7 +88,7 @@ acl <replaceable>string</replaceable> { <replaceable>address_match_element</repl
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>KEY</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
key <replaceable>domain_name</replaceable> {
|
||||
algorithm <replaceable>string</replaceable>;
|
||||
@@ -98,7 +98,7 @@ key <replaceable>domain_name</replaceable> {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>MASTERS</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
|
||||
( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
|
||||
@@ -108,7 +108,7 @@ masters <replaceable>string</replaceable> <optional> port <replaceable>integer</
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SERVER</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
|
||||
bogus <replaceable>boolean</replaceable>;
|
||||
@@ -132,7 +132,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>TRUSTED-KEYS</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
trusted-keys {
|
||||
<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
|
||||
@@ -141,7 +141,7 @@ trusted-keys {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>MANAGED-KEYS</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
managed-keys {
|
||||
<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
|
||||
@@ -150,7 +150,7 @@ managed-keys {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>CONTROLS</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
controls {
|
||||
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
|
||||
@@ -163,7 +163,7 @@ controls {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>LOGGING</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
logging {
|
||||
channel <replaceable>string</replaceable> {
|
||||
@@ -182,7 +182,7 @@ logging {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>LWRES</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
lwres {
|
||||
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
|
||||
@@ -198,7 +198,7 @@ lwres {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
options {
|
||||
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
|
||||
@@ -413,7 +413,7 @@ options {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>VIEW</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
|
||||
match-clients { <replaceable>address_match_element</replaceable>; ... };
|
||||
@@ -583,7 +583,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ZONE</title></info>
|
||||
|
||||
|
||||
<literallayout class="normal">
|
||||
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
|
||||
type ( master | slave | stub | hint | redirect |
|
||||
@@ -681,13 +681,13 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para><filename>/etc/named.conf</filename>
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -87,7 +87,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>named</command>
|
||||
is a Domain Name System (DNS) server,
|
||||
part of the BIND 9 distribution from ISC. For more
|
||||
@@ -103,7 +103,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -436,7 +436,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SIGNALS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
In routine operation, signals should not be used to control
|
||||
the nameserver; <command>rndc</command> should be used
|
||||
@@ -472,7 +472,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>CONFIGURATION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The <command>named</command> configuration file is too complex
|
||||
to describe in detail here. A complete description is provided
|
||||
@@ -492,7 +492,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
|
||||
@@ -519,7 +519,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citetitle>RFC 1033</citetitle>,
|
||||
<citetitle>RFC 1034</citetitle>,
|
||||
<citetitle>RFC 1035</citetitle>,
|
||||
|
@@ -85,7 +85,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>nsupdate</command>
|
||||
is used to submit Dynamic DNS Update requests as defined in RFC 2136
|
||||
to a name server.
|
||||
@@ -144,7 +144,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -353,7 +353,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>INPUT FORMAT</title></info>
|
||||
|
||||
|
||||
<para><command>nsupdate</command>
|
||||
reads input from
|
||||
<parameter>filename</parameter>
|
||||
@@ -785,7 +785,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>EXAMPLES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The examples below show how
|
||||
<command>nsupdate</command>
|
||||
@@ -836,7 +836,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -885,7 +885,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citetitle>RFC 2136</citetitle>,
|
||||
<citetitle>RFC 3007</citetitle>,
|
||||
@@ -907,7 +907,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>BUGS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The TSIG key is redundantly stored in two separate files.
|
||||
This is a consequence of nsupdate using the DST library
|
||||
|
@@ -59,7 +59,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>pkcs11-destroy</command> destroys keys stored in a
|
||||
PKCS#11 device, identified by their <option>ID</option> or
|
||||
@@ -73,7 +73,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-m <replaceable class="parameter">module</replaceable></term>
|
||||
@@ -138,7 +138,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -62,7 +62,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>pkcs11-keygen</command> causes a PKCS#11 device to generate
|
||||
a new key pair with the given <option>label</option> (which must be
|
||||
@@ -71,7 +71,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-a <replaceable class="parameter">algorithm</replaceable></term>
|
||||
@@ -185,7 +185,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -57,7 +57,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>pkcs11-list</command>
|
||||
lists the PKCS#11 objects with <option>ID</option> or
|
||||
@@ -66,7 +66,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-P</term>
|
||||
@@ -130,7 +130,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -51,7 +51,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>pkcs11-tokens</command>
|
||||
lists the PKCS#11 available tokens with defaults from the slot/token
|
||||
@@ -60,7 +60,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-m <replaceable class="parameter">module</replaceable></term>
|
||||
@@ -76,7 +76,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -65,7 +65,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-checkds</command>
|
||||
verifies the correctness of Delegation Signer (DS) or DNSSEC
|
||||
Lookaside Validation (DLV) resource records for keys in a specified
|
||||
@@ -74,7 +74,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -92,7 +92,7 @@
|
||||
<term>-l <replaceable class="parameter">domain</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Check for a DLV record in the specified lookaside domain,
|
||||
Check for a DLV record in the specified lookaside domain,
|
||||
instead of checking for a DS record in the zone's parent.
|
||||
For example, to check for DLV records for "example.com"
|
||||
in ISC's DLV zone, use:
|
||||
@@ -124,7 +124,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -61,7 +61,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>dnssec-coverage</command>
|
||||
verifies that the DNSSEC keys for a given zone or a set of zones
|
||||
have timing metadata set properly to ensure no future lapses in DNSSEC
|
||||
@@ -90,7 +90,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -122,7 +122,7 @@
|
||||
<para>
|
||||
The length of time to check for DNSSEC coverage. Key events
|
||||
scheduled further into the future than <option>duration</option>
|
||||
will be ignored, and assumed to be correct.
|
||||
will be ignored, and assumed to be correct.
|
||||
</para>
|
||||
<para>
|
||||
The value of <option>duration</option> can be set in seconds,
|
||||
@@ -243,7 +243,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>dnssec-checkds</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -60,7 +60,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><filename>rndc.conf</filename> is the configuration file
|
||||
for <command>rndc</command>, the BIND 9 name server control
|
||||
utility. This file has a similar structure and syntax to
|
||||
@@ -147,7 +147,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>EXAMPLE</title></info>
|
||||
|
||||
|
||||
|
||||
<para><programlisting>
|
||||
options {
|
||||
@@ -219,7 +219,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>NAME SERVER CONFIGURATION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The name server must be configured to accept rndc connections and
|
||||
to recognize the key specified in the <filename>rndc.conf</filename>
|
||||
@@ -230,7 +230,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -70,7 +70,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>rndc</command>
|
||||
controls the operation of a name
|
||||
server. It supersedes the <command>ndc</command> utility
|
||||
@@ -102,7 +102,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -226,7 +226,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>COMMANDS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
A list of commands supported by <command>rndc</command> can
|
||||
be seen by running <command>rndc</command> without arguments.
|
||||
@@ -745,7 +745,7 @@
|
||||
operations (such as signing or generating
|
||||
NSEC3 chains) is stored in the zone in the form
|
||||
of DNS resource records of type
|
||||
<command>sig-signing-type</command>.
|
||||
<command>sig-signing-type</command>.
|
||||
<command>rndc signing -list</command> converts
|
||||
these records into a human-readable form,
|
||||
indicating which keys are currently signing
|
||||
@@ -771,7 +771,7 @@
|
||||
flags, iterations, and salt, in that order.
|
||||
</para>
|
||||
<para>
|
||||
Currently, the only defined value for hash algorithm
|
||||
Currently, the only defined value for hash algorithm
|
||||
is <literal>1</literal>, representing SHA-1.
|
||||
The <option>flags</option> may be set to
|
||||
<literal>0</literal> or <literal>1</literal>,
|
||||
@@ -964,7 +964,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>LIMITATIONS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
There is currently no way to provide the shared secret for a
|
||||
<option>key_id</option> without using the configuration file.
|
||||
@@ -975,7 +975,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -51,7 +51,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>arpaname</command> translates IP addresses (IPv4 and
|
||||
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
|
||||
@@ -59,7 +59,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
|
||||
</para>
|
||||
|
@@ -53,7 +53,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>dnstap-read</command>
|
||||
reads <command>dnstap</command> data from a specified file
|
||||
@@ -65,7 +65,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@@ -102,7 +102,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -56,7 +56,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>genrandom</command>
|
||||
generates a file or a set of files containing a specified quantity
|
||||
@@ -66,7 +66,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>-n <replaceable class="parameter">number</replaceable></term>
|
||||
@@ -99,7 +99,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>rand</refentrytitle><manvolnum>3</manvolnum>
|
||||
|
@@ -54,7 +54,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
|
||||
HMAC-SHA* TSIG keys which were longer than the digest length of the
|
||||
@@ -81,7 +81,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SECURITY CONSIDERATIONS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Secrets that have been converted by <command>isc-hmac-fixup</command>
|
||||
are shortened, but as this is how the HMAC protocol works in
|
||||
@@ -93,7 +93,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
|
||||
<citetitle>RFC 2104</citetitle>.
|
||||
|
@@ -77,7 +77,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>mdig</command>
|
||||
is a multiple/pipelined query version of <command>dig</command>:
|
||||
instead of waiting for a response after sending each query,
|
||||
@@ -126,7 +126,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ANYWHERE OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
The <option>-f</option> option makes <command>mdig</command>
|
||||
@@ -149,7 +149,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>GLOBAL OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
The <option>-4</option> option forces <command>mdig</command> to
|
||||
@@ -390,7 +390,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>LOCAL OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
The <option>-c</option> option sets the query class to
|
||||
@@ -653,7 +653,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -52,14 +52,14 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>named-journalprint</command>
|
||||
prints the contents of a zone journal file in a human-readable
|
||||
form.
|
||||
form.
|
||||
</para>
|
||||
<para>
|
||||
Journal files are automatically created by <command>named</command>
|
||||
Journal files are automatically created by <command>named</command>
|
||||
when changes are made to dynamic zones (e.g., by
|
||||
<command>nsupdate</command>). They record each addition
|
||||
or deletion of a resource record, in binary format, allowing the
|
||||
@@ -79,7 +79,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
||||
|
@@ -56,7 +56,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>named-rrchecker</command>
|
||||
read a individual DNS resource record from standard input and checks if it
|
||||
is syntactically correct.
|
||||
@@ -85,7 +85,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citetitle>RFC 1034</citetitle>,
|
||||
<citetitle>RFC 1035</citetitle>,
|
||||
|
@@ -55,7 +55,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<command>nsec3hash</command> generates an NSEC3 hash based on
|
||||
a set of NSEC3 parameters. This can be used to check the validity
|
||||
@@ -64,7 +64,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>ARGUMENTS</title></info>
|
||||
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>salt</term>
|
||||
@@ -108,7 +108,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
|
||||
<citetitle>RFC 5155</citetitle>.
|
||||
|
@@ -1819,7 +1819,7 @@ nameserver 172.16.72.4
|
||||
<para>
|
||||
TSIG keys can be generated using the <command>tsig-keygen</command>
|
||||
command; the output of the command is a <command>key</command> directive
|
||||
suitable for inclusion in <filename>named.conf</filename>. The
|
||||
suitable for inclusion in <filename>named.conf</filename>. The
|
||||
key name, algorithm and size can be specified by command line parameters;
|
||||
the defaults are "tsig-key", HMAC-SHA256, and 256 bits, respectively.
|
||||
</para>
|
||||
@@ -1899,7 +1899,7 @@ key "host1-host2." {
|
||||
signed using the specified key. Keys may also be specified
|
||||
in the <command>also-notify</command> statement of a master
|
||||
or slave zone, causing NOTIFY messages to be signed using
|
||||
the specified key.
|
||||
the specified key.
|
||||
</para>
|
||||
<para>
|
||||
Keys can also be specified in a <command>server</command>
|
||||
@@ -2004,7 +2004,7 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
|
||||
<para>
|
||||
The TKEY process is initiated by a client or server by sending
|
||||
a query of type TKEY to a TKEY-aware server. The query must include
|
||||
an appropriate KEY record in the additional section, and
|
||||
an appropriate KEY record in the additional section, and
|
||||
must be signed using either TSIG or SIG(0) with a previously
|
||||
established key. The server's response, if successful, will
|
||||
contain a TKEY record in its answer section. After this transaction,
|
||||
@@ -4809,11 +4809,11 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
event payloads which are encoded using Protocol Buffers
|
||||
(<command>libprotobuf-c</command>, a mechanism for
|
||||
serializing structured data developed
|
||||
by Google, Inc.; see
|
||||
by Google, Inc.; see
|
||||
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://developers.google.com/protocol-buffers/">https://developers.google.com/protocol-buffers</link>).
|
||||
</para>
|
||||
<para>
|
||||
To enable <command>dnstap</command> at compile time,
|
||||
To enable <command>dnstap</command> at compile time,
|
||||
the <command>fstrm</command> and <command>protobuf-c</command>
|
||||
libraries must be available, and BIND must be configured with
|
||||
<option>--enable-dnstap</option>.
|
||||
|
@@ -16,7 +16,7 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dlz-info"><info><title>DLZ (Dynamically Loadable Zones)</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
DLZ (Dynamically Loadable Zones) is an extension to BIND 9 that allows
|
||||
zone data to be retrieved directly from an external database. There is
|
||||
@@ -55,7 +55,7 @@
|
||||
</para>
|
||||
|
||||
<section><info><title>Configuring DLZ</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
A DLZ database is configured with a <command>dlz</command>
|
||||
statement in <filename>named.conf</filename>:
|
||||
@@ -103,7 +103,7 @@
|
||||
</screen>
|
||||
</section>
|
||||
<section><info><title>Sample DLZ Driver</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
For guidance in implementation of DLZ modules, the directory
|
||||
<filename>contrib/dlz/example</filename> contains a basic
|
||||
|
@@ -16,23 +16,23 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dnssec.dynamic.zones"><info><title>DNSSEC, Dynamic Zones, and Automatic Signing</title></info>
|
||||
|
||||
|
||||
<para>As of BIND 9.7.0 it is possible to change a dynamic zone
|
||||
from insecure to signed and back again. A secure zone can use
|
||||
either NSEC or NSEC3 chains.</para>
|
||||
<section><info><title>Converting from insecure to secure</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>Changing a zone from insecure to secure can be done in two
|
||||
ways: using a dynamic DNS update, or the
|
||||
ways: using a dynamic DNS update, or the
|
||||
<command>auto-dnssec</command> zone option.</para>
|
||||
<para>For either method, you need to configure
|
||||
<command>named</command> so that it can see the
|
||||
<para>For either method, you need to configure
|
||||
<command>named</command> so that it can see the
|
||||
<filename>K*</filename> files which contain the public and private
|
||||
parts of the keys that will be used to sign the zone. These files
|
||||
will have been generated by
|
||||
will have been generated by
|
||||
<command>dnssec-keygen</command>. You can do this by placing them
|
||||
in the key-directory, as specified in
|
||||
in the key-directory, as specified in
|
||||
<filename>named.conf</filename>:</para>
|
||||
<programlisting>
|
||||
zone example.net {
|
||||
@@ -48,7 +48,7 @@
|
||||
well. An NSEC chain will be generated as part of the initial
|
||||
signing process.</para>
|
||||
<section><info><title>Dynamic DNS update method</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>To insert the keys via dynamic update:</para>
|
||||
<screen>
|
||||
@@ -59,7 +59,7 @@
|
||||
> send
|
||||
</screen>
|
||||
<para>While the update request will complete almost immediately,
|
||||
the zone will not be completely signed until
|
||||
the zone will not be completely signed until
|
||||
<command>named</command> has had time to walk the zone and
|
||||
generate the NSEC and RRSIG records. The NSEC record at the apex
|
||||
will be added last, to signal that there is a complete NSEC
|
||||
@@ -77,7 +77,7 @@
|
||||
> send
|
||||
</screen>
|
||||
<para>Again, this update request will complete almost
|
||||
immediately; however, the record won't show up until
|
||||
immediately; however, the record won't show up until
|
||||
<command>named</command> has had a chance to build/remove the
|
||||
relevant chain. A private type record will be created to record
|
||||
the state of the operation (see below for more details), and will
|
||||
@@ -85,19 +85,19 @@
|
||||
<para>While the initial signing and NSEC/NSEC3 chain generation
|
||||
is happening, other updates are possible as well.</para>
|
||||
<section><info><title>Fully automatic zone signing</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>To enable automatic signing, add the
|
||||
<command>auto-dnssec</command> option to the zone statement in
|
||||
<filename>named.conf</filename>.
|
||||
<command>auto-dnssec</command> has two possible arguments:
|
||||
<constant>allow</constant> or
|
||||
<para>To enable automatic signing, add the
|
||||
<command>auto-dnssec</command> option to the zone statement in
|
||||
<filename>named.conf</filename>.
|
||||
<command>auto-dnssec</command> has two possible arguments:
|
||||
<constant>allow</constant> or
|
||||
<constant>maintain</constant>.</para>
|
||||
<para>With
|
||||
<command>auto-dnssec allow</command>,
|
||||
<para>With
|
||||
<command>auto-dnssec allow</command>,
|
||||
<command>named</command> can search the key directory for keys
|
||||
matching the zone, insert them into the zone, and use them to
|
||||
sign the zone. It will do so only when it receives an
|
||||
sign the zone. It will do so only when it receives an
|
||||
<command>rndc sign <zonename></command>.</para>
|
||||
<para>
|
||||
<!-- TODO: this is repeated in the ARM -->
|
||||
@@ -105,7 +105,7 @@
|
||||
functionality, but will also automatically adjust the zone's
|
||||
DNSKEY records on schedule according to the keys' timing metadata.
|
||||
(See <xref linkend="man.dnssec-keygen"/> and
|
||||
<xref linkend="man.dnssec-settime"/> for more information.)
|
||||
<xref linkend="man.dnssec-settime"/> for more information.)
|
||||
</para>
|
||||
<para>
|
||||
<command>named</command> will periodically search the key directory
|
||||
@@ -119,7 +119,7 @@
|
||||
</para>
|
||||
<para>
|
||||
If keys are present in the key directory the first time the zone
|
||||
is loaded, the zone will be signed immediately, without waiting for an
|
||||
is loaded, the zone will be signed immediately, without waiting for an
|
||||
<command>rndc sign</command> or <command>rndc loadkeys</command>
|
||||
command. (Those commands can still be used when there are unscheduled
|
||||
key changes, however.)
|
||||
@@ -141,15 +141,15 @@
|
||||
the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM
|
||||
record will appear in the zone.
|
||||
</para>
|
||||
<para>Using the
|
||||
<para>Using the
|
||||
<command>auto-dnssec</command> option requires the zone to be
|
||||
configured to allow dynamic updates, by adding an
|
||||
<command>allow-update</command> or
|
||||
configured to allow dynamic updates, by adding an
|
||||
<command>allow-update</command> or
|
||||
<command>update-policy</command> statement to the zone
|
||||
configuration. If this has not been done, the configuration will
|
||||
fail.</para>
|
||||
<section><info><title>Private-type records</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>The state of the signing process is signaled by
|
||||
private-type records (with a default type value of 65534). When
|
||||
@@ -187,18 +187,18 @@
|
||||
</literallayout>
|
||||
</para>
|
||||
<section><info><title>DNSKEY rollovers</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>As with insecure-to-secure conversions, rolling DNSSEC
|
||||
keys can be done in two ways: using a dynamic DNS update, or the
|
||||
keys can be done in two ways: using a dynamic DNS update, or the
|
||||
<command>auto-dnssec</command> zone option.</para>
|
||||
<section><info><title>Dynamic DNS update method</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para> To perform key rollovers via dynamic update, you need to add
|
||||
the <filename>K*</filename> files for the new keys so that
|
||||
the <filename>K*</filename> files for the new keys so that
|
||||
<command>named</command> can find them. You can then add the new
|
||||
DNSKEY RRs via dynamic update.
|
||||
DNSKEY RRs via dynamic update.
|
||||
<command>named</command> will then cause the zone to be signed
|
||||
with the new keys. When the signing is complete the private type
|
||||
records will be updated so that the last octet is non
|
||||
@@ -212,15 +212,15 @@
|
||||
be able to verify at least one signature when you remove the old
|
||||
DNSKEY.</para>
|
||||
<para>The old DNSKEY can be removed via UPDATE. Take care to
|
||||
specify the correct key.
|
||||
specify the correct key.
|
||||
<command>named</command> will clean out any signatures generated
|
||||
by the old key after the update completes.</para>
|
||||
<section><info><title>Automatic key rollovers</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>When a new key reaches its activation date (as set by
|
||||
<command>dnssec-keygen</command> or <command>dnssec-settime</command>),
|
||||
if the <command>auto-dnssec</command> zone option is set to
|
||||
if the <command>auto-dnssec</command> zone option is set to
|
||||
<constant>maintain</constant>, <command>named</command> will
|
||||
automatically carry out the key rollover. If the key's algorithm
|
||||
has not previously been used to sign the zone, then the zone will
|
||||
@@ -232,7 +232,7 @@
|
||||
completes in 30 days, after which it will be safe to remove the
|
||||
old key from the DNSKEY RRset.</para>
|
||||
<section><info><title>NSEC3PARAM rollovers via UPDATE</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>Add the new NSEC3PARAM record via dynamic update. When the
|
||||
new NSEC3 chain has been generated, the NSEC3PARAM flag field
|
||||
@@ -240,7 +240,7 @@
|
||||
record. The old chain will be removed after the update request
|
||||
completes.</para>
|
||||
<section><info><title>Converting from NSEC to NSEC3</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>To do this, you just need to add an NSEC3PARAM record. When
|
||||
the conversion is complete, the NSEC chain will have been removed
|
||||
@@ -248,30 +248,30 @@
|
||||
chain will be generated before the NSEC chain is
|
||||
destroyed.</para>
|
||||
<section><info><title>Converting from NSEC3 to NSEC</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>To do this, use <command>nsupdate</command> to
|
||||
remove all NSEC3PARAM records with a zero flag
|
||||
field. The NSEC chain will be generated before the NSEC3 chain is
|
||||
removed.</para>
|
||||
<section><info><title>Converting from secure to insecure</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>To convert a signed zone to unsigned using dynamic DNS,
|
||||
delete all the DNSKEY records from the zone apex using
|
||||
<command>nsupdate</command>. All signatures, NSEC or NSEC3 chains,
|
||||
and associated NSEC3PARAM records will be removed automatically.
|
||||
This will take place after the update request completes.</para>
|
||||
<para> This requires the
|
||||
<command>dnssec-secure-to-insecure</command> option to be set to
|
||||
<userinput>yes</userinput> in
|
||||
<para> This requires the
|
||||
<command>dnssec-secure-to-insecure</command> option to be set to
|
||||
<userinput>yes</userinput> in
|
||||
<filename>named.conf</filename>.</para>
|
||||
<para>In addition, if the <command>auto-dnssec maintain</command>
|
||||
zone statement is used, it should be removed or changed to
|
||||
<command>allow</command> instead (or it will re-sign).
|
||||
</para>
|
||||
<section><info><title>Periodic re-signing</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>In any secure zone which supports dynamic updates, <command>named</command>
|
||||
will periodically re-sign RRsets which have not been re-signed as
|
||||
@@ -279,14 +279,14 @@
|
||||
adjusted so as to spread the re-sign load over time rather than
|
||||
all at once.</para>
|
||||
<section><info><title>NSEC3 and OPTOUT</title></info>
|
||||
|
||||
|
||||
</section>
|
||||
<para>
|
||||
<command>named</command> only supports creating new NSEC3 chains
|
||||
where all the NSEC3 records in the zone have the same OPTOUT
|
||||
state.
|
||||
state.
|
||||
<command>named</command> supports UPDATES to zones where the NSEC3
|
||||
records in the chain have mixed OPTOUT state.
|
||||
records in the chain have mixed OPTOUT state.
|
||||
<command>named</command> does not support changing the OPTOUT
|
||||
state of an individual NSEC3 record, the entire chain needs to be
|
||||
changed if the OPTOUT state of an individual NSEC3 needs to be
|
||||
|
@@ -16,7 +16,7 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dyndb-info"><info><title>DynDB (Dynamic Database)</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
DynDB is an extension to BIND 9 which, like DLZ
|
||||
(see <xref linkend="dlz-info"/>), allows zone data to be
|
||||
@@ -41,7 +41,7 @@
|
||||
</para>
|
||||
|
||||
<section><info><title>Configuring DynDB</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
A DynDB database is configured with a <command>dyndb</command>
|
||||
statement in <filename>named.conf</filename>:
|
||||
@@ -68,7 +68,7 @@
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>Sample DynDB Module</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
For guidance in implementation of DynDB modules, the directory
|
||||
<filename>bin/tests/system/dyndb/driver</filename>.
|
||||
|
@@ -16,7 +16,7 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="bind9.library"><info><title>BIND 9 DNS Library Support</title></info>
|
||||
|
||||
|
||||
<para>This version of BIND 9 "exports" its internal libraries so
|
||||
that they can be used by third-party applications more easily (we
|
||||
call them "export" libraries in this document). In addition to
|
||||
@@ -53,7 +53,7 @@
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<section><info><title>Prerequisite</title></info>
|
||||
|
||||
|
||||
<para>GNU make is required to build the export libraries (other
|
||||
part of BIND 9 can still be built with other types of make). In
|
||||
the reminder of this document, "make" means GNU make. Note that
|
||||
@@ -61,7 +61,7 @@
|
||||
than "make" (e.g. "gmake") to indicate it's GNU make.</para>
|
||||
</section>
|
||||
<section><info><title>Compilation</title></info>
|
||||
|
||||
|
||||
<screen>
|
||||
$ <userinput>./configure --enable-exportlib <replaceable>[other flags]</replaceable></userinput>
|
||||
$ <userinput>make</userinput>
|
||||
@@ -75,7 +75,7 @@ $ <userinput>make</userinput>
|
||||
lib/export/samples directory (see below).</para>
|
||||
</section>
|
||||
<section><info><title>Installation</title></info>
|
||||
|
||||
|
||||
<screen>
|
||||
$ <userinput>cd lib/export</userinput>
|
||||
$ <userinput>make install</userinput>
|
||||
@@ -96,7 +96,7 @@ $ <userinput>make install</userinput>
|
||||
<filename>lib/export/samples/Makefile-postinstall.in</filename>.</para>
|
||||
</section>
|
||||
<section><info><title>Known Defects/Restrictions</title></info>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<!-- TODO: what about AIX? -->
|
||||
@@ -142,7 +142,7 @@ $ <userinput>make</userinput>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section><info><title>The dns.conf File</title></info>
|
||||
|
||||
|
||||
<para>The IRS library supports an "advanced" configuration file
|
||||
related to the DNS library for configuration parameters that
|
||||
would be beyond the capability of the
|
||||
@@ -159,13 +159,13 @@ $ <userinput>make</userinput>
|
||||
<xref linkend="trusted-keys"/> for details.)</para>
|
||||
</section>
|
||||
<section><info><title>Sample Applications</title></info>
|
||||
|
||||
|
||||
<para>Some sample application programs using this API are
|
||||
provided for reference. The following is a brief description of
|
||||
these applications.
|
||||
</para>
|
||||
<section><info><title>sample: a simple stub resolver utility</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
It sends a query of a given name (of a given optional RR type) to a
|
||||
specified recursive server, and prints the result as a list of
|
||||
@@ -232,7 +232,7 @@ $ <userinput>make</userinput>
|
||||
</variablelist>
|
||||
</section>
|
||||
<section><info><title>sample-async: a simple stub resolver, working asynchronously</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Similar to "sample", but accepts a list
|
||||
of (query) domain names as a separate file and resolves the names
|
||||
@@ -278,7 +278,7 @@ $ <userinput>make</userinput>
|
||||
</variablelist>
|
||||
</section>
|
||||
<section><info><title>sample-request: a simple DNS transaction client</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
It sends a query to a specified server, and
|
||||
prints the response with minimal processing. It doesn't act as a
|
||||
@@ -330,7 +330,7 @@ $ <userinput>make</userinput>
|
||||
</variablelist>
|
||||
</section>
|
||||
<section><info><title>sample-gai: getaddrinfo() and getnameinfo() test code</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
This is a test program
|
||||
to check getaddrinfo() and getnameinfo() behavior. It takes a
|
||||
@@ -346,7 +346,7 @@ $ <userinput>make</userinput>
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>sample-update: a simple dynamic update client program</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
It accepts a single update command as a
|
||||
command-line argument, sends an update request message to the
|
||||
@@ -448,14 +448,14 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
|
||||
<para>
|
||||
removes all A RRs for foo.dynamic.example.com using the given key.
|
||||
</para>
|
||||
<screen>
|
||||
<screen>
|
||||
$ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</userinput></screen>
|
||||
<para>
|
||||
removes all RRs for foo.dynamic.example.com using the given key.
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>nsprobe: domain/name server checker in terms of RFC 4074</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
It checks a set
|
||||
of domains to see the name servers of the domains behave
|
||||
@@ -520,7 +520,7 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
|
||||
</section>
|
||||
</section>
|
||||
<section><info><title>Library References</title></info>
|
||||
|
||||
|
||||
<para>As of this writing, there is no formal "manual" of the
|
||||
libraries, except this document, header files (some of them
|
||||
provide pretty detailed explanations), and sample application
|
||||
|
@@ -16,25 +16,25 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="rfc5011.support"><info><title>Dynamic Trust Anchor Management</title></info>
|
||||
|
||||
|
||||
<para>BIND 9.7.0 introduces support for RFC 5011, dynamic trust
|
||||
anchor management. Using this feature allows
|
||||
anchor management. Using this feature allows
|
||||
<command>named</command> to keep track of changes to critical
|
||||
DNSSEC keys without any need for the operator to make changes to
|
||||
configuration files.</para>
|
||||
<section><info><title>Validating Resolver</title></info>
|
||||
|
||||
|
||||
<!-- TODO: command tag is overloaded for configuration and executables -->
|
||||
<para>To configure a validating resolver to use RFC 5011 to
|
||||
maintain a trust anchor, configure the trust anchor using a
|
||||
maintain a trust anchor, configure the trust anchor using a
|
||||
<command>managed-keys</command> statement. Information about
|
||||
this can be found in
|
||||
this can be found in
|
||||
<xref linkend="managed-keys"/>.</para>
|
||||
<!-- TODO: managed-keys examples
|
||||
also in DNSSEC section above here in ARM -->
|
||||
</section>
|
||||
<section><info><title>Authoritative Server</title></info>
|
||||
|
||||
|
||||
<para>To set up an authoritative zone for RFC 5011 trust anchor
|
||||
maintenance, generate two (or more) key signing keys (KSKs) for
|
||||
the zone. Sign the zone with one of them; this is the "active"
|
||||
@@ -50,21 +50,21 @@ also in DNSSEC section above here in ARM -->
|
||||
timer has completed, the active KSK can be revoked, and the
|
||||
zone can be "rolled over" to the newly accepted key.</para>
|
||||
<para>The easiest way to place a stand-by key in a zone is to
|
||||
use the "smart signing" features of
|
||||
<command>dnssec-keygen</command> and
|
||||
use the "smart signing" features of
|
||||
<command>dnssec-keygen</command> and
|
||||
<command>dnssec-signzone</command>. If a key with a publication
|
||||
date in the past, but an activation date which is unset or in
|
||||
the future, "
|
||||
the future, "
|
||||
<command>dnssec-signzone -S</command>" will include the DNSKEY
|
||||
record in the zone, but will not sign with it:</para>
|
||||
<screen>
|
||||
$ <userinput>dnssec-keygen -K keys -f KSK -P now -A now+2y example.net</userinput>
|
||||
$ <userinput>dnssec-signzone -S -K keys example.net</userinput>
|
||||
</screen>
|
||||
<para>To revoke a key, the new command
|
||||
<para>To revoke a key, the new command
|
||||
<command>dnssec-revoke</command> has been added. This adds the
|
||||
REVOKED bit to the key flags and re-generates the
|
||||
<filename>K*.key</filename> and
|
||||
REVOKED bit to the key flags and re-generates the
|
||||
<filename>K*.key</filename> and
|
||||
<filename>K*.private</filename> files.</para>
|
||||
<para>After revoking the active key, the zone must be signed
|
||||
with both the revoked KSK and the new active KSK. (Smart
|
||||
@@ -82,7 +82,7 @@ $ <userinput>dnssec-signzone -S -K keys example.net</userinput>
|
||||
"<filename>Kexample.com.+005+10128</filename>".</para>
|
||||
<para>If two keys have IDs exactly 128 apart, and one is
|
||||
revoked, then the two key IDs will collide, causing several
|
||||
problems. To prevent this,
|
||||
problems. To prevent this,
|
||||
<command>dnssec-keygen</command> will not generate a new key if
|
||||
another key is present which may collide. This checking will
|
||||
only occur if the new keys are written to the same directory
|
||||
|
@@ -18,6 +18,6 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<article xmlns="http://docbook.org/ns/docbook" version="5.0"><info><title/></info>
|
||||
|
||||
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes.xml"/>
|
||||
</article>
|
||||
|
@@ -23,14 +23,14 @@
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0"><info/>
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
|
||||
<section xml:id="relnotes_intro"><info><title>Introduction</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
This document summarizes changes since the last production release
|
||||
of BIND on the corresponding major release branch.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="relnotes_download"><info><title>Download</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The latest versions of BIND 9 software can always be found at
|
||||
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
|
||||
@@ -40,7 +40,7 @@
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -140,7 +140,7 @@
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="relnotes_features"><info><title>New Features</title></info>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -209,7 +209,7 @@
|
||||
whose assistance is gratefully acknowledged.
|
||||
</para>
|
||||
<para>
|
||||
To enable <command>dnstap</command> at compile time,
|
||||
To enable <command>dnstap</command> at compile time,
|
||||
the <command>fstrm</command> and <command>protobuf-c</command>
|
||||
libraries must be available, and BIND must be configured with
|
||||
<option>--enable-dnstap</option>.
|
||||
@@ -507,7 +507,7 @@
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -675,7 +675,7 @@
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="relnotes_port"><info><title>Porting Changes</title></info>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -692,7 +692,7 @@
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
|
||||
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -869,7 +869,7 @@
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="end_of_life"><info><title>End of Life</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The end of life for BIND 9.11 is yet to be determined but
|
||||
will not be before BIND 9.13.0 has been released for 6 months.
|
||||
@@ -877,7 +877,7 @@
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Thank you to everyone who assisted us in making this release possible.
|
||||
If you would like to contribute to ISC to assist us in continuing to
|
||||
|
@@ -18,7 +18,7 @@
|
||||
|
||||
<!-- Converted by db4-upgrade version 1.0 -->
|
||||
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pkcs11"><info><title>PKCS#11 (Cryptoki) support</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
PKCS#11 (Public Key Cryptography Standard #11) defines a
|
||||
platform-independent API for the control of hardware security
|
||||
@@ -50,7 +50,7 @@
|
||||
the PKCS#11 API to drive the HSM directly.
|
||||
</para>
|
||||
<section><info><title>Prerequisites</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
See the documentation provided by your HSM vendor for
|
||||
information about installing, initializing, testing and
|
||||
@@ -58,7 +58,7 @@
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>Native PKCS#11</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Native PKCS#11 mode will only work with an HSM capable of carrying
|
||||
out <emphasis>every</emphasis> cryptographic operation BIND 9 may
|
||||
@@ -90,7 +90,7 @@ $ <userinput>./configure --enable-native-pkcs11 \
|
||||
the <command>pkcs11-*</command> tools.)
|
||||
</para>
|
||||
<section><info><title>Building SoftHSMv2</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
SoftHSMv2, the latest development version of SoftHSM, is available
|
||||
from
|
||||
@@ -127,7 +127,7 @@ $ <userinput> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
|
||||
</section>
|
||||
</section>
|
||||
<section><info><title>OpenSSL-based PKCS#11</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
OpenSSL-based PKCS#11 mode uses a modified version of the
|
||||
OpenSSL library; stock OpenSSL does not fully support PKCS#11.
|
||||
@@ -187,7 +187,7 @@ $ <userinput> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
|
||||
it with the path to your HSM's PKCS#11 provider library.
|
||||
</para>
|
||||
<section><info><title>Patching OpenSSL</title></info>
|
||||
|
||||
|
||||
<screen>
|
||||
$ <userinput>wget <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</link></userinput>
|
||||
</screen>
|
||||
@@ -219,7 +219,7 @@ $ <userinput>patch -p1 -d openssl-0.9.8zc \
|
||||
</section>
|
||||
<section><info><title>Building OpenSSL for the AEP Keyper on Linux</title></info>
|
||||
<!-- Example 1 -->
|
||||
|
||||
|
||||
<para>
|
||||
The AEP Keyper is a highly secure key storage device,
|
||||
but does not provide hardware cryptographic acceleration. It
|
||||
@@ -261,7 +261,7 @@ $ <userinput>./Configure linux-generic32 -m32 -pthread \
|
||||
</section>
|
||||
<section><info><title>Building OpenSSL for the SCA 6000 on Solaris</title></info>
|
||||
<!-- Example 2 -->
|
||||
|
||||
|
||||
<para>
|
||||
The SCA-6000 PKCS#11 provider is installed as a system
|
||||
library, libpkcs11. It is a true crypto accelerator, up to 4
|
||||
@@ -283,14 +283,14 @@ $ <userinput>./Configure solaris64-x86_64-cc \
|
||||
(For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.)
|
||||
</para>
|
||||
<para>
|
||||
After configuring, run
|
||||
<command>make</command> and
|
||||
After configuring, run
|
||||
<command>make</command> and
|
||||
<command>make test</command>.
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>Building OpenSSL for SoftHSM</title></info>
|
||||
<!-- Example 3 -->
|
||||
|
||||
|
||||
<para>
|
||||
SoftHSM (version 1) is a software library developed by the
|
||||
OpenDNSSEC project
|
||||
@@ -365,7 +365,7 @@ $ <userinput>./Configure linux-x86_64 -pthread \
|
||||
</para>
|
||||
<section><info><title>Configuring BIND 9 for Linux with the AEP Keyper</title></info>
|
||||
<!-- Example 4 -->
|
||||
|
||||
|
||||
<para>
|
||||
To link with the PKCS#11 provider, threads must be
|
||||
enabled in the BIND 9 build.
|
||||
@@ -385,7 +385,7 @@ $ <userinput>./configure CC="gcc -m32" --enable-threads \
|
||||
</section>
|
||||
<section><info><title>Configuring BIND 9 for Solaris with the SCA 6000</title></info>
|
||||
<!-- Example 5 -->
|
||||
|
||||
|
||||
<para>
|
||||
To link with the PKCS#11 provider, threads must be
|
||||
enabled in the BIND 9 build.
|
||||
@@ -407,7 +407,7 @@ $ <userinput>./configure CC="cc -xarch=amd64" --enable-threads \
|
||||
</section>
|
||||
<section><info><title>Configuring BIND 9 for SoftHSM</title></info>
|
||||
<!-- Example 6 -->
|
||||
|
||||
|
||||
<screen>
|
||||
$ <userinput>cd ../bind9</userinput>
|
||||
$ <userinput>./configure --enable-threads \
|
||||
@@ -427,12 +427,12 @@ $ <userinput>./configure --enable-threads \
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>PKCS#11 Tools</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
BIND 9 includes a minimal set of tools to operate the
|
||||
HSM, including
|
||||
HSM, including
|
||||
<command>pkcs11-keygen</command> to generate a new key pair
|
||||
within the HSM,
|
||||
within the HSM,
|
||||
<command>pkcs11-list</command> to list objects currently
|
||||
available,
|
||||
<command>pkcs11-destroy</command> to remove objects, and
|
||||
@@ -449,7 +449,7 @@ $ <userinput>./configure --enable-threads \
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>Using the HSM</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
For OpenSSL-based PKCS#11, we must first set up the runtime
|
||||
environment so the OpenSSL and PKCS#11 libraries can be loaded:
|
||||
@@ -468,7 +468,7 @@ $ <userinput>export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${LD_LIBRARY_PATH}</user
|
||||
For example, when operating an AEP Keyper, it is necessary to
|
||||
specify the location of the "machine" file, which stores
|
||||
information about the Keyper for use by the provider
|
||||
library. If the machine file is in
|
||||
library. If the machine file is in
|
||||
<filename>/opt/Keyper/PKCS11Provider/machine</filename>,
|
||||
use:
|
||||
</para>
|
||||
@@ -477,12 +477,12 @@ $ <userinput>export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11Provider</userinput>
|
||||
</screen>
|
||||
<para>
|
||||
Such environment variables must be set whenever running
|
||||
any tool that uses the HSM, including
|
||||
<command>pkcs11-keygen</command>,
|
||||
<command>pkcs11-list</command>,
|
||||
<command>pkcs11-destroy</command>,
|
||||
<command>dnssec-keyfromlabel</command>,
|
||||
<command>dnssec-signzone</command>,
|
||||
any tool that uses the HSM, including
|
||||
<command>pkcs11-keygen</command>,
|
||||
<command>pkcs11-list</command>,
|
||||
<command>pkcs11-destroy</command>,
|
||||
<command>dnssec-keyfromlabel</command>,
|
||||
<command>dnssec-signzone</command>,
|
||||
<command>dnssec-keygen</command>, and
|
||||
<command>named</command>.
|
||||
</para>
|
||||
@@ -569,7 +569,7 @@ example.net.signed
|
||||
</screen>
|
||||
</section>
|
||||
<section><info><title>Specifying the engine on the command line</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
When using OpenSSL-based PKCS#11, the "engine" to be used by
|
||||
OpenSSL can be specified in <command>named</command> and all of
|
||||
@@ -589,7 +589,7 @@ example.net.signed
|
||||
$ <userinput>dnssec-signzone -E '' -S example.net</userinput>
|
||||
</screen>
|
||||
<para>
|
||||
This causes
|
||||
This causes
|
||||
<command>dnssec-signzone</command> to run as if it were compiled
|
||||
without the --with-pkcs11 option.
|
||||
</para>
|
||||
@@ -600,13 +600,13 @@ $ <userinput>dnssec-signzone -E '' -S example.net</userinput>
|
||||
</para>
|
||||
</section>
|
||||
<section><info><title>Running named with automatic zone re-signing</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
If you want <command>named</command> to dynamically re-sign zones
|
||||
using HSM keys, and/or to to sign new records inserted via nsupdate,
|
||||
then <command>named</command> must have access to the HSM PIN. In OpenSSL-based PKCS#11,
|
||||
this is accomplished by placing the PIN into the openssl.cnf file
|
||||
(in the above examples,
|
||||
(in the above examples,
|
||||
<filename>/opt/pkcs11/usr/ssl/openssl.cnf</filename>).
|
||||
</para>
|
||||
<para>
|
||||
|
@@ -71,7 +71,7 @@
|
||||
</xsl:variable>
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -14,7 +14,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- ISC customizations for Docbook-XSL chunked HTML generator -->
|
||||
<!-- ISC customizations for Docbook-XSL chunked HTML generator -->
|
||||
|
||||
<xsl:stylesheet version="1.0"
|
||||
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
@@ -64,7 +64,7 @@
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -14,7 +14,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- ISC customizations for Docbook-XSL HTML generator -->
|
||||
<!-- ISC customizations for Docbook-XSL HTML generator -->
|
||||
|
||||
<xsl:stylesheet version="1.0"
|
||||
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
@@ -57,7 +57,7 @@
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -16,7 +16,7 @@
|
||||
|
||||
<!-- $Id$ -->
|
||||
|
||||
<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. -->
|
||||
<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. -->
|
||||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
|
||||
xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0">
|
||||
@@ -43,7 +43,7 @@
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -48,7 +48,7 @@
|
||||
<xsl:text>.ad l </xsl:text>
|
||||
</xsl:variable>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Override Docbook template to insert our copyright,
|
||||
- disable chunking, and suppress output of .so files.
|
||||
-->
|
||||
@@ -88,7 +88,7 @@
|
||||
</xsl:choose>
|
||||
</xsl:template>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Override Docbook template to change formatting.
|
||||
- We just want the element name in boldface, no subsection header.
|
||||
-->
|
||||
@@ -139,7 +139,7 @@
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -14,7 +14,7 @@
|
||||
- PERFORMANCE OF THIS SOFTWARE.
|
||||
-->
|
||||
|
||||
<!-- ISC customizations for Docbook-XSL HTML generator -->
|
||||
<!-- ISC customizations for Docbook-XSL HTML generator -->
|
||||
|
||||
<xsl:stylesheet version="1.0"
|
||||
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
@@ -62,7 +62,7 @@
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -21,7 +21,7 @@
|
||||
xmlns:db="http://docbook.org/ns/docbook">
|
||||
</xsl:stylesheet>
|
||||
|
||||
<!--
|
||||
<!--
|
||||
- Local variables:
|
||||
- mode: sgml
|
||||
- End:
|
||||
|
@@ -19,7 +19,7 @@
|
||||
<!--
|
||||
- Whack — into something that won't choke LaTeX.
|
||||
- There's probably a better way to do this, but this will work for now.
|
||||
-->
|
||||
-->
|
||||
|
||||
<xsl:stylesheet version="1.0"
|
||||
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
|
@@ -57,7 +57,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><command>isc-config.sh</command>
|
||||
prints information related to the installed version of ISC BIND,
|
||||
such as the compiler and linker flags required to compile
|
||||
@@ -80,7 +80,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OPTIONS</title></info>
|
||||
|
||||
|
||||
|
||||
<variablelist>
|
||||
|
||||
@@ -142,7 +142,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para><command>isc-config.sh</command>
|
||||
returns an exit status of 1 if
|
||||
invoked with invalid arguments or no arguments at all.
|
||||
|
@@ -58,7 +58,7 @@
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The BIND 9 lightweight resolver library is a simple, name service
|
||||
independent stub resolver library. It provides hostname-to-address
|
||||
@@ -74,7 +74,7 @@
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>OVERVIEW</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The lwresd library implements multiple name service APIs.
|
||||
The standard
|
||||
@@ -128,7 +128,7 @@
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>CLIENT-SIDE LOW-LEVEL API CALL FLOW</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
When a client program wishes to make an lwres request using the
|
||||
native low-level API, it typically performs the following
|
||||
@@ -176,7 +176,7 @@
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SERVER-SIDE LOW-LEVEL API CALL FLOW</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
When implementing the server side of the lightweight resolver
|
||||
protocol using the lwres library, a sequence of actions like the
|
||||
@@ -218,7 +218,7 @@
|
||||
<para/>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres_gethostent</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -204,7 +204,7 @@ void
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
These functions provide bounds checked access to a region of memory
|
||||
where data is being read or written.
|
||||
|
@@ -95,7 +95,7 @@ lwres_conf_t *
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_conf_init()</function>
|
||||
creates an empty
|
||||
@@ -133,7 +133,7 @@ lwres_conf_t *
|
||||
</refsection>
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_conf_parse()</function>
|
||||
returns <errorcode>LWRES_R_SUCCESS</errorcode>
|
||||
@@ -154,7 +154,7 @@ lwres_conf_t *
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>stdio</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
@@ -164,7 +164,7 @@ lwres_conf_t *
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>FILES</title></info>
|
||||
|
||||
|
||||
<para><filename>/etc/resolv.conf</filename>
|
||||
</para>
|
||||
</refsection>
|
||||
|
@@ -120,7 +120,7 @@ void *
|
||||
</funcsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_context_create()</function>
|
||||
creates a <type>lwres_context_t</type> structure for use in
|
||||
@@ -219,7 +219,7 @@ void *
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_context_create()</function>
|
||||
returns <errorcode>LWRES_R_NOMEMORY</errorcode> if memory for
|
||||
@@ -245,7 +245,7 @@ void *
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres_conf_init</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -114,7 +114,7 @@ void
|
||||
</funcsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
These are low-level routines for creating and parsing
|
||||
lightweight resolver name-to-address lookup request and
|
||||
@@ -213,7 +213,7 @@ typedef struct {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The getaddrbyname opcode functions
|
||||
<function>lwres_gabnrequest_render()</function>,
|
||||
@@ -251,7 +251,7 @@ typedef struct {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>
|
||||
|
@@ -65,7 +65,7 @@ char *
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_gai_strerror()</function>
|
||||
returns an error message corresponding to an error code returned by
|
||||
@@ -177,7 +177,7 @@ char *
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>strerror</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -97,7 +97,7 @@ struct addrinfo {
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_getaddrinfo()</function>
|
||||
is used to get a list of IP addresses and port numbers for host
|
||||
@@ -323,7 +323,7 @@ struct addrinfo {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_getaddrinfo()</function>
|
||||
returns zero on success or one of the error codes listed in
|
||||
@@ -337,7 +337,7 @@ struct addrinfo {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -151,7 +151,7 @@ void
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
These functions provide hostname-to-address and
|
||||
address-to-hostname lookups by means of the lightweight resolver.
|
||||
@@ -313,7 +313,7 @@ struct hostent {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The functions
|
||||
<function>lwres_gethostbyname()</function>,
|
||||
@@ -397,7 +397,7 @@ struct hostent {
|
||||
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>gethostent</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
@@ -413,7 +413,7 @@ struct hostent {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>BUGS</title></info>
|
||||
|
||||
|
||||
<para><function>lwres_gethostbyname()</function>,
|
||||
<function>lwres_gethostbyname2()</function>,
|
||||
<function>lwres_gethostbyaddr()</function>
|
||||
|
@@ -85,7 +85,7 @@ void
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
These functions perform thread safe, protocol independent
|
||||
@@ -240,7 +240,7 @@ struct hostent {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
If an error occurs,
|
||||
<function>lwres_getipnodebyname()</function>
|
||||
@@ -300,7 +300,7 @@ struct hostent {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>RFC2553</refentrytitle>
|
||||
</citerefentry>,
|
||||
|
@@ -72,7 +72,7 @@ int
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
This function is equivalent to the
|
||||
@@ -163,13 +163,13 @@ int
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para><function>lwres_getnameinfo()</function>
|
||||
returns 0 on success or a non-zero error code if an error occurs.
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>RFC2133</refentrytitle>
|
||||
</citerefentry>,
|
||||
@@ -191,7 +191,7 @@ int
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>BUGS</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
RFC2133 fails to define what the nonzero return values of
|
||||
<citerefentry>
|
||||
|
@@ -100,7 +100,7 @@ struct rrsetinfo {
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para><function>lwres_getrrsetbyname()</function>
|
||||
gets a set of resource records associated with a
|
||||
<parameter>hostname</parameter>, <parameter>class</parameter>,
|
||||
@@ -148,7 +148,7 @@ struct rrsetinfo {
|
||||
<para/>
|
||||
</refsection>
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para><function>lwres_getrrsetbyname()</function>
|
||||
returns zero on success, and one of the following error codes if
|
||||
an error occurred:
|
||||
@@ -211,7 +211,7 @@ struct rrsetinfo {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>.
|
||||
|
@@ -126,7 +126,7 @@ void
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
These are low-level routines for creating and parsing
|
||||
lightweight resolver address-to-name lookup request and
|
||||
@@ -214,7 +214,7 @@ typedef struct {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The getnamebyaddr opcode functions
|
||||
<function>lwres_gnbarequest_render()</function>,
|
||||
@@ -252,7 +252,7 @@ typedef struct {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>.
|
||||
|
@@ -71,7 +71,7 @@ const char *
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_herror()</function>
|
||||
prints the string <parameter>s</parameter> on
|
||||
@@ -126,7 +126,7 @@ const char *
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The string <errorname>Unknown resolver error</errorname> is returned by
|
||||
<function>lwres_hstrerror()</function>
|
||||
@@ -136,7 +136,7 @@ const char *
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>herror</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -69,7 +69,7 @@ const char *
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_net_ntop()</function>
|
||||
converts an IP address of protocol family
|
||||
@@ -90,7 +90,7 @@ const char *
|
||||
|
||||
</refsection>
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
|
||||
<para>
|
||||
If successful, the function returns <parameter>dst</parameter>:
|
||||
@@ -105,7 +105,7 @@ const char *
|
||||
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>RFC1884</refentrytitle>
|
||||
</citerefentry>,
|
||||
|
@@ -115,7 +115,7 @@ void
|
||||
</funcsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
These are low-level routines for creating and parsing
|
||||
lightweight resolver no-op request and response messages.
|
||||
@@ -207,7 +207,7 @@ typedef struct {
|
||||
|
||||
</refsection>
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
The no-op opcode functions
|
||||
<function>lwres_nooprequest_render()</function>,
|
||||
@@ -246,7 +246,7 @@ typedef struct {
|
||||
</para>
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>
|
||||
|
@@ -72,7 +72,7 @@ lwres_result_t
|
||||
</funcsynopsis>
|
||||
</refsynopsisdiv>
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
These functions rely on a
|
||||
<type>struct lwres_lwpacket</type>
|
||||
@@ -273,7 +273,7 @@ struct lwres_lwpacket {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Successful calls to
|
||||
<function>lwres_lwpacket_renderheader()</function> and
|
||||
|
@@ -95,7 +95,7 @@ lwres_result_t
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsection><info><title>DESCRIPTION</title></info>
|
||||
|
||||
|
||||
|
||||
<para><function>lwres_string_parse()</function>
|
||||
retrieves a DNS-encoded string starting the current pointer of
|
||||
@@ -181,7 +181,7 @@ typedef struct {
|
||||
</refsection>
|
||||
|
||||
<refsection><info><title>RETURN VALUES</title></info>
|
||||
|
||||
|
||||
<para>
|
||||
Successful calls to
|
||||
<function>lwres_string_parse()</function>
|
||||
@@ -222,7 +222,7 @@ typedef struct {
|
||||
|
||||
</refsection>
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
|
||||
<para><citerefentry>
|
||||
<refentrytitle>lwres_buffer</refentrytitle><manvolnum>3</manvolnum>
|
||||
</citerefentry>,
|
||||
|
@@ -559,6 +559,14 @@ foreach $file (keys %file_types) {
|
||||
$body = "$body$_";
|
||||
}
|
||||
$_ = $body;
|
||||
} elsif ($type eq "SGML" && $sysyears =~ /$this_year/) {
|
||||
my $body = "";
|
||||
while (<SOURCE>) {
|
||||
# Remove trailing white space.
|
||||
s/[ \t]*$//;
|
||||
$body = "$body$_";
|
||||
}
|
||||
$_ = $body;
|
||||
} else {
|
||||
undef $/;
|
||||
$_ = <SOURCE>;
|
||||
|
Reference in New Issue
Block a user