mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

cleanup trailing white space in SGML like files

Browse Source
This commit is contained in:
Mark Andrews
2015-10-22 16:09:46 +11:00
parent 04893d38e0
commit 30eec077db
74 changed files with 444 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
FAQ.xml
View File

@@ -17,7 +17,7 @@
<!-- Converted by db4-upgrade version 1.0 -->
<article xmlns="http://docbook.org/ns/docbook" version="5.0" class="faq">
<info>
<copyright>
<year>2004</year>
@@ -40,9 +40,9 @@
</copyright>
</info>
<qandaset defaultlabel="qanda">
<qandadiv><title>Compilation and Installation Questions</title>
<qandadiv><title>Compilation and Installation Questions</title>
<qandaentry>
<question>
<para>
@@ -58,7 +58,7 @@
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -67,7 +67,7 @@
</question>
<answer>
<para>
Short Answer: No.
Short Answer: No.
</para>
<para>
Long Answer: There really isn't a default configuration which fits
@@ -90,9 +90,9 @@
</para>
</answer>
</qandaentry>
</qandadiv> <!-- Compilation and Installation Questions -->
<qandadiv><title>Configuration and Setup Questions</title>
<qandaentry>
@@ -122,7 +122,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
</informalexample>
</answer>
</qandaentry>
<qandaentry>
<!-- configuration -->
<question>
@@ -248,7 +248,7 @@ view "chaos" chaos {
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -263,7 +263,7 @@ view "chaos" chaos {
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -356,7 +356,7 @@ Slave 10.0.1.2:
</informalexample>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -389,7 +389,7 @@ named-checkzone example.com tmp</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -413,7 +413,7 @@ named-checkzone example.com tmp</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -508,7 +508,7 @@ Master 10.0.1.1:
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -548,7 +548,7 @@ Master 10.0.1.1:
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -600,7 +600,7 @@ zone "example.net" {
</informalexample>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -691,9 +691,9 @@ server ::/0 { bogus yes; };
</programlisting>
</answer>
</qandaentry>
</qandadiv> <!-- Configuration and Setup Questions -->
<qandadiv><title>Operations Questions</title>
<qandaentry>
@@ -765,7 +765,7 @@ server ::/0 { bogus yes; };
</qandadiv> <!-- Operations Questions -->
<qandadiv><title>General Questions</title>
<qandaentry>
<question>
<para>
@@ -810,7 +810,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -845,7 +845,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -863,7 +863,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -879,7 +879,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -906,7 +906,7 @@ serial-query-rate 5; // default 20</programlisting>
</answer>
</qandaentry>
<qandaentry>
<qandaentry>
<question>
<para>
I don't get RRSIG's returned when I use "dig +dnssec".
@@ -918,7 +918,7 @@ serial-query-rate 5; // default 20</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -1002,7 +1002,7 @@ empty:
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -1079,7 +1079,7 @@ empty:
</qandaentry>
</qandadiv> <!-- General Questions -->
<qandadiv><title>Operating-System Specific Questions</title>
<qandadiv><title>HPUX</title>
@@ -1109,9 +1109,9 @@ configure: error: need either working unistd.h or sys/select.h</programlisting>
</qandadiv> <!-- HPUX -->
<qandadiv><title>Linux</title>
<qandaentry>
<question>
<question>
<para>
Why do I get the following errors:
<programlisting>general: errno2result.c:109: unexpected error:
@@ -1174,7 +1174,7 @@ echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -1193,7 +1193,7 @@ echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -1214,7 +1214,7 @@ modprobe capability</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -1274,7 +1274,7 @@ $ROOTDIR/var/tmp
able to write or create files except in the directories
above, with SELinux in Enforcing mode.
</para>
<para>
So, to allow named to update slave or DDNS zone files,
it is best to locate them in $ROOTDIR/var/named/slaves,
@@ -1285,7 +1285,7 @@ zone "slave.zone." IN {
type slave;
file "slaves/slave.zone.db";
...
};
};
zone "ddns.zone." IN {
type master;
allow-updates {...};
@@ -1318,13 +1318,13 @@ options {
system-config-securitylevel GUI, using the 'setsebool'
command, or in /etc/selinux/targeted/booleans.
</para>
<para>
You can disable SELinux protection for named entirely by
setting the 'named_disable_trans=1' SELinux tunable boolean
parameter.
</para>
<para>
The SELinux named policy defines these SELinux contexts for named:
<informalexample>
@@ -1335,7 +1335,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
<para>
If you want to retain use of the SELinux policy for named,
and put named files in different locations, you can do
@@ -1353,7 +1353,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
<para>
To create a custom modifiable named data location, e.g.
'/var/log/named' for a log file, do:
@@ -1363,7 +1363,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
<para>
To create a custom zone file location, e.g. /root/zones/, do:
<informalexample>
@@ -1372,7 +1372,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
<para>
See these man-pages for more information : selinux(8),
named_selinux(8), chcon(1), setsebool(8)
@@ -1433,11 +1433,11 @@ proc /var/named/proc proc defaults 0 0</programlisting>
</para>
</answer>
</qandaentry>
</qandadiv> <!-- Linux -->
<qandadiv><title>Windows</title>
<qandaentry>
<question>
<para>
@@ -1458,7 +1458,7 @@ proc /var/named/proc proc defaults 0 0</programlisting>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
@@ -1484,11 +1484,11 @@ options {
</informalexample>
</answer>
</qandaentry>
</qandadiv> <!-- Windows -->
<qandadiv><title>FreeBSD</title>
<qandaentry>
<question>
<para>
@@ -1513,11 +1513,11 @@ rand_irqs="3 14 15"</programlisting>
</para>
</answer>
</qandaentry>
</qandadiv> <!-- FreeBSD -->
<qandadiv><title>Solaris</title>
<qandaentry>
<question>
<para>
@@ -1535,7 +1535,7 @@ rand_irqs="3 14 15"</programlisting>
</para>
</answer>
</qandaentry>
</qandadiv> <!-- Solaris -->
<qandadiv><title>Apple Mac OS X</title>
@@ -1601,7 +1601,7 @@ key "rndc-key" {
</qandaentry>
</qandadiv> <!-- Apple Mac OS X -->
</qandadiv> <!-- Operating-System Specific Questions -->
</qandaset>

8
bin/check/named-checkconf.docbook
View File

@@ -71,7 +71,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>named-checkconf</command>
checks the syntax, but not the semantics, of a
<command>named</command> configuration file. The file is parsed
@@ -92,7 +92,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -184,7 +184,7 @@
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><command>named-checkconf</command>
returns an exit status of 1 if
errors were detected and 0 otherwise.
@@ -192,7 +192,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

12
bin/check/named-checkzone.docbook
View File

@@ -122,7 +122,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>named-checkzone</command>
checks the syntax and integrity of a zone file. It performs the
same checks as <command>named</command> does when loading a
@@ -143,7 +143,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -387,7 +387,7 @@
<listitem>
<para>
Check for records that are treated as different by DNSSEC but
are semantically equal in plain DNS.
are semantically equal in plain DNS.
Possible modes are <command>"fail"</command>,
<command>"warn"</command> (default) and
<command>"ignore"</command>.
@@ -511,7 +511,7 @@
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><command>named-checkzone</command>
returns an exit status of 1 if
errors were detected and 0 otherwise.
@@ -519,12 +519,12 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
<refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>RFC 1035</citetitle>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.

8
bin/confgen/ddns-confgen.docbook
View File

@@ -67,7 +67,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>tsig-keygen</command> and <command>ddns-confgen</command>
are invocation methods for a utility that generates keys for use
@@ -99,7 +99,7 @@
local DDNS key for use with <command>nsupdate -l</command>:
it does this when a zone is configured with
<command>update-policy local;</command>.
<command>ddns-confgen</command> is only needed when a
<command>ddns-confgen</command> is only needed when a
more elaborate configuration is required: for instance,
if <command>nsupdate</command> is to be used from a remote
system.
@@ -107,7 +107,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -215,7 +215,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,

8
bin/confgen/rndc-confgen.docbook
View File

@@ -72,7 +72,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>rndc-confgen</command>
generates configuration files
for <command>rndc</command>. It can be used as a
@@ -90,7 +90,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -259,7 +259,7 @@
</refsection>
<refsection><info><title>EXAMPLES</title></info>
<para>
To allow <command>rndc</command> to be used with
no manual configuration, run
@@ -277,7 +277,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

14
bin/delv/delv.docbook
View File

@@ -85,7 +85,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>delv</command>
(Domain Entity Lookup &amp; Validation) is a tool for sending
DNS queries and validating the results, using the same internal
@@ -129,7 +129,7 @@
</refsection>
<refsection><info><title>SIMPLE USAGE</title></info>
<para>
A typical invocation of <command>delv</command> looks like:
@@ -196,7 +196,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -398,7 +398,7 @@
</refsection>
<refsection><info><title>QUERY OPTIONS</title></info>
<para><command>delv</command>
provides a number of query options which affect the way results are
@@ -585,7 +585,7 @@
<listitem>
<para>
Set or clear the display options
<option>+[no]comments</option>,
<option>+[no]comments</option>,
<option>+[no]rrcomments</option>, and
<option>+[no]trust</option> as a group.
</para>
@@ -668,13 +668,13 @@
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/bind.keys</filename></para>
<para><filename>/etc/resolv.conf</filename></para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,

22
bin/dig/dig.docbook
View File

@@ -98,7 +98,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dig</command>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -144,7 +144,7 @@
<para>
The IN and CH class names overlap with the IN and CH top level
domain names. Either use the <option>-t</option> and
<option>-c</option> options to specify the type and class,
<option>-c</option> options to specify the type and class,
use the <option>-q</option> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</para>
@@ -152,7 +152,7 @@
</refsection>
<refsection><info><title>SIMPLE USAGE</title></info>
<para>
A typical invocation of <command>dig</command> looks like:
@@ -218,7 +218,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -421,7 +421,7 @@
</refsection>
<refsection><info><title>QUERY OPTIONS</title></info>
<para><command>dig</command>
provides a number of query options which affect
@@ -1160,7 +1160,7 @@
</refsection>
<refsection><info><title>MULTIPLE QUERIES</title></info>
<para>
The BIND 9 implementation of <command>dig </command>
@@ -1209,7 +1209,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</refsection>
<refsection><info><title>IDN SUPPORT</title></info>
<para>
If <command>dig</command> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -1218,13 +1218,13 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the <envar>IDN_DISABLE</envar> environment variable.
The IDN support is disabled if the variable is set when
The IDN support is disabled if the variable is set when
<command>dig</command> runs.
</para>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/resolv.conf</filename>
</para>
<para><filename>${HOME}/.digrc</filename>
@@ -1232,7 +1232,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
@@ -1247,7 +1247,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</refsection>
<refsection><info><title>BUGS</title></info>
<para>
There are probably too many query options.
</para>

8
bin/dig/host.docbook
View File

@@ -77,7 +77,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>host</command>
is a simple utility for performing DNS lookups.
@@ -240,7 +240,7 @@
</para>
<para>
The <option>-s</option> option tells <command>host</command>
The <option>-s</option> option tells <command>host</command>
<emphasis>not</emphasis> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
@@ -260,10 +260,10 @@
</refsection>
<refsection><info><title>IDN SUPPORT</title></info>
<para>
If <command>host</command> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
domain name) support, it can accept and display non-ASCII domain names.
<command>host</command> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.

10
bin/dig/nslookup.docbook
View File

@@ -87,7 +87,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>Nslookup</command>
is a program to query Internet domain name servers. <command>Nslookup</command>
has two modes: interactive and non-interactive. Interactive mode allows
@@ -100,7 +100,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<para>
Interactive mode is entered in the following cases:
<orderedlist numeration="loweralpha" inheritnum="ignore" continuation="restarts">
@@ -144,7 +144,7 @@ nslookup -query=hinfo -timeout=10
</refsection>
<refsection><info><title>INTERACTIVE COMMANDS</title></info>
<variablelist>
<varlistentry>
<term><constant>host</constant> <optional>server</optional></term>
@@ -480,13 +480,13 @@ nslookup -query=hinfo -timeout=10
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/resolv.conf</filename>
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,

14
bin/dnssec/dnssec-dsfromkey.docbook
View File

@@ -84,7 +84,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-dsfromkey</command>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
@@ -92,7 +92,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -183,7 +183,7 @@
<para>
Include ZSKs when generating DS records. Without this option,
only keys which have the KSK flag set will be converted to DS
records and printed. Useful only in zone file mode.
records and printed. Useful only in zone file mode.
</para>
</listitem>
</varlistentry>
@@ -252,7 +252,7 @@
</refsection>
<refsection><info><title>EXAMPLE</title></info>
<para>
To build the SHA-256 DS RR from the
<userinput>Kexample.com.+003+26160</userinput>
@@ -268,7 +268,7 @@
</refsection>
<refsection><info><title>FILES</title></info>
<para>
The keyfile can be designed by the key identification
<filename>Knnnn.+aaa+iiiii</filename> or the full file name
@@ -283,14 +283,14 @@
</refsection>
<refsection><info><title>CAVEAT</title></info>
<para>
A keyfile error can give a "file not found" even if the file exists.
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

14
bin/dnssec/dnssec-importkey.docbook
View File

@@ -71,7 +71,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-importkey</command>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@@ -92,7 +92,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -110,7 +110,7 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@@ -142,7 +142,7 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-v <replaceable class="parameter">level</replaceable></term>
<listitem>
@@ -165,7 +165,7 @@
</refsection>
<refsection><info><title>TIMING OPTIONS</title></info>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -205,7 +205,7 @@
</refsection>
<refsection><info><title>FILES</title></info>
<para>
A keyfile can be designed by the key identification
<filename>Knnnn.+aaa+iiiii</filename> or the full file name
@@ -215,7 +215,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

14
bin/dnssec/dnssec-keyfromlabel.docbook
View File

@@ -79,7 +79,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-keyfromlabel</command>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -96,7 +96,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -364,7 +364,7 @@
</refsection>
<refsection><info><title>TIMING OPTIONS</title></info>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
@@ -450,7 +450,7 @@
</para>
<para>
If the key is being created as an explicit successor to another
key, then the default prepublication interval is 30 days;
key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
@@ -467,7 +467,7 @@
</refsection>
<refsection><info><title>GENERATED KEY FILES</title></info>
<para>
When <command>dnssec-keyfromlabel</command> completes
successfully,
@@ -491,7 +491,7 @@
</para>
</listitem>
</itemizedlist>
<para><command>dnssec-keyfromlabel</command>
<para><command>dnssec-keyfromlabel</command>
creates two files, with names based
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
contains the public key, and
@@ -513,7 +513,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

16
bin/dnssec/dnssec-keygen.docbook
View File

@@ -96,7 +96,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-keygen</command>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -111,7 +111,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -441,7 +441,7 @@
</refsection>
<refsection><info><title>TIMING OPTIONS</title></info>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
@@ -529,7 +529,7 @@
</para>
<para>
If the key is being created as an explicit successor to another
key, then the default prepublication interval is 30 days;
key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
@@ -547,7 +547,7 @@
<refsection><info><title>GENERATED KEYS</title></info>
<para>
When <command>dnssec-keygen</command> completes
successfully,
@@ -572,7 +572,7 @@
</para>
</listitem>
</itemizedlist>
<para><command>dnssec-keygen</command>
<para><command>dnssec-keygen</command>
creates two files, with names based
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
contains the public key, and
@@ -600,7 +600,7 @@
</refsection>
<refsection><info><title>EXAMPLE</title></info>
<para>
To generate a 768-bit DSA key for the domain
<userinput>example.com</userinput>, the following command would be
@@ -622,7 +622,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

8
bin/dnssec/dnssec-revoke.docbook
View File

@@ -60,7 +60,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-revoke</command>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -69,7 +69,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -80,7 +80,7 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@@ -159,7 +159,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

20
bin/dnssec/dnssec-settime.docbook
View File

@@ -66,7 +66,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-settime</command>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <option>-P</option>, <option>-A</option>,
@@ -93,7 +93,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -105,13 +105,13 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
set to the present time. If no other values are specified,
then the key's publication and activation dates will also
set to the present time. If no other values are specified,
then the key's publication and activation dates will also
be set to the present time.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@@ -145,7 +145,7 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-V</term>
<listitem>
@@ -184,7 +184,7 @@
</refsection>
<refsection><info><title>TIMING OPTIONS</title></info>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -281,7 +281,7 @@
</para>
<para>
If the key is being set to be an explicit successor to another
key, then the default prepublication interval is 30 days;
key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
@@ -297,7 +297,7 @@
</refsection>
<refsection><info><title>PRINTING OPTIONS</title></info>
<para>
<command>dnssec-settime</command> can also be used to print the
timing metadata associated with a key.
@@ -335,7 +335,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

14
bin/dnssec/dnssec-signzone.docbook
View File

@@ -107,7 +107,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-signzone</command>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -119,7 +119,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -174,7 +174,7 @@
(<option>-S</option>) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with <command>$INCLUDE</command>. This option
cannot be combined with <option>-O raw</option>,
cannot be combined with <option>-O raw</option>,
<option>-O map</option>, or serial number updating.
</para>
</listitem>
@@ -551,7 +551,7 @@
<para>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
replaced with a new one, signatures from the old key
replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <option>-Q</option>
@@ -632,7 +632,7 @@
<para>
If the key's activation date is set and in the past, the
key is published (regardless of publication date) and
used to sign the zone.
used to sign the zone.
</para>
</listitem>
</varlistentry>
@@ -800,7 +800,7 @@
</refsection>
<refsection><info><title>EXAMPLE</title></info>
<para>
The following command signs the <userinput>example.com</userinput>
zone with the DSA key generated by <command>dnssec-keygen</command>
@@ -831,7 +831,7 @@ db.example.com.signed
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

6
bin/dnssec/dnssec-verify.docbook
View File

@@ -60,7 +60,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-verify</command>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -69,7 +69,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -192,7 +192,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>

6
bin/named/bind9.xsl
View File

@@ -49,7 +49,7 @@
function loadGraphs(){
var g;
while(g = graphs.shift()){
// alert("going for: " + g.target);
if(g.data.length > 1){
@@ -59,7 +59,7 @@
}
<xsl:if test="server/counters[@type=&quot;qtype&quot;]/counter">
// Server Incoming Query Types
// Server Incoming Query Types
graphs.push({
'title' : "Server Incoming Query Types",
'target': 'chart_incoming_qtypes',
@@ -67,7 +67,7 @@
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type=&quot;qtype&quot;]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
</xsl:if>
<xsl:if test="server/counters[@type=&quot;opcode&quot;]/counter">
// Server Incoming Requests by opcode
graphs.push({

12
bin/named/lwresd.docbook
View File

@@ -77,7 +77,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>lwresd</command>
is the daemon providing name lookup
@@ -87,7 +87,7 @@
resolver protocol rather than the DNS protocol.
</para>
<para><command>lwresd</command>
<para><command>lwresd</command>
listens for resolver queries on a
UDP port on the IPv4 loopback interface, 127.0.0.1. This
means that <command>lwresd</command> can only be used by
@@ -115,7 +115,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
@@ -217,7 +217,7 @@
<replaceable class="parameter">trace</replaceable>,
<replaceable class="parameter">record</replaceable>,
<replaceable class="parameter">size</replaceable>, and
<replaceable class="parameter">mctx</replaceable>.
<replaceable class="parameter">mctx</replaceable>.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
<filename>&lt;isc/mem.h&gt;</filename>.
</para>
@@ -324,7 +324,7 @@
</refsection>
<refsection><info><title>FILES</title></info>
<variablelist>
@@ -351,7 +351,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

30
bin/named/named.conf.docbook
View File

@@ -60,7 +60,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><filename>named.conf</filename> is the configuration file
for
<command>named</command>. Statements are enclosed
@@ -80,7 +80,7 @@
</refsection>
<refsection><info><title>ACL</title></info>
<literallayout class="normal">
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
@@ -88,7 +88,7 @@ acl <replaceable>string</replaceable> { <replaceable>address_match_element</repl
</refsection>
<refsection><info><title>KEY</title></info>
<literallayout class="normal">
key <replaceable>domain_name</replaceable> {
algorithm <replaceable>string</replaceable>;
@@ -98,7 +98,7 @@ key <replaceable>domain_name</replaceable> {
</refsection>
<refsection><info><title>MASTERS</title></info>
<literallayout class="normal">
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
@@ -108,7 +108,7 @@ masters <replaceable>string</replaceable> <optional> port <replaceable>integer</
</refsection>
<refsection><info><title>SERVER</title></info>
<literallayout class="normal">
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
bogus <replaceable>boolean</replaceable>;
@@ -132,7 +132,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
</refsection>
<refsection><info><title>TRUSTED-KEYS</title></info>
<literallayout class="normal">
trusted-keys {
<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
@@ -141,7 +141,7 @@ trusted-keys {
</refsection>
<refsection><info><title>MANAGED-KEYS</title></info>
<literallayout class="normal">
managed-keys {
<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
@@ -150,7 +150,7 @@ managed-keys {
</refsection>
<refsection><info><title>CONTROLS</title></info>
<literallayout class="normal">
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
@@ -163,7 +163,7 @@ controls {
</refsection>
<refsection><info><title>LOGGING</title></info>
<literallayout class="normal">
logging {
channel <replaceable>string</replaceable> {
@@ -182,7 +182,7 @@ logging {
</refsection>
<refsection><info><title>LWRES</title></info>
<literallayout class="normal">
lwres {
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
@@ -198,7 +198,7 @@ lwres {
</refsection>
<refsection><info><title>OPTIONS</title></info>
<literallayout class="normal">
options {
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
@@ -413,7 +413,7 @@ options {
</refsection>
<refsection><info><title>VIEW</title></info>
<literallayout class="normal">
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
match-clients { <replaceable>address_match_element</replaceable>; ... };
@@ -583,7 +583,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
</refsection>
<refsection><info><title>ZONE</title></info>
<literallayout class="normal">
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
type ( master | slave | stub | hint | redirect |
@@ -681,13 +681,13 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/named.conf</filename>
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

12
bin/named/named.docbook
View File

@@ -87,7 +87,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>named</command>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -103,7 +103,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -436,7 +436,7 @@
</refsection>
<refsection><info><title>SIGNALS</title></info>
<para>
In routine operation, signals should not be used to control
the nameserver; <command>rndc</command> should be used
@@ -472,7 +472,7 @@
</refsection>
<refsection><info><title>CONFIGURATION</title></info>
<para>
The <command>named</command> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -492,7 +492,7 @@
</refsection>
<refsection><info><title>FILES</title></info>
<variablelist>
@@ -519,7 +519,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citetitle>RFC 1033</citetitle>,
<citetitle>RFC 1034</citetitle>,
<citetitle>RFC 1035</citetitle>,

14
bin/nsupdate/nsupdate.docbook
View File

@@ -85,7 +85,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>nsupdate</command>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -144,7 +144,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -353,7 +353,7 @@
</refsection>
<refsection><info><title>INPUT FORMAT</title></info>
<para><command>nsupdate</command>
reads input from
<parameter>filename</parameter>
@@ -785,7 +785,7 @@
</refsection>
<refsection><info><title>EXAMPLES</title></info>
<para>
The examples below show how
<command>nsupdate</command>
@@ -836,7 +836,7 @@
</refsection>
<refsection><info><title>FILES</title></info>
<variablelist>
<varlistentry>
@@ -885,7 +885,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citetitle>RFC 2136</citetitle>,
<citetitle>RFC 3007</citetitle>,
@@ -907,7 +907,7 @@
</refsection>
<refsection><info><title>BUGS</title></info>
<para>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

6
bin/pkcs11/pkcs11-destroy.docbook
View File

@@ -59,7 +59,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>pkcs11-destroy</command> destroys keys stored in a
PKCS#11 device, identified by their <option>ID</option> or
@@ -73,7 +73,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<variablelist>
<varlistentry>
<term>-m <replaceable class="parameter">module</replaceable></term>
@@ -138,7 +138,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>8</manvolnum>

6
bin/pkcs11/pkcs11-keygen.docbook
View File

@@ -62,7 +62,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>pkcs11-keygen</command> causes a PKCS#11 device to generate
a new key pair with the given <option>label</option> (which must be
@@ -71,7 +71,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<variablelist>
<varlistentry>
<term>-a <replaceable class="parameter">algorithm</replaceable></term>
@@ -185,7 +185,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>

6
bin/pkcs11/pkcs11-list.docbook
View File

@@ -57,7 +57,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>pkcs11-list</command>
lists the PKCS#11 objects with <option>ID</option> or
@@ -66,7 +66,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<variablelist>
<varlistentry>
<term>-P</term>
@@ -130,7 +130,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>

6
bin/pkcs11/pkcs11-tokens.docbook
View File

@@ -51,7 +51,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>pkcs11-tokens</command>
lists the PKCS#11 available tokens with defaults from the slot/token
@@ -60,7 +60,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<variablelist>
<varlistentry>
<term>-m <replaceable class="parameter">module</replaceable></term>
@@ -76,7 +76,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>

8
bin/python/dnssec-checkds.docbook
View File

@@ -65,7 +65,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-checkds</command>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -74,7 +74,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -92,7 +92,7 @@
<term>-l <replaceable class="parameter">domain</replaceable></term>
<listitem>
<para>
Check for a DLV record in the specified lookaside domain,
Check for a DLV record in the specified lookaside domain,
instead of checking for a DS record in the zone's parent.
For example, to check for DLV records for "example.com"
in ISC's DLV zone, use:
@@ -124,7 +124,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

8
bin/python/dnssec-coverage.docbook
View File

@@ -61,7 +61,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>dnssec-coverage</command>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -90,7 +90,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -122,7 +122,7 @@
<para>
The length of time to check for DNSSEC coverage. Key events
scheduled further into the future than <option>duration</option>
will be ignored, and assumed to be correct.
will be ignored, and assumed to be correct.
</para>
<para>
The value of <option>duration</option> can be set in seconds,
@@ -243,7 +243,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>dnssec-checkds</refentrytitle><manvolnum>8</manvolnum>

8
bin/rndc/rndc.conf.docbook
View File

@@ -60,7 +60,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><filename>rndc.conf</filename> is the configuration file
for <command>rndc</command>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -147,7 +147,7 @@
</refsection>
<refsection><info><title>EXAMPLE</title></info>
<para><programlisting>
options {
@@ -219,7 +219,7 @@
</refsection>
<refsection><info><title>NAME SERVER CONFIGURATION</title></info>
<para>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <filename>rndc.conf</filename>
@@ -230,7 +230,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

14
bin/rndc/rndc.docbook
View File

@@ -70,7 +70,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>rndc</command>
controls the operation of a name
server. It supersedes the <command>ndc</command> utility
@@ -102,7 +102,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -226,7 +226,7 @@
</refsection>
<refsection><info><title>COMMANDS</title></info>
<para>
A list of commands supported by <command>rndc</command> can
be seen by running <command>rndc</command> without arguments.
@@ -745,7 +745,7 @@
operations (such as signing or generating
NSEC3 chains) is stored in the zone in the form
of DNS resource records of type
<command>sig-signing-type</command>.
<command>sig-signing-type</command>.
<command>rndc signing -list</command> converts
these records into a human-readable form,
indicating which keys are currently signing
@@ -771,7 +771,7 @@
flags, iterations, and salt, in that order.
</para>
<para>
Currently, the only defined value for hash algorithm
Currently, the only defined value for hash algorithm
is <literal>1</literal>, representing SHA-1.
The <option>flags</option> may be set to
<literal>0</literal> or <literal>1</literal>,
@@ -964,7 +964,7 @@
</refsection>
<refsection><info><title>LIMITATIONS</title></info>
<para>
There is currently no way to provide the shared secret for a
<option>key_id</option> without using the configuration file.
@@ -975,7 +975,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,

4
bin/tools/arpaname.docbook
View File

@@ -51,7 +51,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>arpaname</command> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
@@ -59,7 +59,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>

6
bin/tools/dnstap-read.docbook
View File

@@ -53,7 +53,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>dnstap-read</command>
reads <command>dnstap</command> data from a specified file
@@ -65,7 +65,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
@@ -102,7 +102,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>

6
bin/tools/genrandom.docbook
View File

@@ -56,7 +56,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>genrandom</command>
generates a file or a set of files containing a specified quantity
@@ -66,7 +66,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<variablelist>
<varlistentry>
<term>-n <replaceable class="parameter">number</replaceable></term>
@@ -99,7 +99,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>rand</refentrytitle><manvolnum>3</manvolnum>

6
bin/tools/isc-hmac-fixup.docbook
View File

@@ -54,7 +54,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -81,7 +81,7 @@
</refsection>
<refsection><info><title>SECURITY CONSIDERATIONS</title></info>
<para>
Secrets that have been converted by <command>isc-hmac-fixup</command>
are shortened, but as this is how the HMAC protocol works in
@@ -93,7 +93,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2104</citetitle>.

10
bin/tools/mdig.docbook
View File

@@ -77,7 +77,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>mdig</command>
is a multiple/pipelined query version of <command>dig</command>:
instead of waiting for a response after sending each query,
@@ -126,7 +126,7 @@
</refsection>
<refsection><info><title>ANYWHERE OPTIONS</title></info>
<para>
The <option>-f</option> option makes <command>mdig</command>
@@ -149,7 +149,7 @@
</refsection>
<refsection><info><title>GLOBAL OPTIONS</title></info>
<para>
The <option>-4</option> option forces <command>mdig</command> to
@@ -390,7 +390,7 @@
</refsection>
<refsection><info><title>LOCAL OPTIONS</title></info>
<para>
The <option>-c</option> option sets the query class to
@@ -653,7 +653,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,

8
bin/tools/named-journalprint.docbook
View File

@@ -52,14 +52,14 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>named-journalprint</command>
prints the contents of a zone journal file in a human-readable
form.
form.
</para>
<para>
Journal files are automatically created by <command>named</command>
Journal files are automatically created by <command>named</command>
when changes are made to dynamic zones (e.g., by
<command>nsupdate</command>). They record each addition
or deletion of a resource record, in binary format, allowing the
@@ -79,7 +79,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>

4
bin/tools/named-rrchecker.docbook
View File

@@ -56,7 +56,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>named-rrchecker</command>
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@@ -85,7 +85,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citetitle>RFC 1034</citetitle>,
<citetitle>RFC 1035</citetitle>,

6
bin/tools/nsec3hash.docbook
View File

@@ -55,7 +55,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>nsec3hash</command> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -64,7 +64,7 @@
</refsection>
<refsection><info><title>ARGUMENTS</title></info>
<variablelist>
<varlistentry>
<term>salt</term>
@@ -108,7 +108,7 @@
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5155</citetitle>.

10
doc/arm/Bv9ARM-book.xml
View File

@@ -1819,7 +1819,7 @@ nameserver 172.16.72.4
<para>
TSIG keys can be generated using the <command>tsig-keygen</command>
command; the output of the command is a <command>key</command> directive
suitable for inclusion in <filename>named.conf</filename>. The
suitable for inclusion in <filename>named.conf</filename>. The
key name, algorithm and size can be specified by command line parameters;
the defaults are "tsig-key", HMAC-SHA256, and 256 bits, respectively.
</para>
@@ -1899,7 +1899,7 @@ key "host1-host2." {
signed using the specified key. Keys may also be specified
in the <command>also-notify</command> statement of a master
or slave zone, causing NOTIFY messages to be signed using
the specified key.
the specified key.
</para>
<para>
Keys can also be specified in a <command>server</command>
@@ -2004,7 +2004,7 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
<para>
The TKEY process is initiated by a client or server by sending
a query of type TKEY to a TKEY-aware server. The query must include
an appropriate KEY record in the additional section, and
an appropriate KEY record in the additional section, and
must be signed using either TSIG or SIG(0) with a previously
established key. The server's response, if successful, will
contain a TKEY record in its answer section. After this transaction,
@@ -4809,11 +4809,11 @@ badresp:1,adberr:0,findfail:0,valfail:0]
event payloads which are encoded using Protocol Buffers
(<command>libprotobuf-c</command>, a mechanism for
serializing structured data developed
by Google, Inc.; see
by Google, Inc.; see
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://developers.google.com/protocol-buffers/">https://developers.google.com/protocol-buffers</link>).
</para>
<para>
To enable <command>dnstap</command> at compile time,
To enable <command>dnstap</command> at compile time,
the <command>fstrm</command> and <command>protobuf-c</command>
libraries must be available, and BIND must be configured with
<option>--enable-dnstap</option>.

6
doc/arm/dlz.xml
View File

@@ -16,7 +16,7 @@
<!-- Converted by db4-upgrade version 1.0 -->
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dlz-info"><info><title>DLZ (Dynamically Loadable Zones)</title></info>
<para>
DLZ (Dynamically Loadable Zones) is an extension to BIND 9 that allows
zone data to be retrieved directly from an external database. There is
@@ -55,7 +55,7 @@
</para>
<section><info><title>Configuring DLZ</title></info>
<para>
A DLZ database is configured with a <command>dlz</command>
statement in <filename>named.conf</filename>:
@@ -103,7 +103,7 @@
</screen>
</section>
<section><info><title>Sample DLZ Driver</title></info>
<para>
For guidance in implementation of DLZ modules, the directory
<filename>contrib/dlz/example</filename> contains a basic

88
doc/arm/dnssec.xml
View File

@@ -16,23 +16,23 @@
<!-- Converted by db4-upgrade version 1.0 -->
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dnssec.dynamic.zones"><info><title>DNSSEC, Dynamic Zones, and Automatic Signing</title></info>
<para>As of BIND 9.7.0 it is possible to change a dynamic zone
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</para>
<section><info><title>Converting from insecure to secure</title></info>
</section>
<para>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
ways: using a dynamic DNS update, or the
<command>auto-dnssec</command> zone option.</para>
<para>For either method, you need to configure
<command>named</command> so that it can see the
<para>For either method, you need to configure
<command>named</command> so that it can see the
<filename>K*</filename> files which contain the public and private
parts of the keys that will be used to sign the zone. These files
will have been generated by
will have been generated by
<command>dnssec-keygen</command>. You can do this by placing them
in the key-directory, as specified in
in the key-directory, as specified in
<filename>named.conf</filename>:</para>
<programlisting>
zone example.net {
@@ -48,7 +48,7 @@
well. An NSEC chain will be generated as part of the initial
signing process.</para>
<section><info><title>Dynamic DNS update method</title></info>
</section>
<para>To insert the keys via dynamic update:</para>
<screen>
@@ -59,7 +59,7 @@
&gt; send
</screen>
<para>While the update request will complete almost immediately,
the zone will not be completely signed until
the zone will not be completely signed until
<command>named</command> has had time to walk the zone and
generate the NSEC and RRSIG records. The NSEC record at the apex
will be added last, to signal that there is a complete NSEC
@@ -77,7 +77,7 @@
&gt; send
</screen>
<para>Again, this update request will complete almost
immediately; however, the record won't show up until
immediately; however, the record won't show up until
<command>named</command> has had a chance to build/remove the
relevant chain. A private type record will be created to record
the state of the operation (see below for more details), and will
@@ -85,19 +85,19 @@
<para>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</para>
<section><info><title>Fully automatic zone signing</title></info>
</section>
<para>To enable automatic signing, add the
<command>auto-dnssec</command> option to the zone statement in
<filename>named.conf</filename>.
<command>auto-dnssec</command> has two possible arguments:
<constant>allow</constant> or
<para>To enable automatic signing, add the
<command>auto-dnssec</command> option to the zone statement in
<filename>named.conf</filename>.
<command>auto-dnssec</command> has two possible arguments:
<constant>allow</constant> or
<constant>maintain</constant>.</para>
<para>With
<command>auto-dnssec allow</command>,
<para>With
<command>auto-dnssec allow</command>,
<command>named</command> can search the key directory for keys
matching the zone, insert them into the zone, and use them to
sign the zone. It will do so only when it receives an
sign the zone. It will do so only when it receives an
<command>rndc sign &lt;zonename&gt;</command>.</para>
<para>
<!-- TODO: this is repeated in the ARM -->
@@ -105,7 +105,7 @@
functionality, but will also automatically adjust the zone's
DNSKEY records on schedule according to the keys' timing metadata.
(See <xref linkend="man.dnssec-keygen"/> and
<xref linkend="man.dnssec-settime"/> for more information.)
<xref linkend="man.dnssec-settime"/> for more information.)
</para>
<para>
<command>named</command> will periodically search the key directory
@@ -119,7 +119,7 @@
</para>
<para>
If keys are present in the key directory the first time the zone
is loaded, the zone will be signed immediately, without waiting for an
is loaded, the zone will be signed immediately, without waiting for an
<command>rndc sign</command> or <command>rndc loadkeys</command>
command. (Those commands can still be used when there are unscheduled
key changes, however.)
@@ -141,15 +141,15 @@
the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM
record will appear in the zone.
</para>
<para>Using the
<para>Using the
<command>auto-dnssec</command> option requires the zone to be
configured to allow dynamic updates, by adding an
<command>allow-update</command> or
configured to allow dynamic updates, by adding an
<command>allow-update</command> or
<command>update-policy</command> statement to the zone
configuration. If this has not been done, the configuration will
fail.</para>
<section><info><title>Private-type records</title></info>
</section>
<para>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
@@ -187,18 +187,18 @@
</literallayout>
</para>
<section><info><title>DNSKEY rollovers</title></info>
</section>
<para>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
keys can be done in two ways: using a dynamic DNS update, or the
<command>auto-dnssec</command> zone option.</para>
<section><info><title>Dynamic DNS update method</title></info>
</section>
<para> To perform key rollovers via dynamic update, you need to add
the <filename>K*</filename> files for the new keys so that
the <filename>K*</filename> files for the new keys so that
<command>named</command> can find them. You can then add the new
DNSKEY RRs via dynamic update.
DNSKEY RRs via dynamic update.
<command>named</command> will then cause the zone to be signed
with the new keys. When the signing is complete the private type
records will be updated so that the last octet is non
@@ -212,15 +212,15 @@
be able to verify at least one signature when you remove the old
DNSKEY.</para>
<para>The old DNSKEY can be removed via UPDATE. Take care to
specify the correct key.
specify the correct key.
<command>named</command> will clean out any signatures generated
by the old key after the update completes.</para>
<section><info><title>Automatic key rollovers</title></info>
</section>
<para>When a new key reaches its activation date (as set by
<command>dnssec-keygen</command> or <command>dnssec-settime</command>),
if the <command>auto-dnssec</command> zone option is set to
if the <command>auto-dnssec</command> zone option is set to
<constant>maintain</constant>, <command>named</command> will
automatically carry out the key rollover. If the key's algorithm
has not previously been used to sign the zone, then the zone will
@@ -232,7 +232,7 @@
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</para>
<section><info><title>NSEC3PARAM rollovers via UPDATE</title></info>
</section>
<para>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
@@ -240,7 +240,7 @@
record. The old chain will be removed after the update request
completes.</para>
<section><info><title>Converting from NSEC to NSEC3</title></info>
</section>
<para>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
@@ -248,30 +248,30 @@
chain will be generated before the NSEC chain is
destroyed.</para>
<section><info><title>Converting from NSEC3 to NSEC</title></info>
</section>
<para>To do this, use <command>nsupdate</command> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</para>
<section><info><title>Converting from secure to insecure</title></info>
</section>
<para>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<command>nsupdate</command>. All signatures, NSEC or NSEC3 chains,
and associated NSEC3PARAM records will be removed automatically.
This will take place after the update request completes.</para>
<para> This requires the
<command>dnssec-secure-to-insecure</command> option to be set to
<userinput>yes</userinput> in
<para> This requires the
<command>dnssec-secure-to-insecure</command> option to be set to
<userinput>yes</userinput> in
<filename>named.conf</filename>.</para>
<para>In addition, if the <command>auto-dnssec maintain</command>
zone statement is used, it should be removed or changed to
<command>allow</command> instead (or it will re-sign).
</para>
<section><info><title>Periodic re-signing</title></info>
</section>
<para>In any secure zone which supports dynamic updates, <command>named</command>
will periodically re-sign RRsets which have not been re-signed as
@@ -279,14 +279,14 @@
adjusted so as to spread the re-sign load over time rather than
all at once.</para>
<section><info><title>NSEC3 and OPTOUT</title></info>
</section>
<para>
<command>named</command> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
state.
state.
<command>named</command> supports UPDATES to zones where the NSEC3
records in the chain have mixed OPTOUT state.
records in the chain have mixed OPTOUT state.
<command>named</command> does not support changing the OPTOUT
state of an individual NSEC3 record, the entire chain needs to be
changed if the OPTOUT state of an individual NSEC3 needs to be

6
doc/arm/dyndb.xml
View File

@@ -16,7 +16,7 @@
<!-- Converted by db4-upgrade version 1.0 -->
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dyndb-info"><info><title>DynDB (Dynamic Database)</title></info>
<para>
DynDB is an extension to BIND 9 which, like DLZ
(see <xref linkend="dlz-info"/>), allows zone data to be
@@ -41,7 +41,7 @@
</para>
<section><info><title>Configuring DynDB</title></info>
<para>
A DynDB database is configured with a <command>dyndb</command>
statement in <filename>named.conf</filename>:
@@ -68,7 +68,7 @@
</para>
</section>
<section><info><title>Sample DynDB Module</title></info>
<para>
For guidance in implementation of DynDB modules, the directory
<filename>bin/tests/system/dyndb/driver</filename>.

30
doc/arm/libdns.xml
View File

@@ -16,7 +16,7 @@
<!-- Converted by db4-upgrade version 1.0 -->
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="bind9.library"><info><title>BIND 9 DNS Library Support</title></info>
<para>This version of BIND 9 "exports" its internal libraries so
that they can be used by third-party applications more easily (we
call them "export" libraries in this document). In addition to
@@ -53,7 +53,7 @@
</listitem>
</itemizedlist>
<section><info><title>Prerequisite</title></info>
<para>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -61,7 +61,7 @@
than "make" (e.g. "gmake") to indicate it's GNU make.</para>
</section>
<section><info><title>Compilation</title></info>
<screen>
$ <userinput>./configure --enable-exportlib <replaceable>[other flags]</replaceable></userinput>
$ <userinput>make</userinput>
@@ -75,7 +75,7 @@ $ <userinput>make</userinput>
lib/export/samples directory (see below).</para>
</section>
<section><info><title>Installation</title></info>
<screen>
$ <userinput>cd lib/export</userinput>
$ <userinput>make install</userinput>
@@ -96,7 +96,7 @@ $ <userinput>make install</userinput>
<filename>lib/export/samples/Makefile-postinstall.in</filename>.</para>
</section>
<section><info><title>Known Defects/Restrictions</title></info>
<itemizedlist>
<listitem>
<!-- TODO: what about AIX? -->
@@ -142,7 +142,7 @@ $ <userinput>make</userinput>
</itemizedlist>
</section>
<section><info><title>The dns.conf File</title></info>
<para>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -159,13 +159,13 @@ $ <userinput>make</userinput>
<xref linkend="trusted-keys"/> for details.)</para>
</section>
<section><info><title>Sample Applications</title></info>
<para>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</para>
<section><info><title>sample: a simple stub resolver utility</title></info>
<para>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -232,7 +232,7 @@ $ <userinput>make</userinput>
</variablelist>
</section>
<section><info><title>sample-async: a simple stub resolver, working asynchronously</title></info>
<para>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -278,7 +278,7 @@ $ <userinput>make</userinput>
</variablelist>
</section>
<section><info><title>sample-request: a simple DNS transaction client</title></info>
<para>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -330,7 +330,7 @@ $ <userinput>make</userinput>
</variablelist>
</section>
<section><info><title>sample-gai: getaddrinfo() and getnameinfo() test code</title></info>
<para>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -346,7 +346,7 @@ $ <userinput>make</userinput>
</para>
</section>
<section><info><title>sample-update: a simple dynamic update client program</title></info>
<para>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -448,14 +448,14 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
<para>
removes all A RRs for foo.dynamic.example.com using the given key.
</para>
<screen>
<screen>
$ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</userinput></screen>
<para>
removes all RRs for foo.dynamic.example.com using the given key.
</para>
</section>
<section><info><title>nsprobe: domain/name server checker in terms of RFC 4074</title></info>
<para>
It checks a set
of domains to see the name servers of the domains behave
@@ -520,7 +520,7 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
</section>
</section>
<section><info><title>Library References</title></info>
<para>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application

26
doc/arm/managed-keys.xml
View File

@@ -16,25 +16,25 @@
<!-- Converted by db4-upgrade version 1.0 -->
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="rfc5011.support"><info><title>Dynamic Trust Anchor Management</title></info>
<para>BIND 9.7.0 introduces support for RFC 5011, dynamic trust
anchor management. Using this feature allows
anchor management. Using this feature allows
<command>named</command> to keep track of changes to critical
DNSSEC keys without any need for the operator to make changes to
configuration files.</para>
<section><info><title>Validating Resolver</title></info>
<!-- TODO: command tag is overloaded for configuration and executables -->
<para>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
maintain a trust anchor, configure the trust anchor using a
<command>managed-keys</command> statement. Information about
this can be found in
this can be found in
<xref linkend="managed-keys"/>.</para>
<!-- TODO: managed-keys examples
also in DNSSEC section above here in ARM -->
</section>
<section><info><title>Authoritative Server</title></info>
<para>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -50,21 +50,21 @@ also in DNSSEC section above here in ARM -->
timer has completed, the active KSK can be revoked, and the
zone can be "rolled over" to the newly accepted key.</para>
<para>The easiest way to place a stand-by key in a zone is to
use the "smart signing" features of
<command>dnssec-keygen</command> and
use the "smart signing" features of
<command>dnssec-keygen</command> and
<command>dnssec-signzone</command>. If a key with a publication
date in the past, but an activation date which is unset or in
the future, "
the future, "
<command>dnssec-signzone -S</command>" will include the DNSKEY
record in the zone, but will not sign with it:</para>
<screen>
$ <userinput>dnssec-keygen -K keys -f KSK -P now -A now+2y example.net</userinput>
$ <userinput>dnssec-signzone -S -K keys example.net</userinput>
</screen>
<para>To revoke a key, the new command
<para>To revoke a key, the new command
<command>dnssec-revoke</command> has been added. This adds the
REVOKED bit to the key flags and re-generates the
<filename>K*.key</filename> and
REVOKED bit to the key flags and re-generates the
<filename>K*.key</filename> and
<filename>K*.private</filename> files.</para>
<para>After revoking the active key, the zone must be signed
with both the revoked KSK and the new active KSK. (Smart
@@ -82,7 +82,7 @@ $ <userinput>dnssec-signzone -S -K keys example.net</userinput>
"<filename>Kexample.com.+005+10128</filename>".</para>
<para>If two keys have IDs exactly 128 apart, and one is
revoked, then the two key IDs will collide, causing several
problems. To prevent this,
problems. To prevent this,
<command>dnssec-keygen</command> will not generate a new key if
another key is present which may collide. This checking will
only occur if the new keys are written to the same directory

2
doc/arm/notes-wrapper.xml
View File

@@ -18,6 +18,6 @@
<!-- Converted by db4-upgrade version 1.0 -->
<article xmlns="http://docbook.org/ns/docbook" version="5.0"><info><title/></info>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes.xml"/>
</article>

20
doc/arm/notes.xml
View File

@@ -23,14 +23,14 @@
<section xmlns="http://docbook.org/ns/docbook" version="5.0"><info/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
<section xml:id="relnotes_intro"><info><title>Introduction</title></info>
<para>
This document summarizes changes since the last production release
of BIND on the corresponding major release branch.
</para>
</section>
<section xml:id="relnotes_download"><info><title>Download</title></info>
<para>
The latest versions of BIND 9 software can always be found at
<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
@@ -40,7 +40,7 @@
</para>
</section>
<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
@@ -140,7 +140,7 @@
</itemizedlist>
</section>
<section xml:id="relnotes_features"><info><title>New Features</title></info>
<itemizedlist>
<listitem>
<para>
@@ -209,7 +209,7 @@
whose assistance is gratefully acknowledged.
</para>
<para>
To enable <command>dnstap</command> at compile time,
To enable <command>dnstap</command> at compile time,
the <command>fstrm</command> and <command>protobuf-c</command>
libraries must be available, and BIND must be configured with
<option>--enable-dnstap</option>.
@@ -507,7 +507,7 @@
</itemizedlist>
</section>
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
<itemizedlist>
<listitem>
<para>
@@ -675,7 +675,7 @@
</itemizedlist>
</section>
<section xml:id="relnotes_port"><info><title>Porting Changes</title></info>
<itemizedlist>
<listitem>
<para>
@@ -692,7 +692,7 @@
</itemizedlist>
</section>
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
<listitem>
<para>
@@ -869,7 +869,7 @@
</itemizedlist>
</section>
<section xml:id="end_of_life"><info><title>End of Life</title></info>
<para>
The end of life for BIND 9.11 is yet to be determined but
will not be before BIND 9.13.0 has been released for 6 months.
@@ -877,7 +877,7 @@
</para>
</section>
<section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
<para>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to

58
doc/arm/pkcs11.xml
View File

@@ -18,7 +18,7 @@
<!-- Converted by db4-upgrade version 1.0 -->
<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pkcs11"><info><title>PKCS#11 (Cryptoki) support</title></info>
<para>
PKCS#11 (Public Key Cryptography Standard #11) defines a
platform-independent API for the control of hardware security
@@ -50,7 +50,7 @@
the PKCS#11 API to drive the HSM directly.
</para>
<section><info><title>Prerequisites</title></info>
<para>
See the documentation provided by your HSM vendor for
information about installing, initializing, testing and
@@ -58,7 +58,7 @@
</para>
</section>
<section><info><title>Native PKCS#11</title></info>
<para>
Native PKCS#11 mode will only work with an HSM capable of carrying
out <emphasis>every</emphasis> cryptographic operation BIND 9 may
@@ -90,7 +90,7 @@ $ <userinput>./configure --enable-native-pkcs11 \
the <command>pkcs11-*</command> tools.)
</para>
<section><info><title>Building SoftHSMv2</title></info>
<para>
SoftHSMv2, the latest development version of SoftHSM, is available
from
@@ -127,7 +127,7 @@ $ <userinput> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
</section>
</section>
<section><info><title>OpenSSL-based PKCS#11</title></info>
<para>
OpenSSL-based PKCS#11 mode uses a modified version of the
OpenSSL library; stock OpenSSL does not fully support PKCS#11.
@@ -187,7 +187,7 @@ $ <userinput> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
it with the path to your HSM's PKCS#11 provider library.
</para>
<section><info><title>Patching OpenSSL</title></info>
<screen>
$ <userinput>wget <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</link></userinput>
</screen>
@@ -219,7 +219,7 @@ $ <userinput>patch -p1 -d openssl-0.9.8zc \
</section>
<section><info><title>Building OpenSSL for the AEP Keyper on Linux</title></info>
<!-- Example 1 -->
<para>
The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
@@ -261,7 +261,7 @@ $ <userinput>./Configure linux-generic32 -m32 -pthread \
</section>
<section><info><title>Building OpenSSL for the SCA 6000 on Solaris</title></info>
<!-- Example 2 -->
<para>
The SCA-6000 PKCS#11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
@@ -283,14 +283,14 @@ $ <userinput>./Configure solaris64-x86_64-cc \
(For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.)
</para>
<para>
After configuring, run
<command>make</command> and
After configuring, run
<command>make</command> and
<command>make test</command>.
</para>
</section>
<section><info><title>Building OpenSSL for SoftHSM</title></info>
<!-- Example 3 -->
<para>
SoftHSM (version 1) is a software library developed by the
OpenDNSSEC project
@@ -365,7 +365,7 @@ $ <userinput>./Configure linux-x86_64 -pthread \
</para>
<section><info><title>Configuring BIND 9 for Linux with the AEP Keyper</title></info>
<!-- Example 4 -->
<para>
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
@@ -385,7 +385,7 @@ $ <userinput>./configure CC="gcc -m32" --enable-threads \
</section>
<section><info><title>Configuring BIND 9 for Solaris with the SCA 6000</title></info>
<!-- Example 5 -->
<para>
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
@@ -407,7 +407,7 @@ $ <userinput>./configure CC="cc -xarch=amd64" --enable-threads \
</section>
<section><info><title>Configuring BIND 9 for SoftHSM</title></info>
<!-- Example 6 -->
<screen>
$ <userinput>cd ../bind9</userinput>
$ <userinput>./configure --enable-threads \
@@ -427,12 +427,12 @@ $ <userinput>./configure --enable-threads \
</para>
</section>
<section><info><title>PKCS#11 Tools</title></info>
<para>
BIND 9 includes a minimal set of tools to operate the
HSM, including
HSM, including
<command>pkcs11-keygen</command> to generate a new key pair
within the HSM,
within the HSM,
<command>pkcs11-list</command> to list objects currently
available,
<command>pkcs11-destroy</command> to remove objects, and
@@ -449,7 +449,7 @@ $ <userinput>./configure --enable-threads \
</para>
</section>
<section><info><title>Using the HSM</title></info>
<para>
For OpenSSL-based PKCS#11, we must first set up the runtime
environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -468,7 +468,7 @@ $ <userinput>export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${LD_LIBRARY_PATH}</user
For example, when operating an AEP Keyper, it is necessary to
specify the location of the "machine" file, which stores
information about the Keyper for use by the provider
library. If the machine file is in
library. If the machine file is in
<filename>/opt/Keyper/PKCS11Provider/machine</filename>,
use:
</para>
@@ -477,12 +477,12 @@ $ <userinput>export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11Provider</userinput>
</screen>
<para>
Such environment variables must be set whenever running
any tool that uses the HSM, including
<command>pkcs11-keygen</command>,
<command>pkcs11-list</command>,
<command>pkcs11-destroy</command>,
<command>dnssec-keyfromlabel</command>,
<command>dnssec-signzone</command>,
any tool that uses the HSM, including
<command>pkcs11-keygen</command>,
<command>pkcs11-list</command>,
<command>pkcs11-destroy</command>,
<command>dnssec-keyfromlabel</command>,
<command>dnssec-signzone</command>,
<command>dnssec-keygen</command>, and
<command>named</command>.
</para>
@@ -569,7 +569,7 @@ example.net.signed
</screen>
</section>
<section><info><title>Specifying the engine on the command line</title></info>
<para>
When using OpenSSL-based PKCS#11, the "engine" to be used by
OpenSSL can be specified in <command>named</command> and all of
@@ -589,7 +589,7 @@ example.net.signed
$ <userinput>dnssec-signzone -E '' -S example.net</userinput>
</screen>
<para>
This causes
This causes
<command>dnssec-signzone</command> to run as if it were compiled
without the --with-pkcs11 option.
</para>
@@ -600,13 +600,13 @@ $ <userinput>dnssec-signzone -E '' -S example.net</userinput>
</para>
</section>
<section><info><title>Running named with automatic zone re-signing</title></info>
<para>
If you want <command>named</command> to dynamically re-sign zones
using HSM keys, and/or to to sign new records inserted via nsupdate,
then <command>named</command> must have access to the HSM PIN. In OpenSSL-based PKCS#11,
this is accomplished by placing the PIN into the openssl.cnf file
(in the above examples,
(in the above examples,
<filename>/opt/pkcs11/usr/ssl/openssl.cnf</filename>).
</para>
<para>

2
doc/xsl/copyright.xsl
View File

@@ -71,7 +71,7 @@
</xsl:variable>
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

4
doc/xsl/isc-docbook-chunk.xsl.in
View File

@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- ISC customizations for Docbook-XSL chunked HTML generator -->
<!-- ISC customizations for Docbook-XSL chunked HTML generator -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -64,7 +64,7 @@
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

4
doc/xsl/isc-docbook-html.xsl.in
View File

@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- ISC customizations for Docbook-XSL HTML generator -->
<!-- ISC customizations for Docbook-XSL HTML generator -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -57,7 +57,7 @@
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

4
doc/xsl/isc-docbook-text.xsl
View File

@@ -16,7 +16,7 @@
<!-- $Id$ -->
<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. -->
<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0">
@@ -43,7 +43,7 @@
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

6
doc/xsl/isc-manpage.xsl.in
View File

@@ -48,7 +48,7 @@
<xsl:text>.ad l&#10;</xsl:text>
</xsl:variable>
<!--
<!--
- Override Docbook template to insert our copyright,
- disable chunking, and suppress output of .so files.
-->
@@ -88,7 +88,7 @@
</xsl:choose>
</xsl:template>
<!--
<!--
- Override Docbook template to change formatting.
- We just want the element name in boldface, no subsection header.
-->
@@ -139,7 +139,7 @@
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

4
doc/xsl/isc-notes-html.xsl.in
View File

@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- ISC customizations for Docbook-XSL HTML generator -->
<!-- ISC customizations for Docbook-XSL HTML generator -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -62,7 +62,7 @@
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

2
doc/xsl/notes-param.xsl
View File

@@ -21,7 +21,7 @@
xmlns:db="http://docbook.org/ns/docbook">
</xsl:stylesheet>
<!--
<!--
- Local variables:
- mode: sgml
- End:

2
doc/xsl/pre-latex.xsl
View File

@@ -19,7 +19,7 @@
<!--
- Whack &mdash; into something that won't choke LaTeX.
- There's probably a better way to do this, but this will work for now.
-->
-->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"

6
isc-config.sh.docbook
View File

@@ -57,7 +57,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><command>isc-config.sh</command>
prints information related to the installed version of ISC BIND,
such as the compiler and linker flags required to compile
@@ -80,7 +80,7 @@
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
@@ -142,7 +142,7 @@
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><command>isc-config.sh</command>
returns an exit status of 1 if
invoked with invalid arguments or no arguments at all.

10
lib/lwres/man/lwres.docbook
View File

@@ -58,7 +58,7 @@
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
The BIND 9 lightweight resolver library is a simple, name service
independent stub resolver library. It provides hostname-to-address
@@ -74,7 +74,7 @@
</refsection>
<refsection><info><title>OVERVIEW</title></info>
<para>
The lwresd library implements multiple name service APIs.
The standard
@@ -128,7 +128,7 @@
</para>
</refsection>
<refsection><info><title>CLIENT-SIDE LOW-LEVEL API CALL FLOW</title></info>
<para>
When a client program wishes to make an lwres request using the
native low-level API, it typically performs the following
@@ -176,7 +176,7 @@
</para>
</refsection>
<refsection><info><title>SERVER-SIDE LOW-LEVEL API CALL FLOW</title></info>
<para>
When implementing the server side of the lightweight resolver
protocol using the lwres library, a sequence of actions like the
@@ -218,7 +218,7 @@
<para/>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres_gethostent</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,

2
lib/lwres/man/lwres_buffer.docbook
View File

@@ -204,7 +204,7 @@ void
<refsection><info><title>DESCRIPTION</title></info>
<para>
These functions provide bounds checked access to a region of memory
where data is being read or written.

8
lib/lwres/man/lwres_config.docbook
View File

@@ -95,7 +95,7 @@ lwres_conf_t *
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_conf_init()</function>
creates an empty
@@ -133,7 +133,7 @@ lwres_conf_t *
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><function>lwres_conf_parse()</function>
returns <errorcode>LWRES_R_SUCCESS</errorcode>
@@ -154,7 +154,7 @@ lwres_conf_t *
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>stdio</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -164,7 +164,7 @@ lwres_conf_t *
</para>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/resolv.conf</filename>
</para>
</refsection>

6
lib/lwres/man/lwres_context.docbook
View File

@@ -120,7 +120,7 @@ void *
</funcsynopsis>
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_context_create()</function>
creates a <type>lwres_context_t</type> structure for use in
@@ -219,7 +219,7 @@ void *
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><function>lwres_context_create()</function>
returns <errorcode>LWRES_R_NOMEMORY</errorcode> if memory for
@@ -245,7 +245,7 @@ void *
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres_conf_init</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,

6
lib/lwres/man/lwres_gabn.docbook
View File

@@ -114,7 +114,7 @@ void
</funcsynopsis>
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
These are low-level routines for creating and parsing
lightweight resolver name-to-address lookup request and
@@ -213,7 +213,7 @@ typedef struct {
</para>
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
The getaddrbyname opcode functions
<function>lwres_gabnrequest_render()</function>,
@@ -251,7 +251,7 @@ typedef struct {
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>

4
lib/lwres/man/lwres_gai_strerror.docbook
View File

@@ -65,7 +65,7 @@ char *
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_gai_strerror()</function>
returns an error message corresponding to an error code returned by
@@ -177,7 +177,7 @@ char *
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,

6
lib/lwres/man/lwres_getaddrinfo.docbook
View File

@@ -97,7 +97,7 @@ struct addrinfo {
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_getaddrinfo()</function>
is used to get a list of IP addresses and port numbers for host
@@ -323,7 +323,7 @@ struct addrinfo {
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><function>lwres_getaddrinfo()</function>
returns zero on success or one of the error codes listed in
@@ -337,7 +337,7 @@ struct addrinfo {
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,

8
lib/lwres/man/lwres_gethostent.docbook
View File

@@ -151,7 +151,7 @@ void
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
These functions provide hostname-to-address and
address-to-hostname lookups by means of the lightweight resolver.
@@ -313,7 +313,7 @@ struct hostent {
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
The functions
<function>lwres_gethostbyname()</function>,
@@ -397,7 +397,7 @@ struct hostent {
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>gethostent</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -413,7 +413,7 @@ struct hostent {
</refsection>
<refsection><info><title>BUGS</title></info>
<para><function>lwres_gethostbyname()</function>,
<function>lwres_gethostbyname2()</function>,
<function>lwres_gethostbyaddr()</function>

6
lib/lwres/man/lwres_getipnode.docbook
View File

@@ -85,7 +85,7 @@ void
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
These functions perform thread safe, protocol independent
@@ -240,7 +240,7 @@ struct hostent {
</para>
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
If an error occurs,
<function>lwres_getipnodebyname()</function>
@@ -300,7 +300,7 @@ struct hostent {
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>RFC2553</refentrytitle>
</citerefentry>,

8
lib/lwres/man/lwres_getnameinfo.docbook
View File

@@ -72,7 +72,7 @@ int
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
This function is equivalent to the
@@ -163,13 +163,13 @@ int
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><function>lwres_getnameinfo()</function>
returns 0 on success or a non-zero error code if an error occurs.
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>RFC2133</refentrytitle>
</citerefentry>,
@@ -191,7 +191,7 @@ int
</para>
</refsection>
<refsection><info><title>BUGS</title></info>
<para>
RFC2133 fails to define what the nonzero return values of
<citerefentry>

6
lib/lwres/man/lwres_getrrsetbyname.docbook
View File

@@ -100,7 +100,7 @@ struct rrsetinfo {
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_getrrsetbyname()</function>
gets a set of resource records associated with a
<parameter>hostname</parameter>, <parameter>class</parameter>,
@@ -148,7 +148,7 @@ struct rrsetinfo {
<para/>
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para><function>lwres_getrrsetbyname()</function>
returns zero on success, and one of the following error codes if
an error occurred:
@@ -211,7 +211,7 @@ struct rrsetinfo {
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.

6
lib/lwres/man/lwres_gnba.docbook
View File

@@ -126,7 +126,7 @@ void
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
These are low-level routines for creating and parsing
lightweight resolver address-to-name lookup request and
@@ -214,7 +214,7 @@ typedef struct {
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
The getnamebyaddr opcode functions
<function>lwres_gnbarequest_render()</function>,
@@ -252,7 +252,7 @@ typedef struct {
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.

6
lib/lwres/man/lwres_hstrerror.docbook
View File

@@ -71,7 +71,7 @@ const char *
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_herror()</function>
prints the string <parameter>s</parameter> on
@@ -126,7 +126,7 @@ const char *
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
The string <errorname>Unknown resolver error</errorname> is returned by
<function>lwres_hstrerror()</function>
@@ -136,7 +136,7 @@ const char *
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>herror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,

6
lib/lwres/man/lwres_inetntop.docbook
View File

@@ -69,7 +69,7 @@ const char *
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_net_ntop()</function>
converts an IP address of protocol family
@@ -90,7 +90,7 @@ const char *
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
If successful, the function returns <parameter>dst</parameter>:
@@ -105,7 +105,7 @@ const char *
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>RFC1884</refentrytitle>
</citerefentry>,

6
lib/lwres/man/lwres_noop.docbook
View File

@@ -115,7 +115,7 @@ void
</funcsynopsis>
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
These are low-level routines for creating and parsing
lightweight resolver no-op request and response messages.
@@ -207,7 +207,7 @@ typedef struct {
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
The no-op opcode functions
<function>lwres_nooprequest_render()</function>,
@@ -246,7 +246,7 @@ typedef struct {
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>

4
lib/lwres/man/lwres_packet.docbook
View File

@@ -72,7 +72,7 @@ lwres_result_t
</funcsynopsis>
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
These functions rely on a
<type>struct lwres_lwpacket</type>
@@ -273,7 +273,7 @@ struct lwres_lwpacket {
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
Successful calls to
<function>lwres_lwpacket_renderheader()</function> and

6
lib/lwres/man/lwres_resutil.docbook
View File

@@ -95,7 +95,7 @@ lwres_result_t
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para><function>lwres_string_parse()</function>
retrieves a DNS-encoded string starting the current pointer of
@@ -181,7 +181,7 @@ typedef struct {
</refsection>
<refsection><info><title>RETURN VALUES</title></info>
<para>
Successful calls to
<function>lwres_string_parse()</function>
@@ -222,7 +222,7 @@ typedef struct {
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>lwres_buffer</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,

8
util/update_copyrights
View File

@@ -559,6 +559,14 @@ foreach $file (keys %file_types) {
$body = "$body$_";
}
$_ = $body;
} elsif ($type eq "SGML" && $sysyears =~ /$this_year/) {
my $body = "";
while (<SOURCE>) {
# Remove trailing white space.
s/[ \t]*$//;
$body = "$body$_";
}
$_ = $body;
} else {
undef $/;
$_ = <SOURCE>;