Fix broken links in documentation

Some detected links are not to be verified (127.*, dnssec-or-not.com) and some I can't fix (flaticon, godaddy, icann), but they are not crucial.
2025-08-22 10:10:06 +00:00 · 2025-01-24 11:50:36 +01:00 · 2025-01-24 11:50:36 +01:00 · 8302469507
commit 8302469507
parent 4dfc12cb44
12 changed files with 21 additions and 20 deletions
--- a/bin/dnssec/dnssec-signzone.rst
+++ b/bin/dnssec/dnssec-signzone.rst
@ -274,7 +274,7 @@ Options
   with cached copies of the old DNSKEY RRset. The :option:`-Q` option forces
   :program:`dnssec-signzone` to remove signatures from keys that are no longer
   active. This enables ZSK rollover using the procedure described in
-   :rfc:`6781#4.1.1.1` ("Pre-Publish Key Rollover").
+   :rfc:`6781#section-4.1.1.1` ("Pre-Publish Zone Signing Key Rollover").
 .. option:: -q
@ -291,7 +291,7 @@ Options
   This option is similar to :option:`-Q`, except it forces
   :program:`dnssec-signzone` to remove signatures from keys that are no longer
   published. This enables ZSK rollover using the procedure described in
-   :rfc:`6781#4.1.1.2` ("Double Signature Zone Signing Key
+   :rfc:`6781#section-4.1.1.2` ("Double Signature Zone Signing Key
   Rollover").
 .. option:: -S
--- a/doc/arm/build.inc.rst
+++ b/doc/arm/build.inc.rst
@ -105,8 +105,9 @@ unavailable, ``--disable-doh`` can be used to disable DoH support.
 To support the HTTP statistics channel, the server must be linked with
 at least one of the following libraries: ``libxml2``
-(http://xmlsoft.org) or ``json-c`` (https://github.com/json-c/json-c).
+(https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home) or ``json-c``
-If these are installed at a nonstandard location, then:
+(https://github.com/json-c/json-c).  If these are installed at a
 nonstandard location, then:
 - for ``libxml2``, specify the prefix using ``--with-libxml2=/prefix``,
 - for ``json-c``, adjust ``PKG_CONFIG_PATH``.
@ -130,7 +131,7 @@ installed in a nonstandard location, specify the prefix using
 For DNSTAP packet logging, ``libfstrm``
 (https://github.com/farsightsec/fstrm) and ``libprotobuf-c``
-(https://developers.google.com/protocol-buffers) must be installed, and
+(https://protobuf.dev) must be installed, and
 BIND must be configured with ``--enable-dnstap``.
 To support internationalized domain names in :iscman:`dig`, ``libidn2``
@ -176,6 +177,6 @@ macOS
 Building on macOS assumes that the “Command Tools for Xcode” are
 installed. These can be downloaded from
-https://developer.apple.com/download/more/ or, if Xcode is already
+https://developer.apple.com/xcode/resources/ or, if Xcode is already
 installed, simply run ``xcode-select --install``. (Note that an Apple ID
 may be required to access the download page.)
--- a/doc/arm/general.rst
+++ b/doc/arm/general.rst
@ -39,7 +39,7 @@ The list is non-exhaustive.
 .. _Internet Engineering Steering Group: https://www.ietf.org/about/groups/iesg/
 .. _Internet Engineering Task Force: https://www.ietf.org/about/
-.. _Request for Comments: https://www.ietf.org/standards/rfcs/
+.. _Request for Comments: https://www.ietf.org/process/rfcs/
 Some of these RFCs, though DNS-related, are not concerned with implementing
 software.
--- a/doc/arm/intro-dns-bind.inc.rst
+++ b/doc/arm/intro-dns-bind.inc.rst
@ -102,7 +102,7 @@ that could be packed into a 512-byte UDP message, and not a perverse affinity fo
 cultures treat as unlucky. The 512-byte UDP data limit
 is no longer a limiting factor and all root servers now support both IPv4 and IPv6. In addition, almost all the
 root servers use **anycast**, with well over
-300 instances of the root servers now providing service worldwide (see further information at https://www.root-servers.org).
+300 instances of the root servers now providing service worldwide (see further information at https://root-servers.org).
 The root servers are the starting point for all **name resolution** within the DNS.
 Name Resolution
--- a/doc/arm/pkcs11.inc.rst
+++ b/doc/arm/pkcs11.inc.rst
@ -42,7 +42,7 @@ Building SoftHSMv2
 ^^^^^^^^^^^^^^^^^^
 SoftHSMv2, the latest development version of SoftHSM, is available from
-https://github.com/opendnssec/SoftHSMv2. It is a software library
+https://github.com/softhsm/SoftHSMv2. It is a software library
 developed by the OpenDNSSEC project (https://www.opendnssec.org) which
 provides a PKCS#11 interface to a virtual HSM, implemented in the form
 of an SQLite3 database on the local filesystem. It provides less security
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -1181,7 +1181,7 @@ default is used.
   https://github.com/farsightsec/fstrm) to send event payloads which
   are encoded using Protocol Buffers (``libprotobuf-c``, a mechanism
   for serializing structured data developed by Google, Inc.; see
-   https://developers.google.com/protocol-buffers/).
+   https://protobuf.dev).
   To enable :any:`dnstap` at compile time, the ``fstrm`` and
   ``protobuf-c`` libraries must be available, and BIND must be
@ -5743,7 +5743,7 @@ The following options can be specified in a :any:`tls` statement:
    ``TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256``.
    The string must be formed according to the rules specified in the
    OpenSSL documentation (see
-    https://www.openssl.org/docs/man1.1.1/man1/ciphers.html, section
+    https://docs.openssl.org/1.1.1/man1/ciphers/, section
    "TLS v1.3 cipher suites" for details).
 .. namedconf:statement:: ciphers
@ -5753,7 +5753,7 @@ The following options can be specified in a :any:`tls` statement:
    This option defines allowed ciphers, such as
    ``HIGH:!aNULL:!MD5:!SHA1:!SHA256:!SHA384``. The string must be
    formed according to the rules specified in the OpenSSL documentation
-    (see https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
+    (see https://docs.openssl.org/1.1.1/man1/ciphers/
    for details).
 .. namedconf:statement:: prefer-server-ciphers
--- a/doc/arm/rpz.inc.rst
+++ b/doc/arm/rpz.inc.rst
@ -727,8 +727,8 @@ particular). This is a concern for some network administrators who do not
 want their users' DNS queries to be rerouted unexpectedly. However,
 Mozilla provides a mechanism to disable the DoH-by-default setting:
 if the Mozilla-owned domain `use-application-dns.net
-<https://use-application-dns.net>`_ returns an NXDOMAIN response code, Firefox
+<https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet>`_
-will not use DoH.
+returns an NXDOMAIN response code, Firefox will not use DoH.
 To accomplish this using RPZ:
--- a/doc/arm/troubleshooting.inc.rst
+++ b/doc/arm/troubleshooting.inc.rst
@ -42,7 +42,7 @@ back to plain DNS queries without EDNS.
 Such workarounds cause unnecessary resolution delays, increase code
 complexity, and prevent deployment of new DNS features. In February
 2019, all major DNS software vendors removed these
-workarounds; see https://dnsflagday.net/2019 for further details. This change
+workarounds; see https://www.dnsflagday.net/2019/ for further details. This change
 was implemented in BIND as of release 9.14.0.
 As a result, some domains may be non-resolvable without manual
--- a/doc/changelog/changelog-9.21.1.rst
+++ b/doc/changelog/changelog-9.21.1.rst
@ -25,8 +25,8 @@ New Features
  are loaded from the currently active bundle from the imported SKR.
  The implementation is loosely based on:
-  https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-
+  https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txt
-  keymgmt-01.txt :gl:`#1128` :gl:`!9119`
+  :gl:`#1128` :gl:`!9119`
 - Implement the 'request-ixfr-max-diffs' configuration option.
  ``99b18bab7e1``
--- a/doc/dnssec-guide/introduction.rst
+++ b/doc/dnssec-guide/introduction.rst
@ -376,7 +376,7 @@ want to consider deploying DNSSEC:
   requesting all ``.gov`` subdomains to be DNSSEC-signed by December
   2009. This explains why ``.gov`` is the most-deployed DNSSEC domain
   currently, with `around 90% of subdomains
-   signed. <https://fedv6-deployment.antd.nist.gov/cgi-bin/generate-gov>`__
+   signed. <https://usgv6-deploymon.nist.gov/cgi-bin/generate-gov>`__
 .. _how_does_dnssec_change_my_job:
--- a/doc/dnssec-guide/preface.rst
+++ b/doc/dnssec-guide/preface.rst
@ -78,6 +78,6 @@ Considerations" by S. Morris, J. Ihren, J. Dickinson, and W. Mekking,
 subsequently published as :rfc:`7583`.
 Icons made by `Freepik <https://www.freepik.com/>`__ and
-`SimpleIcon <https://www.simpleicon.com/>`__ from
+`SimpleIcon <https://simpleicon.com/>`__ from
 `Flaticon <https://www.flaticon.com/>`__, licensed under `Creative Commons BY
 3.0 <https://creativecommons.org/licenses/by/3.0/>`__.
--- a/doc/dnssec-guide/validation.rst
+++ b/doc/dnssec-guide/validation.rst
@ -110,7 +110,7 @@ Configure your client computer to use the newly reconfigured recursive
 server for DNS resolution; then use one of these web-based tests to
 confirm that it is in fact validating DNS responses.
-  `Internet.nl <https://en.conn.internet.nl/connection/>`__
+-  `Internet.nl <http://conn.internet.nl/connection/>`__
 -  `DNSSEC or Not (VeriSign) <https://www.dnssec-or-not.com/>`__