mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

regen master

Browse Source
This commit is contained in:
Tinderbox User
2015-09-30 01:06:20 +00:00
parent 55cfbf322d
commit 983df82baf
40 changed files with 588 additions and 1865 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
doc/arm/Bv9ARM.ch04.html
View File

@@ -70,44 +70,49 @@
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614097">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614134">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563653">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563832">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563869">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563882">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563984">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564010">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564020">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564029">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564042">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564080">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564093">NSEC3 and OPTOUT</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614170">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563622">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563658">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563837">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563875">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563888">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563921">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563947">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563957">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564035">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564048">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564085">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2587924">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613542">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613564">Authoritative Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2588425">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2588448">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613670">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613680">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614508">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641483">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641520">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641737">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641853">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2669040">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2669049">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614309">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641625">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641661">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641947">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2642064">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613752">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613894">Sample DLZ Driver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614577">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614650">Sample DLZ Driver</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571523">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dyndb-info">DynDB (Dynamic Database)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571789">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571811">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563597">Configuring DynDB</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614913">Sample DynDB Module</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571527">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571794">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571815">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -1080,7 +1085,7 @@ options {
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2614097"></a>Converting from insecure to secure</h3></div></div></div></div>
<a name="id2614170"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@@ -1106,7 +1111,7 @@ options {
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2614134"></a>Dynamic DNS update method</h3></div></div></div></div>
<a name="id2563622"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@@ -1142,7 +1147,7 @@ options {
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563653"></a>Fully automatic zone signing</h3></div></div></div></div>
<a name="id2563658"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
@@ -1205,7 +1210,7 @@ options {
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563832"></a>Private-type records</h3></div></div></div></div>
<a name="id2563837"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -1246,12 +1251,12 @@ options {
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563869"></a>DNSKEY rollovers</h3></div></div></div></div>
<a name="id2563875"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563882"></a>Dynamic DNS update method</h3></div></div></div></div>
<a name="id2563888"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1273,7 +1278,7 @@ options {
<span><strong class="command">named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563984"></a>Automatic key rollovers</h3></div></div></div></div>
<a name="id2563921"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
@@ -1288,27 +1293,27 @@ options {
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2564010"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<a name="id2563947"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2564020"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<a name="id2563957"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2564029"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<a name="id2564035"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2564042"></a>Converting from secure to insecure</h3></div></div></div></div>
<a name="id2564048"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1323,14 +1328,14 @@ options {
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2564080"></a>Periodic re-signing</h3></div></div></div></div>
<a name="id2564085"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, <span><strong class="command">named</strong></span>
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2564093"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<a name="id2587924"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
@@ -1352,7 +1357,7 @@ options {
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613542"></a>Validating Resolver</h3></div></div></div>
<a name="id2588425"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1363,7 +1368,7 @@ options {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613564"></a>Authoritative Server</h3></div></div></div>
<a name="id2588448"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1460,7 +1465,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613670"></a>Prerequisites</h3></div></div></div>
<a name="id2669040"></a>Prerequisites</h3></div></div></div>
<p>
See the documentation provided by your HSM vendor for
information about installing, initializing, testing and
@@ -1469,7 +1474,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613680"></a>Native PKCS#11</h3></div></div></div>
<a name="id2669049"></a>Native PKCS#11</h3></div></div></div>
<p>
Native PKCS#11 mode will only work with an HSM capable of carrying
out <span class="emphasis"><em>every</em></span> cryptographic operation BIND 9 may
@@ -1502,7 +1507,7 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614442"></a>Building SoftHSMv2</h4></div></div></div>
<a name="id2614038"></a>Building SoftHSMv2</h4></div></div></div>
<p>
SoftHSMv2, the latest development version of SoftHSM, is available
from
@@ -1540,7 +1545,7 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2614508"></a>OpenSSL-based PKCS#11</h3></div></div></div>
<a name="id2614309"></a>OpenSSL-based PKCS#11</h3></div></div></div>
<p>
OpenSSL-based PKCS#11 mode uses a modified version of the
OpenSSL library; stock OpenSSL does not fully support PKCS#11.
@@ -1598,7 +1603,7 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614546"></a>Patching OpenSSL</h4></div></div></div>
<a name="id2614414"></a>Patching OpenSSL</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>wget <a href="" target="_top">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</a></code></strong>
</pre>
@@ -1631,7 +1636,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614604"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<a name="id2614473"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>
The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
@@ -1673,7 +1678,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614674"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<a name="id2614542"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>
The SCA-6000 PKCS#11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
@@ -1702,7 +1707,7 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2614859"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<a name="id2614796"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<p>
SoftHSM (version 1) is a software library developed by the
OpenDNSSEC project
@@ -1777,7 +1782,7 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2641298"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<a name="id2641440"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<p>
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
@@ -1797,7 +1802,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2641330"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<a name="id2641472"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<p>
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
@@ -1819,7 +1824,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2641366"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<a name="id2641508"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure --enable-threads \
@@ -1840,7 +1845,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2641483"></a>PKCS#11 Tools</h3></div></div></div>
<a name="id2641625"></a>PKCS#11 Tools</h3></div></div></div>
<p>
BIND 9 includes a minimal set of tools to operate the
HSM, including
@@ -1863,7 +1868,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2641520"></a>Using the HSM</h3></div></div></div>
<a name="id2641661"></a>Using the HSM</h3></div></div></div>
<p>
For OpenSSL-based PKCS#11, we must first set up the runtime
environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -1984,7 +1989,7 @@ example.net.signed
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2641737"></a>Specifying the engine on the command line</h3></div></div></div>
<a name="id2641947"></a>Specifying the engine on the command line</h3></div></div></div>
<p>
When using OpenSSL-based PKCS#11, the "engine" to be used by
OpenSSL can be specified in <span><strong class="command">named</strong></span> and all of
@@ -2016,7 +2021,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2641853"></a>Running named with automatic zone re-signing</h3></div></div></div>
<a name="id2642064"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>
If you want <span><strong class="command">named</strong></span> to dynamically re-sign zones
using HSM keys, and/or to to sign new records inserted via nsupdate,
@@ -2103,7 +2108,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613752"></a>Configuring DLZ</h3></div></div></div>
<a name="id2614577"></a>Configuring DLZ</h3></div></div></div>
<p>
A DLZ database is configured with a <span><strong class="command">dlz</strong></span>
statement in <code class="filename">named.conf</code>:
@@ -2152,7 +2157,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613894"></a>Sample DLZ Driver</h3></div></div></div>
<a name="id2614650"></a>Sample DLZ Driver</h3></div></div></div>
<p>
For guidance in implementation of DLZ modules, the directory
<code class="filename">contrib/dlz/example</code> contains a basic
@@ -2202,7 +2207,96 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571523"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<a name="dyndb-info"></a>DynDB (Dynamic Database)</h2></div></div></div>
<p>
DynDB is an extension to BIND 9 which, like DLZ
(see <a href="Bv9ARM.ch04.html#dlz-info" title="DLZ (Dynamically Loadable Zones)">the section called &#8220;DLZ (Dynamically Loadable Zones)&#8221;</a>), allows zone data to be
retrieved from an external database. Unlike DLZ, a DynDB module
provides a full-featured BIND zone database interface. Where
DLZ translates DNS queries into real-time database lookups,
resulting in relatively poor query performance, and is unable
to handle DNSSEC-signed data due to its limited API, a DynDB
module can pre-load an in-memory database from the external
data source, providing the same performance and functionality
as zones served natively by BIND.
</p>
<p>
A DynDB module supporting LDAP has been created by Red Hat
and is available from
<a href="https://fedorahosted.org/bind-dyndb-ldap/" target="_top">https://fedorahosted.org/bind-dyndb-ldap/</a>.
</p>
<p>
A sample DynDB module for testing and developer guidance
is included with the BIND source code, in the directory
<code class="filename">bin/tests/system/dyndb/driver</code>.
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2563597"></a>Configuring DynDB</h3></div></div></div>
<p>
A DynDB database is configured with a <span><strong class="command">dyndb</strong></span>
statement in <code class="filename">named.conf</code>:
</p>
<pre class="screen">
dyndb example "driver.so" {
<em class="replaceable"><code>parameters</code></em>
};
</pre>
<p>
The file <code class="filename">driver.so</code> is a DynDB module which
implements the full DNS database API. Multiple
<span><strong class="command">dyndb</strong></span> statements can be specified, to load
different drivers or multiple instances of the same driver.
Zones provided by a DynDB module are added to the view's zone
table, and are treated as normal authoritative zones when BIND
is responding to queries. Zone configuration is handled internally
by the DynDB module.
</p>
<p>
The <em class="replaceable"><code>parameters</code></em> are passed as an opaque
string to the DynDB module's initialization routine. Configuration
syntax will differ depending on the driver.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2614913"></a>Sample DynDB Module</h3></div></div></div>
<p>
For guidance in implementation of DynDB modules, the directory
<code class="filename">bin/tests/system/dyndb/driver</code>.
contains a basic DynDB module.
The example sets up two zones, whose names are passed
to the module as arguments in the <span><strong class="command">dyndb</strong></span>
statement:
</p>
<pre class="screen">
dyndb sample "sample.so" { example.nil. arpa. };
</pre>
<p>
In the above example, the module is configured to create a zone
"example.nil", which can answer queries and AXFR requests, and
accept DDNS updates. At runtime, prior to any updates, the zone
contains an SOA, NS, and a single A record at the apex:
</p>
<pre class="screen">
example.nil. 86400 IN SOA example.nil. example.nil. (
0 28800 7200 604800 86400
)
example.nil. 86400 IN NS example.nil.
example.nil. 86400 IN A 127.0.0.1
</pre>
<p>
When the zone is updated dynamically, the DynDB module will determine
whether the updated RR is an address (i.e., type A or AAAA) and if
so, it will automatically update the corresponding PTR record in a
reverse zone. (Updates are not stored permanently; all updates are
lost when the server is restarted.)
</p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571527"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -2240,7 +2334,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571789"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<a name="id2571794"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -2259,7 +2353,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571811"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<a name="id2571815"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and

4
doc/arm/Bv9ARM.ch05.html
View File

@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571844">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571848">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571844"></a>The Lightweight Resolver Library</h2></div></div></div>
<a name="id2571848"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name

156
doc/arm/Bv9ARM.ch06.html
View File

@@ -48,58 +48,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2564122">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2564126">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574272"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574276"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574461"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574466"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574889"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574906"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574893"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574910"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574930"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574953"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575047"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575182"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574934"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574957"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575051"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575187"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577457"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577554"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577650"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577699"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577461"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577558"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577654"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577703"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577720"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577724"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593364"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593709"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593730"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594075"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593783"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594129"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594218"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594496"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596247"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596524"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599884">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2600298">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603080">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603426">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603696">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603891">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604164"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604109">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604236">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604441"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -523,7 +523,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573170"></a>Syntax</h4></div></div></div>
<a name="id2573174"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -532,7 +532,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573197"></a>Definition and Usage</h4></div></div></div>
<a name="id2573202"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -617,7 +617,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564122"></a>Comment Syntax</h3></div></div></div>
<a name="id2564126"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -627,7 +627,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2564137"></a>Syntax</h4></div></div></div>
<a name="id2564141"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -643,7 +643,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2564167"></a>Definition and Usage</h4></div></div></div>
<a name="id2564171"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -897,7 +897,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574272"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574276"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -979,7 +979,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574461"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574466"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
@@ -1103,12 +1103,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574889"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574893"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574906"></a><span><strong class="command">include</strong></span> Statement Definition and
<a name="id2574910"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@@ -1123,7 +1123,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574930"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574934"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>algorithm_id</code></em>;
secret <em class="replaceable"><code>secret_string</code></em>;
@@ -1132,7 +1132,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574953"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2574957"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@@ -1179,7 +1179,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575047"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2575051"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
@@ -1204,7 +1204,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575182"></a><span><strong class="command">logging</strong></span> Statement Definition and
<a name="id2575187"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@@ -1249,7 +1249,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2575248"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<a name="id2575252"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1900,7 +1900,7 @@ category notify { null; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2576869"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<a name="id2576873"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@@ -2128,7 +2128,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577457"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577461"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2146,7 +2146,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577554"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2577558"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@@ -2222,7 +2222,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577650"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577654"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
@@ -2230,7 +2230,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577699"></a><span><strong class="command">masters</strong></span> Statement Definition and
<a name="id2577703"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@@ -2240,7 +2240,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2577720"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2577724"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -4348,7 +4348,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2585004"></a>Forwarding</h4></div></div></div>
<a name="id2585077"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -4392,7 +4392,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2585063"></a>Dual-stack Servers</h4></div></div></div>
<a name="id2585204"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -4670,7 +4670,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2585892"></a>Interfaces</h4></div></div></div>
<a name="id2585964"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -5147,7 +5147,7 @@ avoid-v6-udp-ports {};
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587047"></a>UDP Port Lists</h4></div></div></div>
<a name="id2587120"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -5189,7 +5189,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587107"></a>Operating System Resource Limits</h4></div></div></div>
<a name="id2587179"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -5537,7 +5537,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587945"></a>Periodic Task Intervals</h4></div></div></div>
<a name="id2573545"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@@ -6585,7 +6585,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2590779"></a>Content Filtering</h4></div></div></div>
<a name="id2591057"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -6708,7 +6708,7 @@ deny-answer-aliases { "example.net"; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2590973"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<a name="id2591251"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes a limited
mechanism to modify DNS responses for requests
@@ -7086,7 +7086,7 @@ example.com CNAME rpz-tcp-only.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591894"></a>Response Rate Limiting</h4></div></div></div>
<a name="id2592103"></a>Response Rate Limiting</h4></div></div></div>
<p>
Excessive almost identical UDP <span class="emphasis"><em>responses</em></span>
can be controlled by configuring a
@@ -7637,7 +7637,7 @@ example.com CNAME rpz-tcp-only.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593364"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<a name="id2593709"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@@ -7757,7 +7757,7 @@ example.com CNAME rpz-tcp-only.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593730"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
<a name="id2594075"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -7801,7 +7801,7 @@ example.com CNAME rpz-tcp-only.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593783"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2594129"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
<em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
[<span class="optional"> <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
@@ -7939,7 +7939,7 @@ example.com CNAME rpz-tcp-only.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2594218"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2594496"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@@ -8261,10 +8261,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2596247"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2596524"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2596254"></a>Zone Types</h4></div></div></div>
<a name="id2596532"></a>Zone Types</h4></div></div></div>
<p>
The <span><strong class="command">type</strong></span> keyword is required
for the <span><strong class="command">zone</strong></span> configuration unless
@@ -8592,7 +8592,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597041"></a>Class</h4></div></div></div>
<a name="id2597386"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -8614,7 +8614,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2597074"></a>Zone Options</h4></div></div></div>
<a name="id2597488"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@@ -9497,7 +9497,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2599822"></a>Multiple views</h4></div></div></div>
<a name="id2600168"></a>Multiple views</h4></div></div></div>
<p>
When multiple views are in use, a zone may be
referenced by more than one of them. Often, the views
@@ -9559,7 +9559,7 @@ view external {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2599884"></a>Zone File</h2></div></div></div>
<a name="id2600298"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -9572,7 +9572,7 @@ view external {
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2599902"></a>Resource Records</h4></div></div></div>
<a name="id2600316"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -10745,7 +10745,7 @@ view external {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2602560"></a>Textual expression of RRs</h4></div></div></div>
<a name="id2602905"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -10948,7 +10948,7 @@ view external {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2603080"></a>Discussion of MX Records</h3></div></div></div>
<a name="id2603426"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -11203,7 +11203,7 @@ view external {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2603696"></a>Inverse Mapping in IPv4</h3></div></div></div>
<a name="id2604109"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -11264,7 +11264,7 @@ view external {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2603891"></a>Other Zone File Directives</h3></div></div></div>
<a name="id2604236"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -11279,7 +11279,7 @@ view external {
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2603913"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<a name="id2604259"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -11290,7 +11290,7 @@ view external {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2603929"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<a name="id2604275"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@@ -11319,7 +11319,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2604058"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<a name="id2604336"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@@ -11355,7 +11355,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2604128"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2604405"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@@ -11374,7 +11374,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2604164"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<a name="id2604441"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@@ -11823,7 +11823,7 @@ HOST-127.EXAMPLE. MX 0 .
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2605173"></a>Name Server Statistics Counters</h4></div></div></div>
<a name="id2605587"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -12446,7 +12446,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2606874"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<a name="id2607220"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -12600,7 +12600,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2607325"></a>Resolver Statistics Counters</h4></div></div></div>
<a name="id2607671"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -12983,7 +12983,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608416"></a>Socket I/O Statistics Counters</h4></div></div></div>
<a name="id2608761"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@@ -13138,7 +13138,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2608789"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<a name="id2609134"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in

12
doc/arm/Bv9ARM.ch07.html
View File

@@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2609268"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2609545"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609349">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609409">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609694">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609754">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -245,7 +245,7 @@ allow-query { !{ !10/8; any; }; key example; };
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2609268"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
<a name="id2609545"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@@ -271,7 +271,7 @@ allow-query { !{ !10/8; any; }; key example; };
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609349"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<a name="id2609694"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@@ -299,7 +299,7 @@ allow-query { !{ !10/8; any; }; key example; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609409"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<a name="id2609754"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use

16
doc/arm/Bv9ARM.ch08.html
View File

@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609489">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609630">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609642">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609659">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609902">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609908">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609920">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609937">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2609489"></a>Common Problems</h2></div></div></div>
<a name="id2609902"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2609630"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<a name="id2609908"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2609642"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<a name="id2609920"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2609659"></a>Where Can I Get Help?</h2></div></div></div>
<a name="id2609937"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range

693
doc/arm/Bv9ARM.ch09.html
View File

@@ -42,698 +42,7 @@
<div class="appendix" lang="en">
<div class="titlepage"><div><div><h2 class="title">
<a name="Bv9ARM.ch09"></a>Appendix<EFBFBD>A.<2E>Release Notes</h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2573478">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2573478"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production release
of BIND on the corresponding major release branch.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
in CVE-2015-5986. [RT #40286]
</p></li>
<li>
<p>
A buffer accounting error could trigger an assertion failure
when parsing certain malformed DNSSEC keys.
</p>
<p>
This flaw was discovered by Hanno B&#50102;ck of the Fuzzing
Project, and is disclosed in CVE-2015-5722. [RT #40212]
</p>
</li>
<li>
<p>
A specially crafted query could trigger an assertion failure
in message.c.
</p>
<p>
This flaw was discovered by Jonathan Foote, and is disclosed
in CVE-2015-5477. [RT #40046]
</p>
</li>
<li>
<p>
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
</p>
<p>
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
</p>
</li>
<li>
<p>
On servers configured to perform DNSSEC validation using
managed trust anchors (i.e., keys configured explicitly
via <span><strong class="command">managed-keys</strong></span>, or implicitly
via <span><strong class="command">dnssec-validation auto;</strong></span> or
<span><strong class="command">dnssec-lookaside auto;</strong></span>), revoking
a trust anchor and sending a new untrusted replacement
could cause <span><strong class="command">named</strong></span> to crash with an
assertion failure. This could occur in the event of a
botched key rollover, or potentially as a result of a
deliberate attack if the attacker was in position to
monitor the victim's DNS traffic.
</p>
<p>
This flaw was discovered by Jan-Piet Mens, and is
disclosed in CVE-2015-1349. [RT #38344]
</p>
</li>
<li>
<p>
A flaw in delegation handling could be exploited to put
<span><strong class="command">named</strong></span> into an infinite loop, in which
each lookup of a name server triggered additional lookups
of more name servers. This has been addressed by placing
limits on the number of levels of recursion
<span><strong class="command">named</strong></span> will allow (default 7), and
on the number of queries that it will send before
terminating a recursive query (default 50).
</p>
<p>
The recursion depth limit is configured via the
<code class="option">max-recursion-depth</code> option, and the query limit
via the <code class="option">max-recursion-queries</code> option.
</p>
<p>
The flaw was discovered by Florian Maury of ANSSI, and is
disclosed in CVE-2014-8500. [RT #37580]
</p>
</li>
<li>
<p>
Two separate problems were identified in BIND's GeoIP code that
could lead to an assertion failure. One was triggered by use of
both IPv4 and IPv6 address families, the other by referencing
a GeoIP database in <code class="filename">named.conf</code> which was
not installed. Both are covered by CVE-2014-8680. [RT #37672]
[RT #37679]
</p>
<p>
A less serious security flaw was also found in GeoIP: changes
to the <span><strong class="command">geoip-directory</strong></span> option in
<code class="filename">named.conf</code> were ignored when running
<span><strong class="command">rndc reconfig</strong></span>. In theory, this could allow
<span><strong class="command">named</strong></span> to allow access to unintended clients.
</p>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li>
<p>
New quotas have been added to limit the queries that are
sent by recursive resolvers to authoritative servers
experiencing denial-of-service attacks. When configured,
these options can both reduce the harm done to authoritative
servers and also avoid the resource exhaustion that can be
experienced by recursives when they are being used as a
vehicle for such an attack.
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
<code class="option">fetches-per-server</code> limits the number of
simultaneous queries that can be sent to any single
authoritative server. The configured value is a starting
point; it is automatically adjusted downward if the server is
partially or completely non-responsive. The algorithm used to
adjust the quota can be configured via the
<code class="option">fetch-quota-params</code> option.
</p></li>
<li><p>
<code class="option">fetches-per-zone</code> limits the number of
simultaneous queries that can be sent for names within a
single domain. (Note: Unlike "fetches-per-server", this
value is not self-tuning.)
</p></li>
</ul></div>
<p>
Statistics counters have also been added to track the number
of queries affected by these quotas.
</p>
</li>
<li><p>
New statistics counters have been added to track traffic
sizes, as specified in RSSAC002. Query and response
message sizes are broken up into ranges of histogram buckets:
TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,
and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,
and 4096+. These values can be accessed via the XML and JSON
statistics channels at, for example,
<a href="http://localhost:8888/xml/v3/traffic" target="_top">http://localhost:8888/xml/v3/traffic</a>
or
<a href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.
</p></li>
<li><p>
The serial number of a dynamically updatable zone can
now be set using
<span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
This is particularly useful with <code class="option">inline-signing</code>
zones that have been reset. Setting the serial number to a value
larger than that on the slaves will trigger an AXFR-style
transfer.
</p></li>
<li><p>
When answering recursive queries, SERVFAIL responses can now be
cached by the server for a limited time; subsequent queries for
the same query name and type will return another SERVFAIL until
the cache times out. This reduces the frequency of retries
when a query is persistently failing, which can be a burden
on recursive serviers. The SERVFAIL cache timeout is controlled
by <code class="option">servfail-ttl</code>, which defaults to 10 seconds
and has an upper limit of 30.
</p></li>
<li><p>
The new <span><strong class="command">rndc nta</strong></span> command can now be used to
set a "negative trust anchor" (NTA), disabling DNSSEC validation for
a specific domain; this can be used when responses from a domain
are known to be failing validation due to administrative error
rather than because of a spoofing attack. NTAs are strictly
temporary; by default they expire after one hour, but can be
configured to last up to one week. The default NTA lifetime
can be changed by setting the <code class="option">nta-lifetime</code> in
<code class="filename">named.conf</code>. When added, NTAs are stored in a
file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)
in order to persist across restarts of the <span><strong class="command">named</strong></span> server.
</p></li>
<li><p>
The EDNS Client Subnet (ECS) option is now supported for
authoritative servers; if a query contains an ECS option then
ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
elements can match against the the address encoded in the option.
This can be used to select a view for a query, so that different
answers can be provided depending on the client network.
</p></li>
<li><p>
The EDNS EXPIRE option has been implemented on the client
side, allowing a slave server to set the expiration timer
correctly when transferring zone data from another slave
server.
</p></li>
<li><p>
A new <code class="option">masterfile-style</code> zone option controls
the formatting of text zone files: When set to
<code class="literal">full</code>, the zone file will dumped in
single-line-per-record format.
</p></li>
<li><p>
<span><strong class="command">dig +ednsopt</strong></span> can now be used to set
arbitrary EDNS options in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +ednsflags</strong></span> can now be used to set
yet-to-be-defined EDNS flags in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
disable EDNS version negotiation.
</p></li>
<li><p>
<span><strong class="command">dig +header-only</strong></span> can now be used to send
queries without a question section.
</p></li>
<li><p>
<span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>
to print TTL values with time-unit suffixes: w, d, h, m, s for
weeks, days, hours, minutes, and seconds.
</p></li>
<li><p>
<span><strong class="command">dig +zflag</strong></span> can be used to set the last
unassigned DNS header flag bit. This bit in normally zero.
</p></li>
<li><p>
<span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
can now be used to set the DSCP code point in outgoing query
packets.
</p></li>
<li><p>
<code class="option">serial-update-method</code> can now be set to
<code class="literal">date</code>. On update, the serial number will
be set to the current date in YYYYMMDDNN format.
</p></li>
<li><p>
<span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial
number to YYYYMMDDNN.
</p></li>
<li><p>
<span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>
causes <span><strong class="command">named</strong></span> to send log messages to the specified file by
default instead of to the system log.
</p></li>
<li><p>
The rate limiter configured by the
<code class="option">serial-query-rate</code> option no longer covers
NOTIFY messages; those are now separately controlled by
<code class="option">notify-rate</code> and
<code class="option">startup-notify-rate</code> (the latter of which
controls the rate of NOTIFY messages sent when the server
is first started up or reconfigured).
</p></li>
<li><p>
The default number of tasks and client objects available
for serving lightweight resolver queries have been increased,
and are now configurable via the new <code class="option">lwres-tasks</code>
and <code class="option">lwres-clients</code> options in
<code class="filename">named.conf</code>. [RT #35857]
</p></li>
<li><p>
Log output to files can now be buffered by specifying
<span><strong class="command">buffered yes;</strong></span> when creating a channel.
</p></li>
<li><p>
<span><strong class="command">delv +tcp</strong></span> will exclusively use TCP when
sending queries.
</p></li>
<li><p>
<span><strong class="command">named</strong></span> will now check to see whether
other name server processes are running before starting up.
This is implemented in two ways: 1) by refusing to start
if the configured network interfaces all return "address
in use", and 2) by attempting to acquire a lock on a file
specified by the <code class="option">lock-file</code> option or
the <span><strong class="command">-X</strong></span> command line option. The
default lock file is
<code class="filename">/var/run/named/named.lock</code>.
Specifying <code class="literal">none</code> will disable the lock
file check.
</p></li>
<li><p>
<span><strong class="command">rndc delzone</strong></span> can now be applied to zones
which were configured in <code class="filename">named.conf</code>;
it is no longer restricted to zones which were added by
<span><strong class="command">rndc addzone</strong></span>. (Note, however, that
this does not edit <code class="filename">named.conf</code>; the zone
must be removed from the configuration or it will return
when <span><strong class="command">named</strong></span> is restarted or reloaded.)
</p></li>
<li><p>
<span><strong class="command">rndc modzone</strong></span> can be used to reconfigure
a zone, using similar syntax to <span><strong class="command">rndc addzone</strong></span>.
</p></li>
<li><p>
<span><strong class="command">rndc showzone</strong></span> displays the current
configuration for a specified zone.
</p></li>
<li>
<p>
Added server-side support for pipelined TCP queries. Clients
may continue sending queries via TCP while previous queries are
processed in parallel. Responses are sent when they are
ready, not necessarily in the order in which the queries were
received.
</p>
<p>
To revert to the former behavior for a particular
client address or range of addresses, specify the address prefix
in the "keep-response-order" option. To revert to the former
behavior for all clients, use "keep-response-order { any; };".
</p>
</li>
<li><p>
The new <span><strong class="command">mdig</strong></span> command is a version of
<span><strong class="command">dig</strong></span> that sends multiple pipelined
queries and then waits for responses, instead of sending one
query and waiting the response before sending the next. [RT #38261]
</p></li>
<li><p>
To enable better monitoring and troubleshooting of RFC 5011
trust anchor management, the new <span><strong class="command">rndc managed-keys</strong></span>
can be used to check status of trust anchors or to force keys
to be refreshed. Also, the managed-keys data file now has
easier-to-read comments. [RT #38458]
</p></li>
<li><p>
An <span><strong class="command">--enable-querytrace</strong></span> configure switch is
now available to enable very verbose query tracelogging. This
option can only be set at compile time. This option has a
negative performance impact and should be used only for
debugging. [RT #37520]
</p></li>
<li><p>
A new <span><strong class="command">tcp-only</strong></span> option can be specified
in <span><strong class="command">server</strong></span> statements to force
<span><strong class="command">named</strong></span> to connect to the specified
server via TCP. [RT #37800]
</p></li>
<li><p>
The <span><strong class="command">nxdomain-redirect</strong></span> option specifies
a DNS namespace to use for NXDOMAIN redirection. When a
recursive lookup returns NXDOMAIN, a second lookup is
initiated with the specified name appended to the query
name. This allows NXDOMAIN redirection data to be supplied
by multiple zones configured on the server or by recursive
queries to other servers. (The older method, using
a single <span><strong class="command">type redirect</strong></span> zone, has
better average performance but is less flexible.) [RT #37989]
</p></li>
<li><p>
The following types have been implemented: CSYNC, NINFO, RKEY,
SINK, TA, TALINK.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were
not correctly matched unless the full organization name was
specified in the ACL (as in
<span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).
They can now match against the AS number alone (as in
<span><strong class="command">geoip asnum "AS1234";</strong></span>).
</p></li>
<li><p>
When using native PKCS#11 cryptography (i.e.,
<span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs
of up to 256 characters can now be used.
</p></li>
<li><p>
NXDOMAIN responses to queries of type DS are now cached separately
from those for other types. This helps when using "grafted" zones
of type forward, for which the parent zone does not contain a
delegation, such as local top-level domains. Previously a query
of type DS for such a zone could cause the zone apex to be cached
as NXDOMAIN, blocking all subsequent queries. (Note: This
change is only helpful when DNSSEC validation is not enabled.
"Grafted" zones without a delegation in the parent are not a
recommended configuration.)
</p></li>
<li><p>
Update forwarding performance has been improved by allowing
a single TCP connection to be shared between multiple updates.
</p></li>
<li><p>
By default, <span><strong class="command">nsupdate</strong></span> will now check
the correctness of hostnames when adding records of type
A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
disabled with <span><strong class="command">check-names no</strong></span>.
</p></li>
<li><p>
Added support for OPENPGPKEY type.
</p></li>
<li><p>
The names of the files used to store managed keys and added
zones for each view are no longer based on the SHA256 hash
of the view name, except when this is necessary because the
view name contains characters that would be incompatible with use
as a file name. For views whose names do not contain forward
slashes ('/'), backslashes ('\'), or capital letters - which
could potentially cause namespace collision problems on
case-insensitive filesystems - files will now be named
after the view (for example, <code class="filename">internal.mkeys</code>
or <code class="filename">external.nzf</code>). However, to ensure
consistent behavior when upgrading, if a file using the old
name format is found to exist, it will continue to be used.
</p></li>
<li><p>
"rndc" can now return text output of arbitrary size to
the caller. (Prior to this, certain commands such as
"rndc tsig-list" and "rndc zonestatus" could return
truncated output.)
</p></li>
<li><p>
Errors reported when running <span><strong class="command">rndc addzone</strong></span>
(e.g., when a zone file cannot be loaded) have been clarified
to make it easier to diagnose problems.
</p></li>
<li><p>
When encountering an authoritative name server whose name is
an alias pointing to another name, the resolver treats
this as an error and skips to the next server. Previously
this happened silently; now the error will be logged to
the newly-created "cname" log category.
</p></li>
<li><p>
If <span><strong class="command">named</strong></span> is not configured to validate the answer then
allow fallback to plain DNS on timeout even when we know
the server supports EDNS. This will allow the server to
potentially resolve signed queries when TCP is being
blocked.
</p></li>
<li><p>
Large inline-signing changes should be less disruptive.
Signature generation is now done incrementally; the number
of signatures to be generated in each quantum is controlled
by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".
[RT #37927]
</p></li>
<li>
<p>
The experimental SIT option (code point 65001) of BIND
9.10.0 through BIND 9.10.2 has been replaced with the COOKIE
option (code point 10). It is no longer experimental, and
is sent by default, by both <span><strong class="command">named</strong></span> and
<span><strong class="command">dig</strong></span>.
</p>
<p>
The SIT-related named.conf options have been marked as
obsolete, and are otherwise ignored.
</p>
</li>
<li><p>
When <span><strong class="command">dig</strong></span> receives a truncated (TC=1)
response or a BADCOOKIE response code from a server, it
will automatically retry the query using the server COOKIE
that was returned by the server in its initial response.
[RT #39047]
</p></li>
<li><p>
A alternative NXDOMAIN redirect method (nxdomain-redirect)
which allows the redirect information to be looked up from
a namespace on the Internet rather than requiring a zone
to be configured on the server is now available.
</p></li>
<li><p>
Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
</p></li>
<li><p>
Within the <code class="option">response-policy</code> option, it is now
possible to configure RPZ rewrite logging on a per-zone basis
using the <code class="option">log</code> clause.
</p></li>
<li><p>
The default preferred glue is now the address type of the
transport the query was received over.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li><p>
The Microsoft Windows install tool
<span><strong class="command">BINDInstall.exe</strong></span> which requires a
non-free version of Visual Studio to be built, now uses two
files (lists of flags and files) created by the Configure
perl script with all the needed information which were
previously compiled in the binary. Read
<code class="filename">win32utils/build.txt</code> for more details.
[RT #38915]
</p></li></ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
<span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and
<span><strong class="command">nslookup</strong></span> aborted when encountering
a name which, after appending search list elements,
exceeded 255 bytes. Such names are now skipped, but
processing of other names will continue. [RT #36892]
</p></li>
<li><p>
The error message generated when
<span><strong class="command">named-checkzone</strong></span> or
<span><strong class="command">named-checkconf -z</strong></span> encounters a
<code class="option">$TTL</code> directive without a value has
been clarified. [RT #37138]
</p></li>
<li><p>
Semicolon characters (;) included in TXT records were
incorrectly escaped with a backslash when the record was
displayed as text. This is actually only necessary when there
are no quotation marks. [RT #37159]
</p></li>
<li><p>
When files opened for writing by <span><strong class="command">named</strong></span>,
such as zone journal files, were referenced more than once
in <code class="filename">named.conf</code>, it could lead to file
corruption as multiple threads wrote to the same file. This
is now detected when loading <code class="filename">named.conf</code>
and reported as an error. [RT #37172]
</p></li>
<li><p>
When checking for updates to trust anchors listed in
<code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>
now revalidates keys based on the current set of
active trust anchors, without relying on any cached
record of previous validation. [RT #37506]
</p></li>
<li><p>
Large-system tuning
(<span><strong class="command">configure --with-tuning=large</strong></span>) caused
problems on some platforms by setting a socket receive
buffer size that was too large. This is now detected and
corrected at run time. [RT #37187]
</p></li>
<li><p>
When NXDOMAIN redirection is in use, queries for a name
that is present in the redirection zone but a type that
is not present will now return NOERROR instead of NXDOMAIN.
</p></li>
<li><p>
Due to an inadvertent removal of code in the previous
release, when <span><strong class="command">named</strong></span> encountered an
authoritative name server which dropped all EDNS queries,
it did not always try plain DNS. This has been corrected.
[RT #37965]
</p></li>
<li><p>
A regression caused nsupdate to use the default recursive servers
rather than the SOA MNAME server when sending the UPDATE.
</p></li>
<li><p>
Adjusted max-recursion-queries to accommodate the smaller
initial packet sizes used in BIND 9.10 and higher when
contacting authoritative servers for the first time.
</p></li>
<li><p>
Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310]
</p></li>
<li><p>
Two leaks were fixed that could cause <span><strong class="command">named</strong></span>
processes to grow to very large sizes. [RT #38454]
</p></li>
<li><p>
Fixed some bugs in RFC 5011 trust anchor management,
including a memory leak and a possible loss of state
information. [RT #38458]
</p></li>
<li><p>
Asynchronous zone loads were not handled correctly when the
zone load was already in progress; this could trigger a crash
in zt.c. [RT #37573]
</p></li>
<li><p>
A race during shutdown or reconfiguration could
cause an assertion failure in mem.c. [RT #38979]
</p></li>
<li><p>
Some answer formatting options didn't work correctly with
<span><strong class="command">dig +short</strong></span>. [RT #39291]
</p></li>
<li>
<p>
Several bugs have been fixed in the RPZ implementation:
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting
<span><strong class="command">qname-wait-recurse no;</strong></span> was
sometimes ineffective. This has been corrected.
In most configurations, behavioral changes due to this
fix will not be noticeable. [RT #39229]
</p></li>
<li><p>
The server could crash if policy zones were updated (e.g.
via <span><strong class="command">rndc reload</strong></span> or an incoming zone
transfer) while RPZ processing was still ongoing for an
active query. [RT #39415]
</p></li>
<li><p>
On servers with one or more policy zones configured as
slaves, if a policy zone updated during regular operation
(rather than at startup) using a full zone reload, such as
via AXFR, a bug could allow the RPZ summary data to fall out
of sync, potentially leading to an assertion failure in
rpz.c when further incremental updates were made to the
zone, such as via IXFR. [RT #39567]
</p></li>
<li><p>
The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an
unexpected action could be taken. This has been
corrected. [RT #39481]
</p></li>
<li><p>
The server could crash if a reload of an RPZ zone was
initiated while another reload of the same zone was
already in progress. [RT #39649]
</p></li>
</ul></div>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.11 is yet to be determined but
will not be before BIND 9.13.0 has been released for 6 months.
<a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div>
<font color="red">&lt;xi:include&gt;&lt;/xi:include&gt;</font>
</div>
<div class="navfooter">
<hr>

170
doc/arm/Bv9ARM.ch11.html
View File

@@ -50,7 +50,7 @@
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2613175">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2613521">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
@@ -140,17 +140,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2610151"></a>Bibliography</h4></div></div></div>
<a name="id2610497"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2610162"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
<a name="id2610507"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2610185"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2610531"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2610209"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
<a name="id2610554"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -158,42 +158,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2610245"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
<a name="id2610590"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2610272"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
<a name="id2610617"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2610297"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2610643"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2610322"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2610667"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2610345"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2610691"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2610401"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
<a name="id2610746"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2610427"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2610773"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2610454"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2610800"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2610516"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2610861"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2610546"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2610891"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2610576"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2610921"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2610670"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2611016"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@@ -202,19 +202,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2610753"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2611098"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2610779"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2611125"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2610816"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2611161"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2610881"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2611226"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2610946"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2611291"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@@ -222,146 +222,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2611019"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
<a name="id2611365"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2611045"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2611390"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2611113"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2611459"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2611148"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2611494"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2611194"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2611540"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2611252"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2611597"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2611289"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2611635"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2611324"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2611670"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2611379"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2611724"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2611417"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2611763"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2611443"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2611788"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2611468"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2611814"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2611495"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2611841"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2611522"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2611867"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2611561"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2611907"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2611591"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2611937"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2611621"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2611966"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2611664"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2612009"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2611697"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2612042"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2611723"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2612069"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2611747"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2612092"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2611804"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2612150"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2611836"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2612182"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2611862"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2612208"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2611884"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2612230"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2611908"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2612253"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2611954"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2612299"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2611977"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2612323"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2612035"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2612380"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2612058"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2612404"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2612085"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2612430"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2612112"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2612457"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2612148"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2612493"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2612194"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2612539"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2612226"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2612571"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2612272"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2612617"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2612307"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2612652"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@@ -377,47 +377,47 @@
</p>
</div>
<div class="biblioentry">
<a name="id2612352"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2612697"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2612374"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2612720"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2612400"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2612745"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2612425"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2612771"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2612449"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2612794"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2612494"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2612840"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2612518"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2612864"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2612545"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2612890"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2612570"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2612916"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2612614"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2612960"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2612672"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2613017"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2612698"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2613044"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@@ -431,39 +431,39 @@
</p>
</div>
<div class="biblioentry">
<a name="id2612746"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2613092"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2612786"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2613131"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2612812"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2613158"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2612842"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2613188"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2612868"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2613213"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2612894"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2613240"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2612999"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2613345"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2613035"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2613381"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2613062"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2613408"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2613089"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2613434"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2613133"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2613479"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@@ -484,14 +484,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613175"></a>Other Documents About <acronym class="acronym">BIND</acronym>
<a name="id2613521"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613185"></a>Bibliography</h4></div></div></div>
<a name="id2613530"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2613187"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright <20> 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
<a name="id2613532"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright <20> 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>

40
doc/arm/Bv9ARM.ch12.html
View File

@@ -47,13 +47,13 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616728">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615782">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615806">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615837">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615914">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615941">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2617665">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614980">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614989">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615014">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615045">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615190">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615217">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616394">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -89,7 +89,7 @@
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2616728"></a>Prerequisite</h3></div></div></div>
<a name="id2614980"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -98,7 +98,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2615782"></a>Compilation</h3></div></div></div>
<a name="id2614989"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@@ -113,7 +113,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2615806"></a>Installation</h3></div></div></div>
<a name="id2615014"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@@ -135,7 +135,7 @@ $ <strong class="userinput"><code>make install</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2615837"></a>Known Defects/Restrictions</h3></div></div></div>
<a name="id2615045"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2615914"></a>The dns.conf File</h3></div></div></div>
<a name="id2615190"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -193,14 +193,14 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2615941"></a>Sample Applications</h3></div></div></div>
<a name="id2615217"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2615949"></a>sample: a simple stub resolver utility</h4></div></div></div>
<a name="id2615225"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2616313"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<a name="id2615316"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2616366"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<a name="id2615369"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2616430"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<a name="id2615433"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2616445"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<a name="id2615448"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2617601"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<a name="id2616330"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2617665"></a>Library References</h3></div></div></div>
<a name="id2616394"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application

153
doc/arm/Bv9ARM.html
View File

@@ -114,49 +114,54 @@
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614097">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614134">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563653">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563832">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563869">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563882">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563984">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564010">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564020">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564029">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564042">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564080">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564093">NSEC3 and OPTOUT</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614170">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563622">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563658">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563837">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563875">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563888">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563921">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563947">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563957">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564035">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564048">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564085">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2587924">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613542">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613564">Authoritative Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2588425">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2588448">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613670">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613680">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614508">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641483">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641520">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641737">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641853">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2669040">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2669049">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614309">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641625">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641661">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641947">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2642064">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613752">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613894">Sample DLZ Driver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614577">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614650">Sample DLZ Driver</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571523">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dyndb-info">DynDB (Dynamic Database)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571789">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571811">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563597">Configuring DynDB</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614913">Sample DynDB Module</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571527">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571794">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571815">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571844">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571848">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -164,58 +169,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2564122">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2564126">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574272"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574276"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574461"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574466"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574889"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574906"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574893"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574910"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574930"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574953"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575047"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575182"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574934"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574957"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575051"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575187"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577457"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577554"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577650"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577699"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577461"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577558"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577654"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577703"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577720"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577724"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593364"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593709"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593730"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594075"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593783"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594129"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594218"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594496"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596247"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596524"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599884">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2600298">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603080">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603426">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603696">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603891">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604164"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604109">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604236">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2604441"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -224,35 +229,21 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2609268"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2609545"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609349">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609409">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609694">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609754">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609489">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609630">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609642">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609659">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609902">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609908">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609920">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609937">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2573478">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch10.html">B. A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="appendix"><a href="Bv9ARM.ch11.html">C. General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl>
@@ -261,20 +252,20 @@
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2613175">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2613521">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch12.html">D. BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616728">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615782">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615806">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615837">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615914">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615941">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2617665">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614980">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614989">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615014">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615045">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615190">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615217">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616394">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>

6
doc/arm/man.arpaname.html
View File

@@ -50,20 +50,20 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2627237"></a><h2>DESCRIPTION</h2>
<a name="id2625693"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672786"></a><h2>SEE ALSO</h2>
<a name="id2625708"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672800"></a><h2>AUTHOR</h2>
<a name="id2625722"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.ddns-confgen.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2671813"></a><h2>DESCRIPTION</h2>
<a name="id2668017"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
are invocation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672121"></a><h2>OPTIONS</h2>
<a name="id2668188"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@@ -159,7 +159,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2672679"></a><h2>SEE ALSO</h2>
<a name="id2671409"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -167,7 +167,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672717"></a><h2>AUTHOR</h2>
<a name="id2671447"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.delv.html
View File

@@ -53,7 +53,7 @@
<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620202"></a><h2>DESCRIPTION</h2>
<a name="id2618181"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">delv</strong></span>
(Domain Entity Lookup &amp; Validation) is a tool for sending
DNS queries and validating the results, using the same internal
@@ -96,7 +96,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620275"></a><h2>SIMPLE USAGE</h2>
<a name="id2619141"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">delv</strong></span> looks like:
</p>
@@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620542"></a><h2>OPTIONS</h2>
<a name="id2619272"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
<dd>
@@ -285,7 +285,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2676183"></a><h2>QUERY OPTIONS</h2>
<a name="id2674776"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">delv</strong></span>
provides a number of query options which affect the way results are
displayed, and in some cases the way lookups are performed.
@@ -471,12 +471,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2676713"></a><h2>FILES</h2>
<a name="id2675306"></a><h2>FILES</h2>
<p><code class="filename">/etc/bind.keys</code></p>
<p><code class="filename">/etc/resolv.conf</code></p>
</div>
<div class="refsect1" lang="en">
<a name="id2676732"></a><h2>SEE ALSO</h2>
<a name="id2675325"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC4034</em>,

18
doc/arm/man.dig.html
View File

@@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618001"></a><h2>DESCRIPTION</h2>
<a name="id2616457"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -99,7 +99,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618103"></a><h2>SIMPLE USAGE</h2>
<a name="id2616628"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618229"></a><h2>OPTIONS</h2>
<a name="id2616754"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -280,7 +280,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2669398"></a><h2>QUERY OPTIONS</h2>
<a name="id2669629"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -735,7 +735,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2670891"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2671054"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@@ -781,7 +781,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2670977"></a><h2>IDN SUPPORT</h2>
<a name="id2673666"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -795,14 +795,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675033"></a><h2>FILES</h2>
<a name="id2673694"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675054"></a><h2>SEE ALSO</h2>
<a name="id2673716"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -810,7 +810,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675092"></a><h2>BUGS</h2>
<a name="id2673753"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

8
doc/arm/man.dnssec-checkds.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621292"></a><h2>DESCRIPTION</h2>
<a name="id2619544"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621306"></a><h2>OPTIONS</h2>
<a name="id2619558"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
@@ -88,14 +88,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621409"></a><h2>SEE ALSO</h2>
<a name="id2619660"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621443"></a><h2>AUTHOR</h2>
<a name="id2620377"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-coverage.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621654"></a><h2>DESCRIPTION</h2>
<a name="id2620588"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621681"></a><h2>OPTIONS</h2>
<a name="id2620615"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -192,7 +192,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621990"></a><h2>SEE ALSO</h2>
<a name="id2620993"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@@ -201,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2622034"></a><h2>AUTHOR</h2>
<a name="id2621036"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-dsfromkey.html
View File

@@ -52,14 +52,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2622803"></a><h2>DESCRIPTION</h2>
<a name="id2621396"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2622817"></a><h2>OPTIONS</h2>
<a name="id2621410"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@@ -150,7 +150,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623365"></a><h2>EXAMPLE</h2>
<a name="id2622026"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623401"></a><h2>FILES</h2>
<a name="id2622062"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -179,13 +179,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625081"></a><h2>CAVEAT</h2>
<a name="id2622104"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625091"></a><h2>SEE ALSO</h2>
<a name="id2622114"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -195,7 +195,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625130"></a><h2>AUTHOR</h2>
<a name="id2623109"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-importkey.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623563"></a><h2>DESCRIPTION</h2>
<a name="id2622293"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-importkey</strong></span>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623591"></a><h2>OPTIONS</h2>
<a name="id2622321"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
<dd>
@@ -114,7 +114,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2624138"></a><h2>TIMING OPTIONS</h2>
<a name="id2622663"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -142,7 +142,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2624322"></a><h2>FILES</h2>
<a name="id2622710"></a><h2>FILES</h2>
<p>
A keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2624347"></a><h2>SEE ALSO</h2>
<a name="id2622736"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -159,7 +159,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2624380"></a><h2>AUTHOR</h2>
<a name="id2623178"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-keyfromlabel.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2625326"></a><h2>DESCRIPTION</h2>
<a name="id2623578"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625352"></a><h2>OPTIONS</h2>
<a name="id2623604"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -243,7 +243,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2676816"></a><h2>TIMING OPTIONS</h2>
<a name="id2675613"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -315,7 +315,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2677074"></a><h2>GENERATED KEY FILES</h2>
<a name="id2675735"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@@ -354,7 +354,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2677236"></a><h2>SEE ALSO</h2>
<a name="id2675897"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -363,7 +363,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2677273"></a><h2>AUTHOR</h2>
<a name="id2675934"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-keygen.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2626377"></a><h2>DESCRIPTION</h2>
<a name="id2624356"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2626397"></a><h2>OPTIONS</h2>
<a name="id2624376"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -287,7 +287,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2679033"></a><h2>TIMING OPTIONS</h2>
<a name="id2676329"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -361,7 +361,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2679155"></a><h2>GENERATED KEYS</h2>
<a name="id2676587"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -407,7 +407,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2679331"></a><h2>EXAMPLE</h2>
<a name="id2676763"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -428,7 +428,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2679387"></a><h2>SEE ALSO</h2>
<a name="id2676820"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -437,7 +437,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2679418"></a><h2>AUTHOR</h2>
<a name="id2676851"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-revoke.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2628810"></a><h2>DESCRIPTION</h2>
<a name="id2625355"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2628824"></a><h2>OPTIONS</h2>
<a name="id2625369"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -109,14 +109,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2642274"></a><h2>SEE ALSO</h2>
<a name="id2625507"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2642298"></a><h2>AUTHOR</h2>
<a name="id2625531"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-settime.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2642417"></a><h2>DESCRIPTION</h2>
<a name="id2627083"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2642475"></a><h2>OPTIONS</h2>
<a name="id2628098"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@@ -133,7 +133,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2642683"></a><h2>TIMING OPTIONS</h2>
<a name="id2628237"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -212,7 +212,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644802"></a><h2>PRINTING OPTIONS</h2>
<a name="id2644828"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@@ -238,7 +238,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644882"></a><h2>SEE ALSO</h2>
<a name="id2644908"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -246,7 +246,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644915"></a><h2>AUTHOR</h2>
<a name="id2645010"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.dnssec-signzone.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-M <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-Q</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2646210"></a><h2>DESCRIPTION</h2>
<a name="id2645281"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2646229"></a><h2>OPTIONS</h2>
<a name="id2645300"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -512,7 +512,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2680814"></a><h2>EXAMPLE</h2>
<a name="id2678315"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -542,14 +542,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2680893"></a><h2>SEE ALSO</h2>
<a name="id2678394"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680989"></a><h2>AUTHOR</h2>
<a name="id2678422"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-verify.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2647189"></a><h2>DESCRIPTION</h2>
<a name="id2644348"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2647203"></a><h2>OPTIONS</h2>
<a name="id2644362"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
@@ -138,7 +138,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2647728"></a><h2>SEE ALSO</h2>
<a name="id2645774"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -146,7 +146,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2647753"></a><h2>AUTHOR</h2>
<a name="id2645800"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.genrandom.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2627704"></a><h2>DESCRIPTION</h2>
<a name="id2672104"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2627719"></a><h2>ARGUMENTS</h2>
<a name="id2672119"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@@ -77,14 +77,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2673314"></a><h2>SEE ALSO</h2>
<a name="id2672180"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673340"></a><h2>AUTHOR</h2>
<a name="id2672206"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.host.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619089"></a><h2>DESCRIPTION</h2>
<a name="id2617067"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -214,7 +214,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619788"></a><h2>IDN SUPPORT</h2>
<a name="id2619883"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -228,12 +228,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619817"></a><h2>FILES</h2>
<a name="id2619912"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619831"></a><h2>SEE ALSO</h2>
<a name="id2619926"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

8
doc/arm/man.isc-hmac-fixup.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2673875"></a><h2>DESCRIPTION</h2>
<a name="id2625910"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673902"></a><h2>SECURITY CONSIDERATIONS</h2>
<a name="id2625938"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673918"></a><h2>SEE ALSO</h2>
<a name="id2673194"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673936"></a><h2>AUTHOR</h2>
<a name="id2673211"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.lwresd.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2657802"></a><h2>DESCRIPTION</h2>
<a name="id2656259"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">lwresd</strong></span>
is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
@@ -85,7 +85,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2657864"></a><h2>OPTIONS</h2>
<a name="id2656321"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -215,7 +215,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2663011"></a><h2>FILES</h2>
<a name="id2656757"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -228,14 +228,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2663054"></a><h2>SEE ALSO</h2>
<a name="id2656801"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663089"></a><h2>AUTHOR</h2>
<a name="id2658337"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkconf.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2647932"></a><h2>DESCRIPTION</h2>
<a name="id2645911"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2648003"></a><h2>OPTIONS</h2>
<a name="id2645981"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -119,21 +119,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2648164"></a><h2>RETURN VALUES</h2>
<a name="id2646142"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2648178"></a><h2>SEE ALSO</h2>
<a name="id2646156"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2648208"></a><h2>AUTHOR</h2>
<a name="id2646186"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkzone.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2649901"></a><h2>DESCRIPTION</h2>
<a name="id2680238"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2681081"></a><h2>OPTIONS</h2>
<a name="id2680289"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -305,14 +305,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2682124"></a><h2>RETURN VALUES</h2>
<a name="id2681264"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2682138"></a><h2>SEE ALSO</h2>
<a name="id2681277"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@@ -320,7 +320,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2682171"></a><h2>AUTHOR</h2>
<a name="id2681310"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

6
doc/arm/man.named-journalprint.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623924"></a><h2>DESCRIPTION</h2>
<a name="id2622926"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659673"></a><h2>SEE ALSO</h2>
<a name="id2657106"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659704"></a><h2>AUTHOR</h2>
<a name="id2657137"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
doc/arm/man.named-rrchecker.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-rrchecker</code> [<code class="option">-h</code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-u</code>] [<code class="option">-C</code>] [<code class="option">-T</code>] [<code class="option">-P</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2660654"></a><h2>DESCRIPTION</h2>
<a name="id2657541"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-rrchecker</strong></span>
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660711"></a><h2>SEE ALSO</h2>
<a name="id2657597"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,

30
doc/arm/man.named.conf.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655122"></a><h2>DESCRIPTION</h2>
<a name="id2622449"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
@@ -69,14 +69,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2655154"></a><h2>ACL</h2>
<a name="id2648558"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl<EFBFBD><em class="replaceable"><code>string</code></em><EFBFBD>{<7B><em class="replaceable"><code>address_match_element</code></em>;<3B>...<2E>};<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655174"></a><h2>KEY</h2>
<a name="id2648579"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key<EFBFBD><em class="replaceable"><code>domain_name</code></em><EFBFBD>{<br>
algorithm<68><em class="replaceable"><code>string</code></em>;<br>
@@ -85,7 +85,7 @@ key
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655197"></a><h2>MASTERS</h2>
<a name="id2648602"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters<EFBFBD><em class="replaceable"><code>string</code></em><EFBFBD>[<span class="optional"><EFBFBD>port<EFBFBD><em class="replaceable"><code>integer</code></em><EFBFBD></span>]<5D>{<br>
(<28><em class="replaceable"><code>masters</code></em><EFBFBD>|<7C><em class="replaceable"><code>ipv4_address</code></em><EFBFBD>[<span class="optional">port<EFBFBD><em class="replaceable"><code>integer</code></em></span>]<5D>|<br>
@@ -94,7 +94,7 @@ masters
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655248"></a><h2>SERVER</h2>
<a name="id2648652"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server<EFBFBD>(<28><em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em><EFBFBD>|<7C><em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em><EFBFBD>)<29>{<br>
bogus<75><em class="replaceable"><code>boolean</code></em>;<br>
@@ -117,7 +117,7 @@ server
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655323"></a><h2>TRUSTED-KEYS</h2>
<a name="id2648728"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys<79>{<br>
<em class="replaceable"><code>domain_name</code></em><EFBFBD><em class="replaceable"><code>flags</code></em><EFBFBD><em class="replaceable"><code>protocol</code></em><EFBFBD><em class="replaceable"><code>algorithm</code></em><EFBFBD><em class="replaceable"><code>key</code></em>;<3B>...<br>
@@ -125,7 +125,7 @@ trusted-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655353"></a><h2>MANAGED-KEYS</h2>
<a name="id2649236"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys<79>{<br>
<em class="replaceable"><code>domain_name</code></em><EFBFBD><code class="constant">initial-key</code><EFBFBD><em class="replaceable"><code>flags</code></em><EFBFBD><em class="replaceable"><code>protocol</code></em><EFBFBD><em class="replaceable"><code>algorithm</code></em><EFBFBD><em class="replaceable"><code>key</code></em>;<3B>...<br>
@@ -133,7 +133,7 @@ managed-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2657093"></a><h2>CONTROLS</h2>
<a name="id2649269"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls<EFBFBD>{<br>
inet<65>(<28><em class="replaceable"><code>ipv4_address</code></em><EFBFBD>|<7C><em class="replaceable"><code>ipv6_address</code></em><EFBFBD>|<7C>*<2A>)<br>
@@ -145,7 +145,7 @@ controls
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2657132"></a><h2>LOGGING</h2>
<a name="id2649308"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging<EFBFBD>{<br>
channel<65><em class="replaceable"><code>string</code></em><EFBFBD>{<br>
@@ -163,7 +163,7 @@ logging
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2657175"></a><h2>LWRES</h2>
<a name="id2649351"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres<EFBFBD>{<br>
listen-on<6F>[<span class="optional"><EFBFBD>port<EFBFBD><em class="replaceable"><code>integer</code></em><EFBFBD></span>]<5D>{<br>
@@ -178,7 +178,7 @@ lwres
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2657432"></a><h2>OPTIONS</h2>
<a name="id2649403"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options<EFBFBD>{<br>
avoid-v4-udp-ports<74>{<7B><em class="replaceable"><code>port</code></em>;<3B>...<2E>};<br>
@@ -392,7 +392,7 @@ options
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2689340"></a><h2>VIEW</h2>
<a name="id2687114"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view<EFBFBD><em class="replaceable"><code>string</code></em><EFBFBD><em class="replaceable"><code>optional_class</code></em><EFBFBD>{<br>
match-clients<74>{<7B><em class="replaceable"><code>address_match_element</code></em>;<3B>...<2E>};<br>
@@ -561,7 +561,7 @@ view
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2690008"></a><h2>ZONE</h2>
<a name="id2687782"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone<EFBFBD><em class="replaceable"><code>string</code></em><EFBFBD><em class="replaceable"><code>optional_class</code></em><EFBFBD>{<br>
type<70>(<28>master<65>|<7C>slave<76>|<7C>stub<75>|<7C>hint<6E>|<7C>redirect<63>|<br>
@@ -658,12 +658,12 @@ zone
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2690333"></a><h2>FILES</h2>
<a name="id2688176"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2690347"></a><h2>SEE ALSO</h2>
<a name="id2688189"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,

14
doc/arm/man.named.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-L <em class="replaceable"><code>logfile</code></em></code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>lock-file</code></em></code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2650721"></a><h2>DESCRIPTION</h2>
<a name="id2648153"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650752"></a><h2>OPTIONS</h2>
<a name="id2648184"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -299,7 +299,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2688382"></a><h2>SIGNALS</h2>
<a name="id2683084"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -320,7 +320,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2688433"></a><h2>CONFIGURATION</h2>
<a name="id2683134"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -337,7 +337,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2688482"></a><h2>FILES</h2>
<a name="id2683252"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -350,7 +350,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2688525"></a><h2>SEE ALSO</h2>
<a name="id2683296"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -363,7 +363,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2688596"></a><h2>AUTHOR</h2>
<a name="id2683366"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.nsec3hash.html
View File

@@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2628037"></a><h2>DESCRIPTION</h2>
<a name="id2673256"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2628052"></a><h2>ARGUMENTS</h2>
<a name="id2673271"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@@ -80,14 +80,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674535"></a><h2>SEE ALSO</h2>
<a name="id2673333"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674552"></a><h2>AUTHOR</h2>
<a name="id2673350"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.nsupdate.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2662528"></a><h2>DESCRIPTION</h2>
<a name="id2661803"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -108,7 +108,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663299"></a><h2>OPTIONS</h2>
<a name="id2661892"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -242,7 +242,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2691458"></a><h2>INPUT FORMAT</h2>
<a name="id2691826"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@@ -555,7 +555,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2692667"></a><h2>EXAMPLES</h2>
<a name="id2693035"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -609,7 +609,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2692717"></a><h2>FILES</h2>
<a name="id2693154"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -632,7 +632,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2692804"></a><h2>SEE ALSO</h2>
<a name="id2693240"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@@ -647,7 +647,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2692930"></a><h2>BUGS</h2>
<a name="id2693298"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

10
doc/arm/man.rndc-confgen.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2667970"></a><h2>DESCRIPTION</h2>
<a name="id2665334"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668036"></a><h2>OPTIONS</h2>
<a name="id2665400"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@@ -180,7 +180,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2673081"></a><h2>EXAMPLES</h2>
<a name="id2667851"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@@ -197,7 +197,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673138"></a><h2>SEE ALSO</h2>
<a name="id2671731"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -205,7 +205,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673176"></a><h2>AUTHOR</h2>
<a name="id2671769"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.rndc.conf.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2625790"></a><h2>DESCRIPTION</h2>
<a name="id2664524"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666376"></a><h2>EXAMPLE</h2>
<a name="id2664696"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -210,7 +210,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667112"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2665091"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -220,7 +220,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667138"></a><h2>SEE ALSO</h2>
<a name="id2665116"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -228,7 +228,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667176"></a><h2>AUTHOR</h2>
<a name="id2665155"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.rndc.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2664688"></a><h2>DESCRIPTION</h2>
<a name="id2663827"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2664738"></a><h2>OPTIONS</h2>
<a name="id2663877"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@@ -158,7 +158,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2665946"></a><h2>COMMANDS</h2>
<a name="id2664266"></a><h2>COMMANDS</h2>
<p>
A list of commands supported by <span><strong class="command">rndc</strong></span> can
be seen by running <span><strong class="command">rndc</strong></span> without arguments.
@@ -744,7 +744,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2694910"></a><h2>LIMITATIONS</h2>
<a name="id2696029"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@@ -754,7 +754,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2694929"></a><h2>SEE ALSO</h2>
<a name="id2696048"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -764,7 +764,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2694984"></a><h2>AUTHOR</h2>
<a name="id2696103"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

676
doc/arm/notes.html
View File

@@ -19,679 +19,5 @@
<title></title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2542126"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production release
of BIND on the corresponding major release branch.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
could trigger an assertion failure. This flaw is disclosed
in CVE-2015-5986. [RT #40286]
</p></li>
<li>
<p>
A buffer accounting error could trigger an assertion failure
when parsing certain malformed DNSSEC keys.
</p>
<p>
This flaw was discovered by Hanno B&ouml;ck of the Fuzzing
Project, and is disclosed in CVE-2015-5722. [RT #40212]
</p>
</li>
<li>
<p>
A specially crafted query could trigger an assertion failure
in message.c.
</p>
<p>
This flaw was discovered by Jonathan Foote, and is disclosed
in CVE-2015-5477. [RT #40046]
</p>
</li>
<li>
<p>
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
</p>
<p>
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
</p>
</li>
<li>
<p>
On servers configured to perform DNSSEC validation using
managed trust anchors (i.e., keys configured explicitly
via <span><strong class="command">managed-keys</strong></span>, or implicitly
via <span><strong class="command">dnssec-validation auto;</strong></span> or
<span><strong class="command">dnssec-lookaside auto;</strong></span>), revoking
a trust anchor and sending a new untrusted replacement
could cause <span><strong class="command">named</strong></span> to crash with an
assertion failure. This could occur in the event of a
botched key rollover, or potentially as a result of a
deliberate attack if the attacker was in position to
monitor the victim's DNS traffic.
</p>
<p>
This flaw was discovered by Jan-Piet Mens, and is
disclosed in CVE-2015-1349. [RT #38344]
</p>
</li>
<li>
<p>
A flaw in delegation handling could be exploited to put
<span><strong class="command">named</strong></span> into an infinite loop, in which
each lookup of a name server triggered additional lookups
of more name servers. This has been addressed by placing
limits on the number of levels of recursion
<span><strong class="command">named</strong></span> will allow (default 7), and
on the number of queries that it will send before
terminating a recursive query (default 50).
</p>
<p>
The recursion depth limit is configured via the
<code class="option">max-recursion-depth</code> option, and the query limit
via the <code class="option">max-recursion-queries</code> option.
</p>
<p>
The flaw was discovered by Florian Maury of ANSSI, and is
disclosed in CVE-2014-8500. [RT #37580]
</p>
</li>
<li>
<p>
Two separate problems were identified in BIND's GeoIP code that
could lead to an assertion failure. One was triggered by use of
both IPv4 and IPv6 address families, the other by referencing
a GeoIP database in <code class="filename">named.conf</code> which was
not installed. Both are covered by CVE-2014-8680. [RT #37672]
[RT #37679]
</p>
<p>
A less serious security flaw was also found in GeoIP: changes
to the <span><strong class="command">geoip-directory</strong></span> option in
<code class="filename">named.conf</code> were ignored when running
<span><strong class="command">rndc reconfig</strong></span>. In theory, this could allow
<span><strong class="command">named</strong></span> to allow access to unintended clients.
</p>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li>
<p>
New quotas have been added to limit the queries that are
sent by recursive resolvers to authoritative servers
experiencing denial-of-service attacks. When configured,
these options can both reduce the harm done to authoritative
servers and also avoid the resource exhaustion that can be
experienced by recursives when they are being used as a
vehicle for such an attack.
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
<code class="option">fetches-per-server</code> limits the number of
simultaneous queries that can be sent to any single
authoritative server. The configured value is a starting
point; it is automatically adjusted downward if the server is
partially or completely non-responsive. The algorithm used to
adjust the quota can be configured via the
<code class="option">fetch-quota-params</code> option.
</p></li>
<li><p>
<code class="option">fetches-per-zone</code> limits the number of
simultaneous queries that can be sent for names within a
single domain. (Note: Unlike "fetches-per-server", this
value is not self-tuning.)
</p></li>
</ul></div>
<p>
Statistics counters have also been added to track the number
of queries affected by these quotas.
</p>
</li>
<li><p>
New statistics counters have been added to track traffic
sizes, as specified in RSSAC002. Query and response
message sizes are broken up into ranges of histogram buckets:
TCP and UDP queries of size 0-15, 16-31, ..., 272-288, and 288+,
and TCP and UDP responses of size 0-15, 16-31, ..., 4080-4095,
and 4096+. These values can be accessed via the XML and JSON
statistics channels at, for example,
<a href="http://localhost:8888/xml/v3/traffic" target="_top">http://localhost:8888/xml/v3/traffic</a>
or
<a href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.
</p></li>
<li><p>
The serial number of a dynamically updatable zone can
now be set using
<span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
This is particularly useful with <code class="option">inline-signing</code>
zones that have been reset. Setting the serial number to a value
larger than that on the slaves will trigger an AXFR-style
transfer.
</p></li>
<li><p>
When answering recursive queries, SERVFAIL responses can now be
cached by the server for a limited time; subsequent queries for
the same query name and type will return another SERVFAIL until
the cache times out. This reduces the frequency of retries
when a query is persistently failing, which can be a burden
on recursive serviers. The SERVFAIL cache timeout is controlled
by <code class="option">servfail-ttl</code>, which defaults to 10 seconds
and has an upper limit of 30.
</p></li>
<li><p>
The new <span><strong class="command">rndc nta</strong></span> command can now be used to
set a "negative trust anchor" (NTA), disabling DNSSEC validation for
a specific domain; this can be used when responses from a domain
are known to be failing validation due to administrative error
rather than because of a spoofing attack. NTAs are strictly
temporary; by default they expire after one hour, but can be
configured to last up to one week. The default NTA lifetime
can be changed by setting the <code class="option">nta-lifetime</code> in
<code class="filename">named.conf</code>. When added, NTAs are stored in a
file (<code class="filename"><em class="replaceable"><code>viewname</code></em>.nta</code>)
in order to persist across restarts of the <span><strong class="command">named</strong></span> server.
</p></li>
<li><p>
The EDNS Client Subnet (ECS) option is now supported for
authoritative servers; if a query contains an ECS option then
ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
elements can match against the the address encoded in the option.
This can be used to select a view for a query, so that different
answers can be provided depending on the client network.
</p></li>
<li><p>
The EDNS EXPIRE option has been implemented on the client
side, allowing a slave server to set the expiration timer
correctly when transferring zone data from another slave
server.
</p></li>
<li><p>
A new <code class="option">masterfile-style</code> zone option controls
the formatting of text zone files: When set to
<code class="literal">full</code>, the zone file will dumped in
single-line-per-record format.
</p></li>
<li><p>
<span><strong class="command">dig +ednsopt</strong></span> can now be used to set
arbitrary EDNS options in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +ednsflags</strong></span> can now be used to set
yet-to-be-defined EDNS flags in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
disable EDNS version negotiation.
</p></li>
<li><p>
<span><strong class="command">dig +header-only</strong></span> can now be used to send
queries without a question section.
</p></li>
<li><p>
<span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>
to print TTL values with time-unit suffixes: w, d, h, m, s for
weeks, days, hours, minutes, and seconds.
</p></li>
<li><p>
<span><strong class="command">dig +zflag</strong></span> can be used to set the last
unassigned DNS header flag bit. This bit in normally zero.
</p></li>
<li><p>
<span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
can now be used to set the DSCP code point in outgoing query
packets.
</p></li>
<li><p>
<code class="option">serial-update-method</code> can now be set to
<code class="literal">date</code>. On update, the serial number will
be set to the current date in YYYYMMDDNN format.
</p></li>
<li><p>
<span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial
number to YYYYMMDDNN.
</p></li>
<li><p>
<span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>
causes <span><strong class="command">named</strong></span> to send log messages to the specified file by
default instead of to the system log.
</p></li>
<li><p>
The rate limiter configured by the
<code class="option">serial-query-rate</code> option no longer covers
NOTIFY messages; those are now separately controlled by
<code class="option">notify-rate</code> and
<code class="option">startup-notify-rate</code> (the latter of which
controls the rate of NOTIFY messages sent when the server
is first started up or reconfigured).
</p></li>
<li><p>
The default number of tasks and client objects available
for serving lightweight resolver queries have been increased,
and are now configurable via the new <code class="option">lwres-tasks</code>
and <code class="option">lwres-clients</code> options in
<code class="filename">named.conf</code>. [RT #35857]
</p></li>
<li><p>
Log output to files can now be buffered by specifying
<span><strong class="command">buffered yes;</strong></span> when creating a channel.
</p></li>
<li><p>
<span><strong class="command">delv +tcp</strong></span> will exclusively use TCP when
sending queries.
</p></li>
<li><p>
<span><strong class="command">named</strong></span> will now check to see whether
other name server processes are running before starting up.
This is implemented in two ways: 1) by refusing to start
if the configured network interfaces all return "address
in use", and 2) by attempting to acquire a lock on a file
specified by the <code class="option">lock-file</code> option or
the <span><strong class="command">-X</strong></span> command line option. The
default lock file is
<code class="filename">/var/run/named/named.lock</code>.
Specifying <code class="literal">none</code> will disable the lock
file check.
</p></li>
<li><p>
<span><strong class="command">rndc delzone</strong></span> can now be applied to zones
which were configured in <code class="filename">named.conf</code>;
it is no longer restricted to zones which were added by
<span><strong class="command">rndc addzone</strong></span>. (Note, however, that
this does not edit <code class="filename">named.conf</code>; the zone
must be removed from the configuration or it will return
when <span><strong class="command">named</strong></span> is restarted or reloaded.)
</p></li>
<li><p>
<span><strong class="command">rndc modzone</strong></span> can be used to reconfigure
a zone, using similar syntax to <span><strong class="command">rndc addzone</strong></span>.
</p></li>
<li><p>
<span><strong class="command">rndc showzone</strong></span> displays the current
configuration for a specified zone.
</p></li>
<li>
<p>
Added server-side support for pipelined TCP queries. Clients
may continue sending queries via TCP while previous queries are
processed in parallel. Responses are sent when they are
ready, not necessarily in the order in which the queries were
received.
</p>
<p>
To revert to the former behavior for a particular
client address or range of addresses, specify the address prefix
in the "keep-response-order" option. To revert to the former
behavior for all clients, use "keep-response-order { any; };".
</p>
</li>
<li><p>
The new <span><strong class="command">mdig</strong></span> command is a version of
<span><strong class="command">dig</strong></span> that sends multiple pipelined
queries and then waits for responses, instead of sending one
query and waiting the response before sending the next. [RT #38261]
</p></li>
<li><p>
To enable better monitoring and troubleshooting of RFC 5011
trust anchor management, the new <span><strong class="command">rndc managed-keys</strong></span>
can be used to check status of trust anchors or to force keys
to be refreshed. Also, the managed-keys data file now has
easier-to-read comments. [RT #38458]
</p></li>
<li><p>
An <span><strong class="command">--enable-querytrace</strong></span> configure switch is
now available to enable very verbose query tracelogging. This
option can only be set at compile time. This option has a
negative performance impact and should be used only for
debugging. [RT #37520]
</p></li>
<li><p>
A new <span><strong class="command">tcp-only</strong></span> option can be specified
in <span><strong class="command">server</strong></span> statements to force
<span><strong class="command">named</strong></span> to connect to the specified
server via TCP. [RT #37800]
</p></li>
<li><p>
The <span><strong class="command">nxdomain-redirect</strong></span> option specifies
a DNS namespace to use for NXDOMAIN redirection. When a
recursive lookup returns NXDOMAIN, a second lookup is
initiated with the specified name appended to the query
name. This allows NXDOMAIN redirection data to be supplied
by multiple zones configured on the server or by recursive
queries to other servers. (The older method, using
a single <span><strong class="command">type redirect</strong></span> zone, has
better average performance but is less flexible.) [RT #37989]
</p></li>
<li><p>
The following types have been implemented: CSYNC, NINFO, RKEY,
SINK, TA, TALINK.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were
not correctly matched unless the full organization name was
specified in the ACL (as in
<span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).
They can now match against the AS number alone (as in
<span><strong class="command">geoip asnum "AS1234";</strong></span>).
</p></li>
<li><p>
When using native PKCS#11 cryptography (i.e.,
<span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs
of up to 256 characters can now be used.
</p></li>
<li><p>
NXDOMAIN responses to queries of type DS are now cached separately
from those for other types. This helps when using "grafted" zones
of type forward, for which the parent zone does not contain a
delegation, such as local top-level domains. Previously a query
of type DS for such a zone could cause the zone apex to be cached
as NXDOMAIN, blocking all subsequent queries. (Note: This
change is only helpful when DNSSEC validation is not enabled.
"Grafted" zones without a delegation in the parent are not a
recommended configuration.)
</p></li>
<li><p>
Update forwarding performance has been improved by allowing
a single TCP connection to be shared between multiple updates.
</p></li>
<li><p>
By default, <span><strong class="command">nsupdate</strong></span> will now check
the correctness of hostnames when adding records of type
A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
disabled with <span><strong class="command">check-names no</strong></span>.
</p></li>
<li><p>
Added support for OPENPGPKEY type.
</p></li>
<li><p>
The names of the files used to store managed keys and added
zones for each view are no longer based on the SHA256 hash
of the view name, except when this is necessary because the
view name contains characters that would be incompatible with use
as a file name. For views whose names do not contain forward
slashes ('/'), backslashes ('\'), or capital letters - which
could potentially cause namespace collision problems on
case-insensitive filesystems - files will now be named
after the view (for example, <code class="filename">internal.mkeys</code>
or <code class="filename">external.nzf</code>). However, to ensure
consistent behavior when upgrading, if a file using the old
name format is found to exist, it will continue to be used.
</p></li>
<li><p>
"rndc" can now return text output of arbitrary size to
the caller. (Prior to this, certain commands such as
"rndc tsig-list" and "rndc zonestatus" could return
truncated output.)
</p></li>
<li><p>
Errors reported when running <span><strong class="command">rndc addzone</strong></span>
(e.g., when a zone file cannot be loaded) have been clarified
to make it easier to diagnose problems.
</p></li>
<li><p>
When encountering an authoritative name server whose name is
an alias pointing to another name, the resolver treats
this as an error and skips to the next server. Previously
this happened silently; now the error will be logged to
the newly-created "cname" log category.
</p></li>
<li><p>
If <span><strong class="command">named</strong></span> is not configured to validate the answer then
allow fallback to plain DNS on timeout even when we know
the server supports EDNS. This will allow the server to
potentially resolve signed queries when TCP is being
blocked.
</p></li>
<li><p>
Large inline-signing changes should be less disruptive.
Signature generation is now done incrementally; the number
of signatures to be generated in each quantum is controlled
by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".
[RT #37927]
</p></li>
<li>
<p>
The experimental SIT option (code point 65001) of BIND
9.10.0 through BIND 9.10.2 has been replaced with the COOKIE
option (code point 10). It is no longer experimental, and
is sent by default, by both <span><strong class="command">named</strong></span> and
<span><strong class="command">dig</strong></span>.
</p>
<p>
The SIT-related named.conf options have been marked as
obsolete, and are otherwise ignored.
</p>
</li>
<li><p>
When <span><strong class="command">dig</strong></span> receives a truncated (TC=1)
response or a BADCOOKIE response code from a server, it
will automatically retry the query using the server COOKIE
that was returned by the server in its initial response.
[RT #39047]
</p></li>
<li><p>
A alternative NXDOMAIN redirect method (nxdomain-redirect)
which allows the redirect information to be looked up from
a namespace on the Internet rather than requiring a zone
to be configured on the server is now available.
</p></li>
<li><p>
Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
</p></li>
<li><p>
Within the <code class="option">response-policy</code> option, it is now
possible to configure RPZ rewrite logging on a per-zone basis
using the <code class="option">log</code> clause.
</p></li>
<li><p>
The default preferred glue is now the address type of the
transport the query was received over.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc"><li><p>
The Microsoft Windows install tool
<span><strong class="command">BINDInstall.exe</strong></span> which requires a
non-free version of Visual Studio to be built, now uses two
files (lists of flags and files) created by the Configure
perl script with all the needed information which were
previously compiled in the binary. Read
<code class="filename">win32utils/build.txt</code> for more details.
[RT #38915]
</p></li></ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
<span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and
<span><strong class="command">nslookup</strong></span> aborted when encountering
a name which, after appending search list elements,
exceeded 255 bytes. Such names are now skipped, but
processing of other names will continue. [RT #36892]
</p></li>
<li><p>
The error message generated when
<span><strong class="command">named-checkzone</strong></span> or
<span><strong class="command">named-checkconf -z</strong></span> encounters a
<code class="option">$TTL</code> directive without a value has
been clarified. [RT #37138]
</p></li>
<li><p>
Semicolon characters (;) included in TXT records were
incorrectly escaped with a backslash when the record was
displayed as text. This is actually only necessary when there
are no quotation marks. [RT #37159]
</p></li>
<li><p>
When files opened for writing by <span><strong class="command">named</strong></span>,
such as zone journal files, were referenced more than once
in <code class="filename">named.conf</code>, it could lead to file
corruption as multiple threads wrote to the same file. This
is now detected when loading <code class="filename">named.conf</code>
and reported as an error. [RT #37172]
</p></li>
<li><p>
When checking for updates to trust anchors listed in
<code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>
now revalidates keys based on the current set of
active trust anchors, without relying on any cached
record of previous validation. [RT #37506]
</p></li>
<li><p>
Large-system tuning
(<span><strong class="command">configure --with-tuning=large</strong></span>) caused
problems on some platforms by setting a socket receive
buffer size that was too large. This is now detected and
corrected at run time. [RT #37187]
</p></li>
<li><p>
When NXDOMAIN redirection is in use, queries for a name
that is present in the redirection zone but a type that
is not present will now return NOERROR instead of NXDOMAIN.
</p></li>
<li><p>
Due to an inadvertent removal of code in the previous
release, when <span><strong class="command">named</strong></span> encountered an
authoritative name server which dropped all EDNS queries,
it did not always try plain DNS. This has been corrected.
[RT #37965]
</p></li>
<li><p>
A regression caused nsupdate to use the default recursive servers
rather than the SOA MNAME server when sending the UPDATE.
</p></li>
<li><p>
Adjusted max-recursion-queries to accommodate the smaller
initial packet sizes used in BIND 9.10 and higher when
contacting authoritative servers for the first time.
</p></li>
<li><p>
Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310]
</p></li>
<li><p>
Two leaks were fixed that could cause <span><strong class="command">named</strong></span>
processes to grow to very large sizes. [RT #38454]
</p></li>
<li><p>
Fixed some bugs in RFC 5011 trust anchor management,
including a memory leak and a possible loss of state
information. [RT #38458]
</p></li>
<li><p>
Asynchronous zone loads were not handled correctly when the
zone load was already in progress; this could trigger a crash
in zt.c. [RT #37573]
</p></li>
<li><p>
A race during shutdown or reconfiguration could
cause an assertion failure in mem.c. [RT #38979]
</p></li>
<li><p>
Some answer formatting options didn't work correctly with
<span><strong class="command">dig +short</strong></span>. [RT #39291]
</p></li>
<li>
<p>
Several bugs have been fixed in the RPZ implementation:
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting
<span><strong class="command">qname-wait-recurse no;</strong></span> was
sometimes ineffective. This has been corrected.
In most configurations, behavioral changes due to this
fix will not be noticeable. [RT #39229]
</p></li>
<li><p>
The server could crash if policy zones were updated (e.g.
via <span><strong class="command">rndc reload</strong></span> or an incoming zone
transfer) while RPZ processing was still ongoing for an
active query. [RT #39415]
</p></li>
<li><p>
On servers with one or more policy zones configured as
slaves, if a policy zone updated during regular operation
(rather than at startup) using a full zone reload, such as
via AXFR, a bug could allow the RPZ summary data to fall out
of sync, potentially leading to an assertion failure in
rpz.c when further incremental updates were made to the
zone, such as via IXFR. [RT #39567]
</p></li>
<li><p>
The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an
unexpected action could be taken. This has been
corrected. [RT #39481]
</p></li>
<li><p>
The server could crash if a reload of an RPZ zone was
initiated while another reload of the same zone was
already in progress. [RT #39649]
</p></li>
</ul></div>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.11 is yet to be determined but
will not be before BIND 9.13.0 has been released for 6 months.
<a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div></div></body>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><font color="red">&lt;xi:include&gt;&lt;/xi:include&gt;</font></div></body>
</html>

3
doc/misc/options
View File

@@ -17,6 +17,8 @@ dlz <string> {
search <boolean>;
};
dyndb <string> <quoted_string> { <unspecified text> };
key <string> {
algorithm <string>;
secret <string>;
@@ -431,6 +433,7 @@ view <string> [ <class> ] {
<integer> ] [ dscp <integer> ] | <ipv4_address> [ port
<integer> ] [ dscp <integer> ] | <ipv6_address> [ port
<integer> ] [ dscp <integer> ] ); ... };
dyndb <string> <quoted_string> { <unspecified text> };
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;