From c60ee6edf129596fa04db86c6865d75b5a412598 Mon Sep 17 00:00:00 2001 From: Tinderbox User Date: Wed, 17 Dec 2014 01:04:43 +0000 Subject: [PATCH] regen master --- doc/arm/Bv9ARM.ch04.html | 86 ++++++++++++++-------------- doc/arm/Bv9ARM.ch06.html | 56 +++++++++--------- doc/arm/Bv9ARM.ch07.html | 4 +- doc/arm/Bv9ARM.ch08.html | 8 +-- doc/arm/Bv9ARM.ch09.html | 49 +++++++++------- doc/arm/Bv9ARM.html | 72 +++++++++++------------ doc/arm/man.arpaname.html | 6 +- doc/arm/man.ddns-confgen.html | 8 +-- doc/arm/man.delv.html | 12 ++-- doc/arm/man.dig.html | 18 +++--- doc/arm/man.dnssec-checkds.html | 8 +-- doc/arm/man.dnssec-coverage.html | 8 +-- doc/arm/man.dnssec-dsfromkey.html | 14 ++--- doc/arm/man.dnssec-importkey.html | 12 ++-- doc/arm/man.dnssec-keyfromlabel.html | 12 ++-- doc/arm/man.dnssec-keygen.html | 14 ++--- doc/arm/man.dnssec-revoke.html | 8 +-- doc/arm/man.dnssec-settime.html | 12 ++-- doc/arm/man.dnssec-signzone.html | 10 ++-- doc/arm/man.dnssec-verify.html | 8 +-- doc/arm/man.genrandom.html | 8 +-- doc/arm/man.host.html | 8 +-- doc/arm/man.isc-hmac-fixup.html | 8 +-- doc/arm/man.named-checkconf.html | 10 ++-- doc/arm/man.named-checkzone.html | 10 ++-- doc/arm/man.named-journalprint.html | 6 +- doc/arm/man.named-rrchecker.html | 4 +- doc/arm/man.named.html | 14 ++--- doc/arm/man.nsec3hash.html | 8 +-- doc/arm/man.nsupdate.html | 12 ++-- doc/arm/man.rndc-confgen.html | 10 ++-- doc/arm/man.rndc.conf.html | 10 ++-- doc/arm/man.rndc.html | 12 ++-- doc/arm/notes.html | 5 ++ 34 files changed, 281 insertions(+), 269 deletions(-) diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 751598d3c0..867a78f142 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -70,17 +70,17 @@
DNSSEC, Dynamic Zones, and Automatic Signing
-
Converting from insecure to secure
+
Converting from insecure to secure
Dynamic DNS update method
Fully automatic zone signing
-
Private-type records
-
DNSKEY rollovers
-
Dynamic DNS update method
-
Automatic key rollovers
-
NSEC3PARAM rollovers via UPDATE
-
Converting from NSEC to NSEC3
-
Converting from NSEC3 to NSEC
-
Converting from secure to insecure
+
Private-type records
+
DNSKEY rollovers
+
Dynamic DNS update method
+
Automatic key rollovers
+
NSEC3PARAM rollovers via UPDATE
+
Converting from NSEC to NSEC3
+
Converting from NSEC3 to NSEC
+
Converting from secure to insecure
Periodic re-signing
NSEC3 and OPTOUT
@@ -91,18 +91,18 @@
PKCS#11 (Cryptoki) support
-
Prerequisites
-
Native PKCS#11
-
OpenSSL-based PKCS#11
-
PKCS#11 Tools
-
Using the HSM
-
Specifying the engine on the command line
-
Running named with automatic zone re-signing
+
Prerequisites
+
Native PKCS#11
+
OpenSSL-based PKCS#11
+
PKCS#11 Tools
+
Using the HSM
+
Specifying the engine on the command line
+
Running named with automatic zone re-signing
DLZ (Dynamically Loadable Zones)
-
Configuring DLZ
-
Sample DLZ Driver
+
Configuring DLZ
+
Sample DLZ Driver
IPv6 Support in BIND 9
@@ -1080,7 +1080,7 @@ options { from insecure to signed and back again. A secure zone can use either NSEC or NSEC3 chains.

-Converting from insecure to secure

+Converting from insecure to secure

Changing a zone from insecure to secure can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.

@@ -1198,7 +1198,7 @@ options { configuration. If this has not been done, the configuration will fail.

-Private-type records

+Private-type records

The state of the signing process is signaled by private-type records (with a default type value of 65534). When signing is complete, these records will have a nonzero value for @@ -1239,12 +1239,12 @@ options {

-DNSKEY rollovers

+DNSKEY rollovers

As with insecure-to-secure conversions, rolling DNSSEC keys can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.

-Dynamic DNS update method

+Dynamic DNS update method

To perform key rollovers via dynamic update, you need to add the K* files for the new keys so that named can find them. You can then add the new @@ -1266,7 +1266,7 @@ options { named will clean out any signatures generated by the old key after the update completes.

-Automatic key rollovers

+Automatic key rollovers

When a new key reaches its activation date (as set by dnssec-keygen or dnssec-settime), if the auto-dnssec zone option is set to @@ -1281,27 +1281,27 @@ options { completes in 30 days, after which it will be safe to remove the old key from the DNSKEY RRset.

-NSEC3PARAM rollovers via UPDATE

+NSEC3PARAM rollovers via UPDATE

Add the new NSEC3PARAM record via dynamic update. When the new NSEC3 chain has been generated, the NSEC3PARAM flag field will be zero. At this point you can remove the old NSEC3PARAM record. The old chain will be removed after the update request completes.

-Converting from NSEC to NSEC3

+Converting from NSEC to NSEC3

To do this, you just need to add an NSEC3PARAM record. When the conversion is complete, the NSEC chain will have been removed and the NSEC3PARAM record will have a zero flag field. The NSEC3 chain will be generated before the NSEC chain is destroyed.

-Converting from NSEC3 to NSEC

+Converting from NSEC3 to NSEC

To do this, use nsupdate to remove all NSEC3PARAM records with a zero flag field. The NSEC chain will be generated before the NSEC3 chain is removed.

-Converting from secure to insecure

+Converting from secure to insecure

To convert a signed zone to unsigned using dynamic DNS, delete all the DNSKEY records from the zone apex using nsupdate. All signatures, NSEC or NSEC3 chains, @@ -1452,7 +1452,7 @@ $ dnssec-signzone -S -K keys example.net<

-Prerequisites

+Prerequisites

See the documentation provided by your HSM vendor for information about installing, initializing, testing and @@ -1461,7 +1461,7 @@ $ dnssec-signzone -S -K keys example.net<

-Native PKCS#11

+Native PKCS#11

Native PKCS#11 mode will only work with an HSM capable of carrying out every cryptographic operation BIND 9 may @@ -1495,7 +1495,7 @@ $ ./configure --enable-native-pkcs11 \

-OpenSSL-based PKCS#11

+OpenSSL-based PKCS#11

OpenSSL-based PKCS#11 mode uses a modified version of the OpenSSL library; stock OpenSSL does not fully support PKCS#11. @@ -1553,7 +1553,7 @@ $ ./configure --enable-native-pkcs11 \

-Patching OpenSSL

+Patching OpenSSL
 $ wget http://www.openssl.org/source/openssl-0.9.8y.tar.gz
@@ -1586,7 +1586,7 @@ $ patch -p1 -d openssl-0.9.8y \

-Building OpenSSL for the AEP Keyper on Linux

+Building OpenSSL for the AEP Keyper on Linux

The AEP Keyper is a highly secure key storage device, but does not provide hardware cryptographic acceleration. It @@ -1628,7 +1628,7 @@ $ ./Configure linux-generic32 -m32 -pthread \

-Building OpenSSL for the SCA 6000 on Solaris

+Building OpenSSL for the SCA 6000 on Solaris

The SCA-6000 PKCS#11 provider is installed as a system library, libpkcs11. It is a true crypto accelerator, up to 4 @@ -1657,7 +1657,7 @@ $ ./Configure solaris64-x86_64-cc \

-Building OpenSSL for SoftHSM

+Building OpenSSL for SoftHSM

SoftHSM is a software library provided by the OpenDNSSEC project (http://www.opendnssec.org) which provides a PKCS#11 @@ -1730,7 +1730,7 @@ $ ./Configure linux-x86_64 -pthread \

-Configuring BIND 9 for Linux with the AEP Keyper

+Configuring BIND 9 for Linux with the AEP Keyper

To link with the PKCS#11 provider, threads must be enabled in the BIND 9 build. @@ -1750,7 +1750,7 @@ $ ./configure CC="gcc -m32" --enable-threads \

-Configuring BIND 9 for Solaris with the SCA 6000

+Configuring BIND 9 for Solaris with the SCA 6000

To link with the PKCS#11 provider, threads must be enabled in the BIND 9 build. @@ -1772,7 +1772,7 @@ $ ./configure CC="cc -xarch=amd64" --enable-thre

-Configuring BIND 9 for SoftHSM

+Configuring BIND 9 for SoftHSM
 $ cd ../bind9
 $ ./configure --enable-threads \
@@ -1793,7 +1793,7 @@ $ ./configure --enable-threads \
 
 

 

-PKCS#11 Tools

+PKCS#11 Tools

 

       BIND 9 includes a minimal set of tools to operate the
       HSM, including 
@@ -1816,7 +1816,7 @@ $ ./configure --enable-threads \
 
 

 

-Using the HSM

+Using the HSM

 

       For OpenSSL-based PKCS#11, we must first set up the runtime
       environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -1937,7 +1937,7 @@ example.net.signed
 
 

 

-Specifying the engine on the command line

+Specifying the engine on the command line

 

       When using OpenSSL-based PKCS#11, the "engine" to be used by
       OpenSSL can be specified in named and all of
@@ -1969,7 +1969,7 @@ $ dnssec-signzone -E '' -S example.net
 

 

-Running named with automatic zone re-signing

+Running named with automatic zone re-signing

 

       If you want named to dynamically re-sign zones
       using HSM keys, and/or to to sign new records inserted via nsupdate,
@@ -2056,7 +2056,7 @@ $ dnssec-signzone -E '' -S example.net
 

 

-Configuring DLZ

+Configuring DLZ

 

       A DLZ database is configured with a dlz
       statement in named.conf:
@@ -2105,7 +2105,7 @@ $ dnssec-signzone -E '' -S example.net
 

 

-Sample DLZ Driver

+Sample DLZ Driver

 

       For guidance in implementation of DLZ modules, the directory
       contrib/dlz/example contains a basic
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index d8b32aa2c3..34d3662a1b 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -78,28 +78,28 @@
 
server Statement Definition and
             Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

 
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Definition
             and Usage

-
managed-keys Statement Grammar

+
managed-keys Statement Grammar

 
managed-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage
Zone File
Types of Resource Records and When to Use Them
-
Discussion of MX Records
+
Discussion of MX Records
Setting TTLs
Inverse Mapping in IPv4
Other Zone File Directives
-
BIND Master File Extension: the $GENERATE Directive
+
BIND Master File Extension: the $GENERATE Directive
Additional File Formats
BIND9 Statistics
@@ -5807,8 +5807,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; Sets the maximum number of iterative queries that may be sent while servicing a recursive query. If more queries are sent, the recursive query - is terminated and returns SERVFAIL. The default - is 50. + is terminated and returns SERVFAIL. Queries to + look up top level comains such as "com" and "net" + and the DNS root zone are exempt from this limitation. + The default is 75.

notify-delay
@@ -6325,7 +6327,7 @@ deny-answer-aliases { "example.net"; };

-Response Policy Zone (RPZ) Rewriting

+Response Policy Zone (RPZ) Rewriting

BIND 9 includes a limited mechanism to modify DNS responses for requests @@ -6696,7 +6698,7 @@ example.com CNAME rpz-tcp-only.

-Response Rate Limiting

+Response Rate Limiting

Excessive almost identical UDP responses can be controlled by configuring a @@ -7210,7 +7212,7 @@ example.com CNAME rpz-tcp-only.

-statistics-channels Statement Definition and +statistics-channels Statement Definition and Usage

The statistics-channels statement @@ -7326,7 +7328,7 @@ example.com CNAME rpz-tcp-only.

-trusted-keys Statement Definition +trusted-keys Statement Definition and Usage

The trusted-keys statement defines @@ -7370,7 +7372,7 @@ example.com CNAME rpz-tcp-only.

-managed-keys Statement Grammar

+managed-keys Statement Grammar
managed-keys {
     name initial-key flags protocol algorithm key-data ;
     [ name initial-key flags protocol algorithm key-data ; [...]]
@@ -7508,7 +7510,7 @@ example.com                 CNAME   rpz-tcp-only.
 
 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             feature
@@ -7830,10 +7832,10 @@ zone zone_name [
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 
@@ -9905,7 +9907,7 @@ view external {
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -10108,7 +10110,7 @@ view external {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -10439,7 +10441,7 @@ view external {
           

 

-The @ (at-sign)

+The @ (at-sign)

               When used in the label (or name) field, the asperand or
               at-sign (@) symbol represents the current origin.
@@ -10450,7 +10452,7 @@ view external {
 
 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
               domain-name
@@ -10479,7 +10481,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -10515,7 +10517,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -10534,7 +10536,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
             range
@@ -10977,7 +10979,7 @@ HOST-127.EXAMPLE. MX 0 .
           

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 
 

 
 
 
 
 
 
 
 
 
 
 
@@ -11573,7 +11575,7 @@ HOST-127.EXAMPLE. MX 0 .
 

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 
 

 
 
@@ -11727,7 +11729,7 @@ HOST-127.EXAMPLE. MX 0 .
 

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 
 

 
 
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 00e2a62726..93d8787391 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -46,7 +46,7 @@
 
Table of Contents

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

 
The chroot Environment

 
Using the setuid Function

@@ -245,7 +245,7 @@ allow-query { !{ !10/8; any; }; key example; };
 
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

           On UNIX servers, it is possible to run BIND
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 89c9e615d3..9b56b846a2 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -47,8 +47,8 @@
 

 
Common Problems

 
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

@@ -68,7 +68,7 @@
 

 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

 

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

 

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 4d42ea0595..b5d91ce2a9 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -58,7 +58,7 @@
 

 
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

@@ -68,13 +68,13 @@
 

 
BIND 9 DNS Library Support

 

-
Prerequisite

-
Compilation

-
Installation

-
Known Defects/Restrictions

-
The dns.conf File

-
Sample Applications

-
Library References

+
Prerequisite

+
Compilation

+
Installation

+
Known Defects/Restrictions

+
The dns.conf File

+
Sample Applications

+
Library References

 

 

@@ -412,6 +412,11 @@
 	  A regression caused nsupdate to use the default recursive servers
 	  rather than the SOA MNAME server when sending the UPDATE.
         

+
  • 
+	  Adjusted max-recursion-queries to accommodate the smaller
+	  initial packet sizes used in BIND 9.10 and higher when
+	  contacting authoritative servers for the first time.
+        
    • 
@@ -539,7 +544,7 @@
 
    
 
    
-General DNS Reference Information
    
+General DNS Reference Information
    
 
    
 IPv6 addresses (AAAA)
    
@@ -1015,7 +1020,7 @@
 
    
 
    
-Prerequisite
    
+Prerequisite
    GNU make is required to build the export libraries (other
   part of BIND 9 can still be built with other types of make). In
   the reminder of this document, "make" means GNU make. Note that
@@ -1024,7 +1029,7 @@
 
 
    
 
    
-Compilation
    
+Compilation
     $ ./configure --enable-exportlib [other flags]
 $ make
@@ -1039,7 +1044,7 @@ $ make
 
 
    
 
    
-Installation
    
+Installation
    
 
     $ cd lib/export
 $ make install
@@ -1061,7 +1066,7 @@ $ make install
 
 
    
 
    
-Known Defects/Restrictions
    
+Known Defects/Restrictions
    
 
      
 
    • Currently, win32 is not supported for the export
       library. (Normal BIND 9 application can be built as
@@ -1101,7 +1106,7 @@ $ make
 
    
 
    
 
    
-The dns.conf File
    
+The dns.conf File
    
 
    The IRS library supports an "advanced" configuration file
   related to the DNS library for configuration parameters that
   would be beyond the capability of the
@@ -1119,14 +1124,14 @@ $ make
 
 
    
 
    
-Sample Applications
    
+Sample Applications
    
 
    Some sample application programs using this API are
   provided for reference. The following is a brief description of
   these applications.
   
    
 
    
 
    
-sample: a simple stub resolver utility
    
+sample: a simple stub resolver utility
    
 
    
   It sends a query of a given name (of a given optional RR type) to a
   specified recursive server, and prints the result as a list of
@@ -1190,7 +1195,7 @@ $ make
 
 
    
 
    
-sample-async: a simple stub resolver, working asynchronously
    
+sample-async: a simple stub resolver, working asynchronously
    
 
    
   Similar to "sample", but accepts a list
   of (query) domain names as a separate file and resolves the names
@@ -1231,7 +1236,7 @@ $ make
 
 
    
 
    
-sample-request: a simple DNS transaction client
    
+sample-request: a simple DNS transaction client
    
 
    
   It sends a query to a specified server, and
   prints the response with minimal processing. It doesn't act as a
@@ -1272,7 +1277,7 @@ $ make
 
 
    
 
    
-sample-gai: getaddrinfo() and getnameinfo() test code
    
+sample-gai: getaddrinfo() and getnameinfo() test code
    
 
    
   This is a test program
   to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -1289,7 +1294,7 @@ $ make
 
 
    
 
    
-sample-update: a simple dynamic update client program
    
+sample-update: a simple dynamic update client program
    
 
    
   It accepts a single update command as a
   command-line argument, sends an update request message to the
@@ -1384,7 +1389,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
 
 
    
 
    
-nsprobe: domain/name server checker in terms of RFC 4074
    
+nsprobe: domain/name server checker in terms of RFC 4074
    
 
    
   It checks a set
   of domains to see the name servers of the domains behave
@@ -1441,7 +1446,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
 
 
    
 
    
-Library References
    
+Library References
    
 
    As of this writing, there is no formal "manual" of the
   libraries, except this document, header files (some of them
   provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 65a0506020..a08bbd6957 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -114,17 +114,17 @@
 
 
    DNSSEC, Dynamic Zones, and Automatic Signing
    
 
    
-
    Converting from insecure to secure
    
+
    Converting from insecure to secure
    
 
    Dynamic DNS update method
    
 
    Fully automatic zone signing
    
-
    Private-type records
    
-
    DNSKEY rollovers
    
-
    Dynamic DNS update method
    
-
    Automatic key rollovers
    
-
    NSEC3PARAM rollovers via UPDATE
    
-
    Converting from NSEC to NSEC3
    
-
    Converting from NSEC3 to NSEC
    
-
    Converting from secure to insecure
    
+
    Private-type records
    
+
    DNSKEY rollovers
    
+
    Dynamic DNS update method
    
+
    Automatic key rollovers
    
+
    NSEC3PARAM rollovers via UPDATE
    
+
    Converting from NSEC to NSEC3
    
+
    Converting from NSEC3 to NSEC
    
+
    Converting from secure to insecure
    
 
    Periodic re-signing
    
 
    NSEC3 and OPTOUT
    
 
    
@@ -135,18 +135,18 @@
 
 
    PKCS#11 (Cryptoki) support
    
 
    
-
    Prerequisites
    
-
    Native PKCS#11
    
-
    OpenSSL-based PKCS#11
    
-
    PKCS#11 Tools
    
-
    Using the HSM
    
-
    Specifying the engine on the command line
    
-
    Running named with automatic zone re-signing
    
+
    Prerequisites
    
+
    Native PKCS#11
    
+
    OpenSSL-based PKCS#11
    
+
    PKCS#11 Tools
    
+
    Using the HSM
    
+
    Specifying the engine on the command line
    
+
    Running named with automatic zone re-signing
    
 
    
 
    DLZ (Dynamically Loadable Zones)
    
 
    
-
    Configuring DLZ
    
-
    Sample DLZ Driver
    
+
    Configuring DLZ
    
+
    Sample DLZ Driver
    
 
    
 
    IPv6 Support in BIND 9
    
 
    
@@ -194,28 +194,28 @@
 
    server Statement Definition and
             Usage
    
 
    statistics-channels Statement Grammar
    
-
    statistics-channels Statement Definition and
+
    statistics-channels Statement Definition and
             Usage
    
 
    trusted-keys Statement Grammar
    
-
    trusted-keys Statement Definition
+
    trusted-keys Statement Definition
             and Usage
    
-
    managed-keys Statement Grammar
    
+
    managed-keys Statement Grammar
    
 
    managed-keys Statement Definition
             and Usage
    
 
    view Statement Grammar
    
-
    view Statement Definition and Usage
    
+
    view Statement Definition and Usage
    
 
    zone
             Statement Grammar
    
-
    zone Statement Definition and Usage
    
+
    zone Statement Definition and Usage
    
 
    
 
    Zone File
    
 
    
 
    Types of Resource Records and When to Use Them
    
-
    Discussion of MX Records
    
+
    Discussion of MX Records
    
 
    Setting TTLs
    
 
    Inverse Mapping in IPv4
    
 
    Other Zone File Directives
    
-
    BIND Master File Extension: the  $GENERATE Directive
    
+
    BIND Master File Extension: the  $GENERATE Directive
    
 
    Additional File Formats
    
 
    
 
    BIND9 Statistics
    
@@ -224,7 +224,7 @@
 
    7. BIND 9 Security Considerations
    
 
    
 
    Access Control Lists
    
-
    Chroot and Setuid
    
+
    Chroot and Setuid
    
 
    
 
    The chroot Environment
    
 
    Using the setuid Function
    
@@ -235,8 +235,8 @@
 
    
 
    Common Problems
    
 
    It's not working; how can I figure out what's wrong?
    
-
    Incrementing and Changing the Serial Number
    
-
    Where Can I Get Help?
    
+
    Incrementing and Changing the Serial Number
    
+
    Where Can I Get Help?
    
 
    
 
    A. Appendices
    
 
    
@@ -253,7 +253,7 @@
 
    
 
    Acknowledgments
    
 
    A Brief History of the DNS and BIND
    
-
    General DNS Reference Information
    
+
    General DNS Reference Information
    
 
    IPv6 addresses (AAAA)
    
 
    Bibliography (and Suggested Reading)
    
 
    
@@ -263,13 +263,13 @@
 
    
 
    BIND 9 DNS Library Support
    
 
    
-
    Prerequisite
    
-
    Compilation
    
-
    Installation
    
-
    Known Defects/Restrictions
    
-
    The dns.conf File
    
-
    Sample Applications
    
-
    Library References
    
+
    Prerequisite
    
+
    Compilation
    
+
    Installation
    
+
    Known Defects/Restrictions
    
+
    The dns.conf File
    
+
    Sample Applications
    
+
    Library References
    
 
    
 
    
 
    I. Manual pages
    
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index f4c0858074..47da5830ac 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
 
    arpaname  {ipaddress ...}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    
       arpaname translates IP addresses (IPv4 and
       IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       BIND 9 Administrator Reference Manual.
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 0a4cac9747..b2b2846444 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -51,7 +51,7 @@
 
    ddns-confgen  [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name  |   -z zone ]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    
       tsig-keygen and ddns-confgen
       are invocation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -a algorithm
    
 
    
@@ -159,7 +159,7 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    nsupdate(1),
       named.conf(5),
       named(8),
@@ -167,7 +167,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html
index 574ab93af0..cf3f79b787 100644
--- a/doc/arm/man.delv.html
+++ b/doc/arm/man.delv.html
@@ -53,7 +53,7 @@
 
    delv  [queryopt...] [query...]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    delv
       (Domain Entity Lookup & Validation) is a tool for sending
       DNS queries and validating the results, using the the same internal
@@ -96,7 +96,7 @@
     
    
 
    
 
    
-
    SIMPLE USAGE
    
+
    SIMPLE USAGE
    
 
    
       A typical invocation of delv looks like:
       
    
@@ -151,7 +151,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -a anchor-file
    
 
    
@@ -285,7 +285,7 @@
 
    
 
    
 
    
-
    QUERY OPTIONS
    
+
    QUERY OPTIONS
    
 
    delv
       provides a number of query options which affect the way results are
       displayed, and in some cases the way lookups are performed.
@@ -471,12 +471,12 @@
     
    
 
    
 
    
-
    FILES
    
+
    FILES
    
 
    /etc/bind.keys
    
 
    /etc/resolv.conf
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dig(1),
       named(8),
       RFC4034,
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 359530f95f..f78d39346b 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
 
    dig  [global-queryopt...] [query...]
    
 
    
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -99,7 +99,7 @@
     
    
 
    
 
    
-
    SIMPLE USAGE
    
+
    SIMPLE USAGE
    
 
    
       A typical invocation of dig looks like:
       
    
@@ -152,7 +152,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -260,7 +260,7 @@
     
    
 
    
 
    
-
    QUERY OPTIONS
    
+
    QUERY OPTIONS
    
 
    dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -688,7 +688,7 @@
     
    
 
    
 
    
-
    MULTIPLE QUERIES
    
+
    MULTIPLE QUERIES
    
 
    
       The BIND 9 implementation of dig 
       supports
@@ -734,7 +734,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     
    
 
    
 
    
-
    IDN SUPPORT
    
+
    IDN SUPPORT
    
 
    
       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -748,14 +748,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     
    
 
    
 
    
-
    FILES
    
+
    FILES
    
 
    /etc/resolv.conf
     
    
 
    ${HOME}/.digrc
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    host(1),
       named(8),
       dnssec-keygen(8),
@@ -763,7 +763,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     
    
 
    
 
    
-
    BUGS
    
+
    BUGS
    
 
    
       There are probably too many query options.
     
    
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index a5bc938045..c4afc97efa 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -51,7 +51,7 @@
 
    dnssec-dsfromkey  [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}
    
 
    
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-checkds
       verifies the correctness of Delegation Signer (DS) or DNSSEC
       Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -f file
    
 
    
@@ -88,14 +88,14 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-dsfromkey(8),
       dnssec-keygen(8),
       dnssec-signzone(8),
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index bac5d2ba24..5a58aab02e 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -50,7 +50,7 @@
 
    dnssec-coverage  [-K directory] [-l length] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [-k] [-z] [zone]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-coverage
       verifies that the DNSSEC keys for a given zone or a set of zones
       have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -K directory
    
 
    
@@ -192,7 +192,7 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       dnssec-checkds(8),
       dnssec-dsfromkey(8),
@@ -201,7 +201,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index a1a04a0fec..f9e61c1193 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -52,14 +52,14 @@
 
    dnssec-dsfromkey  [-h] [-V]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -1
    
 
    
@@ -144,7 +144,7 @@
 
    
 
    
 
    
-
    EXAMPLE
    
+
    EXAMPLE
    
 
    
       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -159,7 +159,7 @@
     
    
 
    
 
    
-
    FILES
    
+
    FILES
    
 
    
       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -173,13 +173,13 @@
     
    
 
    
 
    
-
    CAVEAT
    
+
    CAVEAT
    
 
    
       A keyfile error can give a "file not found" even if the file exists.
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -189,7 +189,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index 68608e5274..2101a06758 100644
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -51,7 +51,7 @@
 
    dnssec-importkey  {-f filename} [-K directory] [-L ttl] [-P date/offset] [-D date/offset] [-h] [-v level] [-V] [dnsname]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-importkey
       reads a public DNSKEY record and generates a pair of
       .key/.private files.  The DNSKEY record may be read from an
@@ -71,7 +71,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -f filename
    
 
    
@@ -114,7 +114,7 @@
 
    
 
    
 
    
-
    TIMING OPTIONS
    
+
    TIMING OPTIONS
    
 
    
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -142,7 +142,7 @@
 
    
 
 
    
-
    FILES
    
+
    FILES
    
 
    
       A keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -151,7 +151,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -159,7 +159,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 230cf3123e..8bb303c788 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -50,7 +50,7 @@
 
    dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-V] [-y] {name}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-keyfromlabel
       generates a key pair of files that referencing a key object stored
       in a cryptographic hardware service module (HSM).  The private key
@@ -66,7 +66,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -a algorithm
    
 
    
@@ -243,7 +243,7 @@
 
    
 
    
 
    
-
    TIMING OPTIONS
    
+
    TIMING OPTIONS
    
 
    
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -315,7 +315,7 @@
 
    
 
 
    
-
    GENERATED KEY FILES
    
+
    GENERATED KEY FILES
    
 
    
       When dnssec-keyfromlabel completes
       successfully,
@@ -354,7 +354,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -363,7 +363,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 5eb96de386..2fa0758443 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
 
    dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v level] [-V] [-z] {name}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -a algorithm
    
 
    
@@ -285,7 +285,7 @@
 
    
 
    
 
    
-
    TIMING OPTIONS
    
+
    TIMING OPTIONS
    
 
    
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -359,7 +359,7 @@
 
    
 
 
    
-
    GENERATED KEYS
    
+
    GENERATED KEYS
    
 
    
       When dnssec-keygen completes
       successfully,
@@ -405,7 +405,7 @@
     
    
 
    
 
    
-
    EXAMPLE
    
+
    EXAMPLE
    
 
    
       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -426,7 +426,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -435,7 +435,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 9000ab71c7..cdb4d58190 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -50,7 +50,7 @@
 
    dnssec-revoke  [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -h
    
 
    
@@ -109,14 +109,14 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 0f2b4e0133..9510614164 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -50,7 +50,7 @@
 
    dnssec-settime  [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-V] [-v level] [-E engine] {keyfile}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -76,7 +76,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -f
    
 
    
@@ -131,7 +131,7 @@
 
    
 
    
 
    
-
    TIMING OPTIONS
    
+
    TIMING OPTIONS
    
 
    
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -210,7 +210,7 @@
 
    
 
 
    
-
    PRINTING OPTIONS
    
+
    PRINTING OPTIONS
    
 
    
       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -236,7 +236,7 @@
 
    
 
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -244,7 +244,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 701e8c45aa..8ad2772713 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -50,7 +50,7 @@
 
    dnssec-signzone  [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-M domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-Q] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-V] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -a
    
 
    
@@ -512,7 +512,7 @@
 
    
 
    
 
    
-
    EXAMPLE
    
+
    EXAMPLE
    
 
    
       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -542,14 +542,14 @@ db.example.com.signed
 %
    
 
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 4033, RFC 4641.
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index 49ab2988f8..bb23a75f59 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -50,7 +50,7 @@
 
    dnssec-verify  [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-V] [-x] [-z] {zonefile}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    dnssec-verify
       verifies that a zone is fully signed for each algorithm found
       in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -c class
    
 
    
@@ -138,7 +138,7 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -146,7 +146,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index 347ce465b2..dc887f4b21 100644
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -50,7 +50,7 @@
 
    genrandom  [-n number] {size} {filename}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    
       genrandom
       generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
     
    
 
    
 
    
-
    ARGUMENTS
    
+
    ARGUMENTS
    
 
    
 
    -n number
    
 
    
@@ -77,14 +77,14 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       rand(3),
       arc4random(3)
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index e6126e93db..3c1a444054 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -50,7 +50,7 @@
 
    host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] [-v] [-V] {name} [server]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -214,7 +214,7 @@
     
    
 
    
 
    
-
    IDN SUPPORT
    
+
    IDN SUPPORT
    
 
    
       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -228,12 +228,12 @@
     
    
 
    
 
    
-
    FILES
    
+
    FILES
    
 
    /etc/resolv.conf
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    dig(1),
       named(8).
     
    
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index 297ce9f790..7f91f0eecb 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -50,7 +50,7 @@
 
    isc-hmac-fixup  {algorithm} {secret}
    
 
    
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    
       Versions of BIND 9 up to and including BIND 9.6 had a bug causing
       HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
     
    
 
    
 
    
-
    SECURITY CONSIDERATIONS
    
+
    SECURITY CONSIDERATIONS
    
 
    
       Secrets that have been converted by isc-hmac-fixup
       are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       BIND 9 Administrator Reference Manual,
       RFC 2104.
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 4f71a3346c..13670c957a 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -50,7 +50,7 @@
 
    named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-p] [-x] [-z]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    named-checkconf
       checks the syntax, but not the semantics, of a
       named configuration file.  The file is parsed
@@ -70,7 +70,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -h
    
 
    
@@ -119,21 +119,21 @@
 
    
 
    
 
    
-
    RETURN VALUES
    
+
    RETURN VALUES
    
 
    named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 828bb735b2..9727c4428f 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -51,7 +51,7 @@
 
    named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-l ttl] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -d
    
 
    
@@ -305,14 +305,14 @@
 
    
 
    
 
    
-
    RETURN VALUES
    
+
    RETURN VALUES
    
 
    named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    named(8),
       named-checkconf(8),
       RFC 1035,
@@ -320,7 +320,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index d78e971af5..6048ab9df1 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -50,7 +50,7 @@
 
    named-journalprint  {journal}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    
       named-journalprint
       prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       named(8),
       nsupdate(8),
@@ -84,7 +84,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html
index e3664cdd7e..a958d7b2ea 100644
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -50,7 +50,7 @@
 
    named-rrchecker  [-h] [-o origin] [-p] [-u] [-C] [-T] [-P]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    named-rrchecker
      read a individual DNS resource record from standard input and checks if it
      is syntactically correct.
@@ -78,7 +78,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       RFC 1034,
       RFC 1035,
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index f3e9e77968..51c0d8be37 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -50,7 +50,7 @@
 
    named  [-4] [-6] [-c config-file] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-L logfile] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file]
    
 
    
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -4
    
 
    
@@ -281,7 +281,7 @@
 
    
 
    
 
    
-
    SIGNALS
    
+
    SIGNALS
    
 
    
       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -302,7 +302,7 @@
     
    
 
    
 
    
-
    CONFIGURATION
    
+
    CONFIGURATION
    
 
    
       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -319,7 +319,7 @@
     
    
 
    
 
    
-
    FILES
    
+
    FILES
    
 
    
 
    /etc/named.conf
    
 
    
@@ -332,7 +332,7 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -345,7 +345,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index 83347d137d..778b57aae9 100644
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -48,7 +48,7 @@
 
    nsec3hash  {salt} {algorithm} {iterations} {domain}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    
       nsec3hash generates an NSEC3 hash based on
       a set of NSEC3 parameters.  This can be used to check the validity
@@ -56,7 +56,7 @@
     
    
 
    
 
    
-
    ARGUMENTS
    
+
    ARGUMENTS
    
 
    
 
    salt
    
 
    
@@ -80,14 +80,14 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       BIND 9 Administrator Reference Manual,
       RFC 5155.
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index f9fd0189aa..d7598a9eec 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -50,7 +50,7 @@
 
    nsupdate  [-d] [-D] [[-g] |  [-o] |  [-l] |  [-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [-V] [filename]
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
       to a name server.
@@ -236,7 +236,7 @@
     
    
 
    
 
    
-
    INPUT FORMAT
    
+
    INPUT FORMAT
    
 
    nsupdate
       reads input from
       filename
@@ -549,7 +549,7 @@
     
    
 
    
 
    
-
    EXAMPLES
    
+
    EXAMPLES
    
 
    
       The examples below show how
       nsupdate
@@ -603,7 +603,7 @@
     
    
 
    
 
    
-
    FILES
    
+
    FILES
    
 
    
 
    /etc/resolv.conf
    
 
    
@@ -626,7 +626,7 @@
 
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    
       RFC 2136,
       RFC 3007,
@@ -641,7 +641,7 @@
     
    
 
    
 
    
-
    BUGS
    
+
    BUGS
    
 
    
       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 1656b68bee..700d2b79da 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
 
    rndc-confgen  [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
    
 
    
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -66,7 +66,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -a
    
 
    
@@ -180,7 +180,7 @@
 
    
 
    
 
    
-
    EXAMPLES
    
+
    EXAMPLES
    
 
    
       To allow rndc to be used with
       no manual configuration, run
@@ -197,7 +197,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    rndc(8),
       rndc.conf(5),
       named(8),
@@ -205,7 +205,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 18c3f3bceb..49b5485403 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -50,7 +50,7 @@
 
    rndc.conf 
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
     
    
 
    
 
    
-
    EXAMPLE
    
+
    EXAMPLE
    
 
           options {
         default-server  localhost;
@@ -210,7 +210,7 @@
     
    
 
    
 
    
-
    NAME SERVER CONFIGURATION
    
+
    NAME SERVER CONFIGURATION
    
 
    
       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -220,7 +220,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -228,7 +228,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 8e4d5df6a2..556a135352 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -50,7 +50,7 @@
 
    rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-V] [-y key_id] {command}
    
 
 
    
-
    DESCRIPTION
    
+
    DESCRIPTION
    
 
    rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -81,7 +81,7 @@
     
    
 
    
 
    
-
    OPTIONS
    
+
    OPTIONS
    
 
    
 
    -b source-address
    
 
    
@@ -152,7 +152,7 @@
 
    
 
    
 
    
-
    COMMANDS
    
+
    COMMANDS
    
 
    
       A list of commands supported by rndc can
       be seen by running rndc without arguments.
@@ -609,7 +609,7 @@
 
    
 
 
    
-
    LIMITATIONS
    
+
    LIMITATIONS
    
 
    
       There is currently no way to provide the shared secret for a
       key_id without using the configuration file.
@@ -619,7 +619,7 @@
     
    
 
    
 
    
-
    SEE ALSO
    
+
    SEE ALSO
    
 
    rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -629,7 +629,7 @@
     
    
 
    
 
    
-
    AUTHOR
    
+
    AUTHOR
    
 
    Internet Systems Consortium
     
    
 
    
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index bb5416a2b0..976630aec9 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -393,6 +393,11 @@
 	  A regression caused nsupdate to use the default recursive servers
 	  rather than the SOA MNAME server when sending the UPDATE.
         
    
+
  • 
+	  Adjusted max-recursion-queries to accommodate the smaller
+	  initial packet sizes used in BIND 9.10 and higher when
+	  contacting authoritative servers for the first time.
+        
    •