directory
- chroot to directory so that
+ Chroot to directory so that
include
directives in the configuration file are processed as if
run by a similarly chrooted named.
@@ -55,8 +55,8 @@
- Perform a check load the master zonefiles found in
- named.conf.
+ Perform a test load of all master zones found in
+ named.conf.
@@ -70,20 +70,20 @@
named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.
mode- Perform post load zone integrity checks. Possible modes are + Perform post-load zone integrity checks. Possible modes are "full" (default), "full-sibling", "local", @@ -101,7 +101,7 @@
Mode "full" checks that delegation NS records refer to A or AAAA record (both in-zone and out-of-zone - hostnames). It also checks that glue addresses records + hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode "local" only checks NS records which refer to in-zone hostnames or that some required glue exists, @@ -195,7 +195,7 @@
directory
- chroot to directory so that
+ Chroot to directory so that
include
directives in the configuration file are processed as if
run by a similarly chrooted named.
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index 6bc0f3aa61..9695534e01 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.42 2007/01/30 00:24:59 marka Exp $
+.\" $Id: dig.1,v 1.43 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
@@ -50,7 +50,7 @@ Although
\fBdig\fR
is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
\fB\-h\fR
-option is given. Unlike earlier versions, the BIND9 implementation of
+option is given. Unlike earlier versions, the BIND 9 implementation of
\fBdig\fR
allows multiple lookups to be issued from the command line.
.PP
@@ -135,7 +135,7 @@ The
option makes
\fBdig \fR
operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
\fBdig\fR
using the command\-line interface.
.PP
@@ -160,7 +160,7 @@ to only use IPv6 query transport.
The
\fB\-t\fR
option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type "A", unless the
\fB\-x\fR
option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
\fItype\fR
@@ -171,11 +171,11 @@ ixfr=N. The incremental zone transfer will contain the changes made to the zone
The
\fB\-q\fR
option sets the query name to
-\fIname\fR. This useful do distingish the
+\fIname\fR. This useful do distinguish the
\fIname\fR
from other arguments.
.PP
-Reverse lookups \- mapping addresses to names \- are simplified by the
+Reverse lookups \(em mapping addresses to names \(em are simplified by the
\fB\-x\fR
option.
\fIaddr\fR
@@ -228,7 +228,7 @@ to negate the meaning of that keyword. Other keywords assign values to options l
.PP
\fB+[no]tcp\fR
.RS 4
-Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
.RE
.PP
\fB+[no]vc\fR
@@ -354,7 +354,7 @@ Toggle the display of comment lines in the output. The default is to print comme
.PP
\fB+[no]stats\fR
.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
.RE
.PP
\fB+[no]qr\fR
@@ -391,7 +391,7 @@ Set or clear all display flags.
.RS 4
Sets the timeout for a query to
\fIT\fR
-seconds. The default time out is 5 seconds. An attempt to set
+seconds. The default timeout is 5 seconds. An attempt to set
\fIT\fR
to less than 1 will result in a query timeout of 1 second being applied.
.RE
@@ -451,7 +451,7 @@ output.
.PP
\fB+[no]fail\fR
.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
.RE
.PP
\fB+[no]besteffort\fR
@@ -487,7 +487,7 @@ Requires dig be compiled with \-DDIG_SIGCHASE.
.PP
\fB+[no]topdown\fR
.RS 4
-When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
+When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.SH "MULTIPLE QUERIES"
.PP
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index d8b9ffcae2..e0b8a0524a 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
-h option is given.
- Unlike earlier versions, the BIND9 implementation of
+ Unlike earlier versions, the BIND 9 implementation of
dig allows multiple lookups to be issued
from the
command line.
@@ -147,7 +147,7 @@
in batch mode by reading a list of lookup requests to process from the
file filename. The file contains a
number of
- queries, one per line. Each entry in the file should be organised in
+ queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
dig using the command-line interface.
@@ -170,7 +170,7 @@
The -t option sets the query type to
type. It can be any valid query type
which is
- supported in BIND9. The default query type "A", unless the
+ supported in BIND 9. The default query type "A", unless the
-x option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
@@ -181,11 +181,11 @@
The -q option sets the query name to
- name. This useful do distingish the
+ name. This useful do distinguish the
name from other arguments.
- Reverse lookups - mapping addresses to names - are simplified by the
+ Reverse lookups — mapping addresses to names — are simplified by the
-x option. addr is
an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -249,7 +249,7 @@
+[no]tcpUse [do not use] TCP when querying name servers. The default - behaviour is to use UDP unless an AXFR or IXFR query is + behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+[no]qr
Sets the timeout for a query to
- T seconds. The default time
- out is 5 seconds.
+ T seconds. The default
+ timeout is 5 seconds.
An attempt to set T to less
than 1 will result
in a query timeout of 1 second being applied.
@@ -499,7 +499,7 @@
default is
to not try the next server which is the reverse of normal stub
resolver
- behaviour.
+ behavior.
+[no]besteffort@@ -535,7 +535,7 @@
+[no]topdown- When chasing DNSSEC signature chains perform a top down + When chasing DNSSEC signature chains perform a top-down validation. Requires dig be compiled with -DDIG_SIGCHASE.
name. The
-r option enables host
to mimic
- the behaviour of a name server by making non-recursive queries and
+ the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
@@ -143,7 +143,7 @@
The -t option is used to select the query type.
- type can be any recognised query
+ type can be any recognized query
type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
host automatically selects an appropriate
@@ -174,7 +174,7 @@
The -s option tells host
not to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
- reverse of normal stub resolver behaviour.
+ reverse of normal stub resolver behavior.
The -m can be used to set the memory usage debugging
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index 5395c5e3e6..8f743ad4dd 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nslookup.1,v 1.12 2007/01/30 00:24:59 marka Exp $
+.\" $Id: nslookup.1,v 1.13 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
@@ -158,7 +158,7 @@ The class specifies the protocol group of the information.
.PP
\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
.RS 4
-Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+Turn on or off the display of the full response packet and any intermediate response packets when searching.
.sp
(Default = nodebug; abbreviation =
[no]deb)
@@ -166,7 +166,7 @@ Turn debugging mode on. A lot more information is printed about the packet sent
.PP
\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
.RS 4
-Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+Turn debugging mode on or off. This displays more about about what nslookup is doing.
.sp
(Default = nod2)
.RE
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index fc029dae86..4071768761 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
[no]debug
- Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn on or off the display of the full response packet and + any intermediate response packets when searching.
(Default = nodebug; abbreviation = [no]deb)
@@ -192,9 +191,8 @@ nslookup -query=hinfo -timeout=10
[no]d2
- Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn debugging mode on or off. This displays more about + about what nslookup is doing.
(Default = nod2)
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index e9d1b3584b..6485ea44e6 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.36 2007/01/30 00:24:59 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.37 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
@@ -37,7 +37,7 @@ dnssec\-keygen \- DNSSEC key generation tool
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
- and RFC <TBA\>. It can also generate keys for use with
+ and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
DESCRIPTION
dnssec-keygen
- creates two file, with names based
+ creates two files, with names based
on the printed string. Knnnn.+aaa+iiiii.key
contains the public key, and
Knnnn.+aaa+iiiii.private contains the
@@ -182,14 +182,14 @@
statement).
- The .private file contains algorithm
- specific
+ The .private file contains
+ algorithm-specific
fields. For obvious security reasons, this file does not have
general read permission.
Both .key and .private
- files are generated for symmetric encryption algorithm such as
+ files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
Kexample.com.+003+26160.key
and
- Kexample.com.+003+26160.private
+ Kexample.com.+003+26160.private.
.signed to
the
- input file.
+ input filename.
@@ -109,7 +109,7 @@
interval
- When a previously signed zone is passed as input, records
+ When a previously-signed zone is passed as input, records
may be resigned. The interval option
specifies the cycle interval as an offset from the current
time (in seconds). If a RRSIG record expires after the
@@ -145,8 +145,8 @@
When signing a zone with a fixed signature lifetime, all
RRSIG records issued at the time of signing expires
simultaneously. If the zone is incrementally signed, i.e.
- a previously signed zone is passed as input to the signer,
- all expired signatures has to be regenerated at about the
+ a previously-signed zone is passed as input to the signer,
+ all expired signatures have to be regenerated at about the
same time. The jitter option specifies a
jitter window that will be used to randomize the signature
expire time, thus spreading incremental signature
@@ -232,9 +232,11 @@
- The keys used to sign the zone. If no keys are specified, the - default all zone keys that have private key files in the - current directory. + Specify which keys should be used to sign the zone. If + no keys are specified, then the zone will be examined + for DNSKEY records at the zone apex. If these are found and + there are matching private keys, in the current directory, + then these will be used for signing.
The following command signs the example.com
- zone with the DSA key generated in the dnssec-keygen
- man page. The zone's keys must be in the zone. If there are
- keyset files associated with child
- zones,
- they must be in the current directory.
- example.com, the following command would be
- issued:
-
dnssec-signzone -o example.com db.example.com
- Kexample.com.+003+26160
+ zone with the DSA key generated by dnssec-keygen
+ (Kexample.com.+003+17247). The zone's keys must be in the master
+ file (db.example.com). This invocation looks
+ for keyset files, in the current directory,
+ so that DS records can be generated from them (-g).
% dnssec-signzone -g -o example.com db.example.com \ +Kexample.com.+003+17247 +db.example.com.signed +%
- The command would print a string of the form: -
-
- In this example, dnssec-signzone creates
+ In the above example, dnssec-signzone creates
the file db.example.com.signed. This
- file
- should be referenced in a zone statement in a
+ file should be referenced in a zone statement in a
named.conf file.
+ This example re-signs a previously signed zone with default parameters. + The private keys are assumed to be in the current directory. +
+% cp db.example.com.signed db.example.com +% dnssec-signzone -o example.com db.example.com +db.example.com.signed +%diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index dd957d8f30..f0c38937a4 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.25 2007/01/30 00:24:59 marka Exp $ +.\" $Id: lwresd.8,v 1.26 2007/05/09 03:33:51 marka Exp $ .\" .hy 0 .ad l @@ -122,8 +122,7 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha .PP \-t \fIdirectory\fR .RS 4 -\fBchroot()\fR -to +Chroot to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. .RS @@ -131,15 +130,14 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE .RE .PP \-u \fIuser\fR .RS 4 -\fBsetuid()\fR -to +Setuid to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. .RE diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 1c31532119..84cf53249b 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -129,7 +129,7 @@
directorychroot()
+
Chroot
to directory after
processing the command line arguments, but before
reading the configuration file.
@@ -140,14 +140,14 @@
This option should be used in conjunction with the
-u option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way chroot() is
+ systems; the way chroot(2) is
defined allows a process with root privileges to
escape a chroot jail.
usersetuid()
+
Setuid
to user after completing
privileged operations, such as creating sockets that
listen on privileged ports.
@@ -159,7 +159,7 @@
named(8), rndc(8), - BIND 9 Administrator Reference Manual. + BIND 9 Administrator Reference Manual.
diff --git a/bin/named/named.html b/bin/named/named.html index bd8781f0b8..43b204ede9 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -117,7 +117,7 @@directorychroot()
+
Chroot
to directory after
processing the command line arguments, but before
reading the configuration file.
@@ -128,7 +128,7 @@
This option should be used in conjunction with the
-u option, as chrooting a process
running as root doesn't enhance security on most
- systems; the way chroot() is
+ systems; the way chroot(2) is
defined allows a process with root privileges to
escape a chroot jail.
usersetuid()
+
Setuid
to user after completing
privileged operations, such as creating sockets that
listen on privileged ports.
@@ -146,7 +146,7 @@
On Linux, named uses the kernel's
capability mechanism to drop all root privileges
- except the ability to bind() to
+ except the ability to bind(2) to
a
privileged port and set process resource limits.
Unfortunately, this means that the -u
@@ -154,7 +154,7 @@
run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
- to be retained after setuid().
+ to be retained after setuid(2).
In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -201,7 +201,7 @@
The named configuration file is too complex to describe in detail here. A complete description is provided @@ -210,7 +210,7 @@
- The -t option sets the maximum time a update request
+ The -t option sets the maximum time an update request
can
take before it is aborted. The default is 300 seconds. Zero can be
used
@@ -142,14 +142,14 @@
The -u option sets the UDP retry interval. The default
is
- 3 seconds. If zero the interval will be computed from the timeout
+ 3 seconds. If zero, the interval will be computed from the timeout
interval
and number of UDP retries.
The -r option sets the number of UDP retries. The
default is
- 3. If zero only one update request will be made.
+ 3. If zero, only one update request will be made.
Specify the default class.
- If no class is specified the
+ If no class is specified, the
default class is
IN.
- Specifies that all updates are to be TSIG signed using the
+ Specifies that all updates are to be TSIG-signed using the
keyname keysecret pair.
The key command
overrides any key specified on the command line via
@@ -402,7 +402,7 @@
The examples below show how nsupdate @@ -428,10 +428,10 @@ Any A records for oldhost.example.com are deleted. - and an A record for + And an A record for newhost.example.com - it IP address 172.16.1.1 is added. - The newly-added record has a 1 day TTL (86400 seconds) + with IP address 172.16.1.1 is added. + The newly-added record has a 1 day TTL (86400 seconds).
# nsupdate
@@ -456,7 +456,7 @@
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 11df34b891..92e6c95832 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.38 2007/01/30 00:24:59 marka Exp $ +.\" $Id: rndc.8,v 1.39 2007/05/09 03:33:51 marka Exp $ .\" .hy 0 .ad l @@ -133,7 +133,7 @@ Several error messages could be clearer. .PP \fBrndc.conf\fR(5), \fBnamed\fR(8), -\fBnamed.conf\fR(5) +\fBnamed.conf\fR(5), \fBndc\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 0d76287e4c..4ba5e0064c 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.36 2007/01/30 00:24:59 marka Exp $ +.\" $Id: rndc.conf.5,v 1.37 2007/05/09 03:33:51 marka Exp $ .\" .hy 0 .ad l @@ -156,7 +156,7 @@ does not ship with BIND 9 but is available on many systems. See the EXAMPLE sect key testkey { algorithm hmac\-md5; secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; - } + }; .fi .RE .sp @@ -178,7 +178,7 @@ To generate a random secret with .PP A complete \fIrndc.conf\fR -file, including the randomly generated key, will be written to the standard output. Commented out +file, including the randomly generated key, will be written to the standard output. Commented\-out \fBkey\fR and \fBcontrols\fR diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index d5ca768d6a..a8c1a8bb41 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - +
@@ -153,7 +153,7 @@ key testkey { algorithm hmac-md5; secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; - } + };@@ -180,7 +180,7 @@ A complete
rndc.conf file, including
the
randomly generated key, will be written to the standard
- output. Commented out key and
+ output. Commented-out key and
controls statements for
named.conf are also printed.
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index 5d47e2ceb5..b2220330db 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -151,7 +151,7 @@
rndc.conf(5), named(8), - named.conf(5) + named.conf(5), ndc(8), BIND 9 Administrator Reference Manual.
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 20a4578b9a..5a2399a8b2 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -77,23 +77,23 @@ip4_addr | *) [port ip_port] ; ]
[ alt-transfer-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ use-alt-transfer-source yes_or_no; ]
+ [ notify-delay seconds ; ]
[ notify-source (ip4_addr | *) [port ip_port] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
[ also-notify { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] }; ]
@@ -2808,7 +2809,7 @@ options {
The forwarding facility can be used to create a large site-wide cache on a few servers, reducing traffic over links to external @@ -2852,7 +2853,7 @@ options {
Dual-stack servers are used as servers of last resort to work around @@ -3053,7 +3054,7 @@ options {
The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes @@ -3437,7 +3438,7 @@ query-source-v6 address * port *;
avoid-v4-udp-ports and avoid-v6-udp-ports specify a list of IPv4 and IPv6 UDP ports that will not be used as system @@ -3451,7 +3452,7 @@ query-source-v6 address * port *;
The server's usage of many system resources can be limited. Scaled values are allowed when specifying resource limits. For @@ -3510,7 +3511,7 @@ query-source-v6 address * port *;
The following options set limits on the server's resource consumption that are enforced internally by the @@ -3588,7 +3589,7 @@ query-source-v6 address * port *;
@@ -4052,6 +4053,11 @@ query-source-v6 address * port *; recursive-clients.
+ The delay, in seconds, between sending sets of notify + messages for a zone. The default is zero. +
trusted-keys {
string number number number string ;
[ string number number number string ; [...]]
@@ -4649,7 +4655,7 @@ query-source-v6 address * port *;
The trusted-keys statement defines
@@ -4692,7 +4698,7 @@ query-source-v6 address * port *;
The view statement is a powerful
feature
@@ -4837,6 +4843,7 @@ view "external" {
[ max-transfer-idle-out number ; ]
[ max-transfer-time-out number ; ]
[ notify yes_or_no | explicit | master-only ; ]
+ [ notify-delay seconds ; ]
[ pubkey number number number string ; ]
[ notify-source (ip4_addr | *) [port ip_port] ; ]
[ notify-source-v6 (ip6_addr | *) [port ip_port] ; ]
@@ -4947,10 +4954,10 @@ zone zone_name [