Merge branch '876-documentation-feedback' into 'master'

Minor documentation updates Closes #876 See merge request isc-projects/bind9!2483
2025-08-30 05:57:52 +00:00 · 2019-10-31 10:05:49 -04:00 · 2019-10-31 10:05:49 -04:00 · ecdbc14035
commit ecdbc14035
parent 18dff8e031 e0618174b6
1 changed files with 51 additions and 12 deletions
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@ -4790,7 +4790,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 		the first time; if unsuccessful, the server will
 		will terminate, under the assumption that another
 		server is already running.  If not specified, the default is
-		<filename>/var/run/named/named.lock</filename>.
+		<filename>none</filename>.
 	      </para>
 	      <para>
 		Specifying <command>lock-file none</command> disables the
@ -5441,15 +5441,21 @@ options {
 	      <term><command>automatic-interface-scan</command></term>
 	      <listitem>
 		<para>
-		  If <userinput>yes</userinput> and supported by the OS,
-		  automatically rescan network interfaces when the interface
-		  addresses are added or removed.  The default is
-		  <userinput>yes</userinput>.
+		  If <userinput>yes</userinput> and supported by the operating
+		  system, automatically rescan network interfaces when the
+		  interface addresses are added or removed.  The default is
+		  <userinput>yes</userinput>.  This configuration option does
+		  not affect time based <command>interface-interval</command>
+		  option, and it is recommended to set the time based
+		  <command>interface-interval</command> to 0 when the operator
+		  confirms that automatic interface scanning is supported by the
+		  operating system.
 		</para>
 		<para>
-		  Currently the OS needs to support routing sockets for
-		  <command>automatic-interface-scan</command> to be
-		  supported.
+		  The <command>automatic-interface-scan</command> implementation
+		  uses routing sockets for the network interface discovery,
+		  and therefore the operating system has to support the routing
+		  sockets for this feature to work.
 		</para>
 	      </listitem>
 	    </varlistentry>
@ -6009,6 +6015,17 @@ options {
 		  response to a UDP request from a cookie aware client.
 		  BADCOOKIE is sent if there is a bad or no existent
 		  server cookie.
+		  The default is <userinput>no</userinput>.
+		</para>
+		<para>
+		  Set this to <userinput>yes</userinput> to test that DNS
+		  COOKIE clients correctly handle BADCOOKIE or if you are
+		  getting a lot of forged DNS requests with DNS COOKIES
+		  present. Setting this to <userinput>yes</userinput> will
+		  result in reduced amplification effect in a reflection
+		  attack, as the BADCOOKIE response will be smaller than
+		  a full response, while also requiring a legitimate client
+		  to follow up with a second query with the new, valid, cookie.
 		</para>
 	      </listitem>
 	    </varlistentry>
@ -6057,6 +6074,7 @@ options {
 		  do not send a correct COOKIE option may be limited
 		  to receiving smaller responses via the
 		  <command>nocookie-udp-size</command> option.
+		  The default is <userinput>yes</userinput>.
 		</para>
 	      </listitem>
 	    </varlistentry>
@ -8431,10 +8449,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 		  minutes. The default
 		  is 60 minutes. The maximum value is 28 days (40320 minutes).
 		  If set to 0, interface scanning will only occur when
-		  the configuration file is  loaded. After the scan, the
-		  server will
-		  begin listening for queries on any newly discovered
-		  interfaces (provided they are allowed by the
+		  the configuration file is loaded, or when
+		  <command>automatic-interface-scan</command> is enabled
+		  and supported by the operating system. After the scan, the
+		  server will begin listening for queries on any newly
+		  discovered interfaces (provided they are allowed by the
 		  <command>listen-on</command> configuration), and
 		  will stop listening on interfaces that have gone away.
 		  For convenience, TTL-style time unit suffixes may be
@ -8800,6 +8819,26 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 	      </listitem>
 	    </varlistentry>

+	    <varlistentry>
+	      <term><command>resolver-nonbackoff-tries</command></term>
+	      <listitem>
+		<para>
+		  Specifies how many retries occur before exponential
+		  backoff kicks in.  The default is <userinput>3</userinput>.
+		</para>
+	      </listitem>
+	    </varlistentry>
+
+	    <varlistentry>
+	      <term><command>resolver-retry-interval</command></term>
+	      <listitem>
+		<para>
+		  The base retry interval in milliseconds.
+		  The default is <userinput>800</userinput>.
+		</para>
+	      </listitem>
+	    </varlistentry>
+
 	    <varlistentry>
 	      <term><command>sig-validity-interval</command></term>
 	      <listitem>