diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 048a415339..6be700c820 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4790,7 +4790,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
the first time; if unsuccessful, the server will
will terminate, under the assumption that another
server is already running. If not specified, the default is
- /var/run/named/named.lock.
+ none.
Specifying lock-file none disables the
@@ -5441,15 +5441,21 @@ options {
automatic-interface-scan
- If yes and supported by the OS,
- automatically rescan network interfaces when the interface
- addresses are added or removed. The default is
- yes.
+ If yes and supported by the operating
+ system, automatically rescan network interfaces when the
+ interface addresses are added or removed. The default is
+ yes. This configuration option does
+ not affect time based interface-interval
+ option, and it is recommended to set the time based
+ interface-interval to 0 when the operator
+ confirms that automatic interface scanning is supported by the
+ operating system.
- Currently the OS needs to support routing sockets for
- automatic-interface-scan to be
- supported.
+ The automatic-interface-scan implementation
+ uses routing sockets for the network interface discovery,
+ and therefore the operating system has to support the routing
+ sockets for this feature to work.
@@ -6009,6 +6015,17 @@ options {
response to a UDP request from a cookie aware client.
BADCOOKIE is sent if there is a bad or no existent
server cookie.
+ The default is no.
+
+
+ Set this to yes to test that DNS
+ COOKIE clients correctly handle BADCOOKIE or if you are
+ getting a lot of forged DNS requests with DNS COOKIES
+ present. Setting this to yes will
+ result in reduced amplification effect in a reflection
+ attack, as the BADCOOKIE response will be smaller than
+ a full response, while also requiring a legitimate client
+ to follow up with a second query with the new, valid, cookie.
@@ -6057,6 +6074,7 @@ options {
do not send a correct COOKIE option may be limited
to receiving smaller responses via the
nocookie-udp-size option.
+ The default is yes.
@@ -8431,10 +8449,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
minutes. The default
is 60 minutes. The maximum value is 28 days (40320 minutes).
If set to 0, interface scanning will only occur when
- the configuration file is loaded. After the scan, the
- server will
- begin listening for queries on any newly discovered
- interfaces (provided they are allowed by the
+ the configuration file is loaded, or when
+ automatic-interface-scan is enabled
+ and supported by the operating system. After the scan, the
+ server will begin listening for queries on any newly
+ discovered interfaces (provided they are allowed by the
listen-on configuration), and
will stop listening on interfaces that have gone away.
For convenience, TTL-style time unit suffixes may be
@@ -8800,6 +8819,26 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
+
+ resolver-nonbackoff-tries
+
+
+ Specifies how many retries occur before exponential
+ backoff kicks in. The default is 3.
+
+
+
+
+
+ resolver-retry-interval
+
+
+ The base retry interval in milliseconds.
+ The default is 800.
+
+
+
+
sig-validity-interval