mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Merge branch '876-documentation-feedback' into 'master'

Browse Source 
Minor documentation updates

Closes #876

See merge request isc-projects/bind9!2483
This commit is contained in:
Ondřej Surý
2019-10-31 10:05:49 -04:00
parent 18dff8e031 e0618174b6
commit ecdbc14035
1 changed files with 51 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
doc/arm/Bv9ARM-book.xml
View File

@@ -4790,7 +4790,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
the first time; if unsuccessful, the server will the first time; if unsuccessful, the server will
will terminate, under the assumption that another will terminate, under the assumption that another
server is already running. If not specified, the default is server is already running. If not specified, the default is
<filename>/var/run/named/named.lock</filename>. <filename>none</filename>.
</para> </para>
<para> <para>
Specifying <command>lock-file none</command> disables the Specifying <command>lock-file none</command> disables the
@@ -5441,15 +5441,21 @@ options {
<term><command>automatic-interface-scan</command></term> <term><command>automatic-interface-scan</command></term>
<listitem> <listitem>
<para> <para>
If <userinput>yes</userinput> and supported by the OS, If <userinput>yes</userinput> and supported by the operating
automatically rescan network interfaces when the interface system, automatically rescan network interfaces when the
addresses are added or removed. The default is interface addresses are added or removed. The default is
<userinput>yes</userinput>. <userinput>yes</userinput>. This configuration option does
not affect time based <command>interface-interval</command>
option, and it is recommended to set the time based
<command>interface-interval</command> to 0 when the operator
confirms that automatic interface scanning is supported by the
operating system.
</para> </para>
<para> <para>
Currently the OS needs to support routing sockets for The <command>automatic-interface-scan</command> implementation
<command>automatic-interface-scan</command> to be uses routing sockets for the network interface discovery,
supported. and therefore the operating system has to support the routing
sockets for this feature to work.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -6009,6 +6015,17 @@ options {
response to a UDP request from a cookie aware client. response to a UDP request from a cookie aware client.
BADCOOKIE is sent if there is a bad or no existent BADCOOKIE is sent if there is a bad or no existent
server cookie. server cookie.
The default is <userinput>no</userinput>.
</para>
<para>
Set this to <userinput>yes</userinput> to test that DNS
COOKIE clients correctly handle BADCOOKIE or if you are
getting a lot of forged DNS requests with DNS COOKIES
present. Setting this to <userinput>yes</userinput> will
result in reduced amplification effect in a reflection
attack, as the BADCOOKIE response will be smaller than
a full response, while also requiring a legitimate client
to follow up with a second query with the new, valid, cookie.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -6057,6 +6074,7 @@ options {
do not send a correct COOKIE option may be limited do not send a correct COOKIE option may be limited
to receiving smaller responses via the to receiving smaller responses via the
<command>nocookie-udp-size</command> option. <command>nocookie-udp-size</command> option.
The default is <userinput>yes</userinput>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -8431,10 +8449,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
minutes. The default minutes. The default
is 60 minutes. The maximum value is 28 days (40320 minutes). is 60 minutes. The maximum value is 28 days (40320 minutes).
If set to 0, interface scanning will only occur when If set to 0, interface scanning will only occur when
the configuration file is loaded. After the scan, the the configuration file is loaded, or when
server will <command>automatic-interface-scan</command> is enabled
begin listening for queries on any newly discovered and supported by the operating system. After the scan, the
interfaces (provided they are allowed by the server will begin listening for queries on any newly
discovered interfaces (provided they are allowed by the
<command>listen-on</command> configuration), and <command>listen-on</command> configuration), and
will stop listening on interfaces that have gone away. will stop listening on interfaces that have gone away.
For convenience, TTL-style time unit suffixes may be For convenience, TTL-style time unit suffixes may be
@@ -8800,6 +8819,26 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><command>resolver-nonbackoff-tries</command></term>
<listitem>
<para>
Specifies how many retries occur before exponential
backoff kicks in. The default is <userinput>3</userinput>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>resolver-retry-interval</command></term>
<listitem>
<para>
The base retry interval in milliseconds.
The default is <userinput>800</userinput>.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><command>sig-validity-interval</command></term> <term><command>sig-validity-interval</command></term>
<listitem> <listitem>