upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-23 07:07:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

regen documentation

Browse source
This commit is contained in:
Mark Andrews 2003-09-30 06:13:33 +00:00
parent 93d6dfaf66
commit 3970098dcd
31 changed files with 2367 additions and 1092 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/check/named-checkconf.8
View file

@ -19,7 +19,7 @@
named-checkconf \- named configuration file syntax checking tool
.SH SYNOPSIS
.sp
\fBnamed-checkconf\fR [ \fB-v\fR ] [ \fB-t \fIdirectory\fB\fR ] \fBfilename\fR [ \fB-z\fR ]
\fBnamed-checkconf\fR [ \fB-v\fR ] [ \fB-j\fR ] [ \fB-t \fIdirectory\fB\fR ] \fBfilename\fR [ \fB-z\fR ]
.SH "DESCRIPTION"
.PP
\fBnamed-checkconf\fR checks the syntax, but not
@ -39,6 +39,9 @@ program and exit.
Perform a check load the master zonefiles found in
\fInamed.conf\fR.
.TP
\fB-j\fR
When loading a zonefile read the journal if it exists.
.TP
\fBfilename\fR
The name of the configuration file to be checked. If not
specified, it defaults to \fI/etc/named.conf\fR.

22
bin/check/named-checkconf.html
View file

@ -20,7 +20,7 @@
>named-checkconf</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -64,6 +64,9 @@ CLASS="OPTION"
>-v</TT
>] [<TT
CLASS="OPTION"
>-j</TT
>] [<TT
CLASS="OPTION"
>-t <TT
CLASS="REPLACEABLE"
><I
@ -78,7 +81,7 @@ CLASS="OPTION"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN24"
NAME="AEN26"
></A
><H2
>DESCRIPTION</H2
@ -93,7 +96,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN28"
NAME="AEN30"
></A
><H2
>OPTIONS</H2
@ -142,6 +145,13 @@ CLASS="FILENAME"
</P
></DD
><DT
>-j</DT
><DD
><P
> When loading a zonefile read the journal if it exists.
</P
></DD
><DT
>filename</DT
><DD
><P
@ -158,7 +168,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN52"
NAME="AEN58"
></A
><H2
>RETURN VALUES</H2
@ -173,7 +183,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56"
NAME="AEN62"
></A
><H2
>SEE ALSO</H2
@ -194,7 +204,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN63"
NAME="AEN69"
></A
><H2
>AUTHOR</H2

11
bin/check/named-checkzone.8
View file

@ -19,7 +19,7 @@
named-checkzone \- zone file validity checking tool
.SH SYNOPSIS
.sp
\fBnamed-checkzone\fR [ \fB-d\fR ] [ \fB-q\fR ] [ \fB-v\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-w \fIdirectory\fB\fR ] \fBzonename\fR \fBfilename\fR
\fBnamed-checkzone\fR [ \fB-d\fR ] [ \fB-j\fR ] [ \fB-q\fR ] [ \fB-v\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-n \fImode\fB\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-w \fIdirectory\fB\fR ] \fBzonename\fR \fBfilename\fR
.SH "DESCRIPTION"
.PP
\fBnamed-checkzone\fR checks the syntax and integrity of
@ -39,9 +39,18 @@ Quiet mode - exit code only.
Print the version of the \fBnamed-checkzone\fR
program and exit.
.TP
\fB-j\fR
When loading the zone file read the journal if it exists.
.TP
\fB-c \fIclass\fB\fR
Specify the class of the zone. If not specified "IN" is assumed.
.TP
\fB-n \fImode\fB\fR
Specify whether NS records should be checked to see if they
are addresses. Possible modes are \fB"fail"\fR,
\fB"warn"\fR (default) and
\fB"ignore"\fR.
.TP
\fB-t \fIdirectory\fB\fR
chroot to \fIdirectory\fR so that include
directives in the configuration file are processed as if

54
bin/check/named-checkzone.html
View file

@ -20,7 +20,7 @@
>named-checkzone</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -64,6 +64,9 @@ CLASS="OPTION"
>-d</TT
>] [<TT
CLASS="OPTION"
>-j</TT
>] [<TT
CLASS="OPTION"
>-q</TT
>] [<TT
CLASS="OPTION"
@ -78,6 +81,14 @@ CLASS="REPLACEABLE"
></TT
>] [<TT
CLASS="OPTION"
>-n <TT
CLASS="REPLACEABLE"
><I
>mode</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-t <TT
CLASS="REPLACEABLE"
><I
@ -97,7 +108,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN33"
NAME="AEN38"
></A
><H2
>DESCRIPTION</H2
@ -121,7 +132,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN39"
NAME="AEN44"
></A
><H2
>OPTIONS</H2
@ -156,6 +167,13 @@ CLASS="COMMAND"
</P
></DD
><DT
>-j</DT
><DD
><P
> When loading the zone file read the journal if it exists.
</P
></DD
><DT
>-c <TT
CLASS="REPLACEABLE"
><I
@ -168,6 +186,30 @@ CLASS="REPLACEABLE"
</P
></DD
><DT
>-n <TT
CLASS="REPLACEABLE"
><I
>mode</I
></TT
></DT
><DD
><P
> Specify whether NS records should be checked to see if they
are addresses. Possible modes are <B
CLASS="COMMAND"
>"fail"</B
>,
<B
CLASS="COMMAND"
>"warn"</B
> (default) and
<B
CLASS="COMMAND"
>"ignore"</B
>.
</P
></DD
><DT
>-t <TT
CLASS="REPLACEABLE"
><I
@ -225,7 +267,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN81"
NAME="AEN98"
></A
><H2
>RETURN VALUES</H2
@ -240,7 +282,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN85"
NAME="AEN102"
></A
><H2
>SEE ALSO</H2
@ -265,7 +307,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN93"
NAME="AEN110"
></A
><H2
>AUTHOR</H2

22
bin/dig/dig.1
View file

@ -86,7 +86,8 @@ ANY, A, MX, SIG, etc.
.PP
The \fB-b\fR option sets the source IP address of the query
to \fIaddress\fR. This must be a valid address on
one of the host's network interfaces.
one of the host's network interfaces or "0.0.0.0" or "::". An optional port
may be specified by appending "#<port>"
.PP
The default query class (IN for internet) is overridden by the
\fB-c\fR option. \fIclass\fR is any valid
@ -126,9 +127,10 @@ When this option is used, there is no need to provide the
automatically performs a lookup for a name like
11.12.13.10.in-addr.arpa and sets the query type and
class to PTR and IN respectively. By default, IPv6 addresses are
looked up using the IP6.ARPA domain and binary labels as defined in
RFC2874. To use the older RFC1886 method using the IP6.INT domain and
"nibble" labels, specify the \fB-n\fR (nibble) option.
looked up using nibble format under the IP6.ARPA domain.
To use the older RFC1886 method using the IP6.INT domain
specify the \fB-i\fR option. Bit string labels (RFC2874)
are now experimental and are not attempted.
.PP
To sign the DNS queries sent by \fBdig\fR and their
responses using transaction signatures (TSIG), specify a TSIG key file
@ -190,7 +192,7 @@ The search list is not used by default.
Deprecated, treated as a synonym for \fI+[no]search\fR
.TP
\fB+[no]aaonly\fR
This option does nothing. It is provided for compatibilty with old
This option does nothing. It is provided for compatibility with old
versions of \fBdig\fR where it set an unimplemented
resolver flag.
.TP
@ -204,7 +206,13 @@ completeness.
Set [do not set] the CD (checking disabled) bit in the query. This
requests the server to not perform DNSSEC validation of responses.
.TP
\fB+[no]recursive\fR
\fB+[no]cl\fR
Display [do not display] the CLASS when printing the record.
.TP
\fB+[no]ttlid\fR
Display [do not display] the TTL when printing the record.
.TP
\fB+[no]recurse\fR
Toggle the setting of the RD (recursion desired) bit in the query.
This bit is set by default, which means \fBdig\fR
normally sends recursive queries. Recursion is automatically disabled
@ -323,7 +331,7 @@ The default is to not display malformed answers.
.TP
\fB+[no]dnssec\fR
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
in the the OPT record in the additional section of the query.
in the OPT record in the additional section of the query.
.SH "MULTIPLE QUERIES"
.PP
The BIND 9 implementation of \fBdig \fR supports

48
bin/dig/dig.html
View file

@ -20,7 +20,7 @@
>dig</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -312,7 +312,8 @@ CLASS="PARAMETER"
>address</I
></TT
>. This must be a valid address on
one of the host's network interfaces.</P
one of the host's network interfaces or "0.0.0.0" or "::". An optional port
may be specified by appending "#&lt;port&gt;"</P
><P
>The default query class (IN for internet) is overridden by the
<TT
@ -438,12 +439,13 @@ CLASS="LITERAL"
>11.12.13.10.in-addr.arpa</TT
> and sets the query type and
class to PTR and IN respectively. By default, IPv6 addresses are
looked up using the IP6.ARPA domain and binary labels as defined in
RFC2874. To use the older RFC1886 method using the IP6.INT domain and
"nibble" labels, specify the <TT
looked up using nibble format under the IP6.ARPA domain.
To use the older RFC1886 method using the IP6.INT domain
specify the <TT
CLASS="OPTION"
>-n</TT
> (nibble) option.</P
>-i</TT
> option. Bit string labels (RFC2874)
are now experimental and are not attempted.</P
><P
>To sign the DNS queries sent by <B
CLASS="COMMAND"
@ -647,7 +649,7 @@ CLASS="OPTION"
></DT
><DD
><P
>This option does nothing. It is provided for compatibilty with old
>This option does nothing. It is provided for compatibility with old
versions of <B
CLASS="COMMAND"
>dig</B
@ -679,7 +681,25 @@ requests the server to not perform DNSSEC validation of responses.</P
><DT
><TT
CLASS="OPTION"
>+[no]recursive</TT
>+[no]cl</TT
></DT
><DD
><P
>Display [do not display] the CLASS when printing the record.</P
></DD
><DT
><TT
CLASS="OPTION"
>+[no]ttlid</TT
></DT
><DD
><P
>Display [do not display] the TTL when printing the record.</P
></DD
><DT
><TT
CLASS="OPTION"
>+[no]recurse</TT
></DT
><DD
><P
@ -1020,7 +1040,7 @@ CLASS="OPTION"
><DD
><P
>Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
in the the OPT record in the additional section of the query.</P
in the OPT record in the additional section of the query.</P
></DD
></DL
></DIV
@ -1029,7 +1049,7 @@ in the the OPT record in the additional section of the query.</P
><DIV
CLASS="REFSECT1"
><A
NAME="AEN345"
NAME="AEN355"
></A
><H2
>MULTIPLE QUERIES</H2
@ -1113,7 +1133,7 @@ CLASS="LITERAL"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN363"
NAME="AEN373"
></A
><H2
>FILES</H2
@ -1131,7 +1151,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN369"
NAME="AEN379"
></A
><H2
>SEE ALSO</H2
@ -1165,7 +1185,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN382"
NAME="AEN392"
></A
><H2
>BUGS </H2

6
bin/dnssec/dnssec-keygen.8
View file

@ -19,7 +19,7 @@
dnssec-keygen \- DNSSEC key generation tool
.SH SYNOPSIS
.sp
\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ] [ \fB-e\fR ] [ \fB-g \fIgenerator\fB\fR ] [ \fB-h\fR ] [ \fB-p \fIprotocol\fB\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstrength\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-v \fIlevel\fB\fR ] \fBname\fR
\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ] [ \fB-e\fR ] [ \fB-f \fIflag\fB\fR ] [ \fB-g \fIgenerator\fB\fR ] [ \fB-h\fR ] [ \fB-p \fIprotocol\fB\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstrength\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-v \fIlevel\fB\fR ] \fBname\fR
.SH "DESCRIPTION"
.PP
\fBdnssec-keygen\fR generates keys for DNSSEC
@ -59,6 +59,10 @@ the specified class. If not specified, class IN is used.
\fB-e\fR
If generating an RSA key, use a large exponent.
.TP
\fB-f \fIflag\fB\fR
Set the specified flag in the flag field of the key record.
The only recognized flag is KSK (Key Signing Key).
.TP
\fB-g \fIgenerator\fB\fR
If generating a Diffie Hellman key, use this generator.
Allowed values are 2 and 5. If no generator

35
bin/dnssec/dnssec-keygen.html
View file

@ -20,7 +20,7 @@
>dnssec-keygen</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -87,6 +87,14 @@ CLASS="OPTION"
>-e</TT
>] [<TT
CLASS="OPTION"
>-f <TT
CLASS="REPLACEABLE"
><I
>flag</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-g <TT
CLASS="REPLACEABLE"
><I
@ -141,7 +149,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN48"
NAME="AEN51"
></A
><H2
>DESCRIPTION</H2
@ -158,7 +166,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN52"
NAME="AEN55"
></A
><H2
>OPTIONS</H2
@ -246,6 +254,19 @@ CLASS="REPLACEABLE"
</P
></DD
><DT
>-f <TT
CLASS="REPLACEABLE"
><I
>flag</I
></TT
></DT
><DD
><P
> Set the specified flag in the flag field of the key record.
The only recognized flag is KSK (Key Signing Key).
</P
></DD
><DT
>-g <TT
CLASS="REPLACEABLE"
><I
@ -364,7 +385,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN121"
NAME="AEN129"
></A
><H2
>GENERATED KEYS</H2
@ -460,7 +481,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN148"
NAME="AEN156"
></A
><H2
>EXAMPLE</H2
@ -511,7 +532,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN161"
NAME="AEN169"
></A
><H2
>SEE ALSO</H2
@ -558,7 +579,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN177"
NAME="AEN185"
></A
><H2
>AUTHOR</H2

29
bin/dnssec/dnssec-signzone.8
View file

@ -19,11 +19,11 @@
dnssec-signzone \- DNSSEC zone signing tool
.SH SYNOPSIS
.sp
\fBdnssec-signzone\fR [ \fB-a\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-d \fIdirectory\fB\fR ] [ \fB-s \fIstart-time\fB\fR ] [ \fB-e \fIend-time\fB\fR ] [ \fB-f \fIoutput-file\fB\fR ] [ \fB-h\fR ] [ \fB-i \fIinterval\fB\fR ] [ \fB-n \fInthreads\fB\fR ] [ \fB-o \fIorigin\fB\fR ] [ \fB-p\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-t\fR ] [ \fB-v \fIlevel\fB\fR ] \fBzonefile\fR [ \fBkey\fR\fI...\fR ]
\fBdnssec-signzone\fR [ \fB-a\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-d \fIdirectory\fB\fR ] [ \fB-e \fIend-time\fB\fR ] [ \fB-f \fIoutput-file\fB\fR ] [ \fB-g\fR ] [ \fB-h\fR ] [ \fB-k \fIkey\fB\fR ] [ \fB-i \fIinterval\fB\fR ] [ \fB-n \fInthreads\fB\fR ] [ \fB-o \fIorigin\fB\fR ] [ \fB-p\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstart-time\fB\fR ] [ \fB-t\fR ] [ \fB-v \fIlevel\fB\fR ] [ \fB-z\fR ] \fBzonefile\fR [ \fBkey\fR\fI...\fR ]
.SH "DESCRIPTION"
.PP
\fBdnssec-signzone\fR signs a zone. It generates NXT
and SIG records and produces a signed version of the zone. If there
\fBdnssec-signzone\fR signs a zone. It generates NSEC
and RRSIG records and produces a signed version of the zone. If there
is a \fIsignedkey\fR file from the zone's parent,
the parent's signatures will be incorporated into the generated
signed zone file. The security status of delegations from the the
@ -38,26 +38,34 @@ Verify all generated signatures.
\fB-c \fIclass\fB\fR
Specifies the DNS class of the zone.
.TP
\fB-k \fIkey\fB\fR
Treat specified key as a key signing key ignoring any
key flags. This option may be specified multiple times.
.TP
\fB-d \fIdirectory\fB\fR
Look for \fIsignedkey\fR files in
\fBdirectory\fR as the directory
.TP
\fB-g\fR
Generate DS records for child zones from keyset files.
Existing DS records will be removed.
.TP
\fB-s \fIstart-time\fB\fR
Specify the date and time when the generated SIG records
Specify the date and time when the generated RRSIG records
become valid. This can be either an absolute or relative
time. An absolute start time is indicated by a number
in YYYYMMDDHHMMSS notation; 20000530144500 denotes
14:45:00 UTC on May 30th, 2000. A relative start time is
indicated by +N, which is N seconds from the current time.
If no \fBstart-time\fR is specified, the current
time is used.
time minus 1 hour (to allow for clock skew) is used.
.TP
\fB-e \fIend-time\fB\fR
Specify the date and time when the generated SIG records
Specify the date and time when the generated RRSIG records
expire. As with \fBstart-time\fR, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time realtive to the current time is
the start time. A time relative to the current time is
indicated with now+N. If no \fBend-time\fR is
specified, 30 days from the start time is used as a default.
.TP
@ -74,7 +82,7 @@ Prints a short summary of the options and arguments to
When a previously signed zone is passed as input, records
may be resigned. The \fBinterval\fR option
specifies the cycle interval as an offset from the current
time (in seconds). If a SIG record expires after the
time (in seconds). If a RRSIG record expires after the
cycle interval, it is retained. Otherwise, it is considered
to be expiring soon, and it will be replaced.
@ -83,7 +91,7 @@ between the signature end and start times. So if neither
\fBend-time\fR or \fBstart-time\fR
are specified, \fBdnssec-signzone\fR generates
signatures that are valid for 30 days, with a cycle
interval of 7.5 days. Therefore, if any existing SIG records
interval of 7.5 days. Therefore, if any existing RRSIG records
are due to expire in less than 7.5 days, they would be
replaced.
.TP
@ -117,6 +125,9 @@ Print statistics at completion.
\fB-v \fIlevel\fB\fR
Sets the debugging level.
.TP
\fB-z\fR
Ignore KSK flag on key when determining what to sign.
.TP
\fBzonefile\fR
The file containing the zone to be signed.
Sets the debugging level.

86
bin/dnssec/dnssec-signzone.html
View file

@ -20,7 +20,7 @@
>dnssec-signzone</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -80,14 +80,6 @@ CLASS="REPLACEABLE"
></TT
>] [<TT
CLASS="OPTION"
>-s <TT
CLASS="REPLACEABLE"
><I
>start-time</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-e <TT
CLASS="REPLACEABLE"
><I
@ -104,9 +96,20 @@ CLASS="REPLACEABLE"
></TT
>] [<TT
CLASS="OPTION"
>-g</TT
>] [<TT
CLASS="OPTION"
>-h</TT
>] [<TT
CLASS="OPTION"
>-k <TT
CLASS="REPLACEABLE"
><I
>key</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-i <TT
CLASS="REPLACEABLE"
><I
@ -142,6 +145,14 @@ CLASS="REPLACEABLE"
></TT
>] [<TT
CLASS="OPTION"
>-s <TT
CLASS="REPLACEABLE"
><I
>start-time</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-t</TT
>] [<TT
CLASS="OPTION"
@ -151,12 +162,15 @@ CLASS="REPLACEABLE"
>level</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-z</TT
>] {zonefile} [key...]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56"
NAME="AEN63"
></A
><H2
>DESCRIPTION</H2
@ -164,8 +178,8 @@ NAME="AEN56"
> <B
CLASS="COMMAND"
>dnssec-signzone</B
> signs a zone. It generates NXT
and SIG records and produces a signed version of the zone. If there
> signs a zone. It generates NSEC
and RRSIG records and produces a signed version of the zone. If there
is a <TT
CLASS="FILENAME"
>signedkey</TT
@ -183,7 +197,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN62"
NAME="AEN69"
></A
><H2
>OPTIONS</H2
@ -212,6 +226,19 @@ CLASS="REPLACEABLE"
</P
></DD
><DT
>-k <TT
CLASS="REPLACEABLE"
><I
>key</I
></TT
></DT
><DD
><P
> Treat specified key as a key signing key ignoring any
key flags. This option may be specified multiple times.
</P
></DD
><DT
>-d <TT
CLASS="REPLACEABLE"
><I
@ -231,6 +258,14 @@ CLASS="OPTION"
</P
></DD
><DT
>-g</DT
><DD
><P
> Generate DS records for child zones from keyset files.
Existing DS records will be removed.
</P
></DD
><DT
>-s <TT
CLASS="REPLACEABLE"
><I
@ -239,7 +274,7 @@ CLASS="REPLACEABLE"
></DT
><DD
><P
> Specify the date and time when the generated SIG records
> Specify the date and time when the generated RRSIG records
become valid. This can be either an absolute or relative
time. An absolute start time is indicated by a number
in YYYYMMDDHHMMSS notation; 20000530144500 denotes
@ -249,7 +284,7 @@ CLASS="REPLACEABLE"
CLASS="OPTION"
>start-time</TT
> is specified, the current
time is used.
time minus 1 hour (to allow for clock skew) is used.
</P
></DD
><DT
@ -261,14 +296,14 @@ CLASS="REPLACEABLE"
></DT
><DD
><P
> Specify the date and time when the generated SIG records
> Specify the date and time when the generated RRSIG records
expire. As with <TT
CLASS="OPTION"
>start-time</TT
>, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time realtive to the current time is
the start time. A time relative to the current time is
indicated with now+N. If no <TT
CLASS="OPTION"
>end-time</TT
@ -319,7 +354,7 @@ CLASS="OPTION"
>interval</TT
> option
specifies the cycle interval as an offset from the current
time (in seconds). If a SIG record expires after the
time (in seconds). If a RRSIG record expires after the
cycle interval, it is retained. Otherwise, it is considered
to be expiring soon, and it will be replaced.
</P
@ -338,7 +373,7 @@ CLASS="COMMAND"
>dnssec-signzone</B
> generates
signatures that are valid for 30 days, with a cycle
interval of 7.5 days. Therefore, if any existing SIG records
interval of 7.5 days. Therefore, if any existing RRSIG records
are due to expire in less than 7.5 days, they would be
replaced.
</P
@ -427,6 +462,13 @@ CLASS="REPLACEABLE"
</P
></DD
><DT
>-z</DT
><DD
><P
> Ignore KSK flag on key when determining what to sign.
</P
></DD
><DT
>zonefile</DT
><DD
><P
@ -449,7 +491,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN154"
NAME="AEN174"
></A
><H2
>EXAMPLE</H2
@ -508,7 +550,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN168"
NAME="AEN188"
></A
><H2
>SEE ALSO</H2
@ -540,7 +582,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN179"
NAME="AEN199"
></A
><H2
>AUTHOR</H2

12
bin/named/named.8
View file

@ -19,7 +19,7 @@
named \- Internet domain name server
.SH SYNOPSIS
.sp
\fBnamed\fR [ \fB-c \fIconfig-file\fB\fR ] [ \fB-d \fIdebug-level\fB\fR ] [ \fB-f\fR ] [ \fB-g\fR ] [ \fB-n \fI#cpus\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-s\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-u \fIuser\fB\fR ] [ \fB-v\fR ] [ \fB-x \fIcache-file\fB\fR ]
\fBnamed\fR [ \fB-4\fR ] [ \fB-6\fR ] [ \fB-c \fIconfig-file\fB\fR ] [ \fB-d \fIdebug-level\fB\fR ] [ \fB-f\fR ] [ \fB-g\fR ] [ \fB-n \fI#cpus\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-s\fR ] [ \fB-t \fIdirectory\fB\fR ] [ \fB-u \fIuser\fB\fR ] [ \fB-v\fR ] [ \fB-x \fIcache-file\fB\fR ]
.SH "DESCRIPTION"
.PP
\fBnamed\fR is a Domain Name System (DNS) server,
@ -32,6 +32,16 @@ read the default configuration file
data, and listen for queries.
.SH "OPTIONS"
.TP
\fB-4\fR
Use IPv4 only even if the host machine is capable of IPv6.
\fB-4\fR and \fB-6\fR are mutually
exclusive.
.TP
\fB-6\fR
Use IPv6 only even if the host machine is capable of IPv4.
\fB-4\fR and \fB-6\fR are mutually
exclusive.
.TP
\fB-c \fIconfig-file\fB\fR
Use \fIconfig-file\fR as the
configuration file instead of the default,

52
bin/named/named.html
View file

@ -20,7 +20,7 @@
>named</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -61,6 +61,12 @@ CLASS="COMMAND"
>named</B
> [<TT
CLASS="OPTION"
>-4</TT
>] [<TT
CLASS="OPTION"
>-6</TT
>] [<TT
CLASS="OPTION"
>-c <TT
CLASS="REPLACEABLE"
><I
@ -132,7 +138,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN45"
NAME="AEN49"
></A
><H2
>DESCRIPTION</H2
@ -160,7 +166,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN52"
NAME="AEN56"
></A
><H2
>OPTIONS</H2
@ -170,6 +176,36 @@ NAME="AEN52"
CLASS="VARIABLELIST"
><DL
><DT
>-4</DT
><DD
><P
> Use IPv4 only even if the host machine is capable of IPv6.
<TT
CLASS="OPTION"
>-4</TT
> and <TT
CLASS="OPTION"
>-6</TT
> are mutually
exclusive.
</P
></DD
><DT
>-6</DT
><DD
><P
> Use IPv6 only even if the host machine is capable of IPv4.
<TT
CLASS="OPTION"
>-4</TT
> and <TT
CLASS="OPTION"
>-6</TT
> are mutually
exclusive.
</P
></DD
><DT
>-c <TT
CLASS="REPLACEABLE"
><I
@ -482,7 +518,7 @@ ALIGN="LEFT"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN137"
NAME="AEN153"
></A
><H2
>SIGNALS</H2
@ -522,7 +558,7 @@ CLASS="VARIABLELIST"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN151"
NAME="AEN167"
></A
><H2
>CONFIGURATION</H2
@ -542,7 +578,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN156"
NAME="AEN172"
></A
><H2
>FILES</H2
@ -577,7 +613,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN169"
NAME="AEN185"
></A
><H2
>SEE ALSO</H2
@ -617,7 +653,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN182"
NAME="AEN198"
></A
><H2
>AUTHOR</H2

20
bin/nsupdate/nsupdate.8
View file

@ -19,7 +19,7 @@
nsupdate \- Dynamic DNS update utility
.SH SYNOPSIS
.sp
\fBnsupdate\fR [ \fB-d\fR ] [ \fB [ -y \fIkeyname:secret\fB ] [ -k \fIkeyfile\fB ] \fR ] [ \fB-v\fR ] [ \fBfilename\fR ]
\fBnsupdate\fR [ \fB-d\fR ] [ \fB [ -y \fIkeyname:secret\fB ] [ -k \fIkeyfile\fB ] \fR ] [ \fB-t \fItimeout\fB\fR ] [ \fB-u \fIudptimeout\fB\fR ] [ \fB-r \fIudpretries\fB\fR ] [ \fB-v\fR ] [ \fBfilename\fR ]
.SH "DESCRIPTION"
.PP
\fBnsupdate\fR
@ -118,13 +118,25 @@ specified is not an HMAC-MD5 key.
.PP
By default
\fBnsupdate\fR
uses UDP to send update requests to the name server.
uses UDP to send update requests to the name server unless they are too
large to fit in a UDP request in which case TCP will be used.
The
\fB-v\fR
option makes
\fBnsupdate\fR
use a TCP connection.
This may be preferable when a batch of update requests is made.
.PP
The \fB-t\fR option sets the maximum time a update request can
take before it is aborted. The default is 300 seconds. Zero can be used
to disable the timeout.
.PP
The \fB-u\fR option sets the UDP retry interval. The default is
3 seconds. If zero the interval will be computed from the timeout interval
and number of UDP retries.
.PP
The \fB-r\fR option sets the number of UDP retries. The default is
3. If zero only one update request will be made.
.SH "INPUT FORMAT"
.PP
\fBnsupdate\fR
@ -170,7 +182,7 @@ Sends all dynamic update requests using the local
\fIaddress\fR.
When no local statement is provided,
\fBnsupdate\fR
will send updates using an address and port choosen by the system.
will send updates using an address and port chosen by the system.
\fIport\fR
can additionally be used to make requests come from a specific port.
If no port number is specified, the system will assign one.
@ -316,7 +328,7 @@ This ensures that when the CNAME is added, it cannot conflict with the
long-standing rule in RFC1034 that a name must not exist as any other
record type if it exists as a CNAME.
(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
SIG, KEY and NXT records.)
RRSIG, DNSKEY and NSEC records.)
.SH "FILES"
.TP
\fB/etc/resolv.conf\fR

65
bin/nsupdate/nsupdate.html
View file

@ -20,7 +20,7 @@
>nsupdate</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -74,13 +74,37 @@ CLASS="REPLACEABLE"
></TT
>] [<TT
CLASS="OPTION"
>-t <TT
CLASS="REPLACEABLE"
><I
>timeout</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-u <TT
CLASS="REPLACEABLE"
><I
>udptimeout</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-r <TT
CLASS="REPLACEABLE"
><I
>udpretries</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-v</TT
>] [filename]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN26"
NAME="AEN35"
></A
><H2
>DESCRIPTION</H2
@ -273,7 +297,8 @@ specified is not an HMAC-MD5 key.</P
CLASS="COMMAND"
>nsupdate</B
>
uses UDP to send update requests to the name server.
uses UDP to send update requests to the name server unless they are too
large to fit in a UDP request in which case TCP will be used.
The
<TT
CLASS="OPTION"
@ -286,11 +311,31 @@ CLASS="COMMAND"
>
use a TCP connection.
This may be preferable when a batch of update requests is made.</P
><P
>The <TT
CLASS="OPTION"
>-t</TT
> option sets the maximum time a update request can
take before it is aborted. The default is 300 seconds. Zero can be used
to disable the timeout.</P
><P
>The <TT
CLASS="OPTION"
>-u</TT
> option sets the UDP retry interval. The default is
3 seconds. If zero the interval will be computed from the timeout interval
and number of UDP retries.</P
><P
>The <TT
CLASS="OPTION"
>-r</TT
> option sets the number of UDP retries. The default is
3. If zero only one update request will be made.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN67"
NAME="AEN82"
></A
><H2
>INPUT FORMAT</H2
@ -396,7 +441,7 @@ When no local statement is provided,
CLASS="COMMAND"
>nsupdate</B
>
will send updates using an address and port choosen by the system.
will send updates using an address and port chosen by the system.
<TT
CLASS="PARAMETER"
><I
@ -761,7 +806,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN225"
NAME="AEN240"
></A
><H2
>EXAMPLES</H2
@ -827,12 +872,12 @@ This ensures that when the CNAME is added, it cannot conflict with the
long-standing rule in RFC1034 that a name must not exist as any other
record type if it exists as a CNAME.
(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
SIG, KEY and NXT records.)</P
RRSIG, DNSKEY and NSEC records.)</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN238"
NAME="AEN253"
></A
><H2
>FILES</H2
@ -888,7 +933,7 @@ CLASS="REFENTRYTITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN262"
NAME="AEN277"
></A
><H2
>SEE ALSO</H2
@ -960,7 +1005,7 @@ CLASS="REFENTRYTITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN285"
NAME="AEN300"
></A
><H2
>BUGS</H2

7
bin/rndc/rndc-confgen.8
View file

@ -1,4 +1,5 @@
.\" Copyright (C) 2001 Internet Software Consortium.
.\"
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -13,8 +14,6 @@
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: rndc-confgen.8,v 1.5 2002/02/20 03:33:40 marka Exp $
.TH "RNDC-CONFGEN" "8" "Aug 27, 2001" "BIND9" ""
.SH NAME
rndc-confgen \- rndc key generation tool
@ -89,7 +88,7 @@ The default is 953.
.TP
\fB-r \fIrandomfile\fB\fR
Specifies a source of random data for generating the
authoriazation. If the operating
authorization. If the operating
system does not provide a \fI/dev/random\fR
or equivalent device, the default source of randomness
is keyboard input. \fIrandomdev\fR specifies

13
bin/rndc/rndc-confgen.html
View file

@ -1,10 +1,10 @@
<!--
- Copyright (C) 2001 Internet Software Consortium.
-
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
@ -14,16 +14,13 @@
- NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc-confgen.html,v 1.5 2002/02/20 03:33:42 marka Exp $ -->
<HTML
><HEAD
><TITLE
>rndc-confgen</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -379,7 +376,7 @@ CLASS="REPLACEABLE"
><DD
><P
> Specifies a source of random data for generating the
authoriazation. If the operating
authorization. If the operating
system does not provide a <TT
CLASS="FILENAME"
>/dev/random</TT

266
doc/arm/Bv9ARM.ch01.html
View file

@ -4,7 +4,7 @@
>Introduction </TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch02.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -150,9 +153,12 @@ NAME="AEN20"
>1.2. Organization of This Document</A
></H1
><P
>In this document, <I
>In this document, <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 1</I
></SPAN
> introduces
the basic <SPAN
CLASS="acronym"
@ -160,62 +166,92 @@ CLASS="acronym"
> and <SPAN
CLASS="acronym"
>BIND</SPAN
> concepts. <I
> concepts. <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 2</I
></SPAN
>
describes resource requirements for running <SPAN
CLASS="acronym"
>BIND</SPAN
> in various
environments. Information in <I
environments. Information in <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 3</I
></SPAN
> is
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>task-oriented</I
></SPAN
> in its presentation and is
organized functionally, to aid in the process of installing the
<SPAN
CLASS="acronym"
>BIND</SPAN
> 9 software. The task-oriented section is followed by
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 4</I
></SPAN
>, which contains more advanced
concepts that the system administrator may need for implementing
certain options. <I
certain options. <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 5</I
></SPAN
>
describes the <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 lightweight
resolver. The contents of <I
resolver. The contents of <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 6</I
></SPAN
> are
organized as in a reference manual to aid in the ongoing
maintenance of the software. <I
maintenance of the software. <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 7
</I
></SPAN
>addresses security considerations, and
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Section 8</I
></SPAN
> contains troubleshooting help. The
main body of the document is followed by several
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Appendices</I
></SPAN
> which contain useful reference
information, such as a <I
information, such as a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Bibliography</I
></SPAN
> and
historic information related to <SPAN
CLASS="acronym"
@ -252,10 +288,13 @@ WIDTH="288"
ALIGN="LEFT"
VALIGN="MIDDLE"
>&#13;<P
><SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>To
describe:</I
></SPAN
></P
></TD
><TD
@ -263,9 +302,12 @@ WIDTH="252"
ALIGN="LEFT"
VALIGN="MIDDLE"
>&#13;<P
><SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>We use the style:</I
></SPAN
></P
></TD
></TR
@ -358,10 +400,13 @@ WIDTH="288"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
><SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>To
describe:</I
></SPAN
></P
></TD
><TD
@ -369,9 +414,12 @@ WIDTH="252"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
><SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>We use the style:</I
></SPAN
></P
></TD
></TR
@ -480,13 +528,19 @@ addresses and vice versa, mail routing information, and other data
used by Internet applications.</P
><P
>Clients look up information in the DNS by calling a
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>resolver</I
></SPAN
> library, which sends queries to one or
more <I
more <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>name servers</I
></SPAN
> and interprets the responses.
The <SPAN
CLASS="acronym"
@ -514,29 +568,41 @@ NAME="AEN122"
>1.4.2. Domains and Domain Names</A
></H2
><P
>The data stored in the DNS is identified by <I
>The data stored in the DNS is identified by <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>domain
names</I
></SPAN
> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
called a <I
called a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>domain</I
></SPAN
>, is given a label. The domain name of the
node is the concatenation of all the labels on the path from the
node to the <I
node to the <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>root</I
></SPAN
> node. This is represented
in written form as a string of labels listed from right to left and
separated by dots. A label need only be unique within its parent
domain.</P
><P
>For example, a domain name for a host at the
company <I
company <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Example, Inc.</I
></SPAN
> could be
<TT
CLASS="literal"
@ -566,26 +632,38 @@ CLASS="literal"
name of the host.</P
><P
>For administrative purposes, the name space is partitioned into
areas called <I
areas called <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>zones</I
></SPAN
>, each starting at a node and
extending down to the leaf nodes or to nodes where other zones start.
The data for each zone is stored in a <I
The data for each zone is stored in a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>name
server</I
></SPAN
>, which answers queries about the zone using the
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>DNS protocol</I
></SPAN
>.
</P
><P
>The data associated with each domain name is stored in the
form of <I
form of <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>resource records</I
></SPAN
> (<SPAN
CLASS="acronym"
>RR</SPAN
@ -613,13 +691,19 @@ NAME="AEN146"
></H2
><P
>To properly operate a name server, it is important to understand
the difference between a <I
the difference between a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>zone</I
></SPAN
>
and a <I
and a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>domain</I
></SPAN
>.</P
><P
>As we stated previously, a zone is a point of delegation in
@ -632,9 +716,12 @@ tree for which a name server has complete information and over which
it has authority. It contains all domain names from a certain point
downward in the domain tree except those which are delegated to
other zones. A delegation point is marked by one or more
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>NS records</I
></SPAN
> in the
parent zone, which should be matched by equivalent NS records at
the root of the delegated zone.</P
@ -670,17 +757,26 @@ name servers. Every name in the <SPAN
CLASS="acronym"
>DNS</SPAN
> tree is a
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>domain</I
></SPAN
>, even if it is
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>terminal</I
></SPAN
>, that is, has no
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>subdomains</I
></SPAN
>. Every subdomain is a domain and
every domain except the root is also a subdomain. The terminology is
not intuitive and we suggest that you read RFCs 1033, 1034 and 1035 to
@ -697,9 +793,12 @@ CLASS="filename"
>named.conf</TT
> file specify
zones, not domains. When you ask some other site if it is willing to
be a slave server for your <I
be a slave server for your <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>domain</I
></SPAN
>, you are
actually asking for slave service for some collection of zones.</P
></DIV
@ -713,9 +812,12 @@ NAME="AEN169"
></H2
><P
>Each zone is served by at least
one <I
one <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>authoritative name server</I
></SPAN
>,
which contains the complete data for the zone.
To make the DNS tolerant of server and network failures,
@ -742,22 +844,34 @@ NAME="AEN176"
></H3
><P
>&#13;The authoritative server where the master copy of the zone data is maintained is
called the <I
called the <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>primary master</I
></SPAN
> server, or simply the
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>primary</I
></SPAN
>. It loads the zone contents from some
local file edited by humans or perhaps generated mechanically from
some other local file which is edited by humans. This file is called
the <I
the <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>zone file</I
> or <I
></SPAN
> or <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>master file</I
></SPAN
>.</P
></DIV
><DIV
@ -769,18 +883,27 @@ NAME="AEN183"
>1.4.4.2. Slave Servers</A
></H3
><P
>The other authoritative servers, the <I
>The other authoritative servers, the <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>slave</I
></SPAN
>
servers (also known as <I
servers (also known as <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>secondary</I
></SPAN
> servers) load
the zone contents from another server using a replication process
known as a <I
known as a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>zone transfer</I
></SPAN
>. Typically the data are
transferred directly from the primary master, but it is also possible
to transfer it from another slave. In other words, a slave server
@ -797,26 +920,38 @@ NAME="AEN189"
><P
>Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
a <I
a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>delegation</I
></SPAN
> of the zone from the parent.
The authoritative servers are also listed in the zone file itself,
at the <I
at the <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>top level</I
> or <I
></SPAN
> or <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>apex</I
></SPAN
>
of the zone. You can list servers in the zone's top-level NS
records that are not in the parent's NS delegation, but you cannot
list servers in the parent's delegation that are not present at
the zone's top level.</P
><P
>A <I
>A <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>stealth server</I
></SPAN
> is a server that is
authoritative for a zone but is not listed in that zone's NS
records. Stealth servers can be used for keeping a local copy of a
@ -841,32 +976,47 @@ NAME="AEN198"
></H2
><P
>The resolver libraries provided by most operating systems are
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>stub resolvers</I
></SPAN
>, meaning that they are not capable of
performing the full DNS resolution process by themselves by talking
directly to the authoritative servers. Instead, they rely on a local
name server to perform the resolution on their behalf. Such a server
is called a <I
is called a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>recursive</I
></SPAN
> name server; it performs
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>recursive lookups</I
></SPAN
> for local clients.</P
><P
>To improve performance, recursive servers cache the results of
the lookups they perform. Since the processes of recursion and
caching are intimately connected, the terms
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>recursive server</I
></SPAN
> and
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>caching server</I
></SPAN
> are often used synonymously.</P
><P
>The length of time for which a record may be retained in
@ -884,14 +1034,20 @@ NAME="AEN208"
><P
>Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>forward</I
></SPAN
> some or all of the queries
that it cannot satisfy from its cache to another caching name server,
commonly referred to as a <I
commonly referred to as a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>forwarder</I
></SPAN
>.
</P
><P
@ -936,17 +1092,23 @@ and caching/recursive name service are logically separate, it is
often advantageous to run them on separate server machines.
A server that only provides authoritative name service
(an <I
(an <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>authoritative-only</I
></SPAN
> server) can run with
recursion disabled, improving reliability and security.
A server that is not authoritative for any zones and only provides
recursive service to local
clients (a <I
clients (a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>caching-only</I
></SPAN
> server)
does not need to be reachable from the Internet at large and can
be placed inside a firewall.</P
@ -958,6 +1120,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -969,6 +1132,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -977,6 +1141,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -985,6 +1150,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch02.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

9
doc/arm/Bv9ARM.ch02.html
View file

@ -4,7 +4,7 @@
>BIND Resource Requirements</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch01.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch03.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -223,6 +226,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -234,6 +238,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch01.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -242,6 +247,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -250,6 +256,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch03.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

26
doc/arm/Bv9ARM.ch03.html
View file

@ -4,7 +4,7 @@
>Name Server Configuration</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch02.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch04.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -1053,7 +1056,7 @@ CLASS="userinput"
><DD
><P
>Toggle query logging. Query logging can also be enabled
by explictly directing the <B
by explicitly directing the <B
CLASS="command"
>queries</B
>
@ -1171,7 +1174,16 @@ CLASS="userinput"
></DT
><DD
><P
>Display status of the server.</P
>Display status of the server.
Note the number of zones includes the internal <B
CLASS="command"
>bind/CH</B
> zone
and the default <B
CLASS="command"
>./IN</B
> hint zone if there is not a
explicit root zone configured.</P
></DD
></DL
></DIV
@ -1494,7 +1506,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN675"
NAME="AEN677"
>3.3.2. Signals</A
></H2
><P
@ -1507,7 +1519,7 @@ CLASS="command"
><DIV
CLASS="informaltable"
><A
NAME="AEN679"
NAME="AEN681"
></A
><P
></P
@ -1591,6 +1603,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -1602,6 +1615,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch02.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -1610,6 +1624,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -1618,6 +1633,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch04.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

435
doc/arm/Bv9ARM.ch04.html
View file

@ -4,7 +4,7 @@
>Advanced DNS Features</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch03.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch05.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -93,7 +96,7 @@ HREF="Bv9ARM.ch04.html#incremental_zone_transfers"
></DT
><DT
>4.4. <A
HREF="Bv9ARM.ch04.html#AEN753"
HREF="Bv9ARM.ch04.html#AEN755"
>Split DNS</A
></DT
><DT
@ -103,12 +106,12 @@ HREF="Bv9ARM.ch04.html#tsig"
></DT
><DT
>4.6. <A
HREF="Bv9ARM.ch04.html#AEN913"
HREF="Bv9ARM.ch04.html#AEN915"
>TKEY</A
></DT
><DT
>4.7. <A
HREF="Bv9ARM.ch04.html#AEN928"
HREF="Bv9ARM.ch04.html#AEN930"
>SIG(0)</A
></DT
><DT
@ -118,7 +121,7 @@ HREF="Bv9ARM.ch04.html#DNSSEC"
></DT
><DT
>4.9. <A
HREF="Bv9ARM.ch04.html#AEN1015"
HREF="Bv9ARM.ch04.html#AEN1017"
>IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
@ -161,7 +164,7 @@ CLASS="command"
>notify</B
> option in <A
HREF="Bv9ARM.ch06.html#boolean_options"
>Section 6.2.14.1</A
>Section 6.2.16.1</A
> and
the description of the zone option <B
CLASS="command"
@ -169,7 +172,7 @@ CLASS="command"
> in
<A
HREF="Bv9ARM.ch06.html#zone_transfers"
>Section 6.2.14.6</A
>Section 6.2.16.7</A
>. The <B
CLASS="command"
>NOTIFY</B
@ -341,15 +344,18 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN753"
NAME="AEN755"
>4.4. Split DNS</A
></H1
><P
>Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a <I
internal and external resolvers is usually referred to as a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Split
DNS</I
></SPAN
> setup. There are several reasons an organization
would want to set up its DNS this way.</P
><P
@ -368,9 +374,12 @@ back in to the internal network.</P
><P
>Here is an example of a split DNS setup:</P
><P
>Let's say a company named <I
>Let's say a company named <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Example, Inc.</I
></SPAN
>
(<TT
CLASS="literal"
@ -380,9 +389,12 @@ has several corporate sites that have an internal network with reserved
Internet Protocol (IP) space and an external demilitarized zone (DMZ),
or "outside" section of a network, that is available to the public.</P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Example, Inc.</I
></SPAN
> wants its internal clients
to be able to resolve external hostnames and to exchange mail with
people on the outside. The company also wants its internal resolvers
@ -416,9 +428,12 @@ CLASS="filename"
>, <TT
CLASS="filename"
>site2.example.com</TT
>,<I
>,<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
> </I
></SPAN
><TT
CLASS="filename"
>site1.internal</TT
@ -496,16 +511,22 @@ servers, and queries for external hostnames will be forwarded back
out to the DNS servers on the bastion hosts.</P
><P
>In order for all this to work properly, internal clients will
need to be configured to query <I
need to be configured to query <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>only</I
></SPAN
> the internal
name servers for DNS queries. This could also be enforced via selective
filtering on the network.</P
><P
>If everything has been set properly, <I
>If everything has been set properly, <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Example, Inc.</I
></SPAN
>'s
internal clients will now be able to:</P
><P
@ -741,16 +762,22 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN844"
NAME="AEN846"
>4.5.1. Generate Shared Keys for Each Pair of Hosts</A
></H2
><P
>A shared secret is generated to be shared between <I
>A shared secret is generated to be shared between <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
> and <I
></SPAN
> and <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host2</I
></SPAN
>.
An arbitrary key name is chosen: "host1-host2.". The key name must
be the same on both hosts.</P
@ -759,7 +786,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN849"
NAME="AEN851"
>4.5.1.1. Automatic Generation</A
></H3
><P
@ -801,7 +828,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN860"
NAME="AEN862"
>4.5.1.2. Manual Generation</A
></H3
><P
@ -822,7 +849,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN865"
NAME="AEN867"
>4.5.2. Copying the Shared Secret to Both Machines</A
></H2
><P
@ -834,16 +861,22 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN868"
NAME="AEN870"
>4.5.3. Informing the Servers of the Key's Existence</A
></H2
><P
>Imagine <I
>Imagine <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
> and <I
></SPAN
> and <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host 2</I
></SPAN
> are
both servers. The following is added to each server's <TT
CLASS="filename"
@ -882,7 +915,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN880"
NAME="AEN882"
>4.5.4. Instructing the Server to Use the Key</A
></H2
><P
@ -891,12 +924,18 @@ be told when keys are to be used. The following is added to the <TT
CLASS="filename"
>named.conf</TT
> file
for <I
for <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
>, if the IP address of <I
></SPAN
>, if the IP address of <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host2</I
></SPAN
> is
10.1.2.3:</P
><PRE
@ -910,31 +949,49 @@ CLASS="programlisting"
This directive does not contain any secrets, so it may be in a world-readable
file.</P
><P
>If <I
>If <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
></SPAN
> sends a message that is a request
to that address, the message will be signed with the specified key. <I
to that address, the message will be signed with the specified key. <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
></SPAN
> will
expect any responses to signed messages to be signed with the same
key.</P
><P
>A similar statement must be present in <I
>A similar statement must be present in <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host2</I
></SPAN
>'s
configuration file (with <I
configuration file (with <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
>'s address) for <I
></SPAN
>'s address) for <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host2</I
></SPAN
> to
sign request messages to <I
sign request messages to <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>host1</I
></SPAN
>.</P
></DIV
><DIV
@ -942,7 +999,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN896"
NAME="AEN898"
>4.5.5. TSIG Key Based Access Control</A
></H2
><P
@ -980,7 +1037,7 @@ CLASS="command"
>update-policy</B
> statement in <A
HREF="Bv9ARM.ch06.html#dynamic_update_policies"
>Section 6.2.22.4</A
>Section 6.2.24.4</A
>.</P
></DIV
><DIV
@ -988,7 +1045,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN909"
NAME="AEN911"
>4.5.6. Errors</A
></H2
><P
@ -1017,7 +1074,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN913"
NAME="AEN915"
>4.6. TKEY</A
></H1
><P
@ -1084,7 +1141,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN928"
NAME="AEN930"
>4.7. SIG(0)</A
></H1
><P
@ -1123,9 +1180,12 @@ NAME="DNSSEC"
></H1
><P
>Cryptographic authentication of DNS information is possible
through the DNS Security (<I
through the DNS Security (<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>DNSSEC</I
></SPAN
>) extensions,
defined in RFC 2535. This section describes the creation and use
of DNSSEC signed zones.</P
@ -1163,7 +1223,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN947"
NAME="AEN949"
>4.8.1. Generating Keys</A
></H2
><P
@ -1243,7 +1303,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN967"
NAME="AEN969"
>4.8.2. Creating a Keyset</A
></H2
><P
@ -1296,7 +1356,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN979"
NAME="AEN981"
>4.8.3. Signing the Child's Keyset</A
></H2
><P
@ -1346,7 +1406,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN992"
NAME="AEN994"
>4.8.4. Signing the Zone</A
></H2
><P
@ -1408,7 +1468,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1008"
NAME="AEN1010"
>4.8.5. Configuring Servers</A
></H2
><P
@ -1436,7 +1496,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN1015"
NAME="AEN1017"
>4.9. IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
@ -1454,44 +1514,57 @@ CLASS="acronym"
>For forward lookups, <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 supports both A6 and AAAA
records. The use of AAAA records is deprecated, but it is still
useful for hosts to have both AAAA and A6 records to maintain
backward compatibility with installations where AAAA records are
still used. In fact, the stub resolvers currently shipped with
most operating system support only AAAA lookups, because following
A6 chains is much harder than doing A or AAAA lookups.</P
> 9 supports only AAAA
records. The use of A6 records is deprecated by RFC 3363, and the
support for forward lookups in <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 is
removed accordingly.
However, authoritative <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 name servers still
load zone files containing A6 records correctly, answer queries
for A6 records, and accept zone transfer for a zone containing A6
records.</P
><P
>For IPv6 reverse lookups, <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 supports the new
"binary label" (also known as "bitstring")
format used in the <I
> 9 supports
the traditional "nibble" format used in the
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>ip6.arpa</I
>
domain, as well as the older, deprecated "nibble" format used in
the <I
></SPAN
> domain, as well as the older, deprecated
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>ip6.int</I
> domain.</P
><P
><SPAN
></SPAN
> domain.
<SPAN
CLASS="acronym"
>BIND</SPAN
> 9 includes a new lightweight resolver library and
resolver daemon which new applications may choose to use to avoid
the complexities of A6 chain following and binary labels, see <A
HREF="Bv9ARM.ch05.html"
>Chapter 5</A
>. Alternatively, applications can link with a stub
resolver that supports A and AAAA records only and rely on the server to
synthesize AAAA recorsd from A6 chains (<A
HREF="Bv9ARM.ch06.html#synthesis"
>Section 6.2.14.13</A
>).
</P
> 9 formerly
supported the "binary label" (also known as "bitstring") format.
The support of binary labels, however, is now completely removed
according to the changes in RFC 3363.
Any applications in <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 do not understand
the format any more, and will return an error if given.
In particular, an authoritative <SPAN
CLASS="acronym"
>BIND</SPAN
> 9 name
server rejects to load a zone file containing binary labels.</P
><P
>For an overview of the format and structure of IPv6 addresses,
see <A
@ -1503,7 +1576,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1032"
NAME="AEN1035"
>4.9.1. Address Lookups Using AAAA Records</A
></H2
><P
@ -1513,244 +1586,44 @@ NAME="AEN1032"
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example.com.
host 3600 IN AAAA 3ffe:8050:201:1860:42::1
</PRE
><P
>While their use is deprecated, they are useful to support
older IPv6 applications. They should not be added where they
are not absolutely necessary.</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1037"
>4.9.2. Address Lookups Using A6 Records</A
></H2
><P
>The A6 record is more flexible than the AAAA record, and
is therefore more complicated. The A6 record can be used to
form a chain of A6 records, each specifying part of the IPv6
address. It can also be used to specify the entire record as
well. For example, this record supplies the same data as the
AAAA record in the previous example:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example.com.
host 3600 IN A6 0 3ffe:8050:201:1860:42::1
</PRE
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1041"
>4.9.2.1. A6 Chains</A
></H3
><P
>A6 records are designed to allow network
renumbering. This works when an A6 record only specifies the
part of the address space the domain owner controls. For
example, a host may be at a company named "company." It has
two ISPs which provide IPv6 address space for it. These two
ISPs fully specify the IPv6 prefix they supply.</P
><P
>In the company's address space:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example.com.
host 3600 IN A6 64 0:0:0:0:42::1 company.example1.net.
host 3600 IN A6 64 0:0:0:0:42::1 company.example2.net.
</PRE
><P
>ISP1 will use:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example1.net.
company 3600 IN A6 0 3ffe:8050:201:1860::
</PRE
><P
>ISP2 will use:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example2.net.
company 3600 IN A6 0 1234:5678:90ab:fffa::
</PRE
><P
>When <TT
CLASS="literal"
>host.example.com</TT
> is looked up,
the resolver (in the resolver daemon or caching name server)
will find two partial A6 records, and will use the additional
name to find the remainder of the data.</P
></DIV
><DIV
CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1052"
>4.9.2.2. A6 Records for DNS Servers</A
></H3
><P
>When an A6 record specifies the address of a name
server, it should use the full address rather than specifying
a partial address. For example:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example.com.
@ 14400 IN NS ns0
14400 IN NS ns1
ns0 14400 IN A6 0 3ffe:8050:201:1860:42::1
ns1 14400 IN A 192.168.42.1
host 3600 IN AAAA 2001:4f8:201:1860:42::1
</PRE
><P
>It is recommended that IPv4-in-IPv6 mapped addresses not
be used. If a host has an IPv4 address, use an A record, not
an A6, with <TT
a AAAA, with <TT
CLASS="literal"
>::ffff:192.168.42.1</TT
> as the
address.</P
></DIV
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1058"
>4.9.3. Address to Name Lookups Using Nibble Format</A
NAME="AEN1041"
>4.9.2. Address to Name Lookups Using Nibble Format</A
></H2
><P
>While the use of nibble format to look up names is
deprecated, it is supported for backwards compatibility with
existing IPv6 applications.</P
><P
>When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
<TT
CLASS="literal"
>ip6.int.</TT
>ip6.arpa.</TT
> is appended to the resulting name.
For example, the following would provide reverse name lookup for
a host with address
<TT
CLASS="literal"
>3ffe:8050:201:1860:42::1</TT
>2001:4f8:201:1860:42::1</TT
>.</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN 0.6.8.1.1.0.2.0.0.5.0.8.e.f.f.3.ip6.int.
>&#13;$ORIGIN 0.6.8.1.1.0.2.0.8.f.4.0.1.0.0.2.ip6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.2.4.0.0 14400 IN PTR host.example.com.
</PRE
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1065"
>4.9.4. Address to Name Lookups Using Binary Label Format</A
></H2
><P
>Binary labels can start and end on any bit boundary,
rather than on a multiple of 4 bits as in the nibble
format. They also use <I
CLASS="emphasis"
>ip6.arpa</I
> rather than
<I
CLASS="emphasis"
>ip6.int</I
>.</P
><P
>To replicate the previous example using binary labels:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN \[x3ffe805002011860/64].ip6.arpa.
\[x0042000000000001/64] 14400 IN PTR host.example.com.
</PRE
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1072"
>4.9.5. Using DNAME for Delegation of IPv6 Reverse Addresses</A
></H2
><P
>In IPv6, the same host may have many addresses from many
network providers. Since the trailing portion of the address
usually remains constant, <B
CLASS="command"
>DNAME</B
> can help
reduce the number of zone files used for reverse mapping that
need to be maintained.</P
><P
>For example, consider a host which has two providers
(<TT
CLASS="literal"
>example.net</TT
> and
<TT
CLASS="literal"
>example2.net</TT
>) and
therefore two IPv6 addresses. Since the host chooses its own 64
bit host address portion, the provider address is the only part
that changes:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN example.com.
host IN A6 64 ::1234:5678:1212:5675 cust1.example.net.
IN A6 64 ::1234:5678:1212:5675 subnet5.example2.net.
$ORIGIN example.net.
cust1 IN A6 48 0:0:0:dddd:: ipv6net.example.net.
ipv6net IN A6 0 aa:bb:cccc::
$ORIGIN example2.net.
subnet5 IN A6 48 0:0:0:1:: ipv6net2.example2.net.
ipv6net2 IN A6 0 6666:5555:4::
</PRE
><P
>This sets up forward lookups. To handle the reverse lookups,
the provider <TT
CLASS="literal"
>example.net</TT
>
would have:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN \[x00aa00bbcccc/48].ip6.arpa.
\[xdddd/16] IN DNAME ipv6-rev.example.com.
</PRE
><P
>and <TT
CLASS="literal"
>example2.net</TT
> would have:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN \[x666655550004/48].ip6.arpa.
\[x0001/16] IN DNAME ipv6-rev.example.com.
</PRE
><P
><TT
CLASS="literal"
>example.com</TT
>
needs only one zone file to handle both of these reverse
mappings:</P
><PRE
CLASS="programlisting"
>&#13;$ORIGIN ipv6-rev.example.com.
\[x1234567812125675/64] IN PTR host.example.com.
</PRE
></DIV
></DIV
></DIV
><DIV
@ -1758,6 +1631,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -1769,6 +1643,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch03.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -1777,6 +1652,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -1785,6 +1661,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch05.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

18
doc/arm/Bv9ARM.ch05.html
View file

@ -4,7 +4,7 @@
>The BIND 9 Lightweight Resolver</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch04.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch06.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -81,7 +84,7 @@ CLASS="TOC"
></DT
><DT
>5.1. <A
HREF="Bv9ARM.ch05.html#AEN1092"
HREF="Bv9ARM.ch05.html#AEN1050"
>The Lightweight Resolver Library</A
></DT
><DT
@ -96,7 +99,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN1092"
NAME="AEN1050"
>5.1. The Lightweight Resolver Library</A
></H1
><P
@ -104,9 +107,10 @@ NAME="AEN1092"
library that sends recursive DNS queries to a local caching name
server.</P
><P
>IPv6 introduces new complexity into the resolution process,
>IPv6 once introduced new complexity into the resolution process,
such as following A6 chains and DNAME records, and simultaneous
lookup of IPv4 and IPv6 addresses. These are hard or impossible
lookup of IPv4 and IPv6 addresses. Though most of the complexity was
then removed, these are hard or impossible
to implement in a traditional stub resolver.</P
><P
>Instead, <SPAN
@ -200,6 +204,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -211,6 +216,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch04.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -219,6 +225,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -227,6 +234,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch06.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

1669
doc/arm/Bv9ARM.ch06.html
View file

File diff suppressed because it is too large Load diff

37
doc/arm/Bv9ARM.ch07.html
View file

@ -4,7 +4,7 @@
>BIND 9 Security Considerations</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch06.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch08.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -86,7 +89,7 @@ HREF="Bv9ARM.ch07.html#Access_Control_Lists"
></DT
><DT
>7.2. <A
HREF="Bv9ARM.ch07.html#AEN4368"
HREF="Bv9ARM.ch07.html#AEN4599"
><B
CLASS="command"
>chroot</B
@ -137,9 +140,12 @@ etc.</P
your name server, without cluttering up your config files with huge
lists of IP addresses.</P
><P
>It is a <I
>It is a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>good idea</I
></SPAN
> to use ACLs, and to
control access to your server. Limiting access to your server by
outside parties can help prevent spoofing and DoS attacks against
@ -173,9 +179,12 @@ zone "example.com" {
unless recursion has been previously disabled.</P
><P
>For more information on how to use ACLs to protect your server,
see the <I
see the <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>AUSCERT</I
></SPAN
> advisory at
<A
HREF="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos"
@ -188,7 +197,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN4368"
NAME="AEN4599"
>7.2. <B
CLASS="command"
>chroot</B
@ -202,9 +211,12 @@ UNIX servers)</A
>On UNIX servers, it is possible to run <SPAN
CLASS="acronym"
>BIND</SPAN
> in a <I
> in a <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>chrooted</I
></SPAN
> environment
(<B
CLASS="command"
@ -267,7 +279,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4391"
NAME="AEN4622"
>7.2.1. The <B
CLASS="command"
>chroot</B
@ -307,9 +319,12 @@ for this.
</P
><P
>&#13;Unlike with earlier versions of BIND, you will typically
<I
<SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>not</I
></SPAN
> need to compile <B
CLASS="command"
>named</B
@ -340,7 +355,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4409"
NAME="AEN4640"
>7.2.2. Using the <B
CLASS="command"
>setuid</B
@ -428,6 +443,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -439,6 +455,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch06.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -447,6 +464,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -455,6 +473,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch08.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

23
doc/arm/Bv9ARM.ch08.html
View file

@ -4,7 +4,7 @@
>Troubleshooting</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -25,6 +25,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -42,6 +43,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch07.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -55,6 +57,7 @@ ALIGN="right"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch09.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
@ -78,17 +81,17 @@ CLASS="TOC"
></DT
><DT
>8.1. <A
HREF="Bv9ARM.ch08.html#AEN4430"
HREF="Bv9ARM.ch08.html#AEN4661"
>Common Problems</A
></DT
><DT
>8.2. <A
HREF="Bv9ARM.ch08.html#AEN4435"
HREF="Bv9ARM.ch08.html#AEN4666"
>Incrementing and Changing the Serial Number</A
></DT
><DT
>8.3. <A
HREF="Bv9ARM.ch08.html#AEN4440"
HREF="Bv9ARM.ch08.html#AEN4671"
>Where Can I Get Help?</A
></DT
></DL
@ -98,7 +101,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN4430"
NAME="AEN4661"
>8.1. Common Problems</A
></H1
><DIV
@ -106,7 +109,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4432"
NAME="AEN4663"
>8.1.1. It's not working; how can I figure out what's wrong?</A
></H2
><P
@ -122,7 +125,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN4435"
NAME="AEN4666"
>8.2. Incrementing and Changing the Serial Number</A
></H1
><P
@ -151,7 +154,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN4440"
NAME="AEN4671"
>8.3. Where Can I Get Help?</A
></H1
><P
@ -208,6 +211,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -219,6 +223,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch07.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -227,6 +232,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
@ -235,6 +241,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch09.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

307
doc/arm/Bv9ARM.ch09.html
View file

@ -4,7 +4,7 @@
>Appendices</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="HOME"
TITLE="BIND 9 Administrator Reference Manual"
@ -22,6 +22,7 @@ ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -39,6 +40,7 @@ ALIGN="left"
VALIGN="bottom"
><A
HREF="Bv9ARM.ch08.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -72,7 +74,7 @@ CLASS="TOC"
></DT
><DT
>A.1. <A
HREF="Bv9ARM.ch09.html#AEN4456"
HREF="Bv9ARM.ch09.html#AEN4687"
>Acknowledgements</A
></DT
><DT
@ -95,7 +97,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN4456"
NAME="AEN4687"
>A.1. Acknowledgements</A
></H1
><DIV
@ -103,7 +105,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4458"
NAME="AEN4689"
>A.1.1. A Brief History of the <SPAN
CLASS="acronym"
>DNS</SPAN
@ -231,7 +233,7 @@ CLASS="sect2"
CLASS="sect2"
><A
NAME="ipv6addresses"
>A.2.1. IPv6 addresses (A6)</A
>A.2.1. IPv6 addresses (AAAA)</A
></H2
><P
>IPv6 addresses are 128-bit identifiers for interfaces and
@ -239,17 +241,26 @@ sets of interfaces which were introduced in the <SPAN
CLASS="acronym"
>DNS</SPAN
> to facilitate
scalable Internet routing. There are three types of addresses: <I
scalable Internet routing. There are three types of addresses: <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Unicast</I
></SPAN
>,
an identifier for a single interface; <I
an identifier for a single interface; <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Anycast</I
></SPAN
>,
an identifier for a set of interfaces; and <I
an identifier for a set of interfaces; and <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Multicast</I
></SPAN
>,
an identifier for a set of interfaces. Here we describe the global
Unicast address scheme. For more information, see RFC 2374.</P
@ -258,7 +269,7 @@ Unicast address scheme. For more information, see RFC 2374.</P
><DIV
CLASS="informaltable"
><A
NAME="AEN4494"
NAME="AEN4725"
></A
><P
></P
@ -477,7 +488,7 @@ VALIGN="MIDDLE"
<DIV
CLASS="informaltable"
><A
NAME="AEN4563"
NAME="AEN4794"
></A
><P
></P
@ -631,22 +642,34 @@ VALIGN="MIDDLE"
></DIV
></P
><P
>The <I
>The <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Public Topology</I
></SPAN
> is provided by the
upstream provider or ISP, and (roughly) corresponds to the IPv4 <I
upstream provider or ISP, and (roughly) corresponds to the IPv4 <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>network</I
></SPAN
> section
of the address range. The <I
of the address range. The <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Site Topology</I
></SPAN
> is
where you can subnet this space, much the same as subnetting an
IPv4 /16 network into /24 subnets. The <I
IPv4 /16 network into /24 subnets. The <SPAN
CLASS="emphasis"
><I
CLASS="emphasis"
>Interface Identifier</I
></SPAN
> is
the address of an individual interface on a given network. (With
IPv6, addresses belong to interfaces rather than machines.)</P
@ -655,103 +678,6 @@ IPv6, addresses belong to interfaces rather than machines.)</P
that of IPv4: subnetting can now be carried out on bit boundaries,
in much the same way as Classless InterDomain Routing (CIDR).</P
><P
>The internal structure of the Public Topology for an A6 global
unicast address consists of:</P
><DIV
CLASS="informaltable"
><A
NAME="AEN4618"
></A
><P
></P
><TABLE
CELLPADDING="3"
BORDER="1"
CLASS="CALSTABLE"
><TBODY
><TR
><TD
WIDTH="49"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>3</P
></TD
><TD
WIDTH="64"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>13</P
></TD
><TD
WIDTH="53"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>8</P
></TD
><TD
WIDTH="79"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>24</P
></TD
></TR
><TR
><TD
WIDTH="49"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>FP</P
></TD
><TD
WIDTH="64"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>TLA ID</P
></TD
><TD
WIDTH="53"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>RES</P
></TD
><TD
WIDTH="79"
ALIGN="LEFT"
VALIGN="MIDDLE"
><P
>NLA ID</P
></TD
></TR
></TBODY
></TABLE
><P
></P
></DIV
><P
>A 3 bit FP (Format Prefix) of 001 indicates this is a global
Unicast address. FP lengths for other types of addresses may vary.</P
><P
>13 TLA (Top Level Aggregator) bits give the prefix of your
top-level IP backbone carrier.</P
><P
>8 Reserved bits</P
><P
>24 bits for Next Level Aggregators. This allows organizations
with a TLA to hand out portions of their IP space to client organizations,
so that the client can then split up the network further by filling
in more NLA bits, and hand out IPv6 prefixes to their clients, and
so forth.</P
><P
>There is no particular structure for the Site topology section.
Organizations can allocate these bits in any way they desire.</P
><P
>The Interface Identifier must be unique on that network. On
ethernet networks, one way to ensure this is to set the address
to the first three bytes of the hardware address, "FFFE", then the
@ -762,7 +688,7 @@ of a block may be omitted, for example:</P
><P
><B
CLASS="command"
>3ffe:8050:201:9:a00:20ff:fe81:2b32</B
>2001:4f8:201:9:a00:20ff:fe81:2b32</B
></P
><P
>IPv6 address specifications are likely to contain long strings
@ -820,19 +746,19 @@ TARGET="_top"
</P
><H3
><A
NAME="AEN4662"
NAME="AEN4862"
>Bibliography</A
></H3
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN4663"
NAME="AEN4863"
>Standards</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4665"
NAME="AEN4865"
></A
><P
>[RFC974]&nbsp;<SPAN
@ -849,7 +775,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4672"
NAME="AEN4872"
></A
><P
>[RFC1034]&nbsp;<SPAN
@ -866,7 +792,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4679"
NAME="AEN4879"
></A
><P
>[RFC1035]&nbsp;<SPAN
@ -881,16 +807,16 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="proposed_standards"
>Proposed Standards</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4688"
NAME="AEN4888"
></A
><P
>[RFC2181]&nbsp;<SPAN
@ -910,7 +836,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4696"
NAME="AEN4896"
></A
><P
>[RFC2308]&nbsp;<SPAN
@ -930,7 +856,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4704"
NAME="AEN4904"
></A
><P
>[RFC1995]&nbsp;<SPAN
@ -950,7 +876,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4712"
NAME="AEN4912"
></A
><P
>[RFC1996]&nbsp;<SPAN
@ -967,7 +893,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4719"
NAME="AEN4919"
></A
><P
>[RFC2136]&nbsp;<SPAN
@ -993,7 +919,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4736"
NAME="AEN4936"
></A
><P
>[RFC2845]&nbsp;<SPAN
@ -1019,16 +945,16 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN4755"
NAME="AEN4955"
>Proposed Standards Still Under Development</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4760"
NAME="AEN4960"
></A
><P
>[RFC1886]&nbsp;<SPAN
@ -1051,7 +977,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4772"
NAME="AEN4972"
></A
><P
>[RFC2065]&nbsp;<SPAN
@ -1071,7 +997,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4784"
NAME="AEN4984"
></A
><P
>[RFC2137]&nbsp;<SPAN
@ -1085,19 +1011,19 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN4792"
NAME="AEN4992"
>Other Important RFCs About <SPAN
CLASS="acronym"
>DNS</SPAN
> Implementation</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4795"
NAME="AEN4995"
></A
><P
>[RFC1535]&nbsp;<SPAN
@ -1117,7 +1043,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4803"
NAME="AEN5003"
></A
><P
>[RFC1536]&nbsp;<SPAN
@ -1149,7 +1075,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4824"
NAME="AEN5024"
></A
><P
>[RFC1982]&nbsp;<SPAN
@ -1166,16 +1092,16 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN4835"
NAME="AEN5035"
>Resource Record Types</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4837"
NAME="AEN5037"
></A
><P
>[RFC1183]&nbsp;<SPAN
@ -1204,7 +1130,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4855"
NAME="AEN5055"
></A
><P
>[RFC1706]&nbsp;<SPAN
@ -1227,7 +1153,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4867"
NAME="AEN5067"
></A
><P
>[RFC2168]&nbsp;<SPAN
@ -1248,7 +1174,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4878"
NAME="AEN5078"
></A
><P
>[RFC1876]&nbsp;<SPAN
@ -1275,7 +1201,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4895"
NAME="AEN5095"
></A
><P
>[RFC2052]&nbsp;<SPAN
@ -1299,7 +1225,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4907"
NAME="AEN5107"
></A
><P
>[RFC2163]&nbsp;<SPAN
@ -1320,7 +1246,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4915"
NAME="AEN5115"
></A
><P
>[RFC2230]&nbsp;<SPAN
@ -1337,19 +1263,19 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN4923"
NAME="AEN5123"
><SPAN
CLASS="acronym"
>DNS</SPAN
> and the Internet</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4926"
NAME="AEN5126"
></A
><P
>[RFC1101]&nbsp;<SPAN
@ -1369,7 +1295,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4934"
NAME="AEN5134"
></A
><P
>[RFC1123]&nbsp;<SPAN
@ -1386,7 +1312,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4941"
NAME="AEN5141"
></A
><P
>[RFC1591]&nbsp;<SPAN
@ -1403,7 +1329,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4948"
NAME="AEN5148"
></A
><P
>[RFC2317]&nbsp;<SPAN
@ -1423,19 +1349,19 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN4962"
NAME="AEN5162"
><SPAN
CLASS="acronym"
>DNS</SPAN
> Operations</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN4965"
NAME="AEN5165"
></A
><P
>[RFC1537]&nbsp;<SPAN
@ -1455,7 +1381,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4973"
NAME="AEN5173"
></A
><P
>[RFC1912]&nbsp;<SPAN
@ -1475,27 +1401,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN4981"
></A
><P
>[RFC1912]&nbsp;<SPAN
CLASS="AUTHOR"
>D. Barr</SPAN
>, <I
>Common <SPAN
CLASS="acronym"
>DNS</SPAN
> Operational and Configuration Errors</I
>, February 1996.</P
><DIV
CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><DIV
CLASS="biblioentry"
><A
NAME="AEN4989"
NAME="AEN5181"
></A
><P
>[RFC2010]&nbsp;<SPAN
@ -1515,7 +1421,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN5000"
NAME="AEN5192"
></A
><P
>[RFC2219]&nbsp;<SPAN
@ -1535,19 +1441,19 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN5012"
NAME="AEN5204"
>Other <SPAN
CLASS="acronym"
>DNS</SPAN
>-related RFCs</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN5018"
NAME="AEN5210"
></A
><P
>[RFC1464]&nbsp;<SPAN
@ -1564,7 +1470,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN5025"
NAME="AEN5217"
></A
><P
>[RFC1713]&nbsp;<SPAN
@ -1584,7 +1490,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN5033"
NAME="AEN5225"
></A
><P
>[RFC1794]&nbsp;<SPAN
@ -1604,7 +1510,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN5041"
NAME="AEN5233"
></A
><P
>[RFC2240]&nbsp;<SPAN
@ -1621,7 +1527,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN5048"
NAME="AEN5240"
></A
><P
>[RFC2345]&nbsp;<SPAN
@ -1644,7 +1550,7 @@ STYLE="margin-left=0.5in"
><DIV
CLASS="biblioentry"
><A
NAME="AEN5062"
NAME="AEN5254"
></A
><P
>[RFC2352]&nbsp;<SPAN
@ -1658,16 +1564,16 @@ CLASS="BIBLIOENTRYBLOCK"
STYLE="margin-left=0.5in"
></DIV
></DIV
><H1
><H2
CLASS="bibliodiv"
><A
NAME="AEN5069"
NAME="AEN5261"
>Obsolete and Unimplemented Experimental RRs</A
></H1
></H2
><DIV
CLASS="biblioentry"
><A
NAME="AEN5071"
NAME="AEN5263"
></A
><P
>[RFC1712]&nbsp;<SPAN
@ -1718,7 +1624,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN5092"
NAME="AEN5284"
>A.3.3. Other Documents About <SPAN
CLASS="acronym"
>BIND</SPAN
@ -1728,13 +1634,13 @@ CLASS="acronym"
></P
><H3
><A
NAME="AEN5096"
NAME="AEN5288"
>Bibliography</A
></H3
><DIV
CLASS="biblioentry"
><A
NAME="AEN5097"
NAME="AEN5289"
></A
><P
><SPAN
@ -1765,6 +1671,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -1776,6 +1683,7 @@ ALIGN="left"
VALIGN="top"
><A
HREF="Bv9ARM.ch08.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
@ -1784,6 +1692,7 @@ ALIGN="center"
VALIGN="top"
><A
HREF="Bv9ARM.html"
ACCESSKEY="H"
>Home</A
></TD
><TD

155
doc/arm/Bv9ARM.html
View file

@ -4,7 +4,7 @@
>BIND 9 Administrator Reference Manual</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"><LINK
REL="NEXT"
TITLE="Introduction "
@ -188,7 +188,7 @@ HREF="Bv9ARM.ch03.html#AEN345"
></DT
><DT
>3.3.2. <A
HREF="Bv9ARM.ch03.html#AEN675"
HREF="Bv9ARM.ch03.html#AEN677"
>Signals</A
></DT
></DL
@ -228,7 +228,7 @@ HREF="Bv9ARM.ch04.html#incremental_zone_transfers"
></DT
><DT
>4.4. <A
HREF="Bv9ARM.ch04.html#AEN753"
HREF="Bv9ARM.ch04.html#AEN755"
>Split DNS</A
></DT
><DT
@ -240,44 +240,44 @@ HREF="Bv9ARM.ch04.html#tsig"
><DL
><DT
>4.5.1. <A
HREF="Bv9ARM.ch04.html#AEN844"
HREF="Bv9ARM.ch04.html#AEN846"
>Generate Shared Keys for Each Pair of Hosts</A
></DT
><DT
>4.5.2. <A
HREF="Bv9ARM.ch04.html#AEN865"
HREF="Bv9ARM.ch04.html#AEN867"
>Copying the Shared Secret to Both Machines</A
></DT
><DT
>4.5.3. <A
HREF="Bv9ARM.ch04.html#AEN868"
HREF="Bv9ARM.ch04.html#AEN870"
>Informing the Servers of the Key's Existence</A
></DT
><DT
>4.5.4. <A
HREF="Bv9ARM.ch04.html#AEN880"
HREF="Bv9ARM.ch04.html#AEN882"
>Instructing the Server to Use the Key</A
></DT
><DT
>4.5.5. <A
HREF="Bv9ARM.ch04.html#AEN896"
HREF="Bv9ARM.ch04.html#AEN898"
>TSIG Key Based Access Control</A
></DT
><DT
>4.5.6. <A
HREF="Bv9ARM.ch04.html#AEN909"
HREF="Bv9ARM.ch04.html#AEN911"
>Errors</A
></DT
></DL
></DD
><DT
>4.6. <A
HREF="Bv9ARM.ch04.html#AEN913"
HREF="Bv9ARM.ch04.html#AEN915"
>TKEY</A
></DT
><DT
>4.7. <A
HREF="Bv9ARM.ch04.html#AEN928"
HREF="Bv9ARM.ch04.html#AEN930"
>SIG(0)</A
></DT
><DT
@ -289,34 +289,34 @@ HREF="Bv9ARM.ch04.html#DNSSEC"
><DL
><DT
>4.8.1. <A
HREF="Bv9ARM.ch04.html#AEN947"
HREF="Bv9ARM.ch04.html#AEN949"
>Generating Keys</A
></DT
><DT
>4.8.2. <A
HREF="Bv9ARM.ch04.html#AEN967"
HREF="Bv9ARM.ch04.html#AEN969"
>Creating a Keyset</A
></DT
><DT
>4.8.3. <A
HREF="Bv9ARM.ch04.html#AEN979"
HREF="Bv9ARM.ch04.html#AEN981"
>Signing the Child's Keyset</A
></DT
><DT
>4.8.4. <A
HREF="Bv9ARM.ch04.html#AEN992"
HREF="Bv9ARM.ch04.html#AEN994"
>Signing the Zone</A
></DT
><DT
>4.8.5. <A
HREF="Bv9ARM.ch04.html#AEN1008"
HREF="Bv9ARM.ch04.html#AEN1010"
>Configuring Servers</A
></DT
></DL
></DD
><DT
>4.9. <A
HREF="Bv9ARM.ch04.html#AEN1015"
HREF="Bv9ARM.ch04.html#AEN1017"
>IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
@ -326,29 +326,14 @@ CLASS="acronym"
><DL
><DT
>4.9.1. <A
HREF="Bv9ARM.ch04.html#AEN1032"
HREF="Bv9ARM.ch04.html#AEN1035"
>Address Lookups Using AAAA Records</A
></DT
><DT
>4.9.2. <A
HREF="Bv9ARM.ch04.html#AEN1037"
>Address Lookups Using A6 Records</A
></DT
><DT
>4.9.3. <A
HREF="Bv9ARM.ch04.html#AEN1058"
HREF="Bv9ARM.ch04.html#AEN1041"
>Address to Name Lookups Using Nibble Format</A
></DT
><DT
>4.9.4. <A
HREF="Bv9ARM.ch04.html#AEN1065"
>Address to Name Lookups Using Binary Label Format</A
></DT
><DT
>4.9.5. <A
HREF="Bv9ARM.ch04.html#AEN1072"
>Using DNAME for Delegation of IPv6 Reverse Addresses</A
></DT
></DL
></DD
></DL
@ -365,7 +350,7 @@ CLASS="acronym"
><DL
><DT
>5.1. <A
HREF="Bv9ARM.ch05.html#AEN1092"
HREF="Bv9ARM.ch05.html#AEN1050"
>The Lightweight Resolver Library</A
></DT
><DT
@ -399,7 +384,7 @@ HREF="Bv9ARM.ch06.html#address_match_lists"
></DT
><DT
>6.1.2. <A
HREF="Bv9ARM.ch06.html#AEN1335"
HREF="Bv9ARM.ch06.html#AEN1296"
>Comment Syntax</A
></DT
></DL
@ -413,7 +398,7 @@ HREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
><DL
><DT
>6.2.1. <A
HREF="Bv9ARM.ch06.html#AEN1442"
HREF="Bv9ARM.ch06.html#AEN1409"
><B
CLASS="command"
>acl</B
@ -430,7 +415,7 @@ Usage</A
></DT
><DT
>6.2.3. <A
HREF="Bv9ARM.ch06.html#AEN1489"
HREF="Bv9ARM.ch06.html#AEN1451"
><B
CLASS="command"
>controls</B
@ -446,7 +431,7 @@ CLASS="command"
></DT
><DT
>6.2.5. <A
HREF="Bv9ARM.ch06.html#AEN1568"
HREF="Bv9ARM.ch06.html#AEN1530"
><B
CLASS="command"
>include</B
@ -454,7 +439,7 @@ CLASS="command"
></DT
><DT
>6.2.6. <A
HREF="Bv9ARM.ch06.html#AEN1573"
HREF="Bv9ARM.ch06.html#AEN1535"
><B
CLASS="command"
>include</B
@ -462,7 +447,7 @@ CLASS="command"
></DT
><DT
>6.2.7. <A
HREF="Bv9ARM.ch06.html#AEN1580"
HREF="Bv9ARM.ch06.html#AEN1542"
><B
CLASS="command"
>key</B
@ -470,7 +455,7 @@ CLASS="command"
></DT
><DT
>6.2.8. <A
HREF="Bv9ARM.ch06.html#AEN1587"
HREF="Bv9ARM.ch06.html#AEN1549"
><B
CLASS="command"
>key</B
@ -478,7 +463,7 @@ CLASS="command"
></DT
><DT
>6.2.9. <A
HREF="Bv9ARM.ch06.html#AEN1607"
HREF="Bv9ARM.ch06.html#AEN1569"
><B
CLASS="command"
>logging</B
@ -486,7 +471,7 @@ CLASS="command"
></DT
><DT
>6.2.10. <A
HREF="Bv9ARM.ch06.html#AEN1647"
HREF="Bv9ARM.ch06.html#AEN1609"
><B
CLASS="command"
>logging</B
@ -494,7 +479,7 @@ CLASS="command"
></DT
><DT
>6.2.11. <A
HREF="Bv9ARM.ch06.html#AEN1878"
HREF="Bv9ARM.ch06.html#AEN1873"
><B
CLASS="command"
>lwres</B
@ -502,7 +487,7 @@ CLASS="command"
></DT
><DT
>6.2.12. <A
HREF="Bv9ARM.ch06.html#AEN1902"
HREF="Bv9ARM.ch06.html#AEN1897"
><B
CLASS="command"
>lwres</B
@ -510,14 +495,30 @@ CLASS="command"
></DT
><DT
>6.2.13. <A
HREF="Bv9ARM.ch06.html#AEN1921"
HREF="Bv9ARM.ch06.html#AEN1916"
><B
CLASS="command"
>masters</B
> Statement Grammar</A
></DT
><DT
>6.2.14. <A
HREF="Bv9ARM.ch06.html#AEN1931"
><B
CLASS="command"
>masters</B
> Statement Definition and Usage</A
></DT
><DT
>6.2.15. <A
HREF="Bv9ARM.ch06.html#AEN1936"
><B
CLASS="command"
>options</B
> Statement Grammar</A
></DT
><DT
>6.2.14. <A
>6.2.16. <A
HREF="Bv9ARM.ch06.html#options"
><B
CLASS="command"
@ -525,7 +526,7 @@ CLASS="command"
> Statement Definition and Usage</A
></DT
><DT
>6.2.15. <A
>6.2.17. <A
HREF="Bv9ARM.ch06.html#server_statement_grammar"
><B
CLASS="command"
@ -533,7 +534,7 @@ CLASS="command"
> Statement Grammar</A
></DT
><DT
>6.2.16. <A
>6.2.18. <A
HREF="Bv9ARM.ch06.html#server_statement_definition_and_usage"
><B
CLASS="command"
@ -541,16 +542,16 @@ CLASS="command"
> Statement Definition and Usage</A
></DT
><DT
>6.2.17. <A
HREF="Bv9ARM.ch06.html#AEN3200"
>6.2.19. <A
HREF="Bv9ARM.ch06.html#AEN3342"
><B
CLASS="command"
>trusted-keys</B
> Statement Grammar</A
></DT
><DT
>6.2.18. <A
HREF="Bv9ARM.ch06.html#AEN3216"
>6.2.20. <A
HREF="Bv9ARM.ch06.html#AEN3358"
><B
CLASS="command"
>trusted-keys</B
@ -558,7 +559,7 @@ CLASS="command"
and Usage</A
></DT
><DT
>6.2.19. <A
>6.2.21. <A
HREF="Bv9ARM.ch06.html#view_statement_grammar"
><B
CLASS="command"
@ -566,15 +567,15 @@ CLASS="command"
> Statement Grammar</A
></DT
><DT
>6.2.20. <A
HREF="Bv9ARM.ch06.html#AEN3238"
>6.2.22. <A
HREF="Bv9ARM.ch06.html#AEN3380"
><B
CLASS="command"
>view</B
> Statement Definition and Usage</A
></DT
><DT
>6.2.21. <A
>6.2.23. <A
HREF="Bv9ARM.ch06.html#zone_statement_grammar"
><B
CLASS="command"
@ -583,8 +584,8 @@ CLASS="command"
Statement Grammar</A
></DT
><DT
>6.2.22. <A
HREF="Bv9ARM.ch06.html#AEN3395"
>6.2.24. <A
HREF="Bv9ARM.ch06.html#AEN3554"
><B
CLASS="command"
>zone</B
@ -594,7 +595,7 @@ CLASS="command"
></DD
><DT
>6.3. <A
HREF="Bv9ARM.ch06.html#AEN3755"
HREF="Bv9ARM.ch06.html#AEN3956"
>Zone File</A
></DT
><DD
@ -606,7 +607,7 @@ HREF="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them"
></DT
><DT
>6.3.2. <A
HREF="Bv9ARM.ch06.html#AEN4070"
HREF="Bv9ARM.ch06.html#AEN4276"
>Discussion of MX Records</A
></DT
><DT
@ -616,17 +617,17 @@ HREF="Bv9ARM.ch06.html#Setting_TTLs"
></DT
><DT
>6.3.4. <A
HREF="Bv9ARM.ch06.html#AEN4191"
HREF="Bv9ARM.ch06.html#AEN4397"
>Inverse Mapping in IPv4</A
></DT
><DT
>6.3.5. <A
HREF="Bv9ARM.ch06.html#AEN4218"
HREF="Bv9ARM.ch06.html#AEN4424"
>Other Zone File Directives</A
></DT
><DT
>6.3.6. <A
HREF="Bv9ARM.ch06.html#AEN4276"
HREF="Bv9ARM.ch06.html#AEN4482"
><SPAN
CLASS="acronym"
>BIND</SPAN
@ -656,7 +657,7 @@ HREF="Bv9ARM.ch07.html#Access_Control_Lists"
></DT
><DT
>7.2. <A
HREF="Bv9ARM.ch07.html#AEN4368"
HREF="Bv9ARM.ch07.html#AEN4599"
><B
CLASS="command"
>chroot</B
@ -670,7 +671,7 @@ UNIX servers)</A
><DL
><DT
>7.2.1. <A
HREF="Bv9ARM.ch07.html#AEN4391"
HREF="Bv9ARM.ch07.html#AEN4622"
>The <B
CLASS="command"
>chroot</B
@ -678,7 +679,7 @@ CLASS="command"
></DT
><DT
>7.2.2. <A
HREF="Bv9ARM.ch07.html#AEN4409"
HREF="Bv9ARM.ch07.html#AEN4640"
>Using the <B
CLASS="command"
>setuid</B
@ -702,26 +703,26 @@ HREF="Bv9ARM.ch08.html"
><DL
><DT
>8.1. <A
HREF="Bv9ARM.ch08.html#AEN4430"
HREF="Bv9ARM.ch08.html#AEN4661"
>Common Problems</A
></DT
><DD
><DL
><DT
>8.1.1. <A
HREF="Bv9ARM.ch08.html#AEN4432"
HREF="Bv9ARM.ch08.html#AEN4663"
>It's not working; how can I figure out what's wrong?</A
></DT
></DL
></DD
><DT
>8.2. <A
HREF="Bv9ARM.ch08.html#AEN4435"
HREF="Bv9ARM.ch08.html#AEN4666"
>Incrementing and Changing the Serial Number</A
></DT
><DT
>8.3. <A
HREF="Bv9ARM.ch08.html#AEN4440"
HREF="Bv9ARM.ch08.html#AEN4671"
>Where Can I Get Help?</A
></DT
></DL
@ -735,14 +736,14 @@ HREF="Bv9ARM.ch09.html"
><DL
><DT
>A.1. <A
HREF="Bv9ARM.ch09.html#AEN4456"
HREF="Bv9ARM.ch09.html#AEN4687"
>Acknowledgements</A
></DT
><DD
><DL
><DT
>A.1.1. <A
HREF="Bv9ARM.ch09.html#AEN4458"
HREF="Bv9ARM.ch09.html#AEN4689"
>A Brief History of the <SPAN
CLASS="acronym"
>DNS</SPAN
@ -766,7 +767,7 @@ CLASS="acronym"
><DT
>A.2.1. <A
HREF="Bv9ARM.ch09.html#ipv6addresses"
>IPv6 addresses (A6)</A
>IPv6 addresses (AAAA)</A
></DT
></DL
></DD
@ -789,7 +790,7 @@ HREF="Bv9ARM.ch09.html#internet_drafts"
></DT
><DT
>A.3.3. <A
HREF="Bv9ARM.ch09.html#AEN5092"
HREF="Bv9ARM.ch09.html#AEN5284"
>Other Documents About <SPAN
CLASS="acronym"
>BIND</SPAN
@ -807,6 +808,7 @@ CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
@ -828,6 +830,7 @@ ALIGN="right"
VALIGN="top"
><A
HREF="Bv9ARM.ch01.html"
ACCESSKEY="N"
>Next</A
></TD
></TR

15
doc/misc/options
View file

@ -78,6 +78,7 @@ options {
dual-stack-servers [ port <integer> ] { ( <quoted_string> [port
<integer>] | <ipv4_address> [port <integer>] | <ipv6_address> [port <integer>] ); ... };
edns-udp-size <integer>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
@ -150,7 +151,8 @@ view <string> <optional_class> {
secret <string>;
};
zone <string> <optional_class> {
type ( master | slave | stub | hint | forward );
type ( master | slave | stub | hint | forward |
delegation-only );
allow-update { <address_match_element>; ... };
file <quoted_string>;
ixfr-base <quoted_string>; // obsolete
@ -162,6 +164,7 @@ view <string> <optional_class> {
update-policy { ( grant | deny ) <string> ( name |
subdomain | wildcard | self ) <string> <rrtypelist>; ... };
database <string>;
delegation-only <boolean>;
check-names <string>; // not implemented
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
@ -213,6 +216,10 @@ view <string> <optional_class> {
transfer-format ( many-answers | one-answer );
keys <server_key>;
edns <boolean>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
};
trusted-keys { <string> <integer> <integer> <integer>
<quoted_string>; ... };
@ -247,6 +254,7 @@ view <string> <optional_class> {
dual-stack-servers [ port <integer> ] { ( <quoted_string> [port
<integer>] | <ipv4_address> [port <integer>] | <ipv6_address> [port <integer>] ); ... };
edns-udp-size <integer>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
@ -299,7 +307,7 @@ key <string> {
};
zone <string> <optional_class> {
type ( master | slave | stub | hint | forward );
type ( master | slave | stub | hint | forward | delegation-only );
allow-update { <address_match_element>; ... };
file <quoted_string>;
ixfr-base <quoted_string>; // obsolete
@ -310,6 +318,7 @@ zone <string> <optional_class> {
update-policy { ( grant | deny ) <string> ( name | subdomain |
wildcard | self ) <string> <rrtypelist>; ... };
database <string>;
delegation-only <boolean>;
check-names <string>; // not implemented
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
@ -358,6 +367,8 @@ server <netaddr> {
transfer-format ( many-answers | one-answer );
keys <server_key>;
edns <boolean>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
};
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };

2
lib/lwres/man/lwres_context.3
View file

@ -65,7 +65,7 @@ It holds a socket and other data needed for communicating
with a resolver daemon.
The new
\fBlwres_context_t\fR
is returned throught
is returned through
\fIcontextp\fR,
a pointer to a
\fBlwres_context_t\fR

4
lib/lwres/man/lwres_context.html
View file

@ -20,7 +20,7 @@
>lwres_context</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -144,7 +144,7 @@ The new
CLASS="TYPE"
>lwres_context_t</SPAN
>
is returned throught
is returned through
<TT
CLASS="PARAMETER"
><I

2
lib/lwres/man/lwres_getipnode.3
View file

@ -153,7 +153,7 @@ and
\fBlwres_getipnodebyaddr()\fR
set
\fI*error_num\fR
to an approriate error code and the function returns a
to an appropriate error code and the function returns a
\fBNULL\fR
pointer.
The error codes and their meanings are defined in

4
lib/lwres/man/lwres_getipnode.html
View file

@ -20,7 +20,7 @@
>lwres_getipnode</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.61
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
@ -398,7 +398,7 @@ CLASS="PARAMETER"
>*error_num</I
></TT
>
to an approriate error code and the function returns a
to an appropriate error code and the function returns a
<SPAN
CLASS="TYPE"
>NULL</SPAN