From 9bbcff225b74f64c2bfccbf534fd5833c2e79320 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 1 Jul 2022 12:29:18 +0200 Subject: [PATCH] Manual fixups for new hyperlinks It turns out that many manual edits were required: - Heading underlines were too short because :any:`` is longer than ```` - Some statement names clashed with manually defined _link_anchors (notify, trust-anchors etc.) - Zone types are defined like "type primary" in the internal grammar and that caused mayhem in the replacement script as it took "type" and individual types ("primary", "secondary") as separate statements. For that reason :any:`primary` had to be manually replaced with :any:`primary ` where appropriate. - Sometimes option name is also the same as a value name (e.g. "notify") and then it did not make sense to do the replacement. --- doc/arm/config-auth.inc.rst | 10 +-- doc/arm/config-intro.inc.rst | 2 +- doc/arm/config-resolve.inc.rst | 14 ++-- doc/arm/dlz.inc.rst | 6 +- doc/arm/dnssec.inc.rst | 2 +- doc/arm/logging-categories.inc.rst | 2 +- doc/arm/managed-keys.inc.rst | 2 +- doc/arm/reference.rst | 118 ++++++++++++----------------- doc/arm/zones.inc.rst | 2 +- doc/dnssec-guide/signing.rst | 2 +- doc/dnssec-guide/validation.rst | 2 +- 11 files changed, 68 insertions(+), 94 deletions(-) diff --git a/doc/arm/config-auth.inc.rst b/doc/arm/config-auth.inc.rst index b1af07ca04..ee6a9fed81 100644 --- a/doc/arm/config-auth.inc.rst +++ b/doc/arm/config-auth.inc.rst @@ -39,8 +39,6 @@ may support any combination of primary and secondary zones. For reasons of backward compatibility BIND 9 treats "primary" and "master" as synonyms, as well as "secondary" and "slave." -.. _notify: - The following diagram shows the relationship between the primary and secondary name servers. The text below explains the process in detail. @@ -168,10 +166,10 @@ the :iscman:`named.conf` file has been modified as shown: The added statements and blocks are commented in the above file. -The :ref:`zone` block, and :ref:`allow-query`, +The :any:`zone` block, and :ref:`allow-query`, :any:`allow-query-cache`, :ref:`allow-transfer`, :ref:`file`, -:ref:`notify`, :ref:`recursion`, and :ref:`type` +:ref:`notify`, :ref:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. .. _sample_secondary: @@ -250,11 +248,11 @@ The :ref:`named.conf` file has been modified as shown: The statements and blocks added are all commented in the above file. -The :ref:`zone` block, and :ref:`allow-query`, +The :any:`zone` block, and :ref:`allow-query`, :any:`allow-query-cache`, :ref:`allow-transfer`, :ref:`file`, :ref:`notify`, :ref:`primaries`, -:ref:`recursion`, and :ref:`type` statements are described in +:ref:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. If NOTIFY is not being used, no changes are required in this diff --git a/doc/arm/config-intro.inc.rst b/doc/arm/config-intro.inc.rst index c70de7f537..919d55137c 100644 --- a/doc/arm/config-intro.inc.rst +++ b/doc/arm/config-intro.inc.rst @@ -79,7 +79,7 @@ as required by the user. }; The :ref:`logging` and :ref:`options` blocks -and :ref:`category`, :ref:`channel`, +and :ref:`category`, :any:`channel`, :ref:`directory`, :ref:`file`, and :ref:`severity` statements are all described further in the appropriate sections of this ARM. diff --git a/doc/arm/config-resolve.inc.rst b/doc/arm/config-resolve.inc.rst index e8f50c91e6..4467201389 100644 --- a/doc/arm/config-resolve.inc.rst +++ b/doc/arm/config-resolve.inc.rst @@ -116,7 +116,7 @@ as the file ``named.root`` (normally found in /etc/namedb or Consult the appropriate distribution documentation for the actual file name. -The hint zone file is referenced using the :ref:`type hint;` statement and +The hint zone file is referenced using the :any:`type hint` statement and a zone (domain) name of "." (the generally silent dot). .. Note:: The root server IP addresses have been stable for a number of @@ -262,10 +262,10 @@ It is therefore a **closed** resolver and cannot be used in wider network attack notify no; }; -The :ref:`zone` and :ref:`acl` blocks, and the +The :any:`zone` and :any:`acl` blocks, and the :ref:`allow-query`, :ref:`empty-zones-enable`, :ref:`file`, :ref:`notify`, :ref:`recursion`, and -:ref:`type` statements are described in detail in the appropriate +:any:`type` statements are described in detail in the appropriate sections. As a reminder, the configuration of this resolver does **not** access the DNS @@ -380,10 +380,10 @@ provided`. notify no; }; -The :ref:`zone` and :ref:`acl` blocks, and the +The :any:`zone` and :any:`acl` blocks, and the :ref:`allow-query`, :ref:`empty-zones-enable`, :ref:`file`, :ref:`forward`, :ref:`forwarders`, -:ref:`notify`, :ref:`recursion`, and :ref:`type` +:ref:`notify`, :ref:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. As a reminder, the configuration of this forwarding resolver does **not** @@ -507,10 +507,10 @@ those IPs from which it will accept recursive queries. }; -The :ref:`zone` and :ref:`acl` blocks, and the +The :any:`zone` and :any:`acl` blocks, and the :ref:`allow-query`, :ref:`empty-zones-enable`, :ref:`file`, :ref:`forward`, :ref:`forwarders`, -:ref:`notify`, :ref:`recursion`, and :ref:`type` +:ref:`notify`, :ref:`recursion`, and :any:`type` statements are described in detail in the appropriate sections. As a reminder, the configuration of this resolver does **not** access the DNS diff --git a/doc/arm/dlz.inc.rst b/doc/arm/dlz.inc.rst index 77e65d99e9..6e0907807d 100644 --- a/doc/arm/dlz.inc.rst +++ b/doc/arm/dlz.inc.rst @@ -51,14 +51,14 @@ DLZ driver. Multiple :any:`dlz` statements can be specified. .. namedconf:statement:: search -When answering a query, all DLZ modules with :any:`search` set to ``yes`` are +When answering a query, all DLZ modules with :namedconf:ref:`search` set to ``yes`` are queried to see whether they contain an answer for the query name. The best available answer is returned to the client. -The :any:`search` option in the above example can be omitted, because +The :namedconf:ref:`search` option in the above example can be omitted, because ``yes`` is the default value. -If :any:`search` is set to ``no``, this DLZ module is *not* searched +If :namedconf:ref:`search` is set to ``no``, this DLZ module is *not* searched for the best match when a query is received. Instead, zones in this DLZ must be separately specified in a zone statement. This allows users to configure a zone normally using standard zone-option semantics, but diff --git a/doc/arm/dnssec.inc.rst b/doc/arm/dnssec.inc.rst index be28298ed5..0d7200054a 100644 --- a/doc/arm/dnssec.inc.rst +++ b/doc/arm/dnssec.inc.rst @@ -471,7 +471,7 @@ This trust anchor is provided as part of BIND and is kept up-to-date using To validate answers, the resolver needs at least one trusted starting point, a "trust anchor." Essentially, trust anchors are copies of ``DNSKEY`` RRs for zones that are used to form the first link in the cryptographic chain of trust. -Alternative trust anchors can be specified using :ref:`trust_anchors`, but +Alternative trust anchors can be specified using :any:`trust-anchors`, but this setup is very unusual and is recommended only for expert use. For more information, see :ref:`trust_anchors_description` in the :doc:`dnssec-guide`. diff --git a/doc/arm/logging-categories.inc.rst b/doc/arm/logging-categories.inc.rst index 3baba61ca4..95ef749259 100644 --- a/doc/arm/logging-categories.inc.rst +++ b/doc/arm/logging-categories.inc.rst @@ -52,7 +52,7 @@ ``network`` Network operations. -:any:`notify` +``notify`` The NOTIFY protocol. ``nsid`` diff --git a/doc/arm/managed-keys.inc.rst b/doc/arm/managed-keys.inc.rst index 587fb6e093..63bd0a569b 100644 --- a/doc/arm/managed-keys.inc.rst +++ b/doc/arm/managed-keys.inc.rst @@ -25,7 +25,7 @@ Validating Resolver To configure a validating resolver to use :rfc:`5011` to maintain a trust anchor, configure the trust anchor using a :any:`trust-anchors` statement and the ``initial-key`` keyword. Information about this can be found in -:ref:`trust-anchors`. +:any:`trust-anchors` statement description. Authoritative Server ^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index c342f6ba54..8f86fa738c 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -347,7 +347,7 @@ file documentation: Either ``yes`` or ``no``. The words ``true`` and ``false`` are also accepted, as are the numbers ``1`` and ``0``. ``dialup_option`` - One of ``yes``, ``no``, :any:`notify`, ``notify-passive``, ``refresh``, or ``passive``. When used in a zone, ``notify-passive``, ``refresh``, and ``passive`` are restricted to secondary and stub zones. + One of ``yes``, ``no``, ``notify``, ``notify-passive``, ``refresh``, or ``passive``. When used in a zone, ``notify-passive``, ``refresh``, and ``passive`` are restricted to secondary and stub zones. .. _configuration_file_grammar: @@ -422,15 +422,11 @@ The following blocks are supported: The :any:`logging` and ``options`` statements may only occur once per configuration. -.. _acl_grammar: - :any:`acl` Block Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: acl -.. _acl: - :any:`acl` Block Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -611,10 +607,8 @@ logging messages regarding syntax errors in the configuration file go to the default channels, or to standard error if the :option:`-g ` option was specified. -.. _channel: - The :any:`channel` Phrase -^^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^^ .. namedconf:statement:: channel All log output goes to one or more ``channels``; there is no limit to @@ -836,7 +830,7 @@ can be modified by pointing categories at defined channels. .. _the_category_phrase: The :any:`category` Phrase -^^^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^^^ There are many categories, so desired logs can be sent anywhere while unwanted logs are ignored. If a list of channels is not specified for a category, log messages in that @@ -1010,13 +1004,13 @@ preferred terminology.) To force the zone transfer requests to be sent over TLS, use :any:`tls` keyword, e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``, where ``tls-configuration-name`` refers to a previously defined -:ref:`tls statement `. +:any:`tls statement `. .. warning:: Please note that TLS connections to primaries are **not authenticated** unless :any:`remote-hostname` or :any:`ca-file` are specified - within the :ref:`tls statement ` in use (see information on + within the :any:`tls statement ` in use (see information on :ref:`Strict TLS ` and :ref:`Mutual TLS ` for more details). **Not authenticated mode** (:ref:`Opportunistic TLS `) provides protection from passive @@ -1272,7 +1266,7 @@ default is used. specifies the directory containing GeoIP database files. By default, the option is set based on the prefix used to build the ``libmaxminddb`` module; for example, if the library is installed in ``/usr/local/lib``, then the - default :any:`geoip-directory` is ``/usr/local/share/GeoIP``. See :ref:`acl` + default :any:`geoip-directory` is ``/usr/local/share/GeoIP``. See :any:`acl` for details about ``geoip`` ACLs. .. namedconf:statement:: key-directory @@ -1726,7 +1720,7 @@ default is used. .. namedconf:statement:: dnssec-update-mode If this option is set to its default value of ``maintain`` in a zone - of type :any:`primary` which is DNSSEC-signed and configured to allow + of :any:`type primary` which is DNSSEC-signed and configured to allow dynamic updates (see :ref:`dynamic_update_policies`), and if :iscman:`named` has access to the private signing key(s) for the zone, then :iscman:`named` automatically signs all new or changed records and maintains signatures @@ -1927,14 +1921,14 @@ Boolean Options serial number check in the secondary (providing it supports NOTIFY), allowing the secondary to verify the zone while the connection is active. The set of servers to which NOTIFY is sent can be controlled by - :any:`notify` and :any:`also-notify`. + :namedconf:ref:`notify` and :any:`also-notify`. If the zone is a secondary or stub zone, the server suppresses the regular "zone up to date" (refresh) queries and only performs them when the :any:`heartbeat-interval` expires, in addition to sending NOTIFY requests. - Finer control can be achieved by using :any:`notify`, which only sends + Finer control can be achieved by using :namedconf:ref:`notify`, which only sends NOTIFY messages; ``notify-passive``, which sends NOTIFY messages and suppresses the normal refresh queries; ``refresh``, which suppresses normal refresh processing and sends refresh queries when the @@ -1950,7 +1944,7 @@ Boolean Options +--------------------+-----------------+-----------------+-----------------+ | ``yes`` | no | yes | yes | +--------------------+-----------------+-----------------+-----------------+ - | :any:`notify` | yes | no | yes | + | ``notify`` | yes | no | yes | +--------------------+-----------------+-----------------+-----------------+ | ``refresh`` | no | yes | no | +--------------------+-----------------+-----------------+-----------------+ @@ -2070,7 +2064,7 @@ Boolean Options notifies are sent only to servers explicitly listed using :any:`also-notify`. If set to ``no``, no notifies are sent. - The :any:`notify` option may also be specified in the :any:`zone` + The :namedconf:ref:`notify` option may also be specified in the :any:`zone` statement, in which case it overrides the ``options notify`` statement. It would only be necessary to turn off this option if it caused secondary zones to crash. @@ -2349,8 +2343,8 @@ Boolean Options of the old and new zone versions, and the server needs to temporarily allocate memory to hold this complete difference set. - :any:`ixfr-from-differences` also accepts :any:`primary` - and :any:`secondary` at the view and options levels, + :any:`ixfr-from-differences` also accepts ``primary`` + and ``secondary`` at the view and options levels, which causes :any:`ixfr-from-differences` to be enabled for all primary or secondary zones, respectively. It is off for all zones by default. @@ -2475,7 +2469,7 @@ Boolean Options This option is used to restrict the character set and syntax of certain domain names in primary files and/or DNS responses received from the network. The default varies according to usage area. For - :any:`primary` zones the default is ``fail``. For :any:`secondary` zones the + :any:`type primary` zones the default is ``fail``. For :any:`type secondary` zones the default is ``warn``. For answers received from the network (``response``), the default is ``ignore``. @@ -2698,8 +2692,8 @@ for details on how to specify IP address lists. This ACL specifies which hosts may send NOTIFY messages to inform this server of changes to zones for which it is acting as a secondary - server. This is only applicable for secondary zones (i.e., type - :any:`secondary` or ``slave``). + server. This is only applicable for secondary zones (i.e., :any:`type + secondary` or ``slave``). If this option is set in :any:`view` or ``options``, it is globally applied to all secondary zones. If set in the :any:`zone` statement, the @@ -3708,7 +3702,7 @@ Periodic Task Intervals .. _the_sortlist_statement: The :any:`sortlist` Statement -^^^^^^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The response to a DNS query may consist of multiple resource records (RRs) forming a resource record set (RRset). The name server @@ -4313,7 +4307,7 @@ of built-in zones under the pseudo-top-level-domain ``bind`` in the (see :ref:`view_statement_grammar`) of class ``CHAOS``, which is separate from the default view of class ``IN``. Most global configuration options (:any:`allow-query`, etc.) apply to this view, -but some are locally overridden: :any:`notify`, :any:`recursion`, and +but some are locally overridden: :namedconf:ref:`notify`, :any:`recursion`, and :any:`allow-new-zones` are always set to ``no``, and :any:`rate-limit` is set to allow three responses per second. @@ -5386,8 +5380,6 @@ socket statistics), http://127.0.0.1:8888/json/v1/mem (memory manager statistics), http://127.0.0.1:8888/json/v1/tasks (task manager statistics), and http://127.0.0.1:8888/json/v1/traffic (traffic sizes). -.. _tls: - :any:`tls` Block Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: tls @@ -5398,7 +5390,7 @@ statistics), and http://127.0.0.1:8888/json/v1/traffic (traffic sizes). The :any:`tls` statement is used to configure a TLS connection; this configuration can then be referenced by a :any:`listen-on` or :any:`listen-on-v6` statement to cause :iscman:`named` to listen for incoming requests via TLS, -or in the :any:`primaries` statement for a zone of type :any:`secondary` to +or in the :any:`primaries` statement for a zone of :any:`type secondary` to cause zone transfer requests to be sent via TLS. :any:`tls` can only be set at the top level of :iscman:`named.conf`. @@ -5571,8 +5563,6 @@ might be considered acceptable for most practical purposes. Mutual TLS has the advantage of not requiring TSIG and thus, not having security issues related to shared cryptographic secrets. -.. _http: - :any:`http` Block Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: http @@ -5625,14 +5615,10 @@ all local addresses: }; -.. _trust_anchors: - :any:`trust-anchors` Block Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trust-anchors -.. _trust-anchors: - :any:`trust-anchors` Block Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -6038,34 +6024,26 @@ The following options apply to DS queries sent to :any:`parental-agents`: This option acts like :any:`parental-source`, but applies to parental DS queries sent to IPv6 addresses. -.. _managed-keys: - :any:`managed-keys` Block Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: managed-keys -.. _managed_keys: - :any:`managed-keys` Block Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The :any:`managed-keys` statement has been -deprecated in favor of :ref:`trust_anchors` +deprecated in favor of :any:`trust-anchors` with the ``initial-key`` keyword. -.. _trusted-keys: - :any:`trusted-keys` Block Grammar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. namedconf:statement:: trusted-keys -.. _trusted_keys: - :any:`trusted-keys` Block Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The :any:`trusted-keys` statement has been deprecated in favor of -:ref:`trust_anchors` with the ``static-key`` keyword. +:any:`trust-anchors` with the ``static-key`` keyword. .. _view_statement_grammar: @@ -6188,10 +6166,6 @@ Here is an example of a typical split DNS setup implemented using :any:`zone` Block Definition and Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. _zone_types: - -.. _type: - Zone Types ^^^^^^^^^^ .. namedconf:statement:: type @@ -6199,20 +6173,22 @@ Zone Types The :any:`type` keyword is required for the :any:`zone` configuration unless it is an :any:`in-view` configuration. Its acceptable values are: - :any:`primary` (or ``master``), :any:`secondary` (or ``slave``), :any:`mirror`, - :any:`hint`, :any:`stub`, :any:`static-stub`, :any:`forward`, :any:`redirect`, - or :any:`delegation-only`. + :any:`primary ` (or ``master``), :any:`secondary ` (or ``slave``), :any:`mirror `, :any:`hint `, :any:`stub `, :any:`static-stub `, + :any:`forward `, :any:`redirect `, or + :any:`delegation-only `. .. namedconf:statement:: type primary A primary zone has a master copy of the data for the zone and is able to provide authoritative answers for it. Type ``master`` is a synonym - for :any:`primary`. + for :any:`primary `. .. namedconf:statement:: type secondary A secondary zone is a replica of a primary zone. Type ``slave`` is a - synonym for :any:`secondary`. The :any:`primaries` list specifies one or more IP + synonym for :any:`secondary `. The :any:`primaries` list specifies one or more IP addresses of primary servers that the secondary contacts to update its copy of the zone. Primaries list elements can also be names of other primaries lists. By default, @@ -6241,7 +6217,7 @@ Zone Types .. namedconf:statement:: type mirror - A mirror zone is similar to a zone of type :any:`secondary`, except its + A mirror zone is similar to a zone of :any:`type secondary`, except its data is subject to DNSSEC validation before being used in answers. Validation is applied to the entire zone during the zone transfer process, and again when the zone file is loaded from disk upon @@ -6255,7 +6231,7 @@ Zone Types have recursion enabled. Answers coming from a mirror zone look almost exactly like answers - from a zone of type :any:`secondary`, with the notable exceptions that + from a zone of :any:`type secondary`, with the notable exceptions that the AA bit ("authoritative answer") is not set, and the AD bit ("authenticated data") is. @@ -6287,14 +6263,14 @@ Zone Types servers to be provided using the :any:`primaries` option (see :ref:`primaries_grammar` for details), and a key-signing key (KSK) for the specified zone to be explicitly configured as a trust anchor - (see :ref:`trust-anchors`). + (see :any:`trust-anchors`). When configuring NOTIFY for a mirror zone, only ``notify no;`` and ``notify explicit;`` can be used at the zone level; any other - :any:`notify` setting at the zone level is a configuration error. Using - any other :any:`notify` setting at the ``options`` or :any:`view` level + :namedconf:ref:`notify` setting at the zone level is a configuration error. Using + any other :namedconf:ref:`notify` setting at the ``options`` or :any:`view` level causes that setting to be overridden with ``notify explicit;`` for - the mirror zone. The global default for the :any:`notify` option is + the mirror zone. The global default for the :namedconf:ref:`notify` option is ``yes``, so mirror zones are by default configured with ``notify explicit;``. @@ -6386,7 +6362,7 @@ Zone Types is signed, no substitution occurs. To redirect all NXDOMAIN responses to 100.100.100.2 and - 2001:ffff:ffff::100.100.100.2, configure a type :any:`redirect` zone + 2001:ffff:ffff::100.100.100.2, configure a type :any:`redirect ` zone named ".", with the zone file containing wildcard records that point to the desired addresses: ``*. IN A 100.100.100.2`` and ``*. IN AAAA 2001:ffff:ffff::100.100.100.2``. @@ -6426,7 +6402,7 @@ Zone Types .. namedconf:statement:: in-view - When using multiple views, a :any:`primary` or :any:`secondary` zone configured + When using multiple views, a :any:`type primary` or :any:`type secondary` zone configured in one view can be referenced in a subsequent view. This allows both views to use the same zone without the overhead of loading it more than once. This is configured using a :any:`zone` statement, with an :any:`in-view` option @@ -6480,7 +6456,7 @@ Zone Options See the description of :any:`allow-update-forwarding` in :ref:`access_control`. :any:`also-notify` - This option is only meaningful if :any:`notify` is active for this zone. The set of + This option is only meaningful if :namedconf:ref:`notify` is active for this zone. The set of machines that receive a ``DNS NOTIFY`` message for this zone is made up of all the listed name servers (other than the primary) for the zone, plus any IP addresses specified with @@ -6494,8 +6470,8 @@ Zone Options This option is used to restrict the character set and syntax of certain domain names in primary files and/or DNS responses received from the network. The default varies according to zone type. For - :any:`primary` zones the default is ``fail``; for :any:`secondary` zones the - default is ``warn``. It is not implemented for :any:`hint` zones. + :any:`primary ` zones the default is ``fail``; for :any:`secondary ` zones the + default is ``warn``. It is not implemented for :any:`hint ` zones. :any:`check-mx` See the description of :any:`check-mx` in :ref:`boolean_options`. @@ -6563,9 +6539,9 @@ Zone Options .. namedconf:statement:: file - This sets the zone's filename. In :any:`primary`, :any:`hint`, and :any:`redirect` + This sets the zone's filename. In :any:`primary `, :any:`hint `, and :any:`redirect ` zones which do not have :any:`primaries` defined, zone data is loaded from - this file. In :any:`secondary`, :any:`mirror`, :any:`stub`, and :any:`redirect` zones + this file. In :any:`secondary `, :any:`mirror `, :any:`stub `, and :any:`redirect ` zones which do have :any:`primaries` defined, zone data is retrieved from another server and saved in this file. This option is not applicable to other zone types. @@ -6584,7 +6560,7 @@ Zone Options This allows the default journal's filename to be overridden. The default is the zone's filename with "``.jnl``" appended. This is applicable to - :any:`primary` and :any:`secondary` zones. + :any:`primary ` and :any:`secondary ` zones. :any:`max-ixfr-ratio` See the description of :any:`max-ixfr-ratio` in :ref:`options`. @@ -6607,8 +6583,8 @@ Zone Options :any:`max-transfer-idle-out` See the description of :any:`max-transfer-idle-out` in :ref:`zone_transfers`. -:any:`notify` - See the description of :any:`notify` in :ref:`boolean_options`. +:namedconf:ref:`notify` + See the description of :namedconf:ref:`notify` in :ref:`boolean_options`. :any:`notify-delay` See the description of :any:`notify-delay` in :ref:`tuning`. @@ -6710,7 +6686,7 @@ Zone Options :any:`ixfr-from-differences` See the description of :any:`ixfr-from-differences` in :ref:`boolean_options`. - (Note that the :any:`ixfr-from-differences` choices of :any:`primary` and :any:`secondary` + (Note that the :any:`ixfr-from-differences` choices of :any:`primary ` and :any:`secondary ` are not available at the zone level.) :any:`key-directory` @@ -6777,8 +6753,8 @@ the zone's filename, unless :any:`inline-signing` is enabled. cases, :any:`update-policy` rules only apply to key-based identities. There is no way to specify update permissions based on the client source address. - :any:`update-policy` rules are only meaningful for zones of type - :any:`primary`, and are not allowed in any other zone type. It is a + :any:`update-policy` rules are only meaningful for zones of + :any:`type primary`, and are not allowed in any other zone type. It is a configuration error to specify both :any:`allow-update` and :any:`update-policy` at the same time. diff --git a/doc/arm/zones.inc.rst b/doc/arm/zones.inc.rst index ba916e18f3..eb7cc4090e 100644 --- a/doc/arm/zones.inc.rst +++ b/doc/arm/zones.inc.rst @@ -38,7 +38,7 @@ The components of a Resource Record are: owner name The domain name where the RR is found. - type + RR type An encoded 16-bit value that specifies the type of the resource record. For a list of *types* of valid RRs, including those that have been obsoleted, please refer to `https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4`. diff --git a/doc/dnssec-guide/signing.rst b/doc/dnssec-guide/signing.rst index fbf03f29da..9469d1dbea 100644 --- a/doc/dnssec-guide/signing.rst +++ b/doc/dnssec-guide/signing.rst @@ -1348,7 +1348,7 @@ before a rollover depends on your organization's security policy. .. _advanced_discussions_automatic_dnssec-policy: Fully Automatic Signing With :any:`dnssec-policy` -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Since BIND 9.16, key management is fully integrated ingo :iscman:`named`. Managing the signing process and rolling of these keys has been described in diff --git a/doc/dnssec-guide/validation.rst b/doc/dnssec-guide/validation.rst index 88655a0a35..fa71497c47 100644 --- a/doc/dnssec-guide/validation.rst +++ b/doc/dnssec-guide/validation.rst @@ -373,7 +373,7 @@ take a closer look at what DNSSEC validation actually does, and some other optio .. _dnssec_validation_explained: :any:`dnssec-validation` -^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^ ::