From b390a8decd21f22ecb29fd090c1912dbc3e262da Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 16 May 2007 06:58:06 +0000 Subject: [PATCH] regen --- doc/arm/Bv9ARM.ch03.html | 8 +-- doc/arm/Bv9ARM.ch04.html | 72 ++++++++++---------- doc/arm/Bv9ARM.ch05.html | 6 +- doc/arm/Bv9ARM.ch06.html | 142 +++++++++++++++++++-------------------- doc/arm/Bv9ARM.ch07.html | 14 ++-- doc/arm/Bv9ARM.ch08.html | 18 ++--- doc/arm/Bv9ARM.ch09.html | 112 ++++++++++++++++-------------- doc/arm/Bv9ARM.html | 104 ++++++++++++++-------------- 8 files changed, 245 insertions(+), 231 deletions(-) diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 99f3d8d730..eb68593994 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -54,7 +54,7 @@
Name Server Operations
Tools for Use With the Name Server Daemon
-
Signals
+
Signals
@@ -226,7 +226,7 @@ options, see the dig man page.

and ease of use. By default, it converts between host names and Internet addresses, but its functionality can be extended with the use of options.

-

host [-aCdlrTwv] [-c class] [-N ndots] [-t type] [-W timeout] [-R retries] hostname [server]

+

host [-aCdlrTwv] [-c class] [-N ndots] [-t type] [-W timeout] [-R retries] [-4] [-6] hostname [server]

For more information and a list of available commands and options, see the host man page.

@@ -478,7 +478,7 @@ a rndc.key file and not modify

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can be sent using the kill command.

diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 2ce753e0f3..3e004cb7ac 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -49,29 +49,29 @@
Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
-
Example split DNS setup
+
Split DNS
+
Example split DNS setup
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format
@@ -169,7 +169,7 @@ of the server statement.

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a Split DNS setup. There are several reasons an organization @@ -187,7 +187,7 @@ on the Internet. Split DNS can also be used to allow mail from outside back in to the internal network.

-Example split DNS setup

+Example split DNS setup

Let's say a company named Example, Inc. (example.com) has several corporate sites that have an internal network with reserved @@ -376,13 +376,13 @@ for TSIG.

-y command line options.

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must be the same on both hosts.

-Automatic Generation

+Automatic Generation

The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys are easier to read. Note that the maximum key length is 512 bits; @@ -399,7 +399,7 @@ be used as the shared secret.

-Manual Generation

+Manual Generation

The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming the length is a multiple of 4 and only valid characters are used), @@ -410,13 +410,13 @@ a similar program to generate base-64 encoded data.

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc.

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

Imagine host1 and host 2 are both servers. The following is added to each server's named.conf file:

@@ -437,7 +437,7 @@ response is signed by the same key.

 
 

 

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

 
Since keys are shared between two hosts only, the server must
 be told when keys are to be used. The following is added to the named.conf file
 for host1, if the IP address of host2 is
@@ -460,7 +460,7 @@ sign request messages to host1.

 
 

 

-TSIG Key Based Access Control

+TSIG Key Based Access Control

 
BIND allows IP addresses and ranges to be specified in ACL
 definitions and
 allow-{ query | transfer | update } directives.
@@ -478,7 +478,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Errors

+Errors

 
The processing of TSIG signed messages can result in
       several errors. If a signed message is sent to a non-TSIG
       aware server, a FORMERR (format error) will be returned, since
@@ -501,7 +501,7 @@ allow-update { key host1-host2. ;};
 
 

 

-TKEY

+TKEY

 
TKEY is a mechanism for automatically
     generating a shared secret between two hosts.  There are several
     "modes" of TKEY that specify how the key is
@@ -528,7 +528,7 @@ allow-update { key host1-host2. ;};
 
 

 

-SIG(0)

+SIG(0)

 
BIND 9 partially supports DNSSEC SIG(0)
     transaction signatures as specified in RFC 2535 and RFC2931.  SIG(0)
     uses public/private keys to authenticate messages.  Access control
@@ -571,7 +571,7 @@ allow-update { key host1-host2. ;};
     zone key of another zone above this one in the DNS tree.

 

 

-Generating Keys

+Generating Keys

 
The dnssec-keygen program is used to
       generate keys.

 
A secure zone must contain one or more zone keys.  The
@@ -604,7 +604,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Signing the Zone

+Signing the Zone

 
The dnssec-signzone program is used to
       sign a zone.

 
Any keyset files corresponding
@@ -625,13 +625,13 @@ allow-update { key host1-host2. ;};
       input file for the zone.

 
dnssec-signzone will also produce a
       keyset and dsset files and optionally a dlvset file.  These
-      are used to provide the parent zone administators with the
+      are used to provide the parent zone administrators with the
       DNSKEYs (or their corresponding DS
       records) that are the secure entry point to the zone.

 
 

 

-Configuring Servers

+Configuring Servers

 

 	  To enable named to respond appropriately
 	  to DNS requests from DNSSEC aware clients,
@@ -717,7 +717,7 @@ options {
 
 

 

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

 
BIND 9 fully supports all currently defined forms of IPv6
     name to address and address to name lookups.  It will also use
     IPv6 addresses to make queries when running on an IPv6 capable
@@ -746,7 +746,7 @@ options {
     see the section called “IPv6 addresses (AAAA)”.

 

 

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

 
The AAAA record is a parallel to the IPv4 A record.  It
       specifies the entire address in a single record.  For
       example,

@@ -761,7 +761,7 @@ host            3600    IN      AAAA    2001:db8::1
 
 

 

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

 
When looking up an address in nibble format, the address
       components are simply reversed, just as in IPv4, and
       ip6.arpa. is appended to the resulting name.
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 0030db14db..8e90a45d9a 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,13 +45,13 @@
 

 
Table of Contents

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 

 

 

-The Lightweight Resolver Library

+The Lightweight Resolver Library

 
Traditionally applications have been linked with a stub resolver
 library that sends recursive DNS queries to a local caching name
 server.

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 087159ce89..e32ece1800 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,46 +48,46 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
 Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and Usage

-
include Statement Grammar

-
include Statement Definition and Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and Usage 

-
options Statement Grammar

+
include Statement Grammar

+
include Statement Definition and Usage

+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and Usage

+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and Usage 

+
options Statement Grammar

 
options Statement Definition and Usage

 
server Statement Grammar

 
server Statement Definition and Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
 	    and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
 Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 

 
 
@@ -244,7 +244,7 @@ are restricted to slave and stub zones.

 Address Match Lists
 

 

-Syntax

+Syntax

 
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -253,7 +253,7 @@ are restricted to slave and stub zones.

 
 

 

-Definition and Usage

+Definition and Usage

 
Address match lists are primarily used to determine access
 control for various server operations. They are also used in
 the listen-on and sortlist
@@ -303,14 +303,14 @@ other 1.2.3.* hosts fall through.

 
 

 

-Comment Syntax

+Comment Syntax

 
The BIND 9 comment syntax allows for comments to appear
 anywhere that whitespace may appear in a BIND configuration
 file. To appeal to programmers of all kinds, they can be written
 in the C, C++, or shell/perl style.

 

 

-Syntax

+Syntax

 
/* This is a BIND comment as in C */

 

 

@@ -323,7 +323,7 @@ in the C, C++, or shell/perl style.

 
 

 

-Definition and Usage

+Definition and Usage

 
Comments may appear anywhere that whitespace may appear in
 a BIND configuration file.

 
C-style comments start with the two characters /* (slash,
@@ -444,7 +444,7 @@ a per-server basis.

     configuration.

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name { 
     address_match_list 
 };
@@ -495,7 +495,7 @@ IPv6 addresses, just like localhost
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys {  key_list  };
@@ -600,12 +600,12 @@ statement: controls { };.
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and Usage

+include Statement Definition and Usage

 
The include statement inserts the
       specified file at the point where the include
       statement is encountered. The include
@@ -616,7 +616,7 @@ statement: controls { };.
 
 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -625,7 +625,7 @@ statement: controls { };.
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 
The key statement defines a shared
 secret key for use with TSIG (see the section called “TSIG”)
 or the command channel
@@ -657,7 +657,7 @@ string.

 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path name
@@ -681,7 +681,7 @@ string.

 
 

 

-logging Statement Definition and Usage

+logging Statement Definition and Usage

 
The logging statement configures a wide
 variety of logging options for the name server. Its channel phrase
 associates output methods, format options and severity levels with
@@ -704,7 +704,7 @@ channels, or to standard error if the "-g" option
 was specified.

 

 

-The channel Phrase

+The channel Phrase

 
All log output goes to one or more channels;
 you can make as many of them as you want.

 
Every channel definition must include a destination clause that
@@ -1019,7 +1019,7 @@ a delegation-only in a hint or stu
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 
 This is the grammar of the lwres
 statement in the named.conf file:

 
lwres {
@@ -1032,7 +1032,7 @@ statement in the named.conf file:

 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 
The lwres statement configures the name
 server to also act as a lightweight resolver server. (See
 the section called “Running a Resolver Daemon”.)  There may be multiple
@@ -1060,20 +1060,20 @@ exact match lookup before search path elements are appended.

 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] } ; 
 

 
 

 

-masters Statement Definition and Usage 

+masters Statement Definition and Usage 

 
masters lists allow for a common set of masters
 to be easily used by multiple stub and slave zones.

 
 

 

-options Statement Grammar

+options Statement Grammar

 
This is the grammar of the options
 statement in the named.conf file:

 
options {
@@ -1702,7 +1702,7 @@ IN-ADDR.ARPA, IP6.ARPA, or IP6.INT).
 
 

 

-Forwarding

+Forwarding

 
The forwarding facility can be used to create a large site-wide
 cache on a few servers, reducing traffic over links to external
 name servers. It can also be used to allow queries by servers that
@@ -1734,7 +1734,7 @@ Statement Grammar”.

 
 

 

-Dual-stack Servers

+Dual-stack Servers

 
Dual-stack servers are used as servers of last resort to work around
 problems in reachability due the lack of support for either IPv4 or IPv6
 on the host machine.

@@ -1815,7 +1815,7 @@ from these addresses will not be responded to. The default is 
 

-Interfaces

+Interfaces
 
The interfaces and ports that the server will answer queries
 from may be specified using the listen-on option. listen-on takes
 an optional port, and an address_match_list.
@@ -1865,7 +1865,7 @@ the server will not listen on any IPv6 address.

 
 

 

-Query Address

+Query Address

 
If the server doesn't know the answer to a question, it will
 query other name servers. query-source specifies
 the address and port used for such queries. For queries sent over
@@ -2056,7 +2056,7 @@ but applies to notify messages sent to IPv6 addresses.

 
 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 

 avoid-v4-udp-ports and avoid-v6-udp-ports
 specify a list of IPv4 and IPv6 UDP ports that will not be used as system
@@ -2069,7 +2069,7 @@ to query again.
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 
The server's usage of many system resources can be limited.
 Scaled values are allowed when specifying resource limits.  For
 example, 1G can be used instead of
@@ -2113,7 +2113,7 @@ may use. The default is default.

 
 

 

-Server  Resource Limits

+Server  Resource Limits

 
The following options set limits on the server's
 resource consumption that are enforced internally by the
 server rather than the operating system.

@@ -2167,7 +2167,7 @@ silently raised.
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 
The server will remove expired resource records
@@ -2662,7 +2662,7 @@ For more details, see the description of
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -2671,7 +2671,7 @@ For more details, see the description of
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
 	    and Usage

 

 	    The trusted-keys statement defines
@@ -2714,7 +2714,7 @@ For more details, see the description of
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 
The view statement is a powerful new feature
 of BIND 9 that lets a name server answer a DNS query differently
 depending on who is asking. It is particularly useful for implementing
@@ -2916,10 +2916,10 @@ zone zone_name [
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 
@@ -3032,7 +3032,7 @@ from forwarders.

 

-Class

+Class
The zone's name may optionally be followed by a class. If
 a class is not specified, class IN (for Internet),
 is assumed. This is correct for the vast majority of cases.

@@ -3042,12 +3042,12 @@ used to share information about various systems databases, such
 as users, groups, printers and so on. The keyword 
 HS is
 a synonym for hesiod.

-
Another MIT development is CHAOSnet, a LAN protocol created
+
Another MIT development is Chaosnet, a LAN protocol created
 in the mid-1970s. Zone data for it can be specified with the CHAOS class.

 

-Zone Options

+Zone Options

 
allow-notify

 
See the description of
@@ -3295,7 +3295,7 @@ name, the rules are checked for each existing record type.
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -3305,7 +3305,7 @@ Since the publication of RFC 1034, several new RRs have been identified
 and implemented in the DNS. These are also included.

 

 

-Resource Records

+Resource Records
A domain name identifies a node.  Each node has a set of
         resource information, which may be empty.  The set of resource
         information associated with a particular name is composed of
@@ -3524,7 +3524,7 @@ are currently valid in the DNS:

 
 

 
 
 
 
 
 
 
 
 
 

 
CH

 

-CHAOSnet, a LAN protocol created at MIT in the mid-1970s.
+Chaosnet, a LAN protocol created at MIT in the mid-1970s.
 Rarely used for its historical purpose, but reused for BIND's
 built-in server information zones, e.g.,
 version.bind.
@@ -3564,7 +3564,7 @@ used as "pointers" to other data in the DNS.

 
 

 

-Textual expression of RRs

+Textual expression of RRs

 
RRs are represented in binary form in the packets of the DNS
 protocol, and are usually represented in highly encoded form when
 stored in a name server or resolver.  In the examples provided in
@@ -3654,7 +3654,7 @@ each of a different class.

 
 

 

-Discussion of MX Records

+Discussion of MX Records

 
As described above, domain servers store information as a
 series of resource records, each of which contains a particular
 piece of information about a given domain name (which is usually,
@@ -3771,7 +3771,7 @@ can be explicitly specified, for example, 1h30m. 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

 
Reverse name resolution (that is, translation from IP address
 to name) is achieved by means of the in-addr.arpa domain
 and PTR records. Entries in the in-addr.arpa domain are made in
@@ -3802,14 +3802,14 @@ in the [example.com] domain:

 

 
Note

 
The $ORIGIN lines in the examples
-are for providing context to the examples only-they do not necessarily
+are for providing context to the examples only — they do not necessarily
 appear in the actual usage. They are only used here to indicate
 that the example is relative to the listed origin.

 

 
 

 

-Other Zone File Directives

+Other Zone File Directives

 
The Master File Format was initially defined in RFC 1035 and
 has subsequently been extended. While the Master File Format itself
 is class independent all records in a Master File must be of the same
@@ -3818,7 +3818,7 @@ class.

 and $TTL.

 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

 
Syntax: $ORIGIN
 domain-name [ comment]

 
$ORIGIN sets the domain name that will
@@ -3833,7 +3833,7 @@ WWW     CNAME   MAIN-SERVER
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

 
Syntax: $INCLUDE
 filename [
 origin ] [ comment ]

@@ -3857,7 +3857,7 @@ This could be construed as a deviation from RFC 1035, a feature, or both.
 
 

 

-The $TTL Directive

+The $TTL Directive

 
Syntax: $TTL
 default-ttl [
 comment ]

@@ -3868,7 +3868,7 @@ with undefined TTLs. Valid TTLs are of the range 0-2147483647 seconds.

 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

 
Syntax: $GENERATE range lhs [ttl] [class] type rhs [ comment ]

 
$GENERATE is used to create a series of
 resource records that only differ from each other by an iterator. $GENERATE can
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index b9837bfeee..781734c588 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,11 +46,11 @@
 
Table of Contents

 

 
Access Control Lists

-
Chroot and Setuid (for
+
Chroot and Setuid (for
 UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -102,7 +102,7 @@ see the AUSCERT advisory at
 
 

 

-Chroot and Setuid (for
+Chroot and Setuid (for
 UNIX servers)

 
On UNIX servers, it is possible to run BIND in a chrooted environment
 (using the chroot() function) by specifying the "-t"
@@ -117,7 +117,7 @@ user 202:

 
/usr/local/bin/named -u 202 -t /var/named

 

 

-The chroot Environment

+The chroot Environment

 
In order for a chroot environment to
 work properly in a particular directory
 (for example, /var/named),
@@ -142,7 +142,7 @@ to set up things like
 
 

 

-Using the setuid Function

+Using the setuid Function

 
Prior to running the named daemon, use
 the touch utility (to change file access and
 modification times) or the chown utility (to
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 446260ae73..7249486697 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

 

-Common Problems

+Common Problems

 

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

 
The best solution to solving installation and
       configuration issues is to take preventative measures by setting
       up logging files beforehand. The log files provide a
@@ -66,7 +66,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

 
Zone serial numbers are just numbers — they aren't date
     related.  A lot of people set them to a number that represents a
     date, usually of the form YYYYMMDDRR. A number of people
@@ -87,7 +87,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

 
The Internet Software Consortium (ISC) offers a wide range
     of support and service agreements for BIND and DHCP servers. Four
     levels of premium support are available and each level includes
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index aa5cd98493..26534b6d39 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -43,24 +43,24 @@
 

 
Table of Contents

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 

-A Brief History of the DNS and BIND
+A Brief History of the DNS and BIND
 

 
Although the "official" beginning of the Domain Name
       System occurred in 1984 with the publication of RFC 920, the
@@ -96,7 +96,7 @@ employee on loan to the CSRG, worked on BIND
 to 1987. Many other people also contributed to BIND development
 during that time: Doug Kingston, Craig Partridge, Smoot Carl-Mitchell,
 Mike Muuss, Jim Bloom and Mike Schwartz. BIND maintenance was subsequently
-handled by Mike Karels and O. Kure.

+handled by Mike Karels and Řivind Kure.

 
BIND versions 4.9 and 4.9.1 were released by Digital Equipment
 Corporation (now Compaq Computer Corporation). Paul Vixie, then
 a DEC employee, became BIND's primary caretaker. He was assisted
@@ -108,9 +108,23 @@ Wolfhugel, and others.

 Vixie became BIND's principal architect/programmer.

 
BIND versions from 4.9.3 onward have been developed and maintained
 by the Internet Software Consortium with support being provided
-by ISC's sponsors. As co-architects/programmers, Bob Halley and
+by ISC's sponsors.
+      

+
As co-architects/programmers, Bob Halley and
 Paul Vixie released the first production-ready version of BIND version
 8 in May 1997.

+

+	  BIND version 9 was released in September 2000 and is a
+	  major rewrite of nearly all aspects of the underlying
+	  BIND architecture.
+	  

+

+	  BIND version 4 is officially deprecated and BIND version
+	  8 development is considered maintenance-only in favor
+	  of BIND version 9. No additional development is done
+	  on BIND version 4 or BIND version 8 other than for
+	  security-related patches.
+	

 
BIND development work is made possible today by the sponsorship
 of several corporations, and by the tireless work efforts of numerous
 individuals.

@@ -263,17 +277,17 @@ the number of the RFC). RFCs are also available via the Web at
 

 

 

-Bibliography

+Bibliography

 

 
Standards

 

-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

 

 

-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

 

 

-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
 Specification. November 1987. 

 

 

@@ -281,22 +295,22 @@ Specification. November 1987. 

 

 Proposed Standards

 

-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS Specification. July 1997. 

+
[RFC2181] R., R. Bush Elz. Clarifications to the DNS Specification. July 1997. 

 

 

-
[RFC2308] M. Andrews. Negative Caching of DNS Queries. March 1998. 

+
[RFC2308] M. Andrews. Negative Caching of DNS Queries. March 1998. 

 

 

-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

 

 

-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

 

 

-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

 

 

-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

 

 
 

@@ -307,85 +321,85 @@ Specification. November 1987. 

 RFCs are undergoing major revision by the IETF.

 

 

-
[RFC1886] S. Thomson and C. Huitema. DNS Extensions to support IP version 6. December 1995. 

+
[RFC1886] S. Thomson and C. Huitema. DNS Extensions to support IP version 6. December 1995. 

 

 

-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

 

 

-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

 

 
 

 
Other Important RFCs About DNS Implementation

 

-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993. 

+
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely Deployed DNS Software.. October 1993. 

 

 

-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation Errors and Suggested Fixes. October 1993. 

+
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation Errors and Suggested Fixes. October 1993. 

 

 

-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

 

 

 

 
Resource Record Types

 

-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

 

 

-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

 

 

-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
 the Domain Name System. June 1997. 

 

 

-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the Domain
+
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the Domain
 Name System. January 1996. 

 

 

-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the Location of
+
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the Location of
 Services.. October 1996. 

 

 

-
[RFC2163] A. Allocchio. Using the Internet DNS to Distribute MIXER
+
[RFC2163] A. Allocchio. Using the Internet DNS to Distribute MIXER
 Conformant Global Address Mapping. January 1998. 

 

 

-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

 

 

 

 

 DNS and the Internet

 

-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names and Other Types. April 1989. 

+
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names and Other Types. April 1989. 

 

 

-
[RFC1123] Braden. Requirements for Internet Hosts - Application and Support. October 1989. 

+
[RFC1123] Braden. Requirements for Internet Hosts - Application and Support. October 1989. 

 

 

-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

 

 

-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

 

 

 

 

 DNS Operations

 

-
[RFC1537] P. Beertema. Common DNS Data File Configuration Errors. October 1993. 

+
[RFC1537] P. Beertema. Common DNS Data File Configuration Errors. October 1993. 

 

 

-
[RFC1912] D. Barr. Common DNS Operational and Configuration Errors. February 1996. 

+
[RFC1912] D. Barr. Common DNS Operational and Configuration Errors. February 1996. 

 

 

-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

 

 

-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for Network Services.. October 1997. 

+
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for Network Services.. October 1997. 

 

 

 

@@ -396,28 +410,28 @@ Conformant Global Address Mapping. January 1998
 DNS-related, are not concerned with implementing software.

 

 

-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String Attributes. May 1993. 

+
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String Attributes. May 1993. 

 

 

-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

 

 

-
[RFC1794] T. Brisco. DNS Support for Load Balancing. April 1995. 

+
[RFC1794] T. Brisco. DNS Support for Load Balancing. April 1995. 

 

 

-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

 

 

-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

 

 

-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

 

 
 

 
Obsolete and Unimplemented Experimental RRs

 

-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
 Location. November 1994. 

 

 

@@ -437,14 +451,14 @@ after which they are deleted unless updated by their authors.
 
 

 

-Other Documents About BIND
+Other Documents About BIND
 

 

 

 

-Bibliography

+Bibliography

 

-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

 

 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 87ef41d2ff..eb00094a81 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -83,7 +83,7 @@
 
Name Server Operations

 

 
Tools for Use With the Name Server Daemon

-
Signals

+
Signals

 

 
 
4. Advanced DNS Features

@@ -92,34 +92,34 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

-
Example split DNS setup

+
Split DNS

+
Example split DNS setup

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
 
5. The BIND 9 Lightweight Resolver

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 
6. BIND 9 Configuration Reference

@@ -127,77 +127,77 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
 Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and Usage

-
include Statement Grammar

-
include Statement Definition and Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and Usage 

-
options Statement Grammar

+
include Statement Grammar

+
include Statement Definition and Usage

+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and Usage

+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and Usage 

+
options Statement Grammar

 
options Statement Definition and Usage

 
server Statement Grammar

 
server Statement Definition and Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
 	    and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
 Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 

 
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid (for
+
Chroot and Setuid (for
 UNIX servers)

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

-
Acknowledgments

-
A Brief History of the DNS and BIND

+
Acknowledgments

+
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND