Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
9a8f76e2
Commit
9a8f76e2
authored
May 08, 2007
by
Mark Andrews
Browse files
minor documentation fixes from Jeremy [RT #16855]
parent
1f5cf264
Changes
1
Hide whitespace changes
Inline
Side-by-side
doc/arm/Bv9ARM-book.xml
View file @
9a8f76e2
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.3
19
2007/0
4/26
0
6
:1
4:26
marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.3
20
2007/0
5/08
0
0
:1
9:55
marka Exp $ -->
<book
xmlns:xi=
"http://www.w3.org/2001/XInclude"
>
<title>
BIND 9 Administrator Reference Manual
</title>
...
...
@@ -91,8 +91,8 @@
security considerations, and
<emphasis>
Section 8
</emphasis>
contains troubleshooting help. The
main body of the document is followed by several
<emphasis>
A
ppendices
</emphasis>
which contain useful reference
information, such as a
<emphasis>
B
ibliography
</emphasis>
and
<emphasis>
a
ppendices
</emphasis>
which contain useful reference
information, such as a
<emphasis>
b
ibliography
</emphasis>
and
historic information related to
<acronym>
BIND
</acronym>
and the Domain Name
System.
...
...
@@ -229,8 +229,8 @@
<title>
The Domain Name System (
<acronym>
DNS
</acronym>
)
</title>
<para>
The purpose of this document is to explain the installation
and upkeep of the
<acronym>
BIND
</acronym>
software
package, and we
and upkeep of the
<acronym>
BIND
</acronym>
(Berkeley Internet
Name Domain) software
package, and we
begin by reviewing the fundamentals of the Domain Name System
(
<acronym>
DNS
</acronym>
) as they relate to
<acronym>
BIND
</acronym>
.
</para>
...
...
@@ -1085,6 +1085,12 @@ zone "eng.example.com" {
(
<command>
rndc
</command>
) program allows the
system
administrator to control the operation of a name server.
Since
<acronym>
BIND
</acronym>
9.2,
<command>
rndc
</command>
supports all the commands of the BIND 8
<command>
ndc
</command>
utility except
<command>
ndc start
</command>
and
<command>
ndc restart
</command>
, which were also
not supported in
<command>
ndc
</command>
's
channel mode.
If you run
<command>
rndc
</command>
without any
options
it will display a usage message as follows:
...
...
@@ -1356,15 +1362,6 @@ zone "eng.example.com" {
</variablelist>
<para>
In
<acronym>
BIND
</acronym>
9.2,
<command>
rndc
</command>
supports all the commands of the BIND 8
<command>
ndc
</command>
utility except
<command>
ndc start
</command>
and
<command>
ndc restart
</command>
, which were also
not supported in
<command>
ndc
</command>
's
channel mode.
</para>
<para>
A configuration file is required, since all
communication with the server is authenticated with
...
...
@@ -1758,9 +1755,8 @@ controls {
on the Internet. Split DNS can also be used to allow mail from outside
back in to the internal network.
</para>
<para>
Here is an example of a split DNS setup:
</para>
<sect2>
<title>
Example split DNS setup
</title>
<para>
Let's say a company named
<emphasis>
Example, Inc.
</emphasis>
(
<literal>
example.com
</literal>
)
...
...
@@ -1995,6 +1991,7 @@ nameserver 172.16.72.3
nameserver 172.16.72.4
</programlisting>
</sect2>
</sect1>
<sect1
id=
"tsig"
>
<title>
TSIG
</title>
...
...
@@ -2193,7 +2190,7 @@ allow-update { key host1-host2. ;};
outside of the allowed range, the response will be signed with
the TSIG extended error code set to BADTIME, and the time values
will be adjusted so that the response can be successfully
verified. In any of these cases, the message's rcode is set to
verified. In any of these cases, the message's rcode
(response code)
is set to
NOTAUTH (not authenticated).
</para>
...
...
@@ -2272,7 +2269,7 @@ allow-update { key host1-host2. ;};
<para>
Cryptographic authentication of DNS information is possible
through the DNS Security (
<emphasis>
DNSSEC-bis
</emphasis>
) extensions,
defined in RFC 4033, RFC 4034 and RFC 4035.
defined in RFC 4033, RFC 4034
,
and RFC 4035.
This section describes the creation and use of DNSSEC signed zones.
</para>
...
...
@@ -2340,7 +2337,7 @@ allow-update { key host1-host2. ;};
<filename>
Kchild.example.+005+12345.key
</filename>
and
<filename>
Kchild.example.+005+12345.private
</filename>
(where
12345 is an example of a key tag). The key file
names contain
12345 is an example of a key tag). The key filenames contain
the key name (
<filename>
child.example.
</filename>
),
algorithm (3
is DSA, 1 is RSAMD5, 5 is RSASHA1, etc.), and the key tag (12345 in
...
...
@@ -2842,7 +2839,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<entry
colname=
"2"
>
<para>
An IP port
<varname>
number
</varname>
.
<varname>
number
</varname>
is limited to 0
The
<varname>
number
</varname>
is limited to 0
through 65535, with values
below 1024 typically restricted to use by processes running
as root.
...
...
@@ -3120,7 +3117,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<para>
The
<acronym>
BIND
</acronym>
9 comment syntax allows for
comments to appear
anywhere that white
space may appear in a
<acronym>
BIND
</acronym>
configuration
anywhere that whitespace may appear in a
<acronym>
BIND
</acronym>
configuration
file. To appeal to programmers of all kinds, they can be written
in the C, C++, or shell/perl style.
</para>
...
...
@@ -3137,7 +3134,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<sect3>
<title>
Definition and Usage
</title>
<para>
Comments may appear anywhere that white
space may appear in
Comments may appear anywhere that whitespace may appear in
a
<acronym>
BIND
</acronym>
configuration file.
</para>
<para>
...
...
@@ -4207,7 +4204,7 @@ category notify { null; };
</para>
<para>
t
he query log entry reports the client's IP
T
he query log entry reports the client's IP
address and port number, and the query name,
class and type. It also reports whether the
Recursion Desired flag was set (+ if set, -
...
...
@@ -4303,7 +4300,7 @@ category notify { null; };
The
<command>
lwres
</command>
statement configures the
name
server to also act as a lightweight resolver server. (See
<xref
linkend=
"lwresd"
/>
.) There may be
be
multiple
<xref
linkend=
"lwresd"
/>
.) There may be multiple
<command>
lwres
</command>
statements configuring
lightweight resolver servers with different properties.
</para>
...
...
@@ -4697,7 +4694,7 @@ category notify { null; };
name server. Specifying
<command>
pid-file none
</command>
disables the
use of a PID file
—
no file will be written and any
existing one will be removed. Note that
<command>
none
</command>
is a keyword, not a file
name, and therefore is not enclosed
is a keyword, not a filename, and therefore is not enclosed
in
double quotes.
</para>
...
...
@@ -5326,7 +5323,7 @@ options {
<para>
<emphasis>
This option is obsolete
</emphasis>
.
If you need to disable IXFR to a particular server or
servers see
servers
,
see
the information on the
<command>
provide-ixfr
</command>
option
in
<xref
linkend=
"server_statement_definition_and_usage"
/>
.
See also
...
...
@@ -5560,6 +5557,7 @@ options {
<para>
Accept expired signatures when verifying DNSSEC signatures.
The default is
<userinput>
no
</userinput>
.
Setting this option to "yes" leaves named vulnerable to replay attacks.
</para>
</listitem>
</varlistentry>
...
...
@@ -5603,7 +5601,7 @@ options {
and MX records.
It also applies to the RDATA of PTR records where the owner
name indicated that it is a reverse lookup of a hostname
(the owner name ends in IN-ADDR.ARPA, IP6.ARPA or IP6.INT).
(the owner name ends in IN-ADDR.ARPA, IP6.ARPA
,
or IP6.INT).
</para>
</listitem>
</varlistentry>
...
...
@@ -5728,7 +5726,8 @@ options {
<listitem>
<para>
Try to refresh the zone using TCP if UDP queries fail.
The default is
<command>
yes
</command>
.
For BIND 8 compatibility, the default is
<command>
yes
</command>
.
</para>
</listitem>
</varlistentry>
...
...
@@ -5910,6 +5909,12 @@ options {
<command>
localnets
</command>
and
<command>
localhost
</command>
.
</para>
<para>
The way to set query access to the cache is now via
<command>
allow-query-cache
</command>
.
This differs from earlier versions which used
<command>
allow-query
</command>
.
</para>
</listitem>
</varlistentry>
...
...
@@ -6819,7 +6824,7 @@ query-source-v6 address * port *;
</para><note>
<simpara>
Not yet implemented in
<acronym>
BIND
</acronym>
9.
<acronym>
BIND
</acronym>
9.
</simpara>
</note>
</listitem>
...
...
@@ -7206,7 +7211,7 @@ query-source-v6 address * port *;
values are 512 to 4096 (values outside this range
will be silently adjusted). The default value is
4096. The usual reason for setting edns-udp-size to
a non-default value i
t
to get UDP answers to pass
a non-default value i
s
to get UDP answers to pass
through broken firewalls that block fragmented
packets and/or block UDP packets that are greater
than 512 bytes.
...
...
@@ -7226,6 +7231,8 @@ query-source-v6 address * port *;
answers to pass through broken firewalls that
block fragmented packets and/or block UDP packets
that are greater than 512 bytes.
This is independent of the advertised receive
buffer (
<command>
edns-udp-size
</command>
).
</para>
</listitem>
</varlistentry>
...
...
@@ -7443,10 +7450,10 @@ query-source-v6 address * port *;
If you are using the address ranges covered here, you should
already have reverse zones covering the addresses you use.
In practice this appears to not be the case with many queries
being made to the infr
u
structure servers for names in these
being made to the infr
a
structure servers for names in these
spaces. So many in fact that sacrificial servers were needed
to be deployed to channel the query load away from the
infr
u
structure servers.
infr
a
structure servers.
</para>
<note>
The real parent servers for these zones should disable all
...
...
@@ -8340,7 +8347,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
numbers (in the
tens or hundreds of thousands) of zones per server, it
is best to
use a two-level naming scheme for zone file
names. For
use a two-level naming scheme for zone filenames. For
example,
a slave server for the zone
<literal>
example.com
</literal>
might place
the zone contents into a file called
...
...
@@ -8806,8 +8813,8 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<term><command>
journal
</command></term>
<listitem>
<para>
Allow the default journal's file
name to be overridden.
The default is the zone's file with "
<filename>
.jnl
</filename>
" appended.
Allow the default journal's filename to be overridden.
The default is the zone's file
name
with "
<filename>
.jnl
</filename>
" appended.
This is applicable to
<command>
master
</command>
and
<command>
slave
</command>
zones.
</para>
</listitem>
...
...
@@ -10566,14 +10573,14 @@ $GENERATE 1-127 $ CNAME $.0</programlisting>
<para><command>
lhs
</command></para>
</entry>
<entry
colname=
"2"
>
<para>
<command>
lhs
</command>
<para>
This
describes the owner name of the resource records
to be created. Any single
<command>
$
</command>
(dollar sign)
symbols within the
<command>
lhs
</command>
side
are replaced by the iterator value.
To get a $ in the output you need to escape the
To get a $ in the output
,
you need to escape the
<command>
$
</command>
using a backslash
<command>
\
</command>
,
e.g.
<command>
\$
</command>
. The
...
...
@@ -10582,7 +10589,7 @@ $GENERATE 1-127 $ CNAME $.0</programlisting>
iterator, field width and base.
Modifiers are introduced by a
<command>
{
</command>
immediately following the
<command>
{
</command>
(left brace)
immediately following the
<command>
$
</command>
as
<command>
${offset[,width[,base]]}
</command>
.
For example,
<command>
${-20,3,d}
</command>
...
...
@@ -10655,7 +10662,7 @@ $GENERATE 1-127 $ CNAME $.0</programlisting>
</entry>
<entry
colname=
"2"
>
<para>
A
domain name. It is processed
<command>
rhs
</command>
is a
domain name. It is processed
similarly to lhs.
</para>
</entry>
...
...
@@ -10783,7 +10790,7 @@ zone "example.com" {
</para>
</sect1>
<sect1>
<title><command>
c
hroot
</command>
and
<command>
s
etuid
</command></title>
<title><command>
C
hroot
</command>
and
<command>
S
etuid
</command></title>
<para>
On UNIX servers, it is possible to run
<acronym>
BIND
</acronym>
in a
<emphasis>
chrooted
</emphasis>
environment
(using the
<command>
chroot()
</command>
function) by specifying the "
<option>
-t
</option>
"
...
...
@@ -10822,7 +10829,7 @@ zone "example.com" {
for this.
</para>
<para>
Unlike with earlier versions of BIND, you
will
typically
Unlike with earlier versions of BIND, you typically
will
<emphasis>
not
</emphasis>
need to compile
<command>
named
</command>
statically nor install shared libraries under the new root.
However, depending on your operating system, you may need
...
...
@@ -11045,7 +11052,7 @@ zone "example.com" {
Wolfhugel, and others.
</para>
<para>
<acronym>
BIND
</acronym>
version 4.9.2 was sponsored by
In 1994,
<acronym>
BIND
</acronym>
version 4.9.2 was sponsored by
Vixie Enterprises. Paul
Vixie became
<acronym>
BIND
</acronym>
's principal
architect/programmer.
...
...
@@ -11079,7 +11086,8 @@ zone "example.com" {
<emphasis>
Anycast
</emphasis>
,
an identifier for a set of interfaces; and
<emphasis>
Multicast
</emphasis>
,
an identifier for a set of interfaces. Here we describe the global
Unicast address scheme. For more information, see RFC 3587.
Unicast address scheme. For more information, see RFC 3587,
"Global Unicast Address Format."
</para>
<para>
IPv6 unicast addresses consist of a
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment