Commit deb57872 authored by Tinderbox User's avatar Tinderbox User

Merge branch 'prep-release' into v9_17_1-release

parents 37eb17dd 27df67ca
Pipeline #39274 canceled with stages
in 9 seconds
--- 9.17.1 released ---
5383. [func] Add a quota attach function with a callback and clean up
the isc_quota API. [GL !3280]
......
......@@ -39,7 +39,7 @@
host \- DNS lookup utility
.SH "SYNOPSIS"
.HP \w'\fBhost\fR\ 'u
\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
.SH "DESCRIPTION"
.PP
\fBhost\fR
......@@ -138,6 +138,11 @@ directive in
/etc/resolv\&.conf\&.
.RE
.PP
\-p \fIport\fR
.RS 4
Specify the port on the server to query\&. The default is 53\&.
.RE
.PP
\-r
.RS 4
Non\-recursive query: Setting this option clears the RD (recursion desired) bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
......
......@@ -36,6 +36,7 @@
[<code class="option">-aACdlnrsTUwv</code>]
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>]
[<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
[<code class="option">-R <em class="replaceable"><code>number</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
[<code class="option">-W <em class="replaceable"><code>wait</code></em></code>]
......@@ -165,6 +166,12 @@
in <code class="filename">/etc/resolv.conf</code>.
</p>
</dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd>
<p>
Specify the port on the server to query. The default is 53.
</p>
</dd>
<dt><span class="term">-r</span></dt>
<dd>
<p>
......
......@@ -719,7 +719,10 @@ ret=0
$RNDCCMD 10.53.0.3 addzone "test4.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 addzone "test5.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 addzone '"test/.baz"' '{ type master; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 addzone '"test\".baz"' '{ type master; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
# FIXME: This check triggers a known issue in non-LMDB BIND builds
if [ -n "${NZD}" ]; then
$RNDCCMD 10.53.0.3 addzone '"test\".baz"' '{ type master; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
fi
$PERL $SYSTEMTESTTOP/stop.pl addzone ns3
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} addzone ns3 || ret=1
retry_quiet 10 _check_version_bind || ret=1
......
......@@ -614,6 +614,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.0 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.1 (Development Release)</p>
</body>
</html>
......@@ -10,7 +10,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 2. BIND Resource Requirements</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction">
......@@ -43,16 +43,17 @@
<dt><span class="section"><a href="Bv9ARM.ch02.html#supported_os">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="hw_req"></a>Hardware requirements</h2></div></div></div>
<p>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
For many installations, servers that have been pensioned off from
active duty have performed admirably as <acronym class="acronym">DNS</acronym> servers.
</p>
<p>
<p>
The DNSSEC features of <acronym class="acronym">BIND</acronym> 9
may prove to be quite
CPU intensive however, so organizations that make heavy use of these
......@@ -61,22 +62,22 @@
full utilization of
multiprocessor systems for installations that need it.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="cpu_req"></a>CPU Requirements</h2></div></div></div>
<p>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i386-class machines
for serving of static zones without caching, to enterprise-class
machines if you intend to process many dynamic updates and DNSSEC
signed zones, serving many thousands of queries per second.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="mem_req"></a>Memory Requirements</h2></div></div></div>
<p>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span class="command"><strong>max-cache-size</strong></span>
option can be used to limit the amount of memory used by the cache,
......@@ -90,11 +91,14 @@
a relatively stable size where entries are expiring from the cache as
fast as they are being inserted.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="intensive_env"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
any second-level internal name servers query a main name server, which
......@@ -107,11 +111,13 @@
this has the disadvantage of making many more external queries,
as none of the name servers share their cached data.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="supported_os"></a>Supported Operating Systems</h2></div></div></div>
<p>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
of Unix-like operating systems and on
......@@ -121,8 +127,8 @@
directory
of the BIND 9 source distribution.
</p>
</div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
......@@ -140,6 +146,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.0 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.1 (Development Release)</p>
</body>
</html>
This diff is collapsed.
......@@ -2928,6 +2928,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.0 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.1 (Development Release)</p>
</body>
</html>
This diff is collapsed.
......@@ -10,7 +10,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 6. BIND 9 Security Considerations</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter 5. BIND 9 Configuration Reference">
......@@ -45,10 +45,12 @@
<dt><span class="section"><a href="Bv9ARM.ch06.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
</div>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="Access_Control_Lists"></a>Access Control Lists</h2></div></div></div>
<p>
<p>
Access Control Lists (ACLs) are address match lists that
you can set up and nickname for future use in
<span class="command"><strong>allow-notify</strong></span>, <span class="command"><strong>allow-query</strong></span>,
......@@ -56,26 +58,27 @@
<span class="command"><strong>blackhole</strong></span>, <span class="command"><strong>allow-transfer</strong></span>,
<span class="command"><strong>match-clients</strong></span>, etc.
</p>
<p>
<p>
Using ACLs allows you to have finer control over who can access
your name server, without cluttering up your config files with huge
lists of IP addresses.
</p>
<p>
<p>
It is a <span class="emphasis"><em>good idea</em></span> to use ACLs, and to
control access to your server. Limiting access to your server by
outside parties can help prevent spoofing and denial of service
(DoS) attacks against your server.
</p>
<p>
<p>
ACLs match clients on the basis of up to three characteristics:
1) The client's IP address; 2) the TSIG or SIG(0) key that was
used to sign the request, if any; and 3) an address prefix
encoded in an EDNS Client Subnet option, if any.
</p>
<p>
<p>
Here is an example of ACLs based on client addresses:
</p>
<pre class="programlisting">
// Set up an ACL named "bogusnets" that will block
// RFC1918 space and some reserved space, which is
......@@ -104,32 +107,33 @@ zone "example.com" {
allow-query { any; };
};
</pre>
<p>
<p>
This allows authoritative queries for "example.com" from any
address, but recursive queries only from the networks specified
in "our-nets", and no queries at all from the networks
specified in "bogusnets".
</p>
<p>
<p>
In addition to network addresses and prefixes, which are
matched against the source address of the DNS request, ACLs
may include <code class="option">key</code> elements, which specify the
name of a TSIG or SIG(0) key.
</p>
<p>
<p>
When <acronym class="acronym">BIND</acronym> 9 is built with GeoIP support,
ACLs can also be used for geographic access restrictions.
This is done by specifying an ACL element of the form:
<span class="command"><strong>geoip [<span class="optional">db <em class="replaceable"><code>database</code></em></span>] <em class="replaceable"><code>field</code></em> <em class="replaceable"><code>value</code></em></strong></span>
</p>
<p>
<p>
The <em class="replaceable"><code>field</code></em> indicates which field
to search for a match. Available fields are "country",
"region", "city", "continent", "postal" (postal code),
"metro" (metro code), "area" (area code), "tz" (timezone),
"isp", "asnum", and "domain".
</p>
<p>
<p>
<em class="replaceable"><code>value</code></em> is the value to search
for within the database. A string may be quoted if it
contains spaces or other special characters. An "asnum"
......@@ -144,7 +148,7 @@ zone "example.com" {
abbreviation; otherwise it treated as the full name of the
state or province.
</p>
<p>
<p>
The <em class="replaceable"><code>database</code></em> field indicates which
GeoIP database to search for a match. In most cases this is
unnecessary, because most search fields can only be found in
......@@ -159,10 +163,10 @@ zone "example.com" {
is installed, in that order. Valid database names are
"country", "city", "asnum", "isp", and "domain".
</p>
<p>
<p>
Some example GeoIP ACLs:
</p>
<pre class="programlisting">geoip country US;
<pre class="programlisting">geoip country US;
geoip country JP;
geoip db country country Canada;
geoip region WA;
......@@ -172,7 +176,8 @@ geoip postal 95062;
geoip tz "America/Los_Angeles";
geoip org "Internet Systems Consortium";
</pre>
<p>
<p>
ACLs use a "first-match" logic rather than "best-match":
if an address prefix matches an ACL element, then that ACL
is considered to have matched even if a later element would
......@@ -182,7 +187,7 @@ geoip org "Internet Systems Consortium";
indicated that the query should be accepted, and the second
element is ignored.
</p>
<p>
<p>
When using "nested" ACLs (that is, ACLs included or referenced
within other ACLs), a negative match of a nested ACL will
the containing ACL to continue looking for matches. This
......@@ -192,10 +197,10 @@ geoip org "Internet Systems Consortium";
it originates from a particular network <span class="emphasis"><em>and</em></span>
only when it is signed with a particular key, use:
</p>
<pre class="programlisting">
<pre class="programlisting">
allow-query { !{ !10/8; any; }; key example; };
</pre>
<p>
<p>
Within the nested ACL, any address that is
<span class="emphasis"><em>not</em></span> in the 10/8 network prefix will
be rejected, and this will terminate processing of the
......@@ -207,12 +212,14 @@ allow-query { !{ !10/8; any; }; key example; };
will only matches when <span class="emphasis"><em>both</em></span> conditions
are true.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="chroot_and_setuid"></a><span class="command"><strong>Chroot</strong></span> and <span class="command"><strong>Setuid</strong></span>
</h2></div></div></div>
<p>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
in a <span class="emphasis"><em>chrooted</em></span> environment (using
the <span class="command"><strong>chroot()</strong></span> function) by specifying
......@@ -221,23 +228,25 @@ allow-query { !{ !10/8; any; }; key example; };
<acronym class="acronym">BIND</acronym> in a "sandbox", which will limit
the damage done if a server is compromised.
</p>
<p>
<p>
Another useful feature in the UNIX version of <acronym class="acronym">BIND</acronym> is the
ability to run the daemon as an unprivileged user ( <code class="option">-u</code> <em class="replaceable"><code>user</code></em> ).
We suggest running as an unprivileged user when using the <span class="command"><strong>chroot</strong></span> feature.
</p>
<p>
<p>
Here is an example command line to load <acronym class="acronym">BIND</acronym> in a <span class="command"><strong>chroot</strong></span> sandbox,
<span class="command"><strong>/var/named</strong></span>, and to run <span class="command"><strong>named</strong></span> <span class="command"><strong>setuid</strong></span> to
user 202:
</p>
<p>
<p>
<strong class="userinput"><code>/usr/local/sbin/named -u 202 -t /var/named</code></strong>
</p>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="chroot"></a>The <span class="command"><strong>chroot</strong></span> Environment</h3></div></div></div>
<p>
<p>
In order for a <span class="command"><strong>chroot</strong></span> environment
to work properly in a particular directory (for example,
<code class="filename">/var/named</code>), you will need to set
......@@ -249,7 +258,7 @@ allow-query { !{ !10/8; any; }; key example; };
options like <span class="command"><strong>directory</strong></span> and
<span class="command"><strong>pid-file</strong></span> to account for this.
</p>
<p>
<p>
Unlike with earlier versions of BIND, you typically will
<span class="emphasis"><em>not</em></span> need to compile <span class="command"><strong>named</strong></span>
statically nor install shared libraries under the new root.
......@@ -260,11 +269,13 @@ allow-query { !{ !10/8; any; }; key example; };
<code class="filename">/dev/log</code>, and
<code class="filename">/etc/localtime</code>.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="setuid"></a>Using the <span class="command"><strong>setuid</strong></span> Function</h3></div></div></div>
<p>
<p>
Prior to running the <span class="command"><strong>named</strong></span> daemon,
use
the <span class="command"><strong>touch</strong></span> utility (to change file
......@@ -275,7 +286,7 @@ allow-query { !{ !10/8; any; }; key example; };
to which you want <acronym class="acronym">BIND</acronym>
to write.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
If the <span class="command"><strong>named</strong></span> daemon is running as an
......@@ -283,12 +294,14 @@ allow-query { !{ !10/8; any; }; key example; };
ports if the server is reloaded.
</p>
</div>
</div>
</div>
<div class="section">
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="dynamic_update_security"></a>Dynamic Update Security</h2></div></div></div>
<p>
<p>
Access to the dynamic
update facility should be strictly limited. In earlier versions of
<acronym class="acronym">BIND</acronym>, the only way to do this was
......@@ -308,7 +321,8 @@ allow-query { !{ !10/8; any; }; key example; };
forward it to the master with its own source IP address causing the
master to approve it without question.
</p>
<p>
<p>
For these reasons, we strongly recommend that updates be
cryptographically authenticated by means of transaction signatures
(TSIG). That is, the <span class="command"><strong>allow-update</strong></span>
......@@ -317,7 +331,8 @@ allow-query { !{ !10/8; any; }; key example; };
prefixes. Alternatively, the new <span class="command"><strong>update-policy</strong></span>
option can be used.
</p>
<p>
<p>
Some sites choose to keep all dynamically-updated DNS data
in a subdomain and delegate that subdomain to a separate zone. This
way, the top-level zone containing critical data such as the IP
......@@ -325,8 +340,9 @@ allow-query { !{ !10/8; any; }; key example; };
of public web and mail servers need not allow dynamic update at
all.
</p>
</div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
......@@ -344,6 +360,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.0 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.1 (Development Release)</p>
</body>
</html>
......@@ -10,7 +10,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 7. Troubleshooting</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Security Considerations">
......@@ -45,24 +45,28 @@
<dt><span class="section"><a href="Bv9ARM.ch07.html#more_help">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="common_problems"></a>Common Problems</h2></div></div></div>
<div class="section">
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.8.2.2"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
up logging files beforehand. The log files provide a
source of hints and information that can be used to figure out
what went wrong and how to fix the problem.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.8.2.3"></a>EDNS compliance issues</h3></div></div></div>
<p>
<p>
EDNS (Extended DNS) is a standard that was first specified
in 1999. It is required for DNSSEC validation, DNS COOKIE
options, and other features. There are broken and outdated
......@@ -73,7 +77,7 @@
situation, retrying queries in different ways and eventually
falling back to plain DNS queries without EDNS.
</p>
<p>
<p>
Such workarounds cause unnecessary resolution delays,
increase code complexity, and prevent deployment of new DNS
features. As of February 2019, all major DNS software vendors
......@@ -82,7 +86,7 @@
for further details. This change was implemented in BIND
as of release 9.14.0.
</p>
<p>
<p>
As a result, some domains may be non-resolvable without manual
intervention. In these cases, resolution can be restored by
adding <span class="command"><strong>server</strong></span> clauses for the offending
......@@ -90,32 +94,33 @@
<span class="command"><strong>send-cookie no</strong></span>, depending on the specific
noncompliance.
</p>
<p>
<p>
To determine which <span class="command"><strong>server</strong></span> clause to use,
run the following commands to send queries to the authoritative
servers for the broken domain:
</p>
<div class="literallayout"><p><br>
<div class="literallayout"><p><br>
            dig soa &lt;zone&gt; @&lt;server&gt; +dnssec<br>
            dig soa &lt;zone&gt; @&lt;server&gt; +dnssec +nocookie<br>
            dig soa &lt;zone&gt; @&lt;server&gt; +noedns<br>
  </p></div>
<p>
<p>
If the first command fails but the second succeeds, the
server most likely needs <span class="command"><strong>send-cookie no</strong></span>.
If the first two fail but the third succeeds, then the server
needs EDNS to be fully disabled with <span class="command"><strong>edns no</strong></span>.
</p>
<p>
<p>
Please contact the administrators of noncompliant domains
and encourage them to upgrade their broken DNS servers.
</p>
</div>
</div>
<div class="section">
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.8.3"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
represents a date, usually of the form YYYYMMDDRR.
......@@ -127,22 +132,26 @@
lower than the serial number on the master, the slave
server will attempt to update its copy of the zone.
</p>
<p>
<p>
Setting the serial number to a lower number on the master
server than the slave server means that the slave will not perform
updates to its copy of the zone.
</p>
<p>
<p>
The solution to this is to add 2147483647 (2^31-1) to the
number, reload the zone and make sure all slaves have updated to
the new zone serial number, then reset the number to what you want
it to be, and reload the zone again.
</p>
</div>
<div class="section">
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="more_help"></a>Where Can I Get Help?</h2></div></div></div>
<p>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
of support and service agreements for <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym> servers. Four
......@@ -155,15 +164,16 @@
fix announcements to remote support. It also includes training in
<acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym>.
</p>
<p>
<p>
To discuss arrangements for support, contact
<a class="link" href="mailto:info@isc.org" target="_top">info@isc.org</a> or visit the
<acronym class="acronym">ISC</acronym> web page at
<a class="link" href="http://www.isc.org/services/support/" target="_top">http://www.isc.org/services/support/</a>
to read more.
</p>
</div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
......@@ -181,6 +191,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.0 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.17.1 (Development Release)</p>
</body>
</html>
......@@ -36,11 +36,12 @@
<div class="toc">
<p><b>Table of Contents</b></p>