Commit dec590a3 authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent b57276f8
......@@ -92,7 +92,7 @@ Q: I'm trying to use TSIG to authenticate dynamic updates or zone
rejecting the TSIG. Why?
A: This may be a clock skew problem. Check that the the clocks on the
client and server are properly synchronised (e.g., using ntp).
client and server are properly synchronized (e.g., using ntp).
Q: I see a log message like the following. Why?
......
......@@ -207,7 +207,7 @@ Enable memory usage debugging\&.
.PP
\-p \fIport\fR
.RS 4
Send the query to a non\-standard port on the server, instead of the defaut port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
Send the query to a non\-standard port on the server, instead of the default port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
.RE
.PP
\-q \fIname\fR
......
......@@ -191,7 +191,7 @@
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
Send the query to a non-standard port on the server,
instead of the defaut port 53. This option would be used
instead of the default port 53. This option would be used
to test a name server that has been configured to listen
for queries on a non-standard port number.
</p></dd>
......
......@@ -44,7 +44,7 @@
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dnssec-importkey \- Import DNSKEY records from external systems so they can be managed\&.
dnssec-importkey \- import DNSKEY records from external systems so they can be managed
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-importkey\fR\ 'u
\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
......
......@@ -24,7 +24,7 @@
<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
......
......@@ -44,7 +44,7 @@
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dnssec-revoke \- Set the REVOKED bit on a DNSSEC key
dnssec-revoke \- set the REVOKED bit on a DNSSEC key
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-revoke\fR\ 'u
\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
......
......@@ -23,7 +23,7 @@
<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
......
......@@ -44,7 +44,7 @@
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dnssec-settime \- Set the key timing metadata for a DNSSEC key
dnssec-settime \- set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-settime\fR\ 'u
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
......
......@@ -23,7 +23,7 @@
<a name="man.dnssec-settime"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
<p><span class="application">dnssec-settime</span> &#8212; set the key timing metadata for a DNSSEC key</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
......
......@@ -44,7 +44,7 @@
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
dnssec-checkds \- A DNSSEC delegation consistency checking tool\&.
dnssec-checkds \- DNSSEC delegation consistency checking tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-checkds\fR\ 'u
\fBdnssec\-checkds\fR [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-d\ \fR\fB\fIdig\ path\fR\fR] [\fB\-D\ \fR\fB\fIdsfromkey\ path\fR\fR] {zone}
......
......@@ -23,7 +23,7 @@
<a name="man.dnssec-checkds"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-checkds</span> &#8212; A DNSSEC delegation consistency checking tool.</p>
<p><span class="application">dnssec-checkds</span> &#8212; DNSSEC delegation consistency checking tool</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
......
......@@ -44,7 +44,7 @@
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
named-rrchecker \- A syntax checker for individual DNS resource records
named-rrchecker \- syntax checker for individual DNS resource records
.SH "SYNOPSIS"
.HP \w'\fBnamed\-rrchecker\fR\ 'u
\fBnamed\-rrchecker\fR [\fB\-h\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-u\fR] [\fB\-C\fR] [\fB\-T\fR] [\fB\-P\fR]
......
......@@ -24,7 +24,7 @@
<a name="man.named-rrchecker"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">named-rrchecker</span> &#8212; A syntax checker for individual DNS resource records</p>
<p><span class="application">named-rrchecker</span> &#8212; syntax checker for individual DNS resource records</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
......
......@@ -134,12 +134,14 @@
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
As a slave zone can also be a master to other slaves, <span class="command"><strong>named</strong></span>,
by default, sends <span class="command"><strong>NOTIFY</strong></span> messages for every zone
it loads. Specifying <span class="command"><strong>notify master-only;</strong></span> will
cause <span class="command"><strong>named</strong></span> to only send <span class="command"><strong>NOTIFY</strong></span> for master
zones that it loads.
</div>
</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
......@@ -1064,9 +1066,11 @@ options {
</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
None of the keys listed in this example are valid. In particular,
the root key is not valid.
</div>
</p>
</div>
<p>
When DNSSEC validation is enabled and properly configured,
the resolver will reject any answers from signed, secure zones
......@@ -1614,12 +1618,14 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
The latest OpenSSL versions as of this writing (January 2015)
are 0.9.8zc, 1.0.0o, and 1.0.1j.
ISC will provide updated patches as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.
</div>
</p>
</div>
<p>
Before building BIND 9 with PKCS#11 support, it will be
necessary to build OpenSSL with the patch in place, and configure
......@@ -1642,10 +1648,12 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
Note that the patch file may not be compatible with the
<p>
The patch file may not be compatible with the
"patch" utility on all operating systems. You may need to
install GNU patch.
</div>
</p>
</div>
<p>
When building OpenSSL, place it in a non-standard
location so that it does not interfere with OpenSSL libraries
......
......@@ -475,7 +475,7 @@
followed by '%' to represent percents.
</p>
<p>
The behaviour is exactly the same as
The behavior is exactly the same as
<code class="varname">size_spec</code>, but
<code class="varname">size_or_percent</code> allows also
to specify a positive integer value followed by
......@@ -3876,7 +3876,6 @@ options {
queries.
Caching may still occur as an effect the server's internal
operation, such as NOTIFY address lookups.
See also <span class="command"><strong>fetch-glue</strong></span> above.
</p></dd>
<dt><span class="term"><span class="command"><strong>request-nsid</strong></span></span></dt>
<dd><p>
......@@ -5242,13 +5241,15 @@ avoid-v6-udp-ports {};
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
If you do not wish the alternate transfer source
to be used, you should set
<span class="command"><strong>use-alt-transfer-source</strong></span>
appropriately and you should not depend upon
getting an answer back to the first refresh
query.
</div>
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
<dd><p>
......@@ -6334,7 +6335,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
may be sent while servicing a recursive query.
If more queries are sent, the recursive query
is terminated and returns SERVFAIL. Queries to
look up top level comains such as "com" and "net"
look up top level domains such as "com" and "net"
and the DNS root zone are exempt from this limitation.
The default is 75.
</p></dd>
......@@ -6613,11 +6614,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
The real parent servers for these zones should disable all
empty zone under the parent zone they serve. For the real
root servers, this is all built-in empty zones. This will
enable them to return referrals to deeper in the tree.
</div>
</p>
</div>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="command"><strong>empty-server</strong></span></span></dt>
<dd><p>
......@@ -7055,7 +7058,7 @@ deny-answer-aliases { "example.net"; };
<p>
A special form of local data is a CNAME whose target is a
wildcard such as *.example.com.
It is used as if were an ordinary CNAME after the astrisk (*)
It is used as if were an ordinary CNAME after the asterisk (*)
has been replaced with the query name.
The purpose for this special form is query logging in the
walled garden's authority DNS server.
......@@ -9198,7 +9201,7 @@ example.com. NS ns2.example.net.
unsigned zone is transferred in or loaded from
disk and a signed version of the zone is served,
with possibly, a different serial number. This
behaviour is disabled by default.
behavior is disabled by default.
</p></dd>
<dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
<dd><p>
......@@ -9413,7 +9416,7 @@ example.com. NS ns2.example.net.
The <em class="replaceable"><code>name</code></em> field
is subject to DNS wildcard expansion, and
this rule matches when the name being updated
name is a valid expansion of the wildcard.
is a valid expansion of the wildcard.
</p>
</td>
</tr>
......
......@@ -312,10 +312,12 @@ allow-query { !{ !10/8; any; }; key example; };
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
Note that if the <span class="command"><strong>named</strong></span> daemon is running as an
<p>
If the <span class="command"><strong>named</strong></span> daemon is running as an
unprivileged user, it will not be able to bind to new restricted
ports if the server is reloaded.
</div>
</p>
</div>
</div>
</div>
<div class="section">
......
......@@ -88,7 +88,7 @@
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #4098]
in CVE-2015-8000. [RT #40987]
</p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
......@@ -504,6 +504,9 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Updated the complied in addresses for H.ROOT-SERVERS.NET.
</p></li>
<li class="listitem"><p>
ACLs containing <span class="command"><strong>geoip asnum</strong></span> elements were
not correctly matched unless the full organization name was
......
......@@ -432,9 +432,13 @@ $ <strong class="userinput"><code>make</code></strong>
</p></dd>
</dl></div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>In practice, either -a or -r must be specified. Others can
be optional; the underlying library routine tries to identify the
appropriate server and the zone name for the update.</div>
<h3 class="title">Note</h3>
<p>
In practice, either -a or -r must be specified. Others can
be optional; the underlying library routine tries to identify the
appropriate server and the zone name for the update.
</p>
</div>
<p>
Examples: assuming the primary authoritative server of the
dynamic.example.com zone has an IPv6 address 2001:db8::1234,
......
......@@ -57,7 +57,7 @@
<span class="refentrytitle"><a href="man.delv.html">delv</a></span><span class="refpurpose"> &#8212; DNS lookup and validation utility</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; A DNSSEC delegation consistency checking tool.</span>
<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; DNSSEC delegation consistency checking tool</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-coverage.html"><span class="application">dnssec-coverage</span></a></span><span class="refpurpose"> &#8212; checks future DNSKEY coverage for a zone</span>
......@@ -66,7 +66,7 @@
<span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; import DNSKEY records from external systems so they can be managed</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
......@@ -75,10 +75,10 @@
<span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; Set the REVOKED bit on a DNSSEC key</span>
<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; set the REVOKED bit on a DNSSEC key</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; Set the key timing metadata for a DNSSEC key</span>
<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; set the key timing metadata for a DNSSEC key</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> &#8212; DNSSEC zone signing tool</span>
......@@ -105,7 +105,7 @@
<span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; A syntax checker for individual DNS resource records</span>
<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; syntax checker for individual DNS resource records</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> &#8212; Dynamic DNS update utility</span>
......
......@@ -292,7 +292,7 @@
<span class="refentrytitle"><a href="man.delv.html">delv</a></span><span class="refpurpose"> &#8212; DNS lookup and validation utility</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; A DNSSEC delegation consistency checking tool.</span>
<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; DNSSEC delegation consistency checking tool</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-coverage.html"><span class="application">dnssec-coverage</span></a></span><span class="refpurpose"> &#8212; checks future DNSKEY coverage for a zone</span>
......@@ -301,7 +301,7 @@
<span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; import DNSKEY records from external systems so they can be managed</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
......@@ -310,10 +310,10 @@
<span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; Set the REVOKED bit on a DNSSEC key</span>
<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; set the REVOKED bit on a DNSSEC key</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; Set the key timing metadata for a DNSSEC key</span>
<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; set the key timing metadata for a DNSSEC key</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> &#8212; DNSSEC zone signing tool</span>
......@@ -340,7 +340,7 @@
<span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; A syntax checker for individual DNS resource records</span>
<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; syntax checker for individual DNS resource records</span>
</dt>
<dt>
<span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> &#8212; Dynamic DNS update utility</span>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment