Commit ff5760e2 authored by Andreas Gustafsson's avatar Andreas Gustafsson

random reformatting

parent cca68b1f
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.151 2001/07/26 22:46:44 bwelling Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.152 2001/07/30 22:55:23 gson Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
......@@ -798,37 +798,37 @@ of a server.</para>
</variablelist>
<para>In <acronym>BIND</acronym> 9.2, <command>rndc</command>
supports all the commands of the BIND 8 <command>ndc</command>
utility except <command>ndc start</command>, which was also
not supported in <command>ndc</command>'s channel mode.</para>
<para>A configuration file is required, since all
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
configuration file. The default location for the
<command>rndc</command> configuration file is
<filename>/etc/rndc.conf</filename>, but an alternate
location can be specified with the <option>-c</option>
option. If the configuration file is not found,
<command>rndc</command> will also look in
<filename>/var/run/named.key</filename> (or wherever
<varname>localstatedir</varname> was defined when
the <acronym>BIND</acronym> build was configured).
The <filename>named.key</filename> file is generated by
<command>named</command> as described in
<xref linkend="controls_statement_definition_and_usage"/>.</para>
<para>The format of the configuration file is similar to
that of <filename>named.conf</filename>, but limited to
only four statements, the <command>options</command>,
<command>key</command>, <command>server</command> and
<command>include</command>
statements. These statements are what associate the
secret keys to the servers with which they are meant to
be shared. The order of statements is not
significant.</para>
<para>In <acronym>BIND</acronym> 9.2, <command>rndc</command>
supports all the commands of the BIND 8 <command>ndc</command>
utility except <command>ndc start</command>, which was also
not supported in <command>ndc</command>'s channel mode.</para>
<para>A configuration file is required, since all
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
configuration file. The default location for the
<command>rndc</command> configuration file is
<filename>/etc/rndc.conf</filename>, but an alternate
location can be specified with the <option>-c</option>
option. If the configuration file is not found,
<command>rndc</command> will also look in
<filename>/var/run/named.key</filename> (or wherever
<varname>localstatedir</varname> was defined when
the <acronym>BIND</acronym> build was configured).
The <filename>named.key</filename> file is generated by
<command>named</command> as described in
<xref linkend="controls_statement_definition_and_usage"/>.</para>
<para>The format of the configuration file is similar to
that of <filename>named.conf</filename>, but limited to
only four statements, the <command>options</command>,
<command>key</command>, <command>server</command> and
<command>include</command>
statements. These statements are what associate the
secret keys to the servers with which they are meant to
be shared. The order of statements is not
significant.</para>
<para>The <command>options</command> statement has three clauses:
<command>default-server</command>, <command>default-key</command>,
......@@ -878,11 +878,13 @@ options {
<para>This file, if installed as <filename>/etc/rndc.conf</filename>,
would allow the command:</para>
<para><prompt>$ </prompt><userinput>rndc reload</userinput></para>
<para><prompt>$ </prompt><userinput>rndc reload</userinput></para>
<para>to connect to 127.0.0.1 port 953 and cause the nameserver
to reload, if a nameserver on the local machine were running with
following controls statements:</para>
<programlisting>
<programlisting>
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
......@@ -895,8 +897,9 @@ controls {
</sect3>
</sect2>
<sect2>
<title>Signals</title>
<sect2>
<title>Signals</title>
<para>Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
be sent using the <command>kill</command> command.</para>
......@@ -1529,18 +1532,21 @@ allow-update { key host1-host2. ;};
input file for the zone.</para>
</sect2>
<sect2><title>Configuring Servers</title>
<para>Unlike in <acronym>BIND</acronym> 8, data is not verified on load in <acronym>BIND</acronym> 9,
so zone keys for authoritative zones do not need to be specified
in the configuration file.</para>
<sect2><title>Configuring Servers</title>
<para>The public key for any security root must be present in
the configuration file's <command>trusted-keys</command>
statement, as described later in this document. </para>
<para>Unlike in <acronym>BIND</acronym> 8,
data is not verified on load in <acronym>BIND</acronym> 9,
so zone keys for authoritative zones do not need to be specified
in the configuration file.</para>
</sect2>
</sect1>
<para>The public key for any security root must be present in
the configuration file's <command>trusted-keys</command>
statement, as described later in this document. </para>
</sect2>
</sect1>
<sect1>
<title>IPv6 Support in <acronym>BIND</acronym> 9</title>
......
......@@ -1096,90 +1096,90 @@ CLASS="acronym"
CLASS="command"
>rndc</B
>
supports all the commands of the BIND 8 <B
supports all the commands of the BIND 8 <B
CLASS="command"
>ndc</B
>
utility except <B
utility except <B
CLASS="command"
>ndc start</B
>, which was also
not supported in <B
not supported in <B
CLASS="command"
>ndc</B
>'s channel mode.</P
><P
>A configuration file is required, since all
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
configuration file. The default location for the
<B
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
configuration file. The default location for the
<B
CLASS="command"
>rndc</B
> configuration file is
<TT
<TT
CLASS="filename"
>/etc/rndc.conf</TT
>, but an alternate
location can be specified with the <TT
location can be specified with the <TT
CLASS="option"
>-c</TT
>
option. If the configuration file is not found,
<B
option. If the configuration file is not found,
<B
CLASS="command"
>rndc</B
> will also look in
<TT
<TT
CLASS="filename"
>/var/run/named.key</TT
> (or wherever
<TT
<TT
CLASS="varname"
>localstatedir</TT
> was defined when
the <SPAN
the <SPAN
CLASS="acronym"
>BIND</SPAN
> build was configured).
The <TT
The <TT
CLASS="filename"
>named.key</TT
> file is generated by
<B
<B
CLASS="command"
>named</B
> as described in
<A
<A
HREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
>Section 6.2.4</A
>.</P
><P
>The format of the configuration file is similar to
that of <TT
that of <TT
CLASS="filename"
>named.conf</TT
>, but limited to
only four statements, the <B
only four statements, the <B
CLASS="command"
>options</B
>,
<B
<B
CLASS="command"
>key</B
>, <B
CLASS="command"
>server</B
> and
<B
<B
CLASS="command"
>include</B
>
statements. These statements are what associate the
secret keys to the servers with which they are meant to
be shared. The order of statements is not
significant.</P
statements. These statements are what associate the
secret keys to the servers with which they are meant to
be shared. The order of statements is not
significant.</P
><P
>The <B
CLASS="command"
......
......@@ -1337,19 +1337,20 @@ NAME="AEN967"
>Unlike in <SPAN
CLASS="acronym"
>BIND</SPAN
> 8, data is not verified on load in <SPAN
> 8,
data is not verified on load in <SPAN
CLASS="acronym"
>BIND</SPAN
> 9,
so zone keys for authoritative zones do not need to be specified
in the configuration file.</P
so zone keys for authoritative zones do not need to be specified
in the configuration file.</P
><P
>The public key for any security root must be present in
the configuration file's <B
the configuration file's <B
CLASS="command"
>trusted-keys</B
>
statement, as described later in this document. </P
statement, as described later in this document. </P
></DIV
></DIV
><DIV
......
......@@ -7292,12 +7292,12 @@ as <B
CLASS="command"
>match-recursive-only</B
>, which means that only recursive
queries from matching clients will match that view.
requests from matching clients will match that view.
The order of the <B
CLASS="command"
>view</B
> statements is significant &#8212;
a client query will be resolved in the context of the first
a client request will be resolved in the context of the first
<B
CLASS="command"
>view</B
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment