Commit ee5b77cc authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Merge branch '1925-additional-text-edits-to-bind-arm' into 'main'

Resolve "Additional text edits to BIND ARM"

Closes #1925

See merge request isc-projects/bind9!3800
parents 494d1246 4cd6be18
......@@ -37,7 +37,7 @@ identifier is the address of an individual interface on a given network;
in IPv6, addresses belong to interfaces rather than to machines.
The subnetting capability of IPv6 is much more flexible than that of
IPv4: subnetting can be carried out on bit boundaries, in much the same
IPv4; subnetting can be carried out on bit boundaries, in much the same
way as Classless InterDomain Routing (CIDR), and the DNS PTR
representation ("nibble" format) makes setting up reverse zones easier.
......@@ -45,7 +45,7 @@ The interface identifier must be unique on the local link, and is
usually generated automatically by the IPv6 implementation, although it
is usually possible to override the default setting if necessary. A
typical IPv6 address might look like:
``2001:db8:201:9:a00:20ff:fe81:2b32``
``2001:db8:201:9:a00:20ff:fe81:2b32``.
IPv6 address specifications often contain long strings of zeros, so the
architects have included a shorthand for specifying them. The double
......@@ -72,7 +72,7 @@ Specification documents for the Internet protocol suite, including the
DNS, are published as part of the Request for Comments (RFCs) series of
technical notes. The standards themselves are defined by the Internet
Engineering Task Force (IETF) and the Internet Engineering Steering
Group (IESG). RFCs can be viewed online at: https://datatracker.ietf.org/doc/.
Group (IESG). RFCs can be viewed online at: https://datatracker.ietf.org/doc/ .
Some of these RFCs, though DNS-related, are not concerned with implementing
software.
......
......@@ -46,7 +46,8 @@ and Mike Schwartz. BIND maintenance was subsequently handled by Mike
Karels and Øivind Kure.
BIND versions 4.9 and 4.9.1 were released by Digital Equipment
Corporation (now Compaq Computer Corporation). Paul Vixie, then a DEC
Corporation (which became Compaq Computer Corporation and eventually merged
with Hewlett-Packard). Paul Vixie, then a DEC
employee, became BIND's primary caretaker. He was assisted by Phil
Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew
Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat Baran,
......@@ -57,7 +58,7 @@ In 1994, BIND version 4.9.2 was sponsored by Vixie Enterprises. Paul
Vixie became BIND's principal architect/programmer.
BIND versions from 4.9.3 onward have been developed and maintained by
the Internet Systems Consortium and its predecessor, the Internet
Internet Systems Consortium and its predecessor, the Internet
Software Consortium, with support provided by ISC's sponsors.
As co-architects/programmers, Bob Halley and Paul Vixie released the
......@@ -70,5 +71,6 @@ BIND versions 4 and 8 are officially deprecated. No additional
development is done on BIND version 4 or BIND version 8.
BIND development work is made possible today by the sponsorship of
corporations who purchase professional support services from ISC (https://www.isc.org/contact/) and/or donate to our mission, and by the tireless efforts of numerous
individuals.
corporations who purchase professional support services from ISC
(https://www.isc.org/contact/) and/or donate to our mission, and by the
tireless efforts of numerous individuals.
......@@ -35,6 +35,7 @@ Manual Pages
.. include:: ../../bin/tools/named-journalprint.rst
.. include:: ../../bin/tools/named-nzd2nzf.rst
.. include:: ../../bin/tools/named-rrchecker.rst
.. include:: ../../bin/named/named.conf.rst
.. include:: ../../bin/named/named.rst
.. include:: ../../bin/tools/nsec3hash.rst
.. include:: ../../bin/dig/nslookup.rst
......
......@@ -20,13 +20,13 @@ BIND 9.17 is an unstable development release of BIND. This document
summarizes new features and functional changes that have been introduced
on this branch. With each development release leading up to the stable
BIND 9.18 release, this document will be updated with additional
features added and bugs fixed. Please see the file CHANGES for a more
features added and bugs fixed. Please see the CHANGES file for a more
detailed list of changes and bug fixes.
Supported Platforms
-------------------
To build on UNIX-like systems, BIND requires support for POSIX.1c
To build on Unix-like systems, BIND requires support for POSIX.1c
threads (IEEE Std 1003.1c-1995), the Advanced Sockets API for IPv6
(:rfc:`3542`), and standard atomic operations provided by the C
compiler.
......@@ -82,8 +82,8 @@ End of Life
BIND 9.17 is an unstable development branch. When its development is
complete, it will be renamed to BIND 9.18, which will be a stable
branch. The end of life date for BIND 9.18 has not yet been determined.
For those needing long term support, the current Extended Support
branch. The end-of-life date for BIND 9.18 has not yet been determined.
For those needing long-term stability, the current Extended Support
Version (ESV) is BIND 9.11, which will be supported until at least
December 2021. See https://kb.isc.org/docs/aa-00896 for details of
ISC's software support policy.
......
This diff is collapsed.
......@@ -24,7 +24,7 @@ and nicknamed for future use in ``allow-notify``, ``allow-query``,
``allow-transfer``, ``match-clients``, etc.
ACLs give users finer control over who can access the
name server, without cluttering up config files with huge lists of
name server, without cluttering up configuration files with huge lists of
IP addresses.
It is a *good idea* to use ACLs, and to control access.
......@@ -33,8 +33,8 @@ spoofing and denial of service (DoS) attacks against the server.
ACLs match clients on the basis of up to three characteristics: 1) The
client's IP address; 2) the TSIG or SIG(0) key that was used to sign the
request, if any; and 3) an address prefix encoded in an EDNS Client
Subnet option, if any.
request, if any; and 3) an address prefix encoded in an EDNS
Client-Subnet option, if any.
Here is an example of ACLs based on client addresses:
......@@ -62,7 +62,7 @@ Here is an example of ACLs based on client addresses:
};
zone "example.com" {
type master;
type primary;
file "m/example.com";
allow-query { any; };
};
......@@ -88,7 +88,7 @@ are ``country``, ``region``, ``city``, ``continent``, ``postal`` (postal code),
if it contains spaces or other special characters. An ``asnum`` search for
autonomous system number can be specified using the string "ASNNNN" or the
integer NNNN. If a ``country`` search is specified with a string that is two characters
long, it must be a standard ISO-3166-1 two-letter country code; otherwise
long, it must be a standard ISO-3166-1 two-letter country code; otherwise,
it is interpreted as the full name of the country. Similarly, if
``region`` is the search term and the string is two characters long, it is treated as a
standard two-letter state or province abbreviation; otherwise, it is treated as the
......@@ -118,7 +118,7 @@ Some example GeoIP ACLs:
geoip tz "America/Los_Angeles";
geoip org "Internet Systems Consortium";
ACLs use a "first-match" logic rather than "best-match": if an address
ACLs use a "first-match" logic rather than "best-match"; if an address
prefix matches an ACL element, then that ACL is considered to have
matched even if a later element would have matched more specifically.
For example, the ACL ``{ 10/8; !10.0.0.1; }`` would actually match a
......@@ -129,7 +129,7 @@ When using "nested" ACLs (that is, ACLs included or referenced within
other ACLs), a negative match of a nested ACL tells the containing ACL to
continue looking for matches. This enables complex ACLs to be
constructed, in which multiple client characteristics can be checked at
the same time. For example, to construct an ACL which allows queries
the same time. For example, to construct an ACL which allows a query
only when it originates from a particular network *and* only when it is
signed with a particular key, use:
......@@ -156,7 +156,7 @@ On Unix servers, it is possible to run BIND in a *chrooted* environment
"sandbox," which limits the damage done if a server is compromised.
Another useful feature in the Unix version of BIND is the ability to run
the daemon as an unprivileged user ( ``-u`` user ). We suggest running
the daemon as an unprivileged user (``-u`` user). We suggest running
as an unprivileged user when using the ``chroot`` feature.
Here is an example command line to load BIND in a ``chroot`` sandbox,
......@@ -207,7 +207,7 @@ Access to the dynamic update facility should be strictly limited. In
earlier versions of BIND, the only way to do this was based on the IP
address of the host requesting the update, by listing an IP address or
network prefix in the ``allow-update`` zone option. This method is
insecure since the source address of the update UDP packet is easily
insecure, since the source address of the update UDP packet is easily
forged. Also note that if the IP addresses allowed by the
``allow-update`` option include the address of a secondary server which
performs forwarding of dynamic updates, the primary can be trivially
......@@ -218,10 +218,10 @@ it without question.
For these reasons, we strongly recommend that updates be
cryptographically authenticated by means of transaction signatures
(TSIG). That is, the ``allow-update`` option should list only TSIG key
names, not IP addresses or network prefixes. Alternatively, the new
names, not IP addresses or network prefixes. Alternatively, the
``update-policy`` option can be used.
Some sites choose to keep all dynamically-updated DNS data in a
Some sites choose to keep all dynamically updated DNS data in a
subdomain and delegate that subdomain to a separate zone. This way, the
top-level zone containing critical data such as the IP addresses of
public web and mail servers need not allow dynamic updates at all.
top-level zone containing critical data, such as the IP addresses of
public web and mail servers, need not allow dynamic updates at all.
......@@ -46,7 +46,7 @@ was implemented in BIND as of release 9.14.0.
As a result, some domains may be non-resolvable without manual
intervention. In these cases, resolution can be restored by adding
``server`` clauses for the offending servers, specifying ``edns no`` or
``server`` clauses for the offending servers, or by specifying ``edns no`` or
``send-cookie no``, depending on the specific noncompliance.
To determine which ``server`` clause to use, run the following commands
......@@ -72,7 +72,7 @@ Incrementing and Changing the Serial Number
Zone serial numbers are just numbers — they are not date-related. However, many
people set them to a number that represents a date, usually of the
form YYYYMMDDRR. Occasionally they will make a mistake and set the serial number to a
form YYYYMMDDRR. Occasionally they make a mistake and set the serial number to a
date in the future, then try to correct it by setting it to the
current date. This causes problems because serial numbers are used to
indicate that a zone has been updated. If the serial number on the secondary
......@@ -97,7 +97,7 @@ peer user support. In addition, ISC maintains a Knowledgebase of helpful article
at https://kb.isc.org.
Internet Systems Consortium (ISC) offers annual support agreements
for BIND 9, ISC DHCP and Kea DHCP.
for BIND 9, ISC DHCP, and Kea DHCP.
All paid support contracts include advance security notifications; some levels include
service level agreements (SLAs), premium software features, and increased priority on bug fixes
and feature requests.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment