Update protocol. Windows 2000 machines have a habit of sending dynamic
update requests to DNS servers without being specifically configured to
do so. If the update requests are coming from a Windows 2000 machine,
- see http://support.microsoft.com/support/kb/articles/q246/8/04.asp for
- information about how to turn them off.
+ see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
+ for information about how to turn them off.
Q: When I do a "dig . ns", many of the A records for the root servers are
missing. Why?
are using then you have failed to follow RFC 1918 usage rules and are
leaking queries to the Internet. You should establish your own zones
for these addresses to prevent you querying the Internet's name servers
- for these addresses. Please see http://as112.net/ for details of the
+ for these addresses. Please see <http://as112.net/> for details of the
problems you are causing and the counter measures that have had to be
deployed.
A: This is the result of a Linux kernel bug.
- See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+ See: <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=
+ 2>
Q: Why does named lock up when it attempts to connect over IPSEC tunnels?
A: This is due to a kernel bug where the fact that a socket is marked
non-blocking is ignored. It is reported that setting xfrm_larval_drop
- to 1 helps but this may have negative side effects. See: https://
- bugzilla.redhat.com/show_bug.cgi?id=427629 and http://lkml.org/lkml/
- 2007/12/4/260
+ to 1 helps but this may have negative side effects. See: <https://
+ bugzilla.redhat.com/show_bug.cgi?id=427629> and <http://lkml.org/lkml/
+ 2007/12/4/260>.
- xfrm_larval_drop can be set to 1 by the following proceedure:
+ xfrm_larval_drop can be set to 1 by the following procedure:
echo "1" > proc/sys/net/core/xfrm_larval_drop
A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
Red Hat have adopted the National Security Agency's SELinux security
- policy ( see http://www.nsa.gov/selinux ) and recommendations for BIND
+ policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND
security , which are more secure than running named in a chroot and
make use of the bind-chroot environment unnecessary .
/etc/rc.conf
rand_irqs="3 14 15"
- See also http://people.freebsd.org/~dougb/randomness.html
+ See also <http://people.freebsd.org/~dougb/randomness.html>.
4.5. Solaris
A: Sun has a blog entry describing how to do this.
- http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
4.6. Apple Mac OS X
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: FAQ.xml,v 1.4.6.21 2008/05/31 01:21:10 tbox Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.6.22 2008/06/01 01:21:11 tbox Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
requests are coming from a Windows 2000 machine, see
<ulink
url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
- http://support.microsoft.com/support/kb/articles/q246/8/04.asp
- </ulink>
+ <http://support.microsoft.com/support/kb/articles/q246/8/04.asp></ulink>
for information about how to turn them off.
</para>
</answer>
usage rules and are leaking queries to the Internet. You
should establish your own zones for these addresses to prevent
you querying the Internet's name servers for these addresses.
- Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
+ Please see <ulink url="http://as112.net/"><http://as112.net/></ulink>
for details of the problems you are causing and the counter
measures that have had to be deployed.
</para>
</para>
<para>
See:
- <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2">http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2</ulink>
+ <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2"><http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2></ulink>
</para>
</answer>
</qandaentry>
non-blocking is ignored. It is reported that setting
xfrm_larval_drop to 1 helps but this may have negative side effects.
See:
-<ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=427629">https://bugzilla.redhat.com/show_bug.cgi?id=427629</ulink>
+<ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=427629"><https://bugzilla.redhat.com/show_bug.cgi?id=427629></ulink>
and
-<ulink url="http://lkml.org/lkml/2007/12/4/260">http://lkml.org/lkml/2007/12/4/260</ulink>
+<ulink url="http://lkml.org/lkml/2007/12/4/260"><http://lkml.org/lkml/2007/12/4/260></ulink>.
</para>
<para>
- xfrm_larval_drop can be set to 1 by the following proceedure:
+ xfrm_larval_drop can be set to 1 by the following procedure:
<programlisting>
echo "1" > proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
<para>
Red Hat have adopted the National Security Agency's
- SELinux security policy ( see http://www.nsa.gov/selinux
- ) and recommendations for BIND security , which are more
+ SELinux security policy (see <ulink
+ url="http://www.nsa.gov/selinux"><http://www.nsa.gov/selinux></ulink>)
+ and recommendations for BIND security , which are more
secure than running named in a chroot and make use of
the bind-chroot environment unnecessary .
</para>
<para>
See also
<ulink url="http://people.freebsd.org/~dougb/randomness.html">
- http://people.freebsd.org/~dougb/randomness.html
- </ulink>
+ <http://people.freebsd.org/~dougb/randomness.html></ulink>.
</para>
</answer>
</qandaentry>
<para>
<ulink
url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
- http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
</ulink>
</para>
</answer>
projects / thirdparty / bind9.git / commitdiff
