-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $
+.\" $Id: named.conf.5,v 1.1.4.7 2006/05/17 02:38:09 marka Exp $
.\"
.hy 0
.ad l
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
- query\-source \fIquerysource4\fR;
- query\-source\-v6 \fIquerysource6\fR;
+ query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+ query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
cleaning\-interval \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
rfc2308\-type1 \fIboolean\fR; // not yet implemented
additional\-from\-auth \fIboolean\fR;
additional\-from\-cache \fIboolean\fR;
- query\-source \fIquerysource4\fR;
- query\-source\-v6 \fIquerysource6\fR;
+ query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+ query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
cleaning\-interval \fIinteger\fR;
min\-roots \fIinteger\fR; // not implemented
lame\-ttl \fIinteger\fR;
<!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.1.4.11 2006/04/23 10:11:12 marka Exp $ -->
+<!-- $Id: named.conf.html,v 1.1.4.12 2006/05/17 02:38:09 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2524454"></a><h2>DESCRIPTION</h2>
+<a name="id2524457"></a><h2>DESCRIPTION</h2>
<p>
<code class="filename">named.conf</code> is the configuration file for
<span><strong class="command">named</strong></span>. Statements are enclosed
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2524483"></a><h2>ACL</h2>
+<a name="id2524486"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2524499"></a><h2>KEY</h2>
+<a name="id2525185"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525201"></a><h2>MASTERS</h2>
+<a name="id2525204"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525246"></a><h2>SERVER</h2>
+<a name="id2525250"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525304"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2525307"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525330"></a><h2>CONTROLS</h2>
+<a name="id2525333"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525365"></a><h2>LOGGING</h2>
+<a name="id2525368"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525403"></a><h2>LWRES</h2>
+<a name="id2525406"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2525445"></a><h2>OPTIONS</h2>
+<a name="id2525448"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source <em class="replaceable"><code>querysource4</code></em>;<br>
- query-source-v6 <em class="replaceable"><code>querysource6</code></em>;<br>
+ query-source [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526106"></a><h2>VIEW</h2>
+<a name="id2526129"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
- query-source <em class="replaceable"><code>querysource4</code></em>;<br>
- query-source-v6 <em class="replaceable"><code>querysource6</code></em>;<br>
+ query-source [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526517"></a><h2>ZONE</h2>
+<a name="id2526558"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint |<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2526922"></a><h2>FILES</h2>
+<a name="id2526964"></a><h2>FILES</h2>
<p>
<code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2526935"></a><h2>SEE ALSO</h2>
+<a name="id2526977"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.26.2.5.4.14 2006/05/08 15:46:01 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch03.html,v 1.26.2.5.4.15 2006/05/17 02:38:09 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2546906">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2546912">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2548144">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2548076">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
If you run <span><strong class="command">rndc</strong></span> without any options
it will display a usage message as follows:</p>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
-<p><span><strong class="command">command</strong></span> is one of the following:</p>
+<p>The <span><strong class="command">command</strong></span> is one of the following:</p>
<div class="variablelist"><dl>
<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt>
<dd><p>Reload configuration file and zones.</p></dd>
<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt>
<dd><p>Stop the server, making sure any recent changes
made through dynamic update or IXFR are first saved to the master files
- of the updated zones. If -p is specified named's process id is returned.</p></dd>
+ of the updated zones. If -p is specified named's process id is returned.
+ This allows an external process to determine when named had completed stopping.</p></dd>
<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
<dd><p>Stop the server immediately. Recent changes
made through dynamic update or IXFR are not saved to the master files,
but will be rolled forward from the journal files when the server
- is restarted. If -p is specified named's process id is returned.</p></dd>
+ is restarted. If -p is specified named's process id is returned.
+ This allows an external process to determine when named had completed
+ stopping.</p></dd>
<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
<dd><p>Increment the servers debugging level by one. </p></dd>
<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2548144"></a>Signals</h3></div></div></div>
+<a name="id2548076"></a>Signals</h3></div></div></div>
<p>Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
be sent using the <span><strong class="command">kill</strong></span> command.</p>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.30.2.6.2.19 2006/05/08 15:46:01 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.30.2.6.2.20 2006/05/17 02:38:09 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2548500">Split DNS</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2548569">Split DNS</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2548993">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549059">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549067">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549175">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549296">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549339">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2548926">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549061">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549069">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549109">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549229">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549273">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2544848">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2544897">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549287">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549336">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2544963">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549809">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549883">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549470">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549606">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549681">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549953">IPv6 Support in <span class="acronym">BIND</span> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549750">IPv6 Support in <span class="acronym">BIND</span> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2550080">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2550100">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549877">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549965">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2548500"></a>Split DNS</h2></div></div></div>
+<a name="id2548569"></a>Split DNS</h2></div></div></div>
<p>Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a <span class="emphasis"><em>Split
DNS</em></span> setup. There are several reasons an organization
</ul></div>
<p>Here is an example configuration for the setup we just
described above. Note that this is only configuration information;
- for information on how to configure your zone files, see <a href="Bv9ARM.ch03.html#sample_configuration" title="Sample Configurations">the section called “Sample Configurations”</a></p>
+ for information on how to configure your zone files, see <a href="Bv9ARM.ch03.html#sample_configuration" title="Sample Configurations">the section called “Sample Configurations”</a>.</p>
<p>Internal DNS server config:</p>
<pre class="programlisting">
<code class="option">-y</code> command line options.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2548993"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2548926"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
be the same on both hosts.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2549009"></a>Automatic Generation</h4></div></div></div>
+<a name="id2549011"></a>Automatic Generation</h4></div></div></div>
<p>The following command will generate a 128 bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
are easier to read. Note that the maximum key length is 512 bits;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2549043"></a>Manual Generation</h4></div></div></div>
+<a name="id2549045"></a>Manual Generation</h4></div></div></div>
<p>The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
the length is a multiple of 4 and only valid characters are used),
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549059"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2549061"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549067"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2549069"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span> are
both servers. The following is added to each server's <code class="filename">named.conf</code> file:</p>
<pre class="programlisting">
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549175"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2549109"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
for <span class="emphasis"><em>host1</em></span>, if the IP address of <span class="emphasis"><em>host2</em></span> is
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549296"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2549229"></a>TSIG Key Based Access Control</h3></div></div></div>
<p><span class="acronym">BIND</span> allows IP addresses and ranges to be specified in ACL
definitions and
<span><strong class="command">allow-{ query | transfer | update }</strong></span> directives.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549339"></a>Errors</h3></div></div></div>
+<a name="id2549273"></a>Errors</h3></div></div></div>
<p>The processing of TSIG signed messages can result in
- several errors. If a signed message is sent to a non-TSIG aware
- server, a FORMERR will be returned, since the server will not
- understand the record. This is a result of misconfiguration,
- since the server must be explicitly configured to send a TSIG
- signed message to a specific server.</p>
+ several errors. If a signed message is sent to a non-TSIG
+ aware server, a FORMERR (format error) will be returned, since
+ the server will not understand the record. This is a result
+ of misconfiguration, since the server must be explicitly
+ configured to send a TSIG signed message to a specific
+ server.</p>
<p>If a TSIG aware server receives a message signed by an
unknown key, the response will be unsigned with the TSIG
extended error code set to BADKEY. If a TSIG aware server
the TSIG extended error code set to BADTIME, and the time values
will be adjusted so that the response can be successfully
verified. In any of these cases, the message's rcode is set to
- NOTAUTH.</p>
+ NOTAUTH (not authenticated).</p>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2544848"></a>TKEY</h2></div></div></div>
+<a name="id2549287"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span> is a mechanism for automatically
generating a shared secret between two hosts. There are several
"modes" of <span><strong class="command">TKEY</strong></span> that specify how the key is
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2544897"></a>SIG(0)</h2></div></div></div>
+<a name="id2549336"></a>SIG(0)</h2></div></div></div>
<p><span class="acronym">BIND</span> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC2931. SIG(0)
uses public/private keys to authenticate messages. Access control
<p>There must also be communication with the administrators of
the parent and/or child zone to transmit keys. A zone's security
status must be indicated by the parent zone for a DNSSEC capable
- resolver to trust its data. This is done through the presense
+ resolver to trust its data. This is done through the presence
or absence of a <code class="literal">DS</code> record at the delegation
point.</p>
<p>For other servers to trust data in this zone, they must
zone key of another zone above this one in the DNS tree.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2544963"></a>Generating Keys</h3></div></div></div>
+<a name="id2549470"></a>Generating Keys</h3></div></div></div>
<p>The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.</p>
<p>A secure zone must contain one or more zone keys. The
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549809"></a>Signing the Zone</h3></div></div></div>
+<a name="id2549606"></a>Signing the Zone</h3></div></div></div>
<p>The <span><strong class="command">dnssec-signzone</strong></span> program is used to
sign a zone.</p>
<p>Any <code class="filename">keyset</code> files corresponding
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2549883"></a>Configuring Servers</h3></div></div></div>
+<a name="id2549681"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients
</p>
<p>
<span><strong class="command">trusted-keys</strong></span> are copies of DNSKEY RRs
- for zones that are used to form the first link the the
+ for zones that are used to form the first link in the
cryptographic chain of trust. All keys listed in
<span><strong class="command">trusted-keys</strong></span> (and corresponding zones)
are deemed to exist and only the listed keys will be used
</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
- None of the keys listed in this example are valid. In particular
+ None of the keys listed in this example are valid. In particular,
the root key is not valid.
</div>
</div>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2549953"></a>IPv6 Support in <span class="acronym">BIND</span> 9</h2></div></div></div>
+<a name="id2549750"></a>IPv6 Support in <span class="acronym">BIND</span> 9</h2></div></div></div>
<p><span class="acronym">BIND</span> 9 fully supports all currently defined forms of IPv6
name to address and address to name lookups. It will also use
IPv6 addresses to make queries when running on an IPv6 capable
see <a href="Bv9ARM.ch09.html#ipv6addresses" title="IPv6 addresses (AAAA)">the section called “IPv6 addresses (AAAA)”</a>.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2550080"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2549877"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>The AAAA record is a parallel to the IPv4 A record. It
specifies the entire address in a single record. For
example,</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2550100"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2549965"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
<code class="literal">ip6.arpa.</code> is appended to the resulting name.
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.24.2.5.2.15 2006/05/08 15:46:01 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch05.html,v 1.24.2.5.2.16 2006/05/17 02:38:10 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2550132">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2549997">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2550132"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2549997"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
server.</p>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.56.2.12.2.36 2006/05/08 15:46:01 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.56.2.12.2.37 2006/05/17 02:38:10 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551160">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551026">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551645"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551511"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551814"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551680"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552219"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552234"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552257"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552278"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552349"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552680"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553817"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553890"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553953"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554065"><span><strong class="command">masters</strong></span> Statement Definition and Usage </a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554080"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552093"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552108"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552131"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552220"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552360"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552486"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553623"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553696"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553758"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553870"><span><strong class="command">masters</strong></span> Statement Definition and Usage </a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553885"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561657"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561705"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561410"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561526"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561787"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561608"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2563070"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2562891"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2564401">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2564293">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566038">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2565862">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566467">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566572">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566741"><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566291">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566396">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566565"><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
</dl></dd>
</dl>
</div>
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2550971"></a>Syntax</h4></div></div></div>
+<a name="id2550837"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2550998"></a>Definition and Usage</h4></div></div></div>
+<a name="id2550864"></a>Definition and Usage</h4></div></div></div>
<p>Address match lists are primarily used to determine access
control for various server operations. They are also used in
the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2551160"></a>Comment Syntax</h3></div></div></div>
+<a name="id2551026"></a>Comment Syntax</h3></div></div></div>
<p>The <span class="acronym">BIND</span> 9 comment syntax allows for comments to appear
anywhere that white space may appear in a <span class="acronym">BIND</span> configuration
file. To appeal to programmers of all kinds, they can be written
in the C, C++, or shell/perl style.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2551175"></a>Syntax</h4></div></div></div>
+<a name="id2551041"></a>Syntax</h4></div></div></div>
<pre class="programlisting">/* This is a <span class="acronym">BIND</span> comment as in C */</pre>
<p>
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2551272"></a>Definition and Usage</h4></div></div></div>
-<p>Comments may appear anywhere that whitespace may appear in
+<a name="id2551138"></a>Definition and Usage</h4></div></div></div>
+<p>Comments may appear anywhere that white space may appear in
a <span class="acronym">BIND</span> configuration file.</p>
<p>C-style comments start with the two characters /* (slash,
star) and end with */ (star, slash). Because they are completely
<tr>
<td><p><span><strong class="command">lwres</strong></span></p></td>
<td><p>configures <span><strong class="command">named</strong></span> to
-also act as a light weight resolver daemon (<span><strong class="command">lwresd</strong></span>).</p></td>
+also act as a light-weight resolver daemon (<span><strong class="command">lwresd</strong></span>).</p></td>
</tr>
<tr>
<td><p><span><strong class="command">masters</strong></span></p></td>
configuration.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2551645"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2551511"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2551814"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2551680"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
inet ( ip_addr | * ) [<span class="optional"> port ip_port </span>] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code> key_list </code></em> };
<span><strong class="command">ip_port</strong></span> on the specified
<span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
address. An <span><strong class="command">ip_addr</strong></span>
- of <code class="literal">*</code> is interpreted as the IPv4 wildcard
+ of <code class="literal">*</code> (asterisk) is interpreted as the IPv4 wildcard
address; connections will be accepted on any of the system's
IPv4 addresses. To listen on the IPv6 wildcard address,
use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
</p>
<p>
If no port is specified, port 953
- is used. "<code class="literal">*</code>" cannot be used for
+ is used. The asterisk "<code class="literal">*</code>" cannot be used for
<span><strong class="command">ip_port</strong></span>.</p>
<p>The ability to issue commands over the control channel is
restricted by the <span><strong class="command">allow</strong></span> and
<code class="filename">rndc.conf</code> and make it group readable by a group
that contains the users who should have access.</p>
<p>The UNIX control channel type of <span class="acronym">BIND</span> 8 is not supported
- in <span class="acronym">BIND</span> 9, and is not expected to be added in future
- releases. If it is present in the controls statement from a
+ in <span class="acronym">BIND</span> 9.0, <span class="acronym">BIND</span> 9.1,
+ <span class="acronym">BIND</span> 9.2 and <span class="acronym">BIND</span> 9.3.
+ If it is present in the controls statement from a
<span class="acronym">BIND</span> 8 configuration file, it is ignored
and a warning is logged.</p>
<p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2552219"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2552093"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2552234"></a><span><strong class="command">include</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2552108"></a><span><strong class="command">include</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">include</strong></span> statement inserts the
specified file at the point where the <span><strong class="command">include</strong></span>
statement is encountered. The <span><strong class="command">include</strong></span>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2552257"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2552131"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2552278"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2552220"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
or the command channel
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2552349"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2552360"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2552680"></a><span><strong class="command">logging</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2552486"></a><span><strong class="command">logging</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">logging</strong></span> statement configures a wide
variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
associates output methods, format options and severity levels with
was specified.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2552732"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2552538"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.</p>
<p>Every channel definition must include a destination clause that
with the <code class="option">-d</code> flag followed by a positive integer,
or by running <span><strong class="command">rndc trace</strong></span>.
The global debug level
-can be set to zero, and debugging mode turned off, by running <span><strong class="command">ndc
+can be set to zero, and debugging mode turned off, by running <span><strong class="command">rndc
notrace</strong></span>. All debugging messages in the server have a debug
level, and higher debug levels give more detailed output. Channels
that specify a specific debug severity, for example:</p>
</pre>
<p>The <span><strong class="command">default_debug</strong></span> channel has the special
property that it only produces output when the server's debug level is
-nonzero. It normally writes to a file <code class="filename">named.run</code>
+nonzero. It normally writes to a file called <code class="filename">named.run</code>
in the server's working directory.</p>
<p>For security reasons, when the "<code class="option">-u</code>"
command line option is used, the <code class="filename">named.run</code> file
<td>
<p>Specify where queries should be logged to.</p>
<p>
-At startup, specifing the category <span><strong class="command">queries</strong></span> will also
+At startup, specifying the category <span><strong class="command">queries</strong></span> will also
enable query logging unless <span><strong class="command">querylog</strong></span> option has been
specified.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2553817"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2553623"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p> This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:</p>
<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2553890"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2553696"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">lwres</strong></span> statement configures the name
-server to also act as a lightweight resolver server, see
-<a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>. There may be be multiple
+server to also act as a lightweight resolver server. (See
+<a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called “Running a Resolver Daemon”</a>.) There may be be multiple
<span><strong class="command">lwres</strong></span> statements configuring
lightweight resolver servers with different properties.</p>
<p>The <span><strong class="command">listen-on</strong></span> statement specifies a list of
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2553953"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2553758"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] } ;
</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2554065"></a><span><strong class="command">masters</strong></span> Statement Definition and Usage </h3></div></div></div>
+<a name="id2553870"></a><span><strong class="command">masters</strong></span> Statement Definition and Usage </h3></div></div></div>
<p><span><strong class="command">masters</strong></span> lists allow for a common set of masters
to be easily used by multiple stub and slave zones.</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2554080"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2553885"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:</p>
<pre class="programlisting">options {
to when instructed to do so using <span><strong class="command">rndc stats</strong></span>.
If not specified, the default is <code class="filename">named.stats</code> in the
server's current directory. The format of the file is described
-in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a></p></dd>
+in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called “The Statistics File”</a>.</p></dd>
<dt><span class="term"><span><strong class="command">port</strong></span></span></dt>
<dd><p>
The UDP/TCP port number the server uses for
<dt><span class="term"><span><strong class="command">root-delegation-only</strong></span></span></dt>
<dd>
<p>
-Turn on enforcement of delegation-only in TLDs and root zones with an optional
-exclude list.
+Turn on enforcement of delegation-only in TLDs (top level domains)
+and root zones with an optional exclude list.
</p>
<p>
Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US" and "MUSEUM").
and BIND 9 never does it.</p></dd>
<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
<dd><p>When the nameserver exits due receiving SIGTERM,
-flush / do not flush any pending zone writes. The default is
+flush or do not flush any pending zone writes. The default is
<span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
</p></dd>
<dt><span class="term"><span><strong class="command">has-old-clients</strong></span></span></dt>
<dd><p>
See the description of
<span><strong class="command">provide-ixfr</strong></span> in
-<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and Usage”</a>
+<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and Usage”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">request-ixfr</strong></span></span></dt>
<dd><p>
See the description of
<span><strong class="command">request-ixfr</strong></span> in
-<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and Usage”</a>
+<a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called “<span><strong class="command">server</strong></span> Statement Definition and Usage”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">treat-cr-as-space</strong></span></span></dt>
<dd><p>This option was used in <span class="acronym">BIND</span> 8 to make
For answer received from the network (<span><strong class="command">response</strong></span>)
the default is <span><strong class="command">ignore</strong></span>.
</p>
-<p>The rules for legal hostnames / mail domains are derived from RFC 952
+<p>The rules for legal hostnames or mail domains are derived from RFC 952
and RFC 821 as modified by RFC 1123.
</p>
<p><span><strong class="command">check-names</strong></span> applies to the owner names of A, AAA and
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2556693"></a>Forwarding</h4></div></div></div>
+<a name="id2556500"></a>Forwarding</h4></div></div></div>
<p>The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
name servers. It can also be used to allow queries by servers that
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2556743"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2556550"></a>Dual-stack Servers</h4></div></div></div>
<p>Dual-stack servers are used as servers of last resort to work around
problems in reachability due the lack of support for either IPv4 or IPv6
on the host machine.</p>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">dual-stack-servers</strong></span></span></dt>
-<dd><p>Specifies host names / addresses of machines with access to
+<dd><p>Specifies host names or addresses of machines with access to
both IPv4 and IPv6 transports. If a hostname is used the server must be able
to resolve the name using only the transport it has. If the machine is dual
stacked then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2556990"></a>Interfaces</h4></div></div></div>
+<a name="id2556934"></a>Interfaces</h4></div></div></div>
<p>The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
an optional port, and an <code class="varname">address_match_list</code>.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2557216"></a>Query Address</h4></div></div></div>
+<a name="id2557022"></a>Query Address</h4></div></div></div>
<p>If the server doesn't know the answer to a question, it will
query other name servers. <span><strong class="command">query-source</strong></span> specifies
the address and port used for such queries. For queries sent over
possible into a message. <span><strong class="command">many-answers</strong></span> is more
efficient, but is only supported by relatively new slave servers,
such as <span class="acronym">BIND</span> 9, <span class="acronym">BIND</span> 8.x and patched
-versions of <span class="acronym">BIND</span> 4.9.5. The default is
+versions of <span class="acronym">BIND</span> 4.9.5. The <span><strong class="command">many-answers</strong></span>
+format is also supported by recent Microsoft Windows nameservers. The default is
<span><strong class="command">many-answers</strong></span>. <span><strong class="command">transfer-format</strong></span>
may be overridden on a per-server basis by using the
<span><strong class="command">server</strong></span> statement.
This address must appear in the slave server's <span><strong class="command">masters</strong></span>
zone clause or in an <span><strong class="command">allow-notify</strong></span> clause.
This statement sets the <span><strong class="command">notify-source</strong></span> for all zones,
-but can be overridden on a per-zone / per-view basis by including a
+but can be overridden on a per-zone or per-view basis by including a
<span><strong class="command">notify-source</strong></span> statement within the <span><strong class="command">zone</strong></span>
or <span><strong class="command">view</strong></span> block in the configuration file.</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2545534"></a>Bad UDP Port Lists</h4></div></div></div>
+<a name="id2545549"></a>Bad UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">avoid-v4-udp-ports</strong></span> and <span><strong class="command">avoid-v6-udp-ports</strong></span>
specify a list of IPv4 and IPv6 UDP ports that will not be used as system
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2545550"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2545565"></a>Operating System Resource Limits</h4></div></div></div>
<p>The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
example, <span><strong class="command">1G</strong></span> can be used instead of
<span><strong class="command">1073741824</strong></span> to specify a limit of one
gigabyte. <span><strong class="command">unlimited</strong></span> requests unlimited use, or the
maximum available amount. <span><strong class="command">default</strong></span> uses the limit
-that was in force when the server was started. See the description of
-<span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.</p>
+that was in force when the server was started. See the description
+
of <span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called “Configuration File Elements”</a>.</p>
<p>The following options set operating system resource limits for
the name server process. Some operating systems don't support some or
any of the limits. On such systems, a warning will be issued if the
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2545720"></a>Server Resource Limits</h4></div></div></div>
+<a name="id2545735"></a>Server Resource Limits</h4></div></div></div>
<p>The following options set limits on the server's
resource consumption that are enforced internally by the
server rather than the operating system.</p>
</p></dd>
<dt><span class="term"><span><strong class="command">max-journal-size</strong></span></span></dt>
<dd><p>Sets a maximum size for each journal file
-(<a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file approaches
+(
see <a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called “The journal file”</a>). When the journal file approaches
the specified size, some of the oldest transactions in the journal
will be automatically removed. The default is
<code class="literal">unlimited</code>.</p></dd>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2560033"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2559843"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>The server will remove expired resource records
<span><strong class="command">max-ncache-ttl</strong></span> cannot exceed 7 days and will
be silently truncated to 7 days if set to a greater value.</p></dd>
<dt><span class="term"><span><strong class="command">max-cache-ttl</strong></span></span></dt>
-<dd><p><span><strong class="command">max-cache-ttl</strong></span> sets
+<dd><p>Sets
the maximum time for which the server will cache ordinary (positive)
answers. The default is one week (7 days).</p></dd>
<dt><span class="term"><span><strong class="command">min-roots</strong></span></span></dt>
is <strong class="userinput"><code>2</code></strong>.</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
-<p>Not implemented in <span class="acronym">BIND</span>9.</p>
+<p>Not implemented in <span class="acronym">BIND</span> 9.</p>
</div>
</dd>
<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
the name <code class="filename">hostname.bind</code>
with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
This defaults to the hostname of the machine hosting the name server as
-found by gethostname(). The primary purpose of such queries is to
+found by the gethostname() function. The primary purpose of such queries is to
identify which of a group of anycast servers is actually
answering your queries. Specifying <span><strong class="command">hostname none;</strong></span>
disables processing of the queries.</p></dd>
answering your queries. Specifying <span><strong class="command">server-id none;</strong></span>
disables processing of the queries.
Specifying <span><strong class="command">server-id hostname;</strong></span> will cause named to
-use the hostname as found by gethostname().
+use the hostname as found by the gethostname() function.
The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
</p></dd>
</dl></div>
is similar, but not identical, to that
generated by <span class="acronym">BIND</span> 8.
</p>
-<p>The statistics dump begins with the line <span><strong class="command">+++ Statistics Dump
-+++ (973798949)</strong></span>, where the number in parentheses is a standard
+<p>The statistics dump begins with a line, like:</p>
+<p>
+ <span><strong class="command">+++ Statistics Dump +++ (973798949)</strong></span>
+ </p>
+<p>The numberr in parentheses is a standard
Unix-style timestamp, measured as seconds since January 1, 1970. Following
that line are a series of lines containing a counter type, the value of the
counter, optionally a zone name, and optionally a view name.
The lines without view and zone listed are global statistics for the entire server.
Lines with a zone and view name for the given view and zone (the view name is
-omitted for the default view). The statistics dump ends
-with the line <span><strong class="command">--- Statistics Dump --- (973798949)</strong></span>, where the
-number is identical to the number in the beginning line.</p>
+omitted for the default view).
+</p>
+<p>
+The statistics dump ends with the line where the
+number is identical to the number in the beginning line; for example:
+</p>
+<p>
+<span><strong class="command">--- Statistics Dump --- (973798949)</strong></span>
+</p>
<p>The following statistics counters are maintained:</p>
<div class="informaltable"><table border="1">
<colgroup>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2561657"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2561410"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">trusted-keys {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2561705"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2561526"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2561787"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2561608"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>The <span><strong class="command">view</strong></span> statement is a powerful new feature
of <span class="acronym">BIND</span> 9 that lets a name server answer a DNS query differently
depending on who is asking. It is particularly useful for implementing
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2563070"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2562891"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2563077"></a>Zone Types</h4></div></div></div>
+<a name="id2562898"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
If a file is specified, then the
replica will be written to this file whenever the zone is changed,
and reloaded from this file on a server restart. Use of a file is
-recommended, since it often speeds server start-up and eliminates
+recommended, since it often speeds server startup and eliminates
a needless waste of bandwidth. Note that for large numbers (in the
tens or hundreds of thousands) of zones per server, it is best to
use a two level naming scheme for zone file names. For example,
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2563451"></a>Class</h4></div></div></div>
+<a name="id2563340"></a>Class</h4></div></div></div>
<p>The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
is assumed. This is correct for the vast majority of cases.</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2563482"></a>Zone Options</h4></div></div></div>
+<a name="id2563371"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a></p></dd>
+<span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.</p></dd>
<dt><span class="term"><span><strong class="command">allow-query</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a></p></dd>
+<span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.</p></dd>
<dt><span class="term"><span><strong class="command">allow-transfer</strong></span></span></dt>
<dd><p>See the description of <span><strong class="command">allow-transfer</strong></span>
in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called “Access Control”</a>.</p></dd>
<span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called “Tuning”</a>.</p></dd>
<dt><span class="term"><span><strong class="command">transfer-source</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
+<span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">transfer-source-v6</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
+<span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
+<span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
+<span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>
+<span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called “Zone Transfers”</a>.
</p></dd>
<dt><span class="term"><span><strong class="command">notify-source</strong></span></span></dt>
<dd><p>See the description of
<span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.</p></dd>
<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
<dd><p>See the description of
-<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and Usage”</a></p></dd>
+<span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called “<span><strong class="command">options</strong></span> Statement Definition and Usage”</a>.</p></dd>
<dt><span class="term"><span><strong class="command">multi-master</strong></span></span></dt>
<dd><p>See the description of
<span><strong class="command">multi-master</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.</p></dd>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564401"></a>Zone File</h2></div></div></div>
+<a name="id2564293"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
and implemented in the DNS. These are also included.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2564419"></a>Resource Records</h4></div></div></div>
+<a name="id2564311"></a>Resource Records</h4></div></div></div>
<p>A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
information associated with a particular name is composed of
<tr>
<td><p>MX</p></td>
<td><p>identifies a mail exchange for the domain.
-a 16 bit preference value (lower is better)
+A 16 bit preference value (lower is better)
followed by the host name of the mail exchange.
Described in RFC 974, RFC 1035.</p></td>
</tr>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2565544"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2565436"></a>Textual expression of RRs</h4></div></div></div>
<p>RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form when
stored in a name server or resolver. In the examples provided in
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2566038"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2565862"></a>Discussion of MX Records</h3></div></div></div>
<p>As described above, domain servers store information as a
series of resource records, each of which contains a particular
piece of information about a given domain name (which is usually,
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2566467"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2566291"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
and PTR records. Entries in the in-addr.arpa domain are made in
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2566572"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2566396"></a>Other Zone File Directives</h3></div></div></div>
<p>The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format itself
is class independent all records in a Master File must be of the same
and <span><strong class="command">$TTL.</strong></span></p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2566592"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2566416"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>Syntax: <span><strong class="command">$ORIGIN
</strong></span><em class="replaceable"><code>domain-name</code></em> [<span class="optional"> <em class="replaceable"><code>comment</code></em></span>]</p>
<p><span><strong class="command">$ORIGIN</strong></span> sets the domain name that will
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2566647"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2566471"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em> [<span class="optional">
<em class="replaceable"><code>origin</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>comment</code></em> </span>]</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2566710"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2566534"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em> [<span class="optional">
<em class="replaceable"><code>comment</code></em> </span>]</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2566741"></a><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2566565"></a><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>Syntax: <span><strong class="command">$GENERATE</strong></span> <em class="replaceable"><code>range</code></em> <em class="replaceable"><code>lhs</code></em> [<span class="optional"><em class="replaceable"><code>ttl</code></em></span>] [<span class="optional"><em class="replaceable"><code>class</code></em></span>] <em class="replaceable"><code>type</code></em> <em class="replaceable"><code>rhs</code></em> [<span class="optional"> <em class="replaceable"><code>comment</code></em> </span>]</p>
<p><span><strong class="command">$GENERATE</strong></span> is used to create a series of
resource records that only differ from each other by an iterator. <span><strong class="command">$GENERATE</strong></span> can
by modifiers which change the offset from the iterator, field width and base.
Modifiers are introduced by a <span><strong class="command">{</strong></span> immediately following the
<span><strong class="command">$</strong></span> as <span><strong class="command">${offset[,width[,base]]}</strong></span>.
-e.g. <span><strong class="command">${-20,3,d}</strong></span> which subtracts 20 from the current value,
-prints the result as a decimal in a zero padded field of with 3. Available
+For example, <span><strong class="command">${-20,3,d}</strong></span> which subtracts 20 from the current value,
+prints the result as a decimal in a zero padded field of width 3. Available
output forms are decimal (<span><strong class="command">d</strong></span>), octal (<span><strong class="command">o</strong></span>)
and hexadecimal (<span><strong class="command">x</strong></span> or <span><strong class="command">X</strong></span> for uppercase).
The default modifier is <span><strong class="command">${0,0,d}</strong></span>.
absolute, the current <span><strong class="command">$ORIGIN</strong></span> is appended to
the name.</p>
<p>For compatibility with earlier versions <span><strong class="command">$$</strong></span> is still
-recognized a indicating a literal $ in the output.</p>
+recognized as indicating a literal $ in the output.</p>
</td>
</tr>
<tr>
<td><p><span><strong class="command">ttl</strong></span></p></td>
<td>
-<p><span><strong class="command">ttl</strong></span> specifies the
+<p>Specifies the
ttl of the generated records. If not specified this will be
inherited using the normal ttl inheritance rules.</p>
<p><span><strong class="command">class</strong></span> and <span><strong class="command">ttl</strong></span> can be
<tr>
<td><p><span><strong class="command">class</strong></span></p></td>
<td>
-<p><span><strong class="command">class</strong></span> specifies the
+<p>Specifies the
class of the generated records. This must match the zone class if
it is specified.</p>
<p><span><strong class="command">class</strong></span> and <span><strong class="command">ttl</strong></span> can be
</tr>
<tr>
<td><p><span><strong class="command">rhs</strong></span></p></td>
-<td><p>rhs is a domain name. It is processed
+<td><p>A domain name. It is processed
similarly to lhs.</p></td>
</tr>
</tbody>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.50.2.9.2.28 2006/05/08 15:46:02 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.50.2.9.2.29 2006/05/17 02:38:10 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2567202"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2567021"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
UNIX servers)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567346">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567403">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567234">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567291">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
// Set up an ACL named "bogusnets" that will block RFC1918 space,
// which is commonly used in spoofing attacks.
acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
+
// Set up an ACL called our-nets. Replace this with the real IP numbers.
acl our-nets { x.x.x.x/24; x.x.x.x/21; };
options {
blackhole { bogusnets; };
...
};
+
zone "example.com" {
type master;
file "m/example.com";
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567202"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
+<a name="id2567021"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
UNIX servers)</h2></div></div></div>
<p>On UNIX servers, it is possible to run <span class="acronym">BIND</span> in a <span class="emphasis"><em>chrooted</em></span> environment
(<span><strong class="command">chroot()</strong></span>) by specifying the "<code class="option">-t</code>"
<p><strong class="userinput"><code>/usr/local/bin/named -u 202 -t /var/named</code></strong></p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567346"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
-<p>In order for a <span><strong class="command">chroot()</strong></span> environment to
+<a name="id2567234"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<p>In order for a <span><strong class="command">chroot</strong></span> environment to
work properly in a particular directory
(for example, <code class="filename">/var/named</code>),
you will need to set up an environment that includes everything
to set up things like
<code class="filename">/dev/zero</code>,
<code class="filename">/dev/random</code>,
-<code class="filename">/dev/log</code>, and/or
+<code class="filename">/dev/log</code>, and
<code class="filename">/etc/localtime</code>.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567403"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2567291"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>Prior to running the <span><strong class="command">named</strong></span> daemon, use
the <span><strong class="command">touch</strong></span> utility (to change file access and
modification times) or the <span><strong class="command">chown</strong></span> utility (to
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.50.2.9.2.28 2006/05/08 15:46:02 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.50.2.9.2.29 2006/05/17 02:38:10 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567474">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2567479">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567491">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567508">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567362">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2567367">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567447">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567464">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567474"></a>Common Problems</h2></div></div></div>
+<a name="id2567362"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567479"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2567367"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>The best solution to solving installation and
configuration issues is to take preventative measures by setting
up logging files beforehand. The log files provide a
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567491"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2567447"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>Zone serial numbers are just numbers-they aren't date
related. A lot of people set them to a number that represents a
date, usually of the form YYYYMMDDRR. A number of people have been
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567508"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2567464"></a>Where Can I Get Help?</h2></div></div></div>
<p>The Internet Software Consortium (<span class="acronym">ISC</span>) offers a wide range
of support and service agreements for <span class="acronym">BIND</span> and <span class="acronym">DHCP</span> servers. Four
levels of premium support are available and each level includes
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.50.2.9.2.30 2006/05/08 15:46:02 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.50.2.9.2.31 2006/05/17 02:38:11 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2567638">Acknowledgments</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2567643">A Brief History of the <span class="acronym">DNS</span> and <span class="acronym">BIND</span></a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2544793">Acknowledgments</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2544798">A Brief History of the <span class="acronym">DNS</span> and <span class="acronym">BIND</span></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#historical_dns_information">General <span class="acronym">DNS</span> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2569998">Other Documents About <span class="acronym">BIND</span></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2569958">Other Documents About <span class="acronym">BIND</span></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567638"></a>Acknowledgments</h2></div></div></div>
+<a name="id2544793"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567643"></a>A Brief History of the <span class="acronym">DNS</span> and <span class="acronym">BIND</span></h3></div></div></div>
+<a name="id2544798"></a>A Brief History of the <span class="acronym">DNS</span> and <span class="acronym">BIND</span></h3></div></div></div>
<p>Although the "official" beginning of the Domain Name
System occurred in 1984 with the publication of RFC 920, the
core of the new system was described in 1983 in RFCs 882 and
Name Domain (<span class="acronym">BIND</span>) package, was written soon after by a group of
graduate students at the University of California at Berkeley under
a grant from the US Defense Advanced Research Projects Administration
-(DARPA). Versions of <span class="acronym">BIND</span> through 4.8.3 were maintained by the Computer
+(DARPA).
+</p>
+<p>
+Versions of <span class="acronym">BIND</span> through 4.8.3 were maintained by the Computer
Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
Painter, David Riggle and Songnian Zhou made up the initial <span class="acronym">BIND</span>
project team. After that, additional work on the software package
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2568555"></a>Bibliography</h4></div></div></div>
+<a name="id2568515"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry"><p>[<span class="abbrev">RFC974</span>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2569998"></a>Other Documents About <span class="acronym">BIND</span></h3></div></div></div>
+<a name="id2569958"></a>Other Documents About <span class="acronym">BIND</span></h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570008"></a>Bibliography</h4></div></div></div>
+<a name="id2569968"></a>Bibliography</h4></div></div></div>
<div class="biblioentry"><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><span class="acronym">DNS</span> and <span class="acronym">BIND</span></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p></div>
</div>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.60.2.9.2.32 2006/05/08 15:46:02 marka Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.60.2.9.2.33 2006/05/17 02:38:11 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2546906">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2546912">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2548144">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2548076">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2548500">Split DNS</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2548569">Split DNS</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2548993">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549059">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549067">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549175">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549296">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549339">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2548926">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549061">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549069">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549109">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549229">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549273">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2544848">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2544897">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549287">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549336">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2544963">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549809">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549883">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549470">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549606">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549681">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549953">IPv6 Support in <span class="acronym">BIND</span> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2549750">IPv6 Support in <span class="acronym">BIND</span> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2550080">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2550100">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549877">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2549965">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <span class="acronym">BIND</span> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2550132">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2549997">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <span class="acronym">BIND</span> 9 Configuration Reference</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551160">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551026">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551645"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551511"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551814"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2551680"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552219"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552234"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552257"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552278"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552349"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552680"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553817"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553890"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553953"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554065"><span><strong class="command">masters</strong></span> Statement Definition and Usage </a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2554080"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552093"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552108"><span><strong class="command">include</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552131"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552220"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552360"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2552486"><span><strong class="command">logging</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553623"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553696"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553758"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553870"><span><strong class="command">masters</strong></span> Statement Definition and Usage </a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2553885"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561657"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561705"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561410"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561526"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561787"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2561608"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2563070"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2562891"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2564401">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2564293">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566038">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2565862">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566467">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566572">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566741"><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566291">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566396">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2566565"><span class="acronym">BIND</span> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <span class="acronym">BIND</span> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2567202"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2567021"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for
UNIX servers)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567346">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567403">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567234">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567291">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567474">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2567479">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567491">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567508">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567362">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2567367">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567447">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2567464">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2567638">Acknowledgments</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2567643">A Brief History of the <span class="acronym">DNS</span> and <span class="acronym">BIND</span></a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2544793">Acknowledgments</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2544798">A Brief History of the <span class="acronym">DNS</span> and <span class="acronym">BIND</span></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#historical_dns_information">General <span class="acronym">DNS</span> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2569998">Other Documents About <span class="acronym">BIND</span></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2569958">Other Documents About <span class="acronym">BIND</span></a></span></dt>
</dl></dd>
</dl></dd>
</dl>
projects / thirdparty / bind9.git / commitdiff
