.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.26 2004/06/03 04:12:36 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.27 2004/06/11 03:03:11 marka Exp $
.\"
.TH "DNSSEC-KEYGEN" "8" "June 30, 2000" "BIND9" ""
.SH NAME
dnssec-keygen \- DNSSEC key generation tool
.SH SYNOPSIS
.sp
-\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ] [ \fB-e\fR ] [ \fB-f \fIflag\fB\fR ] [ \fB-g \fIgenerator\fB\fR ] [ \fB-h\fR ] [ \fB-p \fIprotocol\fB\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstrength\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-v \fIlevel\fB\fR ] \fBname\fR
+\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ] [ \fB-e\fR ] [ \fB-f \fIflag\fB\fR ] [ \fB-g \fIgenerator\fB\fR ] [ \fB-h\fR ] [ \fB-k\fR ] [ \fB-p \fIprotocol\fB\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstrength\fB\fR ] [ \fB-t \fItype\fB\fR ] [ \fB-v \fIlevel\fB\fR ] \fBname\fR
.SH "DESCRIPTION"
.PP
\fBdnssec-keygen\fR generates keys for DNSSEC
-(Secure DNS), as defined in RFC 2535. It can also generate
+(Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate
keys for use with TSIG (Transaction Signatures), as
defined in RFC 2845.
.SH "OPTIONS"
.TP
\fB-a \fIalgorithm\fB\fR
Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR must be one of RSAMD5 or RSA,
+\fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1,
DSA, DH (Diffie Hellman), or HMAC-MD5. These values
are case insensitive.
-Note that for DNSSEC, DSA is a mandatory to implement algorithm,
-and RSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
+and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+
+Note 2: HMAC-MD5 and DH automatically set the -k flag.
.TP
\fB-b \fIkeysize\fB\fR
Specifies the number of bits in the key. The choice of key
-size depends on the algorithm used. RSA keys must be between
+size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between
512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
\fB-n \fInametype\fB\fR
Specifies the owner type of the key. The value of
\fBnametype\fR must either be ZONE (for a DNSSEC
-zone key), HOST or ENTITY (for a key associated with a host),
-or USER (for a key associated with a user). These values are
+zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
+USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are
case insensitive.
.TP
\fB-c \fIclass\fB\fR
the specified class. If not specified, class IN is used.
.TP
\fB-e\fR
-If generating an RSA key, use a large exponent.
+If generating an RSAMD5/RSASHA1 key, use a large exponent.
.TP
\fB-f \fIflag\fB\fR
-Set the specified flag in the flag field of the key record.
-The only recognized flag is KSK (Key Signing Key).
+Set the specified flag in the flag field of the KEY/DNSKEY record.
+The only recognized flag is KSK (Key Signing Key) DNSKEY.
.TP
\fB-g \fIgenerator\fB\fR
If generating a Diffie Hellman key, use this generator.
Prints a short summary of the options and arguments to
\fBdnssec-keygen\fR.
.TP
+\fB-k\fR
+Generate KEY records rather than DNSKEY records.
+.TP
\fB-p \fIprotocol\fB\fR
Sets the protocol value for the generated key. The protocol
is a number between 0 and 255. The default is 3 (DNSSEC).
\fIKexample.com.+003+26160.private\fR
.SH "SEE ALSO"
.PP
-\fBdnssec-makekeyset\fR(8),
-\fBdnssec-signkey\fR(8),
\fBdnssec-signzone\fR(8),
\fIBIND 9 Administrator Reference Manual\fR,
\fIRFC 2535\fR,
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.12 2004/06/03 04:12:36 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.13 2004/06/11 03:03:11 marka Exp $ -->
<HTML
><HEAD
>-h</TT
>] [<TT
CLASS="OPTION"
+>-k</TT
+>] [<TT
+CLASS="OPTION"
>-p <TT
CLASS="REPLACEABLE"
><I
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN51"
+NAME="AEN53"
></A
><H2
>DESCRIPTION</H2
CLASS="COMMAND"
>dnssec-keygen</B
> generates keys for DNSSEC
- (Secure DNS), as defined in RFC 2535. It can also generate
+ (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate
keys for use with TSIG (Transaction Signatures), as
defined in RFC 2845.
</P
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN55"
+NAME="AEN57"
></A
><H2
>OPTIONS</H2
<TT
CLASS="OPTION"
>algorithm</TT
-> must be one of RSAMD5 or RSA,
+> must be one of RSAMD5 (RSA) or RSASHA1,
DSA, DH (Diffie Hellman), or HMAC-MD5. These values
are case insensitive.
</P
><P
-> Note that for DNSSEC, DSA is a mandatory to implement algorithm,
- and RSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+> Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
+ and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+ </P
+><P
+> Note 2: HMAC-MD5 and DH automatically set the -k flag.
</P
></DD
><DT
><DD
><P
> Specifies the number of bits in the key. The choice of key
- size depends on the algorithm used. RSA keys must be between
+ size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between
512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
CLASS="OPTION"
>nametype</TT
> must either be ZONE (for a DNSSEC
- zone key), HOST or ENTITY (for a key associated with a host),
- or USER (for a key associated with a user). These values are
+ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
+ USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are
case insensitive.
</P
></DD
>-e</DT
><DD
><P
-> If generating an RSA key, use a large exponent.
+> If generating an RSAMD5/RSASHA1 key, use a large exponent.
</P
></DD
><DT
></DT
><DD
><P
-> Set the specified flag in the flag field of the key record.
- The only recognized flag is KSK (Key Signing Key).
+> Set the specified flag in the flag field of the KEY/DNSKEY record.
+ The only recognized flag is KSK (Key Signing Key) DNSKEY.
</P
></DD
><DT
</P
></DD
><DT
+>-k</DT
+><DD
+><P
+> Generate KEY records rather than DNSKEY records.
+ </P
+></DD
+><DT
>-p <TT
CLASS="REPLACEABLE"
><I
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN129"
+NAME="AEN136"
></A
><H2
>GENERATED KEYS</H2
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN156"
+NAME="AEN163"
></A
><H2
>EXAMPLE</H2
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN169"
+NAME="AEN176"
></A
><H2
>SEE ALSO</H2
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
->dnssec-makekeyset</SPAN
->(8)</SPAN
->,
- <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
- <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
>dnssec-signzone</SPAN
>(8)</SPAN
>,
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN185"
+NAME="AEN186"
></A
><H2
>AUTHOR</H2
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.31 2004/06/03 04:12:36 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.32 2004/06/11 03:03:12 marka Exp $
.\"
.TH "DNSSEC-SIGNZONE" "8" "June 30, 2000" "BIND9" ""
.SH NAME
\fBdnssec-signzone\fR [ \fB-a\fR ] [ \fB-c \fIclass\fB\fR ] [ \fB-d \fIdirectory\fB\fR ] [ \fB-e \fIend-time\fB\fR ] [ \fB-f \fIoutput-file\fB\fR ] [ \fB-g\fR ] [ \fB-h\fR ] [ \fB-k \fIkey\fB\fR ] [ \fB-l \fIdomain\fB\fR ] [ \fB-i \fIinterval\fB\fR ] [ \fB-n \fInthreads\fB\fR ] [ \fB-o \fIorigin\fB\fR ] [ \fB-p\fR ] [ \fB-r \fIrandomdev\fB\fR ] [ \fB-s \fIstart-time\fB\fR ] [ \fB-t\fR ] [ \fB-v \fIlevel\fB\fR ] [ \fB-z\fR ] \fBzonefile\fR [ \fBkey\fR\fI...\fR ]
.SH "DESCRIPTION"
.PP
-\fBdnssec-signzone\fR signs a zone. It generates NSEC
-and RRSIG records and produces a signed version of the zone. If there
-is a \fIsignedkey\fR file from the zone's parent,
-the parent's signatures will be incorporated into the generated
-signed zone file. The security status of delegations from the
-signed zone (that is, whether the child zones are secure or not) is
+\fBdnssec-signzone\fR signs a zone. It generates
+NSEC and RRSIG records and produces a signed version of the
+zone. The security status of delegations from the signed zone
+(that is, whether the child zones are secure or not) is
determined by the presence or absence of a
-\fIsignedkey\fR file for each child zone.
+\fIkeyset\fR file for each child zone.
.SH "OPTIONS"
.TP
\fB-a\fR
The domain is appended to the name of the records.
.TP
\fB-d \fIdirectory\fB\fR
-Look for \fIsignedkey\fR files in
+Look for \fIkeyset\fR files in
\fBdirectory\fR as the directory
.TP
\fB-g\fR
The following command signs the \fBexample.com\fR
zone with the DSA key generated in the \fBdnssec-keygen\fR
man page. The zone's keys must be in the zone. If there are
-\fIsignedkey\fR files associated with this zone
-or any child zones, they must be in the current directory.
+\fIkeyset\fR files associated with child zones,
+they must be in the current directory.
\fBexample.com\fR, the following command would be
issued:
.PP
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.11 2004/06/03 04:12:37 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.12 2004/06/11 03:03:12 marka Exp $ -->
<HTML
><HEAD
> <B
CLASS="COMMAND"
>dnssec-signzone</B
-> signs a zone. It generates NSEC
- and RRSIG records and produces a signed version of the zone. If there
- is a <TT
-CLASS="FILENAME"
->signedkey</TT
-> file from the zone's parent,
- the parent's signatures will be incorporated into the generated
- signed zone file. The security status of delegations from the
- signed zone (that is, whether the child zones are secure or not) is
- determined by the presence or absence of a
+> signs a zone. It generates
+ NSEC and RRSIG records and produces a signed version of the
+ zone. The security status of delegations from the signed zone
+ (that is, whether the child zones are secure or not) is
+ determined by the presence or absence of a
<TT
CLASS="FILENAME"
->signedkey</TT
+>keyset</TT
> file for each child zone.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN72"
+NAME="AEN71"
></A
><H2
>OPTIONS</H2
><P
> Look for <TT
CLASS="FILENAME"
->signedkey</TT
+>keyset</TT
> files in
<TT
CLASS="OPTION"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN182"
+NAME="AEN181"
></A
><H2
>EXAMPLE</H2
man page. The zone's keys must be in the zone. If there are
<TT
CLASS="FILENAME"
->signedkey</TT
-> files associated with this zone
- or any child zones, they must be in the current directory.
+>keyset</TT
+> files associated with child zones,
+ they must be in the current directory.
<TT
CLASS="USERINPUT"
><B
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN196"
+NAME="AEN195"
></A
><H2
>SEE ALSO</H2
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN204"
+NAME="AEN203"
></A
><H2
>AUTHOR</H2
></DT
><DT
>4.9. <A
-HREF="Bv9ARM.ch04.html#AEN1019"
+HREF="Bv9ARM.ch04.html#AEN1001"
>IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
> statement.</P
><P
>Updating of secure zones (zones using DNSSEC) follows
- RFC 3007: SIG and NXT records affected by updates are automatically
+ RFC 3007: RRSIG and NSEC records affected by updates are automatically
regenerated by the server using an online zone key.
Update authorization is based
on transaction signatures and an explicit server policy.</P
CLASS="emphasis"
><I
CLASS="emphasis"
->DNSSEC</I
+>DNSSEC-bis</I
></SPAN
>) extensions,
- defined in RFC 2535. This section describes the creation and use
+ defined in RFC <TBA>. This section describes the creation and use
of DNSSEC signed zones.</P
><P
>In order to set up a DNSSEC secure zone, there are a series
>-h</TT
> option prints a
full list of parameters. Note that the DNSSEC tools require the
- keyset and signedkey files to be in the working directory or the
+ keyset files to be in the working directory or the
directory specified by the <TT
CLASS="option"
>-h</TT
> option, and
- that the tools shipped with BIND 9.0.x are not fully compatible
+ that the tools shipped with BIND 9.2.x and earlier are not compatible
with the current ones.</P
><P
>There must also be communication with the administrators of
- the parent and/or child zone to transmit keys and signatures. A
- zone's security status must be indicated by the parent zone for a
- DNSSEC capable resolver to trust its data.</P
+ the parent and/or child zone to transmit keys. A zone's security
+ status must be indicated by the parent zone for a DNSSEC capable
+ resolver to trust its data. This is done through the presense
+ or absence of a <TT
+CLASS="literal"
+>DS</TT
+> record at the delegation
+ point.</P
><P
>For other servers to trust data in this zone, they must
either be statically configured with this zone's zone key or the
><H2
CLASS="sect2"
><A
-NAME="AEN951"
+NAME="AEN952"
>4.8.1. Generating Keys</A
></H2
><P
>, and must be usable for authentication.
It is recommended that zone keys use a cryptographic algorithm
designated as "mandatory to implement" by the IETF; currently
- these are RSASHA1 and DSA.</P
+ the only one is RSASHA1.</P
><P
->The following command will generate a 768 bit DSA key for
+>The following command will generate a 768 bit RSASHA1 key for
the <TT
CLASS="filename"
>child.example</TT
><TT
CLASS="userinput"
><B
->dnssec-keygen -a DSA -b 768 -n ZONE child.example.</B
+>dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.</B
></TT
></P
><P
>Two output files will be produced:
<TT
CLASS="filename"
->Kchild.example.+003+12345.key</TT
+>Kchild.example.+005+12345.key</TT
> and
<TT
CLASS="filename"
->Kchild.example.+003+12345.private</TT
+>Kchild.example.+005+12345.private</TT
> (where
12345 is an example of a key tag). The key file names contain
the key name (<TT
><H2
CLASS="sect2"
><A
-NAME="AEN971"
->4.8.2. Creating a Keyset</A
-></H2
-><P
->The <B
-CLASS="command"
->dnssec-makekeyset</B
-> program is used
- to create a key set from one or more keys.</P
-><P
->Once the zone keys have been generated, a key set must be
- built for transmission to the administrator of the parent zone,
- so that the parent zone can sign the keys with its own zone key
- and correctly indicate the security status of this zone. When
- building a key set, the list of keys to be included and the TTL
- of the set must be specified, and the desired signature validity
- period of the parent's signature may also be specified.</P
-><P
->The list of keys to be inserted into the key set may also
- included non-zone keys present at the top of the zone.
- <B
-CLASS="command"
->dnssec-makekeyset</B
-> may also be used at other
- names in the zone.</P
-><P
->The following command generates a key set containing the
- above key and another key similarly generated, with a TTL of
- 3600 and a signature validity period of 10 days starting from
- now.</P
-><P
-><TT
-CLASS="userinput"
-><B
->dnssec-makekeyset -t 3600 -e +864000 Kchild.example.+003+12345 Kchild.example.+003+23456</B
-></TT
-></P
-><P
->One output file is produced:
- <TT
-CLASS="filename"
->keyset-child.example.</TT
->. This file should be
- transmitted to the parent to be signed. It includes the keys,
- as well as signatures over the key set generated by the zone
- keys themselves, which are used to prove ownership of the
- private keys and encode the desired validity period.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="AEN983"
->4.8.3. Signing the Child's Keyset</A
-></H2
-><P
->The <B
-CLASS="command"
->dnssec-signkey</B
-> program is used to
- sign one child's keyset.</P
-><P
->If the <TT
-CLASS="filename"
->child.example</TT
-> zone has any
- delegations which are secure, for example,
- <TT
-CLASS="filename"
->grand.child.example</TT
->, the
- <TT
-CLASS="filename"
->child.example</TT
-> administrator should receive
- keyset files for each secure subzone. These keys must be signed
- by this zone's zone keys.</P
-><P
->The following command signs the child's key set with the
- zone keys:</P
-><P
-><TT
-CLASS="userinput"
-><B
->dnssec-signkey keyset-grand.child.example. Kchild.example.+003+12345 Kchild.example.+003+23456</B
-></TT
-></P
-><P
->One output file is produced:
- <TT
-CLASS="filename"
->signedkey-grand.child.example.</TT
->. This file
- should be both transmitted back to the child and retained. It
- includes all keys (the child's keys) from the keyset file and
- signatures generated by this zone's zone keys.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="AEN996"
->4.8.4. Signing the Zone</A
+NAME="AEN972"
+>4.8.2. Signing the Zone</A
></H2
><P
>The <B
><P
>Any <TT
CLASS="filename"
->signedkey</TT
-> files corresponding to
- secure subzones should be present, as well as a
- <TT
-CLASS="filename"
->signedkey</TT
-> file for this zone generated by
- the parent (if there is one). The zone signer will generate
- <TT
+>keyset</TT
+> files corresponding
+ to secure subzones should be present. The zone signer will
+ generate <TT
CLASS="literal"
->NXT</TT
+>NSEC</TT
> and <TT
CLASS="literal"
->SIG</TT
-> records for
- the zone, as well as incorporate the zone key signature from the
- parent and indicate the security status at all delegation
- points.</P
+>RRSIG</TT
+>
+ records for the zone, as well as <TT
+CLASS="literal"
+>DS</TT
+> for
+ the child zones if <TT
+CLASS="literal"
+>'-d'</TT
+> is specified.
+ If <TT
+CLASS="literal"
+>'-d'</TT
+> is not specified then DS RRsets for
+ the secure child zones need to be added manually.</P
><P
>The following command signs the zone, assuming it is in a
file called <TT
>named.conf</TT
> as the
input file for the zone.</P
+><P
+><B
+CLASS="command"
+>dnssec-signzone</B
+> will also produce a
+ keyset and dsset files and optionally a dlvset file. These
+ are used to provide the parent zone administators with the
+ <TT
+CLASS="literal"
+>DNSKEYs</TT
+> (or their corresponding <TT
+CLASS="literal"
+>DS</TT
+>
+ records) that are the secure entry point to the zone.</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
-NAME="AEN1012"
->4.8.5. Configuring Servers</A
+NAME="AEN994"
+>4.8.3. Configuring Servers</A
></H2
><P
>Unlike <SPAN
><H1
CLASS="sect1"
><A
-NAME="AEN1019"
+NAME="AEN1001"
>4.9. IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
><H2
CLASS="sect2"
><A
-NAME="AEN1037"
+NAME="AEN1019"
>4.9.1. Address Lookups Using AAAA Records</A
></H2
><P
><H2
CLASS="sect2"
><A
-NAME="AEN1043"
+NAME="AEN1025"
>4.9.2. Address to Name Lookups Using Nibble Format</A
></H2
><P
></DT
><DT
>5.1. <A
-HREF="Bv9ARM.ch05.html#AEN1052"
+HREF="Bv9ARM.ch05.html#AEN1034"
>The Lightweight Resolver Library</A
></DT
><DT
><H1
CLASS="sect1"
><A
-NAME="AEN1052"
+NAME="AEN1034"
>5.1. The Lightweight Resolver Library</A
></H1
><P
></DT
><DT
>6.3. <A
-HREF="Bv9ARM.ch06.html#AEN4036"
+HREF="Bv9ARM.ch06.html#AEN4022"
>Zone File</A
></DT
></DL
><DIV
CLASS="informaltable"
><A
-NAME="AEN1094"
+NAME="AEN1076"
></A
><P
></P
><H3
CLASS="sect3"
><A
-NAME="AEN1259"
+NAME="AEN1241"
>6.1.1.1. Syntax</A
></H3
><PRE
><H3
CLASS="sect3"
><A
-NAME="AEN1267"
+NAME="AEN1249"
>6.1.1.2. Definition and Usage</A
></H3
><P
><H2
CLASS="sect2"
><A
-NAME="AEN1298"
+NAME="AEN1280"
>6.1.2. Comment Syntax</A
></H2
><P
><H3
CLASS="sect3"
><A
-NAME="AEN1303"
+NAME="AEN1285"
>6.1.2.1. Syntax</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN1312"
+NAME="AEN1294"
>6.1.2.2. Definition and Usage</A
></H3
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN1336"
+NAME="AEN1318"
></A
><P
></P
><H2
CLASS="sect2"
><A
-NAME="AEN1419"
+NAME="AEN1401"
>6.2.1. <B
CLASS="command"
>acl</B
><DIV
CLASS="informaltable"
><A
-NAME="AEN1432"
+NAME="AEN1414"
></A
><P
></P
><H2
CLASS="sect2"
><A
-NAME="AEN1463"
+NAME="AEN1445"
>6.2.3. <B
CLASS="command"
>controls</B
><H2
CLASS="sect2"
><A
-NAME="AEN1542"
+NAME="AEN1524"
>6.2.5. <B
CLASS="command"
>include</B
><H2
CLASS="sect2"
><A
-NAME="AEN1547"
+NAME="AEN1529"
>6.2.6. <B
CLASS="command"
>include</B
><H2
CLASS="sect2"
><A
-NAME="AEN1554"
+NAME="AEN1536"
>6.2.7. <B
CLASS="command"
>key</B
><H2
CLASS="sect2"
><A
-NAME="AEN1561"
+NAME="AEN1543"
>6.2.8. <B
CLASS="command"
>key</B
><H2
CLASS="sect2"
><A
-NAME="AEN1581"
+NAME="AEN1563"
>6.2.9. <B
CLASS="command"
>logging</B
><H2
CLASS="sect2"
><A
-NAME="AEN1621"
+NAME="AEN1603"
>6.2.10. <B
CLASS="command"
>logging</B
><H3
CLASS="sect3"
><A
-NAME="AEN1637"
+NAME="AEN1619"
>6.2.10.1. The <B
CLASS="command"
>channel</B
><DIV
CLASS="informaltable"
><A
-NAME="AEN1761"
+NAME="AEN1743"
></A
><P
></P
> option has been
specified.
</P
-></TD
+>
+<P
+> The query log entry reports the client's IP address and port number. The
+query name, class and type. It also reports whether the Recursion Desired
+flag was set (+ if set, - if not set), EDNS was in use (E) or if the
+query was signed (S).</P
+>
+<PRE
+CLASS="programlisting"
+><TT
+CLASS="computeroutput"
+>client 127.0.0.1#62536: query: www.example.com IN AAAA +SE</TT
+>
+<TT
+CLASS="computeroutput"
+>client ::1#62537: query: www.example.net IN AAAA -SE</TT
+>
+</PRE
+>
+</TD
></TR
><TR
><TD
><H2
CLASS="sect2"
><A
-NAME="AEN1887"
+NAME="AEN1873"
>6.2.11. <B
CLASS="command"
>lwres</B
><H2
CLASS="sect2"
><A
-NAME="AEN1911"
+NAME="AEN1897"
>6.2.12. <B
CLASS="command"
>lwres</B
><H2
CLASS="sect2"
><A
-NAME="AEN1930"
+NAME="AEN1916"
>6.2.13. <B
CLASS="command"
>masters</B
><H2
CLASS="sect2"
><A
-NAME="AEN1945"
+NAME="AEN1931"
>6.2.14. <B
CLASS="command"
>masters</B
><H2
CLASS="sect2"
><A
-NAME="AEN1950"
+NAME="AEN1936"
>6.2.15. <B
CLASS="command"
>options</B
><DIV
CLASS="informaltable"
><A
-NAME="AEN2415"
+NAME="AEN2401"
></A
><P
></P
><H3
CLASS="sect3"
><A
-NAME="AEN2695"
+NAME="AEN2681"
>6.2.16.2. Forwarding</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN2714"
+NAME="AEN2700"
>6.2.16.3. 6 to 4 Servers</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN2781"
+NAME="AEN2767"
>6.2.16.5. Interfaces</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN2802"
+NAME="AEN2788"
>6.2.16.6. Query Address</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN2968"
+NAME="AEN2954"
>6.2.16.8. Bad UDP Port Lists</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN2973"
+NAME="AEN2959"
>6.2.16.9. Operating System Resource Limits</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN3010"
+NAME="AEN2996"
>6.2.16.10. Server Resource Limits</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN3051"
+NAME="AEN3037"
>6.2.16.11. Periodic Task Intervals</A
></H3
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN3139"
+NAME="AEN3125"
></A
><P
></P
><DIV
CLASS="informaltable"
><A
-NAME="AEN3283"
+NAME="AEN3269"
></A
><P
></P
><H2
CLASS="sect2"
><A
-NAME="AEN3422"
+NAME="AEN3408"
>6.2.19. <B
CLASS="command"
>trusted-keys</B
><H2
CLASS="sect2"
><A
-NAME="AEN3438"
+NAME="AEN3424"
>6.2.20. <B
CLASS="command"
>trusted-keys</B
><H2
CLASS="sect2"
><A
-NAME="AEN3460"
+NAME="AEN3446"
>6.2.22. <B
CLASS="command"
>view</B
><H2
CLASS="sect2"
><A
-NAME="AEN3635"
+NAME="AEN3621"
>6.2.24. <B
CLASS="command"
>zone</B
><H3
CLASS="sect3"
><A
-NAME="AEN3638"
+NAME="AEN3624"
>6.2.24.1. Zone Types</A
></H3
><DIV
CLASS="informaltable"
><A
-NAME="AEN3640"
+NAME="AEN3626"
></A
><P
></P
><H3
CLASS="sect3"
><A
-NAME="AEN3703"
+NAME="AEN3689"
>6.2.24.2. Class</A
></H3
><P
><H3
CLASS="sect3"
><A
-NAME="AEN3713"
+NAME="AEN3699"
>6.2.24.3. Zone Options</A
></H3
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN3995"
+NAME="AEN3981"
></A
><P
></P
><H1
CLASS="sect1"
><A
-NAME="AEN4036"
+NAME="AEN4022"
>6.3. Zone File</A
></H1
><DIV
><H3
CLASS="sect3"
><A
-NAME="AEN4041"
+NAME="AEN4027"
>6.3.1.1. Resource Records</A
></H3
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4047"
+NAME="AEN4033"
></A
><P
></P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4079"
+NAME="AEN4065"
></A
><P
></P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4231"
+NAME="AEN4217"
></A
><P
></P
><H3
CLASS="sect3"
><A
-NAME="AEN4255"
+NAME="AEN4241"
>6.3.1.2. Textual expression of RRs</A
></H3
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4262"
+NAME="AEN4248"
></A
><P
></P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4328"
+NAME="AEN4314"
></A
><P
></P
><H2
CLASS="sect2"
><A
-NAME="AEN4356"
+NAME="AEN4342"
>6.3.2. Discussion of MX Records</A
></H2
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4362"
+NAME="AEN4348"
></A
><P
></P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4454"
+NAME="AEN4440"
></A
><P
></P
><H2
CLASS="sect2"
><A
-NAME="AEN4477"
+NAME="AEN4463"
>6.3.4. Inverse Mapping in IPv4</A
></H2
><P
><DIV
CLASS="informaltable"
><A
-NAME="AEN4482"
+NAME="AEN4468"
></A
><P
></P
><H2
CLASS="sect2"
><A
-NAME="AEN4504"
+NAME="AEN4490"
>6.3.5. Other Zone File Directives</A
></H2
><P
><H3
CLASS="sect3"
><A
-NAME="AEN4511"
+NAME="AEN4497"
>6.3.5.1. The <B
CLASS="command"
>$ORIGIN</B
><H3
CLASS="sect3"
><A
-NAME="AEN4531"
+NAME="AEN4517"
>6.3.5.2. The <B
CLASS="command"
>$INCLUDE</B
><H3
CLASS="sect3"
><A
-NAME="AEN4551"
+NAME="AEN4537"
>6.3.5.3. The <B
CLASS="command"
>$TTL</B
><H2
CLASS="sect2"
><A
-NAME="AEN4562"
+NAME="AEN4548"
>6.3.6. <SPAN
CLASS="acronym"
>BIND</SPAN
><DIV
CLASS="informaltable"
><A
-NAME="AEN4586"
+NAME="AEN4572"
></A
><P
></P
></DT
><DT
>7.2. <A
-HREF="Bv9ARM.ch07.html#AEN4679"
+HREF="Bv9ARM.ch07.html#AEN4665"
><B
CLASS="command"
>chroot</B
><H1
CLASS="sect1"
><A
-NAME="AEN4679"
+NAME="AEN4665"
>7.2. <B
CLASS="command"
>chroot</B
><H2
CLASS="sect2"
><A
-NAME="AEN4702"
+NAME="AEN4688"
>7.2.1. The <B
CLASS="command"
>chroot</B
><H2
CLASS="sect2"
><A
-NAME="AEN4720"
+NAME="AEN4706"
>7.2.2. Using the <B
CLASS="command"
>setuid</B
></DT
><DT
>8.1. <A
-HREF="Bv9ARM.ch08.html#AEN4741"
+HREF="Bv9ARM.ch08.html#AEN4727"
>Common Problems</A
></DT
><DT
>8.2. <A
-HREF="Bv9ARM.ch08.html#AEN4746"
+HREF="Bv9ARM.ch08.html#AEN4732"
>Incrementing and Changing the Serial Number</A
></DT
><DT
>8.3. <A
-HREF="Bv9ARM.ch08.html#AEN4751"
+HREF="Bv9ARM.ch08.html#AEN4737"
>Where Can I Get Help?</A
></DT
></DL
><H1
CLASS="sect1"
><A
-NAME="AEN4741"
+NAME="AEN4727"
>8.1. Common Problems</A
></H1
><DIV
><H2
CLASS="sect2"
><A
-NAME="AEN4743"
+NAME="AEN4729"
>8.1.1. It's not working; how can I figure out what's wrong?</A
></H2
><P
><H1
CLASS="sect1"
><A
-NAME="AEN4746"
+NAME="AEN4732"
>8.2. Incrementing and Changing the Serial Number</A
></H1
><P
><H1
CLASS="sect1"
><A
-NAME="AEN4751"
+NAME="AEN4737"
>8.3. Where Can I Get Help?</A
></H1
><P
></DT
><DT
>A.1. <A
-HREF="Bv9ARM.ch09.html#AEN4767"
+HREF="Bv9ARM.ch09.html#AEN4753"
>Acknowledgments</A
></DT
><DT
><H1
CLASS="sect1"
><A
-NAME="AEN4767"
+NAME="AEN4753"
>A.1. Acknowledgments</A
></H1
><DIV
><H2
CLASS="sect2"
><A
-NAME="AEN4769"
+NAME="AEN4755"
>A.1.1. A Brief History of the <SPAN
CLASS="acronym"
>DNS</SPAN
><DIV
CLASS="informaltable"
><A
-NAME="AEN4805"
+NAME="AEN4791"
></A
><P
></P
<DIV
CLASS="informaltable"
><A
-NAME="AEN4874"
+NAME="AEN4860"
></A
><P
></P
</P
><H3
><A
-NAME="AEN4942"
+NAME="AEN4928"
>Bibliography</A
></H3
><H2
CLASS="bibliodiv"
><A
-NAME="AEN4943"
+NAME="AEN4929"
>Standards</A
></H2
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4945"
+NAME="AEN4931"
></A
><P
>[RFC974] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4952"
+NAME="AEN4938"
></A
><P
>[RFC1034] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4959"
+NAME="AEN4945"
></A
><P
>[RFC1035] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4968"
+NAME="AEN4954"
></A
><P
>[RFC2181] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4976"
+NAME="AEN4962"
></A
><P
>[RFC2308] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4984"
+NAME="AEN4970"
></A
><P
>[RFC1995] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4992"
+NAME="AEN4978"
></A
><P
>[RFC1996] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN4999"
+NAME="AEN4985"
></A
><P
>[RFC2136] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5016"
+NAME="AEN5002"
></A
><P
>[RFC2845] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5035"
+NAME="AEN5021"
>Proposed Standards Still Under Development</A
></H2
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5040"
+NAME="AEN5026"
></A
><P
>[RFC1886] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5052"
+NAME="AEN5038"
></A
><P
>[RFC2065] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5064"
+NAME="AEN5050"
></A
><P
>[RFC2137] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5072"
+NAME="AEN5058"
>Other Important RFCs About <SPAN
CLASS="acronym"
>DNS</SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5075"
+NAME="AEN5061"
></A
><P
>[RFC1535] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5083"
+NAME="AEN5069"
></A
><P
>[RFC1536] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5104"
+NAME="AEN5090"
></A
><P
>[RFC1982] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5115"
+NAME="AEN5101"
>Resource Record Types</A
></H2
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5117"
+NAME="AEN5103"
></A
><P
>[RFC1183] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5135"
+NAME="AEN5121"
></A
><P
>[RFC1706] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5147"
+NAME="AEN5133"
></A
><P
>[RFC2168] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5158"
+NAME="AEN5144"
></A
><P
>[RFC1876] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5175"
+NAME="AEN5161"
></A
><P
>[RFC2052] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5187"
+NAME="AEN5173"
></A
><P
>[RFC2163] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5195"
+NAME="AEN5181"
></A
><P
>[RFC2230] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5203"
+NAME="AEN5189"
><SPAN
CLASS="acronym"
>DNS</SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5206"
+NAME="AEN5192"
></A
><P
>[RFC1101] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5214"
+NAME="AEN5200"
></A
><P
>[RFC1123] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5221"
+NAME="AEN5207"
></A
><P
>[RFC1591] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5228"
+NAME="AEN5214"
></A
><P
>[RFC2317] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5242"
+NAME="AEN5228"
><SPAN
CLASS="acronym"
>DNS</SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5245"
+NAME="AEN5231"
></A
><P
>[RFC1537] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5253"
+NAME="AEN5239"
></A
><P
>[RFC1912] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5261"
+NAME="AEN5247"
></A
><P
>[RFC2010] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5272"
+NAME="AEN5258"
></A
><P
>[RFC2219] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5284"
+NAME="AEN5270"
>Other <SPAN
CLASS="acronym"
>DNS</SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5290"
+NAME="AEN5276"
></A
><P
>[RFC1464] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5297"
+NAME="AEN5283"
></A
><P
>[RFC1713] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5305"
+NAME="AEN5291"
></A
><P
>[RFC1794] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5313"
+NAME="AEN5299"
></A
><P
>[RFC2240] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5320"
+NAME="AEN5306"
></A
><P
>[RFC2345] <SPAN
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5334"
+NAME="AEN5320"
></A
><P
>[RFC2352] <SPAN
><H2
CLASS="bibliodiv"
><A
-NAME="AEN5341"
+NAME="AEN5327"
>Obsolete and Unimplemented Experimental RRs</A
></H2
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5343"
+NAME="AEN5329"
></A
><P
>[RFC1712] <SPAN
><H2
CLASS="sect2"
><A
-NAME="AEN5364"
+NAME="AEN5350"
>A.3.3. Other Documents About <SPAN
CLASS="acronym"
>BIND</SPAN
></P
><H3
><A
-NAME="AEN5368"
+NAME="AEN5354"
>Bibliography</A
></H3
><DIV
CLASS="biblioentry"
><A
-NAME="AEN5369"
+NAME="AEN5355"
></A
><P
><SPAN
><DL
><DT
>4.8.1. <A
-HREF="Bv9ARM.ch04.html#AEN951"
+HREF="Bv9ARM.ch04.html#AEN952"
>Generating Keys</A
></DT
><DT
>4.8.2. <A
-HREF="Bv9ARM.ch04.html#AEN971"
->Creating a Keyset</A
-></DT
-><DT
->4.8.3. <A
-HREF="Bv9ARM.ch04.html#AEN983"
->Signing the Child's Keyset</A
-></DT
-><DT
->4.8.4. <A
-HREF="Bv9ARM.ch04.html#AEN996"
+HREF="Bv9ARM.ch04.html#AEN972"
>Signing the Zone</A
></DT
><DT
-HREF="Bv9ARM.ch04.html#AEN1012"
+HREF="Bv9ARM.ch04.html#AEN994"
>Configuring Servers</A
></DT
></DL
></DD
><DT
>4.9. <A
-HREF="Bv9ARM.ch04.html#AEN1019"
+HREF="Bv9ARM.ch04.html#AEN1001"
>IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
><DL
><DT
>4.9.1. <A
-HREF="Bv9ARM.ch04.html#AEN1037"
+HREF="Bv9ARM.ch04.html#AEN1019"
>Address Lookups Using AAAA Records</A
></DT
><DT
>4.9.2. <A
-HREF="Bv9ARM.ch04.html#AEN1043"
+HREF="Bv9ARM.ch04.html#AEN1025"
>Address to Name Lookups Using Nibble Format</A
></DT
></DL
><DL
><DT
>5.1. <A
-HREF="Bv9ARM.ch05.html#AEN1052"
+HREF="Bv9ARM.ch05.html#AEN1034"
>The Lightweight Resolver Library</A
></DT
><DT
></DT
><DT
>6.1.2. <A
-HREF="Bv9ARM.ch06.html#AEN1298"
+HREF="Bv9ARM.ch06.html#AEN1280"
>Comment Syntax</A
></DT
></DL
><DL
><DT
>6.2.1. <A
-HREF="Bv9ARM.ch06.html#AEN1419"
+HREF="Bv9ARM.ch06.html#AEN1401"
><B
CLASS="command"
>acl</B
></DT
><DT
>6.2.3. <A
-HREF="Bv9ARM.ch06.html#AEN1463"
+HREF="Bv9ARM.ch06.html#AEN1445"
><B
CLASS="command"
>controls</B
></DT
><DT
>6.2.5. <A
-HREF="Bv9ARM.ch06.html#AEN1542"
+HREF="Bv9ARM.ch06.html#AEN1524"
><B
CLASS="command"
>include</B
></DT
><DT
>6.2.6. <A
-HREF="Bv9ARM.ch06.html#AEN1547"
+HREF="Bv9ARM.ch06.html#AEN1529"
><B
CLASS="command"
>include</B
></DT
><DT
>6.2.7. <A
-HREF="Bv9ARM.ch06.html#AEN1554"
+HREF="Bv9ARM.ch06.html#AEN1536"
><B
CLASS="command"
>key</B
></DT
><DT
>6.2.8. <A
-HREF="Bv9ARM.ch06.html#AEN1561"
+HREF="Bv9ARM.ch06.html#AEN1543"
><B
CLASS="command"
>key</B
></DT
><DT
>6.2.9. <A
-HREF="Bv9ARM.ch06.html#AEN1581"
+HREF="Bv9ARM.ch06.html#AEN1563"
><B
CLASS="command"
>logging</B
></DT
><DT
>6.2.10. <A
-HREF="Bv9ARM.ch06.html#AEN1621"
+HREF="Bv9ARM.ch06.html#AEN1603"
><B
CLASS="command"
>logging</B
></DT
><DT
>6.2.11. <A
-HREF="Bv9ARM.ch06.html#AEN1887"
+HREF="Bv9ARM.ch06.html#AEN1873"
><B
CLASS="command"
>lwres</B
></DT
><DT
>6.2.12. <A
-HREF="Bv9ARM.ch06.html#AEN1911"
+HREF="Bv9ARM.ch06.html#AEN1897"
><B
CLASS="command"
>lwres</B
></DT
><DT
>6.2.13. <A
-HREF="Bv9ARM.ch06.html#AEN1930"
+HREF="Bv9ARM.ch06.html#AEN1916"
><B
CLASS="command"
>masters</B
></DT
><DT
>6.2.14. <A
-HREF="Bv9ARM.ch06.html#AEN1945"
+HREF="Bv9ARM.ch06.html#AEN1931"
><B
CLASS="command"
>masters</B
></DT
><DT
>6.2.15. <A
-HREF="Bv9ARM.ch06.html#AEN1950"
+HREF="Bv9ARM.ch06.html#AEN1936"
><B
CLASS="command"
>options</B
></DT
><DT
>6.2.19. <A
-HREF="Bv9ARM.ch06.html#AEN3422"
+HREF="Bv9ARM.ch06.html#AEN3408"
><B
CLASS="command"
>trusted-keys</B
></DT
><DT
>6.2.20. <A
-HREF="Bv9ARM.ch06.html#AEN3438"
+HREF="Bv9ARM.ch06.html#AEN3424"
><B
CLASS="command"
>trusted-keys</B
></DT
><DT
>6.2.22. <A
-HREF="Bv9ARM.ch06.html#AEN3460"
+HREF="Bv9ARM.ch06.html#AEN3446"
><B
CLASS="command"
>view</B
></DT
><DT
>6.2.24. <A
-HREF="Bv9ARM.ch06.html#AEN3635"
+HREF="Bv9ARM.ch06.html#AEN3621"
><B
CLASS="command"
>zone</B
></DD
><DT
>6.3. <A
-HREF="Bv9ARM.ch06.html#AEN4036"
+HREF="Bv9ARM.ch06.html#AEN4022"
>Zone File</A
></DT
><DD
></DT
><DT
>6.3.2. <A
-HREF="Bv9ARM.ch06.html#AEN4356"
+HREF="Bv9ARM.ch06.html#AEN4342"
>Discussion of MX Records</A
></DT
><DT
></DT
><DT
>6.3.4. <A
-HREF="Bv9ARM.ch06.html#AEN4477"
+HREF="Bv9ARM.ch06.html#AEN4463"
>Inverse Mapping in IPv4</A
></DT
><DT
>6.3.5. <A
-HREF="Bv9ARM.ch06.html#AEN4504"
+HREF="Bv9ARM.ch06.html#AEN4490"
>Other Zone File Directives</A
></DT
><DT
>6.3.6. <A
-HREF="Bv9ARM.ch06.html#AEN4562"
+HREF="Bv9ARM.ch06.html#AEN4548"
><SPAN
CLASS="acronym"
>BIND</SPAN
></DT
><DT
>7.2. <A
-HREF="Bv9ARM.ch07.html#AEN4679"
+HREF="Bv9ARM.ch07.html#AEN4665"
><B
CLASS="command"
>chroot</B
><DL
><DT
>7.2.1. <A
-HREF="Bv9ARM.ch07.html#AEN4702"
+HREF="Bv9ARM.ch07.html#AEN4688"
>The <B
CLASS="command"
>chroot</B
></DT
><DT
>7.2.2. <A
-HREF="Bv9ARM.ch07.html#AEN4720"
+HREF="Bv9ARM.ch07.html#AEN4706"
>Using the <B
CLASS="command"
>setuid</B
><DL
><DT
>8.1. <A
-HREF="Bv9ARM.ch08.html#AEN4741"
+HREF="Bv9ARM.ch08.html#AEN4727"
>Common Problems</A
></DT
><DD
><DL
><DT
>8.1.1. <A
-HREF="Bv9ARM.ch08.html#AEN4743"
+HREF="Bv9ARM.ch08.html#AEN4729"
>It's not working; how can I figure out what's wrong?</A
></DT
></DL
></DD
><DT
>8.2. <A
-HREF="Bv9ARM.ch08.html#AEN4746"
+HREF="Bv9ARM.ch08.html#AEN4732"
>Incrementing and Changing the Serial Number</A
></DT
><DT
>8.3. <A
-HREF="Bv9ARM.ch08.html#AEN4751"
+HREF="Bv9ARM.ch08.html#AEN4737"
>Where Can I Get Help?</A
></DT
></DL
><DL
><DT
>A.1. <A
-HREF="Bv9ARM.ch09.html#AEN4767"
+HREF="Bv9ARM.ch09.html#AEN4753"
>Acknowledgments</A
></DT
><DD
><DL
><DT
>A.1.1. <A
-HREF="Bv9ARM.ch09.html#AEN4769"
+HREF="Bv9ARM.ch09.html#AEN4755"
>A Brief History of the <SPAN
CLASS="acronym"
>DNS</SPAN
></DT
><DT
>A.3.3. <A
-HREF="Bv9ARM.ch09.html#AEN5364"
+HREF="Bv9ARM.ch09.html#AEN5350"
>Other Documents About <SPAN
CLASS="acronym"
>BIND</SPAN
projects / thirdparty / bind9.git / commitdiff
