From: Evan Hunt <each@isc.org>
Date: Tue, 27 May 2008 22:07:34 +0000 (+0000)
Subject: Update for 9.4.2-P1
X-Git-Tag: v9.4.2-P1^2~2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2ef2b4dbcf30fb4aa262f343995c7149fb7537a4;p=thirdparty%2Fbind9.git

Update for 9.4.2-P1
---

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index d829a177a3d..59b9cf59a2c 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.73 2007/10/31 01:35:58 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.73.8.1 2008/05/27 22:07:34 each Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -3078,10 +3078,18 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
             a wildcard IP address (<span><strong class="command">INADDR_ANY</strong></span>)
             will be used.
             If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
-            a random unprivileged port will be used. The <span><strong class="command">avoid-v4-udp-ports</strong></span>
-            and <span><strong class="command">avoid-v6-udp-ports</strong></span> options can be used
-            to prevent named
-            from selecting certain ports. The defaults are:
+	    a random unprivileged port number is picked up and will be
+            used for each query.
+	    It is generally strongly discouraged to
+	    specify a particular port for the
+	    <span><strong class="command">query-source</strong></span> or
+	    <span><strong class="command">query-source-v6</strong></span>
+	    options; it implicitly disables the use of randomized port numbers
+	    and leads to insecure operation.
+	    The <span><strong class="command">avoid-v4-udp-ports</strong></span>
+	    and <span><strong class="command">avoid-v6-udp-ports</strong></span> options can be used
+	    to prevent named
+	    from selecting certain ports. The defaults are:
           </p>
 <pre class="programlisting">query-source address * port *;
 query-source-v6 address * port *;