From: Automatic Updater Date: Fri, 3 Apr 2009 01:52:23 +0000 (+0000) Subject: regen X-Git-Tag: v9.6.1rc1~31 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=324ee987c2ea5ba10f6829c77d27b1d275ec6e62;p=thirdparty%2Fbind9.git regen --- diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index 9bcd1fe2005..320a8675837 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -89,23 +89,23 @@

Organization of This Document

- In this document, Section 1 introduces - the basic DNS and BIND concepts. Section 2 + In this document, Chapter 1 introduces + the basic DNS and BIND concepts. Chapter 2 describes resource requirements for running BIND in various - environments. Information in Section 3 is + environments. Information in Chapter 3 is task-oriented in its presentation and is organized functionally, to aid in the process of installing the BIND 9 software. The task-oriented section is followed by - Section 4, which contains more advanced + Chapter 4, which contains more advanced concepts that the system administrator may need for implementing - certain options. Section 5 + certain options. Chapter 5 describes the BIND 9 lightweight - resolver. The contents of Section 6 are + resolver. The contents of Chapter 6 are organized as in a reference manual to aid in the ongoing - maintenance of the software. Section 7 addresses + maintenance of the software. Chapter 7 addresses security considerations, and - Section 8 contains troubleshooting help. The + Chapter 8 contains troubleshooting help. The main body of the document is followed by several appendices which contain useful reference information, such as a bibliography and diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 53d5cb33fb8..9964823153f 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -54,12 +54,12 @@

Name Server Operations
Tools for Use With the Name Server Daemon
-
Signals
+
Signals

- In this section we provide some suggested configurations along + In this chapter we provide some suggested configurations along with guidelines for their use. We suggest reasonable values for certain option settings.

@@ -315,7 +315,7 @@ zone "eng.example.com" {

dig [@server] domain [query-type] [query-class] [+query-option] [-dig-option] [%comment]

- The usual simple use of dig will take the form + The usual simple use of dig will take the form

dig @server domain query-type query-class @@ -541,8 +541,8 @@ zone "eng.example.com" { Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones. - If -p is specified named's process id is returned. - This allows an external process to determine when named + If -p is specified named's process id is returned. + This allows an external process to determine when named had completed stopping.

halt [-p]
@@ -551,8 +551,8 @@ zone "eng.example.com" { made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted. - If -p is specified named's process id is returned. - This allows an external process to determine when named + If -p is specified named's process id is returned. + This allows an external process to determine when named had completed halting.

trace
@@ -586,7 +586,7 @@ zone "eng.example.com" {

recursing

- Dump the list of queries named is currently recursing + Dump the list of queries named is currently recursing on.

validation @@ -661,7 +661,7 @@ zone "eng.example.com" { with named. Its syntax is identical to the - key statement in named.conf. + key statement in named.conf. The keyword key is followed by a key name, which must be a valid domain name, though it need not actually be hierarchical; @@ -749,7 +749,7 @@ controls {

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index c3096f89379..123098e1ecc 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -49,29 +49,29 @@

Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
-
Example split DNS setup
+
Split DNS
+
Example split DNS setup
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format
@@ -95,10 +95,10 @@

Note

- As a slave zone can also be a master to other slaves, named, + As a slave zone can also be a master to other slaves, named, by default, sends NOTIFY messages for every zone it loads. Specifying notify master-only; will - cause named to only send NOTIFY for master + cause named to only send NOTIFY for master zones that it loads.
@@ -210,7 +210,7 @@

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a @@ -240,7 +240,7 @@

-Example split DNS setup

+Example split DNS setup

Let's say a company named Example, Inc. (example.com) @@ -486,7 +486,7 @@ nameserver 172.16.72.4

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must @@ -494,7 +494,7 @@ nameserver 172.16.72.4

-Automatic Generation

+Automatic Generation

The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys @@ -519,7 +519,7 @@ nameserver 172.16.72.4

-Manual Generation

+Manual Generation

The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming @@ -534,7 +534,7 @@ nameserver 172.16.72.4

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc. @@ -542,7 +542,7 @@ nameserver 172.16.72.4

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

Imagine host1 and host 2 are @@ -555,7 +555,7 @@ key host1-host2. { };

- The algorithm, hmac-md5, is the only one supported by BIND. + The algorithm, hmac-md5, is the only one supported by BIND. The secret is the one generated above. Since this is a secret, it is recommended that either named.conf be non-world readable, or the key directive be added to a non-world readable @@ -571,7 +571,7 @@ key host1-host2. {

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the named.conf file @@ -603,7 +603,7 @@ server 10.1.2.3 {

-TSIG Key Based Access Control

+TSIG Key Based Access Control

BIND allows IP addresses and ranges to be specified in ACL @@ -614,7 +614,7 @@ server 10.1.2.3 { be denoted key host1-host2.

- An example of an allow-update directive would be: + An example of an allow-update directive would be: 

 allow-update { key host1-host2. ;};
@@ -631,7 +631,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Errors

+Errors

 

           The processing of TSIG signed messages can result in
           several errors. If a signed message is sent to a non-TSIG aware
@@ -657,7 +657,7 @@ allow-update { key host1-host2. ;};
 
 

 

-TKEY

+TKEY

 
TKEY
         is a mechanism for automatically generating a shared secret
         between two hosts.  There are several "modes" of
@@ -693,10 +693,10 @@ allow-update { key host1-host2. ;};
 
 

 

-SIG(0)

+SIG(0)

 

         BIND 9 partially supports DNSSEC SIG(0)
-            transaction signatures as specified in RFC 2535 and RFC2931.
+            transaction signatures as specified in RFC 2535 and RFC 2931.
         SIG(0)
         uses public/private keys to authenticate messages.  Access control
         is performed in the same manner as TSIG keys; privileges can be
@@ -754,7 +754,7 @@ allow-update { key host1-host2. ;};
       

 

 

-Generating Keys

+Generating Keys

 

           The dnssec-keygen program is used to
           generate keys.
@@ -810,7 +810,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Signing the Zone

+Signing the Zone

 

           The dnssec-signzone program is used
           to sign a zone.
@@ -852,7 +852,7 @@ allow-update { key host1-host2. ;};
 
 

 

-Configuring Servers

+Configuring Servers

 

           To enable named to respond appropriately
           to DNS requests from DNSSEC aware clients,
@@ -889,7 +889,7 @@ allow-update { key host1-host2. ;};
           more public keys for the root.  This allows answers from
           outside the organization to be validated.  It will also
           have several keys for parts of the namespace the organization
-          controls.  These are here to ensure that named is immune
+          controls.  These are here to ensure that named is immune
           to compromises in the DNSSEC components of the security
           of parent zones.
         

@@ -940,7 +940,7 @@ options {
 
 

 

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

 

         BIND 9 fully supports all currently
         defined forms of IPv6
@@ -979,7 +979,7 @@ options {
       

 

 

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

 

           The IPv6 AAAA record is a parallel to the IPv4 A record,
           and, unlike the deprecated A6 record, specifies the entire
@@ -998,7 +998,7 @@ host            3600    IN      AAAA    2001:db8::1
 
 

 

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

 

           When looking up an address in nibble format, the address
           components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 6ec2198e58f..addc97ac643 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,13 +45,13 @@
 

 
Table of Contents

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 

 

 

-The Lightweight Resolver Library

+The Lightweight Resolver Library

 

         Traditionally applications have been linked with a stub resolver
         library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 7c2ddf13e5d..10b7fd55580 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,38 +48,38 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

-
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
-            Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

+
statistics-channels Statement Grammar

+
statistics-channels Statement Definition and
+            Usage

 
trusted-keys Statement Grammar

 
trusted-keys Statement Definition
             and Usage

@@ -94,9 +94,9 @@
 
Types of Resource Records and When to Use Them

 
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -461,7 +461,7 @@
 Address Match Lists
 

 

-Syntax

+Syntax

 
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -470,7 +470,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -512,8 +512,8 @@
           

 

             The interpretation of a match depends on whether the list is being
-            used for access control, defining listen-on ports, or in a
-            sortlist, and whether the element was negated.
+            used for access control, defining listen-on ports, or in a
+            sortlist, and whether the element was negated.
           

 

             When used as an access control list, a non-negated match
@@ -530,7 +530,7 @@
             allow-update,
             allow-update-forwarding, and
             blackhole all use address match
-            lists.  Similarly, the listen-on option will cause the
+            lists.  Similarly, the listen-on option will cause the
             server to refuse queries on any of the machine's
             addresses which do not match the list.
           

@@ -554,7 +554,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -564,7 +564,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -579,7 +579,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -610,8 +610,6 @@
             slash) and continue to the end of the physical line. They cannot
             be continued across multiple physical lines; to have one logical
             comment span multiple lines, each line must use the // pair.
-          

-

             For example:
           

 

@@ -629,8 +627,6 @@
             with the character # (number sign)
             and continue to the end of the
             physical line, as in C++ comments.
-          

-

             For example:
           

 

@@ -764,23 +760,23 @@
 
 
 
-                
statistics-channels

+                
server

               
 
                 

-                  declares communication channels to get access to
-                  named statistics.
+                  sets certain configuration options on
+                  a per-server basis.
                 

               
 
 
 
-                
server

+                
statistics-channels

               
 
                 

-                  sets certain configuration options on
-                  a per-server basis.
+                  declares communication channels to get access to
+                  named statistics.
                 

               
 
@@ -824,7 +820,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name {
     address_match_list
 };
@@ -906,7 +902,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    [ inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys { key_list }; ]
@@ -1028,12 +1024,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -1048,7 +1044,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1057,7 +1053,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1104,7 +1100,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path_name
@@ -1128,7 +1124,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1162,7 +1158,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1324,7 +1320,7 @@ notrace. All debugging messages in the server have a debug
             the date and time will be logged. print-time may
             be specified for a syslog channel,
             but is usually
-            pointless since syslog also prints
+            pointless since syslog also logs
             the date and
             time. If print-category is
             requested, then the
@@ -1558,7 +1554,7 @@ category notify { null; };
                   
 
                     

-                      Messages that named was unable to determine the
+                      Messages that named was unable to determine the
                       class of or for which there was no matching view.
                       A one line summary is also logged to the client category.
                       This category is best sent to a file or stderr, by
@@ -1713,7 +1709,7 @@ category notify { null; };
                       number of false-positive reports.
                     

                     

-                      Note: eventually named will have to stop
+                      Note: eventually named will have to stop
                       treating such timeouts as due to RFC 1034 non
                       compliance and start treating it as plain
                       packet loss.  Falsely classifying packet
@@ -1728,7 +1724,7 @@ category notify { null; };
 
 

 

-The query-errors Category

+The query-errors Category

 

             The query-errors category is
             specifically intended for debugging purposes: To identify
@@ -1948,7 +1944,7 @@ category notify { null; };
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1963,7 +1959,7 @@ category notify { null; };
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -2014,14 +2010,14 @@ category notify { null; };
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] };
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
           lists allow for a common set of masters to be easily used by
@@ -2030,7 +2026,7 @@ category notify { null; };
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -2267,7 +2263,7 @@ category notify { null; };
                 client requests a TKEY exchange,
                 it may or may not specify the desired name for the
                 key. If present, the name of the shared key will
-                will be client specified part +
+                be client specified part +
                 tkey-domain.  Otherwise, the
                 name of the shared key will be random hex
                 digits + tkey-domain.
@@ -2310,7 +2306,7 @@ category notify { null; };
                 The pathname of the file the server writes its process ID
                 in. If not specified, the default is
                 /var/run/named/named.pid.
-                The pid-file is used by programs that want to send signals to
+                The PID file is used by programs that want to send signals to
                 the running
                 name server. Specifying pid-file none disables the
                 use of a PID file — no file will be written and any
@@ -2405,7 +2401,7 @@ options {
                 top of a zone.  When a DNSKEY is at or below a domain
                 specified by the
                 deepest dnssec-lookaside, and
-                the normal dnssec validation
+                the normal DNSSEC validation
                 has left the key untrusted, the trust-anchor will be append to
                 the key
                 name and a DLV record will be looked up to see if it can
@@ -2418,10 +2414,10 @@ options {
 

                 Specify hierarchies which must be or may not be secure (signed and
                 validated).
-                If yes, then named will only accept
+                If yes, then named will only accept
                 answers if they
                 are secure.
-                If no, then normal dnssec validation
+                If no, then normal DNSSEC validation
                 applies
                 allowing for insecure answers to be accepted.
                 The specified domain must be under a trusted-key or
@@ -3013,21 +3009,21 @@ options {
 

                   This should be set when you have multiple masters for a zone
                   and the
-                  addresses refer to different machines.  If yes, named will
+                  addresses refer to different machines.  If yes, named will
                   not log
-                  when the serial number on the master is less than what named
+                  when the serial number on the master is less than what named
                   currently
                   has.  The default is no.
                 

 
dnssec-enable

 

-                  Enable DNSSEC support in named.  Unless set to yes,
-                  named behaves as if it does not support DNSSEC.
+                  Enable DNSSEC support in named.  Unless set to yes,
+                  named behaves as if it does not support DNSSEC.
                   The default is yes.
                 

 
dnssec-validation

 

-                  Enable DNSSEC validation in named.
+                  Enable DNSSEC validation in named.
                   Note dnssec-enable also needs to be
                   set to yes to be effective.
                   The default is yes.
@@ -3036,11 +3032,11 @@ options {
 

                   Accept expired signatures when verifying DNSSEC signatures.
                   The default is no.
-                  Setting this option to "yes" leaves named vulnerable to replay attacks.
+                  Setting this option to "yes" leaves named vulnerable to replay attacks.
                 

 
querylog

 

-                  Specify whether query logging should be started when named
+                  Specify whether query logging should be started when named
                   starts.
                   If querylog is not specified,
                   then the query logging
@@ -3155,7 +3151,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -3199,7 +3195,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -3396,11 +3392,11 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
-            an optional port, and an address_match_list.
+            an optional port and an address_match_list.
             The server will listen on all interfaces allowed by the address
             match list. If a port is not specified, port 53 will be used.
           

@@ -3471,9 +3467,9 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
 

             If no listen-on-v6 option is
             specified, the server will not listen on any IPv6 address
-            unless -6 is specified when named is
+            unless -6 is specified when named is
             invoked.  If -6 is specified then
-            named will listen on port 53 on all IPv6 interfaces by default.
+            named will listen on port 53 on all IPv6 interfaces by default.
           

 
 

@@ -3624,7 +3620,12 @@ avoid-v6-udp-ports {};
                   zone is loaded, in addition to the servers listed in the
                   zone's NS records.
                   This helps to ensure that copies of the zones will
-                  quickly converge on stealth servers. If an also-notify list
+                  quickly converge on stealth servers.
+                  Optionally, a port may be specified with each
+                  also-notify address to send
+                  the notify messages to a port other than the
+                  default of 53.
+                  If an also-notify list
                   is given in a zone statement,
                   it will override
                   the options also-notify
@@ -3791,7 +3792,7 @@ avoid-v6-udp-ports {};
                   to be used, you should set
                   use-alt-transfer-source
                   appropriately and you should not depend upon
-                  getting a answer back to the first refresh
+                  getting an answer back to the first refresh
                   query.
                 

 

@@ -3843,7 +3844,7 @@ avoid-v6-udp-ports {};
 
 

 

-UDP Port Lists

+UDP Port Lists

 

             use-v4-udp-ports,
             avoid-v4-udp-ports,
@@ -3885,7 +3886,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3999,7 +4000,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

                   The number of file descriptors reserved for TCP, stdio,
                   etc.  This needs to be big enough to cover the number of
-                  interfaces named listens on, tcp-clients as well as
+                  interfaces named listens on, tcp-clients as well as
                   to provide room for outgoing TCP queries and incoming zone
                   transfers.  The default is 512.
                   The minimum value is 128 and the
@@ -4047,7 +4048,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -4487,22 +4488,23 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

 
edns-udp-size

 

-                  Sets the advertised EDNS UDP buffer size in bytes.  Valid
-                  values are 512 to 4096 (values outside this range
-                  will be silently adjusted).  The default value is
-                  4096.  The usual reason for setting edns-udp-size to
-                  a non-default value is to get UDP answers to pass
-                  through broken firewalls that block fragmented
-                  packets and/or block UDP packets that are greater
-                  than 512 bytes.
+                  Sets the advertised EDNS UDP buffer size in bytes
+                  to control the size of packets received.
+                  Valid values are 512 to 4096 (values outside this range
+                  will be silently adjusted).  The default value
+                  is 4096.  The usual reason for setting
+                  edns-udp-size to a non-default
+                  value is to get UDP answers to pass through broken
+                  firewalls that block fragmented packets and/or
+                  block UDP packets that are greater than 512 bytes.
                 

 
max-udp-size

 

-                  Sets the maximum EDNS UDP message size named will
+                  Sets the maximum EDNS UDP message size named will
                   send in bytes.  Valid values are 512 to 4096 (values outside
                   this range will be silently adjusted).  The default
                   value is 4096.  The usual reason for setting
-                  max-udp-size to a non-default value is to get UDP
+                  max-udp-size to a non-default value is to get UDP
                   answers to pass through broken firewalls that
                   block fragmented packets and/or block UDP packets
                   that are greater than 512 bytes.
@@ -4542,14 +4544,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   initial value (minimum) and maximum number of recursive
                   simultaneous clients for any given query
                   (<qname,qtype,qclass>) that the server will accept
-                  before dropping additional clients.  named will attempt to
+                  before dropping additional clients.  named will attempt to
                   self tune this value and changes will be logged.  The
                   default values are 10 and 100.
                 

 

                   This value should reflect how many queries come in for
                   a given name in the time it takes to resolve that name.
-                  If the number of queries exceed this value, named will
+                  If the number of queries exceed this value, named will
                   assume that it is dealing with a non-responsive zone
                   and will drop additional queries.  If it gets a response
                   after dropping queries, it will raise the estimate.  The
@@ -4630,7 +4632,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   identify which of a group of anycast servers is actually
                   answering your queries.  Specifying server-id none;
                   disables processing of the queries.
-                  Specifying server-id hostname; will cause named to
+                  Specifying server-id hostname; will cause named to
                   use the hostname as found by the gethostname() function.
                   The default server-id is none.
                 

@@ -4651,7 +4653,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
             loopback address and the IPv6 unknown address.
           

 

-            Named will attempt to determine if a built in zone already exists
+            Named will attempt to determine if a built-in zone already exists
             or is active (covered by a forward-only forwarding declaration)
             and will not create a empty zone in that case.
           

@@ -4699,7 +4701,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
Note

             The real parent servers for these zones should disable all
             empty zone under the parent zone they serve.  For the real
-            root servers, this is all built in empty zones.  This will
+            root servers, this is all built-in empty zones.  This will
             enable them to return referrals to deeper in the tree.
           

 

@@ -4821,66 +4823,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

 

 

-statistics-channels Statement Grammar

-
statistics-channels {
-   [ inet ( ip_addr | * ) [ port ip_port ] [allow {  address_match_list  } ]; ]
-   [ inet ...; ]
-};
-

-

-

-

-statistics-channels Statement Definition and
-            Usage

-

-          The statistics-channels statement
-          declares communication channels to be used by system
-          administrators to get access to statistics information of
-          the name server.
-        

-

-          This statement intends to be flexible to support multiple
-          communication protocols in the future, but currently only
-          HTTP access is supported.
-          It requires that BIND 9 be compiled with libxml2;
-          the statistics-channels statement is
-          still accepted even if it is built without the library,
-          but any HTTP access will fail with an error.
-        

-

-          An inet control channel is a TCP socket
-          listening at the specified ip_port on the
-          specified ip_addr, which can be an IPv4 or IPv6
-          address.  An ip_addr of * (asterisk) is
-          interpreted as the IPv4 wildcard address; connections will be
-          accepted on any of the system's IPv4 addresses.
-          To listen on the IPv6 wildcard address,
-          use an ip_addr of ::.
-        

-

-          If no port is specified, port 80 is used for HTTP channels.
-          The asterisk "*" cannot be used for
-          ip_port.
-        

-

-          The attempt of opening a statistics channel is
-          restricted by the optional allow clause.
-          Connections to the statistics channel are permitted based on the
-          address_match_list.
-          If no allow clause is present,
-          named accepts connection
-          attempts from any address; since the statistics may
-          contain sensitive internal information, it is highly
-          recommended to restrict the source of connection requests
-          appropriately.
-        

-

-          If no statistics-channels statement is present,
-          named will not open any communication channels.
-        

-

-

-

 server Statement Grammar

 
server ip_addr[/prefixlen] {
     [ bogus yes_or_no ; ]
@@ -4984,7 +4926,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
           

 

             The edns-udp-size option sets the EDNS UDP size
-            that is advertised by named when querying the remote server.
+            that is advertised by named when querying the remote server.
             Valid values are 512 to 4096 bytes (values outside this range will be
             silently adjusted).  This option is useful when you wish to
             advertises a different value to this server than the value you
@@ -4993,11 +4935,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
           

 

             The max-udp-size option sets the
-            maximum EDNS UDP message size named will send.  Valid
+            maximum EDNS UDP message size named will send.  Valid
             values are 512 to 4096 bytes (values outside this range will
             be silently adjusted).  This option is useful when you
             know that there is a firewall that is blocking large
-            replies from named.
+            replies from named.
           

 

             The server supports two zone transfer methods. The first, one-answer,
@@ -5075,6 +5017,66 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

 

 

+statistics-channels Statement Grammar

+
statistics-channels {
+   [ inet ( ip_addr | * ) [ port ip_port ] [allow {  address_match_list  } ]; ]
+   [ inet ...; ]
+};
+

+

+

+

+statistics-channels Statement Definition and
+            Usage

+

+          The statistics-channels statement
+          declares communication channels to be used by system
+          administrators to get access to statistics information of
+          the name server.
+        

+

+          This statement intends to be flexible to support multiple
+          communication protocols in the future, but currently only
+          HTTP access is supported.
+          It requires that BIND 9 be compiled with libxml2;
+          the statistics-channels statement is
+          still accepted even if it is built without the library,
+          but any HTTP access will fail with an error.
+        

+

+          An inet control channel is a TCP socket
+          listening at the specified ip_port on the
+          specified ip_addr, which can be an IPv4 or IPv6
+          address.  An ip_addr of * (asterisk) is
+          interpreted as the IPv4 wildcard address; connections will be
+          accepted on any of the system's IPv4 addresses.
+          To listen on the IPv6 wildcard address,
+          use an ip_addr of ::.
+        

+

+          If no port is specified, port 80 is used for HTTP channels.
+          The asterisk "*" cannot be used for
+          ip_port.
+        

+

+          The attempt of opening a statistics channel is
+          restricted by the optional allow clause.
+          Connections to the statistics channel are permitted based on the
+          address_match_list.
+          If no allow clause is present,
+          named accepts connection
+          attempts from any address; since the statistics may
+          contain sensitive internal information, it is highly
+          recommended to restrict the source of connection requests
+          appropriately.
+        

+

+          If no statistics-channels statement is present,
+          named will not open any communication channels.
+        

+

+

+

 trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
@@ -5462,7 +5464,7 @@ zone zone_name [ex/example.com where ex/ is
                         just the first two letters of the zone name. (Most
                         operating systems
-                        behave very slowly if you put 100 000 files into
+                        behave very slowly if you put 100000 files into
                         a single directory.)
                       

                     
@@ -6955,7 +6957,7 @@ zone zone_name [
 

 

-Textual expression of RRs

+Textual expression of RRs

 

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -7192,8 +7194,6 @@ zone zone_name [
-

             For example:
           

 

@@ -7416,7 +7416,7 @@ zone zone_name [
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

 

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -7477,7 +7477,7 @@ zone zone_name [
 

 

-Other Zone File Directives

+Other Zone File Directives

 

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -7492,7 +7492,7 @@ zone zone_name [
 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

 

               Syntax: $ORIGIN
               domain-name
@@ -7520,7 +7520,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

 

               Syntax: $INCLUDE
               filename
@@ -7556,7 +7556,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

 

               Syntax: $TTL
               default-ttl
@@ -7575,7 +7575,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

 

             Syntax: $GENERATE
             range
@@ -7679,7 +7679,7 @@ $GENERATE 1-127 $ CNAME $.0
                     

                       Specifies the time-to-live of the generated records. If
                       not specified this will be inherited using the
-                      normal ttl inheritance rules.
+                      normal TTL inheritance rules.
                     

                     
class
                       and ttl can be
@@ -7966,7 +7966,7 @@ $GENERATE 1-127 $ CNAME $.0
           

 

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 
@@ -8523,7 +8523,7 @@ $GENERATE 1-127 $ CNAME $.0

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 
 

 
 
 
@@ -8677,7 +8677,7 @@ $GENERATE 1-127 $ CNAME $.0

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 
 

 
 
 
@@ -9053,7 +9053,7 @@ $GENERATE 1-127 $ CNAME $.0

 

-Socket I/O Statistics Counters

+Socket I/O Statistics Counters

               Socket I/O statistics counters are defined per socket
               types, which are
@@ -9208,7 +9208,7 @@ $GENERATE 1-127 $ CNAME $.0
 
 

 

-Compatibility with BIND 8 Counters

+Compatibility with BIND 8 Counters

               Most statistics counters that were available
               in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 029bd8b96b8..80ba6e3c546 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,9 +46,9 @@
 
Table of Contents

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

+
The chroot Environment

 
Using the setuid Function

 

 
Dynamic Update Security

@@ -58,7 +58,7 @@
 

 Access Control Lists

 

-          Access Control Lists (ACLs), are address match lists that
+          Access Control Lists (ACLs) are address match lists that
           you can set up and nickname for future use in allow-notify,
           allow-query, allow-query-on,
           allow-recursion, allow-recursion-on,
@@ -119,14 +119,16 @@ zone "example.com" {
 
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

-          On UNIX servers, it is possible to run BIND in a chrooted environment
-          (using the chroot() function) by specifying the "-t"
-          option. This can help improve system security by placing BIND in
-          a "sandbox", which will limit the damage done if a server is
-          compromised.
+          On UNIX servers, it is possible to run BIND
+          in a chrooted environment (using
+          the chroot() function) by specifying
+          the "-t" option for named.
+          This can help improve system security by placing
+          BIND in a "sandbox", which will limit
+          the damage done if a server is compromised.
         

 

           Another useful feature in the UNIX version of BIND is the
@@ -139,11 +141,11 @@ zone "example.com" {
           user 202:
         

 

-          /usr/local/bin/named -u 202 -t /var/named
+          /usr/local/sbin/named -u 202 -t /var/named
         

 

 

-The chroot Environment

+The chroot Environment

 

             In order for a chroot environment
             to
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index ac13cae8003..65ca623f8a4 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

 

-Common Problems

+Common Problems

 

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

 

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

 

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

 

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index be869542a59..3664b99fc34 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,21 +45,21 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 

 A Brief History of the DNS and BIND
@@ -148,11 +148,9 @@
             BIND architecture.
           

 

-            BIND version 4 is officially deprecated and BIND version
-            8 development is considered maintenance-only in favor
-            of BIND version 9. No additional development is done
-            on BIND version 4 or BIND version 8 other than for
-            security-related patches.
+            BIND versions 4 and 8 are officially deprecated.
+            No additional development is done
+            on BIND version 4 or BIND version 8.
           

 

             BIND development work is made
@@ -164,7 +162,7 @@
 

 

 

-General DNS Reference Information

+General DNS Reference Information

 

 

 IPv6 addresses (AAAA)

@@ -252,17 +250,17 @@
           

 

 

-Bibliography

+Bibliography

 

 
Standards

 

-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

 

 

-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

 

 

-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
                   Specification. November 1987. 

 

 

@@ -270,42 +268,42 @@
 

 Proposed Standards

 

-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
+
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
                   Specification. July 1997. 

 

 

-
[RFC2308] M. Andrews. Negative Caching of DNS
+
[RFC2308] M. Andrews. Negative Caching of DNS
                   Queries. March 1998. 

 

 

-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

 

 

-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

 

 

-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

 

 

-
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

+
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

 

 

-
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

+
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

 

 

-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

 

 

-
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

+
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

 

 

-
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

+
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

 

 

-
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

+
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

 

 

-
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
+
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
                        Key Transaction Authentication for DNS
                        (GSS-TSIG). October 2003. 

 

@@ -314,19 +312,19 @@
 

 DNS Security Proposed Standards

 

-
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

+
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

 

 

-
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

+
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

 

 

-
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

+
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

 

 

-
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

+
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

 

 

-
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
+
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
                        Security Extensions. March 2005. 

 

 
@@ -334,146 +332,146 @@
 
Other Important RFCs About DNS
                 Implementation

 

-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
+
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
                   Deployed DNS Software.. October 1993. 

 

 

-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
+
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
                   Errors and Suggested Fixes. October 1993. 

 

 

-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

 

 

-
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
+
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
                 Queries for IPv6 Addresses. May 2005. 

 

 
 

 
Resource Record Types

 

-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

 

 

-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

 

 

-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
                   the Domain Name System. June 1997. 

 

 

-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
+
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
                   Domain
                   Name System. January 1996. 

 

 

-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
+
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
                   Location of
                   Services.. October 1996. 

 

 

-
[RFC2163] A. Allocchio. Using the Internet DNS to
+
[RFC2163] A. Allocchio. Using the Internet DNS to
                   Distribute MIXER
                   Conformant Global Address Mapping. January 1998. 

 

 

-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

 

 

-
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

+
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

+
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

+
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

 

 

-
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

+
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

 

 

-
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

+
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

 

 

-
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

+
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

 

 

-
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

+
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

 

 

-
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
+
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
                   version 6. October 2003. 

 

 

-
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

+
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

 

 

 

 

 DNS and the Internet

 

-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
+
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
                   and Other Types. April 1989. 

 

 

-
[RFC1123] Braden. Requirements for Internet Hosts - Application and
+
[RFC1123] Braden. Requirements for Internet Hosts - Application and
                   Support. October 1989. 

 

 

-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

 

 

-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

 

 

-
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

+
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

 

 

-
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

+
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

 

 

 

 

 DNS Operations

 

-
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

+
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

 

 

-
[RFC1537] P. Beertema. Common DNS Data File
+
[RFC1537] P. Beertema. Common DNS Data File
                   Configuration Errors. October 1993. 

 

 

-
[RFC1912] D. Barr. Common DNS Operational and
+
[RFC1912] D. Barr. Common DNS Operational and
                   Configuration Errors. February 1996. 

 

 

-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

 

 

-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
+
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
                   Network Services.. October 1997. 

 

 

 

 
Internationalized Domain Names

 

-
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
+
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
                        and the Other Internet protocols. May 2000. 

 

 

-
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

+
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

 

 

-
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

+
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

 

 

-
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
+
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
                        for Internationalized Domain Names in
                        Applications (IDNA). March 2003. 

 

@@ -489,47 +487,47 @@
                 

 

 

-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
+
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
                   Attributes. May 1993. 

 

 

-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

 

 

-
[RFC1794] T. Brisco. DNS Support for Load
+
[RFC1794] T. Brisco. DNS Support for Load
                   Balancing. April 1995. 

 

 

-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

 

 

-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

 

 

-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

 

 

-
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

+
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

 

 

-
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
+
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
                        Shared Unicast Addresses. April 2002. 

 

 

-
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

+
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

 

 
 

 
Obsolete and Unimplemented Experimental RFC

 

-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
                   Location. November 1994. 

 

 

-
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

+
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

 

 

-
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
+
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
                        and Renumbering. July 2000. 

 

 

@@ -543,39 +541,39 @@
                 

 
 

-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

 

 

-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

 

 

-
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

+
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

 

 

-
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
+
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
                        Signing Authority. November 2000. 

 

 

-
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

+
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

 

 

-
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

+
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

 

 

-
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

+
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

 

 

-
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

+
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

 

 

-
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

+
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

 

 

-
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
+
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
                       (RR) Secure Entry Point (SEP) Flag. April 2004. 

 

 

-
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

+
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

 

 
 
@@ -596,14 +594,14 @@
 
 

 

-Other Documents About BIND
+Other Documents About BIND
 

 

 

 

-Bibliography

+Bibliography

 

-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

 

 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index b7afc11d7e5..23499407ec5 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -83,7 +83,7 @@
 
Name Server Operations

 

 
Tools for Use With the Name Server Daemon

-
Signals

+
Signals

 

 
4. Advanced DNS Features

@@ -92,34 +92,34 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

-
Example split DNS setup

+
Split DNS

+
Example split DNS setup

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
 
5. The BIND 9 Lightweight Resolver

 

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 

 
6. BIND 9 Configuration Reference

@@ -127,38 +127,38 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

-
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
-            Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

+
statistics-channels Statement Grammar

+
statistics-channels Statement Definition and
+            Usage

 
trusted-keys Statement Grammar

 
trusted-keys Statement Definition
             and Usage

@@ -173,9 +173,9 @@
 
Types of Resource Records and When to Use Them

 
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -184,31 +184,31 @@
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

+
The chroot Environment

 
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 
I. Manual pages

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 4a919492c21..4a5697ae27a 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -98,7 +98,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -144,7 +144,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -248,7 +248,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -573,7 +573,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -619,7 +619,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -633,14 +633,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -648,7 +648,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 24a606622d2..ebf41d21aea 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,14 +51,14 @@
 
dnssec-dsfromkey  {-s} [-v level] [-1] [-2] [-a alg] [-c class] [-d dir] {dnsname}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-1

 

@@ -99,7 +99,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -114,7 +114,7 @@
     

 

 

-
FILES

+
FILES

 

       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -128,13 +128,13 @@
     

 

 

-
CAVEAT

+
CAVEAT

 

       A keyfile error can give a "file not found" even if the file exists.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -143,7 +143,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index cd58bf78f02..dffae4298df 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-a algorithm} {-l label} [-c class] [-f flag] [-k] [-n nametype] [-p protocol] [-t type] [-v level] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -131,7 +131,7 @@
 

 

 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -172,7 +172,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -182,7 +182,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 8736a54bf30..fd1225974d9 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -166,7 +166,7 @@
 

 

 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -212,7 +212,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -233,7 +233,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -242,7 +242,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 52c5938c500..89cab245c77 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -276,7 +276,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -305,14 +305,14 @@ db.example.com.signed
 %
 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 4033.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 9b96c8b7975..fe37654f8c7 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -216,12 +216,12 @@
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 1b563afc991..10287aabd1d 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-z]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -92,21 +92,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 4a54b1f77cb..723c4849cfd 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,7 +51,7 @@
 
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -257,14 +257,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index bc47f06d40c..08489e064d3 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -238,7 +238,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -259,7 +259,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -268,7 +268,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -281,7 +281,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -294,7 +294,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index c8e2c18aa0a..5848fb211f8 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [-D] [[-g] |  [-o] |  [-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -187,7 +187,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -451,7 +451,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -505,7 +505,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -524,7 +524,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2136,
       RFC3007,
       RFC2104,
@@ -537,7 +537,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index aa41c674441..4839e89fc63 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -171,7 +171,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -196,7 +196,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 097d079140d..cb72238a4d3 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 1eb9db0c279..f88a70e51cf 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium